Untitled

#include "stdafx.h"
#include "VMProtectSDK.h"
#include <Windows.h>
#include <string>
#include <iostream>
#include <istream>
#include <ostream>

// Below are the virtual tables of many verb classes.
// Roblox has a big structure called "CommonVerbs" which contains every single
// verb on the client, but sadly it was declared with __declspec(novtable) so
// we cannot scan for it. Well, we could get a CommonVerb instance in the
// DataModel but I didn't calculate the offset for it... yet.

// By the way, those are TToolVerbs, which is a verb class specifically used
// to make tools (like hopperbins!).
#define ANCHORTOOL 0x121E61C
#define ROTATETOOL 0x121E45C
#define HAMMERTOOL 0x121E71C
#define CLONETOOL 0x121E6FC
#define GRABTOOL 0x121E6DC

// This is the virtual method that calls ttoolverb->doIt.
#define MOUSETOOL_DOIT 0xA37E10

DWORD rBase = (DWORD)(GetModuleHandleA(NULL));

typedef int(__thiscall* _HammerTool_doIt)(DWORD HammerTool, DWORD Unk);
_HammerTool_doIt MouseTool_doIt = (_HammerTool_doIt)(MOUSETOOL_DOIT - 0x400000 + rBase);

namespace Memory {
    bool Compare(const BYTE *pData, const BYTE *bMask, const char *szMask)
    {
        for (; *szMask; ++szMask, ++pData, ++bMask)
            if (*szMask == 'x' && *pData != *bMask) return 0;
        return (*szMask) == NULL;
    }

    DWORD FindPattern(DWORD dwAddress, DWORD dwLen, BYTE *bMask, char *szMask)
    {
        for (int i = 0; i<(int)dwLen; i++)
            if (Compare((BYTE*)(dwAddress + (int)i), bMask, szMask))  return (int)(dwAddress + i);
        return 0;
    }

    int Scan(DWORD mode, char* content, char* mask, DWORD Offset = 0)
    {
        DWORD PageSize;
        SYSTEM_INFO si;
        GetSystemInfo(&si);
        PageSize = si.dwPageSize;
        MEMORY_BASIC_INFORMATION mi;
        for (DWORD lpAddr = (DWORD)GetModuleHandleA(0) + Offset; lpAddr<0x7FFFFFFF; lpAddr += PageSize)
        {
            DWORD vq = VirtualQuery((void*)lpAddr, &mi, PageSize);
            if (vq == ERROR_INVALID_PARAMETER || vq == 0) break;
            if (mi.Type == MEM_MAPPED) continue;
            if (mi.Protect == mode)
            {
                int addr = FindPattern(lpAddr, PageSize, (PBYTE)content, mask);
                if (addr != 0)
                {
                    return addr;
                }
            }
        }
    }

    int QuickScan(DWORD Mode, char* content, char* mask)
    {
        DWORD PageSize;
        SYSTEM_INFO si;
        GetSystemInfo(&si);
        PageSize = si.dwPageSize;
        MEMORY_BASIC_INFORMATION mi;
        for (DWORD lpAddr = (DWORD)GetModuleHandleA(0); lpAddr<0x7FFFFFFF; lpAddr += PageSize)
        {
            int addr = FindPattern(lpAddr, PageSize, (PBYTE)content, mask);
            if (addr != 0)
            {
                return addr;
            }
        }
    }
}

void OpenConsole(const char* title)
{
    DWORD nOldProtect;
    VirtualProtect(&FreeConsole, 1, PAGE_EXECUTE_READWRITE, &nOldProtect);
    *(BYTE*)(&FreeConsole) = 0xC3;
    VirtualProtect(&FreeConsole, 1, nOldProtect, &nOldProtect);

    AllocConsole();
    SetConsoleTitleA(title);
    freopen("CONOUT$", "w", stdout);
    freopen("CONIN$", "r", stdin);
}

int main()
{
    VMProtectBeginUltra("verbhaxx main");
    OpenConsole("verbhaxx - by Louka @ V3rmillion");

    // Calculate the offset.
    // I obtain addresses in IDA Pro so the base is 0x400000.
    // I just substract IDA's base from the address then add in
    // Roblox's actual base, which gives us an integer to scan for.
    DWORD AnchorTool_ScanFor = (ANCHORTOOL - 0x400000 + rBase);
    DWORD RotateTool_ScanFor = (ROTATETOOL - 0x400000 + rBase);
    DWORD HammerTool_ScanFor = (HAMMERTOOL - 0x400000 + rBase);
    DWORD CloneTool_ScanFor = (CLONETOOL - 0x400000 + rBase);
    DWORD GrabTool_ScanFor = (GRABTOOL - 0x400000 + rBase);

    // Scan the verbs.
    printf("Verb Table (please wait ~10 seconds): \n-> HammerTool: ");
    DWORD HammerTool = Memory::Scan(PAGE_READWRITE, (char*)&HammerTool_ScanFor, "xxxx");
    printf("OK (%x)\n-> CloneTool: ", HammerTool);
    DWORD CloneTool = Memory::Scan(PAGE_READWRITE, (char*)&CloneTool_ScanFor, "xxxx");
    printf("OK (%x)\n-> GrabTool: ", CloneTool);
    DWORD GrabTool = Memory::Scan(PAGE_READWRITE, (char*)&GrabTool_ScanFor, "xxxx");
    printf("OK (%x)\n-> RotateTool: ", GrabTool);
    DWORD RotateTool = Memory::Scan(PAGE_READWRITE, (char*)&RotateTool_ScanFor, "xxxx");
    printf("OK (%x)\n-> AnchorTool: ", RotateTool);
    DWORD AnchorTool = Memory::Scan(PAGE_READWRITE, (char*)&AnchorTool_ScanFor, "xxxx");
    printf("OK (%x)\n");

    while (FindWindowW(NULL, L"ROBLOX"))
    {
            printf(">");
            std::string VerbIn;
            std::getline(std::cin, VerbIn);
            if (VerbIn == "HammerTool")
            {
                MouseTool_doIt(HammerTool, NULL);
                continue;
            }

            if (VerbIn == "CloneTool")
            {
                MouseTool_doIt(CloneTool, NULL);
                continue;
            }

            if (VerbIn == "GrabTool")
            {
                MouseTool_doIt(GrabTool, NULL);
                continue;
            }

            if (VerbIn == "RotateTool")
            {
                MouseTool_doIt(RotateTool, NULL);
                continue;
            }

            if (VerbIn == "AnchorTool")
            {
                MouseTool_doIt(AnchorTool, NULL);
                continue;
            }

            printf("Invalid verb!\n");
    }
    VMProtectEnd();
    return TRUE;
}