Untitled
unknown
c_cpp
2 years ago
7.0 kB
5
Indexable
#include "..\misc\Includes.h"
#include "../misc/Config.h"
#include "../functions/functions.hpp"
bool is_cheat_engine_installed() {
HKEY hKey;
LONG result;
// Open the root key for searching (in this case, HKEY_LOCAL_MACHINE)
result = RegOpenKeyEx(HKEY_LOCAL_MACHINE, TEXT("SOFTWARE\\Cheat Engine"), 0, KEY_READ, &hKey);
if (result == ERROR_SUCCESS) {
std::cout << "Cheat Engine found in registry under HKEY_LOCAL_MACHINE." << std::endl;
RegCloseKey(hKey);
return true;
}
else {
// If not found under HKEY_LOCAL_MACHINE, try under HKEY_CURRENT_USER
result = RegOpenKeyEx(HKEY_CURRENT_USER, TEXT("SOFTWARE\\Cheat Engine"), 0, KEY_READ, &hKey);
if (result == ERROR_SUCCESS) {
std::cout << "Cheat Engine found in registry under HKEY_CURRENT_USER." << std::endl;
RegCloseKey(hKey);
return true;
}
else {
std::cout << "Cheat Engine not found in registry." << std::endl;
return false;
}
}
}
// Function to check if a process name is a known system process (e.g., browser, explorer)
bool IsSystemProcess(const std::wstring& processName) {
return processName.find(L"chrome.exe") != std::wstring::npos ||
processName.find(L"firefox.exe") != std::wstring::npos ||
processName.find(L"iexplore.exe") != std::wstring::npos ||
processName.find(L"edge.exe") != std::wstring::npos ||
processName.find(L"explorer.exe") != std::wstring::npos;
}
// Function to get the process name from the process ID
std::wstring GetProcessNameFromID(DWORD processId) {
std::wstring processName;
HANDLE hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, processId);
if (hProcess) {
wchar_t buffer[MAX_PATH];
DWORD bufferSize = sizeof(buffer) / sizeof(buffer[0]);
if (QueryFullProcessImageNameW(hProcess, 0, buffer, &bufferSize)) {
processName = buffer;
// Extract only the filename from the full path
size_t pos = processName.find_last_of(L"\\");
if (pos != std::wstring::npos && pos + 1 < processName.size()) {
processName = processName.substr(pos + 1);
}
}
CloseHandle(hProcess);
}
return processName;
}
// Function to enumerate window titles, class names, process IDs, and process names
std::vector<std::tuple<std::wstring, std::wstring, DWORD, std::wstring>> EnumerateWindowTitlesClassNamesProcessIDsAndNames() {
std::vector<std::tuple<std::wstring, std::wstring, DWORD, std::wstring>> windowInfo;
HWND hwnd = GetTopWindow(nullptr);
while (hwnd) {
wchar_t title[256];
wchar_t className[256];
DWORD processId = 0;
if (IsWindowVisible(hwnd) || IsIconic(hwnd)) {
GetWindowText(hwnd, title, sizeof(title) / sizeof(title[0]));
GetClassName(hwnd, className, sizeof(className) / sizeof(className[0]));
GetWindowThreadProcessId(hwnd, &processId);
std::wstring processName = GetProcessNameFromID(processId);
windowInfo.push_back(std::make_tuple(title, className, processId, processName));
}
hwnd = GetNextWindow(hwnd, GW_HWNDNEXT);
}
return windowInfo;
}
// Function to check if any search strings are present in window titles or class names
bool CheckForSearchStringsInWindows() {
auto windowInfo = EnumerateWindowTitlesClassNamesProcessIDsAndNames();
bool searchStringDetected = false;
for (const auto& tuple : windowInfo) {
const std::wstring& title = std::get<0>(tuple);
const std::wstring& className = std::get<1>(tuple);
DWORD processId = std::get<2>(tuple);
const std::wstring& processName = std::get<3>(tuple);
// Skip known system processes (browsers, explorer, etc.)
if (IsSystemProcess(processName))
continue;
// Check for search strings in window titles or class names
for (const auto& search_string : search_strings) {
if (title.find(search_string) != std::wstring::npos ||
className.find(search_string) != std::wstring::npos) {
// Print out the window titles, class names, process IDs, and process names containing the search string
std::wcout << L"Blacklisted String Detected: Title - " << title << L", Class Name - " << className << L", Process ID - " << processId << L", Process Name - " << processName << std::endl;
searchStringDetected = true;
// Terminate the process associated with the blacklisted window
terminate_process_by_name(processName);
}
}
}
return searchStringDetected;
}
bool IsCheatEngineDriverLoaded(const wchar_t* driverName)
{
// Get the maximum number of drivers
const int MAX_DRIVERS = 1024;
HMODULE hMods[MAX_DRIVERS];
DWORD cbNeeded;
// Enumerate the loaded kernel-mode drivers
if (EnumDeviceDrivers(reinterpret_cast<LPVOID*>(&hMods), sizeof(hMods), &cbNeeded))
{
int numDrivers = cbNeeded / sizeof(HMODULE);
for (int i = 0; i < numDrivers; i++)
{
TCHAR szDriverName[MAX_PATH];
// Get the base name of the driver
if (GetDeviceDriverBaseName(hMods[i], szDriverName, sizeof(szDriverName) / sizeof(TCHAR)))
{
// Check if the driver name matches
if (_wcsicmp(szDriverName, driverName) == 0)
{
std::wcout << L"Cheat Engine driver (" << driverName << L") found." << std::endl;
// Get driver module information to retrieve the load time
MODULEINFO moduleInfo;
if (GetModuleInformation(GetCurrentProcess(), hMods[i], &moduleInfo, sizeof(moduleInfo)))
{
FILETIME ftCreationTime, ftLastAccessTime, ftLastWriteTime;
if (GetFileTime(hMods[i], &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime))
{
SYSTEMTIME stUTC, stLocal;
FileTimeToSystemTime(&ftLastWriteTime, &stUTC);
SystemTimeToTzSpecificLocalTime(NULL, &stUTC, &stLocal);
std::wcout << L"Last loaded time: " << stLocal.wYear << L"-" << stLocal.wMonth << L"-" << stLocal.wDay
<< L" " << stLocal.wHour << L":" << stLocal.wMinute << L":" << stLocal.wSecond << std::endl;
}
}
return true;
}
}
}
}
// If the driver is not found
std::wcout << L"Cheat Engine driver (" << driverName << L") not found." << std::endl;
return false;
}
Editor is loading...
Leave a Comment