unknowncheats uc-forum.com ucdownloads ucdownloads.com

Go Back   UC-Tutorials - Multiplayer Game Hacking and Cheat Tutorials > Anti-Cheat Bypass > PunkBuster
Reload this Page Screenshot function
- Sponsored Advertisement -
http://www.myfpscheats.com/


Reply
 
Thread Tools Display Modes
  #1  
Old 06-23-2007, 10:01 PM
zero_tolerance zero_tolerance is offline
Senior Member
  
Join Date: Dec 2006
Posts: 289
Default Screenshot function
By: Roverturbo



Here is alittle bit of info regarding PunkBuster's screenshot routine.

When the function below is initiated it starts constructing the screenshot text, this is the first process of making the screenshot so hooking this function will tell you when a screenshot is about to be created.

Anyone who has messed with the GUID faking tutorial i posted may recognise it because you land in here..

Code:
int sub_1002EAD0(int, int, int, byte)

** Routine is to big to post **
Now, if you hook this function and return 2 you will disable the screenshot feature on your client.. Also it's pretty common knowledge that they use ddraw to make the actual image and the call to that routine is located in the above function near the bottom.

Code:
1002F26F CALL 10018E60
The prototype for this is..

Code:
void 10018E60(void)
If you let the first function work correctly by returning the actual call to the real function, you can hook this instead with a empty void and you will create ddraw failed to initialize errors (Only the text portion of the screenshot is created).

Because i haven't posted the disassembled routines (to big) i will post a small straight to the point snippet hooking these two routines.. Notice the commented out return 2 that i mentioned above.

Code:
#include <windows.h>
#include <detours.h>

typedef INT  (WINAPI *tSSRoutine)(INT, INT, INT, BYTE);
typedef VOID (WINAPI *tDDRoutine)(VOID);

tSSRoutine SSRoutine_;
tDDRoutine DDRoutine_; 

INT  _SSRoutine(INT, INT, INT, BYTE);
VOID _DDRoutine(VOID);

INT WINAPI DllMain(HMODULE Module, DWORD Reason, PVOID Reserved)
{

  if(Reason == 1)
  {

    DWORD PB_SS = (DWORD)GetModuleHandle("pbcl.dll") + 0x2EAD0;
    SSRoutine_ = (tSSRoutine)DetourFunction((PBYTE)PB_SS, (PBYTE)_SSRoutine);

    DWORD PB_DD = (DWORD)GetModuleHandle("pbcl.dll") + 0x18E60;
    DDRoutine_ = (tDDRoutine)DetourFunction((PBYTE)PB_DD, (PBYTE)_DDRoutine);

    return 1;

  }

  return -1;

}

INT _SSRoutine(INT arg_0, INT arg_4, INT arg_8, BYTE arg_F14)
{

  INT ReturnVal = SSRoutine_(arg_0, arg_4, arg_8, arg_F14);

  return ReturnVal;

  //return 2;

}

VOID _DDRoutine(VOID) 
{ 

}
Anyway all this is just food for thought, there is alot more you can do when you study it proper. But how deep you go is upto you.

[c]Do NOT post my work on other sites please.[/c]
Reply With Quote
Reply

  • Submit Thread to Digg
  • Submit Thread to del.icio.us
  • Submit Thread to StumbleUpon
  • Submit Thread to Google
  • Submit Thread to Facebook
  • Submit Thread to My Yahoo!
  • Submit Thread to MySpace
  • Submit Thread to Twitter
  • Submit Thread to Reddit

Tags
function, screenshot

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT. The time now is 05:54 AM.

Contact Us - Archive