Showing posts with label Crossfire Hack. Show all posts

How to create an undetected dll

Here is the guide to create an undetected dll for anygame

First, you need Visual Studio, can download it on microsoft.com

Open VS, create new project win32, empty dll

How to use code?

Need include library, we have 2 major libraries


#include <windows.h>
#include <stdio.h>

Now start:

Put your function like writeprocessmemory, readprocessmemry, faster use DWORD, BYTE, FLOAT
Make a void function

Void YourThread()
{
while(1)
{
 Sleep(10);
}
}

In that, you need put a while to access memory.

while(1)
{
 Sleep(10);
}


A sleep can make your game not lag


Last Step Create dll main


BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpvReserved)
{
DisableThreadLibraryCalls(hinstDLL);

if(dwReason == DLL_PROCESS_ATTACH)
{
//CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE) YourThread, 0, NULL, NULL);
}
return true;
}

Congratulation on creating tool :D

You can use VB6 to make a injector

Preview Midfunction hook


o, today we will learn how to make an midfunction hooking

For all beginner, you should test it with d3d9 cause d3d9.dll have the same address for both all program in an OS


First, define a naked function

__declspec( naked ) VOID WINAPI EndSceneMidfunction( )
{
}

Now, try first hook with EndScene in d3d9.dll




Look in this picture, we have 0x4fe571b0 is the address, now attack ollydbg then go to this address

Now look on this, to make a jump, we need 5 bytes, let hook on this header





Save all memory will be modified to nake function

__declspec( naked ) VOID WINAPI EndSceneMidfunction( )
{
_asm
{
mov edi,edi
push ebp
mov ebp,esp
}
}

after we detoured we need jump back ogrinal function, look on it we have 0x4fe571b5 cause we hooked on 5 bytes first

DWORD back = 0x4fe571b5;

__declspec( naked ) VOID WINAPI EndSceneMidfunction( )
{
_asm
{
mov edi,edi
push ebp
mov ebp,esp
}
//do your work here
_asm jmp back;
}



how to get the device?

_asm mov eax,dword ptr ds:[ebp + 0x8] // first agrument LPDIRECT9DEVICE pDevice
_asm mov pDevice,eax; // need define


Now you can draw everything with it :D

CrossFire Alpha appearence editor

Now, i will show you how to show a ghost in a crossfireWe still need C++ and know how to make an undetected dll, you can look in my post.
First, what is findpattern?
FindPattern is a function, you can use it to find binary array in your module, i have found it
Here.
bool bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask)   return 0;
return (*szMask) == NULL;
}
DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
for(DWORD i=0; i<dwLen; i++)
if (bCompare((BYTE*)(dwAddress+i),bMask,szMask))  return (DWORD)(dwAddress+i);
return 0;
}
Very easy, i have done my code, look
WallHackArray = FindPattern(0x400000,0xFFFFFF,(BYTE *)"\x75\xFF\x83\x0D\xFF\xFF\xFF\xFF\x01\xB8\xFF\xFF\xFF\xFF\xE8","x?xx????xx????x"); // this array to get the DrawPrimivite
SeeGhostPoint = *(DWORD *)(WallHackArray + 0xA) + 0xB8; // This stack call alpha appearence
Now define your function
Normal value of seeghostpoint is 5
To show it you can push 14
if(SeeGhost)
{
*(DWORD *)(SeeGhostPoint) = 14;
}
else
{
*(DWORD *)(SeeGhostPoint) = 5;
}
Nice, keep it up :D

CanadaFrost - LucN Memory Hack [v1.1]

Status: Undetected 


Auto on features:
- Instant Weapon Reload
- No Weapon Change Delay
- No Weapon Recoil



Working Injector: 
[Contained in Download File]



Screens:



Spoiler 


Posted Image



Posted Image



VirustotalClickMeBiatch

Powered by Like to Download
Subscribe to: Posts (Atom)