วิธีสร้างโปร warz ไว้ใช้เอง

1,627

วิธีสร้างโปร ไว้ใช้เอง ทำง่ายนิดเดียว เพียงแค่หมั่นศึกษา การเขียนโปรแกรมด้วย ภาษา C  C++ C#

สิ่งที่ต้องมีในการสร้างโปร warz

  1. microsoft visual studio express (2008 +)

มาเริ่มกันเลย

method 1: Source: main.cpp

 // read more...
// http://www.unknowncheats.me/forum/war-z/80387-useful-coding-and-info-thread.html
#include <Windows.h>
#include <stdio.h>
#include <conio.h>
#include <d3d9.h>
#include <d3dx9.h>
#include <iostream>
#include <vector>
#pragma comment(lib, "d3d9.lib")
#pragma comment(lib, "d3dx9.lib")
using namespace std;


typedef HRESULT(__stdcall* EndScene_t)(LPDIRECT3DDEVICE9);
EndScene_t pEndScene;
DWORD dwEndScene = NULL;

typedef HRESULT(__stdcall* DrawIndexedPrimitive_t)(LPDIRECT3DDEVICE9,D3DPRIMITIVETYPE,INT,UINT,UINT,UINT,UINT);
DrawIndexedPrimitive_t pDrawIndexedPrimitive;
DWORD dwDrawIndexedPrimitive = NULL;

LPD3DXFONT pFont=NULL;
D3DVIEWPORT9 Viewport;
UINT Stride;
IDirect3DVertexBuffer9 *pStreamData;
UINT pOffsetInBytes;

bool key1 = false; 
bool key2 = false; 


void RenderCross(LPDIRECT3DDEVICE9 pDev, DWORD color, int i)
{
	pDev->GetViewport( &Viewport );
	DWORD ScreenCenterX = (Viewport.Width / 2); 
	DWORD ScreenCenterY = (Viewport.Height / 2);
	D3DRECT rec1 = {ScreenCenterX-i, ScreenCenterY, ScreenCenterX+ i, ScreenCenterY+1};
	D3DRECT rec2 = {ScreenCenterX, ScreenCenterY-i, ScreenCenterX+ 1,ScreenCenterY+i};

	pDev->Clear( 1, &rec1, D3DCLEAR_TARGET, color, 0, 0 );
	pDev->Clear( 1, &rec2, D3DCLEAR_TARGET, color, 0, 0 );
}
void RenderString(LPDIRECT3DDEVICE9 pDev, int x, int y, DWORD color, LPD3DXFONT g_pFont, const char *fmt, ...) 
{
	if( !pFont )
     D3DXCreateFontA( pDev,13,0,FW_BOLD,1,0,DEFAULT_CHARSET,OUT_DEFAULT_PRECIS,DEFAULT_QUALITY,DEFAULT_PITCH | FF_DONTCARE,"Arial", &pFont );
	
	if(!g_pFont)
		return;

	RECT FontPos = { x, y, x + 50, y + 50};
	char buf[1024] = {'\0'};
	va_list va_alist;

	va_start(va_alist, fmt);
	vsprintf_s(buf, fmt, va_alist);
	va_end(va_alist);

	pDev->SetRenderState( D3DRS_ZENABLE,false );
	pDev->SetRenderState( D3DRS_FILLMODE,D3DFILL_SOLID );
	g_pFont->DrawTextA(NULL, buf, -1, &FontPos, DT_NOCLIP, color);
	pDev->SetRenderState( D3DRS_ZENABLE, true );
	pDev->SetRenderState( D3DRS_FILLMODE,D3DFILL_SOLID );
}
bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
    for(;*szMask;++szMask,++pData,++bMask)
        if(*szMask=='x' && *pData!=*bMask )
            return false;
    return (*szMask) == NULL;
}
DWORD dwFindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
    for(DWORD i=0; i < dwLen; i++)
    if( bDataCompare( (BYTE*)( dwAddress+i ),bMask,szMask) )
        return (DWORD)(dwAddress+i);
    return 0;
}
void *DetourFunc(BYTE *src, const BYTE *dst, const int len)
{
    BYTE *jmp = (BYTE*)malloc(len+5);
    DWORD dwback;
    VirtualProtect(src, len, PAGE_READWRITE, &dwback);
    memcpy(jmp, src, len); jmp += len;
    jmp[0] = 0xE9;
    *(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
    src[0] = 0xE9;
    *(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
    VirtualProtect(src, len, dwback, &dwback);
    return (jmp-len);
}
 void SetModelColor(LPDIRECT3DDEVICE9 pDev, float r, float g, float b, float a, float glowr, float glowg, float glowb, float glowa)
{
    float lightValues[4] = {r, g, b, a};
    float glowValues[4] = {glowr, glowg, glowb, glowa};
 
    pDev->SetPixelShaderConstantF(1, lightValues, 1);
    pDev->SetPixelShaderConstantF(3, glowValues, 1);
} 
 
static int PlayersNV[] = 
{ 
	4510, 1898, 4185, 8862, 3339, 1336, 3323, 3955, 5643, 7796, 6088, 
	7771, 4868, 9023, 5224, 7769, 7805, 4236, 4700, 4433, 8674, 5182, 
	8830, 8952, 4528, 8690, 3692, 4759, 6115, 3898, 6304, 7007, 3823, 
	6575, 6152, 4114, 6111, 7371, 5452, 4537, 4175, 4053, 4186, 4753, 
	7586, 7343, 7712, 2962, 7020, 7024, 8826, 8959, 6961, 5748, 6981, 
	7094, 2961, 2952, 2951
}; 


static bool bCheckNum(int rec[],int vert) 
{ 
    int i = 0; 
  
    while(rec[i] != 0) 
    { 
        if(rec[i]==vert){return(true);} 
        i++; 
    } 
    return(false); 
} 

 // begin hook here
HRESULT __stdcall hkEndScene(LPDIRECT3DDEVICE9 pDev)
{
	RenderString(pDev, 5, 5, D3DCOLOR_ARGB (255,255,255,0 ), pFont, "[BugZ v1.0] Press Delete to turn Chams, or Home to set Transparency  On/Off ");
	
	if (key1)RenderCross(pDev, D3DCOLOR_ARGB (255,255,255,0 ), 15);

	if((GetAsyncKeyState(VK_DELETE) & 0x1))key1 = !key1;
	if((GetAsyncKeyState(VK_HOME) & 0x1))key2 = !key2;

    return pEndScene(pDev);
}
HRESULT __stdcall hkDrawIndexedPrimitive(LPDIRECT3DDEVICE9 pDev, D3DPRIMITIVETYPE Type, INT BaseVertexIndex, UINT MinVertexIndex, UINT NumVertices, UINT startIndex, UINT primCount)
{ 
 
   if(pDev->GetStreamSource(0, &pStreamData, &pOffsetInBytes, &Stride) == D3D_OK )
	pStreamData->Release();


	if (key1)
	{
		// Disable fog
		pDev->SetRenderState(D3DRS_FOGENABLE, FALSE);
		// Fullbright
		pDev->SetRenderState(D3DRS_LIGHTING, FALSE);
		pDev->SetRenderState(D3DRS_AMBIENT,D3DCOLOR_ARGB(255,255,255,255));

		if (Stride == 32 && bCheckNum(PlayersNV,NumVertices)) // Players color
		{
			DWORD dwOldZEnable = D3DZB_TRUE;
			SetModelColor(pDev, 1.0f, 0.0f, 1.0f, 0.50f, 1.5f, 1.5f, 1.5f, 1.5f);  
			pDev->GetRenderState(D3DRS_ZENABLE, &dwOldZEnable);
			pDev->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
			pDrawIndexedPrimitive(pDev, Type, BaseVertexIndex, MinVertexIndex, NumVertices, startIndex, primCount);
			pDev->SetRenderState(D3DRS_ZENABLE, dwOldZEnable);
			SetModelColor(pDev, 1.0f, 0.0f, 1.0f, 0.50f, 1.5f, 1.5f, 1.5f, 1.5f);  
		}
		else if (Stride == 32 ) // Zombies color
		{ 
			DWORD dwOldZEnable = D3DZB_TRUE;
			SetModelColor(pDev, 1.0f, 0.0f, 0.0f, 0.50f, 1.5f, 1.5f, 1.5f, 1.5f);  
			pDev->GetRenderState(D3DRS_ZENABLE, &dwOldZEnable);
			pDev->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
			pDrawIndexedPrimitive(pDev, Type, BaseVertexIndex, MinVertexIndex, NumVertices, startIndex, primCount);
			pDev->SetRenderState(D3DRS_ZENABLE, dwOldZEnable);
			SetModelColor(pDev, 1.0f, 0.0f, 0.0f, 0.50f, 1.5f, 1.5f, 1.5f, 1.5f);  
		}
		
		if (Stride == 20 && key2)
		{
			pDev->SetRenderState(D3DRS_ALPHABLENDENABLE,D3DZB_TRUE);
			pDev->SetRenderState(D3DRS_DESTBLEND,D3DBLEND_INVSRCALPHA);
		}
	}

    return pDrawIndexedPrimitive(pDev, Type, BaseVertexIndex, MinVertexIndex, NumVertices, startIndex, primCount);
}  
 // End hook here


// dll & d3d9 Init
void Init3d()
{
    HMODULE hModule = NULL;
    while(!hModule)
    {
        hModule = GetModuleHandleA("d3d9.dll");
        Sleep(200);
    }
    DWORD* VTableStart = 0;
    DWORD FoundByGordon = dwFindPattern((DWORD)hModule, 0x128000,(PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx");
    memcpy(&VTableStart, (void*)(FoundByGordon+2), 4);
 
    dwDrawIndexedPrimitive = (DWORD)VTableStart[82];
    dwEndScene = (DWORD)VTableStart[42];

    pEndScene = ( EndScene_t )DetourFunc((PBYTE) dwEndScene,(PBYTE)hkEndScene, 5);
    pDrawIndexedPrimitive = ( DrawIndexedPrimitive_t )DetourFunc((PBYTE) dwDrawIndexedPrimitive, (PBYTE)hkDrawIndexedPrimitive, 5);    
}
int APIENTRY DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
   if (dwReason == DLL_PROCESS_ATTACH)
   {
		CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)Init3d, NULL, NULL, NULL); 
   }
   else if (dwReason == DLL_PROCESS_DETACH)
   {
      // test.dll Terminating!
   }
   return 1;   // ok
}

method 2: Source: main.cpp

#include <Windows.h>
#include <stdio.h>
#include <conio.h>
#include <d3d9.h>
#include <d3dx9.h>
#pragma comment(lib, "d3d9.lib")
#pragma comment(lib, "d3dx9.lib")

#define PI 3.141
#define Yellow  D3DCOLOR_ARGB( 255, 255, 255, 000 )

typedef HRESULT ( WINAPI * DrawIPrim )( LPDIRECT3DDEVICE9, D3DPRIMITIVETYPE, INT, UINT, UINT, UINT, UINT );

VOID Jump( DWORD Address, DWORD Your_Detour );

DWORD Old = NULL;

LPDIRECT3DDEVICE9 pDev;
LPDIRECT3D9 pD3D;

D3DVIEWPORT9 Viewport;
DrawIPrim pDrawIPrim = NULL;

DWORD dwEndscene_hook = NULL;
DWORD dwEndscene_ret = NULL;
DWORD dwDIP_hook = NULL;
DWORD dwDIP_ret = NULL;
DWORD dwReset_hook = NULL;
DWORD dwReset_ret = NULL;
DWORD bJump = NULL;

LPD3DXFONT pFont=NULL;
LPD3DXLINE pLine=NULL;
	
HMODULE D3D9 = NULL;


VOID RenderString(LPDIRECT3DDEVICE9 pDev, int x, int y, DWORD color, LPD3DXFONT g_pFont, const char *fmt, ...) 
{
	if( !pFont )
     D3DXCreateFontA( pDev,13,0,FW_BOLD,1,0,DEFAULT_CHARSET,OUT_DEFAULT_PRECIS,DEFAULT_QUALITY,DEFAULT_PITCH | FF_DONTCARE,"Arial", &pFont );
	
	if(!g_pFont)
		return;

	RECT FontPos = { x, y, x + 50, y + 50};
	char buf[1024] = {'\0'};
	va_list va_alist;

	va_start(va_alist, fmt);
	vsprintf_s(buf, fmt, va_alist);
	va_end(va_alist);

	pDev->SetRenderState( D3DRS_ZENABLE,false );
	pDev->SetRenderState( D3DRS_FILLMODE,D3DFILL_SOLID );
	g_pFont->DrawTextA(NULL, buf, -1, &FontPos, DT_NOCLIP, color);
	pDev->SetRenderState( D3DRS_ZENABLE, true );
	pDev->SetRenderState( D3DRS_FILLMODE,D3DFILL_SOLID );
}
VOID FillRGB(LPDIRECT3DDEVICE9 pDev,int x, int y, int w, int h, DWORD color )
{
	D3DRECT rec = { x, y, x + w, y + h };
	pDev->Clear( 1, &rec, D3DCLEAR_TARGET, color, 0, 0 );
}
VOID RenderBox(LPDIRECT3DDEVICE9 pDev, int x, int y, int w, int h, int px, DWORD color, DWORD color2)
{
	//box
	FillRGB(pDev, x, y, w, h, color);
	//border
	FillRGB(pDev,  x, (y + h - px), w, px,color2);
	FillRGB(pDev,  x, y, px, h,color2 );
	FillRGB(pDev,  x, y, w, px,color2);
	FillRGB(pDev,  (x + w - px), y, px, h,color2);
}

VOID RenderCircle(LPDIRECT3DDEVICE9 pDev,int X, int Y, int radius, int numSides, DWORD Color)
{
	
	if (!pLine)
		D3DXCreateLine(pDev, &pLine);

	D3DXVECTOR2 Line[128];
	float Step = (float)(PI * 2.0 / numSides);
	int Count = 0;
	for (float a=0; a < PI*2.0; a += Step)
	{
	float X1 = radius * cos(a) + X;
	float Y1 = radius * sin(a) + Y;
	float X2 = radius * cos(a+Step) + X;
	float Y2 = radius * sin(a+Step) + Y;
	Line[Count].x = X1;
	Line[Count].y = Y1;
	Line[Count+1].x = X2;
	Line[Count+1].y = Y2;
	Count += 2;
	}

	pLine->Begin();
	pLine->Draw(Line,Count,Color);
	pLine->End();
	pLine->Release();
}
VOID RenderCross(LPDIRECT3DDEVICE9 pDev, DWORD color, int i)
{
	pDev->GetViewport( &Viewport );
	DWORD ScreenCenterX = (Viewport.Width / 2); 
	DWORD ScreenCenterY = (Viewport.Height / 2);
	D3DRECT rec1 = {ScreenCenterX-i, ScreenCenterY, ScreenCenterX+ i, ScreenCenterY+1};
	D3DRECT rec2 = {ScreenCenterX, ScreenCenterY-i, ScreenCenterX+ 1,ScreenCenterY+i};

	pDev->Clear( 1, &rec1, D3DCLEAR_TARGET, color, 0, 0 );
	pDev->Clear( 1, &rec2, D3DCLEAR_TARGET, color, 0, 0 );

	//RenderCircle(pDev, ScreenCenterX, ScreenCenterY, i+3,i+3, color);
}
bool IsMenuOn =false;
VOID WINAPI hkEndScene(LPDIRECT3DDEVICE9 pDev )
{
	__asm nop

	if((GetAsyncKeyState(VK_DELETE) & 0x1))
		IsMenuOn = !IsMenuOn;
	
		RenderString(pDev, 5, 5, Yellow, pFont, "[BugZ v1.0] Press Delete to turn Chams On/Off ");
	
	if (IsMenuOn){
	RenderCross(pDev, Yellow, 15);
	}
 
	

}
__declspec(naked) void MyEndscene( )
{
   __asm
   {
      MOV DWORD PTR SS:[EBP-0x10],ESP
      MOV ESI,DWORD PTR SS:[EBP+0x8]
      XOR EBX,EBX                  //replace patched code
      PUSHFD 
      PUSHAD
      PUSH [EBP+0x8]
      CALL hkEndScene;
      POPAD
      POPFD
      CMP ESI,EBX                  //replace patched code
      jmp dwEndscene_ret;            //jump back to normal endscene
   }
}

VOID SetModelColor(LPDIRECT3DDEVICE9 pDev, float r, float g, float b, float a, float glowr, float glowg, float glowb, float glowa)
{
    float lightValues[4] = {r, g, b, a};
    float glowValues[4] = {glowr, glowg, glowb, glowa};

    pDev->SetPixelShaderConstantF(1, lightValues, 1);
    pDev->SetPixelShaderConstantF(3, glowValues, 1);
} 

VOID WINAPI hkDrawIndexedPrimitive(LPDIRECT3DDEVICE9 pDev, D3DPRIMITIVETYPE Type, INT BIndex, UINT MIndex, UINT NVertices, UINT SIndex, UINT PCount )
{
	
   bJump = TRUE;
   LPDIRECT3DVERTEXBUFFER9 Stream_Data;
   UINT Offset = 0;
   UINT Stride = 0;
   if( pDev->GetStreamSource( 0, &Stream_Data, &Offset, &Stride ) == S_OK )Stream_Data->Release();

   	if (IsMenuOn)
	{
		// Disable fog
		pDev->SetRenderState(D3DRS_FOGENABLE, false);
		// Fullbright
		pDev->SetRenderState(D3DRS_LIGHTING, FALSE);
		pDev->SetRenderState(D3DRS_AMBIENT,D3DCOLOR_ARGB(255,255,255,255));

		switch (Stride)
		{
			case 20: // Buildings
				//pDev->SetRenderState(D3DRS_ALPHABLENDENABLE,TRUE);
				pDev->SetRenderState(D3DRS_DESTBLEND,D3DBLEND_INVSRCALPHA); // Transparency
				break;
			case 32: // Players and Zombies
				//PlayerChams
				pDev->SetRenderState(D3DRS_LIGHTING, FALSE); // Wallhack
                pDev->SetRenderState(D3DRS_ZENABLE, FALSE); 
                SetModelColor(pDev, 1.0f, 0.0f, 0.0f, 0.50f, 1.5f, 1.5f, 1.5f, 1.5f);  
				pDrawIPrim( pDev, Type, BIndex, MIndex, NVertices, SIndex, PCount );
                pDev->SetRenderState(D3DRS_ZENABLE, TRUE); 
				break;
			default:
				break;
		}
	}
	bJump = FALSE;
}
__declspec(naked) void MyDIP( )
{
   __asm
   {
      MOV EDI,DWORD PTR SS:[EBP+0x8]
      XOR EBX,EBX                  
      CMP EDI,EBX                  // replace patched code
      PUSHFD 
      PUSHAD
      MOV EDX,[bJump]
      CMP EDX,0x0
      JG DONE
      PUSH [EBP+0x20]               // Push arguments of DIP
      PUSH [EBP+0x1C]      
      PUSH [EBP+0x18]      
      PUSH [EBP+0x14]      
      PUSH [EBP+0x10]      
      PUSH [EBP+0x0C]      
      PUSH [EBP+0x08]      
      CALL hkDrawIndexedPrimitive
      DONE: POPAD
      POPFD
      jmp dwDIP_ret;               // jump back to normal DIP
   }
}

VOID WINAPI hkReset( )
{
   if( pFont != NULL )
      if( pFont->Release( ) == S_OK )
		  pFont = NULL;

}
__declspec(naked) void MyReset( )
{
   __asm
   {
      PUSHAD
      PUSHFD
      CALL hkReset
      POPFD
      POPAD
      MOV ESI,DWORD PTR SS:[EBP-0x08]
      MOV EDI,DWORD PTR SS:[EBP-0x04]
      POP EBX
      JMP dwReset_ret
   }
}

VOID WINAPI GETD3D( VOID )
{
 
	HWND ConsoleWindow = GetConsoleWindow( );
    ShowWindow( ConsoleWindow, SW_HIDE ); // hide ConsoleWindow...


   while( D3D9 == NULL )
   {
      D3D9 = GetModuleHandleA( "d3d9.dll" );
      Sleep( 100 );
   }

    D3DPRESENT_PARAMETERS D3D_PP = {0};
    IDirect3D9 * (WINAPI *oDirect3DCreate9)(UINT SDKVersion);


   *(PDWORD)&oDirect3DCreate9 = (DWORD)GetProcAddress( D3D9, "Direct3DCreate9" );

   _cprintf( "Direct3DCreate9\n" );
   pD3D = oDirect3DCreate9( D3D_SDK_VERSION );

   D3D_PP.Windowed = TRUE;
   D3D_PP.SwapEffect = D3DSWAPEFFECT_DISCARD;
   D3D_PP.BackBufferFormat = D3DFMT_UNKNOWN;

   _cprintf( "CreateDevice\n" );
   pD3D->CreateDevice( D3DADAPTER_DEFAULT, D3DDEVTYPE_HAL,ConsoleWindow, D3DCREATE_SOFTWARE_VERTEXPROCESSING, &D3D_PP, &pDev );

   PDWORD VTABLE = *(DWORD**)pDev;

   dwEndscene_hook = VTABLE[42] + 0x2A;
   dwEndscene_ret = dwEndscene_hook + 0x0A;
   dwDIP_hook = VTABLE[82] + 0x2D;
   dwDIP_ret = dwDIP_hook + 0x7;
   dwReset_hook = VTABLE[16] + 165;
   dwReset_ret = dwReset_hook + 0x7;

   *(PDWORD)&pDrawIPrim = (DWORD)VTABLE[82];

   _cprintf( "Jump\n" );
   Jump( (DWORD)dwEndscene_hook, (DWORD)MyEndscene );
   Jump( (DWORD)dwDIP_hook, (DWORD)MyDIP );
   Jump( (DWORD)dwReset_hook, (DWORD)MyReset );

   _cprintf( "Done\n" );
   Sleep( 400 );
   pDev->Release( );
   pD3D->Release( );
   FreeConsole( );
}

VOID Jump( DWORD Address, DWORD Your_Detour )
{
   VirtualProtect( (LPVOID)Address, 5, PAGE_EXECUTE_READWRITE, &Old );

   *(PBYTE)Address = (BYTE)0xE9; 
   *(PDWORD)(Address + 1) = ( Your_Detour - Address - 5) ;
   VirtualProtect( (LPVOID)Address, 5, Old, &Old );
}

BOOL WINAPI DllMain( HINSTANCE hModule, DWORD dwReason, LPVOID lpvReserved )
{
   if( dwReason == DLL_PROCESS_ATTACH )
   {
      DisableThreadLibraryCalls( hModule );
      AllocConsole( );
      _cprintf( "Ready\n" );
      CreateThread( NULL, NULL, (LPTHREAD_START_ROUTINE)
         GETD3D, NULL, NULL, NULL);
   }
   return TRUE;
}
Comments
กำลังโหลด ...
Englishไทย