VOID MapHack() { if (!GameCheck()) { return; } if (OnCheck) { OnCheck = FALSE; PatchDll(DllBase + 0x3a159b, "\x90\x90", 2); PatchDll(DllBase + 0x36143C, "\x00", 1); PatchDll(DllBase + 0x282A5C, "\x40\xC3", 2); PatchDll(DllBase + 0x399A98, "\xEB", 1); PrintText("|CFFFAFF21Cheat Real|R : |CFFFF0000Hack On|R"); } else { OnCheck = TRUE; PatchDll(DllBase + 0x3a159b, "\x23\xCA", 2); PatchDll(DllBase + 0x36143C, "\x01", 1); PatchDll(DllBase + 0x282A5C, "\xC3\xCC", 2); PatchDll(DllBase + 0x399A98, "\x74", 1); PrintText("|CFFFAFF21Cheat Real|R : |CFFFF0000Hack OFF|R"); } }
PPROFBLK SetupProfiling(LPCTSTR ptchFileName) { PVOID ImageBase; PPROFBLK pProfBlk; PPROFBLK pPrevProfBlk; ULONG ulBlkOff; LPCSTR ptchImageName; TCHAR atchImageName [256]; PIMAGE_NT_HEADERS pImageNtHeader; IMAGEHLP_MODULE ModuleInfo; // Skip directory name if ( (ptchImageName = strrchr(ptchFileName, '\\')) ) ptchImageName++; else ptchImageName = (PTCHAR)ptchFileName; // Make uppercase copy _strupr (strcpy (atchImageName, ptchImageName)); // Don't profile CAP if ( !strcmp (atchImageName, CAPDLL) ) return NULL; // Search prof blk list for matching image name pPrevProfBlk = NULL; ulBlkOff = ulLocProfBlkOff; while (ulBlkOff != 0) { pPrevProfBlk = MKPPROFBLK(ulBlkOff); // If found image, no need to set up new block if (!strcmp((PCHAR)pPrevProfBlk->atchImageName, atchImageName)) return FALSE; ulBlkOff = pPrevProfBlk->ulNxtBlk; } try // Accessing new block can cause an access fault // which will extend the allocation { // Place block at next available offset pProfBlk = MKPPROFBLK(*pulProfBlkBase); // Fill in initial values pProfBlk->ImageBase =0; pProfBlk->CodeStart = 0; pProfBlk->CodeLength = 0; pProfBlk->iSymCnt = 0; pProfBlk->State = BLKSTATE_ASSIGNED; pProfBlk->ulNxtBlk = 0; strcpy ((TCHAR *) pProfBlk->atchImageName, atchImageName); // Link to previous block or initial block offset if (pPrevProfBlk) pPrevProfBlk->ulNxtBlk = *pulProfBlkBase; else ulLocProfBlkOff = *pulProfBlkBase; // Load module symbols ImageBase = GetModuleHandle(ptchImageName); SymLoadModule(hThisProcess, NULL, (LPSTR)ptchFileName, (LPSTR)ptchImageName, (DWORD)ImageBase, 0); if (ImageBase != NULL) { pProfBlk->ImageBase = ImageBase; // Get code start address if ((pImageNtHeader = ImageNtHeader(ImageBase)) != NULL) { pProfBlk->CodeStart = (PULONG)((TCHAR *)ImageBase + pImageNtHeader->OptionalHeader.BaseOfCode); } else { // If can't get code start, use imagebase as next best guess pProfBlk->CodeStart = ImageBase; } #if defined(MIPS) && !defined(MIPS_VC40_INTERFACE) // Enumerate symbols to find adress of _penter fPenterFound = FALSE; SymEnumerateSymbols(hThisProcess, (DWORD)ImageBase, FindPenterCallback, (PVOID)pProfBlk); #endif // MIPS && !MIPS_VC40_INTERFACE // Get module info for symbols count SymGetModuleInfo(hThisProcess, (DWORD)ImageBase, &ModuleInfo); pProfBlk->iSymCnt = ModuleInfo.NumSyms; // Determine location for symbols and symbol names pProfSymb = (PSYMINFO)(&pProfBlk->atchImageName[strlen(atchImageName) + 1]); pProfBlk->ulSym = (PTCHAR)pProfSymb - (PTCHAR)pulProfBlkBase; pcProfSymbName = (PTCHAR)&pProfSymb[ModuleInfo.NumSyms]; // Now enumerate symbols to build up symbol table ulMaxSymbAddr = (ULONG)pProfBlk->CodeStart; SymEnumerateSymbols(hThisProcess, (DWORD)ImageBase, SymbolEnumCallback, (PVOID)pProfBlk); // Set symbol range based on max symbol address encountered if (ulMaxSymbAddr > (ULONG)pProfBlk->CodeStart) pProfBlk->CodeLength = ulMaxSymbAddr - (ULONG)pProfBlk->CodeStart; // Update pointer to available space *pulProfBlkBase = (ULONG)(pcProfSymbName - (PTCHAR)pulProfBlkBase); // Unload the module SymUnloadModule(hThisProcess, (DWORD)ImageBase); // Do any requested import/export patching PatchDll (ptchPatchImports, ptchPatchCallers, bCallersToPatch, atchImageName, ImageBase); } else { // No symbols - Update offset to next free space *pulProfBlkBase = (ULONG)&pProfBlk->atchImageName[strlen(atchImageName) + 1] -(ULONG)pulProfBlkBase; } // ImageBase != NULL } // // + : transfer control to the handler (EXCEPTION_EXECUTE_HANDLER) // 0 : continue search (EXCEPTION_CONTINUE_SEARCH) // - : dismiss exception & continue (EXCEPTION_CONTINUE_EXECUTION) // except ( AccessXcptFilter (GetExceptionCode(), GetExceptionInformation(), COMMIT_SIZE)) { // Should never get here since filter never returns // EXCEPTION_EXECUTE_HANDLER. CapDbgPrint ("CAP: DoDllInitializations() - *LOGIC ERROR* - " "Inside the EXCEPT: (xcpt=0x%lx)\n", GetExceptionCode()); } // end of TRY/EXCEPT return pProfBlk; }