J
Jeanh
Guest
Wallhäçk Tutorial for those who wants to learn:
Credit to: kuyagENk
Guide Contents:
****How to Compile a Wallhäçk
1. Download and Install Visual C++ here is a link You do not have permission to view the full content of this post. Log in or register now..
2. Download Direct SDK DirectX SDK - (Summer 2004).
3. Open Visual C++ 2008 Express Edition and Click Create Projects.
4. In Project types Click on Win32 then on the Right side click Win32 Project then Name Your Project and Click Ok.
5. Click Application Settings , Click on dll option and Click Finish.
6. Copy the source and Paste it on your Blank page of your project name (.cpp)
name.cpp
Code:
7.Delete dllmain.cpp You don't Need it.
8. Include stdafx.h should be on top of Other Includes.
9. Click on Projects on top, Click Add New Item.
10.Click on Header file (.h), Name it log and Click Add.
11. Copy and Paste the source on the Header file you Created.
log.h (a header file)
Code:
12. Go to tools>>option-projects and solution-VC++directories and add direct sdk Summer 2004 includes and library .
13. Click on Project And then Click Properties.
14. Click on Configuration Properties , On the Right side on Character set, Change "Use Unicode Character set" to "Use Multi-Byte Character set" and Click Ok.
15. Download the files i attached in this thread and place the detours.h in your Include folder C:\Program Files\Microsoft Visual Studio 9.0\VC\include and Detours.lib in your Library folder C:\Program Files\Microsoft Visual Studio 9.0\VC\lib.
16. Click Build and Build your Project.
17. You will find your DLL file in C:\Documents and Settings\TheIFear\My Documents\Visual Studio 2008\Projects\(name of your dll)\Debug, and you will find your dll.
******Making häçks Undetected
This one is D3D-sided codes
Ok all your D3D hooks go through to be formed into the device. Once this is done and D3D is hooked you can release create device so that it wont be detected.
I do so in my base with this code in my CreateDevice Reclass
Code:
Then you will need to initialise your device
Code:
Its also a good idea to log this to see if it worked
to do that just say
else{ add_log("D3D create device error...\n"); }
Then return to your device.
Now lets look at another method
2)another way **** it häçk GG.
4)code cave the hook int3->Jmp then in the code cave->Jmp(detour)d3d functions ->jmp back to original flow ;Hook hopin
Now i thought Number 2 looked hansom but then i thought that i could adapt that view point to number 4 which basicly bypasses GG.
now I am not going to go through ASM debugging to detour your d3d hook
but were not really going to be caving like 4) says. Due to the fact that were dropping the Cave early - we can just Jmp to a nice clean bit of space (0900001C) looks pretty nice place to settle.
Then in our C++ for this we __asm for the jmp. Now fatboy88 says to detour our d3d functions, thats all good fun but more univsersaly we could Jmp the GG check. Therefore placing more memory crazy häçks and also you would be bypassing a clean reg for debugger logging and looting.
*****Tutorial on DirectX and C++ Basics
1. Download The latest Direct X SDK Which can be found here You do not have permission to view the full content of this post. Log in or register now.
2. Then Install - duh?!
3. click START
ALL programs
Direct X SDK
Then Click on
Direct X sample browser.
4. then you will see lots of TUTs
then go down
and you will see the "Create device" tut
there is more stuff like pixel shredder, textures .etc
5. then click on the documentation and READ.
TO Understand this tut please learn C++
THIS TUT IS FOR PEOPLE WHO KNOW C++ BUT WANNA LEARN DIRECT X
Enjoy.Happy coding everyone
***C++ Language Tutorial
For those who has the guts to learn everything about the C++ from basics to professional coding structure, here's the link You do not have permission to view the full content of this post. Log in or register now.
******Where to learn ASM (also required to make wallhäçk)
ASM stands for Automatic Storage Management
is a feature provided by Oracle Corporation within the Oracle Database from release Oracle 10g (revision 1) onwards. ASM aims to simplify the management of database files. To do so, it provides tools to manage file systems and volumes directly inside the database, allowing database administrators (DBAs) to control volumes and disks with familiar SQL statements in standard Oracle environments. Thus DBAs do not need extra skills in specific file systems or volume managers (which usually operate at the level of the operating system).
With ASM:
*****How to make GG Bypass
You need to know how to:
Make a Wallhäçk *posted on forum
JMP functions *I posted in a tutorial
Open Soldierfront in OllyDBG - download OllyDBG goto soldierfront.exe and open
Unpack Soldierfront *I found that its packed with ASProtect
Copy the memory to a txt file *BAsic computer skills & logic
Now to bypass Gameguard we just need to know where it interupts
Search for "Gamehäçk Detcted" (or whatever it says in that dialog box)
Now look through the ASM in memory before it, you will see where it loads gameguard then releases it. Now you need to let it load gameguard else it will crash you, but you need to stop everything after that and before the final Push command. now this is really easy. Just find the Address before GameGuard kicks you, and look at the address after. JMP to empty memory, its as simple as JMP 910000 (Asuming 9100000 is in open memory) then all you have to do is return to the address that you found after the check.
Done...
Its so damn simple compared to most bypass coding. Yet so effective.
Please just have a go - you would be suprised as to how damn simple this is. Everyone just gives up when they see an ASM command like JMP.
Credit to: kuyagENk
Guide Contents:
- How to Compile a Wallhäçk
- Making häçks Undetected
- Tutorial on DirectX (Must know C++)
- C++ Language Tutorial
- Where to learn ASM (also required to make wallhäçk)
- How to make GG Bypass
****How to Compile a Wallhäçk
1. Download and Install Visual C++ here is a link You do not have permission to view the full content of this post. Log in or register now..
2. Download Direct SDK DirectX SDK - (Summer 2004).
3. Open Visual C++ 2008 Express Edition and Click Create Projects.
4. In Project types Click on Win32 then on the Right side click Win32 Project then Name Your Project and Click Ok.
5. Click Application Settings , Click on dll option and Click Finish.
6. Copy the source and Paste it on your Blank page of your project name (.cpp)
name.cpp
Code:
Code:
#include
#include
#include
#include
#include "log.h"
#include
#include
#pragma comment(lib, "d3dx8.lib")
#pragma comment(lib, "d3d8.lib")
using namespace std;
static DWORD dwBeginScene = 0x6D9D9250;
static DWORD dwEndScene = 0x6d9d93a0;
static DWORD dwDrawIndexedPrimitive = 0x6d9d73a0;
static DWORD dwSetStreamSource = 0x6d9d6760;
static DWORD dwSetViewport = 0x6d9d5b90 ;
int m_Stride;
int texnum;
int nNumVertices;
int nPrimitiveCount;
LPDIRECT3DTEXTURE8 Red,Yellow,Green,Blue,Purple,Pink,Orange;
bool Color = true;
bool Logger = false;
ofstream ofile;
char dlldir[320];
float ScreenCenterX = 0.0f;
float ScreenCenterY = 0.0f;
bool xhair = false;
bool Wallhäçk = false;
bool Wallhäçk2 = false;
HANDLE hand1 =NULL;
HANDLE hand2 =NULL;
DWORD bytes;
//Logger
int texarray[1000];
int arraycounter;
int delarray[500];
int dcount;
unsigned int arrc;
int i=0;
D3DCOLOR redt = D3DCOLOR_XRGB( 255, 0, 0 );
char *GetDirectoryFile(char *filename)
{
static char path[320];
strcpy(path, dlldir);
strcat(path, filename);
return path;
}
void __cdecl add_log (const char *fmt, ...)
{
if(ofile != NULL)
{
if(!fmt) { return; }
va_list va_alist;
char logbuf[256] = {0};
va_start (va_alist, fmt);
_vsnprintf (logbuf+strlen(logbuf), sizeof(logbuf) - strlen(logbuf), fmt, va_alist);
va_end (va_alist);
ofile >28)&0xF)20)&0xF)12)&0xF)4)&0xF)UnlockRect(0);
return S_OK;
}
//=================================EndScene_Start=================================================================================//
typedef HRESULT ( WINAPI* oEndScene ) ( LPDIRECT3DDEVICE8 pDevice );
oEndScene pEndScene;
HRESULT WINAPI myEndScene(LPDIRECT3DDEVICE8 pDevice)
{
if(Color)
{
GenerateTexture(pDevice, &Red, D3DCOLOR_ARGB (255 , 255 , 0 , 0 ));
GenerateTexture(pDevice, &Yellow, D3DCOLOR_ARGB (255 , 255 , 255 , 0 ));
GenerateTexture(pDevice, &Green, D3DCOLOR_ARGB (255 , 0 , 255 , 0 ));
GenerateTexture(pDevice, &Blue, D3DCOLOR_ARGB (255 , 0 , 0 , 255 ));
GenerateTexture(pDevice, &Purple, D3DCOLOR_ARGB (255 , 102 , 0 , 153 ));
GenerateTexture(pDevice, &Pink, D3DCOLOR_ARGB (255 , 255 , 20 , 147 ));
GenerateTexture(pDevice, &Orange, D3DCOLOR_ARGB (255 , 255 , 165 , 0 ));
Color=false;
}
if(xhair)
{
D3DRECT rec2 = {ScreenCenterX-20, ScreenCenterY, ScreenCenterX+ 20, ScreenCenterY+2};
D3DRECT rec3 = {ScreenCenterX, ScreenCenterY-20, ScreenCenterX+ 2,ScreenCenterY+20};
pDevice->Clear(1, &rec2, D3DCLEAR_TARGET,redt, 0, 0);
pDevice->Clear(1, &rec3, D3DCLEAR_TARGET,redt, 0, 0);
}
//=============================================UnHooK_Start===================================================//
if((GetAsyncKeyState(VK_F5)&1))
{
int end =NULL;
int dip =NULL;
int svp =NULL;
int sss =NULL;
BYTE Unhook[5] = {0x8B,0xFF,0x55,0x8B,0xEC};//Original Function Bytes.
hand1 = GetCurrentProcess();
DWORD dwmodualBase=(DWORD)GetModuleHandle("d3d8.dll");
end = 0x6d9d93a0;
dip = 0x6d9d73a0;
svp = 0x6d9d5b90;
sss = 0x6d9d6760;
WriteProcessMemory(hand1, (void*) end, Unhook, 5, &bytes);
WriteProcessMemory(hand1, (void*) dip, Unhook, 5, &bytes);
WriteProcessMemory(hand1, (void*) svp ,Unhook, 5, &bytes);
WriteProcessMemory(hand1, (void*) sss,Unhook, 5, &bytes);
}
//=========================================UnHook_End=========================================================//
if((GetAsyncKeyState(VK_F1)&1)){xhair=!xhair;}
if((GetAsyncKeyState(VK_F2)&1)){Wallhäçk=!Wallhäçk;}
return pEndScene(pDevice);
}
//====================================EndScene_End============================================================================//
//=================================Dip_Start============================================================================================//
typedef HRESULT ( WINAPI* oDrawIndexedPrimitive ) ( LPDIRECT3DDEVICE8 pDevice, D3DPRIMITIVETYPE pType, UINT nMinIndex, UINT nNumVertices, UINT nStartIndex, UINT nPrimitiveCount );
oDrawIndexedPrimitive pDrawIndexedPrimitive;
HRESULT WINAPI myDrawIndexedPrimitive(LPDIRECT3DDEVICE8 pDevice, D3DPRIMITIVETYPE pType, UINT nMinIndex, UINT nNumVertices, UINT nStartIndex, UINT nPrimitiveCount)
{
if(Wallhäçk)
{
texnum = (nNumVertices*100000)+nPrimitiveCount;
if(m_Stride==40 &&
(texnum==7500121 )||(texnum==8500105 )||(texnum==12400168)||(texnum==37000650)||
(texnum==18000274)||(texnum==8800105 )||(texnum==36900650)||(texnum==19600314)||
(texnum==21800306)||(texnum==7500121 )||(texnum==8500105 )||(texnum==12400168)||
(texnum==21800306)||(texnum==36900650)||(texnum==7500121 )||(texnum==37000650)||
(texnum==18000274)||(texnum==7500121 )||(texnum==8500105 )||(texnum==38000658)||
(texnum==22100268)||(texnum==62400752)||(texnum==27900456)||(texnum==45700654)||
(texnum==4800040 )||(texnum==83600752)||(texnum==33400477)||(texnum==38100666)||
(texnum==2800036 )||(texnum==62400752)||(texnum==29700492)||(texnum==84900778)||
(texnum==27500442)||(texnum==52100658)||(texnum==62400752)||(texnum==33600552)||
(texnum==44100646)||(texnum==18000274)||(texnum==37200508)||(texnum==45700654)||
(texnum==37200508)||(texnum==52100658)||(texnum==52100658) &&
(nNumVertices == 100 && nPrimitiveCount == 121) || //Foot
(nNumVertices == 105 && nPrimitiveCount == 168) || //Right Arm
(nNumVertices == 132 && nPrimitiveCount == 180) || //Hand
(nNumVertices == 159 && nPrimitiveCount == 200) || //Left Arm
(nNumVertices == 338 && nPrimitiveCount == 534) || //Underbody thanks japennese guy =)
//(nNumVertices == 448 && nPrimitiveCount == 776) || //Head
(nNumVertices == 804 && nPrimitiveCount == 1016) || //Body //SRG Option item
(nNumVertices == 109 && nPrimitiveCount == 110) || //Bulletproof Vest
(nNumVertices == 336 && nPrimitiveCount == 532)) //Battle Pants
{
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
pDevice->SetTexture(0,Orange);
//pDevice->SetRenderState(D3DRS_FILLMODE, D3DFILL_WIREFRAME );
pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
//pDevice->SetRenderState(D3DRS_FILLMODE, D3DFILL_SOLID );
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
pDevice->SetTexture(0,Pink);
}
if(m_Stride==40 && texnum== 21300174)
{
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
pDevice->SetTexture(0,Green);//GreenNade
pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
pDevice->SetTexture(0,Purple);
}
if(nNumVertices == 158 && nPrimitiveCount == 131)
{
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
pDevice->SetTexture(0,Red);//GreenNade
pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
pDevice->SetTexture(0,Yellow);
}
if (nNumVertices == 171 && nPrimitiveCount == 143)
{
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
pDevice->SetTexture(0,Red);//GreenNade
pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
pDevice->SetTexture(0,Yellow);
}
if(m_Stride==40 &&//face,mask etc...
(texnum==36700612) ||
(texnum==9600172 ) ||
(texnum==14200236) ||
(texnum==37800552) ||
(texnum==28100486) ||
(texnum==35500568) ||
(texnum==2200024 ) ||
(texnum==16200243) ||
(texnum==31900466) ||
(texnum==19300342) ||
(texnum==36200604) ||
(texnum==21300290) ||
(texnum==35700558) ||
(texnum==22100396) ||
(texnum==36100604) ||
(texnum==27100464) ||
(texnum==11400180) ||
(texnum==34900580) ||
(texnum==13200212) ||
(texnum==34700538) ||
(texnum==19500352)&&
(nNumVertices == 448 && nPrimitiveCount == 776))
{
pDevice->SetTexture(0,Blue);
}
{
pDevice->SetRenderState(D3DRS_FOGENABLE,false);
}
/*Logger
if(m_Stride==40){
while(GetAsyncKeyState(VK_NUMPAD1)&1) arrc--; //Used as manual index for adding textures to delarray
while(GetAsyncKeyState(VK_NUMPAD3)&1) arrc++;
bool alrdy=false;
bool inarr=false;
if(texarray[arrc]==texnum)
if(delarray[i]==texarray[arrc])
alrdy=true;
for(int i=0;iSetTexture(0, NULL);
pDevice->GetRenderState(D3DRS_ZENABLE, &dwOldZEnable);
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
if(alrdy) //Different colors for selected models that are already being logged (For removal from array)
texCol=Blue;
else
texCol=Red;
pDevice->SetTexture(0, texCol);
pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
pDevice->SetRenderState(D3DRS_ZENABLE, dwOldZEnable);
}
}
if(GetAsyncKeyState(VK_F5)&1) add_log("Logged tesx: %i", texarray[arrc]); //F5 will print currently selected texnum to logfile
if(GetAsyncKeyState(VK_F6)&1) { //For adding/removing textures to array
bool inarr=true;
for(int k=0;k 0; i--) { if(dlldir[i] == '\\') { dlldir[i+1] = 0; break; } }
ofile.open(GetDirectoryFile("log.txt"), ios::app);
//=========Log=========================//
pBeginScene = (oBeginScene)DetourFunction((PBYTE)dwBeginScene, (PBYTE)myBeginScene);
pEndScene = (oEndScene)DetourFunction((PBYTE)dwEndScene, (PBYTE)myEndScene);
pDrawIndexedPrimitive = (oDrawIndexedPrimitive)DetourFunction((PBYTE)dwDrawIndexedPrimitive, (PBYTE)myDrawIndexedPrimitive);
pSetStreamSource = (oSetStreamSource)DetourFunction((PBYTE)dwSetStreamSource, (PBYTE)mySetStreamSource);
pSetViewport=(oSetViewport)DetourFunction((PBYTE)dwSetViewport,(PBYTE)mySetViewport);
}
return TRUE;
}7.Delete dllmain.cpp You don't Need it.
8. Include stdafx.h should be on top of Other Includes.
9. Click on Projects on top, Click Add New Item.
10.Click on Header file (.h), Name it log and Click Add.
11. Copy and Paste the source on the Header file you Created.
log.h (a header file)
Code:
Code:
Code:
#define WIN32_LEAN_AND_MEAN
#ifndef _MAIN_H
#define _MAIN_H
char *GetDirectoryFile(char *filename);
void __cdecl add_log (const char * fmt, ...);
#endif12. Go to tools>>option-projects and solution-VC++directories and add direct sdk Summer 2004 includes and library .
13. Click on Project And then Click Properties.
14. Click on Configuration Properties , On the Right side on Character set, Change "Use Unicode Character set" to "Use Multi-Byte Character set" and Click Ok.
15. Download the files i attached in this thread and place the detours.h in your Include folder C:\Program Files\Microsoft Visual Studio 9.0\VC\include and Detours.lib in your Library folder C:\Program Files\Microsoft Visual Studio 9.0\VC\lib.
16. Click Build and Build your Project.
17. You will find your DLL file in C:\Documents and Settings\TheIFear\My Documents\Visual Studio 2008\Projects\(name of your dll)\Debug, and you will find your dll.
******Making häçks Undetected
This one is D3D-sided codes
Ok all your D3D hooks go through to be formed into the device. Once this is done and D3D is hooked you can release create device so that it wont be detected.
I do so in my base with this code in my CreateDevice Reclass
Code:
Code:
//your create device code
//the we move onto
//Device Unhooking
unsigned long ulProtect;
VirtualProtect(&D3D8_object[15], 4, PAGE_EXECUTE_READWRITE, &ulProtect);
*(unsigned long*)&D3D8_object[15] = (unsigned long)pCreateDevice;
VirtualProtect(&D3D8_object[15], 4, ulProtect, &ulProtect);
//Then you will need to initialise your device
Code:
Code:
YourDevice = *ppReturnedDeviceInterface; //Rename to your DeviceIts also a good idea to log this to see if it worked
to do that just say
else{ add_log("D3D create device error...\n"); }
Then return to your device.
Now lets look at another method
2)another way **** it häçk GG.
4)code cave the hook int3->Jmp then in the code cave->Jmp(detour)d3d functions ->jmp back to original flow ;Hook hopin
Now i thought Number 2 looked hansom but then i thought that i could adapt that view point to number 4 which basicly bypasses GG.
now I am not going to go through ASM debugging to detour your d3d hook
but were not really going to be caving like 4) says. Due to the fact that were dropping the Cave early - we can just Jmp to a nice clean bit of space (0900001C) looks pretty nice place to settle.
Then in our C++ for this we __asm for the jmp. Now fatboy88 says to detour our d3d functions, thats all good fun but more univsersaly we could Jmp the GG check. Therefore placing more memory crazy häçks and also you would be bypassing a clean reg for debugger logging and looting.
*****Tutorial on DirectX and C++ Basics
1. Download The latest Direct X SDK Which can be found here You do not have permission to view the full content of this post. Log in or register now.
2. Then Install - duh?!
3. click START
ALL programs
Direct X SDK
Then Click on
Direct X sample browser.
4. then you will see lots of TUTs
then go down
and you will see the "Create device" tut
there is more stuff like pixel shredder, textures .etc
5. then click on the documentation and READ.
TO Understand this tut please learn C++
THIS TUT IS FOR PEOPLE WHO KNOW C++ BUT WANNA LEARN DIRECT X
Enjoy.Happy coding everyone
***C++ Language Tutorial
For those who has the guts to learn everything about the C++ from basics to professional coding structure, here's the link You do not have permission to view the full content of this post. Log in or register now.
******Where to learn ASM (also required to make wallhäçk)
ASM stands for Automatic Storage Management
is a feature provided by Oracle Corporation within the Oracle Database from release Oracle 10g (revision 1) onwards. ASM aims to simplify the management of database files. To do so, it provides tools to manage file systems and volumes directly inside the database, allowing database administrators (DBAs) to control volumes and disks with familiar SQL statements in standard Oracle environments. Thus DBAs do not need extra skills in specific file systems or volume managers (which usually operate at the level of the operating system).
With ASM:
- IO channels can take advantage of data striping and software mirroring
- DBAs can automate online redistribution of data, along with the addition and removal of disks/storage
- the system maintains redundant copies and provides 3rd-party[citation needed] RAID functionality
- Oracle supports third-party multipathing IO technologies (such as failover or load balancing to SAN access)
- the need for hot spares diminishes
*****How to make GG Bypass
You need to know how to:
Make a Wallhäçk *posted on forum
JMP functions *I posted in a tutorial
Open Soldierfront in OllyDBG - download OllyDBG goto soldierfront.exe and open
Unpack Soldierfront *I found that its packed with ASProtect
Copy the memory to a txt file *BAsic computer skills & logic
Now to bypass Gameguard we just need to know where it interupts
Search for "Gamehäçk Detcted" (or whatever it says in that dialog box)
Now look through the ASM in memory before it, you will see where it loads gameguard then releases it. Now you need to let it load gameguard else it will crash you, but you need to stop everything after that and before the final Push command. now this is really easy. Just find the Address before GameGuard kicks you, and look at the address after. JMP to empty memory, its as simple as JMP 910000 (Asuming 9100000 is in open memory) then all you have to do is return to the address that you found after the check.
Done...
Its so damn simple compared to most bypass coding. Yet so effective.
Please just have a go - you would be suprised as to how damn simple this is. Everyone just gives up when they see an ASM command like JMP.
Last edited by a moderator:
..... pwede din sa sf2 pero need mo yung unmount bypass para kumagat