pokemon.au3

1. #include <EditConstants.au3>
2. #include <GUIConstantsEx.au3>
3. #include <StaticConstants.au3>
4. #include <WindowsConstants.au3>
5. #include <GUIConstants.au3>
6.  
7. Opt("GUIOnEventMode", 1)
8. SetPrivilege("SeDebugPrivilege", 1)
9. #Region ### START Koda GUI section ### Form=C:\Program Files\AutoIt3\SciTE\Koda\Forms\step 8.kxf
10. $Step8 = GUICreate("Pokemon Hack", 387, 157, 192, 124)
11. GUISetOnEvent($GUI_EVENT_CLOSE, "Close")
12. $PID = GUICtrlCreateLabel("PID", 40, 32, 22, 17)
13. $Score = GUICtrlCreateLabel("Score", 40, 72, 31, 17)
14. $Input1 = GUICtrlCreateInput("0", 104, 32, 65, 21)
15. $Input2 = GUICtrlCreateInput("0", 104, 72, 65, 21)
16. $Hack = GUICtrlCreateLabel("Hack", 40, 112, 30, 17)
17. $Input3 = GUICtrlCreateInput("0", 104, 112, 65, 21)
18. $Button = GUICtrlCreateButton("Hack", 216, 64, 81, 33)
19.  
20. GUICtrlSetOnEvent($Button, "hack")
21. AdlibRegister("main", 400)
22. GUISetState(@SW_SHOW)
23. #EndRegion ### END Koda GUI section ###
24.  
25. While 1
26.     Sleep(100)
27. WEnd
28.  
29. Func Close()
30.     Exit
31. EndFunc
32.  
33. Func main()
34.     Global $PID = ProcessExists("picachu.exe")
35.     ;If $PID = 0 Then MsgBox(0,"Error","App Not Running")
36.     Global $HPROCESS = _MEMORYOPEN($PID)
37.     Global $base = 0x4B6088
38.     Global $base1 = _MEMORYREAD($base,$HPROCESS)
39.     GUICtrlSetData ($Input1 ,$PID)
40.     GUICtrlSetData ($Input2 ,$base1)
41.     _MemoryClose($PID)
42. EndFunc
43.  
44. Func hack()
45.     Global $cheat_score = GUICtrlRead($Input3)
46.     _MemoryWrite($base,$HPROCESS,$cheat_score)
47. EndFunc
48.  
49. Func _MEMORYOPEN($IV_PID, $IV_DESIREDACCESS = 2035711, $IV_INHERITHANDLE = 1)
50.     If Not ProcessExists($IV_PID) Then
51.         SetError(1)
52.         Return 0
53.     EndIf
54.     Local $AH_HANDLE[2] = [DllOpen("kernel32.dll")]
55.     If @error Then
56.         SetError(2)
57.         Return 0
58.     EndIf
59.     Local $AV_OPENPROCESS = DllCall($AH_HANDLE[0], "int", "OpenProcess", "int", $IV_DESIREDACCESS, "int", $IV_INHERITHANDLE, "int", $IV_PID)
60.     If @error Then
61.         DllClose($AH_HANDLE[0])
62.         SetError(3)
63.         Return 0
64.     EndIf
65.     $AH_HANDLE[1] = $AV_OPENPROCESS[0]
66.     Return $AH_HANDLE
67. EndFunc
68.  
69. Func _MemoryClose($ah_Handle)
70.  
71.     If Not IsArray($ah_Handle) Then
72.         SetError(1)
73.         Return 0
74.     EndIf
75.  
76.     DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1])
77.     If Not @Error Then
78.         DllClose($ah_Handle[0])
79.         Return 1
80.     Else
81.         DllClose($ah_Handle[0])
82.         SetError(2)
83.         Return 0
84.     EndIf
85.  
86. EndFunc
87.  
88. Func _MEMORYREAD($IV_ADDRESS, $AH_HANDLE, $SV_TYPE = "Float")
89.     If Not IsArray($AH_HANDLE) Then
90.         SetError(1)
91.         Return 0
92.     EndIf
93.     Local $V_BUFFER = DllStructCreate($SV_TYPE)
94.     If @error Then
95.         SetError(@error + 1)
96.         Return 0
97.     EndIf
98.     DllCall($AH_HANDLE[0], "int", "ReadProcessMemory", "int", $AH_HANDLE[1], "int", $IV_ADDRESS, "ptr", DllStructGetPtr($V_BUFFER), "int", DllStructGetSize($V_BUFFER), "int", "")
99.     If Not @error Then
100.         Local $V_VALUE = DllStructGetData($V_BUFFER, 1)
101.         Return $V_VALUE
102.     Else
103.         SetError(6)
104.         Return 0
105.     EndIf
106. EndFunc
107.  
108. Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'Float')
109.  
110.     If Not IsArray($ah_Handle) Then
111.         SetError(1)
112.         Return 0
113.     EndIf
114.  
115.     Local $v_Buffer = DllStructCreate($sv_Type)
116.  
117.     If @Error Then
118.         SetError(@Error + 1)
119.         Return 0
120.     Else
121.         DllStructSetData($v_Buffer, 1, $v_Data)
122.         If @Error Then
123.             SetError(6)
124.             Return 0
125.         EndIf
126.     EndIf
127.  
128.     DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
129.  
130.     If Not @Error Then
131.         Return 1
132.     Else
133.         SetError(7)
134.         Return 0
135.     EndIf
136.  
137. EndFunc
138.  
139. Func SetPrivilege( $privilege, $bEnable )
140.     Const $TOKEN_ADJUST_PRIVILEGES = 0x0020
141.     Const $TOKEN_QUERY = 0x0008
142.     Const $SE_PRIVILEGE_ENABLED = 0x0002
143.     Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv
144.     $nTokens = 1
145.     $LUID = DLLStructCreate("dword;int")
146.     If IsArray($privilege) Then    $nTokens = UBound($privilege)
147.     $TOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
148.     $NEWTOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
149.     $hCurrProcess = DLLCall("kernel32.dll","hwnd","GetCurrentProcess")
150.     $SP_auxret = DLLCall("advapi32.dll","int","OpenProcessToken","hwnd",$hCurrProcess[0],   _
151.             "int",BitOR($TOKEN_ADJUST_PRIVILEGES,$TOKEN_QUERY),"int_ptr",0)
152.     If $SP_auxret[0] Then
153.         $hToken = $SP_auxret[3]
154.         DLLStructSetData($TOKEN_PRIVILEGES,1,1)
155.         $nTokenIndex = 1
156.         While $nTokenIndex <= $nTokens
157.             If IsArray($privilege) Then
158.                 $priv = $privilege[$nTokenIndex-1]
159.             Else
160.                 $priv = $privilege
161.             EndIf
162.             $ret = DLLCall("advapi32.dll","int","LookupPrivilegeValue","str","","str",$priv,   _
163.                     "ptr",DLLStructGetPtr($LUID))
164.             If $ret[0] Then
165.                 If $bEnable Then
166.                     DLLStructSetData($TOKEN_PRIVILEGES,2,$SE_PRIVILEGE_ENABLED,(3 * $nTokenIndex))
167.                 Else
168.                     DLLStructSetData($TOKEN_PRIVILEGES,2,0,(3 * $nTokenIndex))
169.                 EndIf
170.                 DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,1),(3 * ($nTokenIndex-1)) + 1)
171.                 DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,2),(3 * ($nTokenIndex-1)) + 2)
172.                 DLLStructSetData($LUID,1,0)
173.                 DLLStructSetData($LUID,2,0)
174.             EndIf
175.             $nTokenIndex += 1
176.         WEnd
177.         $ret = DLLCall("advapi32.dll","int","AdjustTokenPrivileges","hwnd",$hToken,"int",0,   _
178.                 "ptr",DllStructGetPtr($TOKEN_PRIVILEGES),"int",DllStructGetSize($NEWTOKEN_PRIVILEGES),   _
179.                 "ptr",DllStructGetPtr($NEWTOKEN_PRIVILEGES),"int_ptr",0)
180.         $f = DLLCall("kernel32.dll","int","GetLastError")
181.     EndIf
182.     $NEWTOKEN_PRIVILEGES=0
183.     $TOKEN_PRIVILEGES=0
184.     $LUID=0
185.     If $SP_auxret[0] = 0 Then Return 0
186.     $SP_auxret = DLLCall("kernel32.dll","int","CloseHandle","hwnd",$hToken)
187.     If Not $ret[0] And Not $SP_auxret[0] Then Return 0
188.     return $ret[0]
189. EndFunc   ;==>SetPrivilege