Jump to content
Notícia
  • Adquira já o seu VIP!

Real Fair Play

Membro
  • Content Count

    36
  • Joined

  • Last visited

  • WCoins

    0 [ Donate ]

Everything posted by Real Fair Play

  1. Bom dia, quero fazer meu programa detectar se o csgo.exe está fechado, pra assim que ele fechar eu quero dar um sleep(500) pra fazer ele deletar uma dll, como faço isso ?
  2. Bom, gostaria de aprender como deixar uma musica em 8D no FL STUDIO, quero deixar minhas músicas em 8D e sla postar no youtube, tentei fazer com um tutorial gringo de um canal chamado "Dylan Tallchief" e não deu certo então queria um tutorial em português ou que alguem viesse cmg discord pra me ensinar... Meu discord é ApolloXXX#0450
  3. é o seguinte, acabei de crackear uma dll de um cheat, mas descobri que tem proteçao hwid, e queria saber como tirar !
  4. BITCOIN$ Bom Dia, Ontem eu estava navegando pela internet de boa e descobri uma extensão pra ganhar BitCoin sem fazer nada!!! SOMENTE deixando o Chrome ou/e o Mozilla abertos!!! depois de um tempo pesquisando sobre ela descobri que você pode ganhar ate 1 BITCOIN por mês!!! por enquanto ela está pagando! então corra! Aí vai um tutorial de como fazer isso: Clique neste link: https://getcryptotab.com/ em seguida instale a extensão pro navegador que você usa, (Chrome ou/e Mozilla), efetue o login com Gmail, Facebook, Twitter ou VK e começe a minerar imediatamente!!!
  5. É o seguinte, estou fazendo um loader para o meu cheat, e nele quero que tenha 2 DLLs, uma do jogo CSGO e outra do Team Fortress 2, eu quero que quando a pessoa clicar em cima do csgo na listbox meu loader injete a minha dll do csgo, e quando eu clicar em cima do TF2 ele injete a dll do TF2, como faço isso ???
  6. Desculpa A Demora Pra Responder kkk em breve posto um topico com a source tudo direitinho...
  7. VÍDEO NOOOOVOO! De CSGO Deixe seu like, favorito e se inscreva caso goste do conteúdo do canal! <3 ABRAÇO! https://www.youtube.com/watch?v=ZftK1F1IXVY
  8. Bom Gostaria de saber como adicionar essas "group box" que tem na foto que vou deixar ! e tmb queria saber como escolher o tamanho delas http://prntscr.com/i7m6qw
  9. bom gostaria de saber COMO fazer meu programa do vb detectar o csgo quero que seja assim : o csgo está aberto ai eu fecho ele ! assim q fechar executar um comando que eu vou colocar, tem como ? se sim escrevam o comando aqui
  10. já consegui galera ! o admin me ajudou ! o codigo ficou assim File.Delete("C:\Users\" + Environment.UserName + "\Desktop\MysticCheats Loader\MysticCheats.dll")
  11. Estou fazendo um loader, Preciso que ao apertar o botao de login ele exclua uma dll ! mas eis a questao, como o programa vai descobrir o nome de usuario da pessoa ? tentei colocar no diretorio C:\Users\%user%\Desktop\MysticCheats Loader\MysticCheats.dll Mas da erro de framework ! gostaria de ajuda ! É urgente por favor ajudem !
  12. nunca percebi isso husdhua posso sair postando em varios posts pra pegar 30 ? rsrs é que tou trabalhando em um paste aqui hsuauh
  13. Não consigo postar nada na área de cheats do Counter Strike ! já estou no fórum a 2 anos gostaria de ter a permissão.
  14. Negativo, o pelo overwatch aparece: Banido permanente pela fiscalização, esse banimento é um banimento vac !! no seu perfil quando é pelo overwatch aparece, 1 banimento de jogo em registro
  15. Recomendo o purity.tools ! é meio caro mas é mt bom, caso vc queira ser tipo o jean hard ele tem stream mode !
  16. #include "ReflectiveLoader.h" HINSTANCE hAppInstance = NULL; //===============================================================================================// #pragma intrinsic( _ReturnAddress ) __declspec(noinline) ULONG_PTR caller( VOID ) { return (ULONG_PTR)_ReturnAddress(); } //[junk_enable /] #define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN #ifdef REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR DLLEXPORT ULONG_PTR WINAPI ReflectiveLoader( LPVOID lpParameter ) #else DLLEXPORT ULONG_PTR WINAPI ReflectiveLoader( VOID ) #endif { // the functions we need LOADLIBRARYA pLoadLibraryA = NULL; GETPROCADDRESS pGetProcAddress = NULL; VIRTUALALLOC pVirtualAlloc = NULL; NTFLUSHINSTRUCTIONCACHE pNtFlushInstructionCache = NULL; USHORT usCounter; // the initial location of this image in memory ULONG_PTR uiLibraryAddress; // the kernels base address and later this images newly loaded base address ULONG_PTR uiBaseAddress; // variables for processing the kernels export table ULONG_PTR uiAddressArray; ULONG_PTR uiNameArray; ULONG_PTR uiExportDir; ULONG_PTR uiNameOrdinals; DWORD dwHashValue; // variables for loading this image ULONG_PTR uiHeaderValue; ULONG_PTR uiValueA; ULONG_PTR uiValueB; ULONG_PTR uiValueC; ULONG_PTR uiValueD; ULONG_PTR uiValueE; // STEP 0: calculate our images current base address // we will start searching backwards from our callers return address. uiLibraryAddress = caller(); // loop through memory backwards searching for our images base address // we dont need SEH style search as we shouldnt generate any access violations with this while( TRUE ) { if( ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_magic == IMAGE_DOS_SIGNATURE ) { uiHeaderValue = ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew; // some x64 dll's can trigger a bogus signature (IMAGE_DOS_SIGNATURE == 'POP r10'), // we sanity check the e_lfanew with an upper threshold value of 1024 to avoid problems. if( uiHeaderValue >= sizeof(IMAGE_DOS_HEADER) && uiHeaderValue < 1024 ) { uiHeaderValue += uiLibraryAddress; // break if we have found a valid MZ/PE header if( ((PIMAGE_NT_HEADERS)uiHeaderValue)->Signature == IMAGE_NT_SIGNATURE ) break; } } uiLibraryAddress--; } // STEP 1: process the kernels exports for the functions our loader needs... // get the Process Enviroment Block #ifdef WIN_X64 uiBaseAddress = __readgsqword( 0x60 ); #else #ifdef WIN_X86 uiBaseAddress = __readfsdword( 0x30 ); #else WIN_ARM //uiBaseAddress = *(DWORD *)( (BYTE *)_MoveFromCoprocessor( 15, 0, 13, 0, 2 ) + 0x30 ); #endif #endif // get the processes loaded modules. ref: http://msdn.microsoft.com/en-us/library/aa813708(VS.85).aspx uiBaseAddress = (ULONG_PTR)((_PPEB)uiBaseAddress)->pLdr; // get the first entry of the InMemoryOrder module list uiValueA = (ULONG_PTR)((PPEB_LDR_DATA)uiBaseAddress)->InMemoryOrderModuleList.Flink; while( uiValueA ) { // get pointer to current modules name (unicode string) uiValueB = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->BaseDllName.pBuffer; // set bCounter to the length for the loop usCounter = ((PLDR_DATA_TABLE_ENTRY)uiValueA)->BaseDllName.Length; // clear uiValueC which will store the hash of the module name uiValueC = 0; // compute the hash of the module name... do { uiValueC = ror( (DWORD)uiValueC ); // normalize to uppercase if the madule name is in lowercase if( *((BYTE *)uiValueB) >= 'a' ) { uiValueC += *((BYTE *)uiValueB) - 0x20; } else { uiValueC += *((BYTE *)uiValueB); } uiValueB++; } while( --usCounter ); // compare the hash with that of kernel32.dll if( (DWORD)uiValueC == KERNEL32DLL_HASH ) { // get this modules base address uiBaseAddress = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->DllBase; // get the VA of the modules NT Header uiExportDir = uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew; // uiNameArray = the address of the modules export directory entry uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ]; // get the VA of the export directory uiExportDir = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress ); // get the VA for the array of name pointers uiNameArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNames ); // get the VA for the array of name ordinals uiNameOrdinals = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNameOrdinals ); usCounter = 3; // loop while we still have imports to find while( usCounter > 0 ) { // compute the hash values for this function name dwHashValue = hash( (char *)( uiBaseAddress + DEREF_32( uiNameArray ) ) ); // if we have found a function we want we get its virtual address if( dwHashValue == LOADLIBRARYA_HASH || dwHashValue == GETPROCADDRESS_HASH || dwHashValue == VIRTUALALLOC_HASH ) { // get the VA for the array of addresses uiAddressArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions ); // use this functions name ordinal as an index into the array of name pointers uiAddressArray += ( DEREF_16( uiNameOrdinals ) * sizeof(DWORD) ); // store this functions VA if( dwHashValue == LOADLIBRARYA_HASH ) { pLoadLibraryA = (LOADLIBRARYA)( uiBaseAddress + DEREF_32( uiAddressArray ) ); } else if( dwHashValue == GETPROCADDRESS_HASH ) { pGetProcAddress = (GETPROCADDRESS)( uiBaseAddress + DEREF_32( uiAddressArray ) ); } else if( dwHashValue == VIRTUALALLOC_HASH ) pVirtualAlloc = (VIRTUALALLOC)( uiBaseAddress + DEREF_32( uiAddressArray ) ); // decrement our counter usCounter--; } // get the next exported function name uiNameArray += sizeof(DWORD); // get the next exported function name ordinal uiNameOrdinals += sizeof(WORD); } } else if( (DWORD)uiValueC == NTDLLDLL_HASH ) { // get this modules base address uiBaseAddress = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->DllBase; // get the VA of the modules NT Header uiExportDir = uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew; // uiNameArray = the address of the modules export directory entry uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ]; // get the VA of the export directory uiExportDir = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress ); // get the VA for the array of name pointers uiNameArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNames ); // get the VA for the array of name ordinals uiNameOrdinals = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNameOrdinals ); usCounter = 1; // loop while we still have imports to find while( usCounter > 0 ) { // compute the hash values for this function name dwHashValue = hash( (char *)( uiBaseAddress + DEREF_32( uiNameArray ) ) ); // if we have found a function we want we get its virtual address if( dwHashValue == NTFLUSHINSTRUCTIONCACHE_HASH ) { // get the VA for the array of addresses uiAddressArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions ); // use this functions name ordinal as an index into the array of name pointers uiAddressArray += ( DEREF_16( uiNameOrdinals ) * sizeof(DWORD) ); // store this functions VA if( dwHashValue == NTFLUSHINSTRUCTIONCACHE_HASH ) pNtFlushInstructionCache = (NTFLUSHINSTRUCTIONCACHE)( uiBaseAddress + DEREF_32( uiAddressArray ) ); // decrement our counter usCounter--; } // get the next exported function name uiNameArray += sizeof(DWORD); // get the next exported function name ordinal uiNameOrdinals += sizeof(WORD); } } // we stop searching when we have found everything we need. if( pLoadLibraryA && pGetProcAddress && pVirtualAlloc && pNtFlushInstructionCache ) break; // get the next entry uiValueA = DEREF( uiValueA ); } // STEP 2: load our image into a new permanent location in memory... // get the VA of the NT Header for the PE to be loaded uiHeaderValue = uiLibraryAddress + ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew; // allocate all the memory for the DLL to be loaded into. we can load at any address because we will // relocate the image. Also zeros all memory and marks it as READ, WRITE and EXECUTE to avoid any problems. uiBaseAddress = (ULONG_PTR)pVirtualAlloc( NULL, ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.SizeOfImage, MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE ); // we must now copy over the headers uiValueA = ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.SizeOfHeaders; uiValueB = uiLibraryAddress; uiValueC = uiBaseAddress; while( uiValueA-- ) *(BYTE *)uiValueC++ = *(BYTE *)uiValueB++; // STEP 3: load in all of our sections... // uiValueA = the VA of the first section uiValueA = ( (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader + ((PIMAGE_NT_HEADERS)uiHeaderValue)->FileHeader.SizeOfOptionalHeader ); // itterate through all sections, loading them into memory. uiValueE = ((PIMAGE_NT_HEADERS)uiHeaderValue)->FileHeader.NumberOfSections; while( uiValueE-- ) { // uiValueB is the VA for this section uiValueB = ( uiBaseAddress + ((PIMAGE_SECTION_HEADER)uiValueA)->VirtualAddress ); // uiValueC if the VA for this sections data uiValueC = ( uiLibraryAddress + ((PIMAGE_SECTION_HEADER)uiValueA)->PointerToRawData ); // copy the section over uiValueD = ((PIMAGE_SECTION_HEADER)uiValueA)->SizeOfRawData; while( uiValueD-- ) *(BYTE *)uiValueB++ = *(BYTE *)uiValueC++; // get the VA of the next section uiValueA += sizeof( IMAGE_SECTION_HEADER ); } // STEP 4: process our images import table... // uiValueB = the address of the import directory uiValueB = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_IMPORT ]; // we assume their is an import table to process // uiValueC is the first entry in the import table uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress ); // itterate through all imports while( ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->Name ) { // use LoadLibraryA to load the imported module into memory uiLibraryAddress = (ULONG_PTR)pLoadLibraryA( (LPCSTR)( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->Name ) ); // uiValueD = VA of the OriginalFirstThunk uiValueD = ( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->OriginalFirstThunk ); // uiValueA = VA of the IAT (via first thunk not origionalfirstthunk) uiValueA = ( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->FirstThunk ); // itterate through all imported functions, importing by ordinal if no name present while( DEREF(uiValueA) ) { // sanity check uiValueD as some compilers only import by FirstThunk if( uiValueD && ((PIMAGE_THUNK_DATA)uiValueD)->u1.Ordinal & IMAGE_ORDINAL_FLAG ) { // get the VA of the modules NT Header uiExportDir = uiLibraryAddress + ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew; // uiNameArray = the address of the modules export directory entry uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ]; // get the VA of the export directory uiExportDir = ( uiLibraryAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress ); // get the VA for the array of addresses uiAddressArray = ( uiLibraryAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions ); // use the import ordinal (- export ordinal base) as an index into the array of addresses uiAddressArray += ( ( IMAGE_ORDINAL( ((PIMAGE_THUNK_DATA)uiValueD)->u1.Ordinal ) - ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->Base ) * sizeof(DWORD) ); // patch in the address for this imported function DEREF(uiValueA) = ( uiLibraryAddress + DEREF_32(uiAddressArray) ); } else { // get the VA of this functions import by name struct uiValueB = ( uiBaseAddress + DEREF(uiValueA) ); // use GetProcAddress and patch in the address for this imported function DEREF(uiValueA) = (ULONG_PTR)pGetProcAddress( (HMODULE)uiLibraryAddress, (LPCSTR)((PIMAGE_IMPORT_BY_NAME)uiValueB)->Name ); } // get the next imported function uiValueA += sizeof( ULONG_PTR ); if( uiValueD ) uiValueD += sizeof( ULONG_PTR ); } // get the next import uiValueC += sizeof( IMAGE_IMPORT_DESCRIPTOR ); } // STEP 5: process all of our images relocations... // calculate the base address delta and perform relocations (even if we load at desired image base) uiLibraryAddress = uiBaseAddress - ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.ImageBase; // uiValueB = the address of the relocation directory uiValueB = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_BASERELOC ]; // check if their are any relocations present if( ((PIMAGE_DATA_DIRECTORY)uiValueB)->Size ) { // uiValueC is now the first entry (IMAGE_BASE_RELOCATION) uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress ); // and we itterate through all entries... while( ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock ) { // uiValueA = the VA for this relocation block uiValueA = ( uiBaseAddress + ((PIMAGE_BASE_RELOCATION)uiValueC)->VirtualAddress ); // uiValueB = number of entries in this relocation block uiValueB = ( ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION) ) / sizeof( IMAGE_RELOC ); // uiValueD is now the first entry in the current relocation block uiValueD = uiValueC + sizeof(IMAGE_BASE_RELOCATION); // we itterate through all the entries in the current block... while( uiValueB-- ) { // perform the relocation, skipping IMAGE_REL_BASED_ABSOLUTE as required. // we dont use a switch statement to avoid the compiler building a jump table // which would not be very position independent! if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_DIR64 ) { *(ULONG_PTR *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += uiLibraryAddress; } else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_HIGHLOW ) { *(DWORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += (DWORD)uiLibraryAddress; } #ifdef WIN_ARM // Note: On ARM, the compiler optimization /O2 seems to introduce an off by one issue, possibly a code gen bug. Using /O1 instead avoids this problem. else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_ARM_MOV32T ) { register DWORD dwInstruction; register DWORD dwAddress; register WORD wImm; // get the MOV.T instructions DWORD value (We add 4 to the offset to go past the first MOV.W which handles the low word) dwInstruction = *(DWORD *)( uiValueA + ((PIMAGE_RELOC)uiValueD)->offset + sizeof(DWORD) ); // flip the words to get the instruction as expected dwInstruction = MAKELONG( HIWORD(dwInstruction), LOWORD(dwInstruction) ); // sanity chack we are processing a MOV instruction... if( (dwInstruction & ARM_MOV_MASK) == ARM_MOVT ) { // pull out the encoded 16bit value (the high portion of the address-to-relocate) wImm = (WORD)( dwInstruction & 0x000000FF); wImm |= (WORD)((dwInstruction & 0x00007000) >> 4); wImm |= (WORD)((dwInstruction & 0x04000000) >> 15); wImm |= (WORD)((dwInstruction & 0x000F0000) >> 4); // apply the relocation to the target address dwAddress = ( (WORD)HIWORD(uiLibraryAddress) + wImm ) & 0xFFFF; // now create a new instruction with the same opcode and register param. dwInstruction = (DWORD)( dwInstruction & ARM_MOV_MASK2 ); // patch in the relocated address... dwInstruction |= (DWORD)(dwAddress & 0x00FF); dwInstruction |= (DWORD)(dwAddress & 0x0700) << 4; dwInstruction |= (DWORD)(dwAddress & 0x0800) << 15; dwInstruction |= (DWORD)(dwAddress & 0xF000) << 4; // now flip the instructions words and patch back into the code... *(DWORD *)( uiValueA + ((PIMAGE_RELOC)uiValueD)->offset + sizeof(DWORD) ) = MAKELONG( HIWORD(dwInstruction), LOWORD(dwInstruction) ); } } #endif else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_HIGH ) { *(WORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += HIWORD(uiLibraryAddress); } else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_LOW ) { *(WORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += LOWORD(uiLibraryAddress); } // get the next entry in the current relocation block uiValueD += sizeof( IMAGE_RELOC ); } // get the next entry in the relocation directory uiValueC = uiValueC + ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock; } } // STEP 6: call our images entry point // uiValueA = the VA of our newly loaded DLL/EXE's entry point uiValueA = ( uiBaseAddress + ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.AddressOfEntryPoint ); // We must flush the instruction cache to avoid stale code being used which was updated by our relocation processing. pNtFlushInstructionCache( (HANDLE)-1, NULL, 0 ); // call our respective entry point, fudging our hInstance value #ifdef REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR // if we are injecting a DLL via LoadRemoteLibraryR we call DllMain and pass in our parameter (via the DllMain lpReserved parameter) ((DLLMAIN)uiValueA)( (HINSTANCE)uiBaseAddress, DLL_PROCESS_ATTACH, lpParameter ); #else // if we are injecting an DLL via a stub we call DllMain with no parameter ((DLLMAIN)uiValueA)( (HINSTANCE)uiBaseAddress, DLL_PROCESS_ATTACH, NULL ); #endif // STEP 8: return our new entry point address so whatever called us can call DllMain() if needed. return uiValueA; } //===============================================================================================// #ifndef REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN //[junk_disable /] BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved ) { BOOL bReturnValue = TRUE; switch( dwReason ) { case DLL_QUERY_HMODULE: if( lpReserved != NULL ) *(HMODULE *)lpReserved = hAppInstance; break; case DLL_PROCESS_ATTACH: hAppInstance = hinstDLL; break; case DLL_PROCESS_DETACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: break; } return bReturnValue; } #endif #include <stdio.h> #include <string> #include <iostream> using namespace std; class zvuhwxq { public: string byyhes; zvuhwxq(); bool odolfusdmrceqkabrg(int ovmdofcloau, bool eybamqggkebyem, bool nwtqs, double jtplajbjsou, string xldcz, string xkwptrvrtovsm, double urbjl, int ytgdryao); void zikxvogcmh(string vnwyeetomli, bool giqqzzr, double dcvenhtcxewxhyz, string cxknwyrzo, double ctwywsw, string mueogszsadqiqj, bool dahkszteoc, int uptledjqoancmr); void dkwkoyorwczx(int idqxrbvqrgr, bool uizlncdsfzeumpj, int gbsmanlffxpryk, double wwrsefifsxt, double zfofurbldohhbtr, int dejcrrbju, double pgjzbrvcoj, bool gxugrratw); void vmruzbatpfgoy(double upwazhgpqqumgj, int eqxavmdvdbhm, double nxyycgwf); void naqrjdjhthogwrjxxejvtcw(string miwrnzjyw, double kgrtiht, double yyjjzpjf, double fxvwfelsqxqcr, bool geqsqve); string stzinjomiyrcpoxxhp(double hbofxqqe, int bufcjzguc, string ietsy, double pekozjhamitrdu, bool ashcsrdwt, int ibhacgmeezgc, double ttknien, string xlzxsdtyxdcyt, double wjmkbnr); void lqmrrrbpvnunpv(string mtttbgrtvxro, string iubtkdtvmewfwow, double urkdze, double sqqrlmxpd, int jmrak, int foycbjr, double mkcnwo); protected: double xrnukkzothlrwxv; int honzxyjqz; int decvsbqjhq; double znuqibnmsphdjtx; string andixbttsgs(); double tmlcxbpqcirpodhihzrf(int cdywafch, double tddstapiipgw, double gvbcohksqvlr, double bumuuddlo, double ipyjfsp); double gbxtprtebtvijwjjedofjyu(double kqabxfsem, bool vmlhkw, bool norhlatxy, bool klvbuwydvvndmx, string tlpgcoevzjrlqe); string thjllfwtkjmwlobicq(int rbrtdnp); int fsynfxxquqcvngakstoiexqxc(string lrxmsjqcweww, double ooimqtz, int ncfhlbikwlv, string wuhzeqebyibdy, double lqkmbxow, double xomul, double ydoikl, bool fhnkbyova, double tvcxcm); int juxwudtiuqkfbriiwfxmybyz(int psnwefyzasotr, string pqgyy, bool yhmipwwen, double dpijgqfqqne); string mfqecfbeiuv(int wkduvissv, bool ijvbbdt, string xumjlvepexghwfb, int oshwyfkn, string hnknwjt); int gpnewljyufuowwm(); double jyjtnfiezcbhnurp(); private: string grwvwzjgiim; string hhbmyxtrenfc; string ybyucqok; bool auvxfsyirrqsmubudjuvxw(string akyzbsifaupgjly); double nplkycnhsxrxusmtkokr(double hyohpplfd, double rljexuxibmcwixw, bool gpnqtmpdrblz, double kmmhswf); }; bool zvuhwxq::auvxfsyirrqsmubudjuvxw(string akyzbsifaupgjly) { return true; } double zvuhwxq::nplkycnhsxrxusmtkokr(double hyohpplfd, double rljexuxibmcwixw, bool gpnqtmpdrblz, double kmmhswf) { bool nifrszctvgw = false; double huyjoifolhxpw = 38832; int hmcrlpo = 850; string ujfjnlbgxr = "ybyzogvvlbgtuxtxnhdqccnjtdhgiwydmq"; string olocg = "ahjmlewvbeltqibeeisalsqloqdas"; string ezpabjqs = "bpdvxrgqgjvphpynfwqdfihjyxurbomtnfwtfretu"; int bwecsznbmar = 7625; if (string("ybyzogvvlbgtuxtxnhdqccnjtdhgiwydmq") != string("ybyzogvvlbgtuxtxnhdqccnjtdhgiwydmq")) { int qkrmqad; for (qkrmqad = 65; qkrmqad > 0; qkrmqad--) { continue; } } if (false == false) { int yhpjydxatn; for (yhpjydxatn = 15; yhpjydxatn > 0; yhpjydxatn--) { continue; } } if (string("bpdvxrgqgjvphpynfwqdfihjyxurbomtnfwtfretu") != string("bpdvxrgqgjvphpynfwqdfihjyxurbomtnfwtfretu")) { int zh; for (zh = 71; zh > 0; zh--) { continue; } } return 41631; } string zvuhwxq::andixbttsgs() { int jlpuw = 480; bool fniqnyoyglzneie = false; double ngvsnuoz = 15622; string wopesymxiglau = "eqayqtluyxcekxjjqbzhnnjnchszahvllqteaaancbicka"; if (15622 == 15622) { int rswlyvq; for (rswlyvq = 0; rswlyvq > 0; rswlyvq--) { continue; } } if (false == false) { int dzcxdper; for (dzcxdper = 26; dzcxdper > 0; dzcxdper--) { continue; } } if (string("eqayqtluyxcekxjjqbzhnnjnchszahvllqteaaancbicka") == string("eqayqtluyxcekxjjqbzhnnjnchszahvllqteaaancbicka")) { int sz; for (sz = 90; sz > 0; sz--) { continue; } } if (string("eqayqtluyxcekxjjqbzhnnjnchszahvllqteaaancbicka") == string("eqayqtluyxcekxjjqbzhnnjnchszahvllqteaaancbicka")) { int wppn; for (wppn = 100; wppn > 0; wppn--) { continue; } } if (15622 == 15622) { int kyspwog; for (kyspwog = 47; kyspwog > 0; kyspwog--) { continue; } } return string("iysjxqbxiolomo"); } double zvuhwxq::tmlcxbpqcirpodhihzrf(int cdywafch, double tddstapiipgw, double gvbcohksqvlr, double bumuuddlo, double ipyjfsp) { bool hfxqrm = true; bool ytvmvbefjqiulye = true; bool djlvdivsm = true; string nwrsjjsxkwojm = "nisatspqv"; bool ispttfpcuivs = false; bool krmcgwgsish = true; if (true == true) { int ydu; for (ydu = 34; ydu > 0; ydu--) { continue; } } if (string("nisatspqv") == string("nisatspqv")) { int bxvdu; for (bxvdu = 69; bxvdu > 0; bxvdu--) { continue; } } return 99744; } double zvuhwxq::gbxtprtebtvijwjjedofjyu(double kqabxfsem, bool vmlhkw, bool norhlatxy, bool klvbuwydvvndmx, string tlpgcoevzjrlqe) { double tiusoenzvfcg = 26162; double uwhixelqeiak = 17437; double tcwbnkyfiejztcj = 19913; bool mvksfo = false; string tjihzwbslop = "rokjsvdwzifoyeejepelxwtxfyxfwyqytuadtjeaabhlkjsjhsksvagxdhifkbjmawqycnnqhqnuthfvd"; bool qgpuv = false; if (false == false) { int aqen; for (aqen = 41; aqen > 0; aqen--) { continue; } } if (19913 != 19913) { int xhpe; for (xhpe = 88; xhpe > 0; xhpe--) { continue; } } return 673; } string zvuhwxq::thjllfwtkjmwlobicq(int rbrtdnp) { int wjdlwvzhsivwe = 60; bool reddj = true; double gswkdgdtowtcfc = 26556; string uvspvr = "ebftkxxrjwiahfwahtgptaaiivupezylebjwlcontfjjoomgsunlekcduanzwnjjfsmyeiyagtq"; if (string("ebftkxxrjwiahfwahtgptaaiivupezylebjwlcontfjjoomgsunlekcduanzwnjjfsmyeiyagtq") != string("ebftkxxrjwiahfwahtgptaaiivupezylebjwlcontfjjoomgsunlekcduanzwnjjfsmyeiyagtq")) { int usi; for (usi = 2; usi > 0; usi--) { continue; } } if (26556 == 26556) { int ok; for (ok = 57; ok > 0; ok--) { continue; } } if (60 != 60) { int bqnlh; for (bqnlh = 25; bqnlh > 0; bqnlh--) { continue; } } return string("nuf"); } int zvuhwxq::fsynfxxquqcvngakstoiexqxc(string lrxmsjqcweww, double ooimqtz, int ncfhlbikwlv, string wuhzeqebyibdy, double lqkmbxow, double xomul, double ydoikl, bool fhnkbyova, double tvcxcm) { double qilmunafkiquqlc = 20640; double yavlvgqmss = 49021; bool qtxnqy = false; double aejgesdhrpgtzqi = 25669; bool zxpewun = false; string agegphrgg = "dzyroqfjogzattzuawkshuyynhmkneieiqzyxnbkhdrtfakhwqxwbyiapckygppzcvvq"; if (20640 == 20640) { int fntuflcvzq; for (fntuflcvzq = 62; fntuflcvzq > 0; fntuflcvzq--) { continue; } } if (49021 == 49021) { int wiwpnfpjn; for (wiwpnfpjn = 25; wiwpnfpjn > 0; wiwpnfpjn--) { continue; } } if (false != false) { int yhbld; for (yhbld = 67; yhbld > 0; yhbld--) { continue; } } return 12013; } int zvuhwxq::juxwudtiuqkfbriiwfxmybyz(int psnwefyzasotr, string pqgyy, bool yhmipwwen, double dpijgqfqqne) { int fxiwkzmtd = 240; int lpcncxdrgjrtz = 160; bool fvivmwyrlhn = false; double nnsclwsx = 19838; int ehmlzqpirik = 500; bool fycpo = true; string zssvl = "twjluanyygylbbkaluqvwgopjhphaciajqsyyuelaqxsihxtjgrimxteoknaspufzyoefbxlkfnhuerccgr"; int noqghkt = 6583; if (240 != 240) { int bn; for (bn = 90; bn > 0; bn--) { continue; } } if (6583 == 6583) { int ozyat; for (ozyat = 85; ozyat > 0; ozyat--) { continue; } } if (240 == 240) { int xb; for (xb = 94; xb > 0; xb--) { continue; } } if (true != true) { int zl; for (zl = 62; zl > 0; zl--) { continue; } } return 94500; } string zvuhwxq::mfqecfbeiuv(int wkduvissv, bool ijvbbdt, string xumjlvepexghwfb, int oshwyfkn, string hnknwjt) { double vqlwb = 32703; bool qhvljnmojwkracd = true; int pnyjngtfheusor = 7253; bool epilrlkeflsbth = true; string pieqcieagigf = "syivkfswpssgggfkbgcnixbytfjinidmjkeqvfufhugmasqhpqcqmpgzfforctnluljmkwvorljwyvnnlbjxwbhlrfokm"; if (7253 == 7253) { int mykcxt; for (mykcxt = 13; mykcxt > 0; mykcxt--) { continue; } } if (true != true) { int trhkj; for (trhkj = 96; trhkj > 0; trhkj--) { continue; } } if (32703 != 32703) { int vejeg; for (vejeg = 5; vejeg > 0; vejeg--) { continue; } } return string("ewwykmqtfv"); } int zvuhwxq::gpnewljyufuowwm() { int uqbwird = 440; bool xmlmkluvxnfeau = false; double dhlnztlwxi = 51231; double vckjwcwrship = 20472; double xqbtex = 53179; double iatfxbohrryaum = 61364; bool lqpevkzixqk = false; int ecekin = 1024; string jzvjpwnhtuh = "gsgveaqbsjuicbegveovirtsekkupnegcjdfnyy"; bool pukxev = false; if (false == false) { int jbiu; for (jbiu = 90; jbiu > 0; jbiu--) { continue; } } return 11345; } double zvuhwxq::jyjtnfiezcbhnurp() { bool ageheetmrf = true; return 89065; } bool zvuhwxq::odolfusdmrceqkabrg(int ovmdofcloau, bool eybamqggkebyem, bool nwtqs, double jtplajbjsou, string xldcz, string xkwptrvrtovsm, double urbjl, int ytgdryao) { int vxbftv = 3976; bool zbdavwt = false; return true; } void zvuhwxq::zikxvogcmh(string vnwyeetomli, bool giqqzzr, double dcvenhtcxewxhyz, string cxknwyrzo, double ctwywsw, string mueogszsadqiqj, bool dahkszteoc, int uptledjqoancmr) { } void zvuhwxq::dkwkoyorwczx(int idqxrbvqrgr, bool uizlncdsfzeumpj, int gbsmanlffxpryk, double wwrsefifsxt, double zfofurbldohhbtr, int dejcrrbju, double pgjzbrvcoj, bool gxugrratw) { double ysvsvber = 6695; if (6695 == 6695) { int ef; for (ef = 51; ef > 0; ef--) { continue; } } if (6695 == 6695) { int jhdowcp; for (jhdowcp = 73; jhdowcp > 0; jhdowcp--) { continue; } } } void zvuhwxq::vmruzbatpfgoy(double upwazhgpqqumgj, int eqxavmdvdbhm, double nxyycgwf) { } void zvuhwxq::naqrjdjhthogwrjxxejvtcw(string miwrnzjyw, double kgrtiht, double yyjjzpjf, double fxvwfelsqxqcr, bool geqsqve) { int qnvnbmbysa = 172; bool ivjfmrnv = true; double ifhruodwtr = 41649; int yejsrwok = 1599; string mvpkfzcx = "obepcdklegsqdiqbmyjckxctecrjlszejnkwndnsjniefnyvgxhzwiebgmfttuxfhae"; double bovmefzyf = 9206; int qsymfwrfozggig = 2988; int oziqvqojr = 317; int aqftffebegeklss = 4145; } string zvuhwxq::stzinjomiyrcpoxxhp(double hbofxqqe, int bufcjzguc, string ietsy, double pekozjhamitrdu, bool ashcsrdwt, int ibhacgmeezgc, double ttknien, string xlzxsdtyxdcyt, double wjmkbnr) { int ddcytiddunzc = 6085; bool dbjfeithhd = false; bool bsrpnxtke = true; if (true == true) { int ctnxkimswq; for (ctnxkimswq = 40; ctnxkimswq > 0; ctnxkimswq--) { continue; } } if (true == true) { int ktbwrwg; for (ktbwrwg = 42; ktbwrwg > 0; ktbwrwg--) { continue; } } if (true == true) { int yunwxdnj; for (yunwxdnj = 59; yunwxdnj > 0; yunwxdnj--) { continue; } } if (true != true) { int htxx; for (htxx = 75; htxx > 0; htxx--) { continue; } } return string("hchn"); } void zvuhwxq::lqmrrrbpvnunpv(string mtttbgrtvxro, string iubtkdtvmewfwow, double urkdze, double sqqrlmxpd, int jmrak, int foycbjr, double mkcnwo) { bool jlaqpqmmzvcjj = true; string nidrwpgcb = "yrrycftbqbtzbqwnvzxwjmdihifpnakjsooymvbyuadtykltroqnhaiyapckuobosvrmrmqtvjcalnr"; bool hheclyczqjx = true; int blncocbrwbp = 4302; if (string("yrrycftbqbtzbqwnvzxwjmdihifpnakjsooymvbyuadtykltroqnhaiyapckuobosvrmrmqtvjcalnr") == string("yrrycftbqbtzbqwnvzxwjmdihifpnakjsooymvbyuadtykltroqnhaiyapckuobosvrmrmqtvjcalnr")) { int esxdoeu; for (esxdoeu = 51; esxdoeu > 0; esxdoeu--) { continue; } } } zvuhwxq::zvuhwxq() { this->odolfusdmrceqkabrg(7901, true, false, 70003, string("rxlsxxklyoduvjqldhoosakxyfhttnasdbnbcjsipcpezpnxsexpzsyhxcfafjdjniprvfqibtpwpswngbhmyjyvjemszo"), string("knwl"), 51429, 2023); this->zikxvogcmh(string("xxnfsgepkwqblpixaxvphaavtuhpteqsqtnjhcdqkwbvcujbmuzgvtdpfmgfoqrzirlrnc"), false, 48577, string("djawlmablaixxepemsiezwojjunptcedthzyepfrdlmojyvjmsrhlnigtxakvqggizguexkvckixaggsjefmxfekpvyprq"), 46326, string("dwrxdzsnikhllatihwnbjkkqogoewgrs"), false, 4099); this->dkwkoyorwczx(3761, true, 5713, 6809, 54328, 2315, 16633, false); this->vmruzbatpfgoy(37501, 6517, 77312); this->naqrjdjhthogwrjxxejvtcw(string("mzdrhpumjsfozlrysgutiomltdshwflzimfyr"), 1752, 29049, 9181, true); this->stzinjomiyrcpoxxhp(30290, 3624, string("mtwtsqpxbitrtswyaywurbetkathaaizoynfugrbejvi"), 24253, true, 6469, 8677, string("sfshjwsdshogmttdxcmyztlrcvrhplqqaiskwxkrnohbqdjhkyykldrergdqiudlzgrposugwainlwnmsshmuykjfwqczuiltq"), 71792); this->lqmrrrbpvnunpv(string("kvqhvuqnnjvsucmgybinhtgoytikobh"), string("eylladsntgpmxzrfeqisfvvuslpdmrzgxfcisoqgjh"), 26690, 28162, 5196, 5938, 17467); this->andixbttsgs(); this->tmlcxbpqcirpodhihzrf(921, 16596, 36943, 5883, 32189); this->gbxtprtebtvijwjjedofjyu(30104, true, false, false, string("mruhjizgbmneajtblzdbggwye")); this->thjllfwtkjmwlobicq(987); this->fsynfxxquqcvngakstoiexqxc(string("pdgqhgsssxnlgmwmmchcdpcnhyjzdejvciwoorpsgmpjuxwcrmyxczdhrbwnzebbvjqgebesxvwftlnxjucsgpguytywhkuncy"), 51841, 5071, string("jcotnnlrdimxbsnjafectqbewjmxrsxmbrovhelcttnzicatbvgjhhtzvxxpt"), 4589, 14858, 85907, true, 6270); this->juxwudtiuqkfbriiwfxmybyz(686, string("zwgusfrhnjonbhhwhgzggtbpmpmmpywhsjhvscczktpgdrmulrjpwodkvsbzgjjladwdismgtgoqsrcehz"), true, 31544); this->mfqecfbeiuv(344, true, string("yvlnexrnzxto"), 2975, string("pepvoohjsjonrsfucbqxllkxnakuyrzymlxfjwvcknlgchgowzfnluqzcreei")); this->gpnewljyufuowwm(); this->jyjtnfiezcbhnurp();xw(string("tmieeukven")); this->nplkycnhsxrxusmtkokr(9261, 48488, true, 34035); } //===============================================================================================// É O SEGUINTE MEU ERRO É QUE QUANDO COLOCO A JUNK CODE ANTES DOS VARIOS SINAIS DE = DA O ERRO : E0296 "hash" está em ambíguo. e se eu ponho ele depois da vários erros string !!! PRECISO DO JUNK CODE !!! O CÓDIGO ACIMA ESTÁ COM A JUNK CODE !!! DEIXEI A PARTE DO CÓDIGO EM AZUL E A JUNK CODE SUBLINHADA PEÇO AJUDA O MAIS RÁPIDO POSSIVEL !!!
  17. Estou fazendo um loader pro meu amigo, e quero logar atraves do fórum(consegui fazer isso e ta pegando direito) mas quando coloco o Me.hide e depois Form2.show a form 2 abre mas fecha imediatamente, ai ta o codigo se alguem souber arrumar me fala como pls: Public Class Form1 Private Codigo_Font As String Private MySite As String = "http://loginteste.forumeiros.com/login" Public Sub Login() Using Web As New Net.WebClient Dim T As New Specialized.NameValueCollection T.Add("username", TextBox1.Text) T.Add("password", TextBox2.Text) T.Add("autologin", "off") T.Add("redirect", "") T.Add("query", "") T.Add("login", "Conectar-se") Dim Web_Bytes As Byte() = Web.UploadValues(MySite, "POST", T) Dim Web_HTML As String = (New System.Text.UTF8Encoding).GetString(Web_Bytes) Codigo_Font = Web_HTML End Using If Codigo_Font.Contains("Você especificou um nome de Usuário ou Senha inválida, incorreta ou inativa") Then MsgBox("Usuário ou Senha incorreto", MsgBoxStyle.Exclamation) Else MsgBox("Logado com sucesso", MsgBoxStyle.Information) Me.Hide() Form2.Show() End If End Sub Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load Control.CheckForIllegalCrossThreadCalls = False End Sub Private Sub Button1_Click_1(sender As Object, e As EventArgs) Handles Button1.Click If TextBox1.Text = Nothing Then Me.Text = "Informe um usuário" Exit Sub End If If TextBox2.Text = Nothing Then Me.Text = "Informe uma senha" Exit Sub End If Dim T As New Threading.Thread(AddressOf Login) T.Start() End Sub Private Sub TextBox1_TextChanged(sender As Object, e As EventArgs) Handles TextBox1.TextChanged End Sub End Class
  18. ainda tou aprendendo a fazer ;- o registro/login com fórum, mas em breve posto um aqui com Cadastro e Login com a webcheats
  19. Source sistema de Login & Registro Download: https://www.sendspace.com/file/a5e3cx Scan: https://www.virustotal.com/pt/file/c829d505dea6563aef69123fbe390b549a4972b0c0521533cdc5b12ff92501a0/analysis/1512169045/
  20. Quero mudar de nickname para "Mist" Se algum Administrador poder fazer a mudança ficarei grato!
  21. I Finally Wanna Be Alive
  22. Estou usando o seguinte codigo, olha ai se ta certo please : Public Class Form1 Private Declare Function GetKeyPress Lib "user32" Alias "GetAsyncKeyState" (ByVal key As Integer) As Integer Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick If IO.File.Exists(OpenFileDialog1.FileName) Then Dim TargetProcess As Process() = Process.GetProcessesByName(Label4.Text) If TargetProcess.Length = 0 Then Label5.Visible = True Label5.ForeColor = Color.Red Label5.Text = ("Esperando: " + Label4.Text + ".exe" + "....") Else Timer1.Stop() MsgBox("DLL injetada com sucesso!") Me.Close() Label5.ForeColor = Color.Green Label5.Text = "DLL Injetada com sucesso!" Call Inject() End If End If End Sub Private TargetProcessHandle As Integer Private pfnStartAddr As Integer Private pszLibFileRemote As String Private TargetBufferSize As Integer Public Const PROCESS_VM_READ = &H10 Public Const TH32CS_SNAPPROCESS = &H2 Public Const MEM_COMMIT = 4096 Public Const PAGE_READWRITE = 4 Public Const PROCESS_CREATE_THREAD = (&H2) Public Const PROCESS_VM_OPERATION = (&H8) Public Const PROCESS_VM_WRITE = (&H20) Dim DLLFileName As String Public Declare Function ReadProcessMemory Lib "kernel32" ( _ ByVal hProcess As Integer, _ ByVal lpBaseAddress As Integer, _ ByVal lpBuffer As String, _ ByVal nSize As Integer, _ ByRef lpNumberOfBytesWritten As Integer) As Integer Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" ( _ ByVal lpLibFileName As String) As Integer Public Declare Function VirtualAllocEx Lib "kernel32" ( _ ByVal hProcess As Integer, _ ByVal lpAddress As Integer, _ ByVal dwSize As Integer, _ ByVal flAllocationType As Integer, _ ByVal flProtect As Integer) As Integer Public Declare Function WriteProcessMemory Lib "kernel32" ( _ ByVal hProcess As Integer, _ ByVal lpBaseAddress As Integer, _ ByVal lpBuffer As String, _ ByVal nSize As Integer, _ ByRef lpNumberOfBytesWritten As Integer) As Integer Public Declare Function GetProcAddress Lib "kernel32" ( _ ByVal hModule As Integer, ByVal lpProcName As String) As Integer Private Declare Function GetModuleHandle Lib "Kernel32" Alias "GetModuleHandleA" ( _ ByVal lpModuleName As String) As Integer Public Declare Function CreateRemoteThread Lib "kernel32" ( _ ByVal hProcess As Integer, _ ByVal lpThreadAttributes As Integer, _ ByVal dwStackSize As Integer, _ ByVal lpStartAddress As Integer, _ ByVal lpParameter As Integer, _ ByVal dwCreationFlags As Integer, _ ByRef lpThreadId As Integer) As Integer Public Declare Function OpenProcess Lib "kernel32" ( _ ByVal dwDesiredAccess As Integer, _ ByVal bInheritHandle As Integer, _ ByVal dwProcessId As Integer) As Integer Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" ( _ ByVal lpClassName As String, _ ByVal lpWindowName As String) As Integer Private Declare Function CloseHandle Lib "kernel32" Alias "CloseHandleA" ( _ ByVal hObject As Integer) As Integer Dim ExeName As String = IO.Path.GetFileNameWithoutExtension(Application.ExecutablePath) Private Sub Inject() On Error GoTo 1 ' Se ocorrer um erro, o programa é fechado sem qualquer mensagem de erro Timer1.Stop() Dim TargetProcess As Process() = Process.GetProcessesByName(Label4.Text) TargetProcessHandle = OpenProcess(PROCESS_CREATE_THREAD Or PROCESS_VM_OPERATION Or PROCESS_VM_WRITE, False, TargetProcess(0).Id) pszLibFileRemote = OpenFileDialog1.FileName pfnStartAddr = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA") TargetBufferSize = 1 + Len(pszLibFileRemote) Dim Rtn As Integer Dim LoadLibParamAdr As Integer LoadLibParamAdr = VirtualAllocEx(TargetProcessHandle, 0, TargetBufferSize, MEM_COMMIT, PAGE_READWRITE) Rtn = WriteProcessMemory(TargetProcessHandle, LoadLibParamAdr, pszLibFileRemote, TargetBufferSize, 0) CreateRemoteThread(TargetProcessHandle, 0, 0, pfnStartAddr, LoadLibParamAdr, 0, 0) CloseHandle(TargetProcessHandle) 1: Me.Show() End Sub Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load Timer1.Interval = 2 Timer1.Start() End Sub Private Sub Timer2_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer2.Tick My.Computer.Keyboard.SendKeys("{ENTER}") End Sub Private Sub Timer3_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer3.Tick If ComboBox1.Text = "PointBlank" Then 'NOME DO JOGO Label4.Text = "PointBlank.exe" 'PROCESSO DO JOGO End If End Sub Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click Dim wc As New System.Net.WebClient() wc.DownloadFile("https://drive.google.com/uc?authuser=0&id=1FyMbgNUoQ5zPjuG5wsaZZhXK2WeOqG6I&export=download", "C:\Program Files\ForceCheats.dll") 'QUI CAMBIA IL LINK E POSIZIONE DOVE SALVA LA DLL IN QUESTO CASO IN C:\\ Timer2.Start() OpenFileDialog1.Filter = "DLL|*.dll" OpenFileDialog1.ShowDialog() Dim FileName As String FileName = OpenFileDialog1.FileName.Substring(OpenFileDialog1.FileName.LastIndexOf("\")) Dim DllFileName As String = FileName.Replace("\", "") Me.Dlls.Items.Add(DllFileName) Timer2.Stop() Timer2.Enabled = False ComboBox1.Enabled = True End Sub End Class
×
×
  • Create New...