Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <Windows.h>
- #include <vector>
- #include <string>
- #include "ball.h"
- DWORD_PTR FindPattern(const char *szPattern, DWORD_PTR dwBase, size_t dwSize)
- {
- //hab das von ner alten eo source kopiert lol
- unsigned char *code = (unsigned char *)dwBase;
- size_t patternLength = strlen(szPattern);
- const unsigned char *pattern = reinterpret_cast<const unsigned char *>(szPattern);
- if (pattern[0] == ' ')
- return NULL;
- std::vector<byte> mask, nativepattern;
- for (unsigned char *current = const_cast<unsigned char*>(pattern); current < (pattern + patternLength);)
- {
- if (*current == '?')
- {
- mask.push_back(0);
- nativepattern.push_back(0);
- current += 2;
- }
- else
- {
- mask.push_back(1);
- nativepattern.push_back((unsigned char)(strtol(reinterpret_cast<char*>(current), 0, 16)));
- current += 3;
- }
- }
- patternLength = nativepattern.size();
- for (size_t current = 0; current < dwSize; current++)
- {
- for (size_t patternidx = 0; patternidx < patternLength; patternidx++)
- {
- if (mask.at(patternidx))
- {
- if (nativepattern.at(patternidx) != *PBYTE(code + current + patternidx))
- break;
- if (patternidx == patternLength - 1)
- {
- return DWORD(code) + current;
- }
- }
- }
- }
- return NULL;
- }
- CBall *ballPtr = nullptr;
- DWORD eip_strokeCounter = 0;
- LONG CALLBACK VectoredHandler(
- _In_ PEXCEPTION_POINTERS ExceptionInfo
- )
- {
- if (ExceptionInfo->ContextRecord->Eip == (DWORD)eip_strokeCounter)
- {
- ballPtr = (CBall*)ExceptionInfo->ContextRecord->Edi;
- //printf("Ball 0x%X\n", ballPtr);
- //das macht 1fach die originalen instructions nur ohne inline asm und trampolin LOL
- ballPtr->StrokeCount = ExceptionInfo->ContextRecord->Eax;
- ExceptionInfo->ContextRecord->Eip++;
- return EXCEPTION_CONTINUE_EXECUTION;
- }
- }
- DWORD WINAPI doStuff(LPVOID)
- {
- FILE *allah = nullptr;
- AllocConsole();
- SetConsoleTitleA("wtf man");
- freopen_s(&allah, "CONOUT$", "w", stdout);
- printf("Golf with ur frends hack by lion\nwww.EngineOwning.com\n\n");
- MEMORY_BASIC_INFORMATION *buffer = (MEMORY_BASIC_INFORMATION*)VirtualAlloc(0, 0x10000, MEM_COMMIT, PAGE_READWRITE);
- bool found1 = false;
- bool found2 = false;
- DWORD currAaaaa = 0;
- DWORD dwOld = 0;
- AddVectoredExceptionHandler(TRUE, VectoredHandler);
- while (!found1 || !found2)
- {
- VirtualQuery((LPCVOID)currAaaaa, buffer, 0x10000);
- currAaaaa += buffer->RegionSize;
- if (buffer->Protect == PAGE_EXECUTE_READ || buffer->Protect == PAGE_EXECUTE_READWRITE)
- {
- printf("Found pages: 0x%X (0x%X bytes)\n", buffer->BaseAddress, buffer->RegionSize);
- DWORD_PTR dw1 = FindPattern("89 87 ? ? ? ? d9 ee d9 9f ? ? ? ? c6 87 5a 02 00 00", (DWORD_PTR)buffer->BaseAddress, (DWORD_PTR)buffer->RegionSize);
- DWORD_PTR dw2 = FindPattern("48 89 87 ? ? ? ? 8b 87", (DWORD_PTR)buffer->BaseAddress, (DWORD_PTR)buffer->RegionSize);
- if (dw1)
- {
- // NICE
- found1 = true;
- printf("Found stroke counter at 0x%X\n", dw1);
- eip_strokeCounter = dw1;
- VirtualProtect((LPVOID)dw1, 6, PAGE_EXECUTE_READWRITE, &dwOld);
- *(BYTE*)(dw1) = 0xCC;
- *(BYTE*)(dw1 + 1) = 0x90;
- *(BYTE*)(dw1 + 2) = 0x90;
- *(BYTE*)(dw1 + 3) = 0x90;
- *(BYTE*)(dw1 + 4) = 0x90;
- *(BYTE*)(dw1 + 5) = 0x90;
- VirtualProtect((LPVOID)dw1, 6, dwOld, &dwOld);
- }
- if (dw2)
- {
- found2 = true;
- printf("Found freecam at 0x%X\n", dw2);
- VirtualProtect((LPVOID)dw2, 1, PAGE_EXECUTE_READWRITE, &dwOld);
- *(BYTE*)(dw2) = 0x90;
- VirtualProtect((LPVOID)dw2, 1, dwOld, &dwOld);
- }
- }
- }
- while (true)
- {
- if (ballPtr)
- {
- if (GetAsyncKeyState(VK_NUMPAD9) & 1)
- {
- ballPtr->StrokeCount++;
- }
- else if (GetAsyncKeyState(VK_NUMPAD3) & 1)
- {
- ballPtr->StrokeCount--;
- }
- }
- Sleep(50);
- }
- }
- BOOL WINAPI DllMain(HINSTANCE hinstDll, DWORD fdwReason, LPVOID lpvReserved)
- {
- switch (fdwReason)
- {
- case DLL_PROCESS_ATTACH:
- CreateThread(NULL, 0, doStuff, hinstDll, 0, NULL);
- return TRUE;
- default: break;
- }
- return FALSE;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
