Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- include c:\masm32\include\masm32rt.inc
- .data?
- align dword
- Me32 MODULEENTRY32 <>
- StartAPP db MAX_PATH dup(?)
- hProcess dd ?
- lpBuffer dd ?
- lpNumberOfBytes dd ?
- hwnd dd ?
- lpdwProcessId dd ?
- .data
- Execute db "open",0
- SteamAppURL db "steam://rungameid/550",0
- lpWindowName db "Left 4 Dead 2",0
- SearchDLL db "engine.dll",0
- rAddress dd 0005475Eh
- Patch db 090h,090h
- OrgByte dd 000002EBh
- PatchError db "Ups something is wrong, couldnt patch process!",0
- .code
- main:
- ;start steam application uncut
- invoke lstrcpy,addr StartAPP,addr SteamAppURL
- invoke ShellExecute,0,addr Execute,addr StartAPP,0,0,SW_SHOWMINNOACTIVE
- ; is application window running?
- @searchwindow:
- invoke Sleep,1
- invoke FindWindow,NULL,offset lpWindowName
- cmp eax,0
- je @searchwindow
- mov hwnd,eax ;handle to the window
- ;get the process identifier of the window
- invoke GetWindowThreadProcessId,hwnd,offset lpdwProcessId
- mov hProcess,eax
- ;snapshot of used modules
- invoke CreateToolhelp32Snapshot,TH32CS_SNAPMODULE,lpdwProcessId
- mov edi, eax
- mov Me32.dwSize, sizeof MODULEENTRY32
- invoke Module32First, edi, addr Me32
- ;search loop to find engine.dll in memory
- @searchengine:
- mov eax,dword ptr [Me32.szModule]
- cmp eax,dword ptr [SearchDLL]
- je @domymagic ; do my magic if dll is found
- invoke Module32Next, edi, addr Me32
- test eax, eax
- jmp @searchengine
- @domymagic:
- ;calculate offsets
- mov eax,Me32.modBaseAddr
- add eax,rAddress ;patchoffset1
- mov rAddress,eax
- ;hook process
- invoke OpenProcess,PROCESS_ALL_ACCESS,0,lpdwProcessId
- mov hProcess,eax ;handle to the process
- ;patch memory
- invoke ReadProcessMemory,hProcess,rAddress,addr lpBuffer,2,addr lpNumberOfBytes ;compare code
- mov eax,dword ptr [lpBuffer]
- cmp dword ptr [OrgByte],eax
- je @patch
- jmp @Error
- @patch:
- invoke WriteProcessMemory,hProcess,rAddress,addr Patch,2,addr lpNumberOfBytes ;Patch jmp to nop
- invoke Sleep,30000
- ;repatch memory and close launcher
- invoke WriteProcessMemory,hProcess,rAddress,addr OrgByte,2,addr lpNumberOfBytes ;Patch nop to jmp
- jmp @Exit
- @Error:
- invoke MessageBox,0,addr PatchError,0,0
- @Exit:
- invoke ExitProcess,NULL
- end main
- ;documentation
- ;searchstring in engine.dll
- ;100547C2 68 C43A3010 PUSH engine.10303AC4 ; ASCII "LOWVIOLENCE"
- ;1005475C |. FFD0 CALL EAX ; call steamclient danach is al/eax auf 1
- ;1005475E |. EB 02 JMP SHORT engine.10054762 <- jmp nopen um al/eax auf 0 zu setzen (0 = uncut / 1=cut)
- ;10054760 |> 32C0 XOR AL,AL
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement