//---------------------------- int main(int argc, char* argv[]) { // Declare our dll variable char dll[MAX_PATH]; if ( argc != 3 ) { cout << "Usage :" << argv[0] << " <PROCESS NAME> <DLL FULL PATH>" << endl; exit(1); } // Get the full path of our .dll GetFullPathName( argv[2] , MAX_PATH, dll , NULL); // Get PID of notepad.exe DWORD ID = GetProcessId(argv[1]); if (!CreateRemoteThreadInject(ID, dll)) { //If CreateRemoteThreadInject Returned true cout << "Injection failed!" << endl ; exit(1); } else { //If CreateRemoteThreadInject Returned true cout << "Injection of" << argv[2] << " into " << argv[1] << " is successful!" << endl; exit(1); } return 0; }
//Called after StarCraft is completely loaded extern "C" __declspec(dllexport) bool ApplyPatch(HANDLE hProcess, DWORD dwProcessID) { wchar_t msgtemp[255]; wchar_t dll[MAX_PATH]; GetFullPathNameW(WDETECTOR, MAX_PATH, dll, NULL); wLog(LOG_INFO, L"~Logging started~"); //Get SeDebugPrivilege if (SetDebugPrivilege(TRUE) == true) { wLog(LOG_INFO, L"Obtained SeDebugPrivilege"); } else { wLog(LOG_ERROR, L"Unable to obtain SeDebugPrivilege"); return false; } //Inject wDetector.w if (CreateRemoteThreadInject(dwProcessID, dll) == true) { swprintf_s(msgtemp, sizeof(msgtemp), L"Injected %ls into %d", dll, dwProcessID); wLog(LOG_INFO, msgtemp); } else { swprintf_s(msgtemp, sizeof(msgtemp), L"Could not inject %ls into %d", dll, dwProcessID); wLog(LOG_ERROR, msgtemp); return false; } //Kill wLauncher.exe std::thread wLauncher(KillProc, processInfo.hProcess); //Wait for wDetector.w std::this_thread::sleep_for(std::chrono::milliseconds(250)); //Get base address of wDetector.w module uint32_t wDetectorBaseAddress = 0; if (FindModuleBaseAddress(WDETECTOR, wDetectorBaseAddress) == true) { swprintf_s(msgtemp, sizeof(msgtemp), L"wDetector's base address is %d", wDetectorBaseAddress); wLog(LOG_INFO, msgtemp); } else { wLog(LOG_ERROR, L"Could not get wDetector's base address!"); return false; } //Wait for wLauncher to be killed wLauncher.join(); //Patch wDetector int8_t activate = { 0x12 }; WriteProcessMemory(hProcess, (LPVOID)(wDetectorBaseAddress + (uint32_t)0x5AD94), &activate, sizeof(activate), NULL); wLog(LOG_INFO, L"wDetector activated!"); std::array<uint32_t, 17> offset = { 0x429E4, //Refresh game message 0x43CB4, //toggle automatic refresh - enable 0x43CAC, //toggle automatic refresh - disable 0x41B8C, //ago 0x41B84, //min 0x41B88, //sec 0x41AB0, 0x418D3, //mission briefing 0x43DB3, //time off 0x43DA3, //time on 0x43CBD, //toggle automatic refresh 0x4297D, //Automatic game refresh disable -msg after 3 mins 0x4299F, //3 minutes passed) -msg after 3 mins 0x429C7, //F5 - seconds until refreshing. 0x41C0B, //English 0x42755, //"Conflict" (no null terminator) 0x444CC //"has banned you. (Host hack)" }; std::array<std::string, 17> vals = { "Refreshing", //<wDetector 3.35 - Refreshing> "enabled", //toggle automatic refresh "disable", //toggle automatic refresh "ago", "min", "sec", " min %u sec", "Players Ready", //mission briefing "Time off", "Time on", "Automatic refresh %s", //toggle automatic refresh "Automatic game refresh disable", //msg after 3 mins "3 minutes passed)", //msg after 3 mins " seconds until refreshing.", //F5 "English", /*16*/ "Conflict", "has banned you. (Host hack)" }; std::array<char, 17> terminator = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /*16*/ 0x20, 0x00 }; { char buff[50] = ""; int a = 0; for (std::size_t i{ 0 }; i < offset.size(); ++i) { if (terminator.at(i) == 0x00) { a = 1; } else { vals.at(i) += terminator.at(i); //append to end of C++ string a = 0; //don't leave room for null terminator } strcpy_s(buff, sizeof(buff), vals.at(i).c_str()); //vals.size() does not have a null terminator WriteProcessMemory(hProcess, (LPVOID)(wDetectorBaseAddress + offset.at(i)), buff, vals.at(i).size() + a, NULL); } } wLog(LOG_INFO, L"wDetector translated"); return true; }