- 237
- 442
Что делает скрипт?
Крутость скрипта в том, что он добавляет свои кнопки (Увидите, если скомпилите)
- Сохранить диалог - End
- Показать сохраненный диалог - Home
Крутость скрипта в том, что он добавляет свои кнопки (Увидите, если скомпилите)
CLEO:
{$CLEO .cs}
0000:
wait 3000
0AA2: 31@ = load_library "kernel32.dll" // IF and SET
0AA4: 30@ = get_proc_address "GetModuleHandleA" library 31@ // IF and SET
0AA7: call_function 30@ num_params 1 pop 0 "samp.dll" 0@
0A8E: 2@ = 0@ + 0x212AD0 //_DialogClient
repeat
wait 0
0A8D: 1@ = read_memory 2@ size 4 virtual_protect 1
until not 1@ == 0
0A8E: 20@ = 0@ + 0x0A0B20
0AA6: call_method 20@ struct 1@ param 9 pop 0 params 0 0 0 height 24 width 128 y -42 x 0 strText "Close dialog" id 0x100
0AA6: call_method 20@ struct 1@ param 9 pop 0 params 0 0 0 height 24 width 128 y -42 x 128 strText "Save dialog" id 0x101
0AB1: call_scm_func @CDXUTDialog__GetControl 3 struct 1@ samp_base 0@ id 0x100 to 2@
gosub @generateCallback
gosub @generate_function_pizdecov
0AC6: 3@ = label @callback offset
0A8E: 2@ = 0@ + 0x94940 // int __stdcall CDXUTDialog__SetCallback(int pCallback, int pUserContext)
0AA6: call_method 2@ struct 1@ num_params 2 pop 0 params 0 3@
0AF8: samp add_message_to_chat "=================Dialog Saver====================" color 0xBBBBFF
0AF8: samp add_message_to_chat "Сохранить диалог - End" color 0xBBBBFF
0AF8: samp add_message_to_chat "Показать сохраненный диалог - Home" color 0xBBBBFF
0AF8: samp add_message_to_chat "= Создал: MogAika. Специально для blasthack.net =" color 0xBBBBFF
0AF8: samp add_message_to_chat "================www.blasthack.net================" color 0xBBBBFF
while true
wait 0
if
0ab0:35 //End
then
0AC6: 9@ = label @saved_mb_isSaved offset
0A8D: 11@ = read_memory 9@ size 4 virtual_protect 1
if
11@ == 1
then
0AC6: 9@ = label @saved_dialog_m_id offset
0A8D: 11@ = read_memory 9@ size 4 virtual_protect 1
0AC6: 12@ = label @saved_dialog_m_text offset
0AC6: 13@ = label @saved_dialog_m_button1_text offset
0AC6: 14@ = label @saved_dialog_m_button2_text offset
0AC6: 15@ = label @saved_dialog_m_caption_text offset
0AC6: 9@ = label @saved_dialog_m_type offset
0A8D: 16@ = read_memory 9@ size 4 virtual_protect 1
0B3B: samp show_dialog id 11@ caption 15@ text 12@ button_1 13@ button_2 14@ style 16@
0AD1: show_formatted_text_highpriority "Fake Dialog Created" time 2000
wait 0
wait 0
wait 0
0A8E: 9@ = 0@ + 0x2129F8 //_Dialog
0A8D: 10@ = read_memory 9@ size 4 virtual_protect 1
10@ += 0x81
0A8C: write_memory 10@ size 4 value 1 virtual_protect 1
wait 500
end
end
if
0ab0:36 //Home
then
0A8E: 9@ = 0@ + 0x2129F8 //_Dialog
0A8D: 10@ = read_memory 9@ size 4 virtual_protect 1
10@ += 0x20
0A8D: 9@ = read_memory 10@ size 4 virtual_protect 1
if
9@ == 1
then
0AC6: 7@ = label @pizdecovii_inject_continue offset
0AA5: call 7@ num_params 0 pop 0
0A8C: write_memory 10@ size 4 value 0 virtual_protect 1
0AD1: show_formatted_text_highpriority "Dialog Saved" time 2000
wait 500
end
end
end
:callback
hex
{0} 50 // 00 //PUSH EAX
{1} 8B4424 0C // 04 //MOV EAX,DWORD PTR SS:[ESP+C]
{5} 3D 00010000 // 04 //CMP EAX,100
{10} 75 24 // 04 //JNZ 26-2 -----------------------------------------
{12} 33C0 // 04 //XOR EAX,EAX |
{14} A3 10101010 // 04 //MOV DWORD PTR DS:[10101010],EAX [_Dialog]+0x28 |
{19} A2 10101010 // 04 //MOV BYTE PTR DS:[10101010],AL [_ClientDialog]+0x13 |
{24} B8 10101010 // 04 //MOV EAX,10101010 samp_base+63970 |
{29} 51 // 08 //PUSH ECX |
{30} B9 10101010 // 04 //MOV ECX,10101010 [samp_base+212A4C] |
{35} 6A 00 // 04 //PUSH 0 |
{37} 6A 00 // 0C //PUSH 0 |
{39} 6A 00 // 10 //PUSH 0 |
{41} FFD0 // 14 //CALL EAX [-0Ch] //Показываем мышь |
{43} 59 // 0C //POP ECX |
{44} 58 // 04 //POP EAX |
{45} C2 1000 // 00 //RETN 10h |
{48} 3D 01010000 // 04 //CMP EAX,101 <----------------------------------------
{53} 75 0B // 04 //JNZ 13-2 -----------------------------------------
{55} B8 10101010 // 04 //MOV EAX,10101010 @pizdecovii_inject_continue |
{60} FFD0 // 04 //CALL EAX |
{62} 58 // 04 //POP EAX |
{63} C2 1000 // 00 //RETN 10h |
{66} 58 // 04 //POP EAX <-----------------------------------------
{67} B8 10101010 // 00 //MOV EAX,10101010 samp_base+AD740 //Выход из инжекта (настоящая функция
{72} FFE0 // 00 //JMP EAX
end
:generateCallback
0AC6: 6@ = label @callback offset
0A8E: 7@ = 6@ + 15
0A8E: 9@ = 0@ + 0x2129F8 //_Dialog
0A8D: 10@ = read_memory 9@ size 4 virtual_protect 1
10@ += 0x28
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
0A8E: 7@ = 6@ + 20
0A8E: 9@ = 0@ + 0x212AD0 //_DialogClient
0A8D: 10@ = read_memory 9@ size 4 virtual_protect 1
10@ += 0x13
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
0A8E: 7@ = 6@ + 25
0A8E: 10@ = 0@ + 0x63970 //samp_base+63970
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
0A8E: 7@ = 6@ + 31
0A8E: 9@ = 0@ + 0x212A4C //[samp_base+212A4C]
0A8D: 10@ = read_memory 9@ size 4 virtual_protect 1
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
0A8E: 7@ = 6@ + 56
0AC6: 10@ = label @pizdecovii_inject_continue offset
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
0A8E: 7@ = 6@ + 68
0A8E: 10@ = 0@ + 0xAD740 //samp_base+AD740
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
return
//0AB1: call_scm_func @CDXUTDialog__AddButton 9 struct 1@ samp_base 0@ id 0x44 text "Button" x 240 y 32 width 400 height 16
:CDXUTDialog__AddButton
0A8E: 20@ = 1@ + 0x0A0B20
0AA6: call_method 20@ struct 0@ param 9 pop 0 params 0 0 0 height 7@ width 6@ y 5@ x 4@ strText 3@ id 2@
0AB2: ret 0
//0AB1: call_scm_func @CDXUTDialog__GetControl 3 struct 1@ samp_base 0@ id 0x44 to 2@
:CDXUTDialog__GetControl
0A8E: 3@ = 1@ + 0x971C0
0AA8: call_function_method 3@ struct 0@ num_params 1 pop 0 id 2@ to 4@
0AB2: ret 1 4@
//example
//0AB1: call_scm_func @CDXUTControl__SetVisible 2 0@ visible true
:CDXUTControl__SetVisible
0A8D: 2@ = read_memory 0@ size 4 virtual_protect 1
2@ += 64
0A8D: 3@ = read_memory 2@ size 4 virtual_protect 1
0AA6: call_method 3@ struct 0@ num_params 1 pop 0 1@
0AB2: ret 0
//example
//0AB1: call_scm_func @CDXUTControl__SetEnabled 2 2@ visible true
:CDXUTControl__SetEnabled
0A8D: 2@ = read_memory 0@ size 4 virtual_protect 1
2@ += 56
0A8D: 3@ = read_memory 2@ size 4 virtual_protect 1
0AA6: call_method 3@ struct 0@ num_params 1 pop 0 1@
0AB2: ret 0
//100AF970 ; int __cdecl CopyText(int to, int from, int len)
//ID 14 - Button1
//ID 15 - Button2
:pizdecovii_inject_continue
hex
{0} 50 // 00 //PUSH EAX
{1} 53 // 04 //PUSH EBX
{2} 51 // 08 //PUSH ECX
{3} A1 88882222 // 0C //MOV EAX,DWORD PTR DS:[22228888] //cClentDialog+0x81
{8} A3 88882222 // 0C //MOV DWORD PTR DS:[22228888],EAX //@saved_dialog_b_toServer
{13} A1 88882222 // 0C //MOV EAX,DWORD PTR DS:[22228888] //cClentDialog+0x30
{18} A3 88882222 // 0C //MOV DWORD PTR DS:[22228888],EAX //@saved_dialog_m_id
{23} A1 88882222 // 0C //MOV EAX,DWORD PTR DS:[22228888] //cClentDialog+0x2C
{28} A3 88882222 // 0C //MOV DWORD PTR DS:[22228888],EAX //@saved_dialog_m_type
//--------------------------------------------------------------------------------------------------------------------------
{33} 68 FF010000 // 0C //PUSH 1FF //len - 511 bytes
{38} A1 88882222 // 10 //MOV EAX,DWORD PTR DS:[22228888] //cClentDialog+0x34
{43} 50 // 10 //PUSH EAX //from
{44} 68 88882222 // 14 //PUSH 22228888 //to - @saved_dialog_m_text
{49} BB 44338822 // 18 //MOV EBX,22883344 //samp.dll + AF970 ; int __cdecl CopyText(int to, int from, int len)
{54} FFD3 // 18 //CALL EBX //Копируем текст
//--------------------------------------------------------------------------------------------------------------------------
{56} 6A 7F // 18 //PUSH 7F //len - 127 bytes
{58} B8 44338822 // 1C //MOV EAX,22883344 //CDXUTDialogClient.GetControl(0x14) + 0x4D
{63} 50 // 1C //PUSH EAX //from
{64} 68 88882222 // 20 //PUSH 22228888 //to - @saved_dialog_m_button1_text
{69} FFD3 // 24 //CALL EBX //Копируем текст
//--------------------------------------------------------------------------------------------------------------------------
{71} 6A 7F // 24 //PUSH 7F //len - 127 bytes
{73} B8 44338822 // 28 //MOV EAX,22883344 //CDXUTDialogClient.GetControl(0x15) + 0x4D
{78} 50 // 28 //PUSH EAX //from
{79} 68 88882222 // 2C //PUSH 22228888 //to - @saved_dialog_m_button2_text
{84} FFD3 // 30 //CALL EBX //Копируем текст
//--------------------------------------------------------------------------------------------------------------------------
{86} 6A 7F // 30 //PUSH 7F //len - 127 bytes
{88} B8 44338822 // 34 //MOV EAX,22883344 //CDXUTDialog + 0x16
{93} 50 // 34 //PUSH EAX //from
{94} 68 88882222 // 38 //PUSH 22228888 //to - @saved_dialog_m_caption_text
{99} FFD3 // 3C //CALL EBX //Копируем текст
//--------------------------------------------------------------------------------------------------------------------------
{101}B8 01000000 // 3C //MOV EAX,1
{106}A3 24311200 // 3C //MOV DWORD PTR DS:[123124],EAX //@saved_mb_isSaved
{111}83C4 30 // 3C //ADD ESP,30
{114}59 // 0C //POP ECX
{115}5B // 08 //POP EBX
{116}58 // 04 //POP EAX
{117}C2 0000 // 00 //RETN 0
end
:generate_function_pizdecov
0AC6: 6@ = label @pizdecovii_inject_continue offset
0A8E: 8@ = 0@ + 0x2129F8 //cClentDialog
0A8D: 9@ = read_memory 8@ size 4 virtual_protect 1
//------------------
0A8E: 7@ = 6@ + 4
0A8E: 10@ = 9@ + 0x81 //cClentDialog+0x81
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
0A8E: 7@ = 6@ + 9
0AC6: 10@ = label @saved_dialog_b_toServer offset //@saved_dialog_b_toServer
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
0A8E: 7@ = 6@ + 14
0A8E: 10@ = 9@ + 0x30 //cClentDialog+0x30
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
0A8E: 7@ = 6@ + 19
0AC6: 10@ = label @saved_dialog_m_id offset //@saved_dialog_m_id
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
0A8E: 7@ = 6@ + 24
0A8E: 10@ = 9@ + 0x2C //cClentDialog+0x2C
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
0A8E: 7@ = 6@ + 29
0AC6: 10@ = label @saved_dialog_m_type offset //@saved_dialog_m_type
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
//------------------
0A8E: 7@ = 6@ + 39
0A8E: 10@ = 9@ + 0x34 //cClentDialog+0x34
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
0A8E: 7@ = 6@ + 45
0AC6: 10@ = label @saved_dialog_m_text offset //@saved_dialog_m_text
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
0A8E: 7@ = 6@ + 50
0A8E: 10@ = 0@ + 0xAF970 //samp.dll + AF970
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
//-------------------
0A8E: 7@ = 6@ + 59
0AB1: call_scm_func @CDXUTDialog__GetControl 3 struct 1@ samp_base 0@ id 0x14 to 5@
0A8E: 10@ = 5@ + 0x4D //CDXUTDialogClient.GetControl(0x14) + 0x4D
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
0A8E: 7@ = 6@ + 65
0AC6: 10@ = label @saved_dialog_m_button1_text offset
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
//-------------------
0A8E: 7@ = 6@ + 74
0AB1: call_scm_func @CDXUTDialog__GetControl 3 struct 1@ samp_base 0@ id 0x15 to 5@
0A8E: 10@ = 5@ + 0x4D //CDXUTDialogClient.GetControl(0x14) + 0x4D
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
0A8E: 7@ = 6@ + 80
0AC6: 10@ = label @saved_dialog_m_button2_text offset
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
//-------------------
0A8E: 7@ = 6@ + 89
0A8E: 10@ = 1@ + 0x16 //CDXUTDialogClient + 0x16
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
0A8E: 7@ = 6@ + 95
0AC6: 10@ = label @saved_dialog_m_caption_text offset
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
//-------------------
0A8E: 7@ = 6@ + 107
0AC6: 10@ = label @saved_mb_isSaved offset
0A8C: write_memory 7@ size 4 value 10@ virtual_protect 1
return
:saved_mb_isSaved
hex
00000000
end
:saved_dialog_m_id
hex
00000000
end
:saved_dialog_m_type
hex
00000000
end
:saved_dialog_b_toServer
hex
00000000
end
:saved_dialog_m_text //512 байт
hex
{0} 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
{64} 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
{128} 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
{192} 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
{256} 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
{320} 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
{384} 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
{448} 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
end
:saved_dialog_m_button1_text //128 байт
hex
{0} 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
{64} 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
end
:saved_dialog_m_button2_text //128 байт
hex
{0} 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
{64} 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
end
:saved_dialog_m_caption_text //128 байт
hex
{0} 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
{64} 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
end
