Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- GD RNG Hack (template)
- */
- #include <windows.h>
- #include <TlHelp32.h>
- #include <string>
- #include <iostream>
- //HookFunction is kinda useless, but since this is a template, I prefer using it so I can use a large payload
- bool HookFunction(HANDLE Process, void *Function, void *Callback, byte * Backup)
- {
- byte jmp = 0xE9;
- DWORD oldProtect, newProtect, offset;
- offset = reinterpret_cast<unsigned long>(Callback) - reinterpret_cast<unsigned long>(Function) - 5;
- if (!(VirtualProtectEx(Process, Function, 5, PAGE_EXECUTE_READWRITE, &oldProtect) &&
- ReadProcessMemory(Process, Function, Backup, 5, NULL) &&
- WriteProcessMemory(Process, Function, &jmp, 1, NULL) &&
- WriteProcessMemory(Process, reinterpret_cast<void*>(reinterpret_cast<unsigned long>(Function) + 1), &offset, 4, NULL) &&
- VirtualProtectEx(Process, Function, 5, oldProtect, &newProtect)))
- {
- return false;
- }
- return true;
- }
- bool UnhookFunction(HANDLE Process, void *Function, byte *Buffer)
- {
- DWORD oldProtect, newProtect;
- if (!(VirtualProtectEx(Process, Function, 5, PAGE_EXECUTE_READWRITE, &oldProtect) &&
- WriteProcessMemory(Process, Function, Buffer, 5, NULL) &&
- VirtualProtectEx(Process, Function, 5, oldProtect, &newProtect)))
- {
- return false;
- }
- return true;
- }
- unsigned long GetModuleAddress(unsigned int ProcessID)
- {
- unsigned long addr = 0;
- HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessID);
- if (snapshot != INVALID_HANDLE_VALUE)
- {
- MODULEENTRY32 mod = { 0 };
- mod.dwSize = sizeof(MODULEENTRY32);
- if (Module32First(snapshot, &mod))
- {
- do
- {
- if (std::string(mod.szModule) == "msvcr120.dll" ||
- std::string(mod.szModule) == "MSVCR120.DLL" ||
- std::string(mod.szModule) == "MSVCR120.dll")
- {
- addr = reinterpret_cast<unsigned long>(mod.modBaseAddr);
- break;
- }
- } while (Module32Next(snapshot, &mod));
- }
- CloseHandle(snapshot);
- }
- return addr;
- }
- unsigned long GetOffset()
- {
- unsigned long off = 0;
- HMODULE mod = LoadLibraryExA("msvcr120.dll", NULL, DONT_RESOLVE_DLL_REFERENCES);
- if (mod == NULL) return 0;
- off = reinterpret_cast<unsigned long>(GetProcAddress(mod, "rand"));
- if (off > 0) off -= reinterpret_cast<unsigned long>(mod);
- if (FreeLibrary(mod) == FALSE) return 0;
- return off;
- }
- void * AllocatePayload(HANDLE Process)
- {
- byte payload[] = { 0xB8, 0xFF, 0xFF, 0xFF, 0x7F, 0xC3 };
- void * addr = VirtualAllocEx(Process, 0, 6, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
- return WriteProcessMemory(Process, addr, &payload, 6, NULL) ? addr : nullptr;
- }
- bool WriteValue(HANDLE Process, void *Address, unsigned long Value)
- {
- return WriteProcessMemory(Process, reinterpret_cast<void*>(reinterpret_cast<unsigned long>(Address) + 1), &Value, 4, NULL);
- }
- int main()
- {
- HWND window = NULL;
- unsigned long pID = 0, k = 0;
- HANDLE proc = NULL;
- void * addrOfRand = 0, *addrOfPayload = 0;
- byte * backup = new byte[5];
- bool state = true;
- std::string buffer;
- SetConsoleTitleA("RNG Hack");
- std::cout << "Waiting for Geometry Dash..." << std::endl;
- while (window == NULL)
- {
- Sleep(250);
- window = FindWindowA(0, "Geometry Dash");
- }
- GetWindowThreadProcessId(window, &pID);
- proc = OpenProcess(PROCESS_ALL_ACCESS, NULL, pID);
- if (proc == INVALID_HANDLE_VALUE)
- {
- std::cout << "ERROR: cannot attach Geometry Dash." << std::endl;
- std::cin.get();
- return 0;
- }
- addrOfRand = reinterpret_cast<void*>(GetModuleAddress(pID) + GetOffset());
- if (!addrOfRand)
- {
- std::cout << "ERROR: cannot get function address." << std::endl;
- std::cin.get();
- return 0;
- }
- addrOfPayload = AllocatePayload(proc);
- if (addrOfPayload == nullptr)
- {
- std::cout << "ERROR: payload injection failed." << std::endl;
- std::cin.get();
- return 0;
- }
- if (!HookFunction(proc, addrOfRand, addrOfPayload, backup))
- {
- std::cout << "ERROR: hooking failed." << std::endl;
- std::cin.get();
- return 0;
- }
- for (;;)
- {
- system("cls");
- std::cout << "State: " << (state ? "enabled" : "disabled") << std::endl;
- std::cout << "Enter a valid number (or leave empty to change the state): " << std::endl;
- std::getline(std::cin, buffer);
- if (buffer == "")
- {
- if (state)
- {
- if (!UnhookFunction(proc, addrOfRand, backup))
- {
- std::cout << "ERROR: unhooking failed." << std::endl;
- std::cin.get();
- return 0;
- }
- std::cout << "Hack disabled." << std::endl;
- }
- else
- {
- if (!HookFunction(proc, addrOfRand, addrOfPayload, backup))
- {
- std::cout << "ERROR: hooking failed." << std::endl;
- std::cin.get();
- return 0;
- }
- std::cout << "Hack enabled." << std::endl;
- }
- state ^= 1;
- }
- else
- {
- try
- {
- if (!state)
- {
- std::cout << "Hack is disabled. Please enable it." << std::endl;
- }
- else
- {
- k = std::stoul(buffer, nullptr, 10);
- if (!WriteValue(proc, addrOfPayload, k))
- {
- std::cout << "ERROR: cannot write on payload." << std::endl;
- std::cin.get();
- return 0;
- }
- }
- }
- catch (const std::invalid_argument&)
- {
- std::cout << "Invalid number." << std::endl;
- }
- }
- std::cin.get();
- }
- std::cin.get();
- return 0;
- }
Add Comment
Please, Sign In to add comment