#pragma once#include <Windows.h>#include <algorithm>#include <string>#in

1. #pragma once
2. #include <Windows.h>
3. #include <algorithm>
4. #include <string>
5. #include <vector>
6. #include <iostream>
7. #include <sstream>
8. #include"RBLOX_Varibles_Scanning.h"
9. #include"Bypasses.h"
10. #define aslr(x)(x - 0x400000 + (DWORD)GetModuleHandleA(0))
11. // int v41;
12. int v49 = 1;
13. /*
14. #define RBLOX_GetField 0x73C460 // CORRECT c
15. #define ScriptContextVFTTable 0x6B94B6 // CORRECT HERE C
16. #define RARJZ_Bypass 0x7385F7 // NOT RIGHT
17. #define RBLOX_GetMetatable 0x73F7B0 // NOT RIGHT
18. #define RBLOX_Pushstring 0x73D830 // CORRECT C
19. #define RBLOX_Pushvalue 0x740950 // NOT RIGHT
20. #define RBLOX_Pcall 0x73D250 // CORRECT C
21. #define RBLOX_Setfield 0x73E230 //CORRECT C
22. #define RBLOX_Pushnumber 0x73D7A0 // CORRECT c
23. #define RBLOX_tolString 0x7418A0 // NOT RIGHT
24. #define RBLOX_toBoolean 0x73E790 // CORRECT c
25. #define RBLOX_Settop 0x73E230 // CORRECT c
26. // #define RBLOX_contextlevel 0x222
27. #define RBLOX_Next 0x72F6F0 // CORRECT c
28. */
29.  
30. /*
31. GEtfield:
32. 1: can't debug
33. 2: click sub, f5 in sub and find
34. sub_xxxxxx(v5, -1002, "script");
35. */
36. // Getfield, RarJz Bypass, Pushvalue, pcall, pushnumber and next, and all calling conventions
37.  
38. #define RBLOX_GetField 0x7451C0 // C
39. #define ScriptContextVFTTable 0x6C09E6 //
40. #define RARJZ_Bypass 0x73CBE0 // NO
41. #define RBLOX_GetMetatable 0x743DE0 // C
42. #define RBLOX_Pushstring 0x744EE0// C
43. #define RBLOX_Pushvalue 0x744FC0 // C
44. #define RBLOX_Pcall 0x744910 // C
45. #define RBLOX_Setfield 0x7458E0 // C
46. #define RBLOX_Pushnumber 0x744E50 // C
47. #define RBLOX_tolString 0x745EF0 // C
48. #define RBLOX_toBoolean 0x745E30 // C
49. #define RBLOX_Settop 0x745CB0 // C
50. // #define RBLOX_contextlevel 0x222
51. #define RBLOX_Next 0x744790 // C
52. /*
53.  
54. LuaState: *(_DWORD *)(ScriptContext + 56 * v49 + 164) - (ScriptContext + 56 * v49 + 164);
55. getfield: 0x73D980
56. ScriptContextVFT: 0x6B7126
57. GetMetaTable: 0x73DC50
58. Pushstring: 0x73ED30
59. Pcall: 0x73E760
60. setfield:0x73F760
61. Pushnumber: 0x73ECA0
62. toLstring: 0x73FD80
63. toboolean: 0x73FCC0
64. Settop: 0x73FB40
65.  
66. */
67.  
68. namespace Main_memoryfunction {
69.  
70. bool Compare(const char* char1, const char* char2, const char* char3) {
71. while (*char3) {
72. if (*char3 != '?') {
73. if (*char1 != *char2) return 0;
74. }
75. ++char1, ++char2, ++char3;
76. }
77. return 1;
78. }
79.  
80. DWORD RBLOX_VFTableScan(const char* vftable) {
81. MEMORY_BASIC_INFORMATION asd1 = { 0 };
82. SYSTEM_INFO asd2 = { 0 };
83. GetSystemInfo(&asd2);
84. DWORD st = (DWORD)asd2.lpMinimumApplicationAddress;
85. DWORD en = (DWORD)asd2.lpMaximumApplicationAddress;
86. do {
87. while (VirtualQuery((void*)st, &asd1, sizeof(asd1))) {
88. if ((asd1.Protect & PAGE_READWRITE) && !(asd1.Protect & PAGE_GUARD)) {
89. for (DWORD i = (DWORD)(asd1.BaseAddress); i - (DWORD)(asd1.BaseAddress) < asd1.RegionSize; ++i) {
90. if (Compare((const char*)i, vftable, "xxxx"))
91. return i;
92. }
93. }
94. st += asd1.RegionSize;
95. }
96. } while (st < en);
97. return 0;
98. }
99. }
100.  
101. DWORD unprotect(DWORD addr) {
102. BYTE* tAddr = (BYTE *)addr;
103.  
104. do {
105. tAddr += 0x10;
106. } while (!(tAddr[0] == 0x55 && tAddr[1] == 0x8B && tAddr[2] == 0xEC));
107.  
108. DWORD funcSz = tAddr - (BYTE*)addr;
109.  
110. PVOID nFunc = VirtualAlloc(NULL, funcSz, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
111. if (nFunc == NULL)
112. return addr;
113.  
114. memcpy(nFunc, (void*)addr, funcSz);
115.  
116. DWORD pos = (DWORD)nFunc;
117. BOOL valid = false;
118. do {
119. if (*(BYTE*)pos == 0x72 && *(BYTE*)(pos + 0x2) == 0xA1 && (*(BYTE*)(pos + 0x7)) == 0x8B) {
120. memcpy((void*)pos, "\xEB", 1);
121.  
122. DWORD cNFunc = (DWORD)nFunc;
123. do {
124. if (*(BYTE*)cNFunc == 0xE8)
125. {
126. DWORD tFunc = addr + (cNFunc - (DWORD)nFunc);
127. DWORD oFunc = (tFunc + *(DWORD*)(tFunc + 1)) + 5;
128.  
129. if (oFunc % 16 == 0)
130. {
131. DWORD realCAddr = oFunc - cNFunc - 5;
132. *(DWORD*)(cNFunc + 1) = realCAddr;
133. }
134. cNFunc += 5;
135. }
136. else
137. cNFunc += 1;
138. } while (cNFunc - (DWORD)nFunc < funcSz);
139.  
140. valid = true;
141. }
142. pos += 1;
143. } while (pos < (DWORD)nFunc + funcSz);
144.  
145. if (!valid) {
146. VirtualFree(nFunc, funcSz, MEM_RELEASE);
147. return addr;
148. }
149.  
150. return (DWORD)nFunc;
151. }
152.  
153.  
154.  
155. DWORD ScriptContext_MAIN, RBLOX_LuaState;
156.  
157.  
158. // v41 is ScriptContext
159. // int v49 = 1;
160. int v50 = 1;
161. //int v49 = 1;
162. void RBLOX_MainScan() { // LuaState
163. DWORD Main_5 = aslr(ScriptContextVFTTable); // THIS
164. DWORD VFTTABLE_MAIN = *(DWORD*)(Main_5 + 0x2); // B E G O N E T H 0 T (KingEzz u hab autisim variables)
165. ScriptContext_MAIN = Main_memoryfunction::RBLOX_VFTableScan((char*)&VFTTABLE_MAIN);
166. // RBLOX_LuaState = (ScriptContext_MAIN + 56 * v49 + 164) ^ *(DWORD *)(ScriptContext_MAIN + 56 * v49 + 164); // Lua_State
167. // v50 = (v41 + 56 * v49 + 164) ^ *(_DWORD *)(v41 + 56 * v49 + 164);
168. // (ScriptContext + 220) ^ *(DWORD *)(ScriptContext + 220)
169. // RBLOX_LuaState = (ScriptContext_MAIN + 56 * v50 + 164) - *(DWORD *)(ScriptContext_MAIN + 56 * v50 + 164);
170. RBLOX_LuaState = (ScriptContext_MAIN + 56 * 1 + 164) - *(DWORD *)(ScriptContext_MAIN + 56 * 1 + 164);
171. // v51 = (int)((char *)v39 + 56 * v50 - *((_DWORD *)v39 + 14 * v50 + 41) + 164);
172. // *(DWORD *)(ScriptContext + 56 * 1 + 164) - (ScriptContext + 56 * 1 + 164); // 5/30/2018
173. // ScriptContext_MAIN + 56 * v50 + 164 - *(DWORD *)(ScriptConext_MAIN + 56 * v50 + 164);
174. // v51 = *(DWORD *)(ScriptContext_MAIN + 56 * 1 + 164) - (ScriptContext_MAIN + 56 * 1 + 164);
175. }
176. /*
177. typedef void(__cdecl* alua_getfield)(DWORD L, int x, const char* y);
178. alua_getfield lua_getfield = (alua_getfield)unprotect(os(0x7451C0));
179.  
180. typedef int(__fastcall* alua_setfield)(DWORD ls, int x, const char* y);//changed from void to int
181. alua_setfield ulua_setfield = (alua_setfield)unprotect(os(0x7458E0));
182.  
183. typedef int(__cdecl* alua_call)(DWORD ls, int args, int results);
184. alua_call lua_call = (alua_call)unprotect(os(0x743520));
185.  
186. typedef void(__cdecl* alua_pushvalue)(DWORD ls, int x);
187. alua_pushvalue lua_pushvalue = (alua_pushvalue)unprotect(os(0x744FC0));
188.  
189. typedef bool(__cdecl* alua_toboolean)(DWORD ls, int x);
190. alua_toboolean lua_toboolean = (alua_toboolean)unprotect(os(0x745E30));
191.  
192. typedef const char*(__stdcall* alua_tolstring)(DWORD ls, int x, size_t y);
193. alua_tolstring lua_tolstring = (alua_tolstring)unprotect(os(0x745EF0));
194.  
195. typedef void(__cdecl* alua_pushboolean)(DWORD ls, bool b);
196. alua_pushboolean lua_pushboolean = (alua_pushboolean)unprotect(os(0x7449E0));
197.  
198. typedef void(__cdecl* alua_settop)(DWORD ls, int y);
199. alua_settop lua_settop = (alua_settop)unprotect(os(0x745CB0));
200.  
201. typedef void(__stdcall* alua_pushstring)(DWORD ls, const char* y);
202. alua_pushstring lua_pushstring = (alua_pushstring)unprotect(os(0x744EE0));// new check?
203.  
204. typedef int(__stdcall* alua_pushnumber)(DWORD ls, double n);//changed from void to int
205. alua_pushnumber lua_pushnumber = (alua_pushnumber)unprotect(os(0x744E50));
206.  
207. typedef int(__cdecl* alua_getmetatable)(DWORD ls, int x);
208. alua_getmetatable lua_getmetatable = (alua_getmetatable)unprotect(os(0x743DE0));
209.  
210. typedef int(__cdecl* alua_type)(DWORD a1, int a2);
211. alua_type lua_type = (alua_type)unprotect(os(0x746340));
212.  
213. typedef int(__cdecl* alua_next)(DWORD a1, int a2);
214. alua_next lua_next = (alua_next)unprotect(os(0x744790));
215.  
216. #define aScriptContext os(0x113A3C8)
217. #define Identity os(0x173B1D0)
218.  
219. ScriptContext + 56 * 1 + 164 - *(DWORD *)(ScriptContext + 56 * 1 + 164);
220. */
221. namespace RBLX_RLUAMAIN {
222.  
223. typedef void(__stdcall* RBLOX_pushstring_)(int RBLX_State, const char* s); // C
224. typedef void(__cdecl* RBLOX_pushvalue_)(int RBLX_State, int idx); // C
225. typedef int(__cdecl* RBLOX_getmetatable_)(int RBLX_State, int idx); // C
226. typedef void(__cdecl* RBLOX_settop_)(int RBLX_State, int top); // C
227. typedef int(__cdecl* RBLOX_toboolean_)(int RBLX_State, int idx); // C
228. typedef void(__cdecl* RBLOX_getfield_)(int RBLX_State, int idx, const char* k); // C
229. typedef void(__stdcall* RBLOX_pushnumber_)(int RBLX_State, double n); // C
230. typedef int(__cdecl* RBLOX_pcall_)(int RBLX_State, int nargs, int nret, int errfunc); // C
231. typedef void(__fastcall* RBLOX_setfield_)(int RBLX_State, int idx, const char* k); // C IDK HOW
232. typedef const char*(__stdcall* RBLOX_tolstring_)(int RBLX_State, int idx, int asd); // C
233. typedef int(__cdecl* RBLOX_next_)(int lua_State, int something); // C
234. typedef int*(__cdecl* RBLOX_getcontext_)();
235.  
236. // im just dumb /shrug
237.  
238.  
239. RBLOX_settop_ RBLOX_settop;
240. RBLOX_getfield_ RBLOX_getfield;
241. RBLOX_pushstring_ RBLOX_pushstring;
242. RBLOX_pushvalue_ RBLOX_pushvalue;
243. RBLOX_pcall_ RBLOX_pcall;
244. RBLOX_setfield_ RBLOX_setfield;
245. RBLOX_pushnumber_ RBLOX_pushnumber;
246. RBLOX_tolstring_ RBLOX_tolstring;
247. RBLOX_toboolean_ RBLOX_toboolean;
248. RBLOX_getmetatable_ RBLOX_getmetatable;
249. RBLOX_next_ RBLOX_next;
250. RBLOX_getcontext_ RBLOX_getcontext;
251.  
252. void RBLOX_POP(int RbxState, int n);
253.  
254.  
255. void INTILIZING() {
256. RBLOX_getmetatable = (RBLOX_getmetatable_)unprotect(aslr(RBLOX_GetMetatable));
257. RBLOX_settop = (RBLOX_settop_)unprotect(aslr(RBLOX_Settop));
258. RBLOX_getfield = (RBLOX_getfield_)unprotect(aslr(RBLOX_GetField));
259. RBLOX_pushstring = (RBLOX_pushstring_)unprotect(aslr(RBLOX_Pushstring));
260. RBLOX_pushvalue = (RBLOX_pushvalue_)unprotect(aslr(RBLOX_Pushvalue));
261. RBLOX_pcall = (RBLOX_pcall_)unprotect(aslr(RBLOX_Pcall));
262. RBLOX_setfield = (RBLOX_setfield_)unprotect(aslr(RBLOX_Setfield));
263. RBLOX_pushnumber = (RBLOX_pushnumber_)unprotect(aslr(RBLOX_Pushnumber));
264. RBLOX_tolstring = (RBLOX_tolstring_)unprotect(aslr(RBLOX_tolString));
265. RBLOX_toboolean = (RBLOX_toboolean_)unprotect(aslr(RBLOX_toBoolean));
266. RBLOX_next = (RBLOX_next_)unprotect(aslr(RBLOX_Next));
267. // RBLOX_getcontext = (RBLOX_getcontext_)aslr(RBLOX_contextlevel);
268.  
269. }
270. // BYPASSES
271.  
272. void jnz(int addr) {
273. DWORD o_buff;
274. VirtualProtect((void*)addr, 5, PAGE_EXECUTE_READWRITE, &o_buff);
275. *(char*)addr = 0x75;
276. VirtualProtect((void*)addr, 5, o_buff, &o_buff);
277. }
278.  
279. void jz(int addr) {
280. DWORD o_buff;
281. VirtualProtect((void*)addr, 5, PAGE_EXECUTE_READWRITE, &o_buff);
282. *(char*)addr = 0x74;
283. VirtualProtect((void*)addr, 5, o_buff, &o_buff);
284. }
285.  
286. void set() {
287. jnz(aslr(RARJZ_Bypass));
288. }
289.  
290. void restore() {
291. jz(aslr(RARJZ_Bypass));
292. }
293.  
294. int RBLX_GetMetatable(int RbxState, int idx) {
295. set();
296. int ret = RBLOX_getmetatable(RbxState, idx);
297. restore();
298. return ret;
299. }
300.  
301. void RBLX_Settop(int RbxState, int top) {
302. set();
303. RBLOX_settop(RbxState, top);
304. restore();
305. }
306.  
307. void RBLX_Getfield(int RbxState, int idx, const char* k) {
308. set();
309. RBLOX_getfield(RbxState, idx, k);
310. restore();
311. }
312.  
313. void RBLX_pushstring(int RbxState, const char* k) {
314. set();
315. RBLOX_pushstring(RbxState, k);
316. restore();
317. }
318.  
319. void RBLX_pushvalue(int RbxState, int idx) {
320. set();
321. RBLOX_pushvalue(RbxState, idx);
322. restore();
323. }
324.  
325. int RBLX_pcall(int RbxState, int nargs, int nret, int errfunc) {
326. set();
327. int ret = RBLOX_pcall(RbxState, nargs, nret, errfunc);
328. restore();
329. return ret;
330. }
331.  
332. void RBLX_pushnumber(int RbxState, double n) {
333. set();
334. RBLOX_pushnumber(RbxState, n);
335. restore();
336. }
337.  
338. const char* RBLX_tostring(int RbxState, int idx) {
339. set();
340. const char* ret = RBLOX_tolstring(RbxState, idx, 0);
341. restore();
342. return ret;
343. }
344.  
345. int RBLX_toboolean(int RbxState, int idx) {
346. set();
347. int ret = RBLOX_toboolean(RbxState, idx);
348. restore();
349. return ret;
350. }
351.  
352. int RBLX_next(int RbxState, int something) {
353. set();
354. int ret = RBLOX_next(RbxState, something);
355. restore();
356. return ret;
357. }
358.  
359. void RBLX_pop(int RbxState, int n) {
360. RBLX_Settop(RbxState, -(n)-1);
361. }
362.  
363. void RBLX_pushnil(int RbxState) {
364. *(DWORD*)(*(DWORD*)(RbxState + 24) + 8) = 0;
365. *(DWORD*)(RbxState + 24) += 16;
366. }
367.  
368. void RBLX_getglobal(int RbxState, const char* k) {
369. RBLX_Getfield(RbxState, -10002, k);
370. }
371.  
372. void RBLX_setfield(int RbxState, int idx, const char* k) {
373. RBLX_pushvalue(RbxState, idx);
374. if (RBLX_GetMetatable(RbxState, -1)) {
375. RBLX_Getfield(RbxState, -1, "__newindex");
376. RBLX_pushvalue(RbxState, -3);
377. RBLX_pushstring(RbxState, k);
378. RBLX_pushvalue(RbxState, -6);
379. RBLX_pcall(RbxState, 3, 0, 0);
380. RBLX_pop(RbxState, 3);
381. }
382. else {
383. RBLX_pop(RbxState, 1);
384. set();
385. RBLOX_setfield(RbxState, idx, k);
386. restore();
387. }
388. }
389. };
390. /*
391.  
392.  
393. */