/*PrintExploit, developed by Powerful. This is a very simple exploit and it ju

1. /*
2. PrintExploit, developed by Powerful. This is a very simple exploit and it just prints directly
3. to the ROBLOX Developer Console. It's a useless exploit, but it's a start for the ones who want
4. to develop an exploit w/out copying other sources. I'm sure some of you guys will find this useful.
5. This exploit doesn't require a Scanner, so there is no need for a scanner. It's just a Simple
6. Console-Based Exploit that may have no meaning, but will get you in to exploiting.
7. */
8.  
9. // PrintExploit Includes
10.  
11. #include <Windows.h>
12. #include <iostream>
13. #include <istream>
14. #include <string>
15.  
16. // Define(s)
17. #define _CRT_SECURE_NO_WARNINGS
18.  
19. int main() { return 0; }
20.  
21. // Most exploit developers won't use this, but it's for the sake of a beginner source code.
22.  
23. using namespace std;
24.  
25. // Now let's get on with the actual source code.
26.  
27. namespace PrintExploit {
28. namespace Integers {
29. int OutputType = 0; // 0 = Print, 1 = Info, 2 = Warn, 3 = Error
30. }
31. }
32.  
33. // As you guys call the "Aslr" bypass. It's not really even a bypass, but okay.
34.  
35. int Address(int Offset) {
36. return (Offset - 0x00400000 + (DWORD)GetModuleHandle("RobloxPlayerBeta.exe"));
37. }
38.  
39. // Now let's create the typedef for Singleton->Printf()
40.  
41. typedef int(__cdecl *SINGLETON)(int a1, const char *a2);
42. SINGLETON SingletonPrint = (SINGLETON)Address(0x51EB70);
43.  
44. // This code is leaked publicly, so I'll just use this. I'm not sure who made it originally though. But credits to whoever you are.
45.  
46. void ConsoleBypass() {
47. DWORD CheckerValue;
48. VirtualProtect((PVOID)&FreeConsole, 1, PAGE_EXECUTE_READWRITE, &CheckerValue);
49. *(BYTE*)(&FreeConsole) = (0xC3);
50. }
51.  
52. // Now let's create a Console Function. This just makes it easier for me to read my own code for some reason.
53.  
54. void Console(const char* ConsoleTitle) {
55. ConsoleBypass();
56. AllocConsole();
57. SetConsoleTitleA(ConsoleTitle);
58. freopen("CONOUT$", "w", stdout);
59. freopen("CONIN$", "r", stdin);
60. HWND ConsoleHandle = GetConsoleWindow();
61. ::SetWindowPos(ConsoleHandle, HWND_TOPMOST, 0, 0, 0, 0, SWP_DRAWFRAME | SWP_NOMOVE | SWP_NOSIZE | SWP_SHOWWINDOW);
62. ::ShowWindow(ConsoleHandle, SW_NORMAL);
63. }
64.  
65. // Here is the actual start of the program.
66.  
67. void MainFunction() {
68. Console("Print Exploit");
69. do {
70. string OutputString = "";
71. getline(cin, OutputString);
72. SingletonPrint(PrintExploit::Integers::OutputType, OutputString.c_str());
73. } while (true);
74. }
75.  
76. // Here is the end (dllmain) which creates a thread and executes the code above when injected.
77.  
78. int __stdcall DllMain(HMODULE a, DWORD b, void* c) {
79. if (b == 1) {
80. CreateThread(0, 0, (LPTHREAD_START_ROUTINE)MainFunction, 0, 0, 0);
81. }
82. return TRUE;
83. }