Untitled

//uploaded by sahar.
// Remove rarely used stuff from windows.h
#define WIN32_LEAN_AND_MEAN
#define WIN32_EXTRA_LEAN

// Include headers
#include <windows.h>
#include <dirent.h>
#include <stdio.h>
#include <time.h>

// All background music in GunZ is loaded into memory.
// This is what this constant is.
#define FSOUND_LOADMEMORY 0x00008000


// Signature searching functions
#define FindSig( pBytes ) FindSigEx( pBytes, sizeof( pBytes ) )
#define FindProc( pBytes ) FramePtr( FindSig( pBytes ) )

void CheckValidPtr( void * ptr, int nSize )
{
    if (IsBadReadPtr( ptr, nSize ))
    {
        char szBuf[256];
        sprintf( szBuf, "MEMORY_ACCESS_VIOLATION occurs at %.8X...\n\nPerhaps you injected into the wrong process or memory permissions have omitted read.\nRegardless, thread will now exit...", ptr );
        MessageBoxA( 0, szBuf, "Signature searcher error", MB_ICONERROR );
        ExitThread( 0 );
    }
}

unsigned long FindSigEx( unsigned char *pBytes, int nSize )
{
    for(int i = 0x401000; i < 0x65FFFF; ++i)
    {
        for(int j = 0; j < nSize; ++j)
        {
            CheckValidPtr( (void*)i, nSize );
            if ((*(unsigned char*)(i + j)) != pBytes[j] && pBytes[j]!=0xEE)
                break;
            if (j==nSize-1)
                return i;
        }
    }
    return 0;
}

// Signature searching functions
unsigned long FramePtr( unsigned long ulAddr )
{
    while(ulAddr>0x401000)
    {
        CheckValidPtr( (void*)ulAddr, sizeof(void*) );
        if (((*(unsigned long*)ulAddr)&0xFFFFFF)==0xEC8B55)
            return ulAddr;
        ulAddr--;
    }
    return 0;
}

// Signature; this is actually the flags used for the sounds
BYTE g_pSignature[] = {0x68, 0x32, 0x81, 0x08, 0x00};

// IAT entry. We will replace this 0x66E708
DWORD * g_pFSOUND_Stream_Open = *(DWORD**) ((FindSig( g_pSignature ) + 11) + (*(DWORD*)(FindSig( g_pSignature ) + 7))+2),

// Save the original value
        g_dwOriginal_FSOUND_Stream_Open = *g_pFSOUND_Stream_Open;

// Create a structure. This is a linked list structure.
typedef struct _LIST
{
    public:
        _LIST( ){
            g_szData = NULL, g_pNext = NULL, g_iEntries = 0; }

        int g_iEntries;
        char * g_szData;
        _LIST * g_pNext;
} LIST;

LIST * pMusicList = new LIST( ); // Create a new list

// Clear the entry list, and delete any allocated memory
void ClearList( )
{
    LIST * pCurrent = pMusicList;
    pCurrent->g_iEntries = 0;
    while( pCurrent->g_pNext )
    {
        if (pCurrent->g_szData)
            delete pCurrent->g_szData;
        LIST * pLast = pCurrent;
        pCurrent = pCurrent->g_pNext;
        delete pLast;
    }
    delete pCurrent;
    pMusicList = new LIST( );
}

// Add an entry
void AddList( char * szString )
{
    LIST * pCurrent = pMusicList;
    pCurrent->g_iEntries++;

    while( pCurrent->g_pNext )
        pCurrent = pCurrent->g_pNext;

    pCurrent->g_szData = new char[strlen( szString ) + 5];
    strcpy( pCurrent->g_szData, "bgm/" );
    strcat( pCurrent->g_szData, szString );
    pCurrent->g_pNext  = new LIST( );
}

// Choose a random entry
char * RandomList( )
{
    LIST * pCurrent = pMusicList;
    if (!pCurrent->g_iEntries)
        return( NULL );
    int iRandom = time(NULL) % pCurrent->g_iEntries;
    for(int i = 0; i < iRandom; i++)
        pCurrent = pCurrent->g_pNext;
    return( pCurrent->g_szData );
}

// This is the fmod hook. This is what is responsible for
// Opening sound data.
void * WINAPI FSOUND_Stream_OpenHook( char * szData, unsigned int uiMode, int nOff, int nLen )
{
    char * szNewData; // Our new sound file

    DIR * pDir = opendir( "bgm" ); // Open the "bgm" directory in GunZ for reading

    if (!pDir) // If the directory could not open
            goto EndOpen; // Return to the original FSOUND_Stream_Open

    ClearList( ); // Clear the list of any entries

    while( dirent * dInfo = readdir( pDir ) ) // While files in the directory exist
        if ( !stricmp( &dInfo->d_name[strlen( dInfo->d_name ) - 4], ".wav" ) || // Check if the file extention is .wav
             !stricmp( &dInfo->d_name[strlen( dInfo->d_name ) - 4], ".raw" ) || // .raw
             !stricmp( &dInfo->d_name[strlen( dInfo->d_name ) - 4], ".mp2" ) || // .mp2
             !stricmp( &dInfo->d_name[strlen( dInfo->d_name ) - 4], ".mp3" ) || // .mp3
             !stricmp( &dInfo->d_name[strlen( dInfo->d_name ) - 4], ".ogg" )    // .ogg
            )
                AddList( dInfo->d_name ); // Then add the filename into the list

    closedir( pDir ); // Close the directory
    szNewData = RandomList( ); // Choose a random entry/filename
    if (!szNewData) // If no random entry was fetched(Meaning no entries are on the list)
        goto EndOpen; // Return to original function
    uiMode &= ~FSOUND_LOADMEMORY; // Omit the FSOUND_LOADMEMORY flag from the parameters
    szData = szNewData; // Replace the filedata to ours( This is the song file )
    nLen = 0; // No length; Offset was set to 0
    nOff = 0; // No offset; Play from the beginning

EndOpen: // Return to the original FSOUND_Stream_Open function
    return ((void*(WINAPI*)( char *, unsigned int, int, int ))g_dwOriginal_FSOUND_Stream_Open)( szData, uiMode, nOff, nLen );
}

// Where the DLL begins
extern "C" bool APIENTRY DllMain( HINSTANCE hInst, DWORD dwReason, LPVOID lpReserved )
{
    if (dwReason == DLL_PROCESS_ATTACH) // If this function was called because the DLL is attached to a process
        * g_pFSOUND_Stream_Open = DWORD( FSOUND_Stream_OpenHook ); // Replace the IAT entry; GunZ will now go to our function everytime it tries to play a sound
    return( true ); // Return true; DLL was successfully injected
}