/* Finds the pointers to target functions by searching their patterns in the .text section of the current module
*/
BOOL FindTargetFunctions(DWORD* pLdiscSend, DWORD* pTermData)
{
UCHAR modulePath[MAX_PATH];
DWORD moduleBaseAddress;
DWORD textSectionAddress;
DWORD textSectionSize;
DWORD numBytes;
GetModuleFileName(NULL, modulePath, MAX_PATH);
sprintf(buffer, "[+] [%i] Target path: %s\n", processID, modulePath);
WritePipeMessage(logPipe, buffer);
moduleBaseAddress = GetModuleBaseAddress();
if(GetTextSection(modulePath, &textSectionAddress, &textSectionSize) == FALSE) {
sprintf(buffer, "[-] [%i] %s\n", processID, "Could not find .text section\n");
WritePipeMessage(logPipe, buffer);
return FALSE;
} else {
sprintf(buffer, "[+] [%i] Base address: %08x\n", processID, moduleBaseAddress);
WritePipeMessage(logPipe, buffer);
sprintf(buffer, "[+] [%i] .text start address: %08x\n", processID, textSectionAddress);
WritePipeMessage(logPipe, buffer);
sprintf(buffer, "[+] [%i] .text size: %08x\n", processID, textSectionSize);
WritePipeMessage(logPipe, buffer);
}
/* Find ldisc_send() address in .text section of Putty.exe */
HexStringToBytes(LDISC_SEND_SIGN1, buffer);
*pLdiscSend = (DWORD)memmem((const unsigned char*)(moduleBaseAddress + textSectionAddress), textSectionSize,
(const unsigned char*)buffer, strlen(LDISC_SEND_SIGN1) / 2);
if (*pLdiscSend == 0) {
sprintf(buffer, "[-] [%i] %s\n", processID, "Could not find ldisc_send()\n");
WritePipeMessage(logPipe, buffer);
return FALSE;
}
/* Find term_data() address in .text section of Putty.exe */
/* Try all signatures */
HexStringToBytes(TERM_DATA_SIGN1, buffer);
*pTermData = (DWORD)memmem((const unsigned char*)(moduleBaseAddress + textSectionAddress), textSectionSize,
(const unsigned char*)buffer, strlen(TERM_DATA_SIGN1) / 2);
if (*pTermData == 0) {
HexStringToBytes(TERM_DATA_SIGN2, buffer);
*pTermData = (DWORD)memmem((const unsigned char*)(moduleBaseAddress + textSectionAddress), textSectionSize,
(const unsigned char*)buffer, strlen(TERM_DATA_SIGN2) / 2);
if (*pTermData == 0) {
HexStringToBytes(TERM_DATA_SIGN3, buffer);
*pTermData = (DWORD)memmem((const unsigned char*)(moduleBaseAddress + textSectionAddress), textSectionSize,
(const unsigned char*)buffer, strlen(TERM_DATA_SIGN3) / 2);
if (*pTermData == 0) {
sprintf(buffer, "[-] [%i] %s\n", processID, "Could not find term_data()\n");
WritePipeMessage(logPipe, buffer);
return FALSE;
}
}
}
return TRUE;
}
bool quickLoadPatches( )
{
unsigned long dwValue;
// b stands for bool, it will confuse some programmers so... yea
DWORD dwSAMPBase = GetModuleBaseAddress("samp.dll");
DWORD dwConnectDelay, dwFPSSleep;
if(*(int*)(dwSAMPBase + 0x2AE035) == 3000) { // 0.3z R1
dwConnectDelay = dwSAMPBase + 0x2AE035;
dwFPSSleep = dwSAMPBase + 0x65AC0; // only for .3z for yet.
} else if(*(int*)(dwSAMPBase + 0x244A7E) == 3000) { // 0.3x-R2-pre-release 2
dwConnectDelay = dwSAMPBase + 0x244A7E;
} else if(*(int*)(dwSAMPBase + 0x295074) == 3000) { // 0.3x-R2-pre-release 1
dwConnectDelay = dwSAMPBase + 0x295074;
} else if(*(int*)(dwSAMPBase + 0x2CD600) == 3000) { // 0.3x-R1-2
dwConnectDelay = dwSAMPBase + 0x2CD600;
} else if(*(int*)(dwSAMPBase + 0x2607DC) == 3000) { // 0.3x
dwConnectDelay = dwSAMPBase + 0x2607DC;
}
DWORD oldProt;
VirtualProtect((LPVOID)dwSAMPBase, 4, PAGE_EXECUTE_READWRITE, &oldProt);
if ( dwConnectDelay != NULL ) {
MemPutFast < int > ( dwConnectDelay, 0 );
}
if ( dwFPSSleep != NULL ) {
// Disable the 100FPS Lock, dont know why it exists ...
VirtualProtect((LPVOID)dwFPSSleep, 5, PAGE_EXECUTE_READWRITE, &oldProt);
memcpy((void*)dwFPSSleep, "\x90\x90\x90\x90\x90", 5);
}
/*if (check((void*)0x747483, 0x89, "Initialize game state", true)) nop(0x747483, 6);
else if (check((void*)0x7474D3, 0x89, "Initialize game state", false)) nop(0x7474D3, 6);*/
// cause crashes in win7 always and sometimes in win8 ^^
dwValue = 5;
patch(0xC8D4C0, &dwValue, 4); // Skip ads
if (check((void*)0x748C2B, 0xE8, "Legal info fade-in", true)) nop(0x748C2B, 5); // Legal info fade-in
else if (check((void*)0x748C7B, 0xE8, "Legal info fade-in", false)) nop(0x748C7B, 5); // Legal info fade-in
dwValue = 1;
if (check((void*)0x5909AA, 0xBE, "Legal info", false)) patch(0x5909AB, &dwValue, 4); // Legal info
if (check((void*)0x590A1D, 0xBE, "Legal info fade-out", false))
{
dwValue = 0xE9;
patch(0x590A1D, &dwValue, 1); // Legal info fade-out
dwValue = 0x0000008D;
patch(0x590A1E, &dwValue, 4); // Legal info fade-out
}
if (check((void*)0x748C6B, 0xC6, "Show load game", true)) nop(0x748C6B, 7); // Show load game
else if (check((void*)0x748CBB, 0xC6, "Show load game", false)) nop(0x748CBB, 7); // Show load game
dwValue = 0x09;
if (check((void*)0x5745DD, 0xC6, "Show load game", false)) patch(0x5745E3, &dwValue, 1); // Show load game
dwValue = 0x75;
if (check((void*)0x5737E0, 0x74, "Skip confim", false)) patch(0x5737E0, &dwValue, 1); // Skip confim
if (check((void*)0x590AF0, 0xA1, "Skip loading", false))
{
dwValue = 0xE9;
patch(0x590AF0, &dwValue, 1); // Skip loading
dwValue = 0x00000140;
patch(0x590AF1, &dwValue, 4); // Skip loading
}
if (check((void*)0x748E52, 0x74, "Load world", false))
{
*(unsigned char*)0x748E52 = 0x75;
*(unsigned char*)0x748E53 = 0x12;
}
if (check((void*)0x619440, 0xE9, "Show raster", false))
{
memcpy(&pRaseter_Func, (void*)0x619441, 4);
pRaseter_Func += 0x619445;
dwValue = (long)&ShowRaster_Prox - 0x619445;
patch(0x619441, &dwValue, 4); // Skip splash screen
}
if (check((void*)0x748D1A, 0xE9, "Start Game", true))
{
memcpy(&pStart_Func, (void*)0x748D1B, 4);
pStart_Func += 0x748D1F;
dwValue = (long)&StartGame_Prox - 0x748D1F;
patch(0x748D1B, &dwValue, 4); // Show menu
} else
if (check((void*)0x748D6A, 0xE9, "Start Game", false))
{
memcpy(&pStart_Func, (void*)0x748D6B, 4);
pStart_Func += 0x748D6F;
dwValue = (long)&StartGame_Prox - 0x748D6F;
patch(0x748D6B, &dwValue, 4); // Show menu
}
if (check((void*)0x573683, 0x8A, "Change Menu", false))
{
dwValue = 0xE9;
patch(0x573683, &dwValue, 1);
dwValue = (long)&ChangeMenu_Prox - 0x573688;
patch(0x573684, &dwValue, 4); // Enable confim
}
return TRUE;
}
