Its from the vip section from ghbsys i just wanted to share it with ya guys
would be nice if u can give me +Rep for it.. then i will may upload more tutorials..
Its made by Karzil
Hey guys my friend Shehwaz posted this on Gsys so I decided to share it with you guys O.o (With his permission of course)
Ok assuming you already know how to code a auto on hack from codernevers tutorial this should be a walk in the park.
1.To start things off.You should already have visual C++ installed and the latest frameworks.I myself love to use Visual Express C++ 2010 because it points out more errors than 2008.
2.Ok so if your making your hack from codernevers base you need to know what to update after every patch for it to work.
First of all change this:
#include <windows.h>
bool IsGameReadyForHook()
{
if( GetModuleHandleA( "d3d9.dll" ) != NULL
&& GetModuleHandleA( "ClientFX.fxd" ) != NULL
&& GetModuleHandleA( "CShell.dll" ) != NULL )
return true;
return false;
}
void __cdecl PushToConsole( const char* szCommand )
{
DWORD *LTClient = ( DWORD* )( 0x3778BFB0 );
void* CONoff = ( void* )*( DWORD* )( *LTClient + 0x208 );
__asm
{
push szCommand;
call CONoff;
add esp, 4;
}
}
To This:
#include <windows.h>
bool IsGameReadyForHook()
{
if( GetModuleHandleA( "d3d9.dll" ) != NULL
&& GetModuleHandleA( "ClientFX.fxd" ) != NULL
&& GetModuleHandleA( "CShell.dll" ) != NULL )
return true;
return false;
}
void __cdecl PushToConsole( const char* szCommand )
{
DWORD *LTClient = ( DWORD* )( 0x377E7810 );
DWORD CNADDIE = 0x46F670;
void* Send = ( void* )*( DWORD* )(CNADDIE);
void* CONoff = ( void* )*( DWORD* )( *LTClient + 0x208 );
__asm
{
push szCommand;
call CONoff;
add esp,4;
}
}
That will make your hotkey base undetected.I updated the ltc and Alt ptc addie for you .
3.Ok so now for the hotkeys.Go to this site and look at the virtual key codes.Virtual Key Codes.
Hotkey Example:
if(GetAsyncKeyState(VK_NUMPAD1)&1){//This is what a regular PTC command should look like.
chams = !chams;
}
if(chams){
PushToConsole("SkelModelStencil 1");
} else {
PushToConsole("SkelModelStencil 0");
}
No Recoil Example:
if(GetAsyncKeyState(VK_NUMPAD6)&1){//Just like No Spread.No Recoil is the same way except it has addresses/Bytes unlike No Spread.
recoil = !recoil;
}
if(recoil){//
memcpy((LPVOID)0x3741B550, "\x90\x90\x90", 3);//You will have to update these your self.Drake has a thread posted.Thank him for his hardwork and thank me :D.
memcpy((LPVOID)0x3740BAA9, "\x90\x90\x90", 3);
memcpy((LPVOID)0x3741B564, "\x90\x90\x90", 3);
memcpy((LPVOID)0x3741B567, "\x90\x90\x90", 3);
memcpy((LPVOID)0x3741B570, "\x90\x90\x90", 3);
} else {
memcpy((LPVOID)0x3741B550, "\xD8\x66\x54", 3);
memcpy((LPVOID)0x3740BAA9, "\xD9\x46\x54", 3);
memcpy((LPVOID)0x3741B564, "\xD9\x5E\x54", 3);
memcpy((LPVOID)0x3741B567, "\xD9\x46\x48", 3);
memcpy((LPVOID)0x3741B570, "\xD9\x5E\x48", 3);
}
Any PTC Command that has many codes:
if(GetAsyncKeyState(VK_NUMPAD5)&1){//This is a no spread command.It has many codes and this is what it looks like.
spread = !spread;
}
if(spread){//
PushToConsole("PerturbRotationEffect 0.000000");
PushToConsole("PerturbIncreaseSpeed 0.000000");
PushToConsole("PerturbWalkPercent 0.000000");
PushToConsole("PerturbFiringIncreaseSpeed 0.000000");
} else {
PushToConsole("PerturbRotationEffect 3.000000");
PushToConsole("PerturbIncreaseSpeed 3.000000");
PushToConsole("PerturbDecreaseSpeed 9.000000");
PushToConsole("PerturbWalkPercent 0.500000");
}
4.Adding the NOP Function
Nop Function:
bool Memoria( void * pDest, char * szPatch, size_t sSize )//NOP Function
{
DWORD dwOrgProtect = NULL;
if ( !VirtualProtect ( pDest, sSize, PAGE_EXECUTE_READWRITE, &dwOrgProtect ))
return FALSE;
memcpy( pDest, szPatch, sSize );
VirtualProtect( pDest, sSize, dwOrgProtect, NULL );
return TRUE;
}
Put that all the way at the bottom of your whole code.
5.Compile and have fun.This is what your whole source should look like.
#include <windows.h>
bool IsGameReadyForHook()
{
if( GetModuleHandleA( "d3d9.dll" ) != NULL
&& GetModuleHandleA( "ClientFX.fxd" ) != NULL
&& GetModuleHandleA( "CShell.dll" ) != NULL )
return true;
return false;
}
void __cdecl PushToConsole( const char* szCommand )
{
DWORD *LTClient = ( DWORD* )( 0x377E7810 );
DWORD CNADDIE = 0x46F670;
void* Send = ( void* )*( DWORD* )(CNADDIE);
void* CONoff = ( void* )*( DWORD* )( *LTClient + 0x208 );
__asm
{
push szCommand;
call CONoff;
add esp,4;
}
}
void main()
{
while(!IsGameReadyForHook()){ Sleep(200); }
bool chams = false;
bool spread = false;
bool recoil = false;
while(true)
{
//
if(GetAsyncKeyState(VK_NUMPAD1)&1){//This is what a regular PTC command should look like.
chams = !chams;
}
if(chams){
PushToConsole("SkelModelStencil 1");
} else {
PushToConsole("SkelModelStencil 0");
}
if(GetAsyncKeyState(VK_NUMPAD5)&1){//This is a no spread command.It has many codes and this is what it looks like.
spread = !spread;
}
if(spread){//
PushToConsole("PerturbRotationEffect 0.000000");
PushToConsole("PerturbIncreaseSpeed 0.000000");
PushToConsole("PerturbWalkPercent 0.000000");
PushToConsole("PerturbFiringIncreaseSpeed 0.000000");
} else {
PushToConsole("PerturbRotationEffect 3.000000");
PushToConsole("PerturbIncreaseSpeed 3.000000");
PushToConsole("PerturbDecreaseSpeed 9.000000");
PushToConsole("PerturbWalkPercent 0.500000");
}
if(GetAsyncKeyState(VK_NUMPAD6)&1){//Just like No Spread.No Recoil is the same way except it has addresses/Bytes unlike No Spread.
recoil = !recoil;
}
if(recoil){//
memcpy((LPVOID)0x3741B550, "\x90\x90\x90", 3);//You will have to update these your self.Drake has a thread posted.Thank him for his hardwork and thank me :D.
memcpy((LPVOID)0x3740BAA9, "\x90\x90\x90", 3);
memcpy((LPVOID)0x3741B564, "\x90\x90\x90", 3);
memcpy((LPVOID)0x3741B567, "\x90\x90\x90", 3);
memcpy((LPVOID)0x3741B570, "\x90\x90\x90", 3);
} else {
memcpy((LPVOID)0x3741B550, "\xD8\x66\x54", 3);
memcpy((LPVOID)0x3740BAA9, "\xD9\x46\x54", 3);
memcpy((LPVOID)0x3741B564, "\xD9\x5E\x54", 3);
memcpy((LPVOID)0x3741B567, "\xD9\x46\x48", 3);
memcpy((LPVOID)0x3741B570, "\xD9\x5E\x48", 3);
}
Sleep(50);
}
}
DWORD WINAPI dwHackThread(LPVOID)
{
while( !IsGameReadyForHook() )
Sleep(100);
main();
return 0;
}
BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
DisableThreadLibraryCalls(hDll);
if ( dwReason == DLL_PROCESS_ATTACH )
{
system("start http://forum.gordonsys.net/index.php");
}
{CreateThread(NULL, NULL, dwHackThread, NULL, NULL, NULL);
}
return TRUE;
}
bool Memoria( void * pDest, char * szPatch, size_t sSize )//NOP Function
{
DWORD dwOrgProtect = NULL;
if ( !VirtualProtect ( pDest, sSize, PAGE_EXECUTE_READWRITE, &dwOrgProtect ))
return FALSE;
memcpy( pDest, szPatch, sSize );
VirtualProtect( pDest, sSize, dwOrgProtect, NULL );
return TRUE;
}
//IF YOU USE THIS CODE IT WAS MY SHEHWAZ FROM GSYS