HP Changer

    Publicités

Users Who Are Viewing This Thread (Total: 0, Members: 0, Guests: 0)

[Aomine

V.I.P
V
Jun 12, 2014
1,578
15
954
Va savoir
Salut les gens,
Ici un petit sujet sur un Open Source.

Ce qui savent pas codé sont pas les bienvenus (ne le prenez pas mal)

PHP:
Dim $byte[5];declare array $byte

If Not $cmdline[0] = 2 Then ; if not $cmdline[0] ( size of called Parameter ) = 2
	MsgBox(0, "Error", "Wrong Parameter") ; calling MessageBox Function ( User32.dll )
	Exit ; Close the Programm
EndIf ; end of If

Pour ce qui comprennent rien, arrêtez vous là

PHP:
SetPrivilege(0x0020, 0x0002); the name say all ( set privilege )
$process = _MemoryOpen(ProcessExists("S4Client.exe")) ; OpenProcessMemory from S4Client.exe
$page = _AllocMem(ProcessExists("S4Client.exe"), 2048) ; create a Writeable Page in S4Client.exe and return the address from the start of the page.
$MyHP = _AllocMem(ProcessExists("S4Client.exe"), 2048); create a Writeable Page in S4Client.exe and return the address from the start of the page.

Les prochaines lignes de code son pour le "Changement" de Bytes.

PHP:
$hex = Hex($MyHP, 8)
$byte[0] = 4
$step = 1
For $i = 1 To 8
	$byte[$step] = StringRight($hex, 2)
	$i += 1
	$hex = StringLeft($hex, 8 - $i)
	$step += 1
Next

Ensuite le moment important de notre code
Avant de l'écrire ... cela devrait ressembler à ça
fld dword ptr [ebp-04]
mov esp,ebp <- Ce sont les 5 bytes << D9 45 FC 8B E5

PHP:
_MemoryWrite(0x00535F04, $process, "0xE9" & Byte_Reverse(Calc($page + 1, 0x00535F05)), "byte[5]") ; Write an Jmp from the orginal to the new page and calc the bytes for the page

Après ces lignes de codes, ça doit ressembler à ça

jmp ???????? <- ???????? car ça change à chaque lancement

E9 ?? ?? ?? ?? <- Les Bytes en ce moment

PHP:
_MemoryWrite($page, $process, "0xA1" & $byte[1] & $byte[2] & $byte[3] & $byte[4], "byte[5]") ; Write in our own Page "mov eax,[$MyHP]"

"mov eax,[$MyHP]" Copiet dans le registre eax la valeur de notre propre page ( le second ( $MyHP ))

[PHP_MemoryWrite($page + 0x5, $process, "0x8945FCD945FC8BE5E9" & Byte_Reverse(Calc($page + 0xD, 0x00535F09, 1)), "byte[13]")][/PHP]

89 45 FC - mov [ebp-04],eax
Maintenant nous allons copier eax dans [ebp-04] Parce que nous allons le charger après

D9 45 FC - fld dword ptr [ebp-04]
8B E5 - mov esp,ebp
^Le code original que nous allons écraser avec notre jmp

E9 ???????? - jmp Back
^Là nous faisons jmp back

_MemoryWrite($MyHP, $process, $cmdline[2], "float")

Nous écrivons le second paramètre dans notre page ( $MyHP )
Vous devez comprendre cette parti sans aide.

PHP:
If $cmdline[1] = "1" Then
	_MemoryWrite(0x00535F04, $process, "0xE9" & Byte_Reverse(Calc($page + 1, 0x00535F65)), "byte[5]")
Else
	_MemoryWrite(0x00535F04, $process, "0xD945FC8BE5", "Byte[5]")
EndIf

PHP:
	If $i = 1 Then
		Local $tmp = $dwCall
		$dwCall = $dwAddress
		$dwAddress = $tmp
	EndIf

	Return Hex($dwCall - $dwAddress - 5, 8)
EndFunc   ;==>Calc

Func Byte_Reverse($sBytes)
	Local $sReversed = ""
	For $i = StringLen($sBytes) - 1 To 1 Step -2
		$sReversed &= StringMid($sBytes, $i, 2)
	Next
	Return $sReversed
EndFunc   ;==>Byte_Reverse

Func _AllocMem($ProcessId, $size)
	If $ProcessId == 0 Then Return SetError(1, "", False)
	$Kernel32 = DllOpen("kernel32.dll")
	If @error Then Return SetError(4, "", False)
	$hProcess = DllCall($Kernel32, "DWORD", "OpenProcess", "DWORD", 0x1F0FFF, "int", 0, "DWORD", $ProcessId)
	If @error Then Return SetError(6, "", False)
	$hModule = DllCall($Kernel32, "DWORD", "GetModuleHandleA", "str", "kernel32.dll")
	If @error Then Return SetError(7, "", False)
	$lpStartAddress = DllCall($Kernel32, "DWORD", "GetProcAddress", "DWORD", $hModule[0], "str", "LoadLibraryA")
	If @error Then Return SetError(8, "", False)
	$lpParameter = DllCall($Kernel32, "DWORD", "VirtualAllocEx", "int", $hProcess[0], "int", 0, "int", $size, "DWORD", 0x3000, "int", 4)
	If @error Then Return SetError(9, "", False)
	DllCall($Kernel32, "BOOL", "CloseHandle", "DWORD", $hProcess[0])
	DllClose($Kernel32)
	Return $lpParameter[0]
EndFunc   ;==>_AllocMem

PHP:
#include-once
#Region _Memory
;==================================================================================
; AutoIt Version:       3.1.127 (beta)
; Language:                     English
; Platform:                     All Windows
; Author:                       Nomad
; Requirements:         These functions will only work with beta.
;==================================================================================
; Credits:      wOuter - These functions are based on his original _Mem() functions.
;                       But they are easier to comprehend and more reliable.  These
;                       functions are in no way a direct copy of his functions.  His
;                       functions only provided a foundation from which these evolved.
;==================================================================================
;
; Functions:
;
;==================================================================================
; Function:                     _MemoryOpen($iv_Pid[, $iv_DesiredAccess[, $iv_InheritHandle]])
; Description:          Opens a process and enables all possible access rights to the
;                                       process.  The Process ID of the process is used to specify which
;                                       process to open.  You must call this function before calling
;                                       _MemoryClose(), _MemoryRead(), or _MemoryWrite().
; Parameter(s):         $iv_Pid - The Process ID of the program you want to open.
;                                       $iv_DesiredAccess - (optional) Set to 0x1F0FFF by default, which
;                                                                               enables all possible access rights to the
;                                                                               process specified by the Process ID.
;                                       $iv_InheritHandle - (optional) If this value is TRUE, all processes
;                                                                               created by this process will inherit the access
;                                                                               handle.  Set to 1 (TRUE) by default.  Set to 0
;                                                                               if you want it FALSE.
; Requirement(s):       None.
; Return Value(s):      On Success - Returns an array containing the Dll handle and an
;                                                                open handle to the specified process.
;                                       On Failure - Returns 0
;                                       @Error - 0 = No error.
;                                                        1 = Invalid $iv_Pid.
;                                                        2 = Failed to open Kernel32.dll.
;                                                        3 = Failed to open the specified process.
; Author(s):            Nomad
; Note(s):
;==================================================================================
Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $iv_InheritHandle = 1)

	If Not ProcessExists($iv_Pid) Then
		SetError(1)
		Return 0
	EndIf

	Local $ah_Handle[2] = [DllOpen('kernel32.dll')]

	If @error Then
		SetError(2)
		Return 0
	EndIf

	Local $av_OpenProcess = DllCall($ah_Handle[0], 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $iv_InheritHandle, 'int', $iv_Pid)

	If @error Then
		DllClose($ah_Handle[0])
		SetError(3)
		Return 0
	EndIf

	$ah_Handle[1] = $av_OpenProcess[0]

	Return $ah_Handle

EndFunc   ;==>_MemoryOpen

;==================================================================================
; Function:                     _MemoryRead($iv_Address, $ah_Handle[, $sv_Type])
; Description:          Reads the value located in the memory address specified.
; Parameter(s):         $iv_Address - The memory address you want to read from. It must
;                                                                 be in hex format (0x00000000).
;                                       $ah_Handle - An array containing the Dll handle and the handle
;                                                                of the open process as returned by _MemoryOpen().
;                                       $sv_Type - (optional) The "Type" of value you intend to read.
;                                                               This is set to 'dword'(32bit(4byte) signed integer)
;                                                               by default.  See the help file for DllStructCreate
;                                                               for all types.  An example: If you want to read a
;                                                               word that is 15 characters in length, you would use
;                                                               'char[16]' since a 'char' is 8 bits (1 byte) in size.
; Return Value(s):      On Success - Returns the value located at the specified address.
;                                       On Failure - Returns 0
;                                       @Error - 0 = No error.
;                                                        1 = Invalid $ah_Handle.
;                                                        2 = $sv_Type was not a string.
;                                                        3 = $sv_Type is an unknown data type.
;                                                        4 = Failed to allocate the memory needed for the DllStructure.
;                                                        5 = Error allocating memory for $sv_Type.
;                                                        6 = Failed to read from the specified process.
; Author(s):            Nomad
; Note(s):                      Values returned are in Decimal format, unless specified as a
;                                       'char' type, then they are returned in ASCII format.  Also note
;                                       that size ('char[size]') for all 'char' types should be 1
;                                       greater than the actual size.
;==================================================================================
Func _MemoryRead($iv_Address, $ah_Handle, $sv_Type = 'dword')

	If Not IsArray($ah_Handle) Then
		SetError(1)
		Return 0
	EndIf

	Local $v_Buffer = DllStructCreate($sv_Type)

	If @error Then
		SetError(@error + 1)
		Return 0
	EndIf

	DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')

	If Not @error Then
		Local $v_Value = DllStructGetData($v_Buffer, 1)
		Return $v_Value
	Else
		SetError(6)
		Return 0
	EndIf

EndFunc   ;==>_MemoryRead

;==================================================================================
; Function:                     _MemoryWrite($iv_Address, $ah_Handle, $v_Data[, $sv_Type])
; Description:          Writes data to the specified memory address.
; Parameter(s):         $iv_Address - The memory address which you want to write to.
;                                                                 It must be in hex format (0x00000000).
;                                       $ah_Handle - An array containing the Dll handle and the handle
;                                                                of the open process as returned by _MemoryOpen().
;                                       $v_Data - The data to be written.
;                                       $sv_Type - (optional) The "Type" of value you intend to write.
;                                                               This is set to 'dword'(32bit(4byte) signed integer)
;                                                               by default.  See the help file for DllStructCreate
;                                                               for all types.  An example: If you want to write a
;                                                               word that is 15 characters in length, you would use
;                                                               'char[16]' since a 'char' is 8 bits (1 byte) in size.
; Return Value(s):      On Success - Returns 1
;                                       On Failure - Returns 0
;                                       @Error - 0 = No error.
;                                                        1 = Invalid $ah_Handle.
;                                                        2 = $sv_Type was not a string.
;                                                        3 = $sv_Type is an unknown data type.
;                                                        4 = Failed to allocate the memory needed for the DllStructure.
;                                                        5 = Error allocating memory for $sv_Type.
;                                                        6 = $v_Data is not in the proper format to be used with the
;                                                                "Type" selected for $sv_Type, or it is out of range.
;                                                        7 = Failed to write to the specified process.
; Author(s):            Nomad
; Note(s):                      Values sent must be in Decimal format, unless specified as a
;                                       'char' type, then they must be in ASCII format.  Also note
;                                       that size ('char[size]') for all 'char' types should be 1
;                                       greater than the actual size.
;==================================================================================
Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'dword')

	If Not IsArray($ah_Handle) Then
		SetError(1)
		Return 0
	EndIf

	Local $v_Buffer = DllStructCreate($sv_Type)

	If @error Then
		SetError(@error + 1)
		Return 0
	Else
		DllStructSetData($v_Buffer, 1, $v_Data)
		If @error Then
			SetError(6)
			Return 0
		EndIf
	EndIf

	DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')

	If Not @error Then
		Return 1
	Else
		SetError(7)
		Return 0
	EndIf

EndFunc   ;==>_MemoryWrite

;==================================================================================
; Function:                     _MemoryClose($ah_Handle)
; Description:          Closes the process handle opened by using _MemoryOpen().
; Parameter(s):         $ah_Handle - An array containing the Dll handle and the handle
;                                                                of the open process as returned by _MemoryOpen().
; Return Value(s):      On Success - Returns 1
;                                       On Failure - Returns 0
;                                       @Error - 0 = No error.
;                                                        1 = Invalid $ah_Handle.
;                                                        2 = Unable to close the process handle.
; Author(s):            Nomad
; Note(s):
;==================================================================================
Func _MemoryClose($ah_Handle)

	If Not IsArray($ah_Handle) Then
		SetError(1)
		Return 0
	EndIf

	DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1])
	If Not @error Then
		DllClose($ah_Handle[0])
		Return 1
	Else
		DllClose($ah_Handle[0])
		SetError(2)
		Return 0
	EndIf

EndFunc   ;==>_MemoryClose

;==================================================================================
; Function:                     SetPrivilege( $privilege, $bEnable )
; Description:          Enables (or disables) the $privilege on the current process
;                   (Probably) requires administrator privileges to run
;
; Author(s):            Larry (from autoitscript.com's Forum)
; Notes(s):
; http://www.autoitscript.com/forum/index.php?s=&showtopic=31248&view=findpost&p=223999
;==================================================================================

Func SetPrivilege($privilege, $bEnable)

	Const $TOKEN_ADJUST_PRIVILEGES = 0x0020
	Const $TOKEN_QUERY = 0x0008
	Const $SE_PRIVILEGE_ENABLED = 0x0002
	Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv
	$nTokens = 1
	$LUID = DllStructCreate("dword;int")
	If IsArray($privilege) Then $nTokens = UBound($privilege)
	$TOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]")
	$NEWTOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]")
	$hCurrProcess = DllCall("kernel32.dll", "hwnd", "GetCurrentProcess")
	$SP_auxret = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", $hCurrProcess[0], _
			"int", BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY), "int_ptr", 0)
	If $SP_auxret[0] Then
		$hToken = $SP_auxret[3]
		DllStructSetData($TOKEN_PRIVILEGES, 1, 1)
		$nTokenIndex = 1
		While $nTokenIndex <= $nTokens
			If IsArray($privilege) Then
				$priv = $privilege[$nTokenIndex - 1]
			Else
				$priv = $privilege
			EndIf
			$ret = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", $priv, _
					"ptr", DllStructGetPtr($LUID))
			If $ret[0] Then
				If $bEnable Then
					DllStructSetData($TOKEN_PRIVILEGES, 2, $SE_PRIVILEGE_ENABLED, (3 * $nTokenIndex))
				Else
					DllStructSetData($TOKEN_PRIVILEGES, 2, 0, (3 * $nTokenIndex))
				EndIf
				DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 1), (3 * ($nTokenIndex - 1)) + 1)
				DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 2), (3 * ($nTokenIndex - 1)) + 2)
				DllStructSetData($LUID, 1, 0)
				DllStructSetData($LUID, 2, 0)
			EndIf
			$nTokenIndex += 1
		WEnd
		$ret = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $hToken, "int", 0, _
				"ptr", DllStructGetPtr($TOKEN_PRIVILEGES), "int", DllStructGetSize($NEWTOKEN_PRIVILEGES), _
				"ptr", DllStructGetPtr($NEWTOKEN_PRIVILEGES), "int_ptr", 0)
		$f = DllCall("kernel32.dll", "int", "GetLastError")
	EndIf
	$NEWTOKEN_PRIVILEGES = 0
	$TOKEN_PRIVILEGES = 0
	$LUID = 0
	If $SP_auxret[0] = 0 Then Return 0
	$SP_auxret = DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hToken)
	If Not $ret[0] And Not $SP_auxret[0] Then Return 0
	Return $ret[0]
EndFunc   ;==>SetPrivilege

#EndRegion _Memory

Pour lancez le ***.exe

PHP:
#RequireAdmin
ShellExecute(@ScriptDir & "\[S4L] HP Changer.exe","0 200");200 HP
ou alors
PHP:
#RequireAdmin
ShellExecute(@ScriptDir & "\[S4L] HP Changer.exe","1 1337");1337 HP and Godmode

De -SoulCr4ck- et c'est du Autoit

Bonne soirée et bonne programmation/jeu/cheat.