Untitled

 avatar
unknown
c_cpp
a year ago
7.0 kB
4
Indexable
#include "..\misc\Includes.h"
#include "../misc/Config.h"
#include "../functions/functions.hpp"

bool is_cheat_engine_installed() {
    HKEY hKey;
    LONG result;

    // Open the root key for searching (in this case, HKEY_LOCAL_MACHINE)
    result = RegOpenKeyEx(HKEY_LOCAL_MACHINE, TEXT("SOFTWARE\\Cheat Engine"), 0, KEY_READ, &hKey);
    if (result == ERROR_SUCCESS) {
        std::cout << "Cheat Engine found in registry under HKEY_LOCAL_MACHINE." << std::endl;
        RegCloseKey(hKey);
        return true;
    }
    else {
        // If not found under HKEY_LOCAL_MACHINE, try under HKEY_CURRENT_USER
        result = RegOpenKeyEx(HKEY_CURRENT_USER, TEXT("SOFTWARE\\Cheat Engine"), 0, KEY_READ, &hKey);
        if (result == ERROR_SUCCESS) {
            std::cout << "Cheat Engine found in registry under HKEY_CURRENT_USER." << std::endl;
            RegCloseKey(hKey);
            return true;
        }
        else {
            std::cout << "Cheat Engine not found in registry." << std::endl;
            return false;
        }
    }
}

// Function to check if a process name is a known system process (e.g., browser, explorer)
bool IsSystemProcess(const std::wstring& processName) {
    return processName.find(L"chrome.exe") != std::wstring::npos ||
        processName.find(L"firefox.exe") != std::wstring::npos ||
        processName.find(L"iexplore.exe") != std::wstring::npos ||
        processName.find(L"edge.exe") != std::wstring::npos ||
        processName.find(L"explorer.exe") != std::wstring::npos;
}

// Function to get the process name from the process ID
std::wstring GetProcessNameFromID(DWORD processId) {
    std::wstring processName;
    HANDLE hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, processId);
    if (hProcess) {
        wchar_t buffer[MAX_PATH];
        DWORD bufferSize = sizeof(buffer) / sizeof(buffer[0]);
        if (QueryFullProcessImageNameW(hProcess, 0, buffer, &bufferSize)) {
            processName = buffer;
            // Extract only the filename from the full path
            size_t pos = processName.find_last_of(L"\\");
            if (pos != std::wstring::npos && pos + 1 < processName.size()) {
                processName = processName.substr(pos + 1);
            }
        }
        CloseHandle(hProcess);
    }
    return processName;
}

// Function to enumerate window titles, class names, process IDs, and process names
std::vector<std::tuple<std::wstring, std::wstring, DWORD, std::wstring>> EnumerateWindowTitlesClassNamesProcessIDsAndNames() {
    std::vector<std::tuple<std::wstring, std::wstring, DWORD, std::wstring>> windowInfo;
    HWND hwnd = GetTopWindow(nullptr);

    while (hwnd) {
        wchar_t title[256];
        wchar_t className[256];
        DWORD processId = 0;
        if (IsWindowVisible(hwnd) || IsIconic(hwnd)) {
            GetWindowText(hwnd, title, sizeof(title) / sizeof(title[0]));
            GetClassName(hwnd, className, sizeof(className) / sizeof(className[0]));
            GetWindowThreadProcessId(hwnd, &processId);
            std::wstring processName = GetProcessNameFromID(processId);
            windowInfo.push_back(std::make_tuple(title, className, processId, processName));
        }
        hwnd = GetNextWindow(hwnd, GW_HWNDNEXT);
    }

    return windowInfo;
}

// Function to check if any search strings are present in window titles or class names
bool CheckForSearchStringsInWindows() {
    auto windowInfo = EnumerateWindowTitlesClassNamesProcessIDsAndNames();
    bool searchStringDetected = false;

    for (const auto& tuple : windowInfo) {
        const std::wstring& title = std::get<0>(tuple);
        const std::wstring& className = std::get<1>(tuple);
        DWORD processId = std::get<2>(tuple);
        const std::wstring& processName = std::get<3>(tuple);

        // Skip known system processes (browsers, explorer, etc.)
        if (IsSystemProcess(processName))
            continue;

        // Check for search strings in window titles or class names
        for (const auto& search_string : search_strings) {
            if (title.find(search_string) != std::wstring::npos ||
                className.find(search_string) != std::wstring::npos) {
                // Print out the window titles, class names, process IDs, and process names containing the search string
                std::wcout << L"Blacklisted String Detected: Title - " << title << L", Class Name - " << className << L", Process ID - " << processId << L", Process Name - " << processName << std::endl;
                searchStringDetected = true;

                // Terminate the process associated with the blacklisted window
                terminate_process_by_name(processName);
            }
        }
    }

    return searchStringDetected;
}

bool IsCheatEngineDriverLoaded(const wchar_t* driverName)
{
    // Get the maximum number of drivers
    const int MAX_DRIVERS = 1024;
    HMODULE hMods[MAX_DRIVERS];
    DWORD cbNeeded;

    // Enumerate the loaded kernel-mode drivers
    if (EnumDeviceDrivers(reinterpret_cast<LPVOID*>(&hMods), sizeof(hMods), &cbNeeded))
    {
        int numDrivers = cbNeeded / sizeof(HMODULE);
        for (int i = 0; i < numDrivers; i++)
        {
            TCHAR szDriverName[MAX_PATH];
            // Get the base name of the driver
            if (GetDeviceDriverBaseName(hMods[i], szDriverName, sizeof(szDriverName) / sizeof(TCHAR)))
            {
                // Check if the driver name matches
                if (_wcsicmp(szDriverName, driverName) == 0)
                {
                    std::wcout << L"Cheat Engine driver (" << driverName << L") found." << std::endl;

                    // Get driver module information to retrieve the load time
                    MODULEINFO moduleInfo;
                    if (GetModuleInformation(GetCurrentProcess(), hMods[i], &moduleInfo, sizeof(moduleInfo)))
                    {
                        FILETIME ftCreationTime, ftLastAccessTime, ftLastWriteTime;
                        if (GetFileTime(hMods[i], &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime))
                        {
                            SYSTEMTIME stUTC, stLocal;
                            FileTimeToSystemTime(&ftLastWriteTime, &stUTC);
                            SystemTimeToTzSpecificLocalTime(NULL, &stUTC, &stLocal);

                            std::wcout << L"Last loaded time: " << stLocal.wYear << L"-" << stLocal.wMonth << L"-" << stLocal.wDay
                                << L" " << stLocal.wHour << L":" << stLocal.wMinute << L":" << stLocal.wSecond << std::endl;
                        }
                    }

                    return true;
                }
            }
        }
    }

    // If the driver is not found
    std::wcout << L"Cheat Engine driver (" << driverName << L") not found." << std::endl;
    return false;
}
Editor is loading...
Leave a Comment