LUDIJAK_INN_RESET

#include <iostream>
#include <Windows.h>
#include <psapi.h>
#include <TlHelp32.h>
#include <fcntl.h>
#include <io.h>

char dlldir[320];
char *GetDirectoryFile(const char *filename)
{
    static char path[320];
    strcpy_s(path, dlldir);
    strcat_s(path, filename);
    return path;
}


class CIniReader
{
public:
 CIniReader(char* szFileName);
 int ReadInteger(char* szSection, char* szKey, int iDefaultValue);
 float ReadFloat(char* szSection, char* szKey, float fltDefaultValue);
 bool ReadBoolean(char* szSection, char* szKey, bool bolDefaultValue);
 char* ReadString(char* szSection, char* szKey, const char* szDefaultValue);
private:
  char m_szFileName[255];
};


CIniReader::CIniReader(char* szFileName)
{
 memset(m_szFileName, 0x00, 255);
 memcpy(m_szFileName, szFileName, strlen(szFileName));
}
int CIniReader::ReadInteger(char* szSection, char* szKey, int iDefaultValue)
{
 int iResult = GetPrivateProfileInt(szSection,  szKey, iDefaultValue, m_szFileName);
 return iResult;
}
float CIniReader::ReadFloat(char* szSection, char* szKey, float fltDefaultValue)
{
 char szResult[255];
 char szDefault[255];
 float fltResult;
 sprintf(szDefault, "%f",fltDefaultValue);
 GetPrivateProfileString(szSection,  szKey, szDefault, szResult, 255, m_szFileName);
 fltResult =  atof(szResult);
 return fltResult;
}
bool CIniReader::ReadBoolean(char* szSection, char* szKey, bool bolDefaultValue)
{
 char szResult[255];
 char szDefault[255];
 bool bolResult;
 sprintf(szDefault, "%s", bolDefaultValue? "True"
     : "False");
 GetPrivateProfileString(szSection, szKey, szDefault, szResult, 255, m_szFileName);
 bolResult =  (strcmp(szResult, "True") == 0 ||
     strcmp(szResult, "true") == 0) ? true : false;
 return bolResult;
}
char* CIniReader::ReadString(char* szSection, char* szKey, const char* szDefaultValue)
{
 char* szResult = new char[255];
 memset(szResult, 0x00, 255);
 GetPrivateProfileString(szSection,  szKey,
        szDefaultValue, szResult, 255, m_szFileName);
 return szResult;
}


class CSeed
{
public:
char _0x0000[8];
    DWORD ServerSeed;

};

void CreateDebugConsole()
{
    HANDLE lStdHandle = 0;
    int hConHandle = 0;
    FILE *fp = 0;
    AllocConsole( );
    lStdHandle = GetStdHandle( STD_OUTPUT_HANDLE );
    hConHandle = _open_osfhandle( PtrToUlong( lStdHandle ), _O_TEXT );
    SetConsoleTitle("Cube World Server");
    SetConsoleTextAttribute(lStdHandle,FOREGROUND_GREEN|FOREGROUND_INTENSITY|BACKGROUND_RED);
    fp = _fdopen( hConHandle, "w" );
    *stdout = *fp;
    setvbuf( stdout, NULL, _IONBF, 0 );
}

DWORD GetModuleSize(LPSTR strModuleName)
{
    MODULEENTRY32   lpme= {0};
    DWORD           dwSize=0;
    DWORD           PID=GetCurrentProcessId();
    BOOL            isMod=0;
    char            chModName[256];

    strcpy_s(chModName,strModuleName);
    _strlwr_s(chModName);

    HANDLE hSnapshotModule=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE ,PID);
    if (hSnapshotModule)
    {
        lpme.dwSize=sizeof(lpme);
        isMod=Module32First(hSnapshotModule,&lpme);
        while(isMod)
        {
            if (strcmp(_strlwr(lpme.szExePath),chModName))
            {
                dwSize=(DWORD)lpme.modBaseSize;
                CloseHandle(hSnapshotModule);
                return dwSize;
            }
        isMod=Module32Next(hSnapshotModule,&lpme);
        }
    }
    CloseHandle(hSnapshotModule);

    return 0;
}


DWORD FindPattern(DWORD start_offset, DWORD size, BYTE* pattern, char mask[] )
{

    DWORD pos = 0;
    int searchLen = strlen(mask) - 1;
    for( DWORD retAddress = start_offset; retAddress < start_offset + size; retAddress++ )
    {
        if( *(BYTE*)retAddress == pattern[pos] || mask[pos] == '?' ){
            if( mask[pos+1] == '\0' )
                return (retAddress - searchLen);
            pos++;
        }
        else
            pos = 0;
    }
    return NULL;
}


void MakeJMP(BYTE *pAddress, DWORD dwJumpTo, DWORD dwLen)
{
    DWORD dwOldProtect, dwBkup, dwRelAddr;
    VirtualProtect(pAddress, dwLen, PAGE_EXECUTE_READWRITE, &dwOldProtect);
    dwRelAddr = (DWORD) (dwJumpTo - (DWORD) pAddress) - 5;
    *pAddress = 0xE9;
    *((DWORD *)(pAddress + 0x1)) = dwRelAddr;
    for(DWORD x = 0x5; x < dwLen; x++) *(pAddress + x) = 0x90;
    VirtualProtect(pAddress, dwLen, dwOldProtect, &dwBkup);

    return;

}

DWORD g_dwSeedAddr=FindPattern(reinterpret_cast<DWORD>(GetModuleHandle(NULL)),GetModuleSize("Server.exe"),
    reinterpret_cast<PBYTE>("\x8B\x0B\x8B\x46\x08\xC7\x45\x00\x00\x00\x00\x00\x3B\x81\x00\x00\x00\x00\x0F\x85\x00\x00\x00\x00\x83\xB9\x00\x00\x00\x00\x00"),
    "xxxxxxx?????xx????xx????xx?????");

DWORD g_dwCodeCaveAddr= FindPattern(reinterpret_cast<DWORD>(GetModuleHandle(NULL)),GetModuleSize("Server.exe"),
    reinterpret_cast<PBYTE>("\x81\xC1\x00\x00\x00\x00\xE8\x00\x00\x00\x00\x8D\x4D\xA8\xC6\x45\xFC\x01\xE8\x00\x00\x00\x00"),
    "xx????x????xxxxxxxx????");


DWORD dwSeedJMPBack=(g_dwSeedAddr+5);
DWORD g_dwSeedValueAddr=0;
__declspec(naked) void SetSeed()
{
    __asm
    {
        mov     ecx,[ebx]
        mov     g_dwSeedValueAddr,esi
        mov     eax,[esi+8]
        JMP     [dwSeedJMPBack]
    }
}


DWORD dwJMPBack=(g_dwCodeCaveAddr+6);
DWORD dwJMPBack2=(g_dwCodeCaveAddr+11);
__declspec(naked) void CrashFix()
{
    __asm
    {
        add     ecx, 90h
        cmp     ecx,0x90
        JNE     ZERO
        JMP     [dwJMPBack2]
ZERO:
        JMP     [dwJMPBack]
    }
}

DWORD SERVER_SEED;
DWORD WINAPI TempThread(LPVOID lpParam)
{
 do {
     Sleep(1);
 }while(!g_dwSeedValueAddr);
CSeed *cSeed=reinterpret_cast<CSeed*> (g_dwSeedValueAddr);
cSeed->ServerSeed=SERVER_SEED;
printf("Server Seed var found at %x\n",g_dwSeedValueAddr);
 return 0;
}


BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
if (ul_reason_for_call == DLL_PROCESS_ATTACH)
{

        GetModuleFileName( hModule, dlldir, 512 );
        for(int i = ( int )strlen( dlldir ); i > 0; i--)
        {
            if(dlldir[i] == '\\')
            {
                dlldir[i+1] = 0;
                break;
            }
        }
        CreateThread( NULL, NULL, (LPTHREAD_START_ROUTINE)TempThread, (LPVOID)hModule, NULL, NULL );
        CIniReader cIniReader=CIniReader(GetDirectoryFile("settings.ini"));
        const BYTE MAX_PLAYER=cIniReader.ReadInteger("Settings","Players",64);
        const BYTE ALLOW_INN_TIME_RESET=cIniReader.ReadInteger("Settings","AllowTimeReset",0);
        SERVER_SEED=cIniReader.ReadInteger("Settings","Seed",555);
        CreateDebugConsole();

DWORD server_base = (DWORD)GetModuleHandle("Server.exe");


DWORD max_players_addr = FindPattern(reinterpret_cast<DWORD>(GetModuleHandle(NULL)),GetModuleSize("Server.exe"),
    reinterpret_cast<PBYTE>("\xFF\x15\x00\x00\x00\x00\x8B\xC8\xFF\x15\x00\x00\x00\x00\x83\xBD\x6C\xFE\xFF\xFF\x04"),
    "xx????xxxx????xxxxxxx");
printf("MaxPlayerAddress found at %x\n",max_players_addr);
max_players_addr += 20;

if (max_players_addr)
{
char* max_players = (char*)(max_players_addr);
WriteProcessMemory(GetCurrentProcess(),(PVOID)max_players_addr,&MAX_PLAYER,1,0);

printf("Max players set to %d\n",(int)*max_players);
}
else
printf("Max players address not found\n");


DWORD dwMaxPlayerAddr2 = FindPattern(reinterpret_cast<DWORD>(GetModuleHandle(NULL)),GetModuleSize("Server.exe"),
    reinterpret_cast<PBYTE>("\x83\xFF\x0A\x7F\x1B\x8B\x8D\x00\x00\x00\x00\xEB\xC0"),
    "xxxxxxx????xx");
printf("MaxPlayerAddress2 found at %x\n",dwMaxPlayerAddr2);
dwMaxPlayerAddr2 += 2;

if (dwMaxPlayerAddr2)
{
char* szMaxPlayers = (char*)(dwMaxPlayerAddr2);
WriteProcessMemory(GetCurrentProcess(),(PVOID)dwMaxPlayerAddr2,&MAX_PLAYER,1,0);

printf("Max players2 set to %d\n",(int)*szMaxPlayers);
}
else
printf("Max players2 address not found\n");


DWORD dwRangerSkillFixAddr= FindPattern(reinterpret_cast<DWORD>(GetModuleHandle(NULL)),GetModuleSize("Server.exe"),
    reinterpret_cast<PBYTE>("\x79\x09\x8B\x84\x8E\x00\x00\x00\x00\x85\xC0\x75\x1B\x80\x7E\x60\x00"),
    "xxxxx????xxxxxxxx");
if(dwRangerSkillFixAddr)
{
printf("RangeSkillFixAddress found at %x\n",dwRangerSkillFixAddr);
WriteProcessMemory(GetCurrentProcess(),(PVOID)dwRangerSkillFixAddr,"\xEB",1,0);
}
else
    printf("RangeSkillFixAddress signature not found\n");

DWORD dwDisconnectFix= FindPattern(reinterpret_cast<DWORD>(GetModuleHandle(NULL)),GetModuleSize("Server.exe"),
    reinterpret_cast<PBYTE>("\x8B\x01\xFF\x50\x08\x8B\x4E\x10\x85\xC9\x74\x15\x8B\x11\x3B\xCE\x0F\x95\xC0\x0F\xB6\xC0\x50\xFF\x52\x10\xC7\x46\x00\x00\x00\x00\x00"),
    "xxxxxxxxxxxxxxxxxxxxxxxxxxxx?????");
if(dwDisconnectFix)
{
dwDisconnectFix+=5;
printf("dwDisconnectFix found at %x\n",dwDisconnectFix);
WriteProcessMemory(GetCurrentProcess(),(PVOID)dwDisconnectFix,"\xEB\x3f\x90",3,0);
}
else
{
    printf("dwDisconnectFix signature not found\n");
}

if(g_dwCodeCaveAddr)
{
MakeJMP((BYTE*)(g_dwCodeCaveAddr),(DWORD)CrashFix,0x6);
}
else
{
    printf("CodeCaveAddr signature not found\n");
}
if(g_dwSeedAddr)
{
    printf("ServerSeedAddr found at %x\n",g_dwSeedAddr);
 MakeJMP((BYTE*)(g_dwSeedAddr),(DWORD)SetSeed,0x5);
}
else
{
    printf("Server Seed signature not found\n");
}
if(!ALLOW_INN_TIME_RESET)
{
DWORD dwInnTimeResetFixAddr= FindPattern(reinterpret_cast<DWORD>(GetModuleHandle(NULL)),GetModuleSize("Server.exe"),
    reinterpret_cast<PBYTE>("\x80\xBE\x00\x00\x00\x00\x00\x74\x45\xF6\x46\x7E\x80\x0F\x85\x00\x00\x00\x00"),
    "xx?????xxxxxxxx????");
if(!dwInnTimeResetFixAddr)
    printf("dwInnTimeResetFixAddr signature not found\n");
else
{
    dwInnTimeResetFixAddr+=0x6;
    printf("dwInnTimeResetFixAddr signature found at %x\n",dwInnTimeResetFixAddr);
    WriteProcessMemory(GetCurrentProcess(),(PVOID)dwInnTimeResetFixAddr,"\x00",1,0);
}
}

}

return TRUE;
}