mem.cpp - C++ library to use for manipulating memory of a singleplayer game, "Supreme Commander"

1. #include <iostream>
2. #include <Windows.h>
3. #include <Psapi.h>
4. #include <thread>
5. #include <vector>
6. #include <tlhelp32.h>
7. #include <tchar.h>
8. using namespace std;
9. extern "C"
10. {
11.     DWORD GetProcessBaseAddress(HANDLE processHandle)
12.     {
13.         DWORD   baseAddress = 0;
14.         HMODULE* moduleArray;
15.         LPBYTE      moduleArrayBytes;
16.         DWORD       bytesRequired;
17.  
18.         if (processHandle)
19.         {
20.             if (EnumProcessModules(processHandle, NULL, 0, &bytesRequired))
21.             {
22.                 if (bytesRequired)
23.                 {
24.                     moduleArrayBytes = (LPBYTE)LocalAlloc(LPTR, bytesRequired);
25.  
26.                     if (moduleArrayBytes)
27.                     {
28.                         unsigned int moduleCount;
29.  
30.                         moduleCount = bytesRequired / sizeof(HMODULE);
31.                         moduleArray = (HMODULE*)moduleArrayBytes;
32.  
33.                         if (EnumProcessModules(processHandle, moduleArray, bytesRequired, &bytesRequired))
34.                         {
35.                             baseAddress = (DWORD)moduleArray[0];
36.                         }
37.  
38.                         LocalFree(moduleArrayBytes);
39.                     }
40.                 }
41.             }
42.  
43.             CloseHandle(processHandle);
44.         }
45.  
46.         return baseAddress;
47.     }
48.  
49.     char* GetModuleBase(const wchar_t* ModuleName, DWORD procID)
50.     {
51.         MODULEENTRY32 ModuleEntry = { 0 };
52.         HANDLE SnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procID);
53.  
54.         if (!SnapShot) return NULL;
55.  
56.         ModuleEntry.dwSize = sizeof(ModuleEntry);
57.  
58.         if (!Module32First(SnapShot, &ModuleEntry)) return NULL;
59.  
60.         do
61.         {
62.             if (!wcscmp(ModuleEntry.szModule, ModuleName))
63.             {
64.                 CloseHandle(SnapShot);
65.                 return (char*)ModuleEntry.modBaseAddr;
66.             }
67.         } while (Module32Next(SnapShot, &ModuleEntry));
68.  
69.         CloseHandle(SnapShot);
70.         return NULL;
71.     }
72.  
73.     HANDLE procHandle;
74.     DWORD entityAddr;
75.     DWORD baseAddr;
76.     //string checkAgainst = "d:/game stuff/steam/steam ui/steamapps/common/supreme commander/schook/lua/aibrain.lua";
77.     //BYTE checkAgainstBT[] = { 0x64,0x3A,0x2F,0x67,0x61,0x6D,0x65,0x20,0x73,0x74,0x75,0x66,0x66,0x2F,0x73,0x74,0x65,0x61,0x6D,0x2F,0x73,0x74,0x65,0x61,0x6D,0x20,0x75,0x69,0x2F,0x73,0x74,0x65,0x61,0x6D,0x61,0x70,0x70,0x73,0x2F,0x63,0x6F,0x6D,0x6D,0x6F,0x6E,0x2F,0x73,0x75,0x70,0x72,0x65,0x6D,0x65,0x20,0x63,0x6F,0x6D,0x6D,0x61,0x6E,0x64,0x65,0x72,0x2F,0x73,0x63,0x68,0x6F,0x6F,0x6B,0x2F,0x6C,0x75,0x61,0x2F,0x61,0x69,0x62,0x72,0x61,0x69,0x6E,0x2E,0x6C,0x75,0x61 };
78.     BYTE checkAgainstBT[] = { 0x45,0x52,0x52,0x4F,0x52,0x3A,0x20,0x41,0x74,0x74,0x65,0x6D,0x70,0x74,0x20,0x74,0x6F,0x20,0x61,0x64,0x64,0x20,0x55,0x6E,0x69,0x74,0x42,0x75,0x69,0x6C,0x74,0x50,0x65,0x72,0x63,0x65,0x6E,0x74,0x61,0x67,0x65,0x43,0x61,0x6C,0x6C,0x62,0x61,0x63,0x6B,0x20,0x62,0x75,0x74,0x20,0x69,0x6E,0x76,0x61,0x6C,0x69,0x64,0x20,0x64,0x61,0x74,0x61,0x20,0x67,0x69,0x76,0x65,0x6E,0x00 };
79.     DWORD offsetFromBYTEArr = 0x63;
80.     DWORD scanAllProcMem(DWORD startAddr, DWORD endAddr)
81.     {
82.         //
83.  
84.         // FIND AN EFFICIENT WAY TO DO THIS THAT DOESNT TAKE MORE THAN 10 SECONDS PLEASE
85.  
86.         //
87.         //cout << hex << GetProcessBaseAddress(procHandle) + 0x30DA0D43 << endl;
88.         //for (int i = baseAddr + 0x309A0D43;; i++)
89.         DWORD curAddr;
90.         BYTE read[sizeof(checkAgainstBT) * 1500];
91.         ReadProcessMemory(procHandle, (LPCVOID)(startAddr), &read, sizeof(read), NULL);
92.         for(int i = 0; i < endAddr; i++)
93.         {
94.             if (i > sizeof(checkAgainstBT) * 1500)
95.                 ReadProcessMemory(procHandle, (LPCVOID)(startAddr + i), &read, sizeof(read), NULL);
96.             if (memcmp(checkAgainstBT, read, sizeof(checkAgainstBT)) == 0)
97.             {
98.                 return startAddr + i + offsetFromBYTEArr;
99.             }
100.             /*if (memcmp(checkAgainstBT, read, sizeof(checkAgainstBT)) == 0)
101.                 return i - 0xF0;*/
102.  
103.             /*char read[86];
104.             string cur;
105.             for (int x = 0; x < sizeof(read); x++)
106.             {
107.  
108.  
109.                 cur += read[x];
110.                 if (cur.length() > 172)
111.                     cur = cur.substr(1, 172);
112.                 if (cur == checkAgainst)
113.                     return i;
114.             }*/
115.         }
116.         //return scanAllProcMem(startAddr, endAddr);
117.         return NULL;
118.     }
119.     __declspec(dllexport) int maxEnergy()
120.     {
121.         if (entityAddr != NULL && procHandle != NULL)
122.         {
123.             int data = 500;
124.             ReadProcessMemory(procHandle, (LPCVOID)(entityAddr + 0x28), &data, sizeof(data), 0);
125.             float dataF = data;
126.             WriteProcessMemory(procHandle, (LPVOID)entityAddr, &dataF, sizeof(dataF), NULL);
127.         }
128.         else
129.             return 0;
130.     }
131.     __declspec(dllexport) int maxMass()
132.     {
133.         if (entityAddr != NULL && procHandle != NULL)
134.         {
135.             int data = 500;
136.             ReadProcessMemory(procHandle, (LPCVOID)(entityAddr + 0x30), &data, sizeof(data), 0);
137.             float dataF = data;
138.             WriteProcessMemory(procHandle, (LPVOID)(entityAddr + 0x04), &dataF, sizeof(dataF), NULL);
139.         }
140.         else
141.             return 0;
142.     }
143.     // FreeER's code
144.     DWORD readPointerChain(HANDLE phandle, DWORD base, int* offsets, size_t numOffsets)
145.     {
146.         DWORD addr = base;
147.         SIZE_T read;
148.         for (size_t i = 0; i < numOffsets; i++)
149.         {
150.             BOOL success = ReadProcessMemory(phandle, (void*)addr, &addr, sizeof(addr), &read);
151.             if (!success) { cout << "failed to read " << hex << addr; return 0; }
152.             addr += offsets[i];
153.             //cout << "end address " << hex << addr << endl;
154.         }
155.         return addr;
156.     }
157.     __declspec(dllexport) int scanForProc()
158.     {
159.         baseAddr = GetProcessBaseAddress(procHandle);
160.         HWND hGameWin = FindWindowA(NULL, "Supreme Commander");
161.         if (hGameWin == NULL)
162.         {
163.             procHandle = NULL;
164.             cout << "no sup com open, dummy!" << endl;
165.         }
166.         else
167.         {
168.             DWORD procID;
169.             GetWindowThreadProcessId(hGameWin, &procID);
170.             procHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID);
171.  
172.             // [[[[baseaddr] + 0x00994378] + 0x34] + 0x10] + 0x588
173.            
174.             int offsets[] = { 0x920, 0x0, 0x100, 0x10, 0x18, 0x9c, 0x48 };
175.             entityAddr = readPointerChain(procHandle, (DWORD)(GetModuleBase(L"MohoEngine.dll", procID) + 0x00991030), offsets, sizeof(offsets) / 4) - 0x30;// + 0x00994378 + 0x34 + 0x0 + 0x10 + 0x588;
176.             int newval = 5000;
177.             WriteProcessMemory(procHandle, (LPVOID)entityAddr, &newval, sizeof(newval), NULL);
178.             //entityAddr = scanAllProcMem(0x30B90F77, 0x40000000);
179.             cout << hex << entityAddr << endl;
180.             //WriteProcessMemory(procHandle, (LPVOID)0x33981CA8, &newval, sizeof(newval), NULL);
181.         }
182.         return entityAddr;
183.     }
184. }