//----------------------------
int main(int argc, char* argv[])
{
// Declare our dll variable
char dll[MAX_PATH];
if ( argc != 3 ) {
cout << "Usage :" << argv[0] << " <PROCESS NAME> <DLL FULL PATH>" << endl;
exit(1);
}
// Get the full path of our .dll
GetFullPathName( argv[2] , MAX_PATH, dll , NULL);
// Get PID of notepad.exe
DWORD ID = GetProcessId(argv[1]);
if (!CreateRemoteThreadInject(ID, dll)) {
//If CreateRemoteThreadInject Returned true
cout << "Injection failed!" << endl ;
exit(1);
} else {
//If CreateRemoteThreadInject Returned true
cout << "Injection of" << argv[2] << " into " << argv[1] << " is successful!" << endl;
exit(1);
}
return 0;
}
//Called after StarCraft is completely loaded
extern "C" __declspec(dllexport) bool ApplyPatch(HANDLE hProcess, DWORD dwProcessID)
{
wchar_t msgtemp[255];
wchar_t dll[MAX_PATH];
GetFullPathNameW(WDETECTOR, MAX_PATH, dll, NULL);
wLog(LOG_INFO, L"~Logging started~");
//Get SeDebugPrivilege
if (SetDebugPrivilege(TRUE) == true)
{
wLog(LOG_INFO, L"Obtained SeDebugPrivilege");
}
else
{
wLog(LOG_ERROR, L"Unable to obtain SeDebugPrivilege");
return false;
}
//Inject wDetector.w
if (CreateRemoteThreadInject(dwProcessID, dll) == true)
{
swprintf_s(msgtemp, sizeof(msgtemp), L"Injected %ls into %d", dll, dwProcessID);
wLog(LOG_INFO, msgtemp);
}
else
{
swprintf_s(msgtemp, sizeof(msgtemp), L"Could not inject %ls into %d", dll, dwProcessID);
wLog(LOG_ERROR, msgtemp);
return false;
}
//Kill wLauncher.exe
std::thread wLauncher(KillProc, processInfo.hProcess);
//Wait for wDetector.w
std::this_thread::sleep_for(std::chrono::milliseconds(250));
//Get base address of wDetector.w module
uint32_t wDetectorBaseAddress = 0;
if (FindModuleBaseAddress(WDETECTOR, wDetectorBaseAddress) == true)
{
swprintf_s(msgtemp, sizeof(msgtemp), L"wDetector's base address is %d", wDetectorBaseAddress);
wLog(LOG_INFO, msgtemp);
}
else
{
wLog(LOG_ERROR, L"Could not get wDetector's base address!");
return false;
}
//Wait for wLauncher to be killed
wLauncher.join();
//Patch wDetector
int8_t activate = { 0x12 };
WriteProcessMemory(hProcess, (LPVOID)(wDetectorBaseAddress + (uint32_t)0x5AD94), &activate, sizeof(activate), NULL);
wLog(LOG_INFO, L"wDetector activated!");
std::array<uint32_t, 17> offset = {
0x429E4, //Refresh game message
0x43CB4, //toggle automatic refresh - enable
0x43CAC, //toggle automatic refresh - disable
0x41B8C, //ago
0x41B84, //min
0x41B88, //sec
0x41AB0,
0x418D3, //mission briefing
0x43DB3, //time off
0x43DA3, //time on
0x43CBD, //toggle automatic refresh
0x4297D, //Automatic game refresh disable -msg after 3 mins
0x4299F, //3 minutes passed) -msg after 3 mins
0x429C7, //F5 - seconds until refreshing.
0x41C0B, //English
0x42755, //"Conflict" (no null terminator)
0x444CC //"has banned you. (Host hack)"
};
std::array<std::string, 17> vals = {
"Refreshing", //<wDetector 3.35 - Refreshing>
"enabled", //toggle automatic refresh
"disable", //toggle automatic refresh
"ago",
"min",
"sec",
" min %u sec",
"Players Ready", //mission briefing
"Time off",
"Time on",
"Automatic refresh %s", //toggle automatic refresh
"Automatic game refresh disable", //msg after 3 mins
"3 minutes passed)", //msg after 3 mins
" seconds until refreshing.", //F5
"English",
/*16*/ "Conflict",
"has banned you. (Host hack)"
};
std::array<char, 17> terminator = {
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
/*16*/ 0x20,
0x00
};
{
char buff[50] = "";
int a = 0;
for (std::size_t i{ 0 }; i < offset.size(); ++i)
{
if (terminator.at(i) == 0x00)
{
a = 1;
}
else
{
vals.at(i) += terminator.at(i); //append to end of C++ string
a = 0; //don't leave room for null terminator
}
strcpy_s(buff, sizeof(buff), vals.at(i).c_str());
//vals.size() does not have a null terminator
WriteProcessMemory(hProcess, (LPVOID)(wDetectorBaseAddress + offset.at(i)), buff, vals.at(i).size() + a, NULL);
}
}
wLog(LOG_INFO, L"wDetector translated");
return true;
}
