Участник
- Статус
- Оффлайн
- Регистрация
- 22 Сен 2020
- Сообщения
- 471
- Реакции
- 219
hello yougame, today we're farming reactions
i will teach you how to add fullscreen to any external cheat using CreateWindowInBand with UI access token for those who want to cheat on 4:3
the overlay created this way is very smooth with 0 lag
for that we need two files
next step is calling the function of PrepareUIAccess() inside our main function before the cheat loads
i'll be using
next we go to where we creat our window, in our case its in OS-ImGui_External.cpp
find the CreateMyWindow function and replace it with this
now you're all set
in order for this to work flawlessly you need 2 things
1- Don't disable Fullscreen optimization
2- make sure that accelerated hardware rendering is off in windows settings
now you don't need to use Malware cheats like Zappy's Orbit and you can use an open source cheat like DragonBurn with much better overlay with 0 lags
next i'll be adding VPK parsing for vischeck
i will teach you how to add fullscreen to any external cheat using CreateWindowInBand with UI access token for those who want to cheat on 4:3
the overlay created this way is very smooth with 0 lag
for that we need two files
uiaccess.cpp:
#include "uiaccess.hpp"
#include <tlhelp32.h>
#include <tchar.h>
static DWORD DuplicateWinloginToken(DWORD dwSessionId, DWORD dwDesiredAccess, PHANDLE phToken) {
DWORD dwErr;
PRIVILEGE_SET ps;
ps.PrivilegeCount = 1;
ps.Control = PRIVILEGE_SET_ALL_NECESSARY;
if (LookupPrivilegeValue(NULL, SE_TCB_NAME, &ps.Privilege[0].Luid)) {
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (INVALID_HANDLE_VALUE != hSnapshot) {
BOOL bCont, bFound = FALSE;
PROCESSENTRY32 pe;
pe.dwSize = sizeof (pe);
dwErr = ERROR_NOT_FOUND;
for (bCont = Process32First(hSnapshot, &pe); bCont; bCont = Process32Next(hSnapshot, &pe)) {
HANDLE hProcess;
if (0 != _tcsicmp(pe.szExeFile, TEXT("winlogon.exe"))) {
continue;
}
hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, pe.th32ProcessID);
if (hProcess) {
HANDLE hToken;
DWORD dwRetLen, sid;
if (OpenProcessToken(hProcess, TOKEN_QUERY | TOKEN_DUPLICATE, &hToken)) {
BOOL fTcb;
if (PrivilegeCheck(hToken, &ps, &fTcb) && fTcb) {
if (GetTokenInformation(hToken, TokenSessionId, &sid, sizeof (sid), &dwRetLen) && sid == dwSessionId) {
bFound = TRUE;
if (DuplicateTokenEx(hToken, dwDesiredAccess, NULL, SecurityImpersonation, TokenImpersonation, phToken)) {
dwErr = ERROR_SUCCESS;
} else {
dwErr = GetLastError();
}
}
}
CloseHandle(hToken);
}
CloseHandle(hProcess);
}
if (bFound) break;
}
CloseHandle(hSnapshot);
} else {
dwErr = GetLastError();
}
} else {
dwErr = GetLastError();
}
return dwErr;
}
static DWORD CreateUIAccessToken(PHANDLE phToken) {
DWORD dwErr;
HANDLE hTokenSelf;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_DUPLICATE, &hTokenSelf)) {
DWORD dwSessionId, dwRetLen;
if (GetTokenInformation(hTokenSelf, TokenSessionId, &dwSessionId, sizeof (dwSessionId), &dwRetLen)) {
HANDLE hTokenSystem;
dwErr = DuplicateWinloginToken(dwSessionId, TOKEN_IMPERSONATE, &hTokenSystem);
if (ERROR_SUCCESS == dwErr) {
if (SetThreadToken(NULL, hTokenSystem)) {
if (DuplicateTokenEx(hTokenSelf, TOKEN_QUERY | TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY | TOKEN_ADJUST_DEFAULT, NULL, SecurityAnonymous, TokenPrimary, phToken)) {
BOOL bUIAccess = TRUE;
if (!SetTokenInformation(*phToken, TokenUIAccess, &bUIAccess, sizeof (bUIAccess))) {
dwErr = GetLastError();
CloseHandle(*phToken);
}
} else {
dwErr = GetLastError();
}
RevertToSelf();
} else {
dwErr = GetLastError();
}
CloseHandle(hTokenSystem);
}
} else {
dwErr = GetLastError();
}
CloseHandle(hTokenSelf);
} else {
dwErr = GetLastError();
}
return dwErr;
}
static BOOL CheckForUIAccess(DWORD* pdwErr, BOOL* pfUIAccess) {
BOOL result = FALSE;
HANDLE hToken;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) {
DWORD dwRetLen;
if (GetTokenInformation(hToken, TokenUIAccess, pfUIAccess, sizeof (*pfUIAccess), &dwRetLen)) {
result = TRUE;
} else {
*pdwErr = GetLastError();
}
CloseHandle(hToken);
} else {
*pdwErr = GetLastError();
}
return result;
}
DWORD PrepareForUIAccess() {
DWORD dwErr;
HANDLE hTokenUIAccess;
BOOL fUIAccess;
if (CheckForUIAccess(&dwErr, &fUIAccess)) {
if (fUIAccess) {
dwErr = ERROR_SUCCESS;
} else {
dwErr = CreateUIAccessToken(&hTokenUIAccess);
if (ERROR_SUCCESS == dwErr) {
STARTUPINFO si;
PROCESS_INFORMATION pi;
GetStartupInfo(&si);
if (CreateProcessAsUser(hTokenUIAccess, NULL, GetCommandLine(), NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi)) {
CloseHandle(pi.hProcess), CloseHandle(pi.hThread);
ExitProcess(0);
} else {
dwErr = GetLastError();
}
CloseHandle(hTokenUIAccess);
}
}
}
return dwErr;
}
uiaccess.hpp:
#pragma once
#include <windows.h>
#ifdef _DEBUG
#include <stdio.h>
#define dbgstart() \
do \
{ \
AllocConsole(); \
freopen("CON", "r", stdin); \
freopen("CON", "w", stdout); \
freopen("CON", "w", stderr); \
} while (0)
#define dbgend() FreeConsole()
#define dbg(...) printf([B]VA_ARGS[/B])
#else
#define dbgstart() ((void)0)
#define dbgend() FALSE
#define dbg(...) (-1)
#endif
// Return win32 error code
EXTERN_C DWORD PrepareForUIAccess();next step is calling the function of PrepareUIAccess() inside our main function before the cheat loads
i'll be using
Пожалуйста, авторизуйтесь для просмотра ссылки.
as an example, go to the main function and paste it here like its showed
PrepareUIAccess:
DWORD err = PrepareForUIAccess();
if (err != ERROR_SUCCESS)
{
MessageBoxA(NULL, "Failed to elevate to UIAccess.", "Error", MB_OK);
return -1;
}next we go to where we creat our window, in our case its in OS-ImGui_External.cpp
find the CreateMyWindow function and replace it with this
CreateMyWindow:
bool OSImGui_External::CreateMyWindow()
{
WNDCLASSEXW wc = {
sizeof(wc), CS_CLASSDC, WndProc_External,
0L, 0L, GetModuleHandle(NULL), NULL, NULL, NULL, NULL,
Window.wClassName.c_str(), NULL
};
// Load CreateWindowInBand dynamically
typedef HWND(WINAPI* pCreateWindowInBand_t)(
DWORD, ATOM, LPCWSTR, DWORD, int, int, int, int,
HWND, HMENU, HINSTANCE, LPVOID, DWORD);
pCreateWindowInBand_t pCreateWindowInBand = (pCreateWindowInBand_t)
GetProcAddress(GetModuleHandleW(L"user32.dll"), "CreateWindowInBand");
if (!pCreateWindowInBand) {
MessageBoxW(NULL, L"CreateWindowInBand is not supported on this OS.", L"Error", MB_OK | MB_ICONERROR);
return false;
}
// Register the window class
ATOM classAtom = RegisterClassExW(&wc);
// Create the window in UIACCESS band with the requested extended styles
Window.hWnd = pCreateWindowInBand(
WS_EX_TOPMOST | WS_EX_NOACTIVATE | WS_EX_TRANSPARENT,
classAtom,
Window.wName.c_str(),
WS_POPUP,
(int)Window.Pos.x, (int)Window.Pos.y,
(int)Window.Size.x, (int)Window.Size.y,
NULL, NULL,
wc.hInstance,
NULL,
2
);
Window.hInstance = wc.hInstance;
if (!Window.hWnd) {
MessageBoxW(NULL, L"CreateWindowInBand failed.", L"Error", MB_OK | MB_ICONERROR);
return false;
}
// Setup ImGui render device
if (!g_Device.CreateDeviceD3D(Window.hWnd)) {
g_Device.CleanupDeviceD3D();
UnregisterClassW(wc.lpszClassName, wc.hInstance);
return false;
}
ShowWindow(Window.hWnd, SW_SHOWDEFAULT);
UpdateWindow(Window.hWnd);
return true;
}now you're all set
in order for this to work flawlessly you need 2 things
1- Don't disable Fullscreen optimization
2- make sure that accelerated hardware rendering is off in windows settings
now you don't need to use Malware cheats like Zappy's Orbit and you can use an open source cheat like DragonBurn with much better overlay with 0 lags
next i'll be adding VPK parsing for vischeck
Последнее редактирование:
