Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <EditConstants.au3>
- #include <GUIConstantsEx.au3>
- #include <StaticConstants.au3>
- #include <WindowsConstants.au3>
- #include <GUIConstants.au3>
- Opt("GUIOnEventMode", 1)
- SetPrivilege("SeDebugPrivilege", 1)
- #Region ### START Koda GUI section ### Form=C:\Program Files\AutoIt3\SciTE\Koda\Forms\step 8.kxf
- $Step8 = GUICreate("Pokemon Hack", 387, 157, 192, 124)
- GUISetOnEvent($GUI_EVENT_CLOSE, "Close")
- $PID = GUICtrlCreateLabel("PID", 40, 32, 22, 17)
- $Score = GUICtrlCreateLabel("Score", 40, 72, 31, 17)
- $Input1 = GUICtrlCreateInput("0", 104, 32, 65, 21)
- $Input2 = GUICtrlCreateInput("0", 104, 72, 65, 21)
- $Hack = GUICtrlCreateLabel("Hack", 40, 112, 30, 17)
- $Input3 = GUICtrlCreateInput("0", 104, 112, 65, 21)
- $Button = GUICtrlCreateButton("Hack", 216, 64, 81, 33)
- GUICtrlSetOnEvent($Button, "hack")
- AdlibRegister("main", 400)
- GUISetState(@SW_SHOW)
- #EndRegion ### END Koda GUI section ###
- While 1
- Sleep(100)
- WEnd
- Func Close()
- Exit
- EndFunc
- Func main()
- Global $PID = ProcessExists("picachu.exe")
- ;If $PID = 0 Then MsgBox(0,"Error","App Not Running")
- Global $HPROCESS = _MEMORYOPEN($PID)
- Global $base = 0x4B6088
- Global $base1 = _MEMORYREAD($base,$HPROCESS)
- GUICtrlSetData ($Input1 ,$PID)
- GUICtrlSetData ($Input2 ,$base1)
- _MemoryClose($PID)
- EndFunc
- Func hack()
- Global $cheat_score = GUICtrlRead($Input3)
- _MemoryWrite($base,$HPROCESS,$cheat_score)
- EndFunc
- Func _MEMORYOPEN($IV_PID, $IV_DESIREDACCESS = 2035711, $IV_INHERITHANDLE = 1)
- If Not ProcessExists($IV_PID) Then
- SetError(1)
- Return 0
- EndIf
- Local $AH_HANDLE[2] = [DllOpen("kernel32.dll")]
- If @error Then
- SetError(2)
- Return 0
- EndIf
- Local $AV_OPENPROCESS = DllCall($AH_HANDLE[0], "int", "OpenProcess", "int", $IV_DESIREDACCESS, "int", $IV_INHERITHANDLE, "int", $IV_PID)
- If @error Then
- DllClose($AH_HANDLE[0])
- SetError(3)
- Return 0
- EndIf
- $AH_HANDLE[1] = $AV_OPENPROCESS[0]
- Return $AH_HANDLE
- EndFunc
- Func _MemoryClose($ah_Handle)
- If Not IsArray($ah_Handle) Then
- SetError(1)
- Return 0
- EndIf
- DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1])
- If Not @Error Then
- DllClose($ah_Handle[0])
- Return 1
- Else
- DllClose($ah_Handle[0])
- SetError(2)
- Return 0
- EndIf
- EndFunc
- Func _MEMORYREAD($IV_ADDRESS, $AH_HANDLE, $SV_TYPE = "Float")
- If Not IsArray($AH_HANDLE) Then
- SetError(1)
- Return 0
- EndIf
- Local $V_BUFFER = DllStructCreate($SV_TYPE)
- If @error Then
- SetError(@error + 1)
- Return 0
- EndIf
- DllCall($AH_HANDLE[0], "int", "ReadProcessMemory", "int", $AH_HANDLE[1], "int", $IV_ADDRESS, "ptr", DllStructGetPtr($V_BUFFER), "int", DllStructGetSize($V_BUFFER), "int", "")
- If Not @error Then
- Local $V_VALUE = DllStructGetData($V_BUFFER, 1)
- Return $V_VALUE
- Else
- SetError(6)
- Return 0
- EndIf
- EndFunc
- Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'Float')
- If Not IsArray($ah_Handle) Then
- SetError(1)
- Return 0
- EndIf
- Local $v_Buffer = DllStructCreate($sv_Type)
- If @Error Then
- SetError(@Error + 1)
- Return 0
- Else
- DllStructSetData($v_Buffer, 1, $v_Data)
- If @Error Then
- SetError(6)
- Return 0
- EndIf
- EndIf
- DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
- If Not @Error Then
- Return 1
- Else
- SetError(7)
- Return 0
- EndIf
- EndFunc
- Func SetPrivilege( $privilege, $bEnable )
- Const $TOKEN_ADJUST_PRIVILEGES = 0x0020
- Const $TOKEN_QUERY = 0x0008
- Const $SE_PRIVILEGE_ENABLED = 0x0002
- Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv
- $nTokens = 1
- $LUID = DLLStructCreate("dword;int")
- If IsArray($privilege) Then $nTokens = UBound($privilege)
- $TOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
- $NEWTOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
- $hCurrProcess = DLLCall("kernel32.dll","hwnd","GetCurrentProcess")
- $SP_auxret = DLLCall("advapi32.dll","int","OpenProcessToken","hwnd",$hCurrProcess[0], _
- "int",BitOR($TOKEN_ADJUST_PRIVILEGES,$TOKEN_QUERY),"int_ptr",0)
- If $SP_auxret[0] Then
- $hToken = $SP_auxret[3]
- DLLStructSetData($TOKEN_PRIVILEGES,1,1)
- $nTokenIndex = 1
- While $nTokenIndex <= $nTokens
- If IsArray($privilege) Then
- $priv = $privilege[$nTokenIndex-1]
- Else
- $priv = $privilege
- EndIf
- $ret = DLLCall("advapi32.dll","int","LookupPrivilegeValue","str","","str",$priv, _
- "ptr",DLLStructGetPtr($LUID))
- If $ret[0] Then
- If $bEnable Then
- DLLStructSetData($TOKEN_PRIVILEGES,2,$SE_PRIVILEGE_ENABLED,(3 * $nTokenIndex))
- Else
- DLLStructSetData($TOKEN_PRIVILEGES,2,0,(3 * $nTokenIndex))
- EndIf
- DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,1),(3 * ($nTokenIndex-1)) + 1)
- DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,2),(3 * ($nTokenIndex-1)) + 2)
- DLLStructSetData($LUID,1,0)
- DLLStructSetData($LUID,2,0)
- EndIf
- $nTokenIndex += 1
- WEnd
- $ret = DLLCall("advapi32.dll","int","AdjustTokenPrivileges","hwnd",$hToken,"int",0, _
- "ptr",DllStructGetPtr($TOKEN_PRIVILEGES),"int",DllStructGetSize($NEWTOKEN_PRIVILEGES), _
- "ptr",DllStructGetPtr($NEWTOKEN_PRIVILEGES),"int_ptr",0)
- $f = DLLCall("kernel32.dll","int","GetLastError")
- EndIf
- $NEWTOKEN_PRIVILEGES=0
- $TOKEN_PRIVILEGES=0
- $LUID=0
- If $SP_auxret[0] = 0 Then Return 0
- $SP_auxret = DLLCall("kernel32.dll","int","CloseHandle","hwnd",$hToken)
- If Not $ret[0] And Not $SP_auxret[0] Then Return 0
- return $ret[0]
- EndFunc ;==>SetPrivilege
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement