Thread: Injecting and Hooking CoD

I've spending the last few days messing with random hooking tutorials, and I even made the InsertDateTime redirect for Notepad and scared a few people by thinking I gave them a virus xD

I'm moved back to CoD and I used OllyDBG to locate the "WEAPON_FIRING" function in cgamex86.dll. but I'm not sure the adress is correct... because when I inject my DLL without any function hooking, CoD starts up, but when I add my hooks, it doesn't start up.

Adresses:

Code:

3000CCC5    |. E8 26C50000    CALL cgamex86.300191F0
3000CCCA    |. 83C4 04        ADD ESP,4
3000CCCD    |. 5E             POP ESI
3000CCCE    |. C3             RETN
3000CCCF       68 E46D0530    PUSH cgamex86.30056DE4      ASCII"WEAPON_FIRING"

dllmain.cpp:

Code:

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include "detours.h"
#include "dll.h"

BOOL APIENTRY DllMain (HINSTANCE hInst     /* Library instance handle. */ ,
                       DWORD reason        /* Reason this function is being called. */ ,
                       LPVOID reserved     /* Not used. */ )
{
    switch (reason)
    {
      case DLL_PROCESS_ATTACH:
          MessageBox(0, "Injected!", "TehBlizzy's CoDHook", MB_OK);
          WEAPON_FIRING = (int (__stdcall*)(void))DetourFunction((PBYTE)<adress?>, (PBYTE)HookWEAPON_FIRING);
        break;

      case DLL_PROCESS_DETACH:
        break;

      case DLL_THREAD_ATTACH:
        break;

      case DLL_THREAD_DETACH:
          DetourRemove((PBYTE)<adress?>, (PBYTE)WEAPON_FIRING); //Remove hook
        break;
    }

    /* Returns TRUE on success, FALSE on failure */
    return TRUE;
}

dll.h:

Code:

#ifndef _DLL_H_
#define _DLL_H_

#if BUILDING_DLL
# define DLLIMPORT __declspec (dllexport)
#else /* Not BUILDING_DLL */
# define DLLIMPORT __declspec (dllimport)
#endif /* Not BUILDING_DLL */

int (__stdcall* WEAPON_FIRING)(void);

void HookWEAPON_FIRING(void)
{
MessageBox(0, "You just fired a round.", "Function Called", MB_OK);
return;
}

#endif /* _DLL_H_ */

Can anyone point me in the right direction of what address(es) I'm supposed to hook and get this to work?

you will hook cod sp?

is for mp
scr includet
http://aimbots.net/attachments/sugge...1-norecoil.zip


just search for string=ASCII "CG_FireWeapon: ent->weapon > BG_GetNumWeapons()"

and press enter the second FireWepon line

and search the 2X call

the offset for sp is then

Code:

0x3002C4F0

Ah... I was using a complete different method for looking for the functions, thanks man!

---

*
I just finished trying it out... and what can I say.... there literally is -no- recoil. I'll work on making it so I can toggle it on and off(Pretty simple)

---

*
I'm looking in OllyDBG and where you said "just search for string=ASCII CG_FireWeapon: ent->weapon > BG_GetNumWeapons()", how would I do that?

What I know to do:

1.Open cgamex86.dll in OllyDBG.
2.Right Click -> Search -> For all Referenced Text Strings
3. Scroll to very top and look down the list and I find:
"3000CCCF 68 E46D0530 PUSH cgamex86.30056DE4 ; ASCII "WEAPON_FIRING
""
4. When I hit enter or double-click it it just expands that to show the PUSH, ADD, POP, RETN above/below it.

^---- Is that what I'm supposed to be doing?

---

*
Ah! Never mind about finding those addresses, I was looking at the wrong areas.