Untitled
unknown
c_cpp
a year ago
7.0 kB
4
Indexable
#include "..\misc\Includes.h" #include "../misc/Config.h" #include "../functions/functions.hpp" bool is_cheat_engine_installed() { HKEY hKey; LONG result; // Open the root key for searching (in this case, HKEY_LOCAL_MACHINE) result = RegOpenKeyEx(HKEY_LOCAL_MACHINE, TEXT("SOFTWARE\\Cheat Engine"), 0, KEY_READ, &hKey); if (result == ERROR_SUCCESS) { std::cout << "Cheat Engine found in registry under HKEY_LOCAL_MACHINE." << std::endl; RegCloseKey(hKey); return true; } else { // If not found under HKEY_LOCAL_MACHINE, try under HKEY_CURRENT_USER result = RegOpenKeyEx(HKEY_CURRENT_USER, TEXT("SOFTWARE\\Cheat Engine"), 0, KEY_READ, &hKey); if (result == ERROR_SUCCESS) { std::cout << "Cheat Engine found in registry under HKEY_CURRENT_USER." << std::endl; RegCloseKey(hKey); return true; } else { std::cout << "Cheat Engine not found in registry." << std::endl; return false; } } } // Function to check if a process name is a known system process (e.g., browser, explorer) bool IsSystemProcess(const std::wstring& processName) { return processName.find(L"chrome.exe") != std::wstring::npos || processName.find(L"firefox.exe") != std::wstring::npos || processName.find(L"iexplore.exe") != std::wstring::npos || processName.find(L"edge.exe") != std::wstring::npos || processName.find(L"explorer.exe") != std::wstring::npos; } // Function to get the process name from the process ID std::wstring GetProcessNameFromID(DWORD processId) { std::wstring processName; HANDLE hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, processId); if (hProcess) { wchar_t buffer[MAX_PATH]; DWORD bufferSize = sizeof(buffer) / sizeof(buffer[0]); if (QueryFullProcessImageNameW(hProcess, 0, buffer, &bufferSize)) { processName = buffer; // Extract only the filename from the full path size_t pos = processName.find_last_of(L"\\"); if (pos != std::wstring::npos && pos + 1 < processName.size()) { processName = processName.substr(pos + 1); } } CloseHandle(hProcess); } return processName; } // Function to enumerate window titles, class names, process IDs, and process names std::vector<std::tuple<std::wstring, std::wstring, DWORD, std::wstring>> EnumerateWindowTitlesClassNamesProcessIDsAndNames() { std::vector<std::tuple<std::wstring, std::wstring, DWORD, std::wstring>> windowInfo; HWND hwnd = GetTopWindow(nullptr); while (hwnd) { wchar_t title[256]; wchar_t className[256]; DWORD processId = 0; if (IsWindowVisible(hwnd) || IsIconic(hwnd)) { GetWindowText(hwnd, title, sizeof(title) / sizeof(title[0])); GetClassName(hwnd, className, sizeof(className) / sizeof(className[0])); GetWindowThreadProcessId(hwnd, &processId); std::wstring processName = GetProcessNameFromID(processId); windowInfo.push_back(std::make_tuple(title, className, processId, processName)); } hwnd = GetNextWindow(hwnd, GW_HWNDNEXT); } return windowInfo; } // Function to check if any search strings are present in window titles or class names bool CheckForSearchStringsInWindows() { auto windowInfo = EnumerateWindowTitlesClassNamesProcessIDsAndNames(); bool searchStringDetected = false; for (const auto& tuple : windowInfo) { const std::wstring& title = std::get<0>(tuple); const std::wstring& className = std::get<1>(tuple); DWORD processId = std::get<2>(tuple); const std::wstring& processName = std::get<3>(tuple); // Skip known system processes (browsers, explorer, etc.) if (IsSystemProcess(processName)) continue; // Check for search strings in window titles or class names for (const auto& search_string : search_strings) { if (title.find(search_string) != std::wstring::npos || className.find(search_string) != std::wstring::npos) { // Print out the window titles, class names, process IDs, and process names containing the search string std::wcout << L"Blacklisted String Detected: Title - " << title << L", Class Name - " << className << L", Process ID - " << processId << L", Process Name - " << processName << std::endl; searchStringDetected = true; // Terminate the process associated with the blacklisted window terminate_process_by_name(processName); } } } return searchStringDetected; } bool IsCheatEngineDriverLoaded(const wchar_t* driverName) { // Get the maximum number of drivers const int MAX_DRIVERS = 1024; HMODULE hMods[MAX_DRIVERS]; DWORD cbNeeded; // Enumerate the loaded kernel-mode drivers if (EnumDeviceDrivers(reinterpret_cast<LPVOID*>(&hMods), sizeof(hMods), &cbNeeded)) { int numDrivers = cbNeeded / sizeof(HMODULE); for (int i = 0; i < numDrivers; i++) { TCHAR szDriverName[MAX_PATH]; // Get the base name of the driver if (GetDeviceDriverBaseName(hMods[i], szDriverName, sizeof(szDriverName) / sizeof(TCHAR))) { // Check if the driver name matches if (_wcsicmp(szDriverName, driverName) == 0) { std::wcout << L"Cheat Engine driver (" << driverName << L") found." << std::endl; // Get driver module information to retrieve the load time MODULEINFO moduleInfo; if (GetModuleInformation(GetCurrentProcess(), hMods[i], &moduleInfo, sizeof(moduleInfo))) { FILETIME ftCreationTime, ftLastAccessTime, ftLastWriteTime; if (GetFileTime(hMods[i], &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime)) { SYSTEMTIME stUTC, stLocal; FileTimeToSystemTime(&ftLastWriteTime, &stUTC); SystemTimeToTzSpecificLocalTime(NULL, &stUTC, &stLocal); std::wcout << L"Last loaded time: " << stLocal.wYear << L"-" << stLocal.wMonth << L"-" << stLocal.wDay << L" " << stLocal.wHour << L":" << stLocal.wMinute << L":" << stLocal.wSecond << std::endl; } } return true; } } } } // If the driver is not found std::wcout << L"Cheat Engine driver (" << driverName << L") not found." << std::endl; return false; }
Editor is loading...
Leave a Comment