Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


TrainerGame [ C Dll + VBscript ]

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
ZeroClock
How do I cheat?
Reputation: 1

Joined: 23 Mar 2013
Posts: 9
Location: Italy

PostPosted: Mon May 30, 2016 7:29 pm    Post subject: TrainerGame [ C Dll + VBscript ] Reply with quote

dll.h:
Code:

#ifndef _DLL_H_
#define _DLL_H_

#if BUILDING_DLL
# define DLLIMPORT __declspec (dllexport)
#else /* Not BUILDING_DLL */
# define DLLIMPORT __declspec (dllimport)
#endif /* Not BUILDING_DLL */


class DLLIMPORT DllClass
{
  public:
    DllClass();
    virtual ~DllClass(void);

  private:

};


#endif /* _DLL_H_ */


dllmain.cpp:
Code:

#include "dll.h"
#include <windows.h>
#include <cstdio>
#include <tlhelp32.h>
#include <stdio.h>
#include <string.h>
#include <psapi.h>
#include <time.h>
#define P_Rows 200
#define P_Colls 1000

void MsgBox(char *t,char *m,int n){
    MessageBox(0, m, t, n);
}

int hex_to_int(char c){
int first = c / 16 - 3;
int second = c % 16;
int result = first*10 + second;
if(result > 9) result--;
return result;
}
int hex_to_ascii(char c, char d){
int high = hex_to_int(c) * 16;
int low = hex_to_int(d);
return high+low;
}

void wait(int seconds){
/*
  clock_t endwait;
  endwait = clock () + seconds * CLOCKS_PER_SEC ;
  while(clock() < endwait){}
*/
Sleep(seconds * 10);
}

// DLL entry function (called on load, unload, ...)
BOOL APIENTRY DllMain(HANDLE hModule, DWORD dwReason, LPVOID lpReserved)
{
    return TRUE;
}

int splitString(char parameters[P_Rows][P_Colls], char* string, char separator){
// HexString To TextString
int i,j=0, length = strlen(string);
char msg[length]="";
char buf = 0;
for(i = 0; i < length; i++){
if(i % 2 != 0){
j += sprintf(msg+j, "%c", hex_to_ascii(buf, string[i]) );
}else{
buf = string[i];
}}
string = msg;

    int row = 0;
    i = 0;
   int l = strlen(string), cnt = 0;
    char *pchar;
    char *next = string;

    while( (*next != '\0' && l > 0)){
             if(*next == separator){
                  parameters[row][i] = '\0';
                  i = 0;
                  row++;
             }
             else{
                        parameters[row][i++] = *next;
             }
             if (*next != '\0')
                next++;
             cnt++;
    }
    if (*next == '\0' && l > 0){
        parameters[row][i] = '\0';
        row++;
    }
    return row;
}

/* Returns a pointer to a PROCESSENTRY32 structure given the process name */
PROCESSENTRY32 *GetProcessInfo(char *szExeFile){
   PROCESSENTRY32  *pe32 = new PROCESSENTRY32 [sizeof(PROCESSENTRY32)];
    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

    if(hSnapshot == INVALID_HANDLE_VALUE){
      CloseHandle(hSnapshot);
        delete [] pe32;
        pe32 = NULL;
        return NULL;
    }
    if(!Process32First(hSnapshot, pe32)) {
        CloseHandle(hSnapshot);
        delete [] pe32;
        pe32 = NULL;
        return NULL;
    }
    while(Process32Next( hSnapshot, pe32 ))
   {
      if( strcmp(szExeFile, pe32->szExeFile) == 0)
      {
         CloseHandle(hSnapshot);
         return pe32;
      }
    }
 CloseHandle(hSnapshot);
 delete [] pe32;
 pe32 = NULL;
 return NULL;
}

DWORD GetModuleBase(DWORD dwProcessId, char * ModuleName){
   MODULEENTRY32 lpModuleEntry; // ={0}
   HANDLE hSnapShot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, dwProcessId ); // TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32
   if(!hSnapShot){
   CloseHandle( hSnapShot );
   return 0;
   }
   lpModuleEntry.dwSize = sizeof(MODULEENTRY32);
   BOOL bModule = Module32First( hSnapShot, &lpModuleEntry );
   while(bModule){
if(lpModuleEntry.th32ProcessID == dwProcessId){
    if(stricmp(ModuleName,"?") != 0){
       if(stricmp(lpModuleEntry.szModule,ModuleName) == 0){
          CloseHandle( hSnapShot );
          return (DWORD)lpModuleEntry.modBaseAddr;
       }
    }
       if(stricmp(ModuleName,"?") == 0){
           CloseHandle( hSnapShot );
           return (DWORD)lpModuleEntry.modBaseAddr;
       }
}
      bModule = Module32Next( hSnapShot, &lpModuleEntry );
   }
   CloseHandle( hSnapShot );
   return 0;
}

HANDLE xopenx(char *tit, int * BaseAndress, char * ModuleNames, int Y){
    HWND hwnd;
    DWORD proc_id;
    hwnd = FindWindow(0, tit);
if(hwnd){
    GetWindowThreadProcessId(hwnd, &proc_id);
}else{
    if(GetProcessInfo(tit) == 0 && Y == 0){ MsgBox("Error...","Game Is Not Runing !",16+4096); exit(1); }
    PROCESSENTRY32 *pe32 = GetProcessInfo(tit);
   if(pe32 != NULL){
       proc_id = pe32->th32ProcessID;
    }
}
    if(!proc_id && Y == 0){MsgBox("Error...","Game Is Not Runing !",16+4096);exit(1);}
    if(!proc_id){
       return NULL;
    }
    HANDLE hProcess;
    hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, proc_id);
    if(!hProcess && Y == 0){MsgBox("Error...","Memory Open Failed !",16+4096);exit(1);}
    if(!hProcess){
    CloseHandle(hProcess);
    return NULL;
    }else{
  *BaseAndress=GetModuleBase(proc_id, ModuleNames); // Return BaseAndress From ID Process Or Modules
    return hProcess;
    }
}

void CodeCave(HANDLE XhProX, char* CodeCave, int Basss, int Noffset, char PAM[200][1000], int xix, int SET){
char msg[1024];
int Andress, Size_CodeCave_JMP = (strlen(CodeCave)/2); // BaseAndress,
DWORD Mem_Alloc, CodeJmp, B;
HANDLE hProcess = XhProX;
DWORD BAndr = Basss;
if( SET == 0 ){
Mem_Alloc = (DWORD) VirtualAllocEx(hProcess, NULL, (Size_CodeCave_JMP+10), 0x1000, 0x40);
/* salto di andata */
CodeJmp = ( Mem_Alloc - BAndr - (DWORD)(5));
wsprintf(msg, "%.8x", CodeJmp);
strcat(msg,"E9");
int lx = strlen(msg);
BYTE Nop[(Noffset)];
int lz = (lx/2);
char MsgX[3];
int ix=2;
for(int I=0; I<(Noffset); I++){
strncpy(MsgX,((msg+lx))-(ix),2);
sscanf(MsgX,"%x", &B);
if( I < lz ){ Nop[I]=B; }else{ Nop[I] = 0x90; }
ix+=2;
}
WriteProcessMemory(hProcess, (LPVOID) BAndr, &Nop, sizeof(Nop), NULL);
/* Scrivi CodeCave */
BYTE Ncc[Size_CodeCave_JMP];
strcpy(msg, CodeCave);
lx = strlen(msg);
ix=0;
for(int I=0; I<(Size_CodeCave_JMP); I++){
strncpy(MsgX,(msg+ix),2);
sscanf(MsgX,"%x", &B);
Ncc[I]=B;
ix+=2;
}
WriteProcessMemory(hProcess, (LPVOID) (Mem_Alloc), &Ncc, sizeof(Ncc), NULL);
/* salto di ritorno */
CodeJmp = BAndr - Mem_Alloc - ((Size_CodeCave_JMP)-1);
wsprintf(msg, "%.8x", CodeJmp);
strcat(msg,"E9");
lx = strlen(msg);
BYTE Nope[lx+1];
lz = (lx/2);
ix=2;
for(int I=0; I<(lz); I++){
strncpy(MsgX,((msg+lx)+sizeof(4))-(ix+sizeof(4)),2);
sscanf(MsgX,"%x", &B);
Nope[I]=B;
ix+=2;
}
WriteProcessMemory(hProcess, (LPVOID) (Mem_Alloc+(Size_CodeCave_JMP)), &Nope, sizeof(Nope), NULL);
//MEM_ALLOC_END[i] = (Mem_Alloc+(Size_CodeCave_JMP)+10);
}else{
/* Get Address CodeCave Allocated */
DWORD BAndrXX;
ReadProcessMemory(hProcess, (LPVOID) BAndr, (LPVOID) &BAndrXX, sizeof(DWORD), NULL);
/* Ripristino ByteCode */
BYTE Nopr[(Noffset)];
for(int I=0;I<(Noffset);I++){
strcpy(msg, PAM[(xix+I)]);
sscanf(msg,"%x", &B);
Nopr[I]=B;}
WriteProcessMemory(hProcess, (LPVOID) BAndr, &Nopr, sizeof(Nopr), NULL);
/* Erase CodeCave Allocated */
VirtualFreeEx(hProcess, (void*)BAndrXX, 0, 0x4000);
}}

DWORD AoBscanner(HANDLE hProcess, char* AoBstr){
char Mask[] = "??";
char MsgX[3], msg[2048];
DWORD64 B;
strcpy(msg, AoBstr);
int ix=0, lx = strlen( AoBstr );
bool MaskOp[(lx/2)];
BYTE Nop[(lx/2)];
for(int I=0; I<(lx/2); I++){
    strncpy(MsgX,(msg+ix),2);
    if( strcmp(MsgX, Mask) == 0 ){
        MaskOp[I] = true;
    }else{
        MaskOp[I] = false;
    }
    sscanf(MsgX,"%x", &B);
    Nop[I]=B;
    ix+=2;
}
// ----------------------------------------------------------------------------->
int Contus = 1;
int Size_Step = 51200, k = 0, a = 0, bR, plen = (lx/2);
BYTE* memdump = (BYTE*) calloc(Size_Step, sizeof(BYTE));
DWORD i, IAddr = 0x00000000, searchsize = 0x7FFFFFFF;
for(i = IAddr; i < searchsize; i+= (DWORD)Size_Step){
    bool g = ReadProcessMemory(hProcess, (LPVOID) i, memdump, Size_Step, (PDWORD)&bR);
    if(g != 0 && bR >= plen){
        for(k = 0; k < bR; k++){
            if( (memdump[k] == Nop[a]) || (MaskOp[a] == true) ){
                if(a == (plen -1)){
                    return (i + (DWORD)k - (plen -1));
                }
                a++;
            }else{
                a = 0;
            }
        }
        i = (i - (DWORD)(plen +1));
        Contus++;
    }
}
return 0;
}

// Exported function
extern "C" __declspec(dllexport) void CALLBACK GameCheck(
HWND hwnd,
HINSTANCE hIstance,
LPTSTR lp,
int n){
char parameters[P_Rows][P_Colls];
char msgX[P_Colls];
int p = splitString(parameters,lp,',');
if(p < 1){
strcpy(msgX,"Insufficient Parameters At Least 1 !\n\n");
strcat(msgX,"Trainer-X.dll - By ZeroClock\n");
strcat(msgX,"Name Function = GameCheck\n");
strcat(msgX,"Parameter Obligatori :\n");
strcat(msgX," °N 1 = GameCheck + ( Game.exe OR Window Game Title )\n");
MsgBox("Error...",msgX,16+4096);
exit(1); }
int BaseAndress;
HANDLE hProcess;
while(1){
hProcess = xopenx(parameters[0],&BaseAndress,"?",1);
if(hProcess == NULL){
exit(1);
}else{
//CloseHandle(hProcess);
wait(100);
}}
exit(1);
}

// Exported function
extern "C" __declspec(dllexport) void CALLBACK Cheat(
HWND hwnd,
HINSTANCE hIstance,
LPTSTR lp,
int n){
   char parameters[P_Rows][P_Colls];
   char msg[P_Colls];
   int p = splitString(parameters,lp,',');
if(p < 7){
strcpy(msg,"Insufficient Parameters At Least 7 !\n\n");
strcat(msg,"Trainer-X.dll - By ZeroClock\n");
strcat(msg,"Name Function = Cheat\n");
strcat(msg,"Parameter Obligatori :\n");
strcat(msg," °N 1 = Cheat + ( Game.exe OR Window Game Title )\n");
strcat(msg," °N 2 = ( Name Module For Get BaseAddress ) OR ( ? = Not Module )\n");
strcat(msg," °N 3 = ( Anddress Memory ) OR ( AoBs Byte String )\n");
strcat(msg,"{\n °N 4 = 0 ( Freeze OFF Value )\n");
strcat(msg," °N 4 = 1 ( Freeze ON Value )\n}");
strcat(msg,"{\n °N 5 = 0 ( GetBaseAddress OFF )\n");
strcat(msg," °N 5 = 1 ( GetBaseAddress ON )\n}");
strcat(msg," °N 5 = 2 ( AOB_Scanner On )\n");
strcat(msg," °N 5 = 3 ( AOB_Scanner Off )\n");
strcat(msg,"{\n °N 6 = 0 ( Static Address )\n");
strcat(msg," °N 6 = 1 ( Address + Offset )\n");
strcat(msg," °N 6 = 2 ( Game Code )\n");
strcat(msg," °N 6 = 3 ( CodeCave ON )\n");
strcat(msg," °N 6 = 4 ( CodeCave OFF )\n}\n");
strcat(msg,"°N Extend Parameter:\n");
strcat(msg,"{\n °N 7 = ( Value For Game To Canged ) OR ( ? = Not Value )\n");
strcat(msg," °N 7 = ( CodeCave - String ByteCode )\n}\n");
strcat(msg," °N 8 = ( N° Int For n° Offset/Byte Number )\n");
strcat(msg," °N 9 - °N 190 = ( Offset/Byte )\n");
MsgBox("Error...",msg,16+4096);
exit(1);
}
   int BaseAndress,Andress,i,B,Feeze=atoi(parameters[3]);
   int Ba=atoi(parameters[4]),Bb=atoi(parameters[5]),N=atoi(parameters[7]);

HANDLE hProcess = xopenx(parameters[0],&BaseAndress,parameters[1],0);
strcpy(msg, parameters[2]);
sscanf(msg,"%x", &Andress);
if(Ba == 0){BaseAndress=Andress;} // Andress Only
if(Ba == 1){BaseAndress+=Andress;} // Andress + BaseAndress

if(Ba == 2 && Bb > 1){ // AOB_Scanner On - RTM
BaseAndress = AoBscanner(hProcess, parameters[2]);
FILE * pf;
char* pPath;
size_t size;
pPath = getenv ("TEMP");
strcat(pPath,"\\AoBs_ZC.ini");
if (pPath==NULL){ exit(1); }
pf = fopen(pPath,"a+");
itoa(BaseAndress,msg,16);
if(pf != NULL){
fseek(pf, 0, SEEK_END);
if( ftell(pf) == 0 ){
fprintf(pf,"%s\n","[AOBS]"); }
if( ftell(pf) != 0 ){
itoa(BaseAndress,pPath,16);
strcpy(msg,parameters[2]);
strcat(msg,"=");
strcat(msg,pPath);
fprintf(pf,"%s\n",msg); }
fclose(pf); }
}
if(Ba == 3 && Bb > 1){
   BaseAndress = Andress;
} // AOB_Scanner Off - RTM


if(Bb == 0){ // Poiner Only - RTM
int Value=atoi(parameters[6]);
  while(Feeze > 0){
    WriteProcessMemory(hProcess, (LPVOID) BaseAndress, &Value, sizeof(Value), NULL);
    wait(1);
  }
WriteProcessMemory(hProcess, (LPVOID) BaseAndress, &Value, sizeof(Value), NULL);
}
if(Bb == 1){ // Poiner + Offset - RTM
int Value=atoi(parameters[6]),Va;
DWORD BAndr=BaseAndress;
 do{ BAndr=BaseAndress;
     for(i=0;i<(N);i++){
      ReadProcessMemory(hProcess, (LPVOID) BAndr, (LPVOID) &BAndr, sizeof(DWORD), NULL);
      strcpy(msg, parameters[(8+i)]);
      sscanf(msg,"%x", &Va);
      BAndr+=Va;
     }
WriteProcessMemory(hProcess, (LPVOID) BAndr, &Value, sizeof(Value), NULL);
wait(1);
   }while(Feeze > 0);
}
if(Bb == 2){ // Game-Code  - RTM
BYTE Nop[N];
    for(i=0;i<N;i++){
        strcpy(msg, parameters[(8+i)]);
        sscanf(msg,"%x", &B);
        Nop[i]=B;
    }
do{
    WriteProcessMemory(hProcess, (LPVOID) BaseAndress, &Nop, sizeof(Nop), NULL);
    wait(1);
  }while(Feeze > 0);
}
if(Bb == 3){ // Code Cave ON - RTM
CodeCave(hProcess, parameters[6], BaseAndress, N, parameters, 8, 0);
}
if(Bb == 4){ // Code Cave OFF - RTM
CodeCave(hProcess, parameters[6], BaseAndress, N, parameters, 8, 1);
}} // Closed My Function



Code:

'Trainer-X.dll - v1.5.6.1 -- By ZeroClock
'Name function = GameCheck : {
'parameter °N 1    =  GameCheck + ( Game.exe OR window Game title )
'}
'Name function = Cheat : {
'parameter Obligatori :
'parameter °N 1 =   Cheat + ( Game.exe OR Window Game Title )
'parameter °N 2 = ( Name Module for Get BaseAddress ) OR ( ? = Not Module )
'parameter °N 3 = ( Anddress Memory ) OR ( AoBs Byte String )
'parameter °N 4 : [    
'  0 = Freeze OFF
'  1 = Freeze ON  ]
'parameter °N 5 :      [   
'  0 = GetBaseAnddress OFF
'  1 = GetBaseAnddress ON
'  2 = AOB_Scanner On
'  3 = AOB_Scanner Off     ]
'parameter °N 6 :       [
'  0 = Static Address
'  1 = Address + Offset
'  2 = Game Code
'  3 = Code Cave ON
'  4 = Code Cave OFF    ]
'parameter °N Extend :
'parameter °N 7 :            [
'  Value for game to canged
'  ? = Not Value
'  Code Cave String ByteCode ]
'parameter °N 8       = ( Length [Offset/Byte] Number )
'parameter °N 9 - °N 190 = ( Offset/Byte )
'}


Example: -- AOB_Scanner + Game Code - on

RUNDLL32.EXE Trainer-X.dll,Cheat Plants vs. Zombies,?,8B47??3B47??7E,0,2,2,?,3,90,90,90


Last edited by ZeroClock on Sat Aug 26, 2017 9:12 am; edited 3 times in total
Back to top
View user's profile Send private message
Cestra
Newbie cheater
Reputation: 0

Joined: 03 Jun 2016
Posts: 14

PostPosted: Tue Aug 23, 2016 6:00 am    Post subject: Reply with quote

is it possible C or C++ x64 cave dll, use with vb.net?
Back to top
View user's profile Send private message
ZeroClock
How do I cheat?
Reputation: 1

Joined: 23 Mar 2013
Posts: 9
Location: Italy

PostPosted: Sat Sep 10, 2016 8:14 am    Post subject: Reply with quote

Cestra wrote:
is it possible C or C++ x64 cave dll, use with vb.net?



I do not think so directly, you'll want to copy the function
and modify it to suit your needs
Back to top
View user's profile Send private message
ZeroClock
How do I cheat?
Reputation: 1

Joined: 23 Mar 2013
Posts: 9
Location: Italy

PostPosted: Sat Aug 26, 2017 2:53 am    Post subject: HTA + VBscript & DLL Self-extracting Reply with quote

HTA + VBscript & DLL Self-extracting & Icon & Other Fix :


Img.jpg
 Description:
Source: https://pastebin.com/gNnavEhw
 Filesize:  13.53 KB
 Viewed:  5387 Time(s)

Img.jpg


Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites