API tools faq
paste
Caigepayne

Untitled

Caigepayne
Jun 16th, 2020
7,937
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.78 KB | None | 0 0
raw download clone embed print report
  1. #include <iostream>
  2. #include <Windows.h>
  3. #include <vector>
  4. #include <fstream>
  5. #include <string>
  6.  
  7.  
  8.  
  9. /*
  10.  
  11. ===========================================================================
  12. HOW TO READ / WRITE PROCESS MEMORY WITH DLL
  13.  
  14.  
  15. Read / Write ProcessMemory(ProcessHandle, (BYTE*)Address, &FinalAdd, 4, NULL);
  16.  
  17. ReadProcessMemory - Function
  18. ProcessHandle - This is the handle of the program you want to read memory of. This needs to be a HANDLE variable type.
  19. Address - This is the address in the memory that you would like to read
  20. &FinalAdd - This is a varible you want to set / create with the info read. It will read / write it and set what it has found to the variable
  21. 4 - Amount of bytes you want read
  22. NULL - Returns how many bytes was read. This most of the time can just be 0 or NULL
  23.  
  24.  
  25.  
  26. Example -
  27.  
  28. HANDLE ProcessHandle = GetCurrentProcess();
  29. uintptr_t ProcessAddress = (uintptr_t)GetModuleHandle(NULL);
  30. uintptr_t Add1 = ProcessAddress + 0x00748BDC;
  31. uintptr_t FinalAdd;
  32. ReadProcessMemory(ProcessHandle, (BYTE*)Add1, &FinalAdd, 4, NULL);
  33.  
  34. ===========================================================================
  35.  
  36.  
  37. ===========================================================================
  38. HOW FINDING THE CORRECT ADDRESS WORKS
  39.  
  40.  
  41.  
  42. Ok so every address is a hexedecimal. Something that looks like this 0x00748BDC. Every hexedecimal must start with 0x indicating
  43. that it is a hexedecimal.
  44. When using pointers. You MUST remember when finding an address a pointer is pointing to you need to ADD hexedecimals and READ what its pointing to.
  45. For example if a values pointer address is 0xCB+0xCA51. That will point to one address. You must then read what it is pointing to and then
  46. add an OFFSET to that address that you just read. so 0xCB + 0xCA51 = 0xD18BC (for example) but you need to add 0xDC and 0x16 to it.
  47. You dont just Add the offsets to the 0xD18BC. You must read what 0xD18BC is pointing to and add it to that. So if its pointing to
  48. the address 0x8BAC16. You must take that address and add 0xDC to it. You will get a new address then repeat, read what its pointing to and
  49. add the new offset until all offsets are finished and you have gotten to what you want.
  50.  
  51.  
  52. ===========================================================================
  53.  
  54.  
  55. ===========================================================================
  56. HOW TO CALL GAME FUNCTIONS USING THE OFFSET
  57.  
  58. typedef void(_stdcall * _Caller)();
  59. _Caller Call1;
  60.  
  61. uintptr_t ProcessHandle = (uintptr_t)GetModuleHandle(NULL);{
  62. Call1 = (_Caller)(ProcessHandle + 0x9E264);
  63. Call1();
  64. }
  65.  
  66.  
  67. Cant really explain what is happening here but you can get a idea of what is happening. So yea.
  68.  
  69. 0x9E264 = THE FUNCTIONS OFFSET
  70.  
  71. ===========================================================================
  72.  
  73.  
  74. ===========================================================================
  75. HOW TO GET HWND / PROCESSS ID / HANDLE with exe
  76.  
  77. Get the programs hwnd. an example of this is
  78. HWND hwnd = FindWindowA(NULL,"AssultCube");
  79.  
  80. Then get the process id. an example of this is
  81. DWORD procid;
  82. GetWindowThreadProcessId(hwnd, &procid);
  83.  
  84. Then get the handle. an example of this is
  85. HANDLE handle = openProcess(PROCESS_ALL_ACCESS, FALSE,procid)
  86. ===========================================================================
  87. */
  88.  
  89. void CreateDllDebug() {
  90. HANDLE haConsole = GetStdHandle(STD_OUTPUT_HANDLE);
  91. AllocConsole();
  92. FILE* f;
  93. freopen_s(&f, "CONOUT$", "w", stdout);
  94.  
  95.  
  96. SetConsoleTextAttribute(haConsole, 12);
  97. std::cout << "------------------------\n - INJECTED -\n------------------------";
  98. SetConsoleTextAttribute(haConsole, 7);
  99. }
  100.  
  101. uintptr_t FindAddress(HANDLE hProc, uintptr_t ptr, std::vector<unsigned int> offsets)
  102. {
  103. uintptr_t addr = ptr;
  104. for (unsigned int i = 0; i < offsets.size(); ++i)
  105. {
  106. ReadProcessMemory(hProc, (BYTE*)addr, &addr, sizeof(addr), 0);
  107. addr += offsets[i];
  108. }
  109. return addr;
  110. }
  111.  
  112. int* Hook(void* toHook, void* ourFunction, int len, int* SavedBytes) { // The hook function that will redirect the opcode to your own function
  113. if (len < 5) { // When doing a JMP opcode the amount of bytes being written needs to be more than 5 otherwise it wont work
  114. return SavedBytes;
  115. }
  116. else
  117. {
  118. DWORD CurrentProtection; // Creates a variable that will hold the current programs protection
  119. VirtualProtect(toHook, len, PAGE_EXECUTE_READWRITE, &CurrentProtection); // Changes the programs protection to PAGE_EXECUTE_READWRITE and assigns its old protection to CurrentProtection
  120.  
  121. for (int i = 0; i < len; i++) {
  122. SavedBytes[i] = *(BYTE*)((DWORD)toHook + i);
  123. }
  124.  
  125. memset(toHook, 0x90, len); // Sets the amount of bytes written to 0x90 which makes it NOP
  126.  
  127. DWORD relativeAddress = ((DWORD)ourFunction - (DWORD)toHook) - 5; // No idea honestly
  128.  
  129. *(BYTE*)toHook = 0xE9; // 0xE9 is the byte value for jmp - This adds jmp to the opcode
  130. *(DWORD*)((DWORD)toHook + 1) = relativeAddress; // This adds the address that will be jumped to so now it will look like - jmp (address)
  131.  
  132. DWORD tempProtect; // Gets the current protection we set it to (PAGE_EXECUTE_READWRITE)
  133. VirtualProtect(toHook, len, CurrentProtection, &tempProtect); // Puts back the old / default protection
  134.  
  135. return SavedBytes;
  136. }
  137. }
  138.  
  139. bool UnHook(void* toHook, int len, int* SavedBytes) {
  140. if (len < 5) { // When doing a JMP opcode the amount of bytes being written needs to be more than 5 otherwise it wont work
  141. return false;
  142. }
  143. else
  144. {
  145. DWORD CurrentProtection; // Creates a variable that will hold the current programs protection
  146. VirtualProtect(toHook, len, PAGE_EXECUTE_READWRITE, &CurrentProtection); // Changes the programs protection to PAGE_EXECUTE_READWRITE and assigns its old protection to CurrentProtection
  147.  
  148. for (int i = 0; i < sizeof(SavedBytes) + 1; i++) {
  149. *(BYTE*)((DWORD)toHook + i) = SavedBytes[i];
  150. }
  151.  
  152. DWORD tempProtect; // Gets the current protection we set it to (PAGE_EXECUTE_READWRITE)
  153. VirtualProtect(toHook, len, CurrentProtection, &tempProtect); // Puts back the old / default protection
  154.  
  155. return true;
  156. }
  157. }
  158. static int Treenum = 0;
  159.  
  160. void ZTreeMain(std::string Branch, bool NewTree, int Color) {
  161. /*
  162. Colors:
  163. Green - 10
  164. Yellow - 14
  165. Red - 12
  166. */
  167.  
  168.  
  169. HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE);
  170. int Current = 0;
  171.  
  172. if (Color == 0) {
  173. Color = 7;
  174. }
  175.  
  176. if (NewTree == true) {
  177. Treenum = 0;
  178. Color = 7;
  179. Current = 0;
  180. std::cout << std::endl;
  181. SetConsoleTextAttribute(hConsole, 7);
  182. }
  183.  
  184. if (Treenum == 0) {
  185. SetConsoleTextAttribute(hConsole, Color);
  186. std::cout << " " << Branch << std::endl;
  187. Treenum = Treenum++;
  188. }
  189. else {
  190. while (Current < Treenum) {
  191. std::cout << " ";
  192. Current = Current++;
  193. }
  194. std::cout << " \\___";
  195. SetConsoleTextAttribute(hConsole, Color);
  196. std::cout << Branch << std::endl;
  197. Treenum = Treenum++;
  198. SetConsoleTextAttribute(hConsole, 7);
  199. }
  200.  
  201. SetConsoleTextAttribute(hConsole, 7);
  202. }
  203.  
  204. void ZTreeAddress(std::string Branch, uintptr_t Address, int Color) {
  205. HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE);
  206. int Current = 0;
  207.  
  208. if (Color == 0) {
  209. Color = 7;
  210. }
  211. while (Current < Treenum) {
  212. std::cout << " ";
  213. Current = Current++;
  214. }
  215. std::cout << " \\___";
  216. SetConsoleTextAttribute(hConsole, Color);
  217. std::cout << Branch << std::hex << Address << std::endl;
  218. Treenum = Treenum++;
  219. SetConsoleTextAttribute(hConsole, 7);
  220.  
  221. SetConsoleTextAttribute(hConsole, 7);
  222. }
  223.  
  224. void ZTreeValue(std::string Branch, int Value, int Color) {
  225. HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE);
  226. int Current = 0;
  227.  
  228. if (Color == 0) {
  229. Color = 7;
  230. }
  231. while (Current < Treenum) {
  232. std::cout << " ";
  233. Current = Current++;
  234. }
  235. std::cout << " \\___";
  236. SetConsoleTextAttribute(hConsole, Color);
  237. std::cout << Branch << std::hex << Value << std::endl;
  238. Treenum = Treenum++;
  239. SetConsoleTextAttribute(hConsole, 7);
  240.  
  241. SetConsoleTextAttribute(hConsole, 7);
  242. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!