Tm Carjump

1. #include "Windows.h"
2. #include <stdio.h>
3. #include "tlhelp32.h"
4.  
5. DWORD_PTR dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *szModuleName);
6. DWORD FindDmaAddy(int PointerLevel, HANDLE hProcHandle, DWORD Offests[], DWORD BaseAddress);
7.  
8. int main()
9. {
10.     HWND hWindow = 0;
11.     while (hWindow == NULL)
12.     {
13.         hWindow = FindWindow(NULL, "TmForever");
14.         Sleep(1000);
15.     }
16.  
17.     DWORD dwProcessID = -1;
18.     GetWindowThreadProcessId(hWindow, &dwProcessID);
19.  
20.     if (dwProcessID == -1)
21.         printf("Error: ProcessID not found!");
22.  
23.     HANDLE hGameHandle = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, false, dwProcessID);
24.  
25.     if (!hGameHandle)
26.         printf("Error: GameHandle");
27.     printf("Loading hack....");
28.     DWORD baseAddress = dwGetModuleBaseAddress( dwProcessID,_T("TmForever.exe"));
29.     //dwGetModuleBaseAddress just returns 0000000 :(
30.     //baseAddress = {0x07E16430};    // i used this to test some functions. i used the base i got from cheatengine
31.     //but it didnt work with the pTemp in FindDmaAddy it was always 1
32.     DWORD staticOffset = { 0x976A7C }; //this is never used.. i dont know how to use this
33.     DWORD TmaniaOffset[] = { 0x188, 0x58, 0x328, 0xEE };
34.     DWORD AddressToWrite = FindDmaAddy(4, hGameHandle, TmaniaOffset, baseAddress );
35.     int coordinate;
36.     ReadProcessMemory(hGameHandle, (PBYTE*)(AddressToWrite), &coordinate, sizeof(int), NULL);
37.     coordinate = coordinate + 50;
38.     WriteProcessMemory(hGameHandle, (PBYTE*)(AddressToWrite), &coordinate, sizeof(coordinate), NULL);
39.     return 0;
40. }
41. DWORD_PTR dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *szModuleName)
42. {
43.     DWORD_PTR dwModuleBaseAddress = 0;
44.     HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE , dwProcessIdentifier);
45.     if (hSnapshot != INVALID_HANDLE_VALUE)
46.     {
47.         MODULEENTRY32 ModuleEntry32;
48.         ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
49.         if (Module32First(hSnapshot, &ModuleEntry32))
50.         {
51.             do
52.             {
53.                 //if (_tcscmp(ModuleEntry32.szModule, szModuleName) == 0)
54.                 {
55.                     dwModuleBaseAddress = (DWORD_PTR)ModuleEntry32.modBaseAddr;
56.                     break;
57.                 }
58.             }
59.             while (Module32Next(hSnapshot, &ModuleEntry32));
60.         }
61.         CloseHandle(hSnapshot);
62.     }
63.     return dwModuleBaseAddress;
64. }
65. DWORD FindDmaAddy(int PointerLevel, HANDLE hProcHandle, DWORD Offests[], DWORD BaseAddress)
66. {
67.     DWORD pointer = BaseAddress;
68.     DWORD pTemp;
69.  
70.     DWORD pointerAddr;
71.     for(int i=0; i< PointerLevel; i++)
72.     {
73.         if(i == 0)
74.         {
75.             ReadProcessMemory(hProcHandle,(LPCVOID)pointer, &pTemp, sizeof(pTemp), NULL);
76.         }
77.         pointerAddr = pTemp + Offests[i];
78.         ReadProcessMemory(hProcHandle, (LPCVOID)pointerAddr, &pTemp, sizeof(pTemp), NULL);
79.     }
80.     return pointerAddr;
81. }