Salve a tutti ragazzi oggi vi voglio presentare una guida su come creare un hack per WarRock in D3D.Iniziamo.
La guida si dividerà in tre parti
1)Cos'è il D3D?
2)Come Creare un Injector
3)Come creare file .dll
Bene ecco la prima parte
Cos'è il D3D?
Il D3D ovvero Direct3D è una tecnologia antagonista allo standard OpenGL, utile ad elaborare grafiche di tipo tridimensionale.
Parte dell’API DirectX di Microsoft, Direct3D è disponibile solo per i sistemi operativi Microsoft Windows (a partire da Windows 95) ed è la base per le applicazioni grafiche della Xbox e della Xbox 360; deve il suo successo principalmente al settore dei videogiochi. Direct3D come OpenGL può accedere all'accelerazione hardware delle moderne schede grafiche, quando disponibile.
Direct3D offre inoltre una emulazione vertex (cfr. vertex shader) di tipo software ma nessuna emulazione pixel software per caratteristiche non disponibili nell'hardware. Per esempio, se un programma che usa Direct3D richiede i pixel shader e la scheda del computer non supporta la caratteristica, Direct3D non è in grado di emularla. Il programma terminerà molto spesso con un messaggio di errore.
Come Creare un Injector
In questa parte useremo Visual Basic 2008 per costruire il nostro injector,quindi apritelo e selezionate l'Application Windows Form.
Inserite nella nostra form 2 texbox un timer 4 label e un button.Fatto questo passiamo ai codici.
Nel timer
Codice:
Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick
If IO.File.Exists(Application.StartupPath & "" + TextBox2.Text) Then
Dim TargetProcess As Process() = Process.GetProcessesByName("HSUpdate")
If TargetProcess.Length = 0 Then
Me.Label2.Text = ("...In Attesa Di " + TextBox1.Text)
Else
Timer1.Stop()
Me.Label2.Text = "...DLL Iniettata"
Call Inject()
End If
Else
Me.Label2.Text = ("..." + TextBox2.Text + ".dll Non Trovata!")
End If
End SubNel button
Codice:
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Timer1.Interval = 50
Timer1.Start()
End SubNel Public Class Form
Codice:
Public Class Form1
Private TargetProcessHandle As Integer
Private pfnStartAddr As Integer
Private pszLibFileRemote As String
Private TargetBufferSize As Integer
Public Const PROCESS_VM_READ = &H10
Public Const TH32CS_SNAPPROCESS = &H2
Public Const MEM_COMMIT = 4096
Public Const PAGE_READWRITE = 4
Public Const PROCESS_CREATE_THREAD = (&H2)
Public Const PROCESS_VM_OPERATION = (&H8)
Public Const PROCESS_VM_WRITE = (&H20)
Public Declare Function ReadProcessMemory Lib "kernel32" ( _
ByVal hProcess As Integer, _
ByVal lpBaseAddress As Integer, _
ByVal lpBuffer As String, _
ByVal nSize As Integer, _
ByRef lpNumberOfBytesWritten As Integer) As Integer
Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" ( _
ByVal lpLibFileName As String) As Integer
Public Declare Function VirtualAllocEx Lib "kernel32" ( _
ByVal hProcess As Integer, _
ByVal lpAddress As Integer, _
ByVal dwSize As Integer, _
ByVal flAllocationType As Integer, _
ByVal flProtect As Integer) As Integer
Public Declare Function WriteProcessMemory Lib "kernel32" ( _
ByVal hProcess As Integer, _
ByVal lpBaseAddress As Integer, _
ByVal lpBuffer As String, _
ByVal nSize As Integer, _
ByRef lpNumberOfBytesWritten As Integer) As Integer
Public Declare Function GetProcAddress Lib "kernel32" ( _
ByVal hModule As Integer, ByVal lpProcName As String) As Integer
Private Declare Function GetModuleHandle Lib "Kernel32" Alias "GetModuleHandleA" ( _
ByVal lpModuleName As String) As Integer
Public Declare Function CreateRemoteThread Lib "kernel32" ( _
ByVal hProcess As Integer, _
ByVal lpThreadAttributes As Integer, _
ByVal dwStackSize As Integer, _
ByVal lpStartAddress As Integer, _
ByVal lpParameter As Integer, _
ByVal dwCreationFlags As Integer, _
ByRef lpThreadId As Integer) As Integer
Public Declare Function OpenProcess Lib "kernel32" ( _
ByVal dwDesiredAccess As Integer, _
ByVal bInheritHandle As Integer, _
ByVal dwProcessId As Integer) As Integer
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" ( _
ByVal lpClassName As String, _
ByVal lpWindowName As String) As Integer
Private Declare Function CloseHandle Lib "kernel32" Alias "CloseHandleA" ( _
ByVal hObject As Integer) As Integer
Dim ExeName As String = IO.Path.GetFileNameWithoutExtension(Application.ExecutablePath)Una volta messi questi codici aggiungete questo sotto tutti gli altri
Codice:
Private Sub Inject()
On Error GoTo 1 ' If error occurs, app will close without any error messages
Timer1.Stop()
Dim TargetProcess As Process() = Process.GetProcessesByName(TextBox1.Text)
TargetProcessHandle = OpenProcess(PROCESS_CREATE_THREAD Or PROCESS_VM_OPERATION Or PROCESS_VM_WRITE, False, TargetProcess(0).Id)
pszLibFileRemote = Application.StartupPath & "" + ExeName + TextBox2.Text
pfnStartAddr = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
TargetBufferSize = 1 + Len(pszLibFileRemote)
Dim Rtn As Integer
Dim LoadLibParamAdr As Integer
LoadLibParamAdr = VirtualAllocEx(TargetProcessHandle, 0, TargetBufferSize, MEM_COMMIT, PAGE_READWRITE)
Rtn = WriteProcessMemory(TargetProcessHandle, LoadLibParamAdr, pszLibFileRemote, TargetBufferSize, 0)
CreateRemoteThread(TargetProcessHandle, 0, 0, pfnStartAddr, LoadLibParamAdr, 0, 0)
CloseHandle(TargetProcessHandle)
1: Me.Close()
End SubBene ora il label2 mostrerà l'avanzamento dell'injector.Nel texbox1 si dovrà scrivere il processo di warrock e nel texbox2 il file .dll.Gli altri 3 label serviranno come guida su dove mettere i nomi della dll e il processo del programma.Adesso abbiamo finito l'injector ora passiamo alla dll
Per iniziare:
Scarichiamo lo starter kit sul nostro desktop ed apriamolo.
Coding:
Per prima cosa andremo a creare un Wallhack:
Nello starter kit andiamo su d3d8dev.ccp
Sotto i #defines
Codice:
bool wallhack; //made by thimo
UINT m_Stride; //made by thimoPiazziamo questo nel DrawIndexedPrimitive
Codice:
if (wallhack) //If wallhack bool is called.
{
if(m_stride == 44) //On the players model.
{
m_pD3Ddev->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE); //Then bring to the front
}
else
{
m_pD3Ddev->SetRenderState(D3DRS_ZENABLE, TRUE); //Evertyhing else is normal
}
}
if ((GetAsyncKeyState(VK_NUMPAD1)&1) == 1) // If get numpad 1 then
wallhack = !wallhack; //toggle wallhackChams:
Iniziamo con gli stessi codice sopra
In alto:
Codice:
bool chams;
UINT m_Stride;
LPDIRECT3DTEXTURE8 texRed, texGreen; //texturesOra nel DrawIndexedPrimitive:
Codice:
if (chams) //if cham bool is called
{
if (m_Stride == 44) //on the player models
{
m_pD3Ddev->SetRenderState(D3DRS_ZENABLE,false); //bring to front
m_pD3Ddev->SetRenderState(D3DRS_FILLMODE,D3DFILL_SOLID); //fill it with a solid color
m_pD3Ddev->SetTexture( 0, texRed); //fill it wih red
m_pD3Ddev->DrawIndexedPrimitive(PrimitiveType, minIndex, NumVertices, startIndex, primCount);
m_pD3Ddev->SetRenderState(D3DRS_ZENABLE, true);
m_pD3Ddev->SetRenderState(D3DRS_FILLMODE,D3DFILL_SOLID);
m_pD3Dde->SetTexture( 0, texGreen); //fill it with green
}
if ((GetAsyncKeyState(VK_NUMPAD2)&1) == 1) //id numpad 2 is called then
Chams = !Chams; //chams on and offOra abbiamo bisogno di settare i colori!
Ora cerchiamo
HRESULT CD3DManager::Release()
Sotto
HRESULT CD3DManager::Release()
{
return S_OK;
}
Aggiungiamo il GenerateTexture Function
Codice:
HRESULT GenerateTexture(IDirect3DDevice8 *pD3Ddev, IDirect3DTexture8 **ppD3Dtex, DWORD colour32)
{
if( FAILED(pD3Ddev->CreateTexture(8, 8, 1, 0, D3DFMT_A4R4G4B4, D3DPOOL_MANAGED, ppD3Dtex)) )
return E_FAIL;
WORD colour16 = ((WORD)((colour32>>28)&0xF)<<12)
|(WORD)(((colour32>>20)&0xF)<<
|(WORD)(((colour32>>12)&0xF)<<4)
|(WORD)(((colour32>>4)&0xF)<<0);
D3DLOCKED_RECT d3dlr;
(*ppD3Dtex)->LockRect(0, &d3dlr, 0, 0);
WORD *pDst16 = (WORD*)d3dlr.pBits;
for(int xy=0; xy < 8*8; xy++)
*pDst16++ = colour16;
(*ppD3Dtex)->UnlockRect(0);
return S_OK;
}Ora in EndScene andremo a settare queste funzioni!
Cerchiamo EndScene
In EndScene aggiungiamo:
Codice:
GenerateTexture(m_pD3Ddev, &texRed,D3DCOLOR_ARGB(255,255,0,0));
GenerateTexture(m_pD3Ddev, &texGreen,D3DCOLOR_ARGB(255,0,255,0));E nel SetStreamSource mettiamo:
Codice:
if( StreamNumber == 0 ){m_Stride = Stride;
scusate tnt ma x i link x creare un file .dll nn li ho trovati