- Joined
- Dec 23, 2011
- Messages
- 1,797
- Reaction score
- 2,169
i've been spending some hours of my day researching about nicknames with item binded, this is the result. ( a special thanks for the Void staff members )
View attachment 170542
use client evolved with name color
#define _CRT_SECURE_NO_WARNINGS
#include <Windows.h>
#include <process.h>
#include <iostream>
using namespace std;
void __stdcall ColorStart(void* p);
signed int GenerateColor();
void __cdecl InstallHook(int offsetRBA, int colorPointer);
extern "C" __declspec(dllimport) void THEPW(void);
void THEPW() {}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved
)
{
//DisableThreadLibraryCalls(hModule);
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
{
CreateThread(0, 0, (LPTHREAD_START_ROUTINE)ColorStart, 0, 0, 0);
}
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
void __stdcall ColorStart(void* p) {
Sleep(200u);
signed int(*generator)();
generator = &GenerateColor;
InstallHook(0xB30D3A, (int)generator);
}
void __cdecl InstallHook(int offsetRBA, int colorPointer) {
HANDLE phandle;
DWORD pid = GetCurrentProcessId();
phandle = OpenProcess(PROCESS_ALL_ACCESS, 0, pid);
int result = colorPointer - (0x4A4F83 + 1 + 4);
WriteProcessMemory(phandle, (LPVOID)(0x4A4F83 + 1), (LPVOID)&result, 4, NULL);
result = colorPointer - (0x4BAB8B + 1 + 4);
WriteProcessMemory(phandle, (LPVOID)(0x4BAB8B + 1), (LPVOID)&result, 4, NULL);
result = colorPointer - (0x5847E1 + 1 + 4);
WriteProcessMemory(phandle, (LPVOID)(0x5847E1 + 1), (LPVOID)&result, 4, NULL);
result = colorPointer - (0x60140A + 1 + 4);
WriteProcessMemory(phandle, (LPVOID)(0x60140A + 1), (LPVOID)&result, 4, NULL);
}
signed int GenerateColor() {
int returncode;
__asm
{
mov[returncode], ecx
}
int v1; // edx
signed int result; // eax
v1 = *(DWORD *)(returncode + 0x66C);
if (v1)
return v1 != 1 ? -6895361 : -55256;
if ((*(DWORD *)(returncode + 0x740) >> 3) & 1)
{
if (*(BYTE *)(returncode + 0x780))
{
if (*(BYTE *)(returncode + 0x780) == 1)
result = -37266;
else
result = -55256;
}
else
{
result = -21846;
}
}
else if ((*(DWORD *)(returncode + 0x740) >> 2) & 1)
{
result = -19201;
}
else if (*(DWORD *)(returncode + 0x630))
{
result = -1;
}
else
{
result = -6895361;
}
return result;
}
That is, to force the fraction item to change the nickname color, you need to elementclient.exe add a function with a color offset?so as i promised, this is a basic code that setup the hook and implement the basic color function, so you can feel free to modify the color function as you wish. ( this is version 151[i believe] but you can rewrite for any version )
those 0xSomething mostly are addresses for the actual GetNameColor() or offsets from HostPlayer to things like pariah time, is on battlefield etc etc ( don't ask me how to get, take some time to study Cheat Engine ).
A good idea is include vcredist of your msvcr version of choose in your setup else players will have trouble running the DLL.
Also with this code, you can hook your DLL to elementclient.exe using software Stud_pe -> Functions -> Imported Functions -> Right click and Add New Import, select your compiled DLL and then select the function that hooks to .exe file, finish and save.
And should remind that i write this code for learning purposes in memory inject and functions hooking, so i'm not responsible for any problems with it.
Code:#define _CRT_SECURE_NO_WARNINGS #include <Windows.h> #include <process.h> #include <iostream> using namespace std; void __stdcall ColorStart(void* p); signed int GenerateColor(); void __cdecl InstallHook(int offsetRBA, int colorPointer); extern "C" __declspec(dllimport) void THEPW(void); void THEPW() {} BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { //DisableThreadLibraryCalls(hModule); switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: { CreateThread(0, 0, (LPTHREAD_START_ROUTINE)ColorStart, 0, 0, 0); } break; case DLL_PROCESS_DETACH: break; } return TRUE; } void __stdcall ColorStart(void* p) { Sleep(200u); signed int(*generator)(); generator = &GenerateColor; InstallHook(0xB30D3A, (int)generator); } void __cdecl InstallHook(int offsetRBA, int colorPointer) { HANDLE phandle; DWORD pid = GetCurrentProcessId(); phandle = OpenProcess(PROCESS_ALL_ACCESS, 0, pid); int result = colorPointer - (0x4A4F83 + 1 + 4); WriteProcessMemory(phandle, (LPVOID)(0x4A4F83 + 1), (LPVOID)&result, 4, NULL); result = colorPointer - (0x4BAB8B + 1 + 4); WriteProcessMemory(phandle, (LPVOID)(0x4BAB8B + 1), (LPVOID)&result, 4, NULL); result = colorPointer - (0x5847E1 + 1 + 4); WriteProcessMemory(phandle, (LPVOID)(0x5847E1 + 1), (LPVOID)&result, 4, NULL); result = colorPointer - (0x60140A + 1 + 4); WriteProcessMemory(phandle, (LPVOID)(0x60140A + 1), (LPVOID)&result, 4, NULL); } signed int GenerateColor() { int returncode; __asm { mov[returncode], ecx } int v1; // edx signed int result; // eax v1 = *(DWORD *)(returncode + 0x66C); if (v1) return v1 != 1 ? -6895361 : -55256; if ((*(DWORD *)(returncode + 0x740) >> 3) & 1) { if (*(BYTE *)(returncode + 0x780)) { if (*(BYTE *)(returncode + 0x780) == 1) result = -37266; else result = -55256; } else { result = -21846; } } else if ((*(DWORD *)(returncode + 0x740) >> 2) & 1) { result = -19201; } else if (*(DWORD *)(returncode + 0x630)) { result = -1; } else { result = -6895361; } return result; }
to use item to color name, you need to get the offset of morai token for example, check if offset is zero or ItemID required to your color, then return in the function overwriting the default return on GenerateColor().That is, to force the fraction item to change the nickname color, you need to elementclient.exe add a function with a color offset?