LUDIX-BoT Forum
 
HomeHome  CalendarCalendar  FAQFAQ  SearchSearch  MemberlistMemberlist  UsergroupsUsergroups  RegisterRegister  Log inLog in  

Share | 
 

 Call of Duty 4 Wallhack Tutorial

Go down 
AuthorMessage
Shagrath



Posts : 57
Join date : 2009-10-10
Location : Istanbul/Turkey

PostSubject: Call of Duty 4 Wallhack Tutorial   Sat Oct 10, 2009 10:48 am

Code:
#include <windows.h>
#include <detours.h>

typedef LONG (WINAPI *InterlockedExchangeAdd_t)(LONG volatile *, LONG);
InterlockedExchangeAdd_t o_InterlockedExchangeAdd = NULL;

void _declspec(naked) h_InterlockedExchangeAdd(void)
{
   __asm {
      push eax
      mov eax, DWORD PTR[esp+0x78+0x4]
      cmp eax, 0x44548C
      jne call_orig
      mov [esp+0x80+0x4], 0x12      
call_orig:
      pop eax
      mov ecx, [esp+4]
      mov eax, [esp+8]
      lock xadd [ecx], eax
      retn 8
   }
}

int WINAPI DllMain(void *DllHandle, unsigned long Reason, void *Reserved)
{
   if (Reason == DLL_PROCESS_ATTACH) {
      o_InterlockedExchangeAdd = (InterlockedExchangeAdd_t) DetourFunction((BYTE *) InterlockedExchangeAdd, (BYTE *) h_InterlockedExchangeAdd);
   } else if (Reason == DLL_PROCESS_DETACH) {
      if (o_InterlockedExchangeAdd) {
         DetourRemove((BYTE *) o_InterlockedExchangeAdd, (BYTE *) h_InterlockedExchangeAdd);
         o_InterlockedExchangeAdd = NULL;
      }
   }

   return 1;
}

Explanation:

CG_Player() calls what I call SomeEntityFunction() because I don't really know what is the name of it supposed to be:
Code:
.text:0044547F                push    eax            ; int
.text:00445480                push    4              ; int
.text:00445482                push    ecx            ; int
.text:00445483                mov    eax, ebx
.text:00445485                mov    ecx, esi
.text:00445487                call    SomeEntityFunction

As we all know, patching 'push 4' into 'push 0x12' enables the wallhack, but that is detected since PB scans the .text section. This function in some place calls a WINAPI called InterlockedExchangeAdd:
Code:
.text:005F7B6A                mov    ebx, ds:InterlockedExchangeAdd
[...]
.text:005F7BA0                call    ebx ; InterlockedExchangeAdd

So i hooked InterlockedExchangeAdd and modified SomeEntityFunction's stack frame. Specifically, the pushed argument. Didn't call o_ InterlockedExchangeAdd since it's very short so I inlined it inside the detour func.

Long story short:
A() -> B() -> C()
A calls B which calls C. I hook C and modify B's stack.

Currently undetected.

Thanks to chaplex
Back to top Go down
View user profile
Pacino



Posts : 10
Join date : 2009-10-10
Age : 27
Location : Slovenia

PostSubject: Re: Call of Duty 4 Wallhack Tutorial   Sat Oct 10, 2009 11:45 am

Oh Great. Smile
Back to top Go down
View user profile
SUXXX
Admin
Admin


Posts : 66
Join date : 2009-10-10

PostSubject: Re: Call of Duty 4 Wallhack Tutorial   Sat Oct 10, 2009 12:59 pm

Thanks alot man :}
Back to top Go down
View user profile http://ludix-bot.tk
Pisti_



Posts : 20
Join date : 2009-10-10
Age : 26
Location : Hungary

PostSubject: Re: Call of Duty 4 Wallhack Tutorial   Sat Oct 10, 2009 3:29 pm

I've heard that helps for SUXXX to make his own wallhack for cod4 Wink
Back to top Go down
View user profile http://www.codehook.com
Shagrath



Posts : 57
Join date : 2009-10-10
Location : Istanbul/Turkey

PostSubject: Re: Call of Duty 4 Wallhack Tutorial   Sun Oct 11, 2009 3:13 am

I hope so Smile
Back to top Go down
View user profile
SUXXX
Admin
Admin


Posts : 66
Join date : 2009-10-10

PostSubject: Re: Call of Duty 4 Wallhack Tutorial   Sun Oct 11, 2009 6:58 am

Yes i did it works and thanks Shagrath and who created this code.. ye true Pisti .. I will upload it later Smile
Back to top Go down
View user profile http://ludix-bot.tk
Sponsored content




PostSubject: Re: Call of Duty 4 Wallhack Tutorial   

Back to top Go down
 
Call of Duty 4 Wallhack Tutorial
Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
LUDIX-BoT Forum :: Coding :: General Coding-
Jump to: