[DOES NOT WORK]wDetector English Plugin by iCCup.xboi209

1. #ifdef _MSC_VER
2. #define _CRT_SECURE_NO_WARNINGS
3. #endif
4. #define WIN32_LEAN_AND_MEAN
5.  
6. #include <Windows.h>
7. #include <stdlib.h>
8. #include <process.h>
9. #include <cstdio>
10. #include <conio.h>
11. #include <stdio.h>
12. #include <tlhelp32.h>
13. #include <Shlwapi.h>
14. #include <fstream>
15. #include <iostream>
16. #include <string>
17.  
18. using namespace std;
19.  
20. DWORD GetProcessId(IN PCHAR szExeName);
21. BOOL CreateRemoteThreadInject(DWORD ID, const char * dll);
22. int PobierzIdProcesu(char *pProcessName);
23. BOOL SetPrivilege(HANDLE  hToken, LPCTSTR lpPrivilege, BOOL bEnablePrivilege);
24. BOOL SetDebugPrivilege(BOOL bEnable);
25.  
26.  
27. DWORD GetProcessId(IN PCHAR szExeName)
28. {
29.     DWORD dwRet = 0;
30.     DWORD dwCount = 0;
31.  
32.     HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
33.  
34.     if (hSnapshot != INVALID_HANDLE_VALUE)
35.     {
36.         PROCESSENTRY32 pe = { 0 };
37.         pe.dwSize = sizeof(PROCESSENTRY32);
38.  
39.         BOOL bRet = Process32First(hSnapshot, &pe);
40.  
41.         while (bRet)
42.         {
43.             if (!_stricmp(pe.szExeFile, szExeName))
44.             {
45.                 dwCount++;
46.                 dwRet = pe.th32ProcessID;
47.             }
48.             bRet = Process32Next(hSnapshot, &pe);
49.         }
50.  
51.         if (dwCount > 1)
52.             dwRet = 0xFFFFFFFF;
53.  
54.         CloseHandle(hSnapshot);
55.     }
56.  
57.     return dwRet;
58. }
59.  
60.  
61. BOOL CreateRemoteThreadInject(DWORD ID, const char * dll)
62. {
63.     HANDLE Process; //Declare the handle of the process
64.     LPVOID Memory; //Declare the memory that will be allocated
65.     LPVOID LoadLibrary; //Declare LoadLibrary
66.  
67.     //If there's no process ID we return false.
68.     if (!ID)
69.     {
70.         ofstream log;
71.         log.open("wDetector.log");
72.         log << "ERROR: Process with ID " << ID << " could not be found" << "\n";
73.         log.close();
74.         return false;
75.     }
76.  
77.     //Open the process with read , write and execute priviledges
78.     Process = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, ID);
79.  
80.     //Get the address of LoadLibraryA
81.     LoadLibrary = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
82.  
83.     // Allocate space in the process for our DLL  
84.     Memory = (LPVOID)VirtualAllocEx(Process, NULL, strlen(dll) + 1, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
85.  
86.     // Write the string name of our DLL in the memory allocated  
87.     WriteProcessMemory(Process, (LPVOID)Memory, dll, strlen(dll) + 1, NULL);
88.  
89.     // Load our DLL  
90.     CreateRemoteThread(Process, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibrary, (LPVOID)Memory, NULL, NULL);
91.  
92.     //Let the program regain control of itself
93.     CloseHandle(Process);
94.  
95.  
96.  
97.     //Lets free the memory we are not using anymore.
98.     VirtualFreeEx(Process, (LPVOID)Memory, 0, MEM_RELEASE);
99.  
100.     return true;
101. }
102.  
103.  
104. int PobierzIdProcesu(char *pProcessName) {
105.     HANDLE hSnap = INVALID_HANDLE_VALUE;
106.     HANDLE hProcess = INVALID_HANDLE_VALUE;
107.     PROCESSENTRY32 ProcessStruct;
108.     ProcessStruct.dwSize = sizeof(PROCESSENTRY32);
109.     hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
110.  
111.     if (hSnap == INVALID_HANDLE_VALUE)
112.         return -1;
113.  
114.     if (Process32First(hSnap, &ProcessStruct) == FALSE)
115.         return -1;
116.  
117.     do
118.     {
119.         if (_stricmp(_strupr(ProcessStruct.szExeFile), pProcessName) == 0) {
120.             CloseHandle(hSnap);
121.             return ProcessStruct.th32ProcessID;
122.             break;
123.         }
124.     }
125.  
126.     while (Process32Next(hSnap, &ProcessStruct));
127.  
128.     CloseHandle(hSnap);
129.  
130.     return -1;
131. }
132.  
133.  
134. BOOL SetPrivilege(HANDLE  hToken, LPCTSTR lpPrivilege, BOOL bEnablePrivilege) {
135.     TOKEN_PRIVILEGES    tkp = { 0 };
136.     LUID                luid = { 0 };
137.     TOKEN_PRIVILEGES    tkpPrevious = { 0 };
138.     DWORD              cbPrevious = 0;
139.     if ((!hToken) || (!lpPrivilege))
140.         return FALSE;
141.     if (!LookupPrivilegeValue(NULL, lpPrivilege, &luid))
142.         return FALSE;
143.     tkp.PrivilegeCount = 1;
144.     tkp.Privileges[0].Luid = luid;
145.     tkp.Privileges[0].Attributes = 0;
146.     cbPrevious = sizeof(TOKEN_PRIVILEGES);
147.     AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(TOKEN_PRIVILEGES), &tkpPrevious, &cbPrevious);
148.     if (GetLastError() != ERROR_SUCCESS)
149.         return FALSE;
150.     tkpPrevious.PrivilegeCount = 1;
151.     tkpPrevious.Privileges[0].Luid = luid;
152.     if (bEnablePrivilege)
153.         tkpPrevious.Privileges[0].Attributes |= (SE_PRIVILEGE_ENABLED);
154.     else
155.         tkpPrevious.Privileges[0].Attributes ^= (SE_PRIVILEGE_ENABLED & tkpPrevious.Privileges[0].Attributes);
156.     AdjustTokenPrivileges(hToken, FALSE, &tkpPrevious, cbPrevious, NULL, NULL);
157.     if (GetLastError() != ERROR_SUCCESS)
158.         return FALSE;
159.     return TRUE;
160. }
161.  
162. BOOL SetDebugPrivilege(BOOL bEnable) {
163.     HANDLE hToken = NULL;
164.     if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
165.         return FALSE;
166.     if (!SetPrivilege(hToken, SE_DEBUG_NAME, bEnable)) {
167.         CloseHandle(hToken);
168.         return FALSE;
169.     }
170.     CloseHandle(hToken);
171.     return TRUE;
172. }
173.  
174.  
175. PROCESS_INFORMATION processInfo = { 0 };
176. void Kill(void* pinfo)
177. {
178.     PROCESS_INFORMATION* proci = (PROCESS_INFORMATION*)pinfo;
179.  
180.     TerminateProcess(proci->hProcess, 0);
181.  
182.     CloseHandle(proci->hProcess);
183.     CloseHandle(proci->hThread);
184. }
185.  
186.  
187. struct ExchangeData
188. {
189.     int  iPluginAPI;
190.     int  iStarCraftBuild;
191.     BOOL bNotSCBWmodule;
192.     BOOL bConfigDialog;
193. };
194.  
195. extern "C" __declspec(dllexport) void GetPluginAPI(ExchangeData& Data)
196. {
197.     Data.iPluginAPI = 4;            //4 == BWL4
198.     Data.iStarCraftBuild = 13;      //13 == StarCraft 1.16.1
199.     Data.bConfigDialog = FALSE;     //TRUE == Allow Config button
200.     Data.bNotSCBWmodule = FALSE;    //Inform user that closing BWL will shut down your plugin(?)
201. }
202.  
203.  
204. extern "C" __declspec(dllexport) void GetData(char* name, char* description, char* updateurl)
205. {
206.     strcpy(name, "wDetector");
207.     strcpy(description, "Injects and patches wDetector\r\n\r\nwDetector by Won Soon-cheol\r\nwDetector offsets by DyS-\r\nwDetector English Plugin by iCCup.xboi209");
208.     strcpy(updateurl, "http://mjr896.net/techguy/wDetector/");
209. }
210.  
211.  
212. // Called when user clicks Config button
213. extern "C" __declspec(dllexport) bool OpenConfig()
214. {
215.     return true;
216. }
217.  
218.  
219. //Called before StarCraft is completely loaded
220. extern "C" __declspec(dllexport) bool ApplyPatchSuspended(HANDLE, DWORD)
221. {
222.     if (GetFileAttributesA("wLauncher.exe") == 0xFFFFFFFF) {
223.         MessageBoxA(NULL, "wLauncher.exe not found!", "wDetector English Patch", MB_OK | MB_ICONERROR);
224.         return false;
225.     }
226.     else if (GetFileAttributesA("wDetector.w") == 0xFFFFFFFF) {
227.         MessageBoxA(NULL, "wDetector.w not found!", "wDetector English Patch", MB_OK | MB_ICONERROR);
228.         return false;
229.     }
230.     else
231.     {
232.         STARTUPINFOA info = { sizeof(info) };
233.  
234.         if (!CreateProcessA(NULL, "wLauncher.exe", NULL, NULL, TRUE, 0, NULL, NULL, &info, &processInfo)) {
235.             MessageBoxA(NULL, "Failed to start wLauncher.exe!", "wDetector English Patch", MB_OK | MB_ICONERROR);
236.             return false;
237.         }
238.  
239.     }
240.     return true;
241. }
242.  
243.  
244. //Called after StarCraft is completely loaded
245. extern "C" __declspec(dllexport) bool ApplyPatch(HANDLE, DWORD)
246. {
247.     ofstream log;
248.     log.open("wDetector.log");
249.     if (!log.is_open())
250.     {
251.         MessageBoxA(NULL, "Could not open wDetector.log!", "wDetector English Patch", MB_OK | MB_ICONERROR);
252.         return false;
253.     }
254.     log << "Logging started" << endl;
255.  
256.     Sleep(1000);
257.  
258.     //Start array
259.     char* offsets[][3] = {
260.         { "0x3E264", "0", "char[1]" },
261.         { "0x45848", "Auto-Mine", "char[10]" },
262.         { "0x458C0", "Auto-Build", "char[10]" },
263.         { "0x45870", "Multicommand", "char[14]" },
264.         { "0x45960", "Name Spoof", "char[14]" },
265.         { "0x45910", "Drop Hack", "char[10]" },
266.         { "0x3D677", " - Game History:", "char[16]" },
267.         { "0x3E2A5", "Hacks were detected", "char[19]" },
268.         { "0x3FD7C", " - Refreshing Game>   ", "char[22]" },
269.         //to be continued...
270.     };
271.  
272.  
273.     //Inject wDetector.w
274.     char dll[MAX_PATH];
275.     GetFullPathName("wDetector.w", MAX_PATH, dll, NULL);
276.     DWORD ID = GetProcessId("StarCraft.exe");
277.  
278.     if (SetDebugPrivilege(TRUE))
279.     {
280.         log << "Obtained SeDebugPrivilege" << endl;
281.     }
282.     else
283.     {
284.         log << "Unable to obtain SeDebugPrivilege" << endl;
285.         return false;
286.     }
287.  
288.     if (CreateRemoteThreadInject(ID, dll))
289.     {
290.         log << "Injected " << dll << " into " << ID << endl;
291.     }
292.     else
293.     {
294.         log << "ERROR: Could not inject " << dll << " into " << ID << endl;
295.         return false;
296.     }
297.  
298.  
299.     //Get base address of wDetector.w module
300.     MODULEENTRY32 lpModuleEntry = { 0 };
301.     LPSTR lpModuleName = "wDetector.w";
302.     HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, PobierzIdProcesu("starcraft.exe"));
303.     DWORD wDetectorBaseAddress = 0;
304.  
305.     if (hSnapShot == NULL)
306.     {
307.         log << "ERROR: Could not get handle for StarCraft.exe" << endl;
308.         return false;
309.     }
310.  
311.     lpModuleEntry.dwSize = sizeof(lpModuleEntry);
312.     BOOL bModule = Module32First(hSnapShot, &lpModuleEntry);
313.  
314.     while (bModule) {
315.         if (!strcmp(lpModuleEntry.szModule, lpModuleName)) {
316.             wDetectorBaseAddress = (DWORD)lpModuleEntry.modBaseAddr;
317.             CloseHandle(hSnapShot);
318.             log << "wDetector.w's base address is " << wDetectorBaseAddress << endl;
319.         }
320.  
321.         bModule = Module32Next(hSnapShot, &lpModuleEntry);
322.     }
323.  
324.     //Patch wDetector.w
325.     HANDLE scHandle = OpenProcess(PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, ID);
326.     if (scHandle == NULL) {
327.         log << "ERROR: OpenProcess() returned " << GetLastError() << endl;
328.         return false;
329.     }
330.  
331.     DWORD bytesOut;
332.     DWORD wDetectorOldProtection;
333.     DWORD wDetectorAddress;
334.     DWORD finalAddressSize;
335.  
336.     for (int a = 0; a < 9; a++) {
337.         wDetectorAddress = wDetectorBaseAddress + (int)strtol(offsets[a][0], NULL, 0);
338.         finalAddressSize = wDetectorAddress + (int)strtol(offsets[a][1], NULL, 0);
339.  
340.         VirtualProtectEx(scHandle, (LPVOID) wDetectorAddress, sizeof(finalAddressSize), PAGE_EXECUTE_READWRITE, &wDetectorOldProtection);
341.  
342.         if (WriteProcessMemory(scHandle, (LPVOID) wDetectorAddress, offsets[a][1], strlen(offsets[a][1]) + 1, &bytesOut))
343.         {
344.             log << "WriteProcessMemory() to address " << wDetectorBaseAddress << " + " << (int)strtol(offsets[a][0], NULL, 0) << " = " << wDetectorAddress << " with '" << offsets[a][1] << "'; " << bytesOut << " bytes were written" << endl;
345.         }
346.         else
347.         {
348.             log << "ERROR: WriteProcessMemory() returned " << GetLastError() << endl;
349.             return false;
350.         }
351.  
352.         VirtualProtectEx(scHandle, (LPVOID) wDetectorAddress, sizeof(finalAddressSize), wDetectorOldProtection, NULL);
353.     }
354.  
355.     CloseHandle(scHandle);
356.  
357.     Sleep(3000);
358.     log << "Killing wLauncher.exe" << endl;
359.     _beginthread(Kill, 0, &processInfo); //Kill wLauncher.exe
360.  
361.     log << "Logging ended";
362.     log.close();
363.  
364.     return true;
365. }