test

1. #include <thread>
2. #include <iostream>
3. #include <Windows.h>
4. #include <TlHelp32.h>
5.  
6. #define LOCAL_PLAYER_OFFSET 0x058AA260UL//1.2.7.2
7. #define ENTITY_LIST_OFFSET 0x05662928UL//1.2.7.2
8. #define MESSAGE_SENDER_OFFSET 0x01370C90UL//1.2.7.2
9. #define TRANSFER_ITEM_VTABLE 0x0383AC88UL//1.2.7.2
10.  
11. HMODULE Module = NULL;
12. HANDLE ModuleThread = NULL;
13. DWORD64 ProcessBase = 0;
14. CHAR ProcessExe[] = "Fallout76.exe";
15.  
16. class EntityListType
17. {
18. public:
19. BYTE Padding0000[0x80];
20. DWORD64 InteriorListPtr;//0x80
21. DWORD64 InteriorListCheck;//0x88
22. BYTE Padding0090[0x18];
23. DWORD64 ExteriorListPtr;//0xA8
24. DWORD64 ExteriorListCheck;//0xB0
25. };
26.  
27. class EntityList
28. {
29. public:
30. BYTE Padding0000[0x78];
31. DWORD64 ListPtr;//0x78
32. BYTE Padding0080[0x8];
33. DWORD ListSize;//0x88
34. };
35.  
36. class LocalPlayer
37. {
38. public:
39. DWORD64 vtable;//0x0
40. BYTE Padding0008[0x18];
41. DWORD Formid;//0x20
42. BYTE Padding0024[0xAC];
43. float Pitch;//0xD0
44. BYTE Padding00D4[0x4];
45. float Yaw;//0xD8
46. BYTE Padding00DC[0x4];
47. float Position[3];//0xE0
48. BYTE Padding00EC[0x3C];
49. DWORD64 InventoryPtr;//0x128
50. BYTE Padding0130[0x30];
51. DWORD64 ReferencePtr;//0x160
52. BYTE Padding0168[0xAE0];
53. DWORD64 StashPtr;//0xC48
54. };
55.  
56. class Entity
57. {
58. public:
59. DWORD64 vtable;//0x0
60. BYTE Padding0008[0x18];
61. DWORD Formid;//0x20
62. BYTE Padding0024[0xAC];
63. float Pitch;//0xD0
64. BYTE Padding00D4[0x4];
65. float Yaw;//0xD8
66. BYTE Padding00DC[0x4];
67. float Position[3];//0xE0
68. BYTE Padding00EC[0x3C];
69. DWORD64 InventoryPtr;//0x128
70. BYTE Padding0130[0x30];
71. DWORD64 ReferencePtr;//0x160
72. };
73.  
74. class Reference
75. {
76. public:
77. DWORD64 vtable;//0x0
78. BYTE Padding0008[0x18];
79. DWORD Formid;//0x20
80. };
81.  
82. class Inventory
83. {
84. public:
85. DWORD64 vtable;//0x0
86. BYTE Padding0008[0x58];
87. DWORD64 ItemArrayPtr;//0x60
88. BYTE Padding0068[0x8];
89. DWORD ItemArraySize;//0x70
90. };
91.  
92. class Item
93. {
94. public:
95. DWORD64 ReferencePtr;//0x0
96. BYTE Padding0008[0x8];
97. DWORD64 DisplayPtr;//0x10
98. BYTE Padding0018[0x8];
99. DWORD Iterations;//0x20
100. BYTE Padding0024[0x8];
101. DWORD ItemId;//0x2C
102. BYTE Padding0030[0x8];
103. };
104.  
105. class ItemCount
106. {
107. public:
108. BYTE Padding0000[0x8];
109. DWORD Count;//0x8
110. BYTE Padding000C[0x4];
111. };
112.  
113. class TransferMessage
114. {
115. public:
116. DWORD64 vtable;//0x0
117. DWORD SrcFormid;//0x8
118. DWORD DstFormid;//0xC
119. DWORD ItemId;//0x10
120. DWORD Amount;//0x14
121. DWORD UnknownA;//0x18
122. DWORD UnknownB;//0x1C
123. };
124.  
125. bool CheckFormid(DWORD Formid)
126. {
127. return true;
128. }
129.  
130. bool SingleKeyToggle(DWORD KeyCode, bool* KeyToggle)
131. {
132. if (GetAsyncKeyState(KeyCode))
133. {
134. if (!*KeyToggle)
135. {
136. *KeyToggle = true;
137. return true;
138. }
139. }
140. else
141. {
142. if (*KeyToggle)
143. {
144. *KeyToggle = false;
145. return false;
146. }
147. }
148.  
149. return false;
150. }
151.  
152. bool DoubleKeyToggle(DWORD KeyCodeA, DWORD KeyCodeB, bool* KeyToggle)
153. {
154. if (GetAsyncKeyState(KeyCodeA))
155. {
156. return SingleKeyToggle(KeyCodeB, KeyToggle);
157. }
158.  
159. if (GetAsyncKeyState(KeyCodeB))
160. {
161. return SingleKeyToggle(KeyCodeA, KeyToggle);
162. }
163.  
164. return false;
165. }
166.  
167. bool Valid(DWORD64 ptr)
168. {
169. if (ptr < 0x7FFF || ptr > 0x7FFFFFFFFFFF) return false;
170. else return true;
171. }
172.  
173. DWORD64 GetClosestEntity(DWORD Formid)
174. {
175. DWORD64 LocalPlayerPtr = *(DWORD64*)(ProcessBase + LOCAL_PLAYER_OFFSET);
176. if (!Valid(LocalPlayerPtr)) return 0;
177.  
178. LocalPlayer LocalPlayerData = *(LocalPlayer*)(LocalPlayerPtr);
179. if (LocalPlayerData.Formid == 0x00000014) return 0;
180.  
181. DWORD64 EntityListBuffer = *(DWORD64*)(ProcessBase + ENTITY_LIST_OFFSET);
182. if (!Valid(EntityListBuffer)) return 0;
183.  
184. EntityListType EntityListTypeData = *(EntityListType*)(EntityListBuffer);
185. if (!Valid(EntityListTypeData.InteriorListPtr)) return 0;
186. if (!Valid(EntityListTypeData.InteriorListCheck)) return 0;
187. if (!Valid(EntityListTypeData.ExteriorListPtr)) return 0;
188. if (!Valid(EntityListTypeData.ExteriorListCheck)) return 0;
189.  
190. DWORD64 EntityListArrayPtr = 0;
191. DWORD EntityListArraySize = 0;
192.  
193. bool UseInteriorList = false;
194. if (EntityListTypeData.InteriorListPtr != EntityListTypeData.InteriorListCheck)
195. {
196. UseInteriorList = true;
197. EntityListArrayPtr = EntityListTypeData.InteriorListPtr;
198. EntityListArraySize = 1;
199. }
200.  
201. bool UseExteriorList = false;
202. if (EntityListTypeData.ExteriorListPtr != EntityListTypeData.ExteriorListCheck)
203. {
204. UseExteriorList = true;
205. EntityListArrayPtr = EntityListTypeData.ExteriorListPtr;
206. EntityListArraySize = 25;
207. }
208.  
209. if (UseInteriorList && UseExteriorList) return 0;
210. if (!UseInteriorList && !UseExteriorList) return 0;
211.  
212. DWORD64* EntityListPtr = new DWORD64[EntityListArraySize * 2];
213. memcpy(EntityListPtr, (DWORD64*)(EntityListArrayPtr), sizeof(DWORD64) * EntityListArraySize * 2);
214.  
215. DWORD64 ClosestEntity = 0;
216. float ClosestDistance = FLT_MAX;
217.  
218. for (DWORD i = 0; i < EntityListArraySize; i++)
219. {
220. if (!Valid(EntityListPtr[i * 2])) continue;
221.  
222. EntityList EntityListData = *(EntityList*)(EntityListPtr[i * 2]);
223. if (!Valid(EntityListData.ListPtr) || EntityListData.ListSize == 0) continue;
224.  
225. DWORD64 * EntityPtr = new DWORD64[EntityListData.ListSize];
226. memcpy(EntityPtr, (DWORD64*)(EntityListData.ListPtr), sizeof(DWORD64) * EntityListData.ListSize);
227.  
228. for (DWORD c = 0; c < EntityListData.ListSize; c++)
229. {
230. if (!Valid(EntityPtr[c])) continue;
231.  
232. Entity EntityData = *(Entity*)(EntityPtr[c]);
233. if (!Valid(EntityData.ReferencePtr) || EntityData.Formid == LocalPlayerData.Formid) continue;
234.  
235. Reference ReferenceData = *(Reference*)(EntityData.ReferencePtr);
236. if (ReferenceData.Formid != Formid) continue;
237.  
238. float Difference[3];
239. Difference[0] = EntityData.Position[0] - LocalPlayerData.Position[0];
240. Difference[1] = EntityData.Position[1] - LocalPlayerData.Position[1];
241. Difference[2] = EntityData.Position[2] - LocalPlayerData.Position[2];
242.  
243. float Distance = sqrtf(powf(Difference[0], 2.0f) + powf(Difference[1], 2.0f) + powf(Difference[2], 2.0f));
244. if (Distance >= ClosestDistance) continue;
245.  
246. ClosestDistance = Distance;
247. ClosestEntity = EntityPtr[c];
248. }
249.  
250. delete[]EntityPtr;
251. }
252.  
253. delete[]EntityListPtr;
254. return ClosestEntity;
255. }
256.  
257. bool TransferArmor()
258. {
259. DWORD64 ContainerPtr = GetClosestEntity(0x003C4115);
260. if (ContainerPtr == 0) return false;
261.  
262. Entity Container = *(Entity*)(ContainerPtr);
263. if (!Valid(Container.InventoryPtr)) return false;
264.  
265. DWORD64 LocalPlayerPtr = *(DWORD64*)(ProcessBase + LOCAL_PLAYER_OFFSET);
266. if (!Valid(LocalPlayerPtr)) return false;
267.  
268. LocalPlayer LocalPlayerData = *(LocalPlayer*)(LocalPlayerPtr);
269. if (!Valid(LocalPlayerData.StashPtr)) return false;
270.  
271. Entity STASH = *(Entity*)(LocalPlayerData.StashPtr);
272. if (!Valid(STASH.InventoryPtr)) return false;
273.  
274. Inventory InventoryData = *(Inventory*)(STASH.InventoryPtr);
275. if (!Valid(InventoryData.ItemArrayPtr) || InventoryData.ItemArraySize == 0) return false;
276.  
277. Item * ItemData = new Item[InventoryData.ItemArraySize];
278. memcpy(ItemData, (DWORD64*)(InventoryData.ItemArrayPtr), InventoryData.ItemArraySize * sizeof(Item));
279.  
280. typedef DWORD64(__fastcall MessageProc)(void* Message);
281. MessageProc * SendMessageToServer = (MessageProc*)(ProcessBase + MESSAGE_SENDER_OFFSET);
282.  
283. for (DWORD i = 0; i < InventoryData.ItemArraySize; i++)
284. {
285. if (!Valid(ItemData[i].ReferencePtr)) continue;
286. if (!Valid(ItemData[i].DisplayPtr)) continue;
287. if (ItemData[i].Iterations == 0) continue;
288.  
289. Reference ReferenceData = *(Reference*)(ItemData[i].ReferencePtr);
290. //if (!CheckFormid(ReferenceData.Formid)) continue;
291.  
292. DWORD Amount = 0;
293. ItemCount * ItemCountData = new ItemCount[ItemData[i].Iterations];
294. memcpy(ItemCountData, (DWORD64*)(ItemData[i].DisplayPtr), ItemData[i].Iterations * sizeof(ItemCount));
295. for (DWORD c = 0; c < ItemData[i].Iterations; c++) Amount += ItemCountData[c].Count;
296. delete[]ItemCountData;
297.  
298. TransferMessage TransferMessageData;
299. TransferMessageData.vtable = ProcessBase + TRANSFER_ITEM_VTABLE;
300. TransferMessageData.SrcFormid = STASH.Formid;
301. TransferMessageData.DstFormid = Container.Formid;
302. TransferMessageData.ItemId = ItemData[i].ItemId;
303. TransferMessageData.Amount = Amount;
304. TransferMessageData.UnknownA = 0;
305. TransferMessageData.UnknownB = 0;
306. SendMessageToServer(&TransferMessageData);
307. }
308.  
309. delete[]ItemData;
310. return true;
311. }
312.  
313. void ModuleLoop()
314. {
315. ProcessBase = DWORD64(GetModuleHandleA(ProcessExe));
316. if (ProcessBase > 0)
317. {
318. bool ZeroKeyToggle = false;
319. std::chrono::time_point<std::chrono::system_clock> ThreadTimer;
320. while (!GetAsyncKeyState(VK_F1))
321. {
322. ThreadTimer = std::chrono::system_clock::now();
323.  
324. if (DoubleKeyToggle(VK_CONTROL, '0', &ZeroKeyToggle))
325. {
326. TransferArmor();
327. }
328.  
329. ThreadTimer += std::chrono::milliseconds(16);
330. std::this_thread::sleep_until(ThreadTimer);
331. }
332. }
333.  
334. FreeLibraryAndExitThread(Module, 0);
335. }
336.  
337. BOOL DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpReserved)
338. {
339. switch (dwReason)
340. {
341. case DLL_PROCESS_ATTACH:
342. Module = hModule;
343. DisableThreadLibraryCalls(Module);
344. ModuleThread = CreateThread(0, 0, LPTHREAD_START_ROUTINE(ModuleLoop), 0, 0, 0);
345. CloseHandle(ModuleThread);
346. break;
347. case DLL_PROCESS_DETACH:
348. break;
349. default:
350. break;
351. }
352.  
353. return TRUE;
354. }