Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #define _CRT_SECURE_NO_WARNINGS //msvc doesn't like freopen
- #include <Windows.h>
- #include <iostream>
- #include <string> //for std::string
- #include <VMProtectSDK.h>
- typedef void(__thiscall *changeprop)(void* self, DWORD descriptor);
- changeprop change_prop = (changeprop)0x511B60; //this func calls Changed events and replicates
- typedef void(__thiscall *changename)(void* self, std::string* name);
- changename change_name = (changename)0x512EC0; //function which changes "Name" of an instance
- typedef void(__thiscall *executescript)(void* self, std::string script);
- executescript exec_script = (executescript)0x831EF0; //LogService:ExecuteScript C function
- using namespace std;
- DWORD logservice; //global pointer to LogService
- //--------------------------------------------------------------------------------
- // Functions
- HWND MainWindowHWND;
- HMENU hMenu;
- HMENU hMenuPopupFile;
- HMENU hMenuPopupAbout;
- HMODULE hInstance;
- HWND ScriptTextBoxHWND;
- LRESULT CALLBACK WindowProcedure(HWND, UINT, WPARAM, LPARAM);
- #define MYMENU_EXIT (WM_APP + 101)
- #define MYMENU_ABOUTMB (WM_APP + 102)
- #define MYMENU_EXECUTECODE (WM_APP + 103)
- #define MYMENU_SCRIPTTEXTBOX (WM_APP + 104)
- #define MYMENU_CLEARSCRIPT (WM_APP + 105)
- #define MYMENU_MINIMIZE (WM_APP + 109)
- LRESULT CALLBACK DLLWindowProc(HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
- {
- switch (message)
- {
- case WM_COMMAND:
- switch (wParam)
- {
- case MYMENU_EXIT:
- if (MessageBox(0, "Are you sure you want to close stigma?", "wtf r u doin", MB_YESNO) == IDYES)
- SendMessage(hwnd, WM_CLOSE, 0, 0);
- break;
- case MYMENU_MINIMIZE:
- ShowWindow(hwnd, SW_MINIMIZE);
- break;
- case MYMENU_ABOUTMB:
- MessageBox(hwnd, "Original script by Sliver Game Support\nProgram by [FaZe] Sliver Gaming Support (aka Asymmetry)", "About", MB_OK);
- break;
- case MYMENU_CLEARSCRIPT:
- SetDlgItemText(hwnd, MYMENU_SCRIPTTEXTBOX, "");
- break;
- case MYMENU_EXECUTECODE:
- int length;
- length = SendMessage(ScriptTextBoxHWND, WM_GETTEXTLENGTH, 0, 0);
- if (length == -1)
- break;
- char buff[80896]; // = 1024 * 79
- char len[255];
- _itoa_s(length, len, 10);
- GetDlgItemText(hwnd, MYMENU_SCRIPTTEXTBOX, buff, length + 1);
- exec_script((void*)logservice, buff); //call LogService:ExecuteScript
- break;
- }
- break;
- case WM_DESTROY:
- PostQuitMessage(0);
- break;
- default:
- return DefWindowProc(hwnd, message, wParam, lParam);
- }
- return 0;
- }
- BOOL RegisterDLLWindowClass(char *szClassName)
- {
- WNDCLASSEX wc;
- wc.hInstance = GetModuleHandle(NULL);
- wc.lpszClassName = szClassName;
- wc.lpfnWndProc = DLLWindowProc;
- wc.style = CS_DBLCLKS;
- wc.cbSize = sizeof(WNDCLASSEX);
- wc.hIcon = LoadIcon(NULL, IDI_APPLICATION);
- wc.hIconSm = LoadIcon(NULL, IDI_APPLICATION);
- wc.hCursor = LoadCursor(NULL, IDC_ARROW);
- wc.lpszMenuName = "Test";
- wc.cbClsExtra = 0;
- wc.cbWndExtra = 0;
- wc.hbrBackground = (HBRUSH)COLOR_BACKGROUND;
- if (!RegisterClassEx(&wc))
- return 0;
- return 1;
- }
- void RefreshContextMenu(HMENU hhMenu)
- {
- hMenuPopupFile = CreatePopupMenu();
- AppendMenu(hMenuPopupFile, MF_STRING, MYMENU_MINIMIZE, TEXT("Minimize"));
- AppendMenu(hMenuPopupFile, MF_STRING, MYMENU_EXIT, TEXT("Exit"));
- AppendMenu(hhMenu, MF_POPUP, (UINT_PTR)hMenuPopupFile, TEXT("File"));
- hMenuPopupAbout = CreatePopupMenu();
- AppendMenu(hMenuPopupAbout, MF_STRING, MYMENU_ABOUTMB, TEXT("About"));
- AppendMenu(hhMenu, MF_POPUP, (UINT_PTR)hMenuPopupAbout, TEXT("Help"));
- }
- HMENU CreateDLLWindowMenu()
- {
- HMENU heyMenu;
- heyMenu = CreateMenu();
- if (heyMenu == NULL)
- return FALSE;
- RefreshContextMenu(heyMenu);
- return heyMenu;
- }
- void CreateFWindows()
- {
- CreateWindow("BUTTON", "EXE", WS_CHILD | WS_VISIBLE, 350, 0, 45, 150, MainWindowHWND, (HMENU)MYMENU_EXECUTECODE, hInstance, NULL);
- CreateWindow("BUTTON", "CLEAR", WS_CHILD | WS_VISIBLE, 350, 100, 45, 150, MainWindowHWND, (HMENU)MYMENU_CLEARSCRIPT, hInstance, NULL);
- ScriptTextBoxHWND = CreateWindowEx(WS_EX_CLIENTEDGE, "EDIT", "", WS_CHILD | WS_VISIBLE | ES_MULTILINE | WS_BORDER | WS_VSCROLL, 0, 0, 350, 250, MainWindowHWND, (HMENU)MYMENU_SCRIPTTEXTBOX, hInstance, 0);
- SendMessage(ScriptTextBoxHWND, EM_SETLIMITTEXT, 0x7FFFFFFE, 0);
- }
- void ShowForm()
- {
- hInstance = GetModuleHandle(NULL);
- hMenu = CreateDLLWindowMenu();
- RegisterDLLWindowClass("DLLWindowClass");
- MainWindowHWND = CreateWindowEx(WS_EX_TOPMOST, "DLLWindowClass", "STIGMA V4", WS_EX_PALETTEWINDOW, CW_USEDEFAULT, CW_USEDEFAULT, 400, 300, NULL, hMenu, hInstance, NULL);
- CreateFWindows();
- ShowWindow(MainWindowHWND, SW_SHOWNORMAL);
- MSG messages;
- while (GetMessage(&messages, NULL, 0, 0))
- {
- TranslateMessage(&messages);
- DispatchMessage(&messages);
- }
- }
- //--------------------------------------------------------------------------------
- //MY CODE
- {
- string *classname;
- __asm //disgusting
- {
- mov ecx, pInstance
- mov eax, [ecx + 0x1C]
- add ecx, 0x1C
- call dword ptr [eax + 4] //call the function to get classname
- add eax, 4 //offset by -4 for some reason
- mov classname, eax
- }
- return classname->c_str();
- }
- //Returns a pointer to the first child of pInstance (a pointer to a RBX::Instance) who's classname == name
- DWORD getChildByClassName(DWORD pInstance, char *name)
- {
- VMProtectBeginMutation("gc");
- int len = strlen(name);
- DWORD childrenptr = *(DWORD*)(pInstance + 0x44); //childrenptr is std::vector<boost::shared_ptr<RBX::Instance*>> *
- DWORD end = *(DWORD*)(childrenptr + 4); //pointer to the end of the vector
- /*
- int i is set to *(childrenptr), which is the start of the vector, basically an array of boost::shared_ptr<RBX::Instance*>
- This makes 'int i' a boost::shared_ptr<RBX::Instance*> *
- *(childrenptr+4) is a ptr to the end of the vector
- boost::shared_ptr<RBX::Instance*> is a simple struct:
- struct shit
- {
- RBX::Instance *pInstance;
- void *ptr_to_some_internal_boost_class;
- }
- So to get pInstance, I can do *(int*)i
- Since the struct's size is 8 so I add 8 to i each loop
- I'm too lazy to define structs so I search the vector manually
- */
- for (int i = *(int*)childrenptr; i != end; i += 8)
- {
- if (memcmp(getclassname(*(int*)i), name, len) == 0)
- {
- VMProtectEnd();
- return *(int*)i; //return the pointer to the instance
- }
- }
- return 0;
- }
- void init()
- {
- VMProtectBeginUltra("init");
- AllocConsole();//create console
- freopen("CONOUT$", "w", stdout);
- freopen("CONIN$", "r", stdin);
- cout << "Initializing... ";
- DWORD game = *(DWORD*)(0x130186C);
- game = *(DWORD*)(game + 0x5C);
- game = *(DWORD*)(game + 4);
- game = *(DWORD*)(game + 4);
- //Gets the active DataModel 0x130186C] + 0x5C] + 0x4] + 0x4]
- DWORD plyrs = getChildByClassName(game, "Players");
- //lua equivalent: local plyrs = game:GetService("Players")
- DWORD localplayer = *(DWORD*)(plyrs + 0x180);
- //Players + 0x180 is the LocalPlayer
- //lua equivalent: local localplayer = plyrs.LocalPlayer
- DWORD creatorid = *(DWORD*)(game + 0xE5C) ^ *(DWORD*)(*(DWORD*)(game + 0xE5C));
- //game + 0xE5C is obfuscated creatorid: xor obfuscation (ptrtovalue XOR *ptrtovalue = actualvalue) where ptrtovalue = *(game+0xE5C)
- //lua equivalent: local creatorid = game.CreatorId
- *(DWORD*)(localplayer + 0x94) = creatorid;
- //Player + 0x94 is userId
- change_prop((void*)localplayer, 0x1692DE4);
- //replicate the changed userId, 0x1692DE4 = global propertydescriptor for Player.userId
- //lua equivalent: localplayer.userId = creatorid
- logservice = getChildByClassName(game, "LogService");
- //lua equivalent: logservice = game:GetService("LogService")
- cout << "done" << endl;
- ShowForm(); //show the GUI
- VMProtectEnd();
- }
- BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
- {
- if (fdwReason == DLL_PROCESS_ATTACH)
- {
- DisableThreadLibraryCalls(hinstDLL);
- CreateThread(0, 0, (LPTHREAD_START_ROUTINE)init, 0, 0, 0); //lets go
- }
- return 1;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
