Code:
#include "stdafx.h"
#include <windows.h>
#include <stdio.h>
#include <string>
using namespace std;
#define GETHP 0x00473730
#define GETHPCALL 0x00405ED0
#define GETHPRETN 0x00405ED7
#define GETAP 0x00473740
#define GETAPCALL 0x00405F5D
#define GETAPRETN 0x00405F62
#define GAMECREATE 0x004ABCE0
#define GAMECREATECALL 0x004A9C80
#define GAMECREATERETN 0x004A9C85
#define GAMEDESTROY 0x0057112E
#define GAMEDESTROYCALL 0x004A40A1
#define GAMEDESTROYRETN 0x004A40A6
#define DESTROYGUNZ 0x00497360
#define DESTROYGUNZRETN 0x00495FBA
#define Addr_ZChatOutput 0x0042A230
unsigned long ulOldProtect;
bool InGameCheck = false, LiveClientCheck = false;
int MyHPValue = 0, MyAPValue = 0;
char *MyHPAndAPWithName = "--";
void CopyBuffer(BYTE *Buffer, int Size, DWORD *Address) {
DWORD pPrevious = 0;
VirtualProtect(Address, Size, PAGE_EXECUTE_READWRITE, &pPrevious);
memcpy(Address, Buffer, Size);
VirtualProtect(Address, Size, pPrevious, &pPrevious);
}
void SetupHook(DWORD Function, DWORD Hook, int Size) {
Hook = Hook - Function - 5;
BYTE bHook[4];
memcpy(bHook,(void*)&Hook,4);
BYTE Buffer[10];
memset(Buffer,0x90,10);
Buffer[0] = 0xE9;
Buffer[1] = bHook[0];
Buffer[2] = bHook[1];
Buffer[3] = bHook[2];
Buffer[4] = bHook[3];
CopyBuffer(Buffer, Size, (DWORD*)Function);
}
__declspec(naked) void GetHP() {
// Get my hp and name.
_asm {
mov MyHPAndAPWithName, ecx
mov ecx, ebp
mov eax, GETHP
call eax
mov MyHPValue, eax
mov ecx, GETHPRETN
jmp ecx
}
}
__declspec(naked) void GetAP() {
// Get my ap.
_asm {
mov eax, GETAP
call eax
mov MyAPValue, eax
mov ecx, GETAPRETN
jmp ecx
}
}
__declspec(naked) void GameCreateCheck() {
// In-game create check.
MyHPAndAPWithName = "--";
MyHPValue = 0;
MyAPValue = 0;
InGameCheck = true;
_asm {
mov eax, GAMECREATE
call eax
mov ecx, GAMECREATERETN
jmp ecx
}
}
__declspec(naked) void GameDestroyCheck() {
// In-game destroy check.
InGameCheck = false;
_asm {
mov eax, GAMEDESTROY
call eax
mov ecx, GAMEDESTROYRETN
jmp ecx
}
}
__declspec(naked) void GunzDestroyCheck() {
// Client down check.
LiveClientCheck = true;
_asm {
mov eax, DESTROYGUNZ
call eax
mov ecx, DESTROYGUNZRETN
jmp ecx
}
}
// ZChatOutput
typedef void(__cdecl* ZChatOutputFunc)(const char* lpcMsg, int iType ,int iLoc, DWORD dwColor);
ZChatOutputFunc ZChatOutput = (ZChatOutputFunc)Addr_ZChatOutput;
void Print(const char* lpcFmt, ...){
char szBuf[0x4000];
va_list vaArgs;
va_start(vaArgs, lpcFmt);
_vsnprintf(szBuf, sizeof(szBuf), lpcFmt, vaArgs);
va_end(vaArgs);
ZChatOutput(szBuf, 2, 0, 0xFFFFFFFF);
}
void MemoryEdit() {
SetupHook((DWORD)GAMECREATECALL, (DWORD)GameCreateCheck, 5);
// Setup for in-game destroy check.
SetupHook((DWORD)GAMEDESTROYCALL, (DWORD)GameDestroyCheck, 5);
//
SetupHook((DWORD)GETHPCALL, (DWORD)GetHP, 7);
// Setup for get the my ap.
SetupHook((DWORD)GETAPCALL, (DWORD)GetAP, 5);
}
void Commands() {
if(InGameCheck != false) {
if(GetAsyncKeyState(VK_F9) & 0x8000) {
Print("[%s] HP = %d, AP = %d",MyHPAndAPWithName,MyHPValue,MyAPValue);
Sleep(1000);
}
}
}
void MainLoop() {
while(LiveClientCheck == false) {
Commands();
Sleep(50);
}
}
// Dll main. start.
void main() {
MemoryEdit();
MainLoop();
}
// Dll main. end.
extern "C"
{
__declspec(dllexport) BOOL __stdcall DllMain(HINSTANCE hInst,DWORD reason,LPVOID lpv)
{
if (reason == DLL_PROCESS_ATTACH)
{
DisableThreadLibraryCalls(hInst);
CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)&main,NULL,0,NULL);
}
return true;
}
}
F9 To Ctrl+S
Reply With Quote
