Could someone tell me hjow to make clear screen shot for Punkbuster? I know you have to hook GetForegroundWindow(), but where should I go from there?

Return null?

That gives a black screen shot, and with some games you lose sound or can't do anything anymore.

Could someone tell me hjow to make clear screen shot for Punkbuster? I know you have to hook GetForegroundWindow(), but where should I go from there?

download spartan's SSFaker source. that really helped me out.

That gives a black screen shot, and with some games you lose sound or can't do anything anymore.


you only loose sound if your returning NULL every frame, or if you have the wrong memory address.



look all the memory address's in GFW, and test each one to see if its PB calling for an ss.


if(*pbID=0xw/e)
return NULL;


or

if(*pbID=0xw/e)
wallhack = 0;
esp = 0;
return 0;



0x448df88b



when i was coding, this memory address worked for me...try it see if it still does.

Can you explain me how to find out the memory address for a pbss. I've got my clienthook ready, with a opengl wallhack. But i dont know how to find out what the memory address is for a pbss. Hope you can help me out with this.

#ifdef __cplusplus
#define EXTERNC extern "C"
#else
#define EXTERNC
#endif

EXTERNC void * _AddressOfReturnAddress(void);
EXTERNC void * _ReturnAddress(void);
#pragma intrinsic(_AddressOfReturnAddress)
#pragma intrinsic(_ReturnAddress)


GetPunkbusterModuleInformation()
{
m_dwPBBase = (DWORD)GetModuleHandle("pbcl.dll");
m_dwPBEnde = m_dwPBBase + 0x00080000;
}

and in the detour:
SomeFunc()
{
GetPunkbusterModuleInformation();
m_dwRetAddress = (DWORD)_ReturnAddress();
if (m_dwRetAddress >= m_dwPBBase && m_dwRetAddress <= m_dwPBEnde)
{
DoShit();
}
}

#include "common.h"





#pragma warning(disable: 4047)
#pragma intrinsic(_ReturnAddress)
int readyToEnableWallhack = 0;
DETOUR_TRAMPOLINE( HWND __stdcall pGetForegroundWindow(void),GetForegroundWindow );
HWND __stdcall NewGetForegroundWindow(void)
{
HWND__ * retval = 0;
DWORD ReturnAddress=(DWORD)_ReturnAddress();
unsigned int *pbID = (unsigned int *)ReturnAddress;

if(*pbID==0x448df88b)
{
if(wallhack.integer && readyToEnableWallhack == 0)
{
trap_SendConsoleCommand("wallhack 0\n");
Echo("^$We just turned off your wallhack, because PB's gay ass is getting a PB SCREENSHOT!!:o:o\n");
readyToEnableWallhack = 1;
return 0;
}
}

if(readyToEnableWallhack)
{
trap_SendConsoleCommand("wallhack 1\n");
Echo("^$iight, lets turn this mofo BACK ON\n");
readyToEnableWallhack = 0;
}

retval = 0;
retval = pGetForegroundWindow();
return retval;
}



void Detour_PB_Screenshots()
{
DetourFunctionWithTrampoline((PBYTE)pGetForeground Window,(PBYTE)NewGetForegroundWindow);
}


thats my code for it(its for SoF2)


to log it, just do:


print_log("0x%x",*pbID);

#ifdef __cplusplus
#define EXTERNC extern "C"
#else
#define EXTERNC
#endif

EXTERNC void * _AddressOfReturnAddress(void);
EXTERNC void * _ReturnAddress(void);
#pragma intrinsic(_AddressOfReturnAddress)
#pragma intrinsic(_ReturnAddress)


GetPunkbusterModuleInformation()
{
m_dwPBBase = (DWORD)GetModuleHandle("pbcl.dll");
m_dwPBEnde = m_dwPBBase + 0x00080000;
}

and in the detour:
SomeFunc()
{
GetPunkbusterModuleInformation();
m_dwRetAddress = (DWORD)_ReturnAddress();
if (m_dwRetAddress >= m_dwPBBase && m_dwRetAddress <= m_dwPBEnde)
{
DoShit();
}
}

Thanks both of you for sharing your code. SoF2 is exactly the game im testing everything on so this is really going to help me.
Im going through the codes line by line to make sure i understand everything, but there are a few things im not sure of.
So im gonna start with the code of Sparten.

Correct me if im wrong but i assume that m_dwPBBase is holding the offset for a pbss right?
Well, lets say it m_dwPBBase does hold the offset for a pbss, how do i know that that is the offset for a pbss. I mean i obviously have to make a function to writes the offsets to a textfile or else i wouldnt know what the offsets are.
But the _ReturnAddress will not always contain the offset for a pbss, so how can you make sure?
Sorry if im way off here, im just trying to understand everything.

here's a link for you to look at:
http://p2btech.com/v-web/bulletin/bb/viewtopic.php?p=219&

DWORD m_dwPBBase;->BaseAddy of the PB module
DWORD m_dwPBEnde;->the size of the PB module 0x00080000 is the appox size of the module.

So every call comming from PB will get redirected, there is really no need to finde the REAL call addy from PB.

DWORD m_dwPBBase;->BaseAddy of the PB module
DWORD m_dwPBEnde;->the size of the PB module 0x00080000 is the appox size of the module.

So every call comming from PB will get redirected, there is really no need to finde the REAL call addy from PB.
I see, so this means that this also avoids the corrupt file/memory scan?
btw, you dont seem to be using _AddressOfReturnAddress,am i right?

Thank you all for posting.


retval = 0;
retval = pGetForegroundWindow();
return retval;


I don't understand why you set it to 0 and then pGetForegroundWindow. Wouldn't it always return just pGetForegroundWindow?

Thank you all for posting.


retval = 0;
retval = pGetForegroundWindow();
return retval;


I don't understand why you set it to 0 and then pGetForegroundWindow. Wouldn't it always return just pGetForegroundWindow?
Ignore all of that, its completely pointless...
It should just be
return pGetForegroundWindow();

Hey,

I found this thread in the general Coding forum and I think it can be interesting for us as well.
Since you don't tend to visit that forum, I've copied it to here as well.

Are you sure you didn't move it to the wrong forum, I thought the new anti pb forum was made for a reason :P

wait im confused, the same threads in two spots

anyways i'll say what i did in other

tehleetz0rs example is good but sloppy, and old method, there's much more accurate ways to calculate how many FPS you need to call to the function ("master switch") ahead of time ( for various technical reasons )

wait im confused, the same threads in two spots

anyways i'll say what i did in other

tehleetz0rs example is good but sloppy, and old method, there's much more accurate ways to calculate how many FPS you need to call to the function ("master switch") ahead of time ( for various technical reasons )

Ye, as i copied this one yesterday :P

- HyPz

very useful in formation, at the moment im learning cpp and one of my key projects (for the near future is..you guessed it, hacking pb ss feature) im sure ill be back with a few questions after a while.

again i can't express how much this info is helping me. mad props to sparten and leetz0rz

one question that's haunting me is, how old is this code exacly?

Its ancient....

yep theres much easier ways around, and you can get this way working on todays pb without much hassle, but i prefer not to hook pbcl directly when i do mine