Thread: [C] DLL question, CoD4

hi i have another question, today i have created my personal DLL Injector, and now i am trying to do something with call of duty 4, clearing recoil for example

but.. there is a problem, if i leave the DLL running, the game crashes, i must terminate the process with another tool i have built

this is the source code, the injector i have used is this http://aimbots.net/basehooks-sources...-test-dll.html

also, the punkbuster kick me (0 minute kick) for corrupted memory, even if i am using VirtualProtect() and not WriteProcessMemory()

norecoil.c (for call of duty 4 - modern warfare v1.7)

Code:

#include <windows.h>

void norecoil_hack_core(void);
void manipulate_memory(int address, BYTE *data, int length);
int pressed(int v_key);

BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID _Reserved)
{
     if(dwReason == DLL_PROCESS_ATTACH) norecoil_hack_core();
     return TRUE;
}

void norecoil_hack_core(void)
{
     BYTE norecoil_ON[2] = {0x75, 0x12};
     BYTE norecoil_OFF[2] = {0x74, 0x12};
     int norecoil = 0;

     while(1)
     {
          if(pressed(VK_NUMPAD0))
          {
               if(norecoil == 0)
               {
                    manipulate_memory(0x00457CCF, norecoil_ON, 2);
                    //HANDLE cod4mw = GetCurrentProcess();
                    //WriteProcessMemory(cod4mw, (void *)0x00457CCF, norecoil_ON, 2, 0);
                    norecoil = 1;
               }
               else
               {
                    manipulate_memory(0x00457CCF, norecoil_OFF, 2);
                    //HANDLE cod4mw = GetCurrentProcess();
                    //WriteProcessMemory(cod4mw, (void *)0x00457CCF, norecoil_OFF, 2, 0);
                    norecoil = 0;
               }

               _beep(440, 10);
               _sleep(500);
          }

          _sleep(1);
     }
}

void manipulate_memory(int address, BYTE *data, int length)
{
     int protection;
     VirtualProtect((void *)address, length, PAGE_READWRITE, (PDWORD)&protection);
     memcpy((void *)address, (const void *)data, length);
     VirtualProtect((void *)address, length, protection, 0);
}

int pressed(int v_key) // returns 1 if true, 0 if false
{
     /* SHORT GetAsyncKeyState(int vKey);

        Return Value
        If the function succeeds, the return value specifies whether the key was pressed since the last call to GetAsyncKeyState,
        and whether the key is currently up or down. If the most significant bit is set, the key is down, and if the least
        significant bit is set, the key was pressed after the previous call to GetAsyncKeyState. */

     if((GetAsyncKeyState(v_key) & 0x00000001) != 0) return 1;
     return 0;
}

You are patching bytes = detected.

Originally Posted by back2hack

You are patching bytes = detected.

always?

and about the problem of the crash? some idea?

ok i have readed this but it was somewhat discouraging..

"Important This function is obsolete and should not be used. Despite its name, it does not guarantee that the pointer is valid or that the memory pointed to is safe to use. For more information, see Remarks on this page."

okay.. but i can try to use it in any case..

but reading..

"IsBadXxxPtr should really be called CrashProgramRandomly"

O_o, nice function lol..

so, even if i resolve the problem of the game crash, punkbuster detect my hack, there is a way to bypass PB and use the hack in this mode, or i must learn how to use detouring?

i am going to read some old forum threads.. thanks for the answers

i have solved the main problem, reading other sources i have understand that a DLL must create a thread and exit from DllMain, otherwise the injection block the game

this is the norecoil dll source code for cod4 v1.7, detected, now i search some PB countermeasures

norecoil.c

Code:

// Call Of Duty 4 - Modern Warfare v1.7 NoRecoil by NorbiX (DETECTED)

// Author: NorbiX
// MSN:    bobcat01@hotmail.com
// e-mail: xibron[at]gmail[dot]com

#include <windows.h>

void norecoil_hack_core(void);
void manipulate_memory(int address, BYTE *data, int length);
int pressed(int v_key);

BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID pvReserved)
{
     if(dwReason == DLL_PROCESS_ATTACH)
     {
          CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&norecoil_hack_core, NULL, 0, NULL);
     }
     return TRUE;
}

void norecoil_hack_core(void)
{
     BYTE norecoil_ON[2] = {0x75, 0x12};
     BYTE norecoil_OFF[2] = {0x74, 0x12};
     int norecoil = 0;

     while(1)
     {
          if(pressed(VK_NUMPAD0))
          {
               if(norecoil == 0)
               {
                    manipulate_memory(0x00457CCF, norecoil_ON, 2);
                    //HANDLE cod4mw = GetCurrentProcess();
                    //WriteProcessMemory(cod4mw, (void *)0x00457CCF, norecoil_ON, 2, 0);
                    norecoil = 1;
               }
               else
               {
                    manipulate_memory(0x00457CCF, norecoil_OFF, 2);
                    //HANDLE cod4mw = GetCurrentProcess();
                    //WriteProcessMemory(cod4mw, (void *)0x00457CCF, norecoil_OFF, 2, 0);
                    norecoil = 0;
               }

               _beep(440, 10);
               _sleep(500);
          }

          _sleep(1);
     }
}

void manipulate_memory(int address, BYTE *data, int length)
{
     int protection;
     VirtualProtect((void *)address, length, PAGE_READWRITE, (PDWORD)&protection);
     memcpy((void *)address, (const void *)data, length);
     VirtualProtect((void *)address, length, protection, 0);
}

int pressed(int v_key) // returns 1 if true, 0 if false
{
     /* SHORT GetAsyncKeyState(int vKey);

        Return Value
        If the function succeeds, the return value specifies whether the key was pressed since the last call to GetAsyncKeyState,
        and whether the key is currently up or down. If the most significant bit is set, the key is down, and if the least
        significant bit is set, the key was pressed after the previous call to GetAsyncKeyState. */

     if((GetAsyncKeyState(v_key) & 0x00000001) != 0) return 1;
     return 0;
}

PS: i havent used the two functions IsBad..()