ZeroClock How do I cheat? Reputation: 1
Joined: 23 Mar 2013 Posts: 9 Location: Italy
|
Posted: Mon May 30, 2016 7:29 pm Post subject: TrainerGame [ C Dll + VBscript ] |
|
|
dll.h:
Code: |
#ifndef _DLL_H_
#define _DLL_H_
#if BUILDING_DLL
# define DLLIMPORT __declspec (dllexport)
#else /* Not BUILDING_DLL */
# define DLLIMPORT __declspec (dllimport)
#endif /* Not BUILDING_DLL */
class DLLIMPORT DllClass
{
public:
DllClass();
virtual ~DllClass(void);
private:
};
#endif /* _DLL_H_ */
|
dllmain.cpp:
Code: |
#include "dll.h"
#include <windows.h>
#include <cstdio>
#include <tlhelp32.h>
#include <stdio.h>
#include <string.h>
#include <psapi.h>
#include <time.h>
#define P_Rows 200
#define P_Colls 1000
void MsgBox(char *t,char *m,int n){
MessageBox(0, m, t, n);
}
int hex_to_int(char c){
int first = c / 16 - 3;
int second = c % 16;
int result = first*10 + second;
if(result > 9) result--;
return result;
}
int hex_to_ascii(char c, char d){
int high = hex_to_int(c) * 16;
int low = hex_to_int(d);
return high+low;
}
void wait(int seconds){
/*
clock_t endwait;
endwait = clock () + seconds * CLOCKS_PER_SEC ;
while(clock() < endwait){}
*/
Sleep(seconds * 10);
}
// DLL entry function (called on load, unload, ...)
BOOL APIENTRY DllMain(HANDLE hModule, DWORD dwReason, LPVOID lpReserved)
{
return TRUE;
}
int splitString(char parameters[P_Rows][P_Colls], char* string, char separator){
// HexString To TextString
int i,j=0, length = strlen(string);
char msg[length]="";
char buf = 0;
for(i = 0; i < length; i++){
if(i % 2 != 0){
j += sprintf(msg+j, "%c", hex_to_ascii(buf, string[i]) );
}else{
buf = string[i];
}}
string = msg;
int row = 0;
i = 0;
int l = strlen(string), cnt = 0;
char *pchar;
char *next = string;
while( (*next != '\0' && l > 0)){
if(*next == separator){
parameters[row][i] = '\0';
i = 0;
row++;
}
else{
parameters[row][i++] = *next;
}
if (*next != '\0')
next++;
cnt++;
}
if (*next == '\0' && l > 0){
parameters[row][i] = '\0';
row++;
}
return row;
}
/* Returns a pointer to a PROCESSENTRY32 structure given the process name */
PROCESSENTRY32 *GetProcessInfo(char *szExeFile){
PROCESSENTRY32 *pe32 = new PROCESSENTRY32 [sizeof(PROCESSENTRY32)];
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hSnapshot == INVALID_HANDLE_VALUE){
CloseHandle(hSnapshot);
delete [] pe32;
pe32 = NULL;
return NULL;
}
if(!Process32First(hSnapshot, pe32)) {
CloseHandle(hSnapshot);
delete [] pe32;
pe32 = NULL;
return NULL;
}
while(Process32Next( hSnapshot, pe32 ))
{
if( strcmp(szExeFile, pe32->szExeFile) == 0)
{
CloseHandle(hSnapshot);
return pe32;
}
}
CloseHandle(hSnapshot);
delete [] pe32;
pe32 = NULL;
return NULL;
}
DWORD GetModuleBase(DWORD dwProcessId, char * ModuleName){
MODULEENTRY32 lpModuleEntry; // ={0}
HANDLE hSnapShot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, dwProcessId ); // TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32
if(!hSnapShot){
CloseHandle( hSnapShot );
return 0;
}
lpModuleEntry.dwSize = sizeof(MODULEENTRY32);
BOOL bModule = Module32First( hSnapShot, &lpModuleEntry );
while(bModule){
if(lpModuleEntry.th32ProcessID == dwProcessId){
if(stricmp(ModuleName,"?") != 0){
if(stricmp(lpModuleEntry.szModule,ModuleName) == 0){
CloseHandle( hSnapShot );
return (DWORD)lpModuleEntry.modBaseAddr;
}
}
if(stricmp(ModuleName,"?") == 0){
CloseHandle( hSnapShot );
return (DWORD)lpModuleEntry.modBaseAddr;
}
}
bModule = Module32Next( hSnapShot, &lpModuleEntry );
}
CloseHandle( hSnapShot );
return 0;
}
HANDLE xopenx(char *tit, int * BaseAndress, char * ModuleNames, int Y){
HWND hwnd;
DWORD proc_id;
hwnd = FindWindow(0, tit);
if(hwnd){
GetWindowThreadProcessId(hwnd, &proc_id);
}else{
if(GetProcessInfo(tit) == 0 && Y == 0){ MsgBox("Error...","Game Is Not Runing !",16+4096); exit(1); }
PROCESSENTRY32 *pe32 = GetProcessInfo(tit);
if(pe32 != NULL){
proc_id = pe32->th32ProcessID;
}
}
if(!proc_id && Y == 0){MsgBox("Error...","Game Is Not Runing !",16+4096);exit(1);}
if(!proc_id){
return NULL;
}
HANDLE hProcess;
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, proc_id);
if(!hProcess && Y == 0){MsgBox("Error...","Memory Open Failed !",16+4096);exit(1);}
if(!hProcess){
CloseHandle(hProcess);
return NULL;
}else{
*BaseAndress=GetModuleBase(proc_id, ModuleNames); // Return BaseAndress From ID Process Or Modules
return hProcess;
}
}
void CodeCave(HANDLE XhProX, char* CodeCave, int Basss, int Noffset, char PAM[200][1000], int xix, int SET){
char msg[1024];
int Andress, Size_CodeCave_JMP = (strlen(CodeCave)/2); // BaseAndress,
DWORD Mem_Alloc, CodeJmp, B;
HANDLE hProcess = XhProX;
DWORD BAndr = Basss;
if( SET == 0 ){
Mem_Alloc = (DWORD) VirtualAllocEx(hProcess, NULL, (Size_CodeCave_JMP+10), 0x1000, 0x40);
/* salto di andata */
CodeJmp = ( Mem_Alloc - BAndr - (DWORD)(5));
wsprintf(msg, "%.8x", CodeJmp);
strcat(msg,"E9");
int lx = strlen(msg);
BYTE Nop[(Noffset)];
int lz = (lx/2);
char MsgX[3];
int ix=2;
for(int I=0; I<(Noffset); I++){
strncpy(MsgX,((msg+lx))-(ix),2);
sscanf(MsgX,"%x", &B);
if( I < lz ){ Nop[I]=B; }else{ Nop[I] = 0x90; }
ix+=2;
}
WriteProcessMemory(hProcess, (LPVOID) BAndr, &Nop, sizeof(Nop), NULL);
/* Scrivi CodeCave */
BYTE Ncc[Size_CodeCave_JMP];
strcpy(msg, CodeCave);
lx = strlen(msg);
ix=0;
for(int I=0; I<(Size_CodeCave_JMP); I++){
strncpy(MsgX,(msg+ix),2);
sscanf(MsgX,"%x", &B);
Ncc[I]=B;
ix+=2;
}
WriteProcessMemory(hProcess, (LPVOID) (Mem_Alloc), &Ncc, sizeof(Ncc), NULL);
/* salto di ritorno */
CodeJmp = BAndr - Mem_Alloc - ((Size_CodeCave_JMP)-1);
wsprintf(msg, "%.8x", CodeJmp);
strcat(msg,"E9");
lx = strlen(msg);
BYTE Nope[lx+1];
lz = (lx/2);
ix=2;
for(int I=0; I<(lz); I++){
strncpy(MsgX,((msg+lx)+sizeof(4))-(ix+sizeof(4)),2);
sscanf(MsgX,"%x", &B);
Nope[I]=B;
ix+=2;
}
WriteProcessMemory(hProcess, (LPVOID) (Mem_Alloc+(Size_CodeCave_JMP)), &Nope, sizeof(Nope), NULL);
//MEM_ALLOC_END[i] = (Mem_Alloc+(Size_CodeCave_JMP)+10);
}else{
/* Get Address CodeCave Allocated */
DWORD BAndrXX;
ReadProcessMemory(hProcess, (LPVOID) BAndr, (LPVOID) &BAndrXX, sizeof(DWORD), NULL);
/* Ripristino ByteCode */
BYTE Nopr[(Noffset)];
for(int I=0;I<(Noffset);I++){
strcpy(msg, PAM[(xix+I)]);
sscanf(msg,"%x", &B);
Nopr[I]=B;}
WriteProcessMemory(hProcess, (LPVOID) BAndr, &Nopr, sizeof(Nopr), NULL);
/* Erase CodeCave Allocated */
VirtualFreeEx(hProcess, (void*)BAndrXX, 0, 0x4000);
}}
DWORD AoBscanner(HANDLE hProcess, char* AoBstr){
char Mask[] = "??";
char MsgX[3], msg[2048];
DWORD64 B;
strcpy(msg, AoBstr);
int ix=0, lx = strlen( AoBstr );
bool MaskOp[(lx/2)];
BYTE Nop[(lx/2)];
for(int I=0; I<(lx/2); I++){
strncpy(MsgX,(msg+ix),2);
if( strcmp(MsgX, Mask) == 0 ){
MaskOp[I] = true;
}else{
MaskOp[I] = false;
}
sscanf(MsgX,"%x", &B);
Nop[I]=B;
ix+=2;
}
// ----------------------------------------------------------------------------->
int Contus = 1;
int Size_Step = 51200, k = 0, a = 0, bR, plen = (lx/2);
BYTE* memdump = (BYTE*) calloc(Size_Step, sizeof(BYTE));
DWORD i, IAddr = 0x00000000, searchsize = 0x7FFFFFFF;
for(i = IAddr; i < searchsize; i+= (DWORD)Size_Step){
bool g = ReadProcessMemory(hProcess, (LPVOID) i, memdump, Size_Step, (PDWORD)&bR);
if(g != 0 && bR >= plen){
for(k = 0; k < bR; k++){
if( (memdump[k] == Nop[a]) || (MaskOp[a] == true) ){
if(a == (plen -1)){
return (i + (DWORD)k - (plen -1));
}
a++;
}else{
a = 0;
}
}
i = (i - (DWORD)(plen +1));
Contus++;
}
}
return 0;
}
// Exported function
extern "C" __declspec(dllexport) void CALLBACK GameCheck(
HWND hwnd,
HINSTANCE hIstance,
LPTSTR lp,
int n){
char parameters[P_Rows][P_Colls];
char msgX[P_Colls];
int p = splitString(parameters,lp,',');
if(p < 1){
strcpy(msgX,"Insufficient Parameters At Least 1 !\n\n");
strcat(msgX,"Trainer-X.dll - By ZeroClock\n");
strcat(msgX,"Name Function = GameCheck\n");
strcat(msgX,"Parameter Obligatori :\n");
strcat(msgX," °N 1 = GameCheck + ( Game.exe OR Window Game Title )\n");
MsgBox("Error...",msgX,16+4096);
exit(1); }
int BaseAndress;
HANDLE hProcess;
while(1){
hProcess = xopenx(parameters[0],&BaseAndress,"?",1);
if(hProcess == NULL){
exit(1);
}else{
//CloseHandle(hProcess);
wait(100);
}}
exit(1);
}
// Exported function
extern "C" __declspec(dllexport) void CALLBACK Cheat(
HWND hwnd,
HINSTANCE hIstance,
LPTSTR lp,
int n){
char parameters[P_Rows][P_Colls];
char msg[P_Colls];
int p = splitString(parameters,lp,',');
if(p < 7){
strcpy(msg,"Insufficient Parameters At Least 7 !\n\n");
strcat(msg,"Trainer-X.dll - By ZeroClock\n");
strcat(msg,"Name Function = Cheat\n");
strcat(msg,"Parameter Obligatori :\n");
strcat(msg," °N 1 = Cheat + ( Game.exe OR Window Game Title )\n");
strcat(msg," °N 2 = ( Name Module For Get BaseAddress ) OR ( ? = Not Module )\n");
strcat(msg," °N 3 = ( Anddress Memory ) OR ( AoBs Byte String )\n");
strcat(msg,"{\n °N 4 = 0 ( Freeze OFF Value )\n");
strcat(msg," °N 4 = 1 ( Freeze ON Value )\n}");
strcat(msg,"{\n °N 5 = 0 ( GetBaseAddress OFF )\n");
strcat(msg," °N 5 = 1 ( GetBaseAddress ON )\n}");
strcat(msg," °N 5 = 2 ( AOB_Scanner On )\n");
strcat(msg," °N 5 = 3 ( AOB_Scanner Off )\n");
strcat(msg,"{\n °N 6 = 0 ( Static Address )\n");
strcat(msg," °N 6 = 1 ( Address + Offset )\n");
strcat(msg," °N 6 = 2 ( Game Code )\n");
strcat(msg," °N 6 = 3 ( CodeCave ON )\n");
strcat(msg," °N 6 = 4 ( CodeCave OFF )\n}\n");
strcat(msg,"°N Extend Parameter:\n");
strcat(msg,"{\n °N 7 = ( Value For Game To Canged ) OR ( ? = Not Value )\n");
strcat(msg," °N 7 = ( CodeCave - String ByteCode )\n}\n");
strcat(msg," °N 8 = ( N° Int For n° Offset/Byte Number )\n");
strcat(msg," °N 9 - °N 190 = ( Offset/Byte )\n");
MsgBox("Error...",msg,16+4096);
exit(1);
}
int BaseAndress,Andress,i,B,Feeze=atoi(parameters[3]);
int Ba=atoi(parameters[4]),Bb=atoi(parameters[5]),N=atoi(parameters[7]);
HANDLE hProcess = xopenx(parameters[0],&BaseAndress,parameters[1],0);
strcpy(msg, parameters[2]);
sscanf(msg,"%x", &Andress);
if(Ba == 0){BaseAndress=Andress;} // Andress Only
if(Ba == 1){BaseAndress+=Andress;} // Andress + BaseAndress
if(Ba == 2 && Bb > 1){ // AOB_Scanner On - RTM
BaseAndress = AoBscanner(hProcess, parameters[2]);
FILE * pf;
char* pPath;
size_t size;
pPath = getenv ("TEMP");
strcat(pPath,"\\AoBs_ZC.ini");
if (pPath==NULL){ exit(1); }
pf = fopen(pPath,"a+");
itoa(BaseAndress,msg,16);
if(pf != NULL){
fseek(pf, 0, SEEK_END);
if( ftell(pf) == 0 ){
fprintf(pf,"%s\n","[AOBS]"); }
if( ftell(pf) != 0 ){
itoa(BaseAndress,pPath,16);
strcpy(msg,parameters[2]);
strcat(msg,"=");
strcat(msg,pPath);
fprintf(pf,"%s\n",msg); }
fclose(pf); }
}
if(Ba == 3 && Bb > 1){
BaseAndress = Andress;
} // AOB_Scanner Off - RTM
if(Bb == 0){ // Poiner Only - RTM
int Value=atoi(parameters[6]);
while(Feeze > 0){
WriteProcessMemory(hProcess, (LPVOID) BaseAndress, &Value, sizeof(Value), NULL);
wait(1);
}
WriteProcessMemory(hProcess, (LPVOID) BaseAndress, &Value, sizeof(Value), NULL);
}
if(Bb == 1){ // Poiner + Offset - RTM
int Value=atoi(parameters[6]),Va;
DWORD BAndr=BaseAndress;
do{ BAndr=BaseAndress;
for(i=0;i<(N);i++){
ReadProcessMemory(hProcess, (LPVOID) BAndr, (LPVOID) &BAndr, sizeof(DWORD), NULL);
strcpy(msg, parameters[(8+i)]);
sscanf(msg,"%x", &Va);
BAndr+=Va;
}
WriteProcessMemory(hProcess, (LPVOID) BAndr, &Value, sizeof(Value), NULL);
wait(1);
}while(Feeze > 0);
}
if(Bb == 2){ // Game-Code - RTM
BYTE Nop[N];
for(i=0;i<N;i++){
strcpy(msg, parameters[(8+i)]);
sscanf(msg,"%x", &B);
Nop[i]=B;
}
do{
WriteProcessMemory(hProcess, (LPVOID) BaseAndress, &Nop, sizeof(Nop), NULL);
wait(1);
}while(Feeze > 0);
}
if(Bb == 3){ // Code Cave ON - RTM
CodeCave(hProcess, parameters[6], BaseAndress, N, parameters, 8, 0);
}
if(Bb == 4){ // Code Cave OFF - RTM
CodeCave(hProcess, parameters[6], BaseAndress, N, parameters, 8, 1);
}} // Closed My Function
|
Code: |
'Trainer-X.dll - v1.5.6.1 -- By ZeroClock
'Name function = GameCheck : {
'parameter °N 1 = GameCheck + ( Game.exe OR window Game title )
'}
'Name function = Cheat : {
'parameter Obligatori :
'parameter °N 1 = Cheat + ( Game.exe OR Window Game Title )
'parameter °N 2 = ( Name Module for Get BaseAddress ) OR ( ? = Not Module )
'parameter °N 3 = ( Anddress Memory ) OR ( AoBs Byte String )
'parameter °N 4 : [
' 0 = Freeze OFF
' 1 = Freeze ON ]
'parameter °N 5 : [
' 0 = GetBaseAnddress OFF
' 1 = GetBaseAnddress ON
' 2 = AOB_Scanner On
' 3 = AOB_Scanner Off ]
'parameter °N 6 : [
' 0 = Static Address
' 1 = Address + Offset
' 2 = Game Code
' 3 = Code Cave ON
' 4 = Code Cave OFF ]
'parameter °N Extend :
'parameter °N 7 : [
' Value for game to canged
' ? = Not Value
' Code Cave String ByteCode ]
'parameter °N 8 = ( Length [Offset/Byte] Number )
'parameter °N 9 - °N 190 = ( Offset/Byte )
'}
|
Example: -- AOB_Scanner + Game Code - on
RUNDLL32.EXE Trainer-X.dll,Cheat Plants vs. Zombies,?,8B47??3B47??7E,0,2,2,?,3,90,90,90
Last edited by ZeroClock on Sat Aug 26, 2017 9:12 am; edited 3 times in total |
|