Другое Полезные сниппеты и SCM-функции

SR_team

like pancake
BH Team
3,814
3,859
Сниплет позволяет вызывать локальные команды, которые были зарегистрированы сампом/скриптами/плагинами.

Код:
0AC8: 0@ = allocate_memory_size 33 // 33 - max cmd length 
0AC8: 1@ = allocate_memory_size 144 // 144 - max chat input

0AD3: 0@ = format "fpslimit"
0AD3: 1@ = format "90" 
0AB1: call @execLocalCommand 2 0@ 1@         

0AC9: free_allocated_memory 1@
0AC9: free_allocated_memory 0@
В данном коде переменная 0@ содержит название команды, а переменная 1@ содержит ее аргументы.

Код:
:execLocalCommand // 0@ - pszCmdName 1@ - pszCmdArgs, no ret       
0AB1: call @getCommandProc 1 0@ 2@
0AA7: call_function 2@ num_params 1 pop 1 1@
ret 0
Код:
:getCommandProc // 0@ - pszCmdName, ret - pCMD
/* getCmdProcByName
* R2: 0x65B40
* R1: 0x65A70
*/
0AA2: 1@ = load_library "samp.dll"
if 0AB1: call @is037R2 0
then         
    1@ += 0x65B40
else 
    1@ += 0x65A70         
end 
0AB1: call @getInputInfo 0 2@
0AA8: call_function_method 1@ struct 2@ num_params 1 pop 0 0@ 3@
ret 1 3@
Код:
:getInputInfo // no args, ret - pInputInfo 
/* InputInfo
* R2: 0x21A0F0
* R1: 0x21A0E8
*/
0AA2: 0@ = load_library "samp.dll"
if 0AB1: call @is037R2 0
then         
    0@ += 0x21A0F0 
else         
    0@ += 0x21A0E8
end           
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0
0AB2: ret 1 0@
Код:
:is037R2 // no args, no ret
0AA2: 0@ = load_library "samp.dll"
0A8E: 1@ = 0@ + 0x129 // check SAMP version
0A8D: 2@ = read_memory 1@ size 1 virtual_protect 0
if 2@ == 0x0C
then         
    0AB2: ret 0 1     
end
0AB2: ret 0 0

Код:
:execLocalCommand // 0@ - pszCmdName 1@ - pszCmdArgs, no ret       
0AB1: call @getCommandProc 1 0@ 2@
0AA7: call_function 2@ num_params 1 pop 1 1@
ret 0

:getCommandProc // 0@ - pszCmdName, ret - pCMD
/* getCmdProcByName
* R2: 0x65B40
* R1: 0x65A70
*/
0AA2: 1@ = load_library "samp.dll"
if 0AB1: call @is037R2 0
then         
    1@ += 0x65B40
else 
    1@ += 0x65A70         
end 
0AB1: call @getInputInfo 0 2@
0AA8: call_function_method 1@ struct 2@ num_params 1 pop 0 0@ 3@
ret 1 3@

:getInputInfo // no args, ret - pInputInfo 
/* InputInfo
* R2: 0x21A0F0
* R1: 0x21A0E8
*/
0AA2: 0@ = load_library "samp.dll"
if 0AB1: call @is037R2 0
then         
    0@ += 0x21A0F0 
else         
    0@ += 0x21A0E8
end           
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0
0AB2: ret 1 0@

:is037R2 // no args, no ret
0AA2: 0@ = load_library "samp.dll"
0A8E: 1@ = 0@ + 0x129 // check SAMP version
0A8D: 2@ = read_memory 1@ size 1 virtual_protect 0
if 2@ == 0x0C
then         
    0AB2: ret 0 1     
end
0AB2: ret 0 0
Код:
{$CLEO}
wait 1750

0AC8: 0@ = allocate_memory_size 33 // 33 - max cmd length 
0AC8: 1@ = allocate_memory_size 144 // 144 - max chat input
0AD3: 0@ = format "fpslimit"

0AD3: 1@ = format "90" 
0AB1: call @execLocalCommand 2 0@ 1@         

0AC9: free_allocated_memory 1@
0AC9: free_allocated_memory 0@
0A93: end_custom_thread

:execLocalCommand // 0@ - pszCmdName 1@ - pszCmdArgs, no ret       
0AB1: call @getCommandProc 1 0@ 2@
0AA7: call_function 2@ num_params 1 pop 1 1@
ret 0

:getCommandProc // 0@ - pszCmdName, ret - pCMD
/* getCmdProcByName
* R2: 0x65B40
* R1: 0x65A70
*/
0AA2: 1@ = load_library "samp.dll"
if 0AB1: call @is037R2 0
then         
    1@ += 0x65B40
else 
    1@ += 0x65A70         
end 
0AB1: call @getInputInfo 0 2@
0AA8: call_function_method 1@ struct 2@ num_params 1 pop 0 0@ 3@
ret 1 3@

:getInputInfo // no args, ret - pInputInfo 
/* InputInfo
* R2: 0x21A0F0
* R1: 0x21A0E8
*/
0AA2: 0@ = load_library "samp.dll"
if 0AB1: call @is037R2 0
then         
    0@ += 0x21A0F0 
else         
    0@ += 0x21A0E8
end           
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0
0AB2: ret 1 0@

:is037R2 // no args, no ret
0AA2: 0@ = load_library "samp.dll"
0A8E: 1@ = 0@ + 0x129 // check SAMP version
0A8D: 2@ = read_memory 1@ size 1 virtual_protect 0
if 2@ == 0x0C
then         
    0AB2: ret 0 1     
end
0AB2: ret 0 0
 

MISTER_GONWIK

Всефорумный гонщик
Автор темы
Всефорумный модератор
1,213
1,507
Описание: перемещение иконки радара
Использование: call @setBlipPosition 4 marker x y z
Код:
CLEO:
:setBlipPosition
if 075C: marker 0@ enabled
then
    0B10: 4@ = 0@ AND 0xFFFF
    0012: 4@ *= 40
    0A8E: 5@ = 0xBA86F8 + 4@
    0A8C: write_memory 5@ size 4 value 1@ virtual_protect 0
    5@ += 4
    0A8C: write_memory 5@ size 4 value 2@ virtual_protect 0
    5@ += 4
    0A8C: write_memory 5@ size 4 value 3@ virtual_protect 0
end     
0AB2: ret 0

Пример:
CLEO:
{$CLEO .cs}
thread "exam"
wait 0

while true
    wait 0
    if 00DF: actor $PLAYER_ACTOR driving
    then
        03C0: 0@ = actor $PLAYER_ACTOR car
        if 056E: car 0@ defined
        then
            00AA: store_car 0@ position_to 1@ 2@ 3@
           
            if 875C: not marker 4@ enabled
            then
                02A8: 4@ = create_marker 55 at 1@ 2@ 3@    
            end

            call @setBlipPosition 4 4@ 1@ 2@ 3@      
        end
    else
        if 075C: marker 4@ enabled
        then
            0164: disable_marker 4@
            4@ = -1        
        end
    end
end

:setBlipPosition
if 075C: marker 0@ enabled
then
    0B10: 4@ = 0@ AND 0xFFFF 
    0012: 4@ *= 40
    0A8E: 5@ = 0xBA86F8 + 4@
    0A8C: write_memory 5@ size 4 value 1@ virtual_protect 0
    5@ += 4
    0A8C: write_memory 5@ size 4 value 2@ virtual_protect 0
    5@ += 4
    0A8C: write_memory 5@ size 4 value 3@ virtual_protect 0
end      
0AB2: ret 0
 
  • Нравится
Реакции: romacaddy и kraft1k

MISTER_GONWIK

Всефорумный гонщик
Автор темы
Всефорумный модератор
1,213
1,507
Описание: функции для работы с маркером карты (пкм)
Использование: см. ниже
Код:
CLEO:
{
    call @getTargetMarkerHandle 0 returnTo: 0@
}
:getTargetMarkerHandle
0A8D: 0@ = read_memory 0xBA6774 size 4 virtual_protect 0
ret 1 0@

{
    call @setStateTargetMarker 1 state 0
}
:setStateTargetMarker
call @getTargetMarkerHandle 0 return: 1@
if 1@ > 0
then
    if 0@ == 0
    then
        0AA5: call_function 0x587CE0 num_params 1 pop 1 1@ // CRadar::removeBlip         
        0A8C: write_memory 0xBA6774 size 4 value 0 virtual_protect 0 // CMenuManager::m_targetMarker
    end
else
    if 0@ == 1
    then
        0AA7: call_function 0x583820 num_params 6 pop 6 2 0 0 0 0 4 1@ // CRadar::createBlip
        0AA5: call_function 0x583D70 num_params 2 pop 2 41 1@ // CRadar::setBlipSprite
        0A8C: write_memory 0xBA6774 size 4 value 1@ virtual_protect 0 // CMenuManager::m_targetMarker 
    end
end
ret 0

{
    call @setTargetMarkerPosition 3 x 1@ y 2@ z 3@
}
:setTargetMarkerPosition
call @getTargetMarkerHandle 0 return: 3@
if 075C: marker 3@ enabled
then
    0B10: 4@ = 3@ AND 0xFFFF
    0012: 4@ *= 40
    0A8E: 5@ = 0xBA86F8 + 4@
    0A8C: write_memory 5@ size 4 value 1@ virtual_protect 0
    5@ += 4
    0A8C: write_memory 5@ size 4 value 2@ virtual_protect 0
    5@ += 4
    0A8C: write_memory 5@ size 4 value 3@ virtual_protect 0
end     
0AB2: ret 0

Пример:
CLEO:
{$CLEO .cs}
thread "exam"
wait 0

while true
    wait 0
    if 0ADC: "tmrp"
    then
        actor.StorePos($PLAYER_ACTOR, 0@, 1@, 2@)     
       
        call @setStateTargetMarker 1 state 1
       
        0208: 0@ = random_float_in_ranges -1500.0 1500.0
        0208: 1@ = random_float_in_ranges -1500.0 1500.0
        call @setTargetMarkerPosition 3 x 0@ y 1@ z 20.0
       
        0AB6: store_target_marker_coords_to 0@ 1@ 2@
        actor.PutAt($PLAYER_ACTOR, 0@, 1@, 2@)
    else if 0ADC: "tms"
    then
        call @getTargetMarkerHandle 0 returnTo: 3@
        if 3@ <= 0
        then
            0AD1: show_formatted_text_highpriority "~w~Target marker ~r~disabled" time 2000
        else
            0AD1: show_formatted_text_highpriority "Target marker ~g~enabled" time 2000            
        end   
    else if 0ADC: "tma"
    then
        call @setStateTargetMarker 1 state 1
    else if 0ADC: "tmd"
    then
        call @setStateTargetMarker 1 state 0                     
    end
    end
    end
    end
end

{
    call @getTargetMarkerHandle 0 returnTo: 0@
}
:getTargetMarkerHandle
0A8D: 0@ = read_memory 0xBA6774 size 4 virtual_protect 0
ret 1 0@

{
    call @setStateTargetMarker 1 state 0
}
:setStateTargetMarker
call @getTargetMarkerHandle 0 return: 1@
if 1@ > 0
then
    if 0@ == 0
    then
        0AA5: call_function 0x587CE0 num_params 1 pop 1 1@ // CRadar::removeBlip          
        0A8C: write_memory 0xBA6774 size 4 value 0 virtual_protect 0 // CMenuManager::m_targetMarker
    end
else
    if 0@ == 1
    then
        0AA7: call_function 0x583820 num_params 6 pop 6 2 0 0 0 0 4 1@ // CRadar::createBlip
        0AA5: call_function 0x583D70 num_params 2 pop 2 41 1@ // CRadar::setBlipSprite
        0A8C: write_memory 0xBA6774 size 4 value 1@ virtual_protect 0 // CMenuManager::m_targetMarker   
    end
end
ret 0

{
    call @setTargetMarkerPosition 3 x 1@ y 2@ z 3@
}
:setTargetMarkerPosition
call @getTargetMarkerHandle 0 return: 3@
if 075C: marker 3@ enabled
then
    0B10: 4@ = 3@ AND 0xFFFF 
    0012: 4@ *= 40
    0A8E: 5@ = 0xBA86F8 + 4@
    0A8C: write_memory 5@ size 4 value 1@ virtual_protect 0
    5@ += 4
    0A8C: write_memory 5@ size 4 value 2@ virtual_protect 0
    5@ += 4
    0A8C: write_memory 5@ size 4 value 3@ virtual_protect 0
end      
0AB2: ret 0
 

itsLegend

Подпишись на мой профиль! 🤠
Администратор
2,701
1,371
Описание: Конвертирование UTF-8 строк в ANSI (Windows-1251) функциями MultiByteToWideChar и WideCharToMultiByte.
Использование: берем любую UTF-8 строку и пытаемся конвертировать в ansi (допустим в InternetReadFile). Опкоды 0C68 и 0C69, а если быть точным - 0C69, имеют баг - неправильный codepage аргумент. Это вряд ли будет устранено в ближайшем будущем, т.к. эти опкоды редко используются и на сф хуй забили, вот. Будьте аккуратны с возвращаемым значением - выделяется участок памяти и если не освободить, то будет утечка памяти.
CLEO:
0A9A: 0@ = openfile "CLEO\utf8_string.txt" mode "r"
if 0@ <> 0
then
    alloc 1@ 128
    0C11: memset destination 1@ value 0 size 128

    0AD7: read_string_from_file 0@ to 1@ size 127
    chatmsg "%s" -1 1@
 
    call @utf8_to_ansi 1 source 1@ allocated_string_ret_to 2@

    if 2@ <> 0
    then
        chatmsg "%s" -1 2@
        free 2@ // SAY 'NO' TO MEMORY LEAK
    end

    free 1@ // SAY 'NO' TO MEMORY LEAK
    0A9B: closefile 0@
end

Код:
CLEO:
:utf8_to_ansi
// call @utf8_to_ansi 1 source 0@ allocated_string_ret_to 1@
1@ = 0 // output, string

if call @MultiByteToWideChar 6 CodePage 65001 dwFlags 0 lpMultiByteStr 0@ cbMultiByte -1 lpWideCharStr #NULL cchWideChar 0 result_to 2@ // str len
then
    call @_allocate_string 1 size 2@ res_to 3@ // alloc

    if call @MultiByteToWideChar 6 CodePage 65001 dwFlags 0 lpMultiByteStr 0@ cbMultiByte -1 lpWideCharStr 3@ cchWideChar 2@ result_to 2@ // success
    then
        if call @WideCharToMultiByte 8 CodePage 1251 dwFlags 0 lpWideCharStr 3@ cchWideChar -1 lpMultiByteStr #NULL cbMultiByte 0 lpDefaultChar #NULL lpUsedDefaultChar #NULL result_to 2@ // str len
        then
            call @_allocate_string 1 size 2@ res_to 4@ // alloc

            if call @WideCharToMultiByte 8 CodePage 1251 dwFlags 0 lpWideCharStr 3@ cchWideChar -1 lpMultiByteStr 4@ cbMultiByte 2@ lpDefaultChar #NULL lpUsedDefaultChar #NULL result_to 2@ // success
            then
                0085: 1@ = 4@
            else
                free 4@
            end
        end
    end
 
    free 3@
end
ret 1 1@

:_allocate_string
// call @_allocate_string 1 size 0@ res_to 1@
0@++
alloc 1@ 0@                        
0C11: memset destination 1@ value 0 size 0@
ret 1 1@

:MultiByteToWideChar
// call @MultiByteToWideChar 6 CodePage 0@ dwFlags 1@ lpMultiByteStr 2@ cbMultiByte 3@ lpWideCharStr 4@ cchWideChar 5@ result_to 6@
// https://msdn.microsoft.com/ru-ru/library/windows/desktop/dd319072(v=vs.85).aspx
0C71: 7@ = get_module "kernel32.dll" proc "MultiByteToWideChar" address
0AA7: call_function 7@ num_params 6 pop 0 5@ 4@ 3@ 2@ 1@ 0@ res_to 6@
if 6@ <> 0
then 0485:  return_true
else 059A:  return_false
end
ret 1 6@

:WideCharToMultiByte
// call @WideCharToMultiByte 8 CodePage 0@ dwFlags 1@ lpWideCharStr 2@ cchWideChar 3@ lpMultiByteStr 4@ cbMultiByte 5@ lpDefaultChar 6@ lpUsedDefaultChar 7@ result_to 8@
// https://msdn.microsoft.com/ru-ru/library/windows/desktop/dd374130(v=vs.85).aspx
0C71: 9@ = get_module "kernel32.dll" proc "WideCharToMultiByte" address
0AA7: call_function 9@ num_params 8 pop 0 7@ 6@ 5@ 4@ 3@ 2@ 1@ 0@ res_to 8@
if 8@ <> 0
then 0485:  return_true
else 059A:  return_false
end
ret 1 8@
 

Вложения

  • utf8_string.txt
    17 байт · Просмотры: 3

romanblinov2013

RB_PRO
Проверенный
214
194
Проверка на простоту числа.
Простое чисто - это число, которое делится без остатка только на себя и на 1.
CLEO:
{$CLEO}
0000: NOP
repeat
wait 100
until samp.Available()
0B34: samp register_client_command "ggame" to_label @SetNumber
while true
wait 0
    if 31@ == 1
    then
    wait 0
        while 10@ == 1
        wait 0
        0085: 6@ = 7@ // (int)
        000E: 6@ -= 1
            for 5@ = 2 to 6@ step 1
            0A91: 4@ = 7@ / 5@ // int
            0085: 15@ = 5@ // (int)
            006A: 4@ *= 15@  // (int)
            wait 0
                if 003B:   4@ == 7@  // (int)
                then
                0AF8: samp add_message_to_chat "СОСТАВНОЕ %d" color -1 7@
                10@ = 0
                break  
                end
            end
        10@ = 0
        end
    end
end
:SetNumber
0AC8: 7@ = allocate_memory_size 8
0B35: samp 7@ = get_last_command_params
if 0AD4: 24@ = scan_string 7@ format "%d" 7@
then
    if and
    7@ > 2
    7@ < 10001
    then
    0AF8: samp add_message_to_chat "Всё согут! Число: %d" color 0xf4c99c 7@
    0B12: 31@ = 31@ XOR 1
0B12: 10@ = 10@ XOR 1
    else
    0AF8: samp add_message_to_chat "От 3 до 10000" color 0xf4c99c
    end  
else
0AF8: samp add_message_to_chat "Ошибка. Укажите параметр. По примеру /ggame [arg]" color 0xf4c99c
end
samp.CmdRet()
// При желании вы можете схитрить и использовать меньшее кол-во переменных.
 

kawa operand

перерывпятьминут
606
327
Обратите внимание, пользователь заблокирован на форуме. Не рекомендуется проводить сделки.
Регистрация SA-MP 0.3.7 R1 команд без использования SAMPFUNCS

CLEO:
// samp 0.3.7 R1
{$cleo .cs}
hex
    00 00
end
wait 5000

if 8AA2: 0@ = load_library "samp.dll" // IF and SET
then 0A93: end_custom_thread
end

var
    0@: integer
end
0AC6: 1@ = label @callback offset
0AC6: 2@ = label @cmdname offset

// write 31@ address to assembly code
1@ += 2
0AC7: 3@ = var 31@ offset                           
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1
1@ -= 2
31@ = 0 // zeroing 31 var
0AB1: call_scm_func @registerClientCommand 3 dwSAMPHandle: 0@ szCommandName: 2@ CallBack: 1@

while true
    wait 0
    if 31@ == 1
    then
        print "Enable" 1000     
    else
        print "Disable" 1000
    end
end

:callback
hex
    83 35 11 11 11 11 01 // xor     [11111111], 01
    C3 // retn
end

:cmdname
hex
    "test" 0
end

:registerClientCommand // unsigned long dwSAMPHandle, char szCommandName[], CMDPROC CallBack
var
    3@: integer
    4@: integer
end

3@ = 0@ // dwSAMPHandle
3@ += 0x21A0E8 // struct
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
4@ = 0@ // dwSAMPHandle
4@ += 0x65AD0 // function

0AA6: call_method 4@ struct 3@ num_params 2 pop 0 2@ 1@
0AB2: ret 0

upd
CLEO:
1@ += 9
0AC7: 3@ = var 30@ offset                           
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1
1@ -= 9

1@ += 15
0AC7: 3@ = var 31@ offset                           
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1
1@ -= 15


:callback
hex
    51                      // push     ecx
    56                      // push     esi
    8B 74 24 0C             // mov     esi, [esp+0Ch]
    89 34 25 11 11 11 11    // mov     [11111111], esi
    83 35 11 11 11 11 01    // xor     [11111111], 01
    5E                      // pop     esi
    59                      // pop     ecx
    C3 // retn
end
 
Последнее редактирование:

Niko

Известный
Проверенный
231
249
Описание: Полная работа с SA-MP диалогами без SAMPFUNCS

CLEO:
:dialog_hook
{
    call @dialog_hook 1 buttonId: 1@
}
0AB1: call_scm_func @getSAMPAddr 0 to: 0@
0@ += 0x6C04D

0AC6: 2@ = label @function offset

2@ += 0x5

0AC7: 3@ = var 1@ offset
0A8C: write_memory 2@ size 4 value 3@ virtual_protect 1

2@ -= 0x5
0AB1: @asm_call_hook 3 offset 0@ function 2@ virtual_protect 1

0@ += 0x5
0A8C: write_memory 0@ size 1 value 0x90 virtual_protect 1 //NOP
ret 0      

:asm_call_hook
{
    call @asm_call_hook 3 offset 1@ function 2@ virtual_protect 1
}
0A8C: write_memory 0@ size 1 value 0xE8 virtual_protect 2@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 2@
ret 0    
           
:function
hex
50                // push eax
8B 45 08          // mov eax,[ebp+08]
A3 00 00 00 00    // mov [00000000],eax
58                // pop eax
64 A1 00 00 00 00 // mov eax,fs:[00000000]
C3                // ret    
end
CLEO:
:showDialog
{
    call @showDialog 6 dialogId 0@ styleId 1@ caption 2@ info 3@ button1 4@ button2 5@    
}
0AB1: @getSAMPAddr 0 to: 6@
6@ += 0x6B9C0
0AB1: @getDialogInfo 0 to: 7@
0AA8: call_function_method 6@ struct 7@ num_params 7 pop 0 0 5@ 4@ 3@ 2@ 1@ 0@ to: 6@
ret 0
CLEO:
:dialogGetId
{
    call @dialogGetId 0 to: 0@
}
0AB1: @getDialogInfo 0 to: 0@
0@ += 0x30
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0
ret 1 0@
CLEO:
:dialogListBoxGetIndex
{
    call @dialogListBoxGetIndex 0 to: 0@
}
0AB1: @getDialogInfo 0 to: 0@
0@ += 0x20  
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0
0AB1: @getSAMPAddr 0 to: 1@
1@ += 0x84850
0AA8: call_function_method 1@ struct 0@ num_params 1 pop 0 -1 to: 0@
ret 1 0@
CLEO:
:dialogGetInputText
{
    call @dialogGetInputText 0 to: 0@
}
0AB1: @getDialogInfo 0 to: 0@
0@ += 0x24   
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0
0AB1: @getSAMPAddr 0 to: 1@
1@ += 0x81030
0AA8: call_function_method 1@ struct 0@ num_params 0 pop 0 to: 0@
ret 1 0@
CLEO:
:dialogGetType
{
    call @dialogGetType 0 to: 0@
}
0AB1: @getDialogInfo 0 to: 0@
0@ += 0x2C   
0A8D: 0@ = read_memory 0@ size 1 virtual_protect 0
ret 1 0@

CLEO:
:getSAMPAddr
{
    call @getSAMPAddr 0 to: 0@
}
0AA7: call_function 0x0081E406 num_params 1 pop 0 "samp.dll" 0@
ret 1 0@

:getDialogInfo
{
    call @getDialogInfo 0 to: 0@
}
0AB1: @getSAMPAddr 0 to: 0@
0@ += 0x21A0B8
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0
ret 1 0@

CLEO:
{$CLEO}
0001: wait 2000 ms

call @dialog_hook 1 buttonId: 1@
1@ = -1

0AC8: 6@ = 32
0AC8: 7@ = 32
0AC8: 8@ = 32
0AC8: 9@ = 32

0AD3: 6@ "Диалог" // caption
0AD3: 7@ "Пункт 1%cПункт 2%cПункт 3" 0xA 0xA // info
0AD3: 8@ "Выбрать" // button1
0AD3: 9@ "Назад" // button2

while true
    wait 0
    if 1@ <> -1
    then
        call @dialogGetId 0 to: 2@

        if 2@ == 1337
        then
            if 1@ == 1
            then
                { Действие для левой кнопки }
               
                call @dialogListBoxGetIndex 0 to: 2@
                if 2@ == 0
                then
                    { Выбран пункт 1 }
                else
                    if 2@ == 1
                    then
                        { Выбран пункт 2 }   
                    end
                end
            else
                { Действие для правой кнопки }
            end
        end
        
        1@ = -1
    end
    if 0AB0: 123
    then
        call @showDialog 6 dialogId 1337 styleId 2 caption 6@ info 7@ button1 8@ button2 9@    
    end
end

:asm_call_hook
{
    call @asm_call_hook 3 offset 1@ function 2@ virtual_protect 1
}
0A8C: write_memory 0@ size 1 value 0xE8 virtual_protect 2@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 2@
ret 0    

:dialog_hook
{
    call @dialog_hook 1 buttonId: 1@
}
0AB1: call_scm_func @getSAMPAddr 0 to: 0@
0@ += 0x6C04D

0AC6: 2@ = label @function offset

2@ += 0x5

0AC7: 3@ = var 1@ offset
0A8C: write_memory 2@ size 4 value 3@ virtual_protect 1

2@ -= 0x5
0AB1: @asm_call_hook 3 offset 0@ function 2@ virtual_protect 1

0@ += 0x5
0A8C: write_memory 0@ size 1 value 0x90 virtual_protect 1 //NOP
ret 0      
            
:function
hex
50                // push eax
8B 45 08          // mov eax,[ebp+08]
A3 00 00 00 00    // mov [00000000],eax
58                // pop eax
64 A1 00 00 00 00 // mov eax,fs:[00000000]
C3                // ret    
end 

:getSAMPAddr
{
    call @getSAMPAddr 0 to: 0@
}
0AA7: call_function 0x0081E406 num_params 1 pop 0 "samp.dll" 0@
ret 1 0@

:showDialog
{
    call @showDialog 6 dialogId 0@ styleId 1@ caption 2@ info 3@ button1 4@ button2 5@    
}
0AB1: @getSAMPAddr 0 to: 6@
6@ += 0x6B9C0
0AB1: @getDialogInfo 0 to: 7@
0AA8: call_function_method 6@ struct 7@ num_params 7 pop 0 0 5@ 4@ 3@ 2@ 1@ 0@ to: 6@
ret 0

:dialogGetId
{
    call @dialogGetId 0 to: 0@
}
0AB1: @getDialogInfo 0 to: 0@
0@ += 0x30
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0
ret 1 0@

:dialogListBoxGetIndex
{
    call @dialogListBoxGetIndex 0 to: 0@
}
0AB1: @getDialogInfo 0 to: 0@
0@ += 0x20  
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0
0AB1: @getSAMPAddr 0 to: 1@
1@ += 0x84850
0AA8: call_function_method 1@ struct 0@ num_params 1 pop 0 -1 to: 0@
ret 1 0@

:dialogGetInputText
{
    call @dialogGetInputText 0 to: 0@
}
0AB1: @getDialogInfo 0 to: 0@
0@ += 0x24   
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0
0AB1: @getSAMPAddr 0 to: 1@
1@ += 0x81030
0AA8: call_function_method 1@ struct 0@ num_params 0 pop 0 to: 0@
ret 1 0@

:dialogGetType
{
    call @dialogGetType 0 to: 0@
}
0AB1: @getDialogInfo 0 to: 0@
0@ += 0x2C   
0A8D: 0@ = read_memory 0@ size 1 virtual_protect 0
ret 1 0@     
    
:getDialogInfo
{
    call @getDialogInfo 0 to: 0@
}
0AB1: @getSAMPAddr 0 to: 0@
0@ += 0x21A0B8
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0
ret 1 0@
 

Parazitas

Участник
17
3
CLEO:
:CloseCurrentDialogWithButton
{
    0.3.7 - R1
    0AB1: @CloseCurrentDialogWithButton 1 Button 0 // 1 = Left , 0 = Right
}
IF 0AA2: 10@ = "samp.dll"
THEN  
    0A8E: 11@ = 10@ + 0x21A0B8 // SAMP_DIALOG_INFO_OFFSET
    0A8D: 12@ = readMem 11@ sz 4 vp 0
    0A8E: 11@ = 10@ +  0x6C040 //SAMP_DIALOG_CLOSE
    0AA8: call_function_method 11@ struct 12@ num_params 1 pop 0 0@  _retVal 6@
END
0AB2: 0

:CloseCurrentDialogWithButton
{
    0.3.7 - R2
    0AB1: @CloseCurrentDialogWithButton 1 Button 0 // 1 = Left , 0 = Right
}
IF 0AA2: 10@ = "samp.dll"
THEN  
    0A8E: 11@ = 10@ + 0x21A0C0 // SAMP_DIALOG_INFO_OFFSET
    0A8D: 12@ = readMem 11@ sz 4 vp 0
    0A8E: 11@ = 10@ +  0x6C0F0 //SAMP_DIALOG_CLOSE
    0AA8: call_function_method 11@ struct 12@ num_params 1 pop 0 0@  _retVal 6@
END
0AB2: 0

:CloseCurrentDialogWithButton
{
    0.3.7 - R3
    0AB1: @CloseCurrentDialogWithButton 1 Button 0 // 1 = Left , 0 = Right
}
IF 0AA2: 10@ = "samp.dll"
THEN  
    0A8E: 11@ = 10@ + 0x26E898 // SAMP_DIALOG_INFO_OFFSET
    0A8D: 12@ = readMem 11@ sz 4 vp 0
    0A8E: 11@ = 10@ +  0x6FF40 //SAMP_DIALOG_CLOSE
    0AA8: call_function_method 11@ struct 12@ num_params 1 pop 0 0@  _retVal 6@
END
0AB2: 0

:CloseCurrentDialogWithButton
{
    0.3.DL
    0AB1: @CloseCurrentDialogWithButton 1 Button 0 // 1 = Left , 0 = Right
}
IF 0AA2: 10@ = "samp.dll"
THEN  
    0A8E: 11@ = 10@ + 0x2AC9E0 // SAMP_DIALOG_INFO_OFFSET
    0A8D: 12@ = readMem 11@ sz 4 vp 0
    0A8E: 11@ = 10@ + 0x700D0 //SAMP_DIALOG_CLOSE
    0AA8: call_function_method 11@ struct 12@ num_params 1 pop 0 0@  _retVal 6@
END
0AB2: 0

CLEO:
:SetDialogInputEditBoxText
{
    0.3.7 - R1
    0AB1: @SetDialogInputEditBoxText 2 text 0@ selected 0
}
if 0AA2: 2@ = "samp.dll"
then
    0A8E: 3@ = 2@ + 0x21A0B8            // SAMP_DIALOG_INFO_OFFSET
    0A8D: 3@ = readMem 3@ sz 4 vp 0     // pDialog;
    0A8E: 4@ = 3@ + 0x24                // pDialog->pEditBox;
    0A8D: 4@ = readMem 4@ sz 4 vp 0     // pEditBox;
   
    0A8E: 5@ = 2@ + 0x80F60 // CDXUTEditBox::SetText
   
    // CDXUTEditBox::SetText takes 2 params
    // 1 - pointer to zero terminated string
    // 2 - bool, if text is to be selected or not
   
    0AA8: call_function_method 5@ struct 4@ num_params 2 pop 0 _bSelected 1@ _pszText 0@ _retVal 6@
end
0AB2: 0


:GetDialogInputEditBoxText
{
    0.3.7 - R1
    0AB1: @GetDialogInputEditBoxText 0 _Return: 0@
}
if 0AA2: 2@ = "samp.dll"
then
    0A8E: 3@ = 2@ + 0x21A0B8            // SAMP_DIALOG_INFO_OFFSET 
    0A8D: 3@ = readMem 3@ sz 4 vp 0     // pDialog;
    0A8E: 4@ = 3@ + 0x24                // pDialog->pEditBox;
    0A8D: 4@ = readMem 4@ sz 4 vp 0     // pEditBox;
   
    0A8E: 5@ = 2@ + 0x81030 // CDXUTEditBox::GetText
   
    0AA8: call_function_method 5@ struct 4@ num_params 0 pop 0 _Return: 0@
end
0AB2: 1 0@

:SetDialogInputEditBoxText
{
    0.3.7 - R2
    0AB1: @SetChatInputEditBoxText 2 text 0@ selected 0
}
if 0AA2: 2@ = "samp.dll"
then
    0A8E: 3@ = 2@ + 0x21A0C0            // SAMP_DIALOG_INFO_OFFSET
    0A8D: 3@ = readMem 3@ sz 4 vp 0     // pDialog;
    0A8E: 4@ = 3@ + 0x24                // pDialog->pEditBox;
    0A8D: 4@ = readMem 4@ sz 4 vp 0     // pEditBox;
   
    0A8E: 5@ = 2@ + 0x81000 // CDXUTEditBox::SetText 
   
    // CDXUTEditBox::SetText takes 2 params
    // 1 - pointer to zero terminated string
    // 2 - bool, if text is to be selected or not
   
    0AA8: call_function_method 5@ struct 4@ num_params 2 pop 0 _bSelected 1@ _pszText 0@ _retVal 6@
end
0AB2: 0


:GetDialogInputEditBoxText
{
    0.3.7 - R2
    0AB1: @GetDialogInputEditBoxText 0 _Return: 0@
}
if 0AA2: 2@ = "samp.dll"
then
    0A8E: 3@ = 2@ + 0x21A0C0            // SAMP_DIALOG_INFO_OFFSET
    0A8D: 3@ = readMem 3@ sz 4 vp 0     // pDialog;
    0A8E: 4@ = 3@ + 0x24                // pDialog->pEditBox;
    0A8D: 4@ = readMem 4@ sz 4 vp 0     // pEditBox;
   
    0A8E: 5@ = 2@ + 0x810D0 // CDXUTEditBox::GetText
   
    0AA8: call_function_method 5@ struct 4@ num_params 0 pop 0 _Return: 0@
end
0AB2: 1 0@

:SetDialogInputEditBoxText
{
    0.3.7 - R3
    0AB1: @SetChatInputEditBoxText 2 text 0@ selected 0
}
if 0AA2: 2@ = "samp.dll"
then
    0A8E: 3@ = 2@ + 0x26E898            // SAMP_DIALOG_INFO_OFFSET 
    0A8D: 3@ = readMem 3@ sz 4 vp 0     // pDialog;
    0A8E: 4@ = 3@ + 0x24                // pDialog->pEditBox;
    0A8D: 4@ = readMem 4@ sz 4 vp 0     // pEditBox;
   
    0A8E: 5@ = 2@ + 0x84E70 // CDXUTEditBox::GetText 
   
    // CDXUTEditBox::SetText takes 2 params
    // 1 - pointer to zero terminated string
    // 2 - bool, if text is to be selected or not
   
    0AA8: call_function_method 5@ struct 4@ num_params 2 pop 0 _bSelected 1@ _pszText 0@ _retVal 6@
end
0AB2: 0


:GetDialogInputEditBoxText
{
    0.3.7 - R3
    0AB1: @GetDialogInputEditBoxText 0 _Return: 0@
}
if 0AA2: 2@ = "samp.dll"
then
    0A8E: 3@ = 2@ + 0x26E898            // SAMP_DIALOG_INFO_OFFSET 
    0A8D: 3@ = readMem 3@ sz 4 vp 0     // pDialog;
    0A8E: 4@ = 3@ + 0x24                // pDialog->pEditBox;
    0A8D: 4@ = readMem 4@ sz 4 vp 0     // pEditBox;
   
    0A8E: 5@ = 2@ + 0x84F40 // CDXUTEditBox::GetText
   
    0AA8: call_function_method 5@ struct 4@ num_params 0 pop 0 _Return: 0@
end
0AB2: 1 0@

:SetDialogInputEditBoxText
{
    0.3.DL
    0AB1: @SetChatInputEditBoxText 2 text 0@ selected 0
}
if 0AA2: 2@ = "samp.dll"
then
    0A8E: 3@ = 2@ + 0x2AC9E0            // SAMP_DIALOG_INFO_OFFSET 
    0A8D: 3@ = readMem 3@ sz 4 vp 0     // pDialog;
    0A8E: 4@ = 3@ + 0x24                // pDialog->pEditBox;
    0A8D: 4@ = readMem 4@ sz 4 vp 0     // pEditBox;
   
    0A8E: 5@ = 2@ + 0x85000 // CDXUTEditBox::GetText 
   
    // CDXUTEditBox::SetText takes 2 params
    // 1 - pointer to zero terminated string
    // 2 - bool, if text is to be selected or not
   
    0AA8: call_function_method 5@ struct 4@ num_params 2 pop 0 _bSelected 1@ _pszText 0@ _retVal 6@
end
0AB2: 0


:GetDialogInputEditBoxText
{
    0.3.DL
    0AB1: @GetDialogInputEditBoxText 0 _Return: 0@
}
if 0AA2: 2@ = "samp.dll"
then
    0A8E: 3@ = 2@ + 0x2AC9E0            // SAMP_DIALOG_INFO_OFFSET 
    0A8D: 3@ = readMem 3@ sz 4 vp 0     // pDialog;
    0A8E: 4@ = 3@ + 0x24                // pDialog->pEditBox;
    0A8D: 4@ = readMem 4@ sz 4 vp 0     // pEditBox;
   
    0A8E: 5@ = 2@ + 0x850D0 // CDXUTEditBox::GetText 
   
    0AA8: call_function_method 5@ struct 4@ num_params 0 pop 0 _Return: 0@
end
0AB2: 1 0@

CLEO:
:GetCurrentDialogListItem
{
    0.3.7 - R1
    0AB1: @GetCurrentDialogListItem 0 _Return: 0@
}
if 0AA2: 2@ = "samp.dll"
then
    0A8E: 3@ = 2@ + 0x21A0B8         
    0A8D: 3@ = readMem 3@ sz 4 vp 0     
    0A8E: 4@ = 3@ + 0x20                
    0A8D: 4@ = readMem 4@ sz 4 vp 0     
   
    0A8E: 5@ = 2@ + 0x84850
   
    0AA8: call_function_method 5@ struct 4@ num_params 1 pop 0 -1 _Return: 0@
end
0AB2: 1 0@

:GetCurrentDialogListItem
{
    0.3.7 - R2
    0AB1: @GetCurrentDialogListItem 0 _Return: 0@
}
if 0AA2: 2@ = "samp.dll"
then
    0A8E: 3@ = 2@ + 0x21A0C0         
    0A8D: 3@ = readMem 3@ sz 4 vp 0     
    0A8E: 4@ = 3@ + 0x20                
    0A8D: 4@ = readMem 4@ sz 4 vp 0     
   
    0A8E: 5@ = 2@ + 0x848F0
   
    0AA8: call_function_method 5@ struct 4@ num_params 1 pop 0 -1 _Return: 0@
end
0AB2: 1 0@

:GetCurrentDialogListItem
{
    0.3.7 - R3
    0AB1: @GetCurrentDialogListItem 0 _Return: 0@
}
if 0AA2: 2@ = "samp.dll"
then
    0A8E: 3@ = 2@ + 0x26E898         
    0A8D: 3@ = readMem 3@ sz 4 vp 0     
    0A8E: 4@ = 3@ + 0x20                
    0A8D: 4@ = readMem 4@ sz 4 vp 0     
   
    0A8E: 5@ = 2@ + 0x88760
   
    0AA8: call_function_method 5@ struct 4@ num_params 1 pop 0 -1 _Return: 0@
end
0AB2: 1 0@

:GetCurrentDialogListItem
{
    0.3.DL
    0AB1: @GetCurrentDialogListItem 0 _Return: 0@
}
if 0AA2: 2@ = "samp.dll"
then
    0A8E: 3@ = 2@ + 0x2AC9E0         
    0A8D: 3@ = readMem 3@ sz 4 vp 0     
    0A8E: 4@ = 3@ + 0x20                
    0A8D: 4@ = readMem 4@ sz 4 vp 0     
   
    0A8E: 5@ = 2@ + 0x888F0
   
    0AA8: call_function_method 5@ struct 4@ num_params 1 pop 0 -1 _Return: 0@
end
0AB2: 1 0@

CLEO:
:ShowDialog
{
    0.3.7 - R1
    0AB1: @ShowDialog 6 id 1000 caption 0@ text 1@ button_1 2@ button_2 3@ style 2
}
IF 0AA2: 10@ = "samp.dll"
THEN
    0A8E: 11@ = 10@ + 0x21A0B8 // SAMP_DIALOG_INFO_OFFSET
    0A8D: 12@ = readMem 11@ sz 4 vp 1
    0A8E: 11@ = 10@ + 0x6B9C0 //SAMP_DIALOG_SHOW
    0AA6: call_method 11@ struct 12@ num_params 7 pop 0 params 0 RightButton 4@ LeftButton 3@ dText 2@ Caption 1@ dType 5@ dID 0@ bServerside 0 _retVal 6@
END
0AB2: 0

:ShowDialog
{
    0.3.7 - R2
    0AB1: @ShowDialog 6 id 1000 caption 0@ text 1@ button_1 2@ button_2 3@ style 2
}
IF 0AA2: 10@ = "samp.dll"
THEN
    0A8E: 11@ = 10@ + 0x21A0C0 // SAMP_DIALOG_INFO_OFFSET
    0A8D: 12@ = readMem 11@ sz 4 vp 1
    0A8E: 11@ = 10@ + 0x6BA70 //SAMP_DIALOG_SHOW
    0AA6: call_method 11@ struct 12@ num_params 7 pop 0 params 0 RightButton 4@ LeftButton 3@ dText 2@ Caption 1@ dType 5@ dID 0@ bServerside 0 _retVal 6@
END
0AB2: 0

:ShowDialog
{
    0.3.7 - R3
    0AB1: @ShowDialog 6 id 1000 caption 0@ text 1@ button_1 2@ button_2 3@ style 2
}
IF 0AA2: 10@ = "samp.dll"
THEN
    0A8E: 11@ = 10@ + 0x26E898 // SAMP_DIALOG_INFO_OFFSET
    0A8D: 12@ = readMem 11@ sz 4 vp 1
    0A8E: 11@ = 10@ + 0x6F8C0 //SAMP_DIALOG_SHOW
    0AA6: call_method 11@ struct 12@ num_params 7 pop 0 params 0 RightButton 4@ LeftButton 3@ dText 2@ Caption 1@ dType 5@ dID 0@ bServerside 0 _retVal 6@
END
0AB2: 0

:ShowDialog
{
    0.3.DL
    0AB1: @ShowDialog 6 id 1000 caption 0@ text 1@ button_1 2@ button_2 3@ style 2
}
IF 0AA2: 10@ = "samp.dll"
THEN
    0A8E: 11@ = 10@ + 0x2AC9E0 // SAMP_DIALOG_INFO_OFFSET
    0A8D: 12@ = readMem 11@ sz 4 vp 1
    0A8E: 11@ = 10@ + 0x6FA50 //SAMP_DIALOG_SHOW
    0AA6: call_method 11@ struct 12@ num_params 7 pop 0 params 0 RightButton 4@ LeftButton 3@ dText 2@ Caption 1@ dType 5@ dID 0@ bServerside 0 _retVal 6@
END
0AB2: 0
 
  • Нравится
Реакции: #Northn

DarkP1xel

Давай трезвого!
BH Team
3,520
4,385
Описание: Функция для поиска адреса памяти по байт-коду.
Использование: Использует 3 параметра. 1 - Адрес модуля (.DLL), 2 - Указатель на байт-код, 3 - Размер байт-кода в указателе. В байт-коде должны быть инструкции не завязанные на адресах памяти, иначе утверждение будет неверным и вернется 0. После успешного выполнения возвращает 2 адреса. Первый адрес в процессе выполнения, второй адрес в модуле.
Вызов: 0AB1: call_scm_func @getAddress params 3 | {HMODULE hModule}0@ {void *pMemFind}1@ {size_t szMemSize}2@ | {MemoryAddress}3@ {LibraryAddress}4@ |

CLEO:
:getAddress {0@ - hModule | 1@ - pMemFind | 2@ - szMemSize}
0AA7: call_function {GetCurrentProcess}0x836B0E num_params 0 pop 0 || {HANDLE}3@ |
0AB1: call_scm_func @getModuleInformation params 2 | {HANDLE hProcess}3@ {HMODULE hModule}0@ | {Result}3@ {lpmodinfo}4@ |
IF 8039:   NOT 3@ == 0x0
THEN
    0A8E: 3@ = 4@ + 0x4 {SizeOfImage}
    0A8D: 3@ = read_memory 3@ size 4 virtual_protect FALSE
    0A8E: 3@ = 0@ + 3@ {EndOfImage}
    000E: 3@ -= 0x1 {Dec 1 byte to correct module space size}
    FOR 4@ = 0@ TO 3@ | STEP = 2@ |
        0AA7: call_function {memcmp}0x830F00 num_params 3 pop 3 | {size_t Size}2@ {const void *Buf2}1@ {const void *Buf1}4@ | {Result}5@ |
        IF 0039:   5@ == 0x0
        THEN
            0A8F: 5@ = 4@ - 0@ {LibraryAddress}
            0AB2: ret 2 | {MemoryAddress}4@ {LibraryAddress}5@ |
        END
    END
END
0AB2: ret 2 | {MemoryAddress}0x0 {LibraryAddress}0x0 |

:getModuleInformation {0@ - hProcess | 1@ - hModule}
0AC6: 2@ = label @MODULEINFO offset
0AA7: call_function {GetModuleHandleA}0x81E406 num_params 1 pop 0 | {LPCSTR lpModuleName}"KERNEL32.DLL" | {HMODULE}3@ |
0AA7: call_function {GetProcAddress}0x81E40C num_params 2 pop 0 | {LPCSTR lpProcName}"K32GetModuleInformation" {HMODULE hModule}3@ | {FARPROC}3@ |
0AA7: call_function 3@ num_params 4 pop 0 | {DWORD cb}0xC {LPMODULEINFO lpmodinfo}2@ {HMODULE hModule}1@ {HANDLE hProcess}0@ | {Result}3@ |
0AB2: ret 2 | {Result}3@ {lpmodinfo}2@ |

:MODULEINFO // {12 BYTES}
HEX
    00 00 00 00
    00 00 00 00
    00 00 00 00
END

CLEO:
{$CLEO}  
0AA7: call_function {GetModuleHandleA}0x81E406 num_params 1 pop 0 | {LPCSTR lpModuleName}"SAMP.DLL" | {HMODULE}0@ |
IF 0039:   0@ == 0x0
THEN 0A93: {NO SA-MP}
END
0AC6: 1@ = label @byteCode offset
0AB1: call_scm_func @getAddress params 3 | {HMODULE hModule}0@ {void *pMemFind}1@ {size_t szMemSize}0x10 | {MemoryAddress}2@ {LibraryAddress}3@ |
0AD1: show_formatted_text_highpriority "%X - %X" time 20000 | {MemoryAddress}2@ {LibraryAddress}3@ |
//0B78: log "%X - %X" | {MemoryAddress}2@ {LibraryAddress}3@ | { ! SF OPCODE ! }
0A93:

:byteCode
HEX
    /* stSAMP::RestartGame | 16 BYTES (0x10) */
    53 55 56 57 33 DB 33 FF 8B F1 33 ED 8D 64 24 00
END

/*
    .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-.
    .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-.
    .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-.
*/

:getAddress {0@ - hModule | 1@ - pMemFind | 2@ - szMemSize}
0AA7: call_function {GetCurrentProcess}0x836B0E num_params 0 pop 0 || {HANDLE}3@ |
0AB1: call_scm_func @getModuleInformation params 2 | {HANDLE hProcess}3@ {HMODULE hModule}0@ | {Result}3@ {lpmodinfo}4@ |
IF 8039:   NOT 3@ == 0x0
THEN
    0A8E: 3@ = 4@ + 0x4 {SizeOfImage}
    0A8D: 3@ = read_memory 3@ size 4 virtual_protect FALSE
    0A8E: 3@ = 0@ + 3@ {EndOfImage}
    000E: 3@ -= 0x1 {Dec 1 byte to correct module space size}
    FOR 4@ = 0@ TO 3@ | STEP = 2@ |
        0AA7: call_function {memcmp}0x830F00 num_params 3 pop 3 | {size_t Size}2@ {const void *Buf2}1@ {const void *Buf1}4@ | {Result}5@ |
        IF 0039:   5@ == 0x0
        THEN
            0A8F: 5@ = 4@ - 0@ {LibraryAddress}
            0AB2: ret 2 | {MemoryAddress}4@ {LibraryAddress}5@ |
        END
    END
END
0AB2: ret 2 | {MemoryAddress}0x0 {LibraryAddress}0x0 |

:getModuleInformation {0@ - hProcess | 1@ - hModule}
0AC6: 2@ = label @MODULEINFO offset
0AA7: call_function {GetModuleHandleA}0x81E406 num_params 1 pop 0 | {LPCSTR lpModuleName}"KERNEL32.DLL" | {HMODULE}3@ |
0AA7: call_function {GetProcAddress}0x81E40C num_params 2 pop 0 | {LPCSTR lpProcName}"K32GetModuleInformation" {HMODULE hModule}3@ | {FARPROC}3@ |
0AA7: call_function 3@ num_params 4 pop 0 | {DWORD cb}0xC {LPMODULEINFO lpmodinfo}2@ {HMODULE hModule}1@ {HANDLE hProcess}0@ | {Result}3@ |
0AB2: ret 2 | {Result}3@ {lpmodinfo}2@ |

:MODULEINFO // {12 BYTES (0xC)}
HEX
    00 00 00 00
    00 00 00 00
    00 00 00 00
END

/*
    .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-.
    .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-.
    .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-. .-.
*/

{by DarkP1xel | 26.05.20}
 

SR_team

like pancake
BH Team
3,814
3,859
Описание: Добавляет в скрипт обработчик выгрузки скрипта из игры, как onScriptTerminate в MoonLoader
Использование:
CLEO:
0AB1: @installDtor 1 callback @on_unload_script
on_unload_script - метка обработчика
Обработчик должен заканчиваться опкодом 0A93
Опкод wait (0001) в обработчике ничего не делает

Код:
CLEO:
///////////////////////////////////////////////////// destructor hook /////////////////////////////////////////////////////

:installDtor // 0@ - dtor label  
// fix CLEO opcodes for CRunningScript::ProcessOneCommand
0A8D: 1@ = read_memory 0x00469FEE size 4 virtual_protect 1  
0A8C: write_memory 0x00469EF0 size 4 value 1@ virtual_protect 1 
// initialize ptrs for prepare asm hook
0AC6: 1@ = label @asm_CRunningScript_RemoveScriptFromList_hook offset
0A9F: 2@ = current_thread_pointer
0A8E: 3@ = 2@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@  
0A8E: 3@ = 2@ + 0x14 // ptr to IP of this thread  
// 0@ -- IP for @dtor
// 1@ -- asm code
// 2@ -- thread
// 3@ -- ptr to IP
// prepare asm hook
1@ += 2 // cmp ecx, thread   
0A8C: write_memory 1@ size 4 value 2@ virtual_protect 1  
1@ += 8 // mov eax, @dtor   
0A8C: write_memory 1@ size 4 value 0@ virtual_protect 1  
1@ += 5 // mov [IP], eax  
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1  
1@ += 6 // call CRunningScript::ProcessOneCommand 
0AB1: @asm_call_hook 2 address 1@ callback 0x00469EB0 
1@ += 8 // mov eax [IP] 
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1 
// copy original code   
0A8D: 4@ = read_memory 0x00464BD0 size 1 virtual_protect 1  
1@ += 14 // install first byte of original code 
0A8C: write_memory 1@ size 1 value 4@ virtual_protect 1 
0A8D: 5@ = read_memory 0x00464BD1 size 4 virtual_protect 1    
if or
4@ == 0xe8 // call 
4@ == 0xe9 // jmp
then // fix addr of another hook   
    5@ += 0x00464BD5 // dest addr
    0062: 5@ - 1@
    5@ -= 5 // relative addr for hook
end  
1@ += 1 // install remain bytes of original code  
0A8C: write_memory 1@ size 4 value 5@ virtual_protect 1 
// install hook to CRunningScript::RemoveScriptFromList   
1@ += 4
0AB1: @asm_jmp_hook 2 address 1@ callback 0x00464BD5  
0AC6: 1@ = label @asm_CRunningScript_RemoveScriptFromList_hook offset
0AB1: @asm_jmp_hook 2 address 0x00464BD0 callback 1@
0AB2: ret 0

:asm_CRunningScript_RemoveScriptFromList_hook
hex
    // Save original IP     
    
    // Compare thread
    81 f9 00000000 // cmp ecx, thread
    75 23 // jnz SKIP  
    
    // Set dtor IP   
    50 // push eax   
    b8 00000000 // mov eax, @dtor
    a3 00000000 // mov [IP], eax
    
    // NEXT_OP:
    51 // push ecx
    52 // push edx
    e8 00000000 // call CRunningScript::ProcessOneCommand
    5a // pop edx
    59 // pop ecx
    a1 00000000 // mov eax [IP]
    66 8b 00 // mov ax, [eax]     
    66 3d 93 0a // cmp ax, 0x0A93  
    75 e9 // jnz NEXT_OP
                   
    58 // pop eax
    
    // SKIP: 
    0000000000 // original code  
      
    // Exit from hook  
    e9 00000000 // jmp 464BD5
end

/////////////////////////////////////////////////// end destructor hook ///////////////////////////////////////////////////

//////////////////////////////////////////// MogAika snippet for install hook /////////////////////////////////////////////

:asm_call_hook
0A8C: write_memory 0@ size 1 value 0xE8 virtual_protect 1
0085:3@ = 1@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1  
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 1
0AB2: ret 0

:asm_jmp_hook
0A8C: write_memory 0@ size 1 value 0xE9 virtual_protect 1
0085:3@ = 1@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1  
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 1
0AB2: ret 0

////////////////////////////////////////// end MogAika snippet for install hook ///////////////////////////////////////////

Следующий пример регистрирует команду /hi, которая выводит в чат "Hello World", но при выгрузке скрипта команда удаляется.
Для упрощения демонстрации работы обработчика выгрузки, скрипт можно выгрузить нажатием U, а при самой выгрузке в чат выводится сообщение "Unload script"

CLEO:
{$CLEO}
wait 2000 

0B34: samp register_client_command "hi" to_label @cmd_hi
0AB1: @installDtor 1 callback @on_unload_script

while true
    if
    0AB0:   key_pressed 0x55 // U
    then
        0A93: end_custom_thread
    end
    wait 0
end

:on_unload_script 
0AF8: samp add_message_to_chat "Unload script" color -1
0B63: samp unregister_client_command "hi"
0A93: end_custom_thread

:cmd_hi
0AF8: samp add_message_to_chat "Hello World" color -1
0B43: samp cmd_ret
                                                                                                        
///////////////////////////////////////////////////// destructor hook /////////////////////////////////////////////////////

:installDtor // 0@ - dtor label  
// fix CLEO opcodes for CRunningScript::ProcessOneCommand
0A8D: 1@ = read_memory 0x00469FEE size 4 virtual_protect 1  
0A8C: write_memory 0x00469EF0 size 4 value 1@ virtual_protect 1 
// initialize ptrs for prepare asm hook
0AC6: 1@ = label @asm_CRunningScript_RemoveScriptFromList_hook offset
0A9F: 2@ = current_thread_pointer
0A8E: 3@ = 2@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@  
0A8E: 3@ = 2@ + 0x14 // ptr to IP of this thread  
// 0@ -- IP for @dtor
// 1@ -- asm code
// 2@ -- thread
// 3@ -- ptr to IP
// prepare asm hook
1@ += 2 // cmp ecx, thread   
0A8C: write_memory 1@ size 4 value 2@ virtual_protect 1  
1@ += 8 // mov eax, @dtor   
0A8C: write_memory 1@ size 4 value 0@ virtual_protect 1  
1@ += 5 // mov [IP], eax  
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1  
1@ += 6 // call CRunningScript::ProcessOneCommand 
0AB1: @asm_call_hook 2 address 1@ callback 0x00469EB0 
1@ += 8 // mov eax [IP] 
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1 
// copy original code   
0A8D: 4@ = read_memory 0x00464BD0 size 1 virtual_protect 1  
1@ += 14 // install first byte of original code 
0A8C: write_memory 1@ size 1 value 4@ virtual_protect 1 
0A8D: 5@ = read_memory 0x00464BD1 size 4 virtual_protect 1    
if or
4@ == 0xe8 // call 
4@ == 0xe9 // jmp
then // fix addr of another hook   
    5@ += 0x00464BD5 // dest addr
    0062: 5@ - 1@
    5@ -= 5 // relative addr for hook
end  
1@ += 1 // install remain bytes of original code  
0A8C: write_memory 1@ size 4 value 5@ virtual_protect 1 
// install hook to CRunningScript::RemoveScriptFromList   
1@ += 4
0AB1: @asm_jmp_hook 2 address 1@ callback 0x00464BD5  
0AC6: 1@ = label @asm_CRunningScript_RemoveScriptFromList_hook offset
0AB1: @asm_jmp_hook 2 address 0x00464BD0 callback 1@
0AB2: ret 0

:asm_CRunningScript_RemoveScriptFromList_hook
hex
    // Save original IP     
    
    // Compare thread
    81 f9 00000000 // cmp ecx, thread
    75 23 // jnz SKIP  
    
    // Set dtor IP   
    50 // push eax   
    b8 00000000 // mov eax, @dtor
    a3 00000000 // mov [IP], eax
    
    // NEXT_OP:
    51 // push ecx
    52 // push edx
    e8 00000000 // call CRunningScript::ProcessOneCommand
    5a // pop edx
    59 // pop ecx
    a1 00000000 // mov eax [IP]
    66 8b 00 // mov ax, [eax]     
    66 3d 93 0a // cmp ax, 0x0A93  
    75 e9 // jnz NEXT_OP
                   
    58 // pop eax
    
    // SKIP: 
    0000000000 // original code  
      
    // Exit from hook  
    e9 00000000 // jmp 464BD5
end

/////////////////////////////////////////////////// end destructor hook ///////////////////////////////////////////////////

//////////////////////////////////////////// MogAika snippet for install hook /////////////////////////////////////////////

:asm_call_hook
0A8C: write_memory 0@ size 1 value 0xE8 virtual_protect 1
0085:3@ = 1@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1   
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 1
0AB2: ret 0

:asm_jmp_hook
0A8C: write_memory 0@ size 1 value 0xE9 virtual_protect 1
0085:3@ = 1@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1   
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 1
0AB2: ret 0

////////////////////////////////////////// end MogAika snippet for install hook ///////////////////////////////////////////

В приложении скомпилированый пример, для его работы нужен SAMPFUNCS. потому что там регистрируется команда и есть вывод в чат, самому сниппету SAMPFUNCS не нужен!
 

Вложения

  • cleoDtorExample.cs
    691 байт · Просмотры: 1
Последнее редактирование:

SR_team

like pancake
BH Team
3,814
3,859
Описание: Хук отправки всех пакетов RakNet (обычные пакеты + RPC + служебные пакеты). Поддерживаются версии 0.3.7 R1 и R3
Использование:
CLEO:
0AB1: @installSendHook 1 callback @send_hook
send_hook - метка хука
Хук должен начинаться с опкода wait (0001) хотябы на 5мс, иначе возможны проблемы из-за того, что RakNet и скрипты работают в разных потоках
Хук должен заканчиваться опкодом 0A93 (он не выполняется, лишь служит меткой конца хука)
Опкод wait (0001) не приостанавливает выполнение хука и не добавляет задержку перед отправкой пакета
При вызове хука перезаписываются переменные 0@ и 1@ - не храните в них ничего важного!
Изменение переменных 0@ и 1@ приведет к изменению данных
, передаваемых в функцию отправки, по этому в примере переменная 0@ не меняется

0@ - данные пакета
1@ - размер пакета в битах

Чтобы занопить пакет, нужно изменить размер на 0

Код:
CLEO:
/////////////////////////////////////////////////////// RakNet hook ///////////////////////////////////////////////////////

:installSendHook // 0@ - dtor label
// fix CLEO opcodes for CRunningScript::ProcessOneCommand
0A8D: 1@ = read_memory 0x00469FEE size 4 virtual_protect 1
0A8C: write_memory 0x00469EF0 size 4 value 1@ virtual_protect 1
// initialize ptrs for prepare asm hook
0AC6: 1@ = label @asm_ReliabilityLayer_Send_hook offset
0A9F: 2@ = current_thread_pointer
0A8E: 3@ = 2@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@
0A8E: 3@ = 2@ + 0x14 // ptr to IP of this thread
0AC7: 10@ = 0@ offset // ptr to var with buffer 
0AC7: 11@ = 1@ offset // ptr to var with format
//  0@ -- IP for @dtor
//  1@ -- asm code
//  2@ -- thread
//  3@ -- ptr to IP
// 10@ -- ptr to 0@
// 11@ -- ptr to 0@
// prepare asm hook
1@ += 2 // mov eax, [IP] 
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1 
1@ += 6 // mov eax, @dtor 
0A8C: write_memory 1@ size 4 value 0@ virtual_protect 1
1@ += 5 // mov [IP], eax 
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1 
1@ += 9 // mov 0@, eax 
0A8C: write_memory 1@ size 4 value 10@ virtual_protect 1
1@ += 9 // mov 1@, eax 
0A8C: write_memory 1@ size 4 value 11@ virtual_protect 1
1@ += 7 // mov ecx, thread
0A8C: write_memory 1@ size 4 value 2@ virtual_protect 1   
000A: 1@ += 4  // call CRunningScript::ProcessOneCommand
0AB1: @asm_call_hook 2 address 1@ callback 0x00469EB0 
1@ += 8 // mov eax, [IP]
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1
1@ += 14 // mov eax, [0@]
0A8C: write_memory 1@ size 4 value 10@ virtual_protect 1
1@ += 9 // mov eax, [1@]
0A8C: write_memory 1@ size 4 value 11@ virtual_protect 1
1@ += 10 // mov [IP], eax
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1
// copy original code 
0AA2: 6@ = load_library "samp.dll"
if 0AB1: call @isR1 0
then
    6@ += 0x43010
else
    6@ += 0x463C0
end
0A8D: 4@ = read_memory 6@ size 1 virtual_protect 1
1@ += 5 // install first byte of original code
0A8C: write_memory 1@ size 1 value 4@ virtual_protect 1
0A8E: 7@ = 6@ + 1
0A8D: 5@ = read_memory 7@ size 4 virtual_protect 1 
if or
4@ == 0xe8 // call
4@ == 0xe9 // jmp
then // fix addr of another hook
    0A8E: 7@ = 6@ + 5 
    005A: 5@ += 7@ // dest addr
    0062: 5@ - 1@
    5@ -= 5 // relative addr for hook
end
1@ += 1 // install remain bytes of original code
0A8C: write_memory 1@ size 4 value 5@ virtual_protect 1
1@ += 4
0A8E: 7@ = 6@ + 5
0A8D: 5@ = read_memory 7@ size 2 virtual_protect 1 
0A8C: write_memory 1@ size 2 value 5@ virtual_protect 1
// install hook to ReliabilityLayer::Send 
1@ += 2
0AB1: @asm_jmp_hook 2 address 1@ callback 7@
0AC6: 1@ = label @asm_ReliabilityLayer_Send_hook offset 
0AB1: @asm_jmp_hook 2 address 6@ callback 1@
6@ += 5     
0A8C: write_memory 6@ size 2 value 0x9090 virtual_protect 1
0AB2: ret 0

:asm_ReliabilityLayer_Send_hook
hex
    // Save original IP 
    50 // push eax   
    a1 00000000 // mov eax, [IP]
    50 // push eax
  
    // Set dtor IP
    b8 00000000 // mov eax, @dtor
    a3 00000000 // mov [IP], eax 
  
    // Copy args
    8b 44 24 0C // mov eax, [esp+0x0C]
    a3 00000000 // mov [0@], eax
    8b 44 24 10 // mov eax, [esp+0x10]
    a3 00000000 // mov [1@], eax
  
    // NEXT_OP:
    51 // push ecx
    52 // push edx 
    b9 00000000 // mov ecx, thread
    e8 00000000 // call CRunningScript::ProcessOneCommand
    5a // pop edx
    59 // pop ecx
    a1 00000000 // mov eax [IP]
    66 8b 00 // mov ax, [eax]   
    66 3d 93 0a // cmp ax, 0x0A93
    75 e4 // jnz NEXT_OP
  
    a1 00000000 // mov eax, [0@]
    89 44 24 0C // mov [esp+0x0C], eax
    a1 00000000 // mov eax, [1@]   
    89 44 24 10 // mov [esp+0x10], eax
  
    // Restore original IP
    58 // pop eax
    a3 00000000 // mov [IP], eax 
    58 // pop eax
  
    90909090909090 // original code
    
    // Exit from hook
    e9 00000000 // ret
end

:isR1
0AA2: 0@ = load_library "samp.dll"
0A8E: 1@ = 0@ + 0x129
0A8D: 1@ = read_memory 1@ size 1 virtual_protect 1
if 1@ == 0xF4 // isR1
then
    0485:  return_true
else     
    059A:  return_false
end
0AB2: ret 0
                                                                                                                    
///////////////////////////////////////////////////// end RakNet hook /////////////////////////////////////////////////////

//////////////////////////////////////////// MogAika snippet for install hook /////////////////////////////////////////////

:asm_call_hook
0A8C: write_memory 0@ size 1 value 0xE8 virtual_protect 1
0085:3@ = 1@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1   
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 1
0AB2: ret 0

:asm_jmp_hook
0A8C: write_memory 0@ size 1 value 0xE9 virtual_protect 1
0085:3@ = 1@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1   
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 1
0AB2: ret 0

////////////////////////////////////////// end MogAika snippet for install hook ///////////////////////////////////////////

Следующий пример нопает 38'й пакет, а номера всех остальных пакетов выводит в чат


CLEO:
{$CLEO}
wait 0

0AB1: @installSendHook 1 callback @send_hook

while true
    wait 0
end

:send_hook // 0@ - data, 1@ - bitLength
wait 10 // pause script (skip one frame for 100 fps)
0085: 3@ = 0@ // (int)
0A8D: 2@ = read_memory 3@ size 1 virtual_protect 1
if and
2@ == 40 // timestamp
1@ > 40 // 5 bytes
then
    0AF8: samp add_message_to_chat "Send timestapm package %d" color -1 2@
    3@ += 5 // 40 bits
    0A8D: 2@ = read_memory 3@ size 1 virtual_protect 1
end
if 2@ == 38 // cheater -- samp detect modify packets
then
    1@ = 0 // drop package
else
    0AF8: samp add_message_to_chat "Send package %d" color -1 2@
    if 2@ == 20 // rpc
    then 
        3@ += 1
        0A8D: 2@ = read_memory 3@ size 1 virtual_protect 1
        0AF8: samp add_message_to_chat "Send RPC %d" color -1 2@
    end
end
0A93: exit_from_hook


/////////////////////////////////////////////////////// RakNet hook ///////////////////////////////////////////////////////

:installSendHook // 0@ - dtor label
// fix CLEO opcodes for CRunningScript::ProcessOneCommand
0A8D: 1@ = read_memory 0x00469FEE size 4 virtual_protect 1
0A8C: write_memory 0x00469EF0 size 4 value 1@ virtual_protect 1
// initialize ptrs for prepare asm hook
0AC6: 1@ = label @asm_ReliabilityLayer_Send_hook offset
0A9F: 2@ = current_thread_pointer
0A8E: 3@ = 2@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@
0A8E: 3@ = 2@ + 0x14 // ptr to IP of this thread
0AC7: 10@ = 0@ offset // ptr to var with buffer 
0AC7: 11@ = 1@ offset // ptr to var with format
//  0@ -- IP for @dtor
//  1@ -- asm code
//  2@ -- thread
//  3@ -- ptr to IP
// 10@ -- ptr to 0@
// 11@ -- ptr to 0@
// prepare asm hook
1@ += 2 // mov eax, [IP] 
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1 
1@ += 6 // mov eax, @dtor 
0A8C: write_memory 1@ size 4 value 0@ virtual_protect 1
1@ += 5 // mov [IP], eax 
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1 
1@ += 9 // mov 0@, eax 
0A8C: write_memory 1@ size 4 value 10@ virtual_protect 1
1@ += 9 // mov 1@, eax 
0A8C: write_memory 1@ size 4 value 11@ virtual_protect 1
1@ += 7 // mov ecx, thread
0A8C: write_memory 1@ size 4 value 2@ virtual_protect 1   
000A: 1@ += 4  // call CRunningScript::ProcessOneCommand
0AB1: @asm_call_hook 2 address 1@ callback 0x00469EB0 
1@ += 8 // mov eax, [IP]
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1
1@ += 14 // mov eax, [0@]
0A8C: write_memory 1@ size 4 value 10@ virtual_protect 1
1@ += 9 // mov eax, [1@]
0A8C: write_memory 1@ size 4 value 11@ virtual_protect 1
1@ += 10 // mov [IP], eax
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1
// copy original code 
0AA2: 6@ = load_library "samp.dll"
if 0AB1: call @isR1 0
then
    6@ += 0x43010
else
    6@ += 0x463C0
end
0A8D: 4@ = read_memory 6@ size 1 virtual_protect 1
1@ += 5 // install first byte of original code
0A8C: write_memory 1@ size 1 value 4@ virtual_protect 1
0A8E: 7@ = 6@ + 1
0A8D: 5@ = read_memory 7@ size 4 virtual_protect 1 
if or
4@ == 0xe8 // call
4@ == 0xe9 // jmp
then // fix addr of another hook
    0A8E: 7@ = 6@ + 5 
    005A: 5@ += 7@ // dest addr
    0062: 5@ - 1@
    5@ -= 5 // relative addr for hook
end
1@ += 1 // install remain bytes of original code
0A8C: write_memory 1@ size 4 value 5@ virtual_protect 1
1@ += 4
0A8E: 7@ = 6@ + 5
0A8D: 5@ = read_memory 7@ size 2 virtual_protect 1 
0A8C: write_memory 1@ size 2 value 5@ virtual_protect 1
// install hook to ReliabilityLayer::Send 
1@ += 2
0AB1: @asm_jmp_hook 2 address 1@ callback 7@
0AC6: 1@ = label @asm_ReliabilityLayer_Send_hook offset 
0AB1: @asm_jmp_hook 2 address 6@ callback 1@
6@ += 5     
0A8C: write_memory 6@ size 2 value 0x9090 virtual_protect 1
0AB2: ret 0

:asm_ReliabilityLayer_Send_hook
hex
    // Save original IP 
    50 // push eax   
    a1 00000000 // mov eax, [IP]
    50 // push eax
  
    // Set dtor IP
    b8 00000000 // mov eax, @dtor
    a3 00000000 // mov [IP], eax 
  
    // Copy args
    8b 44 24 0C // mov eax, [esp+0x0C]
    a3 00000000 // mov [0@], eax
    8b 44 24 10 // mov eax, [esp+0x10]
    a3 00000000 // mov [1@], eax
  
    // NEXT_OP:
    51 // push ecx
    52 // push edx 
    b9 00000000 // mov ecx, thread
    e8 00000000 // call CRunningScript::ProcessOneCommand
    5a // pop edx
    59 // pop ecx
    a1 00000000 // mov eax [IP]
    66 8b 00 // mov ax, [eax]   
    66 3d 93 0a // cmp ax, 0x0A93
    75 e4 // jnz NEXT_OP
  
    a1 00000000 // mov eax, [0@]
    89 44 24 0C // mov [esp+0x0C], eax
    a1 00000000 // mov eax, [1@]   
    89 44 24 10 // mov [esp+0x10], eax
  
    // Restore original IP
    58 // pop eax
    a3 00000000 // mov [IP], eax 
    58 // pop eax
  
    90909090909090 // original code
    
    // Exit from hook
    e9 00000000 // ret
end

:isR1
0AA2: 0@ = load_library "samp.dll"
0A8E: 1@ = 0@ + 0x129
0A8D: 1@ = read_memory 1@ size 1 virtual_protect 1
if 1@ == 0xF4 // isR1
then
    0485:  return_true
else     
    059A:  return_false
end
0AB2: ret 0
                                                                                                                    
///////////////////////////////////////////////////// end RakNet hook /////////////////////////////////////////////////////

//////////////////////////////////////////// MogAika snippet for install hook /////////////////////////////////////////////

:asm_call_hook
0A8C: write_memory 0@ size 1 value 0xE8 virtual_protect 1
0085:3@ = 1@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1   
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 1
0AB2: ret 0

:asm_jmp_hook
0A8C: write_memory 0@ size 1 value 0xE9 virtual_protect 1
0085:3@ = 1@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1   
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 1
0AB2: ret 0

////////////////////////////////////////// end MogAika snippet for install hook ///////////////////////////////////////////
38 пакет отправляется на сервер, если RakNet обнаружил изменение данных в других пакетах, и хочет на Вас настучать

В приложении скомпилированый пример, для его работы нужен SAMPFUNCS. потому что там есть вывод в чат, самому сниппету SAMPFUNCS не нужен!
 

Вложения

  • cleoRakHook.cs
    1.1 KB · Просмотры: 1
Последнее редактирование:

SR_team

like pancake
BH Team
3,814
3,859
Описание: Хук всех входящих пакетов RakNet (обычные пакеты + RPC + служебные пакеты). Поддерживаются версии 0.3.7 R1 и R3
Использование:
CLEO:
0AB1: @installReceiveHook 1 callback @receive_hook
receive_hook - метка хука
Хук должен начинаться с опкода wait (0001) хотябы на 5мс, иначе возможны проблемы из-за того, что RakNet и скрипты работают в разных потоках
Хук должен заканчиваться опкодом 0A93 (он не выполняется, лишь служит меткой конца хука)
Опкод wait (0001) не приостанавливает выполнение хука и не добавляет задержку перед получением пакета
При вызове хука перезаписываются переменные 0@ и 1@ - не храните в них ничего важного!
Изменение переменных 0@ и 1@ приведет к изменению данных
, передаваемых в функцию отправки, по этому в примере переменная 0@ не меняется

0@ - данные пакета
1@ - размер пакета в битах

Чтобы занопить пакет, надо перезаписать первый байт данных на 255

Код:
CLEO:
/////////////////////////////////////////////////////// RakNet hook ///////////////////////////////////////////////////////

:installReceiveHook // 0@ - dtor label
// fix CLEO opcodes for CRunningScript::ProcessOneCommand
0A8D: 1@ = read_memory 0x00469FEE size 4 virtual_protect 1 
0A8C: write_memory 0x00469EF0 size 4 value 1@ virtual_protect 1
// initialize ptrs for prepare asm hook
0AC6: 1@ = label @asm_RakPeer_ReceiveIgnoreRPC_hook offset
0A9F: 2@ = current_thread_pointer
0A8E: 3@ = 2@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@ 
0A8E: 3@ = 2@ + 0x14 // ptr to IP of this thread 
0AC7: 10@ = 0@ offset // ptr to var with buffer  
0AC7: 11@ = 1@ offset // ptr to var with format 
//  0@ -- IP for @dtor
//  1@ -- asm code
//  2@ -- thread
//  3@ -- ptr to IP
// 10@ -- ptr to 0@
// 11@ -- ptr to 0@
// prepare asm hook
1@ += 2 // mov eax, [IP]   
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1  
1@ += 6 // mov eax, @dtor  
0A8C: write_memory 1@ size 4 value 0@ virtual_protect 1
1@ += 5 // mov [IP], eax   
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1  
1@ += 9 // mov 0@, eax   
0A8C: write_memory 1@ size 4 value 10@ virtual_protect 1 
1@ += 9 // mov 1@, eax   
0A8C: write_memory 1@ size 4 value 11@ virtual_protect 1
1@ += 7 // mov ecx, thread 
0A8C: write_memory 1@ size 4 value 2@ virtual_protect 1    
000A: 1@ += 4  // call CRunningScript::ProcessOneCommand
0AB1: @asm_call_hook 2 address 1@ callback 0x00469EB0  
1@ += 8 // mov eax, [IP] 
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1 
1@ += 14 // mov eax, [0@]
0A8C: write_memory 1@ size 4 value 10@ virtual_protect 1 
1@ += 9 // mov eax, [1@]
0A8C: write_memory 1@ size 4 value 11@ virtual_protect 1
1@ += 10 // mov [IP], eax
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1
// copy original code  
0AA2: 6@ = load_library "samp.dll"
if 0AB1: call @isR1 0
then
    6@ += 0x3CE91
else
    6@ += 0x40241
end
0A8D: 4@ = read_memory 6@ size 1 virtual_protect 1 
1@ += 5 // install first byte of original code
0A8C: write_memory 1@ size 1 value 4@ virtual_protect 1 
0A8E: 7@ = 6@ + 1 
0A8D: 5@ = read_memory 7@ size 4 virtual_protect 1   
if or
4@ == 0xe8 // call
4@ == 0xe9 // jmp
then // fix addr of another hook 
    0A8E: 7@ = 6@ + 5  
    005A: 5@ += 7@ // dest addr
    0062: 5@ - 1@
    5@ -= 5 // relative addr for hook
end 
1@ += 1 // install remain bytes of original code 
0A8C: write_memory 1@ size 4 value 5@ virtual_protect 1 
1@ += 4
0A8E: 7@ = 6@ + 5
0A8D: 5@ = read_memory 7@ size 1 virtual_protect 1  
0A8C: write_memory 1@ size 1 value 5@ virtual_protect 1 
// install hook to RakPeer::ReceiveIgnoreRPC
1@ += 1
0AB1: @asm_jmp_hook 2 address 1@ callback 7@
0AC6: 1@ = label @asm_RakPeer_ReceiveIgnoreRPC_hook offset   
0AB1: @asm_jmp_hook 2 address 6@ callback 1@
6@ += 5       
0A8C: write_memory 6@ size 1 value 0x90 virtual_protect 1
0AB2: ret 0

:asm_RakPeer_ReceiveIgnoreRPC_hook
hex
    // Save original IP  
    50 // push eax    
    a1 00000000 // mov eax, [IP]
    50 // push eax
   
    // Set dtor IP
    b8 00000000 // mov eax, @dtor
    a3 00000000 // mov [IP], eax  
   
    // Copy args
    90 8B 47 10 // mov eax, [edi.data]
    a3 00000000 // mov [0@], eax
    90 8B 47 0C // mov eax, [edi.bitSize]
    a3 00000000 // mov [1@], eax
   
    // NEXT_OP:
    51 // push ecx
    52 // push edx  
    b9 00000000 // mov ecx, thread
    e8 00000000 // call CRunningScript::ProcessOneCommand
    5a // pop edx
    59 // pop ecx
    a1 00000000 // mov eax [IP]
    66 8b 00 // mov ax, [eax]    
    66 3d 93 0a // cmp ax, 0x0A93 
    75 e4 // jnz NEXT_OP
   
    a1 00000000 // mov eax, [0@]
    90 89 47 10 // mov [edi.data], eax
    a1 00000000 // mov eax, [1@]     
    90 89 47 0C // mov [edi.bitSize], eax
   
    // Restore original IP
    58 // pop eax
    a3 00000000 // mov [IP], eax  
    58 // pop eax
   
    909090909090 // original code 
     
    // Exit from hook 
    e9 00000000 // ret
end

:isR1
0AA2: 0@ = load_library "samp.dll"
0A8E: 1@ = 0@ + 0x129
0A8D: 1@ = read_memory 1@ size 1 virtual_protect 1
if 1@ == 0xF4 // isR1
then
    0485:  return_true
else       
    059A:  return_false
end
0AB2: ret 0
                                                                                                                      
///////////////////////////////////////////////////// end RakNet hook /////////////////////////////////////////////////////

//////////////////////////////////////////// MogAika snippet for install hook /////////////////////////////////////////////

:asm_call_hook
0A8C: write_memory 0@ size 1 value 0xE8 virtual_protect 1
0085:3@ = 1@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1    
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 1
0AB2: ret 0 

:asm_jmp_hook
0A8C: write_memory 0@ size 1 value 0xE9 virtual_protect 1
0085:3@ = 1@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1    
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 1
0AB2: ret 0

////////////////////////////////////////// end MogAika snippet for install hook ///////////////////////////////////////////

Следующий пример выводит номера пакетов в чат


CLEO:
{$CLEO}
wait 0

0AB1: @installReceiveHook 1 callback @receive_hook

while true
    wait 0
end

:receive_hook // 0@ - data, 1@ - bitLength
wait 10 // pause script (skip one frame for 100 fps)
0085: 3@ = 0@ // (int)
0A8D: 2@ = read_memory 3@ size 1 virtual_protect 1 
if and
2@ == 40 // timestamp
1@ > 40 // 5 bytes
then
    3@ += 5 // 40 bits 
    0A8D: 2@ = read_memory 3@ size 1 virtual_protect 1 
end
0AF8: samp add_message_to_chat "Receive packet %d" color -1 2@
if 2@ == 20 // rpc 
then  
    3@ += 1
    0A8D: 2@ = read_memory 3@ size 1 virtual_protect 1
    0AF8: samp add_message_to_chat "Receive RPC %d" color -1 2@
end
0A93: exit_from_hook

 
/////////////////////////////////////////////////////// RakNet hook ///////////////////////////////////////////////////////

:installReceiveHook // 0@ - dtor label
// fix CLEO opcodes for CRunningScript::ProcessOneCommand
0A8D: 1@ = read_memory 0x00469FEE size 4 virtual_protect 1 
0A8C: write_memory 0x00469EF0 size 4 value 1@ virtual_protect 1
// initialize ptrs for prepare asm hook
0AC6: 1@ = label @asm_RakPeer_ReceiveIgnoreRPC_hook offset
0A9F: 2@ = current_thread_pointer
0A8E: 3@ = 2@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@ 
0A8E: 3@ = 2@ + 0x14 // ptr to IP of this thread 
0AC7: 10@ = 0@ offset // ptr to var with buffer  
0AC7: 11@ = 1@ offset // ptr to var with format 
//  0@ -- IP for @dtor
//  1@ -- asm code
//  2@ -- thread
//  3@ -- ptr to IP
// 10@ -- ptr to 0@
// 11@ -- ptr to 0@
// prepare asm hook
1@ += 2 // mov eax, [IP]   
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1  
1@ += 6 // mov eax, @dtor  
0A8C: write_memory 1@ size 4 value 0@ virtual_protect 1
1@ += 5 // mov [IP], eax   
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1  
1@ += 9 // mov 0@, eax   
0A8C: write_memory 1@ size 4 value 10@ virtual_protect 1 
1@ += 9 // mov 1@, eax   
0A8C: write_memory 1@ size 4 value 11@ virtual_protect 1
1@ += 7 // mov ecx, thread 
0A8C: write_memory 1@ size 4 value 2@ virtual_protect 1    
000A: 1@ += 4  // call CRunningScript::ProcessOneCommand
0AB1: @asm_call_hook 2 address 1@ callback 0x00469EB0  
1@ += 8 // mov eax, [IP] 
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1 
1@ += 14 // mov eax, [0@]
0A8C: write_memory 1@ size 4 value 10@ virtual_protect 1 
1@ += 9 // mov eax, [1@]
0A8C: write_memory 1@ size 4 value 11@ virtual_protect 1
1@ += 10 // mov [IP], eax
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1
// copy original code  
0AA2: 6@ = load_library "samp.dll"
if 0AB1: call @isR1 0
then
    6@ += 0x3CE91
else
    6@ += 0x40241
end
0A8D: 4@ = read_memory 6@ size 1 virtual_protect 1 
1@ += 5 // install first byte of original code
0A8C: write_memory 1@ size 1 value 4@ virtual_protect 1 
0A8E: 7@ = 6@ + 1 
0A8D: 5@ = read_memory 7@ size 4 virtual_protect 1   
if or
4@ == 0xe8 // call
4@ == 0xe9 // jmp
then // fix addr of another hook 
    0A8E: 7@ = 6@ + 5  
    005A: 5@ += 7@ // dest addr
    0062: 5@ - 1@
    5@ -= 5 // relative addr for hook
end 
1@ += 1 // install remain bytes of original code 
0A8C: write_memory 1@ size 4 value 5@ virtual_protect 1 
1@ += 4
0A8E: 7@ = 6@ + 5
0A8D: 5@ = read_memory 7@ size 1 virtual_protect 1  
0A8C: write_memory 1@ size 1 value 5@ virtual_protect 1 
// install hook to RakPeer::ReceiveIgnoreRPC
1@ += 1
0AB1: @asm_jmp_hook 2 address 1@ callback 7@
0AC6: 1@ = label @asm_RakPeer_ReceiveIgnoreRPC_hook offset   
0AB1: @asm_jmp_hook 2 address 6@ callback 1@
6@ += 5       
0A8C: write_memory 6@ size 1 value 0x90 virtual_protect 1
0AB2: ret 0

:asm_RakPeer_ReceiveIgnoreRPC_hook
hex
    // Save original IP  
    50 // push eax    
    a1 00000000 // mov eax, [IP]
    50 // push eax
   
    // Set dtor IP
    b8 00000000 // mov eax, @dtor
    a3 00000000 // mov [IP], eax  
   
    // Copy args
    90 8B 47 10 // mov eax, [edi.data]
    a3 00000000 // mov [0@], eax
    90 8B 47 0C // mov eax, [edi.bitSize]
    a3 00000000 // mov [1@], eax
   
    // NEXT_OP:
    51 // push ecx
    52 // push edx  
    b9 00000000 // mov ecx, thread
    e8 00000000 // call CRunningScript::ProcessOneCommand
    5a // pop edx
    59 // pop ecx
    a1 00000000 // mov eax [IP]
    66 8b 00 // mov ax, [eax]    
    66 3d 93 0a // cmp ax, 0x0A93 
    75 e4 // jnz NEXT_OP
   
    a1 00000000 // mov eax, [0@]
    90 89 47 10 // mov [edi.data], eax
    a1 00000000 // mov eax, [1@]     
    90 89 47 0C // mov [edi.bitSize], eax
   
    // Restore original IP
    58 // pop eax
    a3 00000000 // mov [IP], eax  
    58 // pop eax
   
    909090909090 // original code 
     
    // Exit from hook 
    e9 00000000 // ret
end

:isR1
0AA2: 0@ = load_library "samp.dll"
0A8E: 1@ = 0@ + 0x129
0A8D: 1@ = read_memory 1@ size 1 virtual_protect 1
if 1@ == 0xF4 // isR1
then
    0485:  return_true
else       
    059A:  return_false
end
0AB2: ret 0
                                                                                                                      
///////////////////////////////////////////////////// end RakNet hook /////////////////////////////////////////////////////

//////////////////////////////////////////// MogAika snippet for install hook /////////////////////////////////////////////

:asm_call_hook
0A8C: write_memory 0@ size 1 value 0xE8 virtual_protect 1
0085:3@ = 1@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1    
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 1
0AB2: ret 0 

:asm_jmp_hook
0A8C: write_memory 0@ size 1 value 0xE9 virtual_protect 1
0085:3@ = 1@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1    
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 1
0AB2: ret 0

////////////////////////////////////////// end MogAika snippet for install hook ///////////////////////////////////////////

В приложении скомпилированый пример, для его работы нужен SAMPFUNCS. потому что там есть вывод в чат, самому сниппету SAMPFUNCS не нужен!
 

Вложения

  • cleoRakHook.cs
    1.1 KB · Просмотры: 1

SR_team

like pancake
BH Team
3,814
3,859
Описание: Вариант предыдущих 2х сниппетов, но без необходимости приостанавливать основной поток, но из-за этого с раздельными переменными
Использование
Описание
CLEO:
0AB1: @installReceiveHook 1 callback @receive_hook
Устанавливает хук входящих пакетов
CLEO:
0AB1: @installSendHook 1 callback @send_hook
Устанавливает хук исходязих пакетов
CLEO:
0AB1: call @RakThread_get_var 2 thread @RakThreadSend var 10 to 0@
Чтение переменной из потока
CLEO:
0AB1: call @RakThread_set_var 3 thread @RakThreadSend var 10 value 0@
Запись переменной в поток
Как юзать первые 2 функции смотрите в предыдущих 2х постах. Тут сосредоточимся на чтении и записи переменных в потоки
С данным сниппетом у нас в скрипте 3 паралельно выполняющихся потока (паралельно по настоящему, а не как в SF по очереди):
  • Основной поток, для доступа к переменным которого, нам ничего не нужно
  • Поток входящих пакетов, заголовок которого под меткой @RakThreadReceive
  • Поток исходящих пакетов, заголовок которого под меткой @RakThreadSend
@RakThreadReceive и @RakThreadSend используются для обращения к переменным в данных потоках.
Из примера использования:
CLEO:
0AB1: call @RakThread_get_var 2 thread @RakThreadSend var 10 to 0@
Содержимое переменной 10@ из потока исходящих пакетов будет записано в переменную 0@ основного потока.
CLEO:
0AB1: call @RakThread_set_var 3 thread @RakThreadSend var 10 value 0@
В переменную 10@ потока исходящих пакетов будет записано содержимое переменной 0@ из основного потока.

Как видите, при обращении к содержимому переменных в других потоках, указывается только номер переменной, без @.

Код:
CLEO:
/////////////////////////////////////////////////////// RakNet hook ///////////////////////////////////////////////////////

:installReceiveHook // 0@ - hook label
// initialize ptrs for prepare asm hook
0AC6: 1@ = label @asm_RakPeer_ReceiveIgnoreRPC_hook offset
0A9F: 2@ = current_thread_pointer
0A8E: 3@ = 2@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@
0AC6: 2@ = label @RakThreadReceive offset // this thread     
0A8E: 3@ = 2@ + 0x14 // ptr to IP of this thread
0AB1: call @initializeRakThread 1 @RakThreadReceive // initialize RakThread
0A8C: write_memory 3@ size 4 value 1@ virtual_protect 1 // fix IP in RakThread   
0A8E: 10@ = 2@ + 0x3C // ptr to var with data in 0@
0A8E: 11@ = 2@ + 0x40 // ptr to var with bitSize in 1@ 
gosub @RakHook_prepare_asm
// copy original code 
0AA2: 6@ = load_library "samp.dll"
if 0AB1: call @isR1 0
then
    6@ += 0x3CE91
else
    6@ += 0x40241
end
gosub @RakHook_fix_original_code
1@ += 4
0A8E: 7@ = 6@ + 5
0A8D: 5@ = read_memory 7@ size 1 virtual_protect 1 
0A8C: write_memory 1@ size 1 value 5@ virtual_protect 1
// install hook to RakPeer::ReceiveIgnoreRPC
1@ += 1
0AB1: @asm_jmp_hook 2 address 1@ callback 7@
0AC6: 1@ = label @asm_RakPeer_ReceiveIgnoreRPC_hook offset   
0AB1: @asm_jmp_hook 2 address 6@ callback 1@
6@ += 5       
0A8C: write_memory 6@ size 1 value 0x90 virtual_protect 1
0AB2: ret 0

:asm_RakPeer_ReceiveIgnoreRPC_hook
hex
    // Save original IP   
    50 // push eax     
    a1 00000000 // mov eax, [IP]
    50 // push eax
    
    // Set dtor IP
    b8 00000000 // mov eax, @dtor
    a3 00000000 // mov [IP], eax   
    
    // Copy args
    90 8B 47 10 // mov eax, [edi.data]
    a3 00000000 // mov [0@], eax
    90 8B 47 0C // mov eax, [edi.bitSize]
    a3 00000000 // mov [1@], eax
    
    // NEXT_OP:
    51 // push ecx
    52 // push edx   
    b9 00000000 // mov ecx, thread
    e8 00000000 // call CRunningScript::ProcessOneCommand
    5a // pop edx
    59 // pop ecx
    a1 00000000 // mov eax [IP]
    66 8b 00 // mov ax, [eax]     
    66 3d 93 0a // cmp ax, 0x0A93 
    75 e4 // jnz NEXT_OP
    
    a1 00000000 // mov eax, [0@]
    90 89 47 10 // mov [edi.data], eax
    a1 00000000 // mov eax, [1@]     
    90 89 47 0C // mov [edi.bitSize], eax
    
    // Restore original IP
    58 // pop eax
    a3 00000000 // mov [IP], eax   
    58 // pop eax
    
    909090909090 // original code 
      
    // Exit from hook 
    e9 00000000 // ret
end

:installSendHook // 0@ - hook label
// initialize ptrs for prepare asm hook
0AC6: 1@ = label @asm_ReliabilityLayer_Send_hook offset
0A9F: 2@ = current_thread_pointer
0A8E: 3@ = 2@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@
0AC6: 2@ = label @RakThreadSend offset // this thread     
0A8E: 3@ = 2@ + 0x14 // ptr to IP of this thread
0AB1: call @initializeRakThread 1 @RakThreadSend // initialize RakThread
0A8C: write_memory 3@ size 4 value 1@ virtual_protect 1 // fix IP in RakThread   
0A8E: 10@ = 2@ + 0x3C // ptr to var with data in 0@
0A8E: 11@ = 2@ + 0x40 // ptr to var with bitSize in 1@ 
gosub @RakHook_prepare_asm
// copy original code
0AA2: 6@ = load_library "samp.dll"
if 0AB1: call @isR1 0
then
    6@ += 0x43010
else
    6@ += 0x463C0
end
gosub @RakHook_fix_original_code 
0A8D: 4@ = read_memory 6@ size 1 virtual_protect 1
1@ += 4
0A8E: 7@ = 6@ + 5
0A8D: 5@ = read_memory 7@ size 2 virtual_protect 1
0A8C: write_memory 1@ size 2 value 5@ virtual_protect 1
// install hook to ReliabilityLayer::Send
1@ += 2
0AB1: @asm_jmp_hook 2 address 1@ callback 7@
0AC6: 1@ = label @asm_ReliabilityLayer_Send_hook offset
0AB1: @asm_jmp_hook 2 address 6@ callback 1@
6@ += 5     
0A8C: write_memory 6@ size 2 value 0x9090 virtual_protect 1
0AB2: ret 0

:asm_ReliabilityLayer_Send_hook
hex
    // Save original IP
    50 // push eax   
    a1 00000000 // mov eax, [IP]
    50 // push eax
 
    // Set dtor IP
    b8 00000000 // mov eax, @dtor
    a3 00000000 // mov [IP], eax
 
    // Copy args
    8b 44 24 0C // mov eax, [esp+0x0C]
    a3 00000000 // mov [0@], eax
    8b 44 24 10 // mov eax, [esp+0x10]
    a3 00000000 // mov [1@], eax
 
    // NEXT_OP:
    51 // push ecx
    52 // push edx
    b9 00000000 // mov ecx, thread
    e8 00000000 // call CRunningScript::ProcessOneCommand
    5a // pop edx
    59 // pop ecx
    a1 00000000 // mov eax [IP]
    66 8b 00 // mov ax, [eax]   
    66 3d 93 0a // cmp ax, 0x0A93
    75 e4 // jnz NEXT_OP
 
    a1 00000000 // mov eax, [0@]
    89 44 24 0C // mov [esp+0x0C], eax
    a1 00000000 // mov eax, [1@]   
    89 44 24 10 // mov [esp+0x10], eax
 
    // Restore original IP
    58 // pop eax
    a3 00000000 // mov [IP], eax
    58 // pop eax
 
    90909090909090 // original code
    
    // Exit from hook
    e9 00000000 // ret
end

:RakHook_prepare_asm
//  0@ -- IP for @dtor
//  1@ -- asm code
//  2@ -- thread
//  3@ -- ptr to IP
// 10@ -- ptr to 0@
// 11@ -- ptr to 0@
1@ += 2 // mov eax, [IP]   
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1 
1@ += 6 // mov eax, @dtor 
0A8C: write_memory 1@ size 4 value 0@ virtual_protect 1
1@ += 5 // mov [IP], eax   
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1 
1@ += 9 // mov 0@, eax   
0A8C: write_memory 1@ size 4 value 10@ virtual_protect 1
1@ += 9 // mov 1@, eax   
0A8C: write_memory 1@ size 4 value 11@ virtual_protect 1
1@ += 7 // mov ecx, thread
0A8C: write_memory 1@ size 4 value 2@ virtual_protect 1   
000A: 1@ += 4  // call CRunningScript::ProcessOneCommand
0AB1: @asm_call_hook 2 address 1@ callback 0x00469EB0 
1@ += 8 // mov eax, [IP]
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1
1@ += 14 // mov eax, [0@]
0A8C: write_memory 1@ size 4 value 10@ virtual_protect 1
1@ += 9 // mov eax, [1@]
0A8C: write_memory 1@ size 4 value 11@ virtual_protect 1
1@ += 10 // mov [IP], eax
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1
return 

:RakHook_fix_original_code
0A8D: 4@ = read_memory 6@ size 1 virtual_protect 1
1@ += 5 // install first byte of original code
0A8C: write_memory 1@ size 1 value 4@ virtual_protect 1
0A8E: 7@ = 6@ + 1
0A8D: 5@ = read_memory 7@ size 4 virtual_protect 1   
if or
4@ == 0xe8 // call
4@ == 0xe9 // jmp
then // fix addr of another hook
    0A8E: 7@ = 6@ + 5 
    005A: 5@ += 7@ // dest addr
    0062: 5@ - 1@
    5@ -= 5 // relative addr for hook
end
1@ += 1 // install remain bytes of original code
0A8C: write_memory 1@ size 4 value 5@ virtual_protect 1
return

:initializeRakThread       
0A9F: 3@ = current_thread_pointer
0A8E: 3@ = 3@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@
0A8E: 2@ = 0@ + 0x14 // ptr to IP
0A8D: 2@ = read_memory 2@ size 4 virtual_protect 1
if 2@ == 0
then   
    // fix CLEO opcodes for CRunningScript::ProcessOneCommand
    0A8D: 2@ = read_memory 0x00469FEE size 4 virtual_protect 1 
    0A8C: write_memory 0x00469EF0 size 4 value 2@ virtual_protect 1
    // copy thread header
    0A9F: 2@ = current_thread_pointer         
    for 1@ = 0 to 0xDF 
        0A8D: 3@ = read_memory 2@ size 1 virtual_protect 1
        0A8C: write_memory 0@ size 1 value 3@ virtual_protect 1 
        2@ += 1
        0@ += 1
    end
end
0AB2: ret 0

:RakThread_get_var // call @RakThread_get_var 2 thread @RakThread var 17 to 17@ -- read var 17@ from hook
var
    0@ : Integer
    1@ : Integer
end
0A9F: 3@ = current_thread_pointer
0A8E: 3@ = 3@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@
1@ *= 4
1@ += 0x3C     
1@ += 0@   
0A8D: 3@ = read_memory 1@ size 4 virtual_protect 1
0AB2: ret 1 3@

:RakThread_set_var // call @RakThread_set_var 3 thread @RakThread var 17 value 17@ -- write var 17@ in hook
var
    0@ : Integer
    1@ : Integer
end
0A9F: 3@ = current_thread_pointer
0A8E: 3@ = 3@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@
1@ *= 4
1@ += 0x3C   
1@ += 0@   
0A8C: write_memory 1@ size 4 value 2@ virtual_protect 1
0AB2: ret 0

:RakThreadReceive // for async script execution
hex
    00000000 // prev script
    00000000 // next script
    00000000 // name
    00000000
    00000000 // base ip
    00000000 // ip
    00000000 // stack
    00000000   
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    0000     // SP
    0000
    00000000 // vars
    00000000       
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00       // is active
    00       // cond
    00       // mission cleanup
    00       // is external
    00       // text block override
    00       // extern attach type
    0000
    00000000 // wakeTime
    0000     // logic
    00       // not
    00       // busted
    00       // wasted or busted
    000000
    00000000 // scene skip ip
    00       // is mission
    000000
end 

:RakThreadSend // for async script execution
hex
    00000000 // prev script
    00000000 // next script
    00000000 // name
    00000000
    00000000 // base ip
    00000000 // ip
    00000000 // stack
    00000000   
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    0000     // SP
    0000
    00000000 // vars
    00000000       
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00       // is active
    00       // cond
    00       // mission cleanup
    00       // is external
    00       // text block override
    00       // extern attach type
    0000
    00000000 // wakeTime
    0000     // logic
    00       // not
    00       // busted
    00       // wasted or busted
    000000
    00000000 // scene skip ip
    00       // is mission
    000000
end
                                                                                                                      
///////////////////////////////////////////////////// end RakNet hook /////////////////////////////////////////////////////

:isR1
0AA2: 0@ = load_library "samp.dll"
0A8E: 1@ = 0@ + 0x129
0A8D: 1@ = read_memory 1@ size 1 virtual_protect 1
if 1@ == 0xF4 // isR1
then
    0485:  return_true
else       
    059A:  return_false
end
0AB2: ret 0

//////////////////////////////////////////// MogAika snippet for install hook /////////////////////////////////////////////

:asm_call_hook
0A8C: write_memory 0@ size 1 value 0xE8 virtual_protect 1
0085:3@ = 1@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1     
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 1
0AB2: ret 0 

:asm_jmp_hook
0A8C: write_memory 0@ size 1 value 0xE9 virtual_protect 1
0085:3@ = 1@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1     
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 1
0AB2: ret 0

////////////////////////////////////////// end MogAika snippet for install hook ///////////////////////////////////////////
CLEO:
{$CLEO}
wait 0

0AB1: @installReceiveHook 1 callback @receive_hook
0AB1: @installSendHook 1 callback @send_hook

while true
    wait 0
end

:receive_hook // 0@ - data, 1@ - bitLength
0085: 3@ = 0@ // (int)
0A8D: 2@ = read_memory 3@ size 1 virtual_protect 1 
if and
2@ == 40 // timestamp
1@ > 40 // 5 bytes
then
    3@ += 5 // 40 bits 
    0A8D: 2@ = read_memory 3@ size 1 virtual_protect 1 
end
if 2@ == 20 // rpc 
then   
    3@ += 1
    0A8D: 2@ = read_memory 3@ size 1 virtual_protect 1
    0AF8: samp add_message_to_chat "Receive RPC %d" color -1 2@
else     
    0AF8: samp add_message_to_chat "Receive packet %d" color -1 2@
end
0A93: exit_from_hook

:send_hook // 0@ - data, 1@ - bitLength
0085: 3@ = 0@ // (int)
0A8D: 2@ = read_memory 3@ size 1 virtual_protect 1
if and
2@ == 40 // timestamp
1@ > 40 // 5 bytes
then
    3@ += 5 // 40 bits
    0A8D: 2@ = read_memory 3@ size 1 virtual_protect 1
end
if 2@ == 20 // rpc
then
    3@ += 1
    0A8D: 2@ = read_memory 3@ size 1 virtual_protect 1
    0AF8: samp add_message_to_chat "Send RPC %d" color -1 2@
else
    0AF8: samp add_message_to_chat "Send package %d" color -1 2@
end
0A93: exit_from_hook

 
/////////////////////////////////////////////////////// RakNet hook ///////////////////////////////////////////////////////

:installReceiveHook // 0@ - hook label
// initialize ptrs for prepare asm hook
0AC6: 1@ = label @asm_RakPeer_ReceiveIgnoreRPC_hook offset
0A9F: 2@ = current_thread_pointer
0A8E: 3@ = 2@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@
0AC6: 2@ = label @RakThreadReceive offset // this thread     
0A8E: 3@ = 2@ + 0x14 // ptr to IP of this thread
0AB1: call @initializeRakThread 1 @RakThreadReceive // initialize RakThread
0A8C: write_memory 3@ size 4 value 1@ virtual_protect 1 // fix IP in RakThread   
0A8E: 10@ = 2@ + 0x3C // ptr to var with data in 0@
0A8E: 11@ = 2@ + 0x40 // ptr to var with bitSize in 1@ 
gosub @RakHook_prepare_asm
// copy original code 
0AA2: 6@ = load_library "samp.dll"
if 0AB1: call @isR1 0
then
    6@ += 0x3CE91
else
    6@ += 0x40241
end
gosub @RakHook_fix_original_code
1@ += 4
0A8E: 7@ = 6@ + 5
0A8D: 5@ = read_memory 7@ size 1 virtual_protect 1 
0A8C: write_memory 1@ size 1 value 5@ virtual_protect 1
// install hook to RakPeer::ReceiveIgnoreRPC
1@ += 1
0AB1: @asm_jmp_hook 2 address 1@ callback 7@
0AC6: 1@ = label @asm_RakPeer_ReceiveIgnoreRPC_hook offset   
0AB1: @asm_jmp_hook 2 address 6@ callback 1@
6@ += 5       
0A8C: write_memory 6@ size 1 value 0x90 virtual_protect 1
0AB2: ret 0

:asm_RakPeer_ReceiveIgnoreRPC_hook
hex
    // Save original IP   
    50 // push eax     
    a1 00000000 // mov eax, [IP]
    50 // push eax
    
    // Set dtor IP
    b8 00000000 // mov eax, @dtor
    a3 00000000 // mov [IP], eax   
    
    // Copy args
    90 8B 47 10 // mov eax, [edi.data]
    a3 00000000 // mov [0@], eax
    90 8B 47 0C // mov eax, [edi.bitSize]
    a3 00000000 // mov [1@], eax
    
    // NEXT_OP:
    51 // push ecx
    52 // push edx   
    b9 00000000 // mov ecx, thread
    e8 00000000 // call CRunningScript::ProcessOneCommand
    5a // pop edx
    59 // pop ecx
    a1 00000000 // mov eax [IP]
    66 8b 00 // mov ax, [eax]     
    66 3d 93 0a // cmp ax, 0x0A93 
    75 e4 // jnz NEXT_OP
    
    a1 00000000 // mov eax, [0@]
    90 89 47 10 // mov [edi.data], eax
    a1 00000000 // mov eax, [1@]     
    90 89 47 0C // mov [edi.bitSize], eax
    
    // Restore original IP
    58 // pop eax
    a3 00000000 // mov [IP], eax   
    58 // pop eax
    
    909090909090 // original code 
      
    // Exit from hook 
    e9 00000000 // ret
end

:installSendHook // 0@ - hook label
// initialize ptrs for prepare asm hook
0AC6: 1@ = label @asm_ReliabilityLayer_Send_hook offset
0A9F: 2@ = current_thread_pointer
0A8E: 3@ = 2@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@
0AC6: 2@ = label @RakThreadSend offset // this thread     
0A8E: 3@ = 2@ + 0x14 // ptr to IP of this thread
0AB1: call @initializeRakThread 1 @RakThreadSend // initialize RakThread
0A8C: write_memory 3@ size 4 value 1@ virtual_protect 1 // fix IP in RakThread   
0A8E: 10@ = 2@ + 0x3C // ptr to var with data in 0@
0A8E: 11@ = 2@ + 0x40 // ptr to var with bitSize in 1@ 
gosub @RakHook_prepare_asm
// copy original code
0AA2: 6@ = load_library "samp.dll"
if 0AB1: call @isR1 0
then
    6@ += 0x43010
else
    6@ += 0x463C0
end
gosub @RakHook_fix_original_code 
0A8D: 4@ = read_memory 6@ size 1 virtual_protect 1
1@ += 4
0A8E: 7@ = 6@ + 5
0A8D: 5@ = read_memory 7@ size 2 virtual_protect 1
0A8C: write_memory 1@ size 2 value 5@ virtual_protect 1
// install hook to ReliabilityLayer::Send
1@ += 2
0AB1: @asm_jmp_hook 2 address 1@ callback 7@
0AC6: 1@ = label @asm_ReliabilityLayer_Send_hook offset
0AB1: @asm_jmp_hook 2 address 6@ callback 1@
6@ += 5     
0A8C: write_memory 6@ size 2 value 0x9090 virtual_protect 1
0AB2: ret 0

:asm_ReliabilityLayer_Send_hook
hex
    // Save original IP
    50 // push eax   
    a1 00000000 // mov eax, [IP]
    50 // push eax
 
    // Set dtor IP
    b8 00000000 // mov eax, @dtor
    a3 00000000 // mov [IP], eax
 
    // Copy args
    8b 44 24 0C // mov eax, [esp+0x0C]
    a3 00000000 // mov [0@], eax
    8b 44 24 10 // mov eax, [esp+0x10]
    a3 00000000 // mov [1@], eax
 
    // NEXT_OP:
    51 // push ecx
    52 // push edx
    b9 00000000 // mov ecx, thread
    e8 00000000 // call CRunningScript::ProcessOneCommand
    5a // pop edx
    59 // pop ecx
    a1 00000000 // mov eax [IP]
    66 8b 00 // mov ax, [eax]   
    66 3d 93 0a // cmp ax, 0x0A93
    75 e4 // jnz NEXT_OP
 
    a1 00000000 // mov eax, [0@]
    89 44 24 0C // mov [esp+0x0C], eax
    a1 00000000 // mov eax, [1@]   
    89 44 24 10 // mov [esp+0x10], eax
 
    // Restore original IP
    58 // pop eax
    a3 00000000 // mov [IP], eax
    58 // pop eax
 
    90909090909090 // original code
    
    // Exit from hook
    e9 00000000 // ret
end

:RakHook_prepare_asm
//  0@ -- IP for @dtor
//  1@ -- asm code
//  2@ -- thread
//  3@ -- ptr to IP
// 10@ -- ptr to 0@
// 11@ -- ptr to 0@
1@ += 2 // mov eax, [IP]   
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1 
1@ += 6 // mov eax, @dtor 
0A8C: write_memory 1@ size 4 value 0@ virtual_protect 1
1@ += 5 // mov [IP], eax   
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1 
1@ += 9 // mov 0@, eax   
0A8C: write_memory 1@ size 4 value 10@ virtual_protect 1
1@ += 9 // mov 1@, eax   
0A8C: write_memory 1@ size 4 value 11@ virtual_protect 1
1@ += 7 // mov ecx, thread
0A8C: write_memory 1@ size 4 value 2@ virtual_protect 1   
000A: 1@ += 4  // call CRunningScript::ProcessOneCommand
0AB1: @asm_call_hook 2 address 1@ callback 0x00469EB0 
1@ += 8 // mov eax, [IP]
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1
1@ += 14 // mov eax, [0@]
0A8C: write_memory 1@ size 4 value 10@ virtual_protect 1
1@ += 9 // mov eax, [1@]
0A8C: write_memory 1@ size 4 value 11@ virtual_protect 1
1@ += 10 // mov [IP], eax
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1
return 

:RakHook_fix_original_code
0A8D: 4@ = read_memory 6@ size 1 virtual_protect 1
1@ += 5 // install first byte of original code
0A8C: write_memory 1@ size 1 value 4@ virtual_protect 1
0A8E: 7@ = 6@ + 1
0A8D: 5@ = read_memory 7@ size 4 virtual_protect 1   
if or
4@ == 0xe8 // call
4@ == 0xe9 // jmp
then // fix addr of another hook
    0A8E: 7@ = 6@ + 5 
    005A: 5@ += 7@ // dest addr
    0062: 5@ - 1@
    5@ -= 5 // relative addr for hook
end
1@ += 1 // install remain bytes of original code
0A8C: write_memory 1@ size 4 value 5@ virtual_protect 1
return

:initializeRakThread       
0A9F: 3@ = current_thread_pointer
0A8E: 3@ = 3@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@
0A8E: 2@ = 0@ + 0x14 // ptr to IP
0A8D: 2@ = read_memory 2@ size 4 virtual_protect 1
if 2@ == 0
then   
    // fix CLEO opcodes for CRunningScript::ProcessOneCommand
    0A8D: 2@ = read_memory 0x00469FEE size 4 virtual_protect 1 
    0A8C: write_memory 0x00469EF0 size 4 value 2@ virtual_protect 1
    // copy thread header
    0A9F: 2@ = current_thread_pointer         
    for 1@ = 0 to 0xDF 
        0A8D: 3@ = read_memory 2@ size 1 virtual_protect 1
        0A8C: write_memory 0@ size 1 value 3@ virtual_protect 1 
        2@ += 1
        0@ += 1
    end
end
0AB2: ret 0

:RakThread_get_var // call @RakThread_get_var 2 thread @RakThread var 17 to 17@ -- read var 17@ from hook
var
    0@ : Integer
    1@ : Integer
end
0A9F: 3@ = current_thread_pointer
0A8E: 3@ = 3@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@
1@ *= 4
1@ += 0x3C     
1@ += 0@   
0A8D: 3@ = read_memory 1@ size 4 virtual_protect 1
0AB2: ret 1 3@

:RakThread_set_var // call @RakThread_set_var 3 thread @RakThread var 17 value 17@ -- write var 17@ in hook
var
    0@ : Integer
    1@ : Integer
end
0A9F: 3@ = current_thread_pointer
0A8E: 3@ = 3@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@
1@ *= 4
1@ += 0x3C   
1@ += 0@   
0A8C: write_memory 1@ size 4 value 2@ virtual_protect 1
0AB2: ret 0

:RakThreadReceive // for async script execution
hex
    00000000 // prev script
    00000000 // next script
    00000000 // name
    00000000
    00000000 // base ip
    00000000 // ip
    00000000 // stack
    00000000   
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    0000     // SP
    0000
    00000000 // vars
    00000000       
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00       // is active
    00       // cond
    00       // mission cleanup
    00       // is external
    00       // text block override
    00       // extern attach type
    0000
    00000000 // wakeTime
    0000     // logic
    00       // not
    00       // busted
    00       // wasted or busted
    000000
    00000000 // scene skip ip
    00       // is mission
    000000
end 

:RakThreadSend // for async script execution
hex
    00000000 // prev script
    00000000 // next script
    00000000 // name
    00000000
    00000000 // base ip
    00000000 // ip
    00000000 // stack
    00000000   
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    0000     // SP
    0000
    00000000 // vars
    00000000       
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00       // is active
    00       // cond
    00       // mission cleanup
    00       // is external
    00       // text block override
    00       // extern attach type
    0000
    00000000 // wakeTime
    0000     // logic
    00       // not
    00       // busted
    00       // wasted or busted
    000000
    00000000 // scene skip ip
    00       // is mission
    000000
end
                                                                                                                      
///////////////////////////////////////////////////// end RakNet hook /////////////////////////////////////////////////////

:isR1
0AA2: 0@ = load_library "samp.dll"
0A8E: 1@ = 0@ + 0x129
0A8D: 1@ = read_memory 1@ size 1 virtual_protect 1
if 1@ == 0xF4 // isR1
then
    0485:  return_true
else       
    059A:  return_false
end
0AB2: ret 0

//////////////////////////////////////////// MogAika snippet for install hook /////////////////////////////////////////////

:asm_call_hook
0A8C: write_memory 0@ size 1 value 0xE8 virtual_protect 1
0085:3@ = 1@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1     
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 1
0AB2: ret 0 

:asm_jmp_hook
0A8C: write_memory 0@ size 1 value 0xE9 virtual_protect 1
0085:3@ = 1@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1     
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 1
0AB2: ret 0

////////////////////////////////////////// end MogAika snippet for install hook ///////////////////////////////////////////
CLEO:
{$CLEO}
wait 0

0AB1: @installSendHook 1 callback @send_hook

while true
    if 0AB0:   key_pressed 0x4E // N
    then
        repeat
            wait 0
        until 8AB0:   key_pressed 0x4E // N
        0AB1: call @RakThread_get_var 2 thread @RakThreadSend var 10 to 0@
        0B12: 0@ = 0@ XOR 1
        0AB1: call @RakThread_set_var 3 thread @RakThreadSend var 10 value 0@
    end
    wait 0
end

:send_hook // 0@ - data, 1@ - bitLength
0085: 3@ = 0@ // (int)
0A8D: 2@ = read_memory 3@ size 1 virtual_protect 1
if and
2@ == 40 // timestamp
1@ > 40 // 5 bytes
then
    3@ += 5 // 40 bits
    0A8D: 2@ = read_memory 3@ size 1 virtual_protect 1
end
if and
2@ == 207 // onfoot data
10@ <> false
then
    1@ = 0 
    0A8C: write_memory 3@ size 1 value 255 virtual_protect 1   
    0AF8: samp add_message_to_chat "Drop noped packet %d" color -1 2@
end
0A93: exit_from_hook

 
/////////////////////////////////////////////////////// RakNet hook ///////////////////////////////////////////////////////

:installReceiveHook // 0@ - hook label
// initialize ptrs for prepare asm hook
0AC6: 1@ = label @asm_RakPeer_ReceiveIgnoreRPC_hook offset
0A9F: 2@ = current_thread_pointer
0A8E: 3@ = 2@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@
0AC6: 2@ = label @RakThreadReceive offset // this thread     
0A8E: 3@ = 2@ + 0x14 // ptr to IP of this thread
0AB1: call @initializeRakThread 1 @RakThreadReceive // initialize RakThread
0A8C: write_memory 3@ size 4 value 1@ virtual_protect 1 // fix IP in RakThread   
0A8E: 10@ = 2@ + 0x3C // ptr to var with data in 0@
0A8E: 11@ = 2@ + 0x40 // ptr to var with bitSize in 1@ 
gosub @RakHook_prepare_asm
// copy original code 
0AA2: 6@ = load_library "samp.dll"
if 0AB1: call @isR1 0
then
    6@ += 0x3CE91
else
    6@ += 0x40241
end
gosub @RakHook_fix_original_code
1@ += 4
0A8E: 7@ = 6@ + 5
0A8D: 5@ = read_memory 7@ size 1 virtual_protect 1 
0A8C: write_memory 1@ size 1 value 5@ virtual_protect 1
// install hook to RakPeer::ReceiveIgnoreRPC
1@ += 1
0AB1: @asm_jmp_hook 2 address 1@ callback 7@
0AC6: 1@ = label @asm_RakPeer_ReceiveIgnoreRPC_hook offset   
0AB1: @asm_jmp_hook 2 address 6@ callback 1@
6@ += 5       
0A8C: write_memory 6@ size 1 value 0x90 virtual_protect 1
0AB2: ret 0

:asm_RakPeer_ReceiveIgnoreRPC_hook
hex
    // Save original IP   
    50 // push eax     
    a1 00000000 // mov eax, [IP]
    50 // push eax
    
    // Set dtor IP
    b8 00000000 // mov eax, @dtor
    a3 00000000 // mov [IP], eax   
    
    // Copy args
    90 8B 47 10 // mov eax, [edi.data]
    a3 00000000 // mov [0@], eax
    90 8B 47 0C // mov eax, [edi.bitSize]
    a3 00000000 // mov [1@], eax
    
    // NEXT_OP:
    51 // push ecx
    52 // push edx   
    b9 00000000 // mov ecx, thread
    e8 00000000 // call CRunningScript::ProcessOneCommand
    5a // pop edx
    59 // pop ecx
    a1 00000000 // mov eax [IP]
    66 8b 00 // mov ax, [eax]     
    66 3d 93 0a // cmp ax, 0x0A93 
    75 e4 // jnz NEXT_OP
    
    a1 00000000 // mov eax, [0@]
    90 89 47 10 // mov [edi.data], eax
    a1 00000000 // mov eax, [1@]     
    90 89 47 0C // mov [edi.bitSize], eax
    
    // Restore original IP
    58 // pop eax
    a3 00000000 // mov [IP], eax   
    58 // pop eax
    
    909090909090 // original code 
      
    // Exit from hook 
    e9 00000000 // ret
end

:installSendHook // 0@ - hook label
// initialize ptrs for prepare asm hook
0AC6: 1@ = label @asm_ReliabilityLayer_Send_hook offset
0A9F: 2@ = current_thread_pointer
0A8E: 3@ = 2@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@
0AC6: 2@ = label @RakThreadSend offset // this thread     
0A8E: 3@ = 2@ + 0x14 // ptr to IP of this thread
0AB1: call @initializeRakThread 1 @RakThreadSend // initialize RakThread
0A8C: write_memory 3@ size 4 value 1@ virtual_protect 1 // fix IP in RakThread   
0A8E: 10@ = 2@ + 0x3C // ptr to var with data in 0@
0A8E: 11@ = 2@ + 0x40 // ptr to var with bitSize in 1@ 
gosub @RakHook_prepare_asm
// copy original code
0AA2: 6@ = load_library "samp.dll"
if 0AB1: call @isR1 0
then
    6@ += 0x43010
else
    6@ += 0x463C0
end
gosub @RakHook_fix_original_code 
0A8D: 4@ = read_memory 6@ size 1 virtual_protect 1
1@ += 4
0A8E: 7@ = 6@ + 5
0A8D: 5@ = read_memory 7@ size 2 virtual_protect 1
0A8C: write_memory 1@ size 2 value 5@ virtual_protect 1
// install hook to ReliabilityLayer::Send
1@ += 2
0AB1: @asm_jmp_hook 2 address 1@ callback 7@
0AC6: 1@ = label @asm_ReliabilityLayer_Send_hook offset
0AB1: @asm_jmp_hook 2 address 6@ callback 1@
6@ += 5     
0A8C: write_memory 6@ size 2 value 0x9090 virtual_protect 1
0AB2: ret 0

:asm_ReliabilityLayer_Send_hook
hex
    // Save original IP
    50 // push eax   
    a1 00000000 // mov eax, [IP]
    50 // push eax
 
    // Set dtor IP
    b8 00000000 // mov eax, @dtor
    a3 00000000 // mov [IP], eax
 
    // Copy args
    8b 44 24 0C // mov eax, [esp+0x0C]
    a3 00000000 // mov [0@], eax
    8b 44 24 10 // mov eax, [esp+0x10]
    a3 00000000 // mov [1@], eax
 
    // NEXT_OP:
    51 // push ecx
    52 // push edx
    b9 00000000 // mov ecx, thread
    e8 00000000 // call CRunningScript::ProcessOneCommand
    5a // pop edx
    59 // pop ecx
    a1 00000000 // mov eax [IP]
    66 8b 00 // mov ax, [eax]   
    66 3d 93 0a // cmp ax, 0x0A93
    75 e4 // jnz NEXT_OP
 
    a1 00000000 // mov eax, [0@]
    89 44 24 0C // mov [esp+0x0C], eax
    a1 00000000 // mov eax, [1@]   
    89 44 24 10 // mov [esp+0x10], eax
 
    // Restore original IP
    58 // pop eax
    a3 00000000 // mov [IP], eax
    58 // pop eax
 
    90909090909090 // original code
    
    // Exit from hook
    e9 00000000 // ret
end

:RakHook_prepare_asm
//  0@ -- IP for @dtor
//  1@ -- asm code
//  2@ -- thread
//  3@ -- ptr to IP
// 10@ -- ptr to 0@
// 11@ -- ptr to 0@
1@ += 2 // mov eax, [IP]   
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1 
1@ += 6 // mov eax, @dtor 
0A8C: write_memory 1@ size 4 value 0@ virtual_protect 1
1@ += 5 // mov [IP], eax   
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1 
1@ += 9 // mov 0@, eax   
0A8C: write_memory 1@ size 4 value 10@ virtual_protect 1
1@ += 9 // mov 1@, eax   
0A8C: write_memory 1@ size 4 value 11@ virtual_protect 1
1@ += 7 // mov ecx, thread
0A8C: write_memory 1@ size 4 value 2@ virtual_protect 1   
000A: 1@ += 4  // call CRunningScript::ProcessOneCommand
0AB1: @asm_call_hook 2 address 1@ callback 0x00469EB0 
1@ += 8 // mov eax, [IP]
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1
1@ += 14 // mov eax, [0@]
0A8C: write_memory 1@ size 4 value 10@ virtual_protect 1
1@ += 9 // mov eax, [1@]
0A8C: write_memory 1@ size 4 value 11@ virtual_protect 1
1@ += 10 // mov [IP], eax
0A8C: write_memory 1@ size 4 value 3@ virtual_protect 1
return 

:RakHook_fix_original_code
0A8D: 4@ = read_memory 6@ size 1 virtual_protect 1
1@ += 5 // install first byte of original code
0A8C: write_memory 1@ size 1 value 4@ virtual_protect 1
0A8E: 7@ = 6@ + 1
0A8D: 5@ = read_memory 7@ size 4 virtual_protect 1   
if or
4@ == 0xe8 // call
4@ == 0xe9 // jmp
then // fix addr of another hook
    0A8E: 7@ = 6@ + 5 
    005A: 5@ += 7@ // dest addr
    0062: 5@ - 1@
    5@ -= 5 // relative addr for hook
end
1@ += 1 // install remain bytes of original code
0A8C: write_memory 1@ size 4 value 5@ virtual_protect 1
return

:initializeRakThread       
0A9F: 3@ = current_thread_pointer
0A8E: 3@ = 3@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@
0A8E: 2@ = 0@ + 0x14 // ptr to IP
0A8D: 2@ = read_memory 2@ size 4 virtual_protect 1
if 2@ == 0
then   
    // fix CLEO opcodes for CRunningScript::ProcessOneCommand
    0A8D: 2@ = read_memory 0x00469FEE size 4 virtual_protect 1 
    0A8C: write_memory 0x00469EF0 size 4 value 2@ virtual_protect 1
    // copy thread header
    0A9F: 2@ = current_thread_pointer         
    for 1@ = 0 to 0xDF 
        0A8D: 3@ = read_memory 2@ size 1 virtual_protect 1
        0A8C: write_memory 0@ size 1 value 3@ virtual_protect 1 
        2@ += 1
        0@ += 1
    end
end
0AB2: ret 0

:RakThread_get_var // call @RakThread_get_var 2 thread @RakThread var 17 to 17@ -- read var 17@ from hook
var
    0@ : Integer
    1@ : Integer
end
0A9F: 3@ = current_thread_pointer
0A8E: 3@ = 3@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@
1@ *= 4
1@ += 0x3C     
1@ += 0@   
0A8D: 3@ = read_memory 1@ size 4 virtual_protect 1
0AB2: ret 1 3@

:RakThread_set_var // call @RakThread_set_var 3 thread @RakThread var 17 value 17@ -- write var 17@ in hook
var
    0@ : Integer
    1@ : Integer
end
0A9F: 3@ = current_thread_pointer
0A8E: 3@ = 3@ + 0x10 // ptr to BaseIP of this thread
0A8D: 3@ = read_memory 3@ size 4 virtual_protect 1
0A8F: 0@ = 3@ - 0@
1@ *= 4
1@ += 0x3C   
1@ += 0@   
0A8C: write_memory 1@ size 4 value 2@ virtual_protect 1
0AB2: ret 0

:RakThreadReceive // for async script execution
hex
    00000000 // prev script
    00000000 // next script
    00000000 // name
    00000000
    00000000 // base ip
    00000000 // ip
    00000000 // stack
    00000000   
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    0000     // SP
    0000
    00000000 // vars
    00000000       
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00       // is active
    00       // cond
    00       // mission cleanup
    00       // is external
    00       // text block override
    00       // extern attach type
    0000
    00000000 // wakeTime
    0000     // logic
    00       // not
    00       // busted
    00       // wasted or busted
    000000
    00000000 // scene skip ip
    00       // is mission
    000000
end 

:RakThreadSend // for async script execution
hex
    00000000 // prev script
    00000000 // next script
    00000000 // name
    00000000
    00000000 // base ip
    00000000 // ip
    00000000 // stack
    00000000   
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    0000     // SP
    0000
    00000000 // vars
    00000000       
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00000000
    00       // is active
    00       // cond
    00       // mission cleanup
    00       // is external
    00       // text block override
    00       // extern attach type
    0000
    00000000 // wakeTime
    0000     // logic
    00       // not
    00       // busted
    00       // wasted or busted
    000000
    00000000 // scene skip ip
    00       // is mission
    000000
end
                                                                                                                      
///////////////////////////////////////////////////// end RakNet hook /////////////////////////////////////////////////////

:isR1
0AA2: 0@ = load_library "samp.dll"
0A8E: 1@ = 0@ + 0x129
0A8D: 1@ = read_memory 1@ size 1 virtual_protect 1
if 1@ == 0xF4 // isR1
then
    0485:  return_true
else       
    059A:  return_false
end
0AB2: ret 0

//////////////////////////////////////////// MogAika snippet for install hook /////////////////////////////////////////////

:asm_call_hook
0A8C: write_memory 0@ size 1 value 0xE8 virtual_protect 1
0085:3@ = 1@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1     
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 1
0AB2: ret 0 

:asm_jmp_hook
0A8C: write_memory 0@ size 1 value 0xE9 virtual_protect 1
0085:3@ = 1@
0062: 1@ -= 0@ // (int)
000E: 1@ -= 5
0@ += 1     
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 1
0AB2: ret 0

////////////////////////////////////////// end MogAika snippet for install hook ///////////////////////////////////////////