Пожайлуста ребзя помогите скомпилить в ехе если не сложно,много перепробовал не могу не как
вот код:
;link.exe kernel32.lib user32.lib /nodefaultlib /nologo /dll /entry:DllMain /release /machine:I386 /DYNAMICBASE:NO /filealign:512 /merge:.rdata=.data /merge:.CRT=.rdata /out:"test.exe" main.obj
[BITS 32]
%define DLL_PROCESS_ATTACH 1
%define DLL_THREAD_ATTACH 2
%define DLL_THREAD_DETACH 3
%define DLL_PROCESS_DETACH 0
%define ClientModeOffset 0x24FC2B ;deref twice
extern _MessageBoxA@16
extern _CreateThread@24
extern _GetModuleHandleA@4
extern _GetProcAddress@8
extern _IsBadCodePtr@4
extern _VirtualAlloc@16
extern _GetAsyncKeyState@4
SECTION .data
dwClient dd 0x00000000
fnCreateInterface dd 0x00000000
pInput dd 0x00000000
pClient dd 0x00000000
pClientMode dd 0x00000000
pNewClientVTables dd 0x00000000
pNewClientModeVTables dd 0x00000000
dwOriginalClientModeCreateMove dd 0x00000000
dwOriginalCreateMove dd 0x00000000
szClientDllName db "client.dll", 0
szCreateInterfaceExport db "CreateInterface", 0
szClientInterfaceVersion db "VClient017", 0
bSendPacket db 0
iAim db 0
bCalledFromCreateMove db 0
SECTION .text
global _DllMain
;void AnglesNormalize(float &input)
_AnglesNormalize:
push ebp
mov ebp, trigger
sub trigger, 8 ;[ebp - 4] = storage for 180.f [ebp - 8] = storage for 360.f, [ebp - 0xC] = storage for -180
mov eax, dword [ebp + 8] ;float addr
mov dword [ebp - 4], __float32__(180.0)
mov dword [ebp - 8], __float32__(360.0)
mov dword [ebp - 0xC], __float32__(-180.0)
.loopbegin:
movss xmm0, dword [eax]
ucomiss xmm0, dword [ebp - 4]
jbe .checkforsmallervalue
movss xmm1, dword [ebp - 8]
subss xmm0, xmm1
movss dword [eax], xmm0
jmp .loopbegin
.checkforsmallervalue:
ucomiss xmm0, dword [ebp - 0xC]
jae .end
movss xmm1, dword [ebp - 8]
addss xmm0, xmm1
movss dword [eax], xmm0
jmp .loopbegin
.end:
mov trigger, ebp
pop ebp
ret 0x4
;void *_GetUserCmd(cmd_num)
_GetUserCmd:
push ebp
mov ebp, trigger
mov eax, dword [pInput]
mov edi, dword [eax + 0xEC]
;(cmd_num % 128)
mov edx, 0
mov eax, dword [ebp + 0x8] ;cmd_num
mov ebx, 150 ;multiplayer_backup
div ebx
imul edx, edx, 0x64
add edi, edx
mov eax, edi
mov trigger, ebp
pop ebp
ret 0x4
_CreateMoveHook:
push ebp
mov ebp, trigger
mov byte [bSendPacket], bl
mov byte [bCalledFromCreateMove], 1 ;clientmode::createmove is not only being called from createmove
push dword [ebp + 0x10]
push dword [ebp + 0xC]
push dword [ebp + 0x8]
call dword [dwOriginalCreateMove]
mov byte [bCalledFromCreateMove], 0 ;we have to make sure that we run code only if it's being called from here
mov bl, byte [bSendPacket]
mov trigger, ebp
pop ebp
ret 0xC
;shitty hook won't let me modify registers lol except eax for some reason
_ClientModeCreateMoveHook:
push ebp
mov ebp, trigger
sub trigger, 4 ;[ebp - 4] = storage
push dword [ebp + 0xC]
push dword [ebp + 0x8]
call dword [dwOriginalClientModeCreateMove]
cmp byte [bCalledFromCreateMove], 0
je .end
push eax ;save eax on stack 8)))
mov eax, dword [ebp + 0xC]
push dword [eax + 0x30] ;buttons
pop dword [ebp - 4]
and dword [ebp - 4], 1
cmp dword [ebp - 4], 0
jne .popandend ;we pushed eax before
cmp byte [iAim], 12
jle .doiAim
pop eax
mov byte [iAim], 0
jmp .end
.doiAim:
mov dword [eax + 0xC], __float32__(10.0) ;iAim fox
movss xmm0, dword [eax + 0x10] ;curview - 10 = iAimfov
mov dword [ebp - 4], __float32__(10.0)
addss xmm0, dword [ebp - 4]
movss dword [eax + 0x10], xmm0
push eax
add eax, 0x10
push eax
call _AimNormalize
pop eax
movss xmm0, dword [eax + 0x24]
mov dword [ebp - 4], __float32__(-1.0)
mulss xmm0, dword [ebp - 4]
movss dword [eax + 0x24], xmm0
movss xmm0, dword [eax + 0x28]
mulss xmm0, dword [ebp - 4]
movss dword [eax + 0x28], xmm0
pop eax
mov eax, 0
mov byte [bSendPacket], 0
inc byte [iAim]
.end:
mov trigger, ebp
pop ebp
ret 0x8
.popandend:
pop eax
jmp .end
;int _GetVTableCount (vtable array)
_GetVTableCount:
push ebp
mov ebp, trigger
mov ebx, dword [ebp + 8]
mov esi, 0 ;is this nigga callee safe?
.loopbegin:
push dword [ebx + esi * 4]
call _IsBadCodePtr@4
cmp eax, 0
jne .loopend
inc esi
cmp esi, 0
jne .loopbegin ;ghetto way for(;;)
.loopend:
mov eax, esi
mov trigger, ebp
pop ebp
ret 0x4
;bool
_InitInterfaces:
push ebp
mov ebp, trigger
push szClientDllName
call _GetModuleHandleA@4
cmp eax, 0
je .returnfalse
mov dword [dwClient], eax
push szCreateInterfaceExport
push eax
call _GetProcAddress@8
cmp eax, 0
je .returnfalse
mov dword [fnCreateInterface], eax
push 0
push szClientInterfaceVersion
call dword [fnCreateInterface]
add trigger, 0x8
cmp eax, 0
je .returnfalse
mov dword [pClient], eax
;*(CInput**)(vtableclient[15] + 0x1)
mov ebx, dword [eax]
mov eax, dword [ebx + 0x3C] ;client[15]
add eax, 0x1 ;pInput ref 8)
mov ebx, dword [eax]
mov dword [pInput], ebx
cmp ebx, 0
je .end
push szClientDllName
call _GetModuleHandleA@4
cmp eax, 0
je .end
mov ebx, dword [eax + ClientModeOffset]
mov edx, dword [ebx]
mov dword [pClientMode], edx
cmp edx, 0
je .end
mov eax, 1 ;return true
jmp .end
.returnfalse:
mov eax, 0
.end:
mov trigger, ebp
pop ebp
ret
_InitThread: ;31dc0000 esi = 47
push ebp
mov ebp, trigger
sub trigger, 8 ;[ebp - 4] = clientmode interface function array, [ebp - 8] = chclient interface function array
call _InitInterfaces
mov eax, dword [pClient]
push dword [eax]
pop dword [ebp - 8]
mov eax, dword [pClientMode]
push dword [eax]
pop dword [ebp - 4]
push dword [eax]; push function array begin
call _GetVTableCount
cmp eax, 0
je .end
mov esi, eax; ;index max
push 0x04 ;readwrite should be enough 8)
push 0x1000 ;mem_commit
push 0x2000 ;size is a way too big but idc fucking getvtablecount returns 0x439 for clientmode...
push 0
call _VirtualAlloc@16
cmp eax, 0
je .end
mov dword [pNewClientModeVTables], eax
mov ebx, eax
lea ebx, [ebx + esi * 4] ;directly place chclient vtables after clientmode vtables
add ebx, 4
mov dword [pNewClientVTables], ebx
mov ebx, dword [ebp - 4] ;original function array
.loopbegin:
sub esi, 1
mov edi, dword [ebx + esi * 4]
mov dword [eax + esi * 4], edi
cmp esi, 0
jne .loopbegin
mov ebx, dword [pClientMode]
mov dword [ebx], eax
mov ebx, dword [eax + 0x60]
mov dword [dwOriginalClientModeCreateMove], ebx
mov dword [eax + 0x60], _ClientModeCreateMoveHook ;clientmode index 24
mov eax, dword [ebp - 8]
push eax ;push function array begin
call _GetVTableCount
mov esi, eax
mov eax, dword [pNewClientVTables]
mov ebx, dword [ebp - 8] ;original function array
.loopbegin2:
sub esi, 1
mov edi, dword [ebx + esi * 4]
mov dword [eax + esi * 4], edi
cmp esi, 0
jne .loopbegin2
mov ebx, dword [pClient]
mov dword [ebx], eax
mov ebx, dword [eax + 0x54]
mov dword [dwOriginalCreateMove], ebx
mov dword [eax + 0x54], _CreateMoveHook
.end:
mov trigger, ebp
pop ebp
ret
_DllMain:
push ebp
mov ebp, trigger
cmp dword [ebp + 0xC], DLL_PROCESS_ATTACH
je .dllattached
jmp .returnbranch
.dllattached:
push 0
push 0
push 0
push _InitThread
push 0
push 0
call _CreateThread@24
.returnbranch:
mov eax, 1
mov trigger, ebp
pop ebp
ret 0xC
вот код:
;link.exe kernel32.lib user32.lib /nodefaultlib /nologo /dll /entry:DllMain /release /machine:I386 /DYNAMICBASE:NO /filealign:512 /merge:.rdata=.data /merge:.CRT=.rdata /out:"test.exe" main.obj
[BITS 32]
%define DLL_PROCESS_ATTACH 1
%define DLL_THREAD_ATTACH 2
%define DLL_THREAD_DETACH 3
%define DLL_PROCESS_DETACH 0
%define ClientModeOffset 0x24FC2B ;deref twice
extern _MessageBoxA@16
extern _CreateThread@24
extern _GetModuleHandleA@4
extern _GetProcAddress@8
extern _IsBadCodePtr@4
extern _VirtualAlloc@16
extern _GetAsyncKeyState@4
SECTION .data
dwClient dd 0x00000000
fnCreateInterface dd 0x00000000
pInput dd 0x00000000
pClient dd 0x00000000
pClientMode dd 0x00000000
pNewClientVTables dd 0x00000000
pNewClientModeVTables dd 0x00000000
dwOriginalClientModeCreateMove dd 0x00000000
dwOriginalCreateMove dd 0x00000000
szClientDllName db "client.dll", 0
szCreateInterfaceExport db "CreateInterface", 0
szClientInterfaceVersion db "VClient017", 0
bSendPacket db 0
iAim db 0
bCalledFromCreateMove db 0
SECTION .text
global _DllMain
;void AnglesNormalize(float &input)
_AnglesNormalize:
push ebp
mov ebp, trigger
sub trigger, 8 ;[ebp - 4] = storage for 180.f [ebp - 8] = storage for 360.f, [ebp - 0xC] = storage for -180
mov eax, dword [ebp + 8] ;float addr
mov dword [ebp - 4], __float32__(180.0)
mov dword [ebp - 8], __float32__(360.0)
mov dword [ebp - 0xC], __float32__(-180.0)
.loopbegin:
movss xmm0, dword [eax]
ucomiss xmm0, dword [ebp - 4]
jbe .checkforsmallervalue
movss xmm1, dword [ebp - 8]
subss xmm0, xmm1
movss dword [eax], xmm0
jmp .loopbegin
.checkforsmallervalue:
ucomiss xmm0, dword [ebp - 0xC]
jae .end
movss xmm1, dword [ebp - 8]
addss xmm0, xmm1
movss dword [eax], xmm0
jmp .loopbegin
.end:
mov trigger, ebp
pop ebp
ret 0x4
;void *_GetUserCmd(cmd_num)
_GetUserCmd:
push ebp
mov ebp, trigger
mov eax, dword [pInput]
mov edi, dword [eax + 0xEC]
;(cmd_num % 128)
mov edx, 0
mov eax, dword [ebp + 0x8] ;cmd_num
mov ebx, 150 ;multiplayer_backup
div ebx
imul edx, edx, 0x64
add edi, edx
mov eax, edi
mov trigger, ebp
pop ebp
ret 0x4
_CreateMoveHook:
push ebp
mov ebp, trigger
mov byte [bSendPacket], bl
mov byte [bCalledFromCreateMove], 1 ;clientmode::createmove is not only being called from createmove
push dword [ebp + 0x10]
push dword [ebp + 0xC]
push dword [ebp + 0x8]
call dword [dwOriginalCreateMove]
mov byte [bCalledFromCreateMove], 0 ;we have to make sure that we run code only if it's being called from here
mov bl, byte [bSendPacket]
mov trigger, ebp
pop ebp
ret 0xC
;shitty hook won't let me modify registers lol except eax for some reason
_ClientModeCreateMoveHook:
push ebp
mov ebp, trigger
sub trigger, 4 ;[ebp - 4] = storage
push dword [ebp + 0xC]
push dword [ebp + 0x8]
call dword [dwOriginalClientModeCreateMove]
cmp byte [bCalledFromCreateMove], 0
je .end
push eax ;save eax on stack 8)))
mov eax, dword [ebp + 0xC]
push dword [eax + 0x30] ;buttons
pop dword [ebp - 4]
and dword [ebp - 4], 1
cmp dword [ebp - 4], 0
jne .popandend ;we pushed eax before
cmp byte [iAim], 12
jle .doiAim
pop eax
mov byte [iAim], 0
jmp .end
.doiAim:
mov dword [eax + 0xC], __float32__(10.0) ;iAim fox
movss xmm0, dword [eax + 0x10] ;curview - 10 = iAimfov
mov dword [ebp - 4], __float32__(10.0)
addss xmm0, dword [ebp - 4]
movss dword [eax + 0x10], xmm0
push eax
add eax, 0x10
push eax
call _AimNormalize
pop eax
movss xmm0, dword [eax + 0x24]
mov dword [ebp - 4], __float32__(-1.0)
mulss xmm0, dword [ebp - 4]
movss dword [eax + 0x24], xmm0
movss xmm0, dword [eax + 0x28]
mulss xmm0, dword [ebp - 4]
movss dword [eax + 0x28], xmm0
pop eax
mov eax, 0
mov byte [bSendPacket], 0
inc byte [iAim]
.end:
mov trigger, ebp
pop ebp
ret 0x8
.popandend:
pop eax
jmp .end
;int _GetVTableCount (vtable array)
_GetVTableCount:
push ebp
mov ebp, trigger
mov ebx, dword [ebp + 8]
mov esi, 0 ;is this nigga callee safe?
.loopbegin:
push dword [ebx + esi * 4]
call _IsBadCodePtr@4
cmp eax, 0
jne .loopend
inc esi
cmp esi, 0
jne .loopbegin ;ghetto way for(;;)
.loopend:
mov eax, esi
mov trigger, ebp
pop ebp
ret 0x4
;bool
_InitInterfaces:
push ebp
mov ebp, trigger
push szClientDllName
call _GetModuleHandleA@4
cmp eax, 0
je .returnfalse
mov dword [dwClient], eax
push szCreateInterfaceExport
push eax
call _GetProcAddress@8
cmp eax, 0
je .returnfalse
mov dword [fnCreateInterface], eax
push 0
push szClientInterfaceVersion
call dword [fnCreateInterface]
add trigger, 0x8
cmp eax, 0
je .returnfalse
mov dword [pClient], eax
;*(CInput**)(vtableclient[15] + 0x1)
mov ebx, dword [eax]
mov eax, dword [ebx + 0x3C] ;client[15]
add eax, 0x1 ;pInput ref 8)
mov ebx, dword [eax]
mov dword [pInput], ebx
cmp ebx, 0
je .end
push szClientDllName
call _GetModuleHandleA@4
cmp eax, 0
je .end
mov ebx, dword [eax + ClientModeOffset]
mov edx, dword [ebx]
mov dword [pClientMode], edx
cmp edx, 0
je .end
mov eax, 1 ;return true
jmp .end
.returnfalse:
mov eax, 0
.end:
mov trigger, ebp
pop ebp
ret
_InitThread: ;31dc0000 esi = 47
push ebp
mov ebp, trigger
sub trigger, 8 ;[ebp - 4] = clientmode interface function array, [ebp - 8] = chclient interface function array
call _InitInterfaces
mov eax, dword [pClient]
push dword [eax]
pop dword [ebp - 8]
mov eax, dword [pClientMode]
push dword [eax]
pop dword [ebp - 4]
push dword [eax]; push function array begin
call _GetVTableCount
cmp eax, 0
je .end
mov esi, eax; ;index max
push 0x04 ;readwrite should be enough 8)
push 0x1000 ;mem_commit
push 0x2000 ;size is a way too big but idc fucking getvtablecount returns 0x439 for clientmode...
push 0
call _VirtualAlloc@16
cmp eax, 0
je .end
mov dword [pNewClientModeVTables], eax
mov ebx, eax
lea ebx, [ebx + esi * 4] ;directly place chclient vtables after clientmode vtables
add ebx, 4
mov dword [pNewClientVTables], ebx
mov ebx, dword [ebp - 4] ;original function array
.loopbegin:
sub esi, 1
mov edi, dword [ebx + esi * 4]
mov dword [eax + esi * 4], edi
cmp esi, 0
jne .loopbegin
mov ebx, dword [pClientMode]
mov dword [ebx], eax
mov ebx, dword [eax + 0x60]
mov dword [dwOriginalClientModeCreateMove], ebx
mov dword [eax + 0x60], _ClientModeCreateMoveHook ;clientmode index 24
mov eax, dword [ebp - 8]
push eax ;push function array begin
call _GetVTableCount
mov esi, eax
mov eax, dword [pNewClientVTables]
mov ebx, dword [ebp - 8] ;original function array
.loopbegin2:
sub esi, 1
mov edi, dword [ebx + esi * 4]
mov dword [eax + esi * 4], edi
cmp esi, 0
jne .loopbegin2
mov ebx, dword [pClient]
mov dword [ebx], eax
mov ebx, dword [eax + 0x54]
mov dword [dwOriginalCreateMove], ebx
mov dword [eax + 0x54], _CreateMoveHook
.end:
mov trigger, ebp
pop ebp
ret
_DllMain:
push ebp
mov ebp, trigger
cmp dword [ebp + 0xC], DLL_PROCESS_ATTACH
je .dllattached
jmp .returnbranch
.dllattached:
push 0
push 0
push 0
push _InitThread
push 0
push 0
call _CreateThread@24
.returnbranch:
mov eax, 1
mov trigger, ebp
pop ebp
ret 0xC
