Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #ifdef _MSC_VER
- #define _CRT_SECURE_NO_WARNINGS
- #endif
- #define WIN32_LEAN_AND_MEAN
- #include <Windows.h>
- #include <stdlib.h>
- #include <process.h>
- #include <cstdio>
- #include <conio.h>
- #include <stdio.h>
- #include <tlhelp32.h>
- #include <Shlwapi.h>
- #include <fstream>
- #include <iostream>
- #include <string>
- using namespace std;
- DWORD GetProcessId(IN PCHAR szExeName);
- BOOL CreateRemoteThreadInject(DWORD ID, const char * dll);
- int PobierzIdProcesu(char *pProcessName);
- BOOL SetPrivilege(HANDLE hToken, LPCTSTR lpPrivilege, BOOL bEnablePrivilege);
- BOOL SetDebugPrivilege(BOOL bEnable);
- DWORD GetProcessId(IN PCHAR szExeName)
- {
- DWORD dwRet = 0;
- DWORD dwCount = 0;
- HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
- if (hSnapshot != INVALID_HANDLE_VALUE)
- {
- PROCESSENTRY32 pe = { 0 };
- pe.dwSize = sizeof(PROCESSENTRY32);
- BOOL bRet = Process32First(hSnapshot, &pe);
- while (bRet)
- {
- if (!_stricmp(pe.szExeFile, szExeName))
- {
- dwCount++;
- dwRet = pe.th32ProcessID;
- }
- bRet = Process32Next(hSnapshot, &pe);
- }
- if (dwCount > 1)
- dwRet = 0xFFFFFFFF;
- CloseHandle(hSnapshot);
- }
- return dwRet;
- }
- BOOL CreateRemoteThreadInject(DWORD ID, const char * dll)
- {
- HANDLE Process; //Declare the handle of the process
- LPVOID Memory; //Declare the memory that will be allocated
- LPVOID LoadLibrary; //Declare LoadLibrary
- //If there's no process ID we return false.
- if (!ID)
- {
- ofstream log;
- log.open("wDetector.log");
- log << "ERROR: Process with ID " << ID << " could not be found" << "\n";
- log.close();
- return false;
- }
- //Open the process with read , write and execute priviledges
- Process = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, ID);
- //Get the address of LoadLibraryA
- LoadLibrary = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
- // Allocate space in the process for our DLL
- Memory = (LPVOID)VirtualAllocEx(Process, NULL, strlen(dll) + 1, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
- // Write the string name of our DLL in the memory allocated
- WriteProcessMemory(Process, (LPVOID)Memory, dll, strlen(dll) + 1, NULL);
- // Load our DLL
- CreateRemoteThread(Process, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibrary, (LPVOID)Memory, NULL, NULL);
- //Let the program regain control of itself
- CloseHandle(Process);
- //Lets free the memory we are not using anymore.
- VirtualFreeEx(Process, (LPVOID)Memory, 0, MEM_RELEASE);
- return true;
- }
- int PobierzIdProcesu(char *pProcessName) {
- HANDLE hSnap = INVALID_HANDLE_VALUE;
- HANDLE hProcess = INVALID_HANDLE_VALUE;
- PROCESSENTRY32 ProcessStruct;
- ProcessStruct.dwSize = sizeof(PROCESSENTRY32);
- hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
- if (hSnap == INVALID_HANDLE_VALUE)
- return -1;
- if (Process32First(hSnap, &ProcessStruct) == FALSE)
- return -1;
- do
- {
- if (_stricmp(_strupr(ProcessStruct.szExeFile), pProcessName) == 0) {
- CloseHandle(hSnap);
- return ProcessStruct.th32ProcessID;
- break;
- }
- }
- while (Process32Next(hSnap, &ProcessStruct));
- CloseHandle(hSnap);
- return -1;
- }
- BOOL SetPrivilege(HANDLE hToken, LPCTSTR lpPrivilege, BOOL bEnablePrivilege) {
- TOKEN_PRIVILEGES tkp = { 0 };
- LUID luid = { 0 };
- TOKEN_PRIVILEGES tkpPrevious = { 0 };
- DWORD cbPrevious = 0;
- if ((!hToken) || (!lpPrivilege))
- return FALSE;
- if (!LookupPrivilegeValue(NULL, lpPrivilege, &luid))
- return FALSE;
- tkp.PrivilegeCount = 1;
- tkp.Privileges[0].Luid = luid;
- tkp.Privileges[0].Attributes = 0;
- cbPrevious = sizeof(TOKEN_PRIVILEGES);
- AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(TOKEN_PRIVILEGES), &tkpPrevious, &cbPrevious);
- if (GetLastError() != ERROR_SUCCESS)
- return FALSE;
- tkpPrevious.PrivilegeCount = 1;
- tkpPrevious.Privileges[0].Luid = luid;
- if (bEnablePrivilege)
- tkpPrevious.Privileges[0].Attributes |= (SE_PRIVILEGE_ENABLED);
- else
- tkpPrevious.Privileges[0].Attributes ^= (SE_PRIVILEGE_ENABLED & tkpPrevious.Privileges[0].Attributes);
- AdjustTokenPrivileges(hToken, FALSE, &tkpPrevious, cbPrevious, NULL, NULL);
- if (GetLastError() != ERROR_SUCCESS)
- return FALSE;
- return TRUE;
- }
- BOOL SetDebugPrivilege(BOOL bEnable) {
- HANDLE hToken = NULL;
- if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
- return FALSE;
- if (!SetPrivilege(hToken, SE_DEBUG_NAME, bEnable)) {
- CloseHandle(hToken);
- return FALSE;
- }
- CloseHandle(hToken);
- return TRUE;
- }
- PROCESS_INFORMATION processInfo = { 0 };
- void Kill(void* pinfo)
- {
- PROCESS_INFORMATION* proci = (PROCESS_INFORMATION*)pinfo;
- TerminateProcess(proci->hProcess, 0);
- CloseHandle(proci->hProcess);
- CloseHandle(proci->hThread);
- }
- struct ExchangeData
- {
- int iPluginAPI;
- int iStarCraftBuild;
- BOOL bNotSCBWmodule;
- BOOL bConfigDialog;
- };
- extern "C" __declspec(dllexport) void GetPluginAPI(ExchangeData& Data)
- {
- Data.iPluginAPI = 4; //4 == BWL4
- Data.iStarCraftBuild = 13; //13 == StarCraft 1.16.1
- Data.bConfigDialog = FALSE; //TRUE == Allow Config button
- Data.bNotSCBWmodule = FALSE; //Inform user that closing BWL will shut down your plugin(?)
- }
- extern "C" __declspec(dllexport) void GetData(char* name, char* description, char* updateurl)
- {
- strcpy(name, "wDetector");
- strcpy(description, "Injects and patches wDetector\r\n\r\nwDetector by Won Soon-cheol\r\nwDetector offsets by DyS-\r\nwDetector English Plugin by iCCup.xboi209");
- strcpy(updateurl, "http://mjr896.net/techguy/wDetector/");
- }
- // Called when user clicks Config button
- extern "C" __declspec(dllexport) bool OpenConfig()
- {
- return true;
- }
- //Called before StarCraft is completely loaded
- extern "C" __declspec(dllexport) bool ApplyPatchSuspended(HANDLE, DWORD)
- {
- if (GetFileAttributesA("wLauncher.exe") == 0xFFFFFFFF) {
- MessageBoxA(NULL, "wLauncher.exe not found!", "wDetector English Patch", MB_OK | MB_ICONERROR);
- return false;
- }
- else if (GetFileAttributesA("wDetector.w") == 0xFFFFFFFF) {
- MessageBoxA(NULL, "wDetector.w not found!", "wDetector English Patch", MB_OK | MB_ICONERROR);
- return false;
- }
- else
- {
- STARTUPINFOA info = { sizeof(info) };
- if (!CreateProcessA(NULL, "wLauncher.exe", NULL, NULL, TRUE, 0, NULL, NULL, &info, &processInfo)) {
- MessageBoxA(NULL, "Failed to start wLauncher.exe!", "wDetector English Patch", MB_OK | MB_ICONERROR);
- return false;
- }
- }
- return true;
- }
- //Called after StarCraft is completely loaded
- extern "C" __declspec(dllexport) bool ApplyPatch(HANDLE, DWORD)
- {
- ofstream log;
- log.open("wDetector.log");
- if (!log.is_open())
- {
- MessageBoxA(NULL, "Could not open wDetector.log!", "wDetector English Patch", MB_OK | MB_ICONERROR);
- return false;
- }
- log << "Logging started" << endl;
- Sleep(1000);
- //Start array
- char* offsets[][3] = {
- { "0x3E264", "0", "char[1]" },
- { "0x45848", "Auto-Mine", "char[10]" },
- { "0x458C0", "Auto-Build", "char[10]" },
- { "0x45870", "Multicommand", "char[14]" },
- { "0x45960", "Name Spoof", "char[14]" },
- { "0x45910", "Drop Hack", "char[10]" },
- { "0x3D677", " - Game History:", "char[16]" },
- { "0x3E2A5", "Hacks were detected", "char[19]" },
- { "0x3FD7C", " - Refreshing Game> ", "char[22]" },
- //to be continued...
- };
- //Inject wDetector.w
- char dll[MAX_PATH];
- GetFullPathName("wDetector.w", MAX_PATH, dll, NULL);
- DWORD ID = GetProcessId("StarCraft.exe");
- if (SetDebugPrivilege(TRUE))
- {
- log << "Obtained SeDebugPrivilege" << endl;
- }
- else
- {
- log << "Unable to obtain SeDebugPrivilege" << endl;
- return false;
- }
- if (CreateRemoteThreadInject(ID, dll))
- {
- log << "Injected " << dll << " into " << ID << endl;
- }
- else
- {
- log << "ERROR: Could not inject " << dll << " into " << ID << endl;
- return false;
- }
- //Get base address of wDetector.w module
- MODULEENTRY32 lpModuleEntry = { 0 };
- LPSTR lpModuleName = "wDetector.w";
- HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, PobierzIdProcesu("starcraft.exe"));
- DWORD wDetectorBaseAddress = 0;
- if (hSnapShot == NULL)
- {
- log << "ERROR: Could not get handle for StarCraft.exe" << endl;
- return false;
- }
- lpModuleEntry.dwSize = sizeof(lpModuleEntry);
- BOOL bModule = Module32First(hSnapShot, &lpModuleEntry);
- while (bModule) {
- if (!strcmp(lpModuleEntry.szModule, lpModuleName)) {
- wDetectorBaseAddress = (DWORD)lpModuleEntry.modBaseAddr;
- CloseHandle(hSnapShot);
- log << "wDetector.w's base address is " << wDetectorBaseAddress << endl;
- }
- bModule = Module32Next(hSnapShot, &lpModuleEntry);
- }
- //Patch wDetector.w
- HANDLE scHandle = OpenProcess(PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, ID);
- if (scHandle == NULL) {
- log << "ERROR: OpenProcess() returned " << GetLastError() << endl;
- return false;
- }
- DWORD bytesOut;
- DWORD wDetectorOldProtection;
- DWORD wDetectorAddress;
- DWORD finalAddressSize;
- for (int a = 0; a < 9; a++) {
- wDetectorAddress = wDetectorBaseAddress + (int)strtol(offsets[a][0], NULL, 0);
- finalAddressSize = wDetectorAddress + (int)strtol(offsets[a][1], NULL, 0);
- VirtualProtectEx(scHandle, (LPVOID) wDetectorAddress, sizeof(finalAddressSize), PAGE_EXECUTE_READWRITE, &wDetectorOldProtection);
- if (WriteProcessMemory(scHandle, (LPVOID) wDetectorAddress, offsets[a][1], strlen(offsets[a][1]) + 1, &bytesOut))
- {
- log << "WriteProcessMemory() to address " << wDetectorBaseAddress << " + " << (int)strtol(offsets[a][0], NULL, 0) << " = " << wDetectorAddress << " with '" << offsets[a][1] << "'; " << bytesOut << " bytes were written" << endl;
- }
- else
- {
- log << "ERROR: WriteProcessMemory() returned " << GetLastError() << endl;
- return false;
- }
- VirtualProtectEx(scHandle, (LPVOID) wDetectorAddress, sizeof(finalAddressSize), wDetectorOldProtection, NULL);
- }
- CloseHandle(scHandle);
- Sleep(3000);
- log << "Killing wLauncher.exe" << endl;
- _beginthread(Kill, 0, &processInfo); //Kill wLauncher.exe
- log << "Logging ended";
- log.close();
- return true;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement