Salut, je vous release mon ban bypass Advanced Warfare avec la source.
Plugin :
VirusScan :
Code:
//--------------------------------------------------------------------------------//
// This is OnlyFrag95's C++ Challenge Spoofer Public Source For CoD : AW TU5 //
//--------------------------------------------------------------------------------//
#include "stdafx.h"
#include "kernel.h"
#include <stdio.h>
#define XNOTIFY
#define XNOTIFY_TYPE 0xE
HANDLE thread;
DWORD threadID;
bool bInitialized = false;
BYTE Flag[] = { 0x03 };
typedef unsigned __int64 QWORD;
UINT32 resolveFunct(char* modname, UINT32 ord)
{
UINT32 ptr32 = 0, ret = 0, ptr2 = 0;
ret = XexGetModuleHandle(modname, (PHANDLE)&ptr32);
if(ret == 0){
ret = XexGetProcedureAddress((HANDLE)ptr32, ord, &ptr2);
if(ptr2 != 0)
return(ptr2);
}
return(0);
}
#pragma region XNotify
// Define Some XNotify Stuff.
VOID (__cdecl * XNotifyQueueUI)(DWORD dwType, DWORD dwUserIndex, DWORD dwPriority, LPCWSTR pwszStringParam, ULONGLONG qwParam) = (VOID (__cdecl * )(DWORD, DWORD, DWORD, LPCWSTR, ULONGLONG))resolveFunct("xam.xex", 0x290);
// XNotify For telling user Success.
VOID XNQUI(LPCWSTR pwszStringParam) { XNotifyQueueUI(XNOTIFY_TYPE, 0, 2, pwszStringParam, NULL); }
VOID XNotify(LPCWSTR pwszStringParam)
{
// Check if KeGetCurrentProcessType() != 1 and if so then we make the XNotify in a new thread, else we just call it normally.
if(KeGetCurrentProcessType() != 1) { CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)XNQUI, (LPVOID)pwszStringParam, NULL, NULL); }
else { XNQUI(pwszStringParam); }
}
#pragma endregion
VOID __declspec(****d) GLPR(VOID)
{
__asm
{
std r14, -0x98(sp)
std r15, -0x90(sp)
std r16, -0x88(sp)
std r17, -0x80(sp)
std r18, -0x78(sp)
std r19, -0x70(sp)
std r20, -0x68(sp)
std r21, -0x60(sp)
std r22, -0x58(sp)
std r23, -0x50(sp)
std r24, -0x48(sp)
std r25, -0x40(sp)
std r26, -0x38(sp)
std r27, -0x30(sp)
std r28, -0x28(sp)
std r29, -0x20(sp)
std r30, -0x18(sp)
std r31, -0x10(sp)
stw r12, -0x8(sp)
blr
}
}
DWORD RelinkGPLR(DWORD SFSOffset, PDWORD SaveStubAddress, PDWORD OriginalAddress)
{
DWORD Instruction = 0, Replacing;
PDWORD Saver = (PDWORD)GLPR;
if(SFSOffset & 0x2000000)
{
SFSOffset = SFSOffset | 0xFC000000;
}
Replacing = OriginalAddress[SFSOffset / 4];
for(int i = 0; i < 20; i++)
{
if(Replacing == Saver[i])
{
DWORD NewOffset = (DWORD)&Saver[i]-(DWORD)SaveStubAddress;
Instruction = 0x48000001 | (NewOffset & 0x3FFFFFC);
}
}
return Instruction;
}
__declspec(****d) INT answerChallenges(DWORD ChallengeResponse, __int64 r4)
{
__asm
{
nop
nop
nop
nop
nop
nop
nop
blr
}
}
VOID PatchInJump(DWORD* Address, DWORD Destination, BOOL Linked) {
if(Destination & 0x8000)
{
Address[0] = 0x3D600000 + (((Destination >> 16) & 0xFFFF) + 1);
}
else
{
Address[0] = 0x3D600000 + ((Destination >> 16) & 0xFFFF);
}
Address[1] = 0x396B0000 + (Destination & 0xFFFF);
Address[2] = 0x7D6903A6;
if(Linked)
{
Address[3] = 0x4E800421;
}
else
{
Address[3] = 0x4E800420;
}
}
VOID HookFunctionStart(PDWORD Address, PDWORD SaveStub, DWORD Destination)
{
if((SaveStub != NULL) && (Address != NULL)) // Make sure they are not nothing.
{
DWORD AddressRelocation = (DWORD)(&Address[4]); // Replacing 4 instructions with a jump, this is the stub return address
if(AddressRelocation & 0x8000)
{
SaveStub[0] = 0x3D600000 + (((AddressRelocation >> 16) & 0xFFFF) + 1); // lis r11, 0 | Load Immediate Shifted
}
else
{
SaveStub[0] = 0x3D600000 + ((AddressRelocation >> 16) & 0xFFFF); // lis r11, 0 | Load Immediate Shifted
}
SaveStub[1] = 0x396B0000 + (AddressRelocation & 0xFFFF); // addi r11, r11, (value of AddressRelocation & 0xFFFF) | Add Immediate
SaveStub[2] = 0x7D6903A6; // mtspr CTR, r11 | Move to Special-Purpose Register CTR
// Instructions [3] through [6] are replaced with the original instructions from the function hook
// Copy original instructions over, relink stack frame saves to local ones
for(int i = 0; i < 4; i++)
{
if((Address[i] & 0x48000003) == 0x48000001)
{
SaveStub[i + 3] = RelinkGPLR((Address[i] & ~0x48000003), &SaveStub[i + 3], &Address[i]);
}
else
{
SaveStub[i + 3] = Address[i];
}
}
SaveStub[7] = 0x4E800420; // Branch unconditionally
__dcbst(0, SaveStub); // Data Cache Block Store | Allows a program to copy the contents of a modified block to main memory.
__sync(); // Synchronize | Ensure the dcbst instruction has completed.
__isync(); // Instruction Synchronize | Refetches any instructions that might have been fetched prior to this instruction.
PatchInJump(Address, Destination, FALSE); // Redirect Function to ours
}
}
void answerChallengesHook(DWORD ChallengeResponse, __int64 r4)
{
// Set our Data
memcpy((PVOID)(ChallengeResponse + 0x22 + 0x1E), &Flag, sizeof(Flag));
// return r3, r4 to SaveStub
answerChallenges(ChallengeResponse, r4);
}
DWORD Launch()
{
UINT32 (*XamGetCurrentTitleId)(void) = XamGetCurrentTitleId = (UINT32 (__cdecl *)(void))(resolveFunct("xam.xex", 0x1CF));
for(;;)
{
if(XamGetCurrentTitleId() == 0x41560914 )
{
if ( bInitialized == false) // Init once Hook, it avoids freeze
{
HookFunctionStart((PDWORD)0x821E3B38 , (PDWORD)answerChallenges, (DWORD)answerChallengesHook);
// XNotify
Sleep(5000);
#ifdef XNOTIFY
XNotify(L"Advanced Warfare - XeCheats Success !");
#endif
bInitialized = true;
}
}
}
}
BOOL APIENTRY DllMain( HANDLE hModule, DWORD dwReason, LPVOID lpReserved )
{
if ( dwReason == DLL_PROCESS_ATTACH )
{
HANDLE hThread;
DWORD dwThreadId;
ExCreateThread( &hThread, 0, &dwThreadId, ( PVOID )XapiThreadStartup , ( LPTHREAD_START_ROUTINE )Launch, 0, 0x2 );
ResumeThread( hThread );
CloseHandle( hThread );
}
return TRUE;
}Plugin :
Vous devez être inscrit pour voir les liens ! Inscrivez-vous ou connectez-vous ici.
VirusScan :
Vous devez être inscrit pour voir les liens ! Inscrivez-vous ou connectez-vous ici.
Dernière édition:
C'est du C++ ou je me trompe ?
