使作弊器适用于任意版本_CS作弊器交流讨论

引用
引用第0楼莎仕芘亞于2007-06-28 21:15发表的使作弊器适用于任意版本 :
打开client.cpp,找到下面这段----------------------------------struct cl_enginefuncs_s gEngfuncs;struct cl_enginefuncs_s gHookedEngfuncs;struct efx_api_s gHookEfxApi;engine_studio_api_t IEngineStudio;engine_studio_api_t* pIEngineStudio=0;cl_enginefuncs_s *pEngfuncs = (cl_enginefuncs_s*) 0x01EB72D8;playermove_s *ppmove = (playermove_s*) 0x02D5FE20;engine_studio_api_s *pstudio = (engine_studio_api_s*) 0x01ED3520;------------------------------------替换为----------------------------------struct cl_enginefuncs_s gEngfuncs;struct cl_enginefuncs_s gHookedEngfuncs;struct efx_api_s gHookEfxApi;engine_studio_api_t IEngineStudio;engine_studio_api_t* pIEngineStudio=0;cl_enginefuncs_s* pEngfuncs;engine_studio_api_s* pstudio;playermove_s *ppmove;-----------------------------------查找下面这段[offsets不一定相同,直接查找DWORD* slots]---------------------------------DWORD* slots = (DWORD*)0x01EB74E8;------------------------------------改为---------------------DWORD* slots;------------------------查找-----------------------------void OnlyHook(LARGE_INTEGER *lp, bool force = true)------------------------------在这个区间上方加入----------------------------------DWORD FindPattern(char *pattern, int len, DWORD dwStart, DWORD dwLen){ char *m = (char *)dwStart; for(; (DWORD)m < (dwStart + dwLen); m++) if(!memcmp(m, pattern, len)) return (DWORD)m; return NULL;}-----------------------------------在onlyhook区间内加入------------------------------------ char engine_sig[] = "x89x74x24x5Cx89x74x24x60x89x74x24x64x89x74x24x68x89x74x24x6Cx89x74x24x70x89x74x24x74x89x74x24x78x89x74x24x7C"; DWORD dwEngine = FindPattern(engine_sig, strlen(engine_sig), 0x01D60000, 0x01000000); DWORD Slots_sig = (*(DWORD*)(dwEngine - 0x74)); DWORD* slots = (DWORD*)Slots_sig; static bool NotPatched = true; if (NotPatched) { int a; for(a=0x01D00000;a<0x01D0FFFF;a++) { if(*(PBYTE)(a) == 0x68 && *(PBYTE)(a + 0x05) == 0xE8 && *(PBYTE)(a + 0x0A) == 0x6A && *(PBYTE)(a + 0x0B) == 0x07 && *(PBYTE)(a + 0x0C) == 0x68 && *(PBYTE)(a + 0x11) == 0xFF && *(PBYTE)(a + 0x12) == 0x15 && *(PBYTE)(a + 0x17) == 0x68) { pEngfuncs = (cl_enginefunc_t*)*(DWORD*)(a+0x0D); break; } } int b; for(b=0x01D00000;b<0x01D0FFFF;b++) { if(*(PBYTE)(b) == 0xE8 && *(PBYTE)(b + 0x05) == 0x6A && *(PBYTE)(b + 0x06) == 0x07 && *(PBYTE)(b + 0x07) == 0x68 && *(PBYTE)(b + 0x0C) == 0xFF && *(PBYTE)(b + 0x0D) == 0x15 && *(PBYTE)(b + 0x12) == 0x68 && *(PBYTE)(b + 0x1C) == 0x81) { ppmove = (playermove_s*)*(DWORD*)(b+0x13); break; } } int c; for(c=0x01D00000;c<0x01D0FFFF;c++) { if(*(PBYTE)(c) == 0x68 && *(PBYTE)(c + 0x05) == 0x68 && *(PBYTE)(c + 0x0A) == 0x6A && *(PBYTE)(c + 0x0B) == 0x01 && *(PBYTE)(c + 0x0C) == 0xFF && *(PBYTE)(c + 0x0D) == 0xD0 && *(PBYTE)(c + 0x0E) == 0x83 && *(PBYTE)(c + 0x27) == 0xC3) { pstudio = (engine_studio_api_s*)*(DWORD*)(c+0x01); break; } } NotPatched = false; }------------------------------------------------步骤一完成Credits: Unknown (Came from somewhere on Game-Deception)Tutorial: Robert步骤二打开main.cpp找到------------------------detour_S_DynamicSound------------------------在区间上加入-------------------------------bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask){ for(;*szMask;++szMask,++pData,++bMask) if(*szMask=='x' && *pData!=*bMask ) return false; return (*szMask) == NULL;}DWORD dwFindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask){ for(DWORD i=0; i < dwLen; i++) if( bDataCompare( (BYTE*)( dwAddress+i ),bMask,szMask) ) return (DWORD)(dwAddress+i); return 0;}---------------------------------然后在detour_S_DynamicSound区间内找到----------------------------------BYTE* offs = (BYTE*)0x01D96920;------------------------------替换为------------------------------BYTE* offs = (BYTE*) SOUND_ADDR;----------------------------------在这一行上方加入--------------------------DWORD SOUND_ADDR = dwFindPattern(0x1D90000,0x30000,(BYTE*)"x83xECx48xA1x00x00x00x00","xxxx???");----------------------------找到-------------------------sound patch applied successfully------------------------整行替换为----------------------------------------------------------------------OGCmessage( "&gsound patch applied successfully: 0x%X",SOUND_ADDR);---------------------------------------------------------------全部完成保存修改,然后用VC++重新编译生成DLL即可