/* Finds the pointers to target functions by searching their patterns in the .text section of the current module */ BOOL FindTargetFunctions(DWORD* pLdiscSend, DWORD* pTermData) { UCHAR modulePath[MAX_PATH]; DWORD moduleBaseAddress; DWORD textSectionAddress; DWORD textSectionSize; DWORD numBytes; GetModuleFileName(NULL, modulePath, MAX_PATH); sprintf(buffer, "[+] [%i] Target path: %s\n", processID, modulePath); WritePipeMessage(logPipe, buffer); moduleBaseAddress = GetModuleBaseAddress(); if(GetTextSection(modulePath, &textSectionAddress, &textSectionSize) == FALSE) { sprintf(buffer, "[-] [%i] %s\n", processID, "Could not find .text section\n"); WritePipeMessage(logPipe, buffer); return FALSE; } else { sprintf(buffer, "[+] [%i] Base address: %08x\n", processID, moduleBaseAddress); WritePipeMessage(logPipe, buffer); sprintf(buffer, "[+] [%i] .text start address: %08x\n", processID, textSectionAddress); WritePipeMessage(logPipe, buffer); sprintf(buffer, "[+] [%i] .text size: %08x\n", processID, textSectionSize); WritePipeMessage(logPipe, buffer); } /* Find ldisc_send() address in .text section of Putty.exe */ HexStringToBytes(LDISC_SEND_SIGN1, buffer); *pLdiscSend = (DWORD)memmem((const unsigned char*)(moduleBaseAddress + textSectionAddress), textSectionSize, (const unsigned char*)buffer, strlen(LDISC_SEND_SIGN1) / 2); if (*pLdiscSend == 0) { sprintf(buffer, "[-] [%i] %s\n", processID, "Could not find ldisc_send()\n"); WritePipeMessage(logPipe, buffer); return FALSE; } /* Find term_data() address in .text section of Putty.exe */ /* Try all signatures */ HexStringToBytes(TERM_DATA_SIGN1, buffer); *pTermData = (DWORD)memmem((const unsigned char*)(moduleBaseAddress + textSectionAddress), textSectionSize, (const unsigned char*)buffer, strlen(TERM_DATA_SIGN1) / 2); if (*pTermData == 0) { HexStringToBytes(TERM_DATA_SIGN2, buffer); *pTermData = (DWORD)memmem((const unsigned char*)(moduleBaseAddress + textSectionAddress), textSectionSize, (const unsigned char*)buffer, strlen(TERM_DATA_SIGN2) / 2); if (*pTermData == 0) { HexStringToBytes(TERM_DATA_SIGN3, buffer); *pTermData = (DWORD)memmem((const unsigned char*)(moduleBaseAddress + textSectionAddress), textSectionSize, (const unsigned char*)buffer, strlen(TERM_DATA_SIGN3) / 2); if (*pTermData == 0) { sprintf(buffer, "[-] [%i] %s\n", processID, "Could not find term_data()\n"); WritePipeMessage(logPipe, buffer); return FALSE; } } } return TRUE; }
bool quickLoadPatches( ) { unsigned long dwValue; // b stands for bool, it will confuse some programmers so... yea DWORD dwSAMPBase = GetModuleBaseAddress("samp.dll"); DWORD dwConnectDelay, dwFPSSleep; if(*(int*)(dwSAMPBase + 0x2AE035) == 3000) { // 0.3z R1 dwConnectDelay = dwSAMPBase + 0x2AE035; dwFPSSleep = dwSAMPBase + 0x65AC0; // only for .3z for yet. } else if(*(int*)(dwSAMPBase + 0x244A7E) == 3000) { // 0.3x-R2-pre-release 2 dwConnectDelay = dwSAMPBase + 0x244A7E; } else if(*(int*)(dwSAMPBase + 0x295074) == 3000) { // 0.3x-R2-pre-release 1 dwConnectDelay = dwSAMPBase + 0x295074; } else if(*(int*)(dwSAMPBase + 0x2CD600) == 3000) { // 0.3x-R1-2 dwConnectDelay = dwSAMPBase + 0x2CD600; } else if(*(int*)(dwSAMPBase + 0x2607DC) == 3000) { // 0.3x dwConnectDelay = dwSAMPBase + 0x2607DC; } DWORD oldProt; VirtualProtect((LPVOID)dwSAMPBase, 4, PAGE_EXECUTE_READWRITE, &oldProt); if ( dwConnectDelay != NULL ) { MemPutFast < int > ( dwConnectDelay, 0 ); } if ( dwFPSSleep != NULL ) { // Disable the 100FPS Lock, dont know why it exists ... VirtualProtect((LPVOID)dwFPSSleep, 5, PAGE_EXECUTE_READWRITE, &oldProt); memcpy((void*)dwFPSSleep, "\x90\x90\x90\x90\x90", 5); } /*if (check((void*)0x747483, 0x89, "Initialize game state", true)) nop(0x747483, 6); else if (check((void*)0x7474D3, 0x89, "Initialize game state", false)) nop(0x7474D3, 6);*/ // cause crashes in win7 always and sometimes in win8 ^^ dwValue = 5; patch(0xC8D4C0, &dwValue, 4); // Skip ads if (check((void*)0x748C2B, 0xE8, "Legal info fade-in", true)) nop(0x748C2B, 5); // Legal info fade-in else if (check((void*)0x748C7B, 0xE8, "Legal info fade-in", false)) nop(0x748C7B, 5); // Legal info fade-in dwValue = 1; if (check((void*)0x5909AA, 0xBE, "Legal info", false)) patch(0x5909AB, &dwValue, 4); // Legal info if (check((void*)0x590A1D, 0xBE, "Legal info fade-out", false)) { dwValue = 0xE9; patch(0x590A1D, &dwValue, 1); // Legal info fade-out dwValue = 0x0000008D; patch(0x590A1E, &dwValue, 4); // Legal info fade-out } if (check((void*)0x748C6B, 0xC6, "Show load game", true)) nop(0x748C6B, 7); // Show load game else if (check((void*)0x748CBB, 0xC6, "Show load game", false)) nop(0x748CBB, 7); // Show load game dwValue = 0x09; if (check((void*)0x5745DD, 0xC6, "Show load game", false)) patch(0x5745E3, &dwValue, 1); // Show load game dwValue = 0x75; if (check((void*)0x5737E0, 0x74, "Skip confim", false)) patch(0x5737E0, &dwValue, 1); // Skip confim if (check((void*)0x590AF0, 0xA1, "Skip loading", false)) { dwValue = 0xE9; patch(0x590AF0, &dwValue, 1); // Skip loading dwValue = 0x00000140; patch(0x590AF1, &dwValue, 4); // Skip loading } if (check((void*)0x748E52, 0x74, "Load world", false)) { *(unsigned char*)0x748E52 = 0x75; *(unsigned char*)0x748E53 = 0x12; } if (check((void*)0x619440, 0xE9, "Show raster", false)) { memcpy(&pRaseter_Func, (void*)0x619441, 4); pRaseter_Func += 0x619445; dwValue = (long)&ShowRaster_Prox - 0x619445; patch(0x619441, &dwValue, 4); // Skip splash screen } if (check((void*)0x748D1A, 0xE9, "Start Game", true)) { memcpy(&pStart_Func, (void*)0x748D1B, 4); pStart_Func += 0x748D1F; dwValue = (long)&StartGame_Prox - 0x748D1F; patch(0x748D1B, &dwValue, 4); // Show menu } else if (check((void*)0x748D6A, 0xE9, "Start Game", false)) { memcpy(&pStart_Func, (void*)0x748D6B, 4); pStart_Func += 0x748D6F; dwValue = (long)&StartGame_Prox - 0x748D6F; patch(0x748D6B, &dwValue, 4); // Show menu } if (check((void*)0x573683, 0x8A, "Change Menu", false)) { dwValue = 0xE9; patch(0x573683, &dwValue, 1); dwValue = (long)&ChangeMenu_Prox - 0x573688; patch(0x573684, &dwValue, 4); // Enable confim } return TRUE; }