📄 main.cpp
字号:
//
// Online Game Cheats Client.dll hook
// Copyright (c) system 2001-2002
// Copyright (c) bunny771 2001-2002
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
//
// NOTE:
// GNU license doesn't cover Engine directory.
// Content of Engine directory is copyrighted (c) 1999, 2000, by Valve LLC
// and it is licensed under Valve's proprietary license (see original HL SDK).
//
#define WIN32_LEAN_AND_MEAN#include <windows.h>#include <mmsystem.h>#include <fstream>#include <tlhelp32.h>#include "apihook.h"#include "client.h"#include "opengl.h"#include "cvar.h"#include "stdafx.h"#include "hookqueue.h"#include "utils.h"#include "GenericPatch.h"#pragma optimize("gsy",on)GenericPatch loaderPatch;GenericPatch soundPatch;GenericPatch commandPatch;void dynamic_hook();
void dynamic_unhook();
//===========================================================ofstream logfile("c:\\tmpaxx\\log.txt");HMODULE xModule=NULL;bool bDontRerouteGlBegin = false;static void* stackret=0; typedef BOOL (WINAPI *GetMessageFunc )(LPMSG,HWND,UINT,UINT);GetMessageFunc GetMessagePtr;BOOL WINAPI pGetMessage( LPMSG lpMsg, // address of structure with message HWND hWnd, // handle of window UINT wMsgFilterMin, // first message UINT wMsgFilterMax // last message);//speedhack code by noskillDWORD last_real=0;DWORD last_fake=0;DWORD last_ticks=0;DWORD speed_ticks_left=0;DWORD phase_ticks_left=0;//DWORD speed_runtime=0;DWORD qp_orig_offset;//=====================================================================================================typedef BOOL (WINAPI *QueryPerformanceCounterFunc)(LARGE_INTEGER*);QueryPerformanceCounterFunc QueryPerformanceCounterPtr=NULL;BOOL WINAPI newQueryPerformanceCounter(LARGE_INTEGER *lp){ BOOL ret = (*QueryPerformanceCounterPtr)(lp); DWORD cur_ticks = timeGetTime(); DWORD new_real = lp->LowPart; if(!last_real){ last_real = last_fake = new_real; return ret; } // determine wether we are allowed to use speed hack (speed_ticks_left) DWORD ticks_passed = cur_ticks-last_ticks; last_ticks = cur_ticks; if (phase_ticks_left>ticks_passed) // phase running { phase_ticks_left -= ticks_passed; if(cvar.speed>1) { // consume speed ticks if(speed_ticks_left>ticks_passed) { speed_ticks_left -= ticks_passed; } else { speed_ticks_left =0; } } } else { // phase not running or just timed out if(cvar.speed>1) { // setup a new phase speed_ticks_left = cvar.speedon; phase_ticks_left = cvar.speedon+cvar.speedoff; } else { phase_ticks_left = 0; } } //=================== double factor = (cvar.speed<1 ? 1:cvar.speed); if(!speed_ticks_left) { factor = 1.0; } DWORD diff_real = (DWORD)(new_real-last_real); DWORD diff_fake = (DWORD)(factor * double(diff_real)); lp->LowPart = last_fake + diff_fake; last_fake += diff_fake; last_real += diff_real; return ret;}//=====================================================================================================void hookCommandParser( char* cmdString, int size );__declspec(naked) void JumpGate_CommandParser(){ __asm{ pushad; push edi; push ebp; call hookCommandParser; pop eax; pop eax; popad; // caller code push edi; lea eax, dword ptr [esp+0x14]; push ebp; push eax; // jump back mov eax, commandPatch.patchloc; add eax, 0x07; jmp eax; }}//=====================================================================================================bool bCommandPatchAvailable = false;bool patch_CommandParser(){ static bool applied = false; if(applied) return true; applied = true; assert(stackret); BYTE* offs = (BYTE*)stackret - 1000000 + 0x4FF1B; BYTE* sig = (BYTE*)"\x57\x00\x00\x00\x00\x55\x50\xE8"; char* mask = "x????xxx"; if(!commandPatch.find_location(offs,sig,mask)) { Con_Echo("&rcommand parser patch failed."); return false; } commandPatch.patchdata[0] = 0xB8; *(DWORD*)(commandPatch.patchdata+1) = (DWORD)JumpGate_CommandParser; commandPatch.patchdata[5] = 0xFF; commandPatch.patchdata[6] = 0xE0; //commandPatch.axpply(); //applied in dynamic_hook bCommandPatchAvailable = true; Con_Echo("&gcommand parser patched successfully."); return true;}//========================================================================================void PreS_DynamicSound(const DWORD a,const DWORD entindex,const DWORD c,const char*const sample,const float*const origin,DWORD f,const DWORD g,const DWORD h);static DWORD sound_reloc_addr1=0;__declspec(naked) void JumpGate_DynamicSound(){ __asm{ // 8 args on stack call PreS_DynamicSound; // exec caller instructions & jump back sub esp,0x48; mov eax, soundPatch.patchloc; add eax, soundPatch.patchsize; push eax; mov eax,sound_reloc_addr1; mov eax,[eax]; ret; }}//========================================================================================bool detour_S_DynamicSound(){ static bool applied = false; if( applied ) { return true; } applied = true; assert(stackret); BYTE* offs = (BYTE*)stackret - 1000000 + 0xB0818; BYTE* sig = (BYTE*)"\x83\xEC\x48\xA1\x00\x00\x00\x00"; char* mask = "xxxx????"; if(!soundPatch.find_location(offs,sig,mask)) { Con_Echo("&rsound patch failed."); MessageBox(0,"bla","bla",0); return false; } // prepare patch: soundPatch.patchdata[0]=0x68; *(DWORD*)(soundPatch.patchdata+1) = (DWORD)JumpGate_DynamicSound; soundPatch.patchdata[5]=0xC3; soundPatch.patchdata[6]=0x90; soundPatch.patchdata[7]=0x90; // relocated addr needed in detour sound_reloc_addr1 = *(DWORD*)(soundPatch.backup+4); // soundPatch.axpply();// applied in dynamic_hook() Con_Echo( "&gsound patch applied successfully\n"); return true;}//=====================================================================================================inline static void lowercase(char* str){ while(*str){ *str = tolower(*str); ++str; }}//=====================================================================================================bool badfile(const char* filename){ char fullpath[400]; char* fileNameBase=NULL; if( !strstr(filename,"..") ) return false;// quick return if( GetFullPathName(filename,395,fullpath,&fileNameBase)>390 ) return false; *fileNameBase = 0; lowercase(fullpath); int accessdir_len = strlen(fullpath); lowercase(hldir); int hldir_len = strlen(hldir); lowercase(ogcdir); int ogcdir_len = strlen(ogcdir); int n = (hldir_len<accessdir_len)?hldir_len:accessdir_len; bool ret = false; if( strncmp(fullpath,hldir,n)) ret=true; if(!strncmp(fullpath,ogcdir,ogcdir_len)) ret=true; return ret;}//=====================================================================================================typedef HANDLE (WINAPI*CreateFileFunc)(LPCTSTR,DWORD,DWORD,LPSECURITY_ATTRIBUTES,DWORD,DWORD,HANDLE);CreateFileFunc CreateFilePtr = NULL;//=====================================================================================================// New hooker// FillExportTable proc key#define PROCKEY 0x7A32BC85void Decrypt(byte * ofs, int len){ int i; byte xor = 0x57; for (i = 0x44; i < len; i++) { byte newdata = ofs[i]^xor; ofs[i] = newdata; xor += newdata + 0x57; }}void Encrypt( BYTE *ofs, int len ){ int i; BYTE xor = 0x57; BYTE bDecoded; for( i = 0x44; i < len; i++ ) { bDecoded = ofs[i] ^ xor; xor += ofs[i] + 0x57; ofs[i] = bDecoded; }}void Security_LoadEncryptedDll(DWORD len, DWORD b, DWORD c, byte * base);DWORD _LoadEncryptedDll = 0;_declspec(naked) void EngineLoadEncryptedDll(){ _asm { pushad mov ecx,esp push [ecx][32+4] push [ecx][32+8] push [ecx][32+12] push [ecx][32+16] Call Security_LoadEncryptedDll add esp, 16 popad push ecx push ebp mov ebp,[esp][0Ch] jmp [_LoadEncryptedDll] }}//-------------------------------------------------------typedef void (* pClientHooker) (dllfuncs_t * df);pClientHooker Original;void ClientHooker(dllfuncs_t * df){ Original(df); ClientApiHook(df);}//-------------------------------------------------------typedef DWORD (* pSecurityHooker) (DWORD * df);pSecurityHooker OriginalSecurity=0;enum { SECFUNCS_NUM=0x1B };DWORD secfuncs_org [SECFUNCS_NUM];DWORD secfuncs_hooked[SECFUNCS_NUM];DWORD* secfuncs_loc=0;void sec_unhook() { memcpy(secfuncs_loc,secfuncs_org,4*SECFUNCS_NUM); }void sec_hook () { memcpy(secfuncs_loc,secfuncs_hooked,4*SECFUNCS_NUM); }DWORD pre_sec_call(DWORD ax){ memcpy(secfuncs_loc,secfuncs_org,4*SECFUNCS_NUM); loaderPatch.restore(); dynamic_unhook(); return secfuncs_org[ax];}void post_sec_call(){ memcpy(secfuncs_loc,secfuncs_hooked,4*SECFUNCS_NUM); loaderPatch.apply(); dynamic_hook();}static DWORD secfunc_stackret=0;#define SECFUNC_INTERCEPT( hexnr ) \__declspec(naked) void SecHook_##hexnr() \{ \ _asm { push 0x##hexnr }\ _asm { call pre_sec_call }\ _asm { add esp, 4}\ _asm { pop secfunc_stackret }\ _asm { push after }\ _asm { jmp eax } \after:\ _asm { call post_sec_call }\ _asm { jmp secfunc_stackret }\}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -