Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- typedef DWORD_PTR(__stdcall *_qDeCrypt)(DWORD_PTR esi);
- PVOID codeMem = NULL;
- template<typename T> T rol(T val, size_t count)
- {
- size_t bitcount = sizeof(T) * 8;
- count %= bitcount;
- return (val << count) | (val >> (bitcount - count));
- }
- DWORD_PTR DecryptData(DWORD_PTR cryptedOffset, DWORD_PTR decryptFuncBase)
- {
- if (codeMem == NULL)
- codeMem = VirtualAlloc(0, 1024, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
- DWORD_PTR _esi = mem->RPM<DWORD_PTR>(cryptedOffset + 8, 8);
- DWORD_PTR raxrbx = mem->RPM<DWORD_PTR>(cryptedOffset, 8);
- DWORD key1 = (DWORD(raxrbx) >> 8); //shr edx,08
- BYTE key2 = BYTE(raxrbx) ^ BYTE(key1); //xor dl,dil
- DWORD key3 = rol<BYTE>(key2, BYTE(raxrbx)); //rol dl,cl
- DWORD index = key3 & 0x1F; //and edx,1F
- DWORD_PTR targetFunc = mem->RPM<DWORD_PTR>(decryptFuncBase + (index * 8), 8);
- if(!ReadProcessMemory(mem->GetHandle(), (LPVOID)targetFunc, codeMem, 60, NULL))
- {
- return 0;
- }
- if (*(WORD*)(codeMem) != 0xC148) //ror ecx,xx
- return 0;
- _qDeCrypt qDecrypt3 = (_qDeCrypt)codeMem;
- auto ret = qDecrypt3(_esi);
- ZeroMemory(codeMem, 60);
- return ret;
- }
- auto PersistentLevel = mem->RPM<DWORD_PTR>(global::pUWorld + 0x30, 0x8);
- uint64_t DecryptedActorArrayPointer = DecryptData(PersistentLevel + 0xA0, mem->GetBase() + 0x3DAA540);
- uint64_t ActorArray = mem->RPM<DWORD_PTR>(DecryptedActorArrayPointer + 0x0, 0x8);
- uint64_t ActorCount = mem->RPM<DWORD_PTR>(DecryptedActorArrayPointer + 0x8, 0x8);
- if (ActorCount > 0)
- {
- DrawShadowString(25, 25, 255, 0, 0, pFont, "ACount: %i", ActorCount);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
