Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // LSC by durpin
- // You need a copy of AsmJit to compiled this application.
- #include <AsmJit\Assembler.h>
- #include <AsmJit\MemoryManager.h>
- #include <AsmJit\Config.h>
- #include <iostream>
- #define LOL_WINDOW "League of Legends (TM) Client"
- #define PATCH_OFFSET 0x8EECC0
- #define PATCH_RETURN_TO 0x8EECC7
- #define GETMODULEHANDLEA 0x9ED1EC
- #define GETPROCADDRESS 0x9ED28C
- #define _STRICMP 0x9ED918
- using namespace AsmJit;
- int main(int argc, char ** argv)
- {
- if (argc != 3)
- {
- std::cerr << "usage:\n"
- "\t" << argv[0] << " \"SUMMONER NAME\" SKINID" << std::endl;
- return 1;
- }
- int nTargetPlayer = strlen(argv[1]) + 1;
- std::cout << "Searching for \"" << LOL_WINDOW << "\".";
- HWND hWnd = NULL;
- while ((hWnd = FindWindow(NULL, LOL_WINDOW)) == NULL)
- {
- std::cout << ".";
- Sleep(500);
- }
- std::cout << std::endl;
- DWORD dwPID = 0;
- GetWindowThreadProcessId(hWnd, &dwPID);
- std::cout << "Found it! (PID: " << dwPID << ")" << std::endl;
- HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID);
- if (!hProc)
- {
- std::cerr << "Failed to open process. Do you have the necessary privileges?" << std::endl;
- return 1;
- }
- LPVOID lpMemory = NULL;
- DWORD dwOldProtect = 0;
- DWORD dwWritten = 0;
- Assembler a;
- Label lbl_Skip = a.newLabel();
- // Write string of player in memory.
- lpMemory = VirtualAllocEx(hProc, NULL, nTargetPlayer, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
- WriteProcessMemory(hProc, lpMemory, argv[1], nTargetPlayer, &dwWritten);
- a.mov(eax, (int)lpMemory);
- // strcmp(str1, str2);
- a.push(eax); // str2
- a.push(esi); // str1
- a.mov(eax, (int)_STRICMP);
- a.call(dword_ptr(eax));
- a.test(eax, eax); // Check return value. Is it 0 (strings matched)?
- a.jnz(lbl_Skip);
- a.mov(edx, atoi(argv[2]));
- a.bind(lbl_Skip);
- a.pop(eax);
- a.pop(eax);
- // Restore the prologue of the function we destroyed when we inserted our magical jmp
- a.push(-1);
- a.push(0x9B8EC3);
- a.mov(eax, (int)PATCH_RETURN_TO);
- a.jmp(eax);
- void * patch1 = a.make();
- lpMemory = VirtualAllocEx(hProc, NULL, a.getCodeSize(), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
- if (lpMemory == NULL)
- {
- std::cerr << "Failed to allocate " << a.getCodeSize() << " bytes in the process." << std::endl;
- return 1;
- }
- if (!VirtualProtectEx(hProc, lpMemory, a.getCodeSize(), PAGE_EXECUTE_READWRITE, &dwOldProtect))
- {
- std::cerr << "Failed to change page protection of " << lpMemory << ". This is necessary to execute dynamically generated code." << std::endl;
- return 1;
- }
- if (!WriteProcessMemory(hProc, lpMemory, patch1, a.getCodeSize(), &dwWritten))
- {
- std::cerr << "Couldn't write to " << lpMemory << "." << std::endl;
- return 1;
- }
- // Create a call to our function
- Assembler b;
- b.mov(eax, (int)lpMemory);
- b.jmp(eax);
- void * patch2 = b.make();
- if (!WriteProcessMemory(hProc, (LPVOID)PATCH_OFFSET, patch2, b.getCodeSize(), &dwWritten))
- {
- std::cerr << "Couldn't write to " << PATCH_OFFSET << " jump to our own code." << std::endl;
- return 1;
- }
- CloseHandle(hProc);
- std::cout << "\nDone!" << std::endl;
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement