API tools faq
paste
Guest User

Untitled

a guest
May 21st, 2016
551
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C (WinAPI) 6.45 KB | None | 0 0
raw download clone embed print report
  1. template<class T> struct UnrealArray
  2. {
  3.     T* Data;
  4.     unsigned long Length;
  5.     unsigned long Max;
  6. };
  7.  
  8. struct UnrealObject
  9. {
  10.     unsigned char Unknown [0x2C];
  11.     unsigned long NameIndex;
  12. };
  13.  
  14. struct UnrealName
  15. {
  16.     unsigned char Unknown [0x10];
  17.     char Name [1];
  18. };
  19. void Dump ( void )
  20. {  
  21.     FILE * pFile;
  22.     pFile = fopen ("log.txt","w");
  23.     DoRtlAdjustPrivilege();
  24.     EnumProcessAddresses(GetCurrentProcess(), ScanAddressRange);
  25.     UnrealArray<UnrealObject*>* GlobalObjects;
  26.     UnrealArray<UnrealName*>* GlobalNames;
  27.     GlobalObjects = (UnrealArray<UnrealObject*>*) offsetGobj;
  28.     GlobalNames = (UnrealArray<UnrealName*>*) offsetNameList;
  29.     printf("Count=0x%x\n", GlobalObjects->Length);
  30.     for ( unsigned long i = 0; i < GlobalObjects->Length; i++ )
  31.     {
  32.         if ( !GlobalObjects->Data [i] )
  33.         continue;
  34.         unsigned long NameIndex = GlobalObjects->Data [i]->NameIndex;
  35.         if ( NameIndex < 0 || NameIndex > GlobalNames->Length )
  36.         continue;
  37.         if ( !GlobalNames->Data [NameIndex] )
  38.         continue;
  39.         fprintf ( pFile, "Object[%06i] %s\n", i, GlobalNames->Data [NameIndex]->Name );
  40.     }
  41.     printf("Count=0x%x\n", GlobalNames->Length);
  42.     for ( unsigned long i = 0; i < GlobalNames->Length; i++ )
  43.     {
  44.         if ( !GlobalNames->Data [i] )
  45.             continue;
  46.         fprintf ( pFile, "Name[%06i] %s\n", i, GlobalNames->Data [i]->Name );
  47.     }
  48.     fclose(pFile);
  49.     printf("Dump Complete\n", GlobalNames->Length);
  50. }
  51.  
  52. CHAR* Object_Name = "Name";
  53. CHAR* Object_Outer = "Outer";
  54. CHAR* Object_Class = "Class";
  55. CHAR* Object_Object = "Object";
  56. void Dump2()
  57. {
  58.     printf("Start Dump2...\n");
  59.     FILE * Log;
  60.     Log = fopen ("log.txt","a");
  61.     UnrealArray<UnrealObject*>* ObjectManager;
  62.     UnrealArray<UnrealName*>* NameManager;
  63.     ObjectManager = (UnrealArray<UnrealObject*>*) offsetGobj;
  64.     NameManager = (UnrealArray<UnrealName*>*) offsetNameList;
  65.     // Static character arrays for the string compares
  66.     // Some storage pointers for saved values
  67.     int Object_Start = 0;
  68.     DWORD Object_ClassPtr = 0x0;
  69.     DWORD Offset_Max = 0x150;
  70.     DWORD Offset_MaxObjects = 0x4;
  71.     DWORD Offset_Name = 0x2C;
  72.     DWORD Offset_Outer = 0x0;
  73.     DWORD Offset_Class = 0x0;
  74.     DWORD Offset_PropertyOffset = 0x0;
  75.     DWORD Offset_PropertySize = 0x0;
  76.     printf("First Search...\n");
  77.     // Loop the object table
  78.     for ( unsigned long i = 0; i < ObjectManager->Length; i++ )
  79.     {
  80.         DWORD Object = (DWORD) ObjectManager->Data[i];
  81.         // Check if the object is valid
  82.         if ( !Object )
  83.             continue;
  84.         // Get the name index
  85.         DWORD Name = *(PDWORD) ( (DWORD) Object + (DWORD) Offset_Name );
  86.         // Find the Name UProperty
  87.         if ( strcmp ( NameManager->Data[Name]->Name, Object_Name ) == 0 )
  88.         {
  89.             printf("found NAME...\n");
  90.         // Scan the range of bytes to the size of Offset_Max
  91.             for ( DWORD j = Offset_Name - 0x2C; j < Offset_Max; j++ )
  92.             {
  93.                 DWORD Offset = *(PDWORD) ( (DWORD) Object + (DWORD) j );
  94.                 // Check if the offset matches the UObject->Name offset
  95.                 if ( Offset == Offset_Name )
  96.                 {
  97.                     // Store the PropertyOffset offset
  98.                     Offset_PropertyOffset = j;
  99.                     // Take the current object index and move it back a few entries
  100.                     // Outer starts before Name so we have to do this for the next loop
  101.                     Object_Start = i - (Offset_Max / 4);
  102.                     goto JmpOne;
  103.                 }
  104.              }
  105.         }
  106.     }
  107.     // Check if we found a PropertyOffset offset
  108.     JmpOne:
  109.     if ( !Offset_PropertyOffset )
  110.     {
  111.         printf("Not found!\n");
  112.         return;
  113.     }
  114.     printf("Second Search...\n");
  115.     // Loop the object table
  116.     for ( unsigned long i = Object_Start; i < ObjectManager->Length; i++ )
  117.     {
  118.         DWORD Object = (DWORD) ObjectManager->Data[i];
  119.         // Check if the object is valid
  120.         if ( !Object )
  121.             continue;
  122.         // Get the name index
  123.         DWORD Name = *(PDWORD) ( (DWORD) Object + (DWORD) Offset_Name );
  124.         if ( !Offset_Outer )
  125.         {
  126.             // Check if the object name matches Object_Outer
  127.             if ( strcmp ( NameManager->Data[Name]->Name, Object_Outer ) == 0 )
  128.             // Get the relative offset for the property
  129.             Offset_Outer = *(PDWORD) ((DWORD) Object + (DWORD) Offset_PropertyOffset);
  130.         }
  131.         if ( !Offset_Class )
  132.         {
  133.             // Check if the object name matches Object_Class
  134.             if ( strcmp ( NameManager->Data[Name]->Name, Object_Class ) == 0 )
  135.             // Get the relative offset for the property
  136.             Offset_Class = *(PDWORD) ((DWORD) Object + (DWORD) Offset_PropertyOffset);
  137.         }
  138.     }
  139.     // Check if we found both the outer and class offsets
  140.     if ( !Offset_Outer || !Offset_Class )
  141.     {
  142.         printf("Not found!\n");
  143.         return;
  144.     }
  145.     printf("Third Search...\n");
  146.     // Loop the object table
  147.     for ( unsigned long i = 0; i < ObjectManager->Length; i++ )
  148.     {
  149.         DWORD Object = (DWORD) ObjectManager->Data[i];
  150.         // Check if the object is valid
  151.         if ( !Object )
  152.         continue;
  153.         DWORD ObjectName = *(PDWORD) ( (DWORD) Object + (DWORD) Offset_Name );
  154.         DWORD Class = *(PDWORD) ( (DWORD) Object + (DWORD) Offset_Class );
  155.         DWORD ClassName = *(PDWORD) ( (DWORD) Class + (DWORD) Offset_Name );
  156.  
  157.         // Compare if the class and object name match that of the UObject UClass
  158.         if ( ( strcmp ( NameManager->Data[ClassName]->Name, Object_Class ) == 0 ) && ( strcmp ( NameManager->Data[ObjectName]->Name, Object_Object ) == 0 ) )
  159.         {
  160.             // Found the UClass instance for UObject
  161.             Object_ClassPtr = Object;
  162.             goto JmpTwo;
  163.         }
  164.     }
  165.     // Check if we got a valid UClass instance
  166.     JmpTwo:
  167.     if ( !Object_ClassPtr )
  168.     {
  169.         printf("Not found!\n");
  170.         return;
  171.     }
  172.     printf("Fourth Search...\n");
  173.     // Loop for the size of MaxObjects
  174.     for ( unsigned long i = 0; i < Offset_MaxObjects; i++ )
  175.     {
  176.         // Create the predicted class size variable
  177.         DWORD Temp = ( Offset_Class + 0x4 + ( i * 0x4 ) );
  178.         // Scan the range of bytes to the size of Offset_Max
  179.         for ( unsigned long j = Offset_Class; j < Offset_Max; j++ )
  180.         {
  181.             DWORD Offset = *(PDWORD) ( (DWORD) Object_ClassPtr + (DWORD) j );
  182.             // Compare the value to the predicted class size
  183.             if ( Offset == Temp )
  184.             {
  185.                 // Found possible PropertySize offset
  186.                 Offset_PropertySize = j;
  187.                 goto JmpThree;
  188.             }
  189.         }
  190.     }
  191.     // Check if we found a PropertySize offset
  192.     JmpThree:
  193.     if ( !Offset_PropertySize )
  194.     {
  195.         printf("Not found!\n");
  196.         return;
  197.     }
  198.     // Log the resulting values
  199.     fprintf ( Log, "\nUObject:\n" );
  200.     fprintf ( Log, "\t- Outer\t\t\t0x%X\n", Offset_Outer );
  201.     fprintf ( Log, "\t- Name\t\t\t0x%X\n", Offset_Name );
  202.     fprintf ( Log, "\t- Class\t\t\t0x%X\n", Offset_Class );
  203.     fprintf ( Log, "\nUProperty:\n" );
  204.     fprintf ( Log, "\t- PropertyOffset\t0x%X\n", Offset_PropertyOffset );
  205.     fprintf ( Log, "\nUStruct:\n" );
  206.     fprintf ( Log, "\t- PropertySize\t\t0x%X\n", Offset_PropertySize );
  207.     fclose(Log);
  208.     printf("Dump2 Done.\n");
  209. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!