Salut les gens,
Ici un petit sujet sur un Open Source.
Ce qui savent pas codé sont pas les bienvenus (ne le prenez pas mal)
Pour ce qui comprennent rien, arrêtez vous là
Les prochaines lignes de code son pour le "Changement" de Bytes.
Ensuite le moment important de notre code
Avant de l'écrire ... cela devrait ressembler à ça
fld dword ptr [ebp-04]
mov esp,ebp <- Ce sont les 5 bytes << D9 45 FC 8B E5
Après ces lignes de codes, ça doit ressembler à ça
jmp ???????? <- ???????? car ça change à chaque lancement
E9 ?? ?? ?? ?? <- Les Bytes en ce moment
"mov eax,[$MyHP]" Copiet dans le registre eax la valeur de notre propre page ( le second ( $MyHP ))
[PHP_MemoryWrite($page + 0x5, $process, "0x8945FCD945FC8BE5E9" & Byte_Reverse(Calc($page + 0xD, 0x00535F09, 1)), "byte[13]")][/PHP]
89 45 FC - mov [ebp-04],eax
Maintenant nous allons copier eax dans [ebp-04] Parce que nous allons le charger après
D9 45 FC - fld dword ptr [ebp-04]
8B E5 - mov esp,ebp
^Le code original que nous allons écraser avec notre jmp
E9 ???????? - jmp Back
^Là nous faisons jmp back
_MemoryWrite($MyHP, $process, $cmdline[2], "float")
Nous écrivons le second paramètre dans notre page ( $MyHP )
Vous devez comprendre cette parti sans aide.
Pour lancez le ***.exe
ou alors
Bonne soirée et bonne programmation/jeu/cheat.
Ici un petit sujet sur un Open Source.
Ce qui savent pas codé sont pas les bienvenus (ne le prenez pas mal)
PHP:
Dim $byte[5];declare array $byte
If Not $cmdline[0] = 2 Then ; if not $cmdline[0] ( size of called Parameter ) = 2
MsgBox(0, "Error", "Wrong Parameter") ; calling MessageBox Function ( User32.dll )
Exit ; Close the Programm
EndIf ; end of IfPour ce qui comprennent rien, arrêtez vous là
PHP:
SetPrivilege(0x0020, 0x0002); the name say all ( set privilege )
$process = _MemoryOpen(ProcessExists("S4Client.exe")) ; OpenProcessMemory from S4Client.exe
$page = _AllocMem(ProcessExists("S4Client.exe"), 2048) ; create a Writeable Page in S4Client.exe and return the address from the start of the page.
$MyHP = _AllocMem(ProcessExists("S4Client.exe"), 2048); create a Writeable Page in S4Client.exe and return the address from the start of the page.Les prochaines lignes de code son pour le "Changement" de Bytes.
PHP:
$hex = Hex($MyHP, 8)
$byte[0] = 4
$step = 1
For $i = 1 To 8
$byte[$step] = StringRight($hex, 2)
$i += 1
$hex = StringLeft($hex, 8 - $i)
$step += 1
NextEnsuite le moment important de notre code
Avant de l'écrire ... cela devrait ressembler à ça
fld dword ptr [ebp-04]
mov esp,ebp <- Ce sont les 5 bytes << D9 45 FC 8B E5
PHP:
_MemoryWrite(0x00535F04, $process, "0xE9" & Byte_Reverse(Calc($page + 1, 0x00535F05)), "byte[5]") ; Write an Jmp from the orginal to the new page and calc the bytes for the pageAprès ces lignes de codes, ça doit ressembler à ça
jmp ???????? <- ???????? car ça change à chaque lancement
E9 ?? ?? ?? ?? <- Les Bytes en ce moment
PHP:
_MemoryWrite($page, $process, "0xA1" & $byte[1] & $byte[2] & $byte[3] & $byte[4], "byte[5]") ; Write in our own Page "mov eax,[$MyHP]""mov eax,[$MyHP]" Copiet dans le registre eax la valeur de notre propre page ( le second ( $MyHP ))
[PHP_MemoryWrite($page + 0x5, $process, "0x8945FCD945FC8BE5E9" & Byte_Reverse(Calc($page + 0xD, 0x00535F09, 1)), "byte[13]")][/PHP]
89 45 FC - mov [ebp-04],eax
Maintenant nous allons copier eax dans [ebp-04] Parce que nous allons le charger après
D9 45 FC - fld dword ptr [ebp-04]
8B E5 - mov esp,ebp
^Le code original que nous allons écraser avec notre jmp
E9 ???????? - jmp Back
^Là nous faisons jmp back
_MemoryWrite($MyHP, $process, $cmdline[2], "float")
Nous écrivons le second paramètre dans notre page ( $MyHP )
Vous devez comprendre cette parti sans aide.
PHP:
If $cmdline[1] = "1" Then
_MemoryWrite(0x00535F04, $process, "0xE9" & Byte_Reverse(Calc($page + 1, 0x00535F65)), "byte[5]")
Else
_MemoryWrite(0x00535F04, $process, "0xD945FC8BE5", "Byte[5]")
EndIf
PHP:
If $i = 1 Then
Local $tmp = $dwCall
$dwCall = $dwAddress
$dwAddress = $tmp
EndIf
Return Hex($dwCall - $dwAddress - 5, 8)
EndFunc ;==>Calc
Func Byte_Reverse($sBytes)
Local $sReversed = ""
For $i = StringLen($sBytes) - 1 To 1 Step -2
$sReversed &= StringMid($sBytes, $i, 2)
Next
Return $sReversed
EndFunc ;==>Byte_Reverse
Func _AllocMem($ProcessId, $size)
If $ProcessId == 0 Then Return SetError(1, "", False)
$Kernel32 = DllOpen("kernel32.dll")
If @error Then Return SetError(4, "", False)
$hProcess = DllCall($Kernel32, "DWORD", "OpenProcess", "DWORD", 0x1F0FFF, "int", 0, "DWORD", $ProcessId)
If @error Then Return SetError(6, "", False)
$hModule = DllCall($Kernel32, "DWORD", "GetModuleHandleA", "str", "kernel32.dll")
If @error Then Return SetError(7, "", False)
$lpStartAddress = DllCall($Kernel32, "DWORD", "GetProcAddress", "DWORD", $hModule[0], "str", "LoadLibraryA")
If @error Then Return SetError(8, "", False)
$lpParameter = DllCall($Kernel32, "DWORD", "VirtualAllocEx", "int", $hProcess[0], "int", 0, "int", $size, "DWORD", 0x3000, "int", 4)
If @error Then Return SetError(9, "", False)
DllCall($Kernel32, "BOOL", "CloseHandle", "DWORD", $hProcess[0])
DllClose($Kernel32)
Return $lpParameter[0]
EndFunc ;==>_AllocMem
PHP:
#include-once
#Region _Memory
;==================================================================================
; AutoIt Version: 3.1.127 (beta)
; Language: English
; Platform: All Windows
; Author: Nomad
; Requirements: These functions will only work with beta.
;==================================================================================
; Credits: wOuter - These functions are based on his original _Mem() functions.
; But they are easier to comprehend and more reliable. These
; functions are in no way a direct copy of his functions. His
; functions only provided a foundation from which these evolved.
;==================================================================================
;
; Functions:
;
;==================================================================================
; Function: _MemoryOpen($iv_Pid[, $iv_DesiredAccess[, $iv_InheritHandle]])
; Description: Opens a process and enables all possible access rights to the
; process. The Process ID of the process is used to specify which
; process to open. You must call this function before calling
; _MemoryClose(), _MemoryRead(), or _MemoryWrite().
; Parameter(s): $iv_Pid - The Process ID of the program you want to open.
; $iv_DesiredAccess - (optional) Set to 0x1F0FFF by default, which
; enables all possible access rights to the
; process specified by the Process ID.
; $iv_InheritHandle - (optional) If this value is TRUE, all processes
; created by this process will inherit the access
; handle. Set to 1 (TRUE) by default. Set to 0
; if you want it FALSE.
; Requirement(s): None.
; Return Value(s): On Success - Returns an array containing the Dll handle and an
; open handle to the specified process.
; On Failure - Returns 0
; @Error - 0 = No error.
; 1 = Invalid $iv_Pid.
; 2 = Failed to open Kernel32.dll.
; 3 = Failed to open the specified process.
; Author(s): Nomad
; Note(s):
;==================================================================================
Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $iv_InheritHandle = 1)
If Not ProcessExists($iv_Pid) Then
SetError(1)
Return 0
EndIf
Local $ah_Handle[2] = [DllOpen('kernel32.dll')]
If @error Then
SetError(2)
Return 0
EndIf
Local $av_OpenProcess = DllCall($ah_Handle[0], 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $iv_InheritHandle, 'int', $iv_Pid)
If @error Then
DllClose($ah_Handle[0])
SetError(3)
Return 0
EndIf
$ah_Handle[1] = $av_OpenProcess[0]
Return $ah_Handle
EndFunc ;==>_MemoryOpen
;==================================================================================
; Function: _MemoryRead($iv_Address, $ah_Handle[, $sv_Type])
; Description: Reads the value located in the memory address specified.
; Parameter(s): $iv_Address - The memory address you want to read from. It must
; be in hex format (0x00000000).
; $ah_Handle - An array containing the Dll handle and the handle
; of the open process as returned by _MemoryOpen().
; $sv_Type - (optional) The "Type" of value you intend to read.
; This is set to 'dword'(32bit(4byte) signed integer)
; by default. See the help file for DllStructCreate
; for all types. An example: If you want to read a
; word that is 15 characters in length, you would use
; 'char[16]' since a 'char' is 8 bits (1 byte) in size.
; Return Value(s): On Success - Returns the value located at the specified address.
; On Failure - Returns 0
; @Error - 0 = No error.
; 1 = Invalid $ah_Handle.
; 2 = $sv_Type was not a string.
; 3 = $sv_Type is an unknown data type.
; 4 = Failed to allocate the memory needed for the DllStructure.
; 5 = Error allocating memory for $sv_Type.
; 6 = Failed to read from the specified process.
; Author(s): Nomad
; Note(s): Values returned are in Decimal format, unless specified as a
; 'char' type, then they are returned in ASCII format. Also note
; that size ('char[size]') for all 'char' types should be 1
; greater than the actual size.
;==================================================================================
Func _MemoryRead($iv_Address, $ah_Handle, $sv_Type = 'dword')
If Not IsArray($ah_Handle) Then
SetError(1)
Return 0
EndIf
Local $v_Buffer = DllStructCreate($sv_Type)
If @error Then
SetError(@error + 1)
Return 0
EndIf
DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
If Not @error Then
Local $v_Value = DllStructGetData($v_Buffer, 1)
Return $v_Value
Else
SetError(6)
Return 0
EndIf
EndFunc ;==>_MemoryRead
;==================================================================================
; Function: _MemoryWrite($iv_Address, $ah_Handle, $v_Data[, $sv_Type])
; Description: Writes data to the specified memory address.
; Parameter(s): $iv_Address - The memory address which you want to write to.
; It must be in hex format (0x00000000).
; $ah_Handle - An array containing the Dll handle and the handle
; of the open process as returned by _MemoryOpen().
; $v_Data - The data to be written.
; $sv_Type - (optional) The "Type" of value you intend to write.
; This is set to 'dword'(32bit(4byte) signed integer)
; by default. See the help file for DllStructCreate
; for all types. An example: If you want to write a
; word that is 15 characters in length, you would use
; 'char[16]' since a 'char' is 8 bits (1 byte) in size.
; Return Value(s): On Success - Returns 1
; On Failure - Returns 0
; @Error - 0 = No error.
; 1 = Invalid $ah_Handle.
; 2 = $sv_Type was not a string.
; 3 = $sv_Type is an unknown data type.
; 4 = Failed to allocate the memory needed for the DllStructure.
; 5 = Error allocating memory for $sv_Type.
; 6 = $v_Data is not in the proper format to be used with the
; "Type" selected for $sv_Type, or it is out of range.
; 7 = Failed to write to the specified process.
; Author(s): Nomad
; Note(s): Values sent must be in Decimal format, unless specified as a
; 'char' type, then they must be in ASCII format. Also note
; that size ('char[size]') for all 'char' types should be 1
; greater than the actual size.
;==================================================================================
Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'dword')
If Not IsArray($ah_Handle) Then
SetError(1)
Return 0
EndIf
Local $v_Buffer = DllStructCreate($sv_Type)
If @error Then
SetError(@error + 1)
Return 0
Else
DllStructSetData($v_Buffer, 1, $v_Data)
If @error Then
SetError(6)
Return 0
EndIf
EndIf
DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
If Not @error Then
Return 1
Else
SetError(7)
Return 0
EndIf
EndFunc ;==>_MemoryWrite
;==================================================================================
; Function: _MemoryClose($ah_Handle)
; Description: Closes the process handle opened by using _MemoryOpen().
; Parameter(s): $ah_Handle - An array containing the Dll handle and the handle
; of the open process as returned by _MemoryOpen().
; Return Value(s): On Success - Returns 1
; On Failure - Returns 0
; @Error - 0 = No error.
; 1 = Invalid $ah_Handle.
; 2 = Unable to close the process handle.
; Author(s): Nomad
; Note(s):
;==================================================================================
Func _MemoryClose($ah_Handle)
If Not IsArray($ah_Handle) Then
SetError(1)
Return 0
EndIf
DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1])
If Not @error Then
DllClose($ah_Handle[0])
Return 1
Else
DllClose($ah_Handle[0])
SetError(2)
Return 0
EndIf
EndFunc ;==>_MemoryClose
;==================================================================================
; Function: SetPrivilege( $privilege, $bEnable )
; Description: Enables (or disables) the $privilege on the current process
; (Probably) requires administrator privileges to run
;
; Author(s): Larry (from autoitscript.com's Forum)
; Notes(s):
; http://www.autoitscript.com/forum/index.php?s=&showtopic=31248&view=findpost&p=223999
;==================================================================================
Func SetPrivilege($privilege, $bEnable)
Const $TOKEN_ADJUST_PRIVILEGES = 0x0020
Const $TOKEN_QUERY = 0x0008
Const $SE_PRIVILEGE_ENABLED = 0x0002
Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv
$nTokens = 1
$LUID = DllStructCreate("dword;int")
If IsArray($privilege) Then $nTokens = UBound($privilege)
$TOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]")
$NEWTOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]")
$hCurrProcess = DllCall("kernel32.dll", "hwnd", "GetCurrentProcess")
$SP_auxret = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", $hCurrProcess[0], _
"int", BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY), "int_ptr", 0)
If $SP_auxret[0] Then
$hToken = $SP_auxret[3]
DllStructSetData($TOKEN_PRIVILEGES, 1, 1)
$nTokenIndex = 1
While $nTokenIndex <= $nTokens
If IsArray($privilege) Then
$priv = $privilege[$nTokenIndex - 1]
Else
$priv = $privilege
EndIf
$ret = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", $priv, _
"ptr", DllStructGetPtr($LUID))
If $ret[0] Then
If $bEnable Then
DllStructSetData($TOKEN_PRIVILEGES, 2, $SE_PRIVILEGE_ENABLED, (3 * $nTokenIndex))
Else
DllStructSetData($TOKEN_PRIVILEGES, 2, 0, (3 * $nTokenIndex))
EndIf
DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 1), (3 * ($nTokenIndex - 1)) + 1)
DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 2), (3 * ($nTokenIndex - 1)) + 2)
DllStructSetData($LUID, 1, 0)
DllStructSetData($LUID, 2, 0)
EndIf
$nTokenIndex += 1
WEnd
$ret = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $hToken, "int", 0, _
"ptr", DllStructGetPtr($TOKEN_PRIVILEGES), "int", DllStructGetSize($NEWTOKEN_PRIVILEGES), _
"ptr", DllStructGetPtr($NEWTOKEN_PRIVILEGES), "int_ptr", 0)
$f = DllCall("kernel32.dll", "int", "GetLastError")
EndIf
$NEWTOKEN_PRIVILEGES = 0
$TOKEN_PRIVILEGES = 0
$LUID = 0
If $SP_auxret[0] = 0 Then Return 0
$SP_auxret = DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hToken)
If Not $ret[0] And Not $SP_auxret[0] Then Return 0
Return $ret[0]
EndFunc ;==>SetPrivilege
#EndRegion _MemoryPour lancez le ***.exe
PHP:
#RequireAdmin
ShellExecute(@ScriptDir & "\[S4L] HP Changer.exe","0 200");200 HP
PHP:
#RequireAdmin
ShellExecute(@ScriptDir & "\[S4L] HP Changer.exe","1 1337");1337 HP and GodmodeDe -SoulCr4ck- et c'est du Autoit
Bonne soirée et bonne programmation/jeu/cheat.
