Source No Recoil - No Sway Offset

NordCFW

NordCFW

IT Specialist/Security Enthusiast
Messages
109
Reaction score
21
Points
888
Code: 
#include <Windows.h>
    
    void* g_pOriginalGetRecoil=NULL;
    void* g_pOriginalGetDeviation=NULL;
    void** g_pGetRecoilVTableAddress=(void**)0x020FA644;
    void** g_pGetDeviationVTableAddress=(void**)0x020FA640;
    
    
    void __declspec(naked) hkGetRecoil(void)
    {
        __asm
        {
            xor eax, eax
            mov [ecx+0x164], eax
            mov [ecx+0x16C], eax
            jmp dword ptr[g_pOriginalGetRecoil]
        }
    }
    
    
    void __declspec(naked) hkGetDeviation(void)
    {
        __asm
        {
            xor eax, eax
            mov [ecx+0x140], eax
            mov [ecx+0x13C], eax
            jmp dword ptr[g_pOriginalGetDeviation]
        }
    }
    
    unsigned long __stdcall HookThread(void* param)
    {
        unsigned long flOldProtection;
        if((int)param==1)                //Enable Hook
        {
            if(!g_pOriginalGetDeviation)
                g_pOriginalGetDeviation=*g_pGetDeviationVTableAddress;                                                    //Backing up Original Functions
            if(!g_pOriginalGetRecoil)
                g_pOriginalGetRecoil=*g_pGetRecoilVTableAddress;
    
            if(VirtualProtect(g_pGetDeviationVTableAddress,8,PAGE_READWRITE,&flOldProtection))                            //Removing memory protection
            {
                *g_pGetDeviationVTableAddress=hkGetDeviation;                                                                //Swapping VTable Pointers
                *g_pGetRecoilVTableAddress=hkGetRecoil;
                return VirtualProtect(g_pGetDeviationVTableAddress,8,flOldProtection,&flOldProtection);                        //Readding normal memory protection
            }
            else
            {
                return 0;
            }
        }
        else //Disable Hook
        {
            if(VirtualProtect(g_pGetDeviationVTableAddress,8,PAGE_READWRITE,&flOldProtection))                            //Removing memory protection
            {
                *g_pGetDeviationVTableAddress=g_pOriginalGetDeviation;                                                    //Setting VTable pointers back to original ones
                *g_pGetRecoilVTableAddress=g_pOriginalGetRecoil;
                return VirtualProtect(g_pGetDeviationVTableAddress,8,flOldProtection,&flOldProtection);                        //Readding normal memory protection
            }
            else
            {
                return 0;
            }
        }
        return 1;
    }
    
    
    unsigned long __stdcall DllMain(HMODULE hModule, unsigned long ulReason, void* param)
    {
        if(ulReason==DLL_PROCESS_ATTACH)
        {
            CloseHandle(CreateThread(NULL,0,&HookThread,(void*)1,0,NULL)); //Enable hook
        }
        else if(ulReason==DLL_PROCESS_DETACH)
        {
            CloseHandle(CreateThread(NULL,0,&HookThread,NULL,0,NULL)); //Disable hook
        }
        return 1;
    }
 
Top