Direct Injection Codes - Delphi/ C++/ AutoIt ( Fazendo Cheats PW)

procedure InjectFunc(ProcessID: Cardinal; Func: Pointer; aParams: Pointer; aParamsSize: DWORD);var hThread: THandle; lpNumberOfBytes: DWORD; ThreadAddr, ParamAddr: Pointer;begin if ProcessID<>0 then begin // ---- Write function address ThreadAddr := VirtualAllocEx(ProcessID, 0, 256, MEM_COMMIT, PAGE_READWRITE); WriteProcessMemory(ProcessID, ThreadAddr, Func, 256, lpNumberOfBytes); // ---- Address to write parameters ParamAddr := VirtualAllocEx(ProcessID, 0, aParamsSize, MEM_COMMIT, PAGE_READWRITE); WriteProcessMemory(ProcessID, ParamAddr, aParams, aParamsSize, lpNumberOfBytes); // ---- Create a remote thread hThread := CreateRemoteThread(ProcessID, 0, 0, ThreadAddr, ParamAddr, 0, lpNumberOfBytes); // ---- Thread to wait for the end of WaitForSingleObject(hThread, INFINITE); CloseHandle(hThread); endend;

#include <tlhelp32.h>...typedef tagPROCESSENTRY32W pGameProcess;...bool CallRemoteFunction(pGameProcess pProcess)** //Remote Thread Handle HANDLE hProcess=NULL; //Inject Thread handle HANDLE hThread=NULL; //Inject Fuction Address after allocate LPVOID ThreadCodeAddr=NULL; //Inject Function LPVOID Func=SelectMonster; //Inject Fuction Stack Address after allocate LPVOID ThreadDataAddr=NULL; //Inject Fuction Stack Data LPCVOID lpParam = NULL; DWORD Value = 0; lpParam = &Value; hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pProcess.th32ProcessID); if (!hProcess) ** //Do your Error message (OpenProcess); return false; ** ThreadCodeAddr=VirtualAllocEx(hProcess, NULL, 4096, MEM_COMMIT, PAGE_READWRITE); ThreadDataAddr=VirtualAllocEx(hProcess, NULL, 256, MEM_COMMIT, PAGE_READWRITE); WriteProcessMemory (hProcess, ThreadCodeAddr, Func, 4096, NULL); WriteProcessMemory (hProcess, ThreadDataAddr, lpParam, 256, NULL); hThread = CreateRemoteThread(hProcess, NULL, NULL,(LPTHREAD_START_ROUTINE)ThreadCodeAddr, ThreadDataAddr, NULL, NULL); if (!hThread) ** //Do your Error message (CreateRemoteThread); ** else WaitForSingleObject(hThread, INFINITE); CloseHandle(hThread); VirtualFreeEx(hProcess, ThreadCodeAddr, 4096, MEM_RELEASE); VirtualFreeEx(hProcess, ThreadDataAddr, 256, MEM_RELEASE); CloseHandle(hProcess); return false;**

Func INJECTCODE($PID)If $PID <> 0 And $OPCODE <> "" ThenLocal $DATA = DllStructCreate("byte[" & StringLen($OPCODE) / 2 & "]")For $I = 1 To DllStructGetSize($DATA)DllStructSetData($DATA, 1, Dec(StringMid($OPCODE, ($I - 1) * 2 + 1, 2)), $I)NextLocal $RESULT, $PROCESS, $ADD, $THREAD$RESULT = DllCall("Kernel32.Dll", "int", "OpenProcess", "int", 2035711, "int", 0, "int", $PID)$PROCESS = $RESULT[0]$RESULT = DllCall("Kernel32.dll", "ptr", "VirtualAllocEx", "int", $PROCESS, "ptr", 0, "int", DllStructGetSize($DATA), "int", 4096, "int", 64)$ADD = $RESULT[0]$RESULT = DllCall("kernel32.dll", "int", "WriteProcessMemory", "int", $PROCESS, "ptr", $ADD, "ptr", DllStructGetPtr($DATA), "int", DllStructGetSize($DATA), "int", 0)$RESULT = DllCall("kernel32.dll", "int", "CreateRemoteThread", "int", $PROCESS, "ptr", 0, "int", 0, "int", $ADD, "ptr", 0, "int", 0, "int", 0)$THREAD = $RESULT[0]Do$RESULT = DllCall("kernel32.dll", "int", "WaitForSingleObject", "int", $THREAD, "int", 50)Until $RESULT[0] <> 258DllCall("Kernel32.dll", "int", "CloseHandle", "int", $THREAD)$RESULT = DllCall("Kernel32.dll", "ptr", "VirtualFreeEx", "hwnd", $PROCESS, "ptr", DllStructGetPtr($DATA), "int", DllStructGetSize($DATA), "int", 32768)DllCall("Kernel32.dll", "int", "CloseHandle", "int", $PROCESS)$OPCODE = ""$DATA = 0EndIfEndFunc

//*************************************************************//// Select the Moster (Full Target HP)// OBS: Working well//*************************************************************//procedure SelectMonster(MonID: PParams); stdcall;(*004596AD - a1 dc d1 96 00 - mov eax,[0096d1dc] : 0096D860004596B2 - 57 - push edi004596B3 - 8b 48 20 - mov ecx,[eax+20]004596B6 - 81 c1 ec 00 00 00 - add ecx,000000ec004596BC - e8 8f c7 14 00 - call 005a5e50*)var P1: DWORD;begin P1:=MonID^.Param1; asm mov edx, DWORD PTR [$0096d1dc] push P1 mov ecx, DWORD PTR [edx+$20] add ecx, $EC mov edx, $005a5e50 call edx end;end;//*************************************************************//// Fly command// OBS: Working well//*************************************************************procedure Fly(aPParams: PParams); stdcall;(*0044A926 - 8b 15 dc d1 96 00 - mov edx,[0096d1dc] : 0096D8600044A92C - 6a 01 - push 010044A92E - 51 - push ecx0044A92F - 8b 4a 20 - mov ecx,[edx+20]0044A932 - 6a 0c - push 0c0044A934 - 6a 01 - push 010044A936 - 81 c1 ec 00 00 00 - add ecx,000000ec0044A93C - e8 bf b2 15 00 - call 005a5c00*)begin asm mov edx, DWORD PTR [$0096d1dc] push $01 push $31f7 mov ecx, DWORD PTR [edx+$20] push $0C push $01 add ecx, $EC mov edx, $005a5c00 call edx end;end;//*************************************************************//// Pick Items on ground// OBS: Working... need to stay close of the Item//*************************************************************//procedure PickItem(aPParams: PParams); stdcall;(*00467693 - 8b 15 dc d1 96 00 - mov edx,[0096d1dc] : 0096D86000467699 - 50 - push eax0046769A - 51 - push ecx0046769B - 8b 4a 20 - mov ecx,[edx+20]0046769E - 81 c1 ec 00 00 00 - add ecx,000000ec004676A4 - e8 37 e7 13 00 - call 005a5de0*)var Address: pointer; Pa1,pa2: cardinal;begin Pa1:=aPParams^.Param1; pa2:=aPParams^.Param2; asm mov edx, DWORD PTR [$0096d1dc] push Pa1 // Item SN push Pa2 // Item ID mov ecx, DWORD PTR [edx+$20] add ecx, $EC mov edx, $005a5de0 call edx end;end;

static DWORD WINAPI SelectMonster(LPCVOID lpParam)** //004596AD - a1 dc d1 96 00 - mov eax,[0096d1dc] : 0096D860 //004596B2 - 57 - push edi //004596B3 - 8b 48 20 - mov ecx,[eax+20] //004596B6 - 81 c1 ec 00 00 00 - add ecx,000000ec //004596BC - e8 8f c7 14 00 - call 005a5e50 DWORD BaseAddress= 0x0096d1dc; DWORD CallAddress= 0x005a5e50; DWORD MonsterID = (DWORD)lpParam; __try ** _asm ** mov edx, DWORD PTR [BaseAddress] push MonsterID mov ecx, DWORD PTR [edx+0x20] add ecx, 0xEC mov edx, CallAddress call edx ** ** __except(1) ** ** return 0;**

Type PParams = ^TParams; TParams = packed record Param1: DWORD; Param2: DWORD; Param3: single; Param4: single; Param5: single; Param6: byte; end;...Procedure TForm1.SelectMonsterByID(ID: Cardinal);var hProcess : THandle; aParams : TParams; aParamsSize: DWORD;begin ChangePrivilege('SeDebugPrivilege', True); hProcess := OpenProcess( PROCESS_ALL_ACCESS, FALSE, Process.th32ProcessID); aParams.Param1 := ID; aParamsSize := SizeOf(aParams); InjectFunc(hProcess,@SelectMonster, @aParams,aParamsSize); CloseHandle(hProcess);end;