I'm not interested so much in the hack as I am the vehicle for delivery. The hack itself disables the AFK timer.
It's compiled as: d3dx9_38.dll
You stick it in bin32, and walla, the hack is on. The dll wraps the system library by the same name ( LoadLibrary followed by dozens of GerProcAddress). At somepoint it loads Game.dll, calls CreateGameInstance and does this:
.text:00402DCB sub_402DCB proc near ; CODE XREF: DllEntryPoint+25p .text:00402DCB pusha .text:00402DCC push offset ModuleName ; "game.dll" .text:00402DD1 call ds:GetModuleHandleA .text:00402DD7 test eax, eax .text:00402DD9 jz short loc_402E3A .text:00402DDB mov dword_404002, eax .text:00402DE0 push eax .text:00402DE1 push offset aCreategameinst ; "CreateGameInstance" .text:00402DE6 push eax ; hModule .text:00402DE7 call ds:GetProcAddress .text:00402DED cmp byte ptr [eax], 0B8h .text:00402DF0 jnz short loc_402E3A .text:00402DF2 pop eax .text:00402DF3 xor ecx, ecx .text:00402DF5 mov ecx, [eax+3Ch] .text:00402DF8 mov ecx, [eax+ecx+1Ch] .text:00402DFC mov edi, dword_404002 .text:00402E02 mov eax, 40771B00h .text:00402E07 mov bl, 1 .text:00402E09 call sub_402E3C .text:00402E0E add edi, 2 .text:00402E11 mov byte ptr [edi], 0EBh .text:00402E14 mov dword_404014, 1 .text:00402E1E mov dword_40400E, 1 .text:00402E28 push offset aD3dx9_dll ; "d3dx9.dll" .text:00402E2D call ds:GetModuleHandleA .text:00402E33 push eax ; hLibModule .text:00402E34 call ds:DisableThreadLibraryCalls .text:00402E3A .text:00402E3A loc_402E3A: ; CODE XREF: sub_402DCB+Ej .text:00402E3A ; sub_402DCB+25j .text:00402E3A popa .text:00402E3B retn .text:00402E3B sub_402DCB endp ; sp-analysis failed .text:00402E3B
Comment