[Помогите!] Speed Hack

[Котик Задротик]

Привет всем. Посоветуйте спидхак кросе СЕ(и аналогов) и Спид Гира и Спид икса. Не пишите коменты тип он не пойдет на ПБ и другие. Просто посаветуйте. Чтобы в нем можно было выбирать процесс. За отличный СХ поставлю +10 к спасибкам.

[КаМаZ]

Цитата: Сообщение от Котик Задротик Привет всем. Посоветуйте спидхак кросе СЕ(и аналогов) и Спид Гира и Спид икса. Не пишите коменты тип он не пойдет на ПБ и другие. Просто посаветуйте. Чтобы в нем можно было выбирать процесс. За отличный СХ поставлю +10 к спасибкам

Спидхак фикс ,СЕ фикс No comments

[iamzero]

хз вообще... да и спид хаки защитой срузу обычно ловятся....

[Котик Задротик]

Пожулуста не флудите. и читайте внимательнее. Не пишите коменты тип он не пойдет на ПБ и другие.

[крайслер]

Гдето исходники SUY по интернету гуляют... Поищи, может подойдет..

[крайслер]

Цитата: Сообщение от adbe(1) А как расшифровывается? Или найди в поиске такого нету

Не как не расшифровывается...

.cpp

////////// BY SAU //////////////

#include <stdio.h>
#include <Windows.h>
#include <DbgHelp.h>
#include <Mmsystem.h>

#pragma comment (lib, "DbgHelp.lib")
#pragma comment (lib, "Winmm.lib")

#define MakePtr(cast, base, offset) (cast)((DWORD_PTR)(base) + (DWORD_PTR)(offset))

typedef WINBASEAPI DWORD (WINAPI *PGetTickCount)(void);
typedef WINMMAPI DWORD (WINAPI *PTimeGetTime)(void);
typedef WINBASEAPI BOOL (WINAPI *PQueryPerformanceCounter)(__out LARGE_INTEGER *lpPerformanceCount);

bool SpeedHack = true;
float factorset = 1.0; //начальное ускорение

LPVOID orgGetTickCount;
LPVOID orgTimeGetTime;
LPVOID orgQueryPerformanceCounter;
BYTE VK_SH = 0;

//Для установки значения из клинета путем CreateRemoteThread
extern "C" __declspec(dllexport) DWORD __cdecl InitSpeed(int *newSpeed)
{
factorset = (float)(*newSpeed)/10;
return S_OK;
}
//Для установки горячей клавиши из клиента путем CreateRemoteThread
extern "C" __declspec(dllexport) DWORD __cdecl BindKey(int* vk)
{
VK_SH = *vk;
return S_OK;
}

void SetSpeedFactor(float newFactor)
{
factorset = newFactor;
}

//Горячие клавиши ///////////////////////////////////////////////////////////////////////////////////////////////////////
void SpeedLoop()
{
while(true)
{
//if(GetAsyncKeyState(VK_HOME)) factorset += 0.25;
//if(GetAsyncKeyState(VK_END)) factorset -= 0.25;
if(VK_SH!=0 && GetAsyncKeyState(VK_SH)) SpeedHack = !SpeedHack;
Sleep(200);
}
}
//Хук на GetTickCount///////////////////////////////////////////////////////////////////////////////////////////////////////
DWORD WINAPI HackGetTickCount()
{
static DWORD gtc_last_real, gtc_last_fake;
DWORD ret = ((PGetTickCount)orgGetTickCount)();
DWORD nReal = ret;
DWORD dReal = nReal - gtc_last_real;
DWORD dFake = factorset * dReal;

if(SpeedHack) { ret = gtc_last_fake + dFake; gtc_last_fake += dFake; }
else { ret = gtc_last_fake + dReal; gtc_last_fake += dReal; }
gtc_last_real += dReal;

return ret;
}
//Хук на TimeGetTime///////////////////////////////////////////////////////////////////////////////////////////////////////
DWORD HackTimeGetTime()
{
static DWORD tgt_last_real, tgt_last_fake;
DWORD ret = ((PTimeGetTime)orgTimeGetTime)();
DWORD nReal = ret;
DWORD dReal = nReal - tgt_last_real;
DWORD dFake = factorset * dReal;

if (SpeedHack) { ret = tgt_last_fake + dFake; tgt_last_fake += dFake; }
else { ret = tgt_last_fake + dReal; tgt_last_fake += dReal; }
tgt_last_real += dReal;

return ret;
}
//Хук на QueryPerformanceCounter///////////////////////////////////////////////////////////////////////////////////////////////////////
BOOL WINAPI HackQueryPerformanceCounter(__out LARGE_INTEGER *lpPerformanceCount)
{
static DWORD qpc_last_fake, qpc_last_real;
BOOL ret = ((PQueryPerformanceCounter)orgQueryPerformanceCoun ter)(lpPerformanceCount);
DWORD nReal = lpPerformanceCount->LowPart;
DWORD dReal = nReal - qpc_last_real;
DWORD dFake = factorset * dReal;

if (SpeedHack) { lpPerformanceCount->LowPart = qpc_last_fake + dFake; qpc_last_fake += dFake; }
else { lpPerformanceCount->LowPart = qpc_last_fake + dReal; qpc_last_fake += dReal; }
qpc_last_real += dReal;

return ret;
}
//Запись в память с установкой прав доступа///////////////////////////////////////////////////////////////////////////////////////////////////////
HRESULT WriteProtectedMemory(LPVOID pDest, LPCVOID pSrc, DWORD dwSize)
{
DWORD dwOldProtect = 0;
if (!VirtualProtect(pDest, dwSize, PAGE_READWRITE, &dwOldProtect)) return HRESULT_FROM_WIN32(GetLastError());
MoveMemory(pDest, pSrc, dwSize);
VirtualProtect(pDest, dwSize, dwOldProtect, &dwOldProtect);
return S_OK;
}
//Считываем структуры PE и правим таблицу импорта///////////////////////////////////////////////////////////////////////////////////////////////////////
HRESULT ApiHijackImports(HMODULE hModule,LPSTR szVictim,LPSTR szEntry,LPVOID pHijacker,LPVOID *ppOrig)
{
if (::IsBadStringPtrA(szVictim, -1) || (!IS_INTRESOURCE(szEntry) && ::IsBadStringPtrA(szEntry, -1)) || IsBadCodePtr(FARPROC(pHijacker))) return E_INVALIDARG;

PIMAGE_DOS_HEADER pDosHeader = PIMAGE_DOS_HEADER(hModule);

if (IsBadReadPtr(pDosHeader, sizeof(IMAGE_DOS_HEADER)) || IMAGE_DOS_SIGNATURE != pDosHeader->e_magic) return E_INVALIDARG;

PIMAGE_NT_HEADERS pNTHeaders = MakePtr(PIMAGE_NT_HEADERS, hModule, pDosHeader->e_lfanew);

if (::IsBadReadPtr(pNTHeaders, sizeof(IMAGE_NT_HEADERS)) || IMAGE_NT_SIGNATURE != pNTHeaders->Signature) return E_INVALIDARG;

HRESULT hr = E_UNEXPECTED;

IMAGE_DATA_DIRECTORY& impDir = pNTHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT];
PIMAGE_IMPORT_DESCRIPTOR pImpDesc = MakePtr(PIMAGE_IMPORT_DESCRIPTOR, hModule, impDir.VirtualAddress), pEnd = pImpDesc + impDir.Size / sizeof(IMAGE_IMPORT_DESCRIPTOR) - 1;

while(pImpDesc < pEnd)
{
//нашли наш модуль
if (lstrcmpiA(MakePtr(LPSTR, hModule, pImpDesc->Name), szVictim)==0)
{
if (pImpDesc->OriginalFirstThunk==0) return E_UNEXPECTED;

PIMAGE_THUNK_DATA pNamesTable = MakePtr(PIMAGE_THUNK_DATA, hModule, pImpDesc->OriginalFirstThunk);

if (IS_INTRESOURCE(szEntry))// поиск по ординалу
while(pNamesTable->u1.AddressOfData)
{
if (IMAGE_SNAP_BY_ORDINAL(pNamesTable->u1.Ordinal) && WORD(szEntry) == IMAGE_ORDINAL(pNamesTable->u1.Ordinal))
{
hr = S_OK;
break;
}

pNamesTable++;
}

if (!IS_INTRESOURCE(szEntry))// поиск по имени
while(pNamesTable->u1.AddressOfData)
{
if (!IMAGE_SNAP_BY_ORDINAL(pNamesTable->u1.Ordinal))
{
PIMAGE_IMPORT_BY_NAME pName = MakePtr(PIMAGE_IMPORT_BY_NAME,hModule, pNamesTable->u1.AddressOfData);
if (lstrcmpiA(LPSTR(pName->Name), szEntry)==0)
{
hr = S_OK;
break;
}
}

pNamesTable++;
}

if (SUCCEEDED(hr))
{
//Нашли нашу функцию, сохраняем ее адрес
LPVOID *pProc = MakePtr(LPVOID *, pNamesTable, pImpDesc->FirstThunk - pImpDesc->OriginalFirstThunk);
if (ppOrig) *ppOrig = *pProc;
//Записываем новый адрес
return WriteProtectedMemory(pProc, &pHijacker, sizeof(LPVOID));
}

break;
}

pImpDesc++;
}

return hr;
}
//Тут проходимся по всем библиотекам процесса и подменяем адреса функций///////////////////////////////////////////////////////////////////////////////////////////////////////
void HookAllModules(bool hook)
{
HMODULE hMod = GetModuleHandle(NULL);

if(hook)
{
ApiHijackImports(hMod,"kernel32.dll","QueryPerform anceCounter",HackQueryPerformanceCounter,&orgQuery PerformanceCounter);
ApiHijackImports(hMod,"kernel32.dll","GetTickCount ",HackGetTickCount,&orgGetTickCount);
ApiHijackImports(hMod,"winmm.dll","timeGetTime",Ha ckTimeGetTime,&orgTimeGetTime);
}

if(!hook)
{
ApiHijackImports(hMod,"kernel32.dll","QueryPerform anceCounter",orgQueryPerformanceCounter,NULL);
ApiHijackImports(hMod,"kernel32.dll","GetTickCount ",orgGetTickCount,NULL);
ApiHijackImports(hMod,"winmm.dll","timeGetTime",or gTimeGetTime,NULL);
}

PIMAGE_DOS_HEADER pDosHeader = PIMAGE_DOS_HEADER(hMod);
if (IsBadReadPtr(pDosHeader, sizeof(IMAGE_DOS_HEADER)) || IMAGE_DOS_SIGNATURE != pDosHeader->e_magic) return;
PIMAGE_NT_HEADERS pNTHeaders = MakePtr(PIMAGE_NT_HEADERS, hMod, pDosHeader->e_lfanew);
if (::IsBadReadPtr(pNTHeaders, sizeof(IMAGE_NT_HEADERS)) || IMAGE_NT_SIGNATURE != pNTHeaders->Signature) return;
HRESULT hr = E_UNEXPECTED;
IMAGE_DATA_DIRECTORY& impDir = pNTHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT];
PIMAGE_IMPORT_DESCRIPTOR pImpDesc = MakePtr(PIMAGE_IMPORT_DESCRIPTOR, hMod, impDir.VirtualAddress), pEnd = pImpDesc + impDir.Size / sizeof(IMAGE_IMPORT_DESCRIPTOR) - 1;

while(pImpDesc < pEnd)
{
LPSTR modName = MakePtr(LPSTR, hMod, pImpDesc->Name);
HMODULE hModImport = GetModuleHandleA(modName);
if(lstrcmpiA(modName, "kernel32.dll")!=0 && lstrcmpiA(modName, "winmm.dll")!=0 && hModImport!=NULL)
{
if(hook)
{
ApiHijackImports(hModImport,"kernel32.dll","QueryP erformanceCounter",HackQueryPerformanceCounter,&or gQueryPerformanceCounter);
ApiHijackImports(hModImport,"kernel32.dll","GetTic kCount",HackGetTickCount,&orgGetTickCount);
ApiHijackImports(hModImport,"winmm.dll","timeGetTi me",HackTimeGetTime,&orgTimeGetTime);
}

if(!hook)
{
ApiHijackImports(hModImport,"kernel32.dll","QueryP erformanceCounter",orgQueryPerformanceCounter,NULL );
ApiHijackImports(hModImport,"kernel32.dll","GetTic kCount",orgGetTickCount,NULL);
ApiHijackImports(hModImport,"winmm.dll","timeGetTi me",orgTimeGetTime,NULL);
}

}

pImpDesc++;
}

if(hook)
{
if(orgGetTickCount==NULL) MessageBoxA(NULL,"can't hook GetTickCount",NULL,MB_OK);
if(orgQueryPerformanceCounter==NULL) MessageBoxA(NULL,"can't hook QueryPerformanceCounter",NULL,MB_OK);
if(orgTimeGetTime==NULL) MessageBoxA(NULL,"can't hook TimeGetTime",NULL,MB_OK);
}
}

.h

#ifndef SH_H
#define SH_H


void HookAllModules(bool hook);
void SetSpeedFactor(float newFactor);

#endif

[КаМаZ]

Цитата: Сообщение от крайслер Гдето исходники SUY по интернету гуляют... Поищи, может подойдет..

О да я его с пбхака помню еще