external basic

 avatar
Fry
c_cpp
a month ago
2.5 kB
7
Indexable
Never
#include <iostream>
#include <vector>
#include <Windows.h>
#include <TlHelp32.h>

uintptr_t FindDMAAddy(HANDLE hProc, uintptr_t ptr, std::vector<unsigned int> offsets)
{
	uintptr_t addr = ptr;
	for (unsigned int i = 0; i < offsets.size(); ++i)
	{
		ReadProcessMemory(hProc, (BYTE*)addr, &addr, sizeof(addr), 0);
		addr += offsets[i];
	}
	return addr;
}

DWORD GetProcId(const wchar_t* procName)
{
	DWORD procId = 0;
	HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	if (hSnap != INVALID_HANDLE_VALUE)
	{
		PROCESSENTRY32 procEntry;
		procEntry.dwSize = sizeof(procEntry);

		if (Process32First(hSnap, &procEntry))
		{
			do
			{
				if (!_wcsicmp(procEntry.szExeFile, procName))
				{
					procId = procEntry.th32ProcessID;
					break;
				}
			} while (Process32Next(hSnap, &procEntry));

		}
	}
	CloseHandle(hSnap);
	return procId;
}

uintptr_t GetModuleBaseAddress(DWORD procId, const wchar_t* modName)
{
	uintptr_t modBaseAddr = 0;
	HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);
	if (hSnap != INVALID_HANDLE_VALUE)
	{
		MODULEENTRY32 modEntry;
		modEntry.dwSize = sizeof(modEntry);
		if (Module32First(hSnap, &modEntry))
		{
			do
			{
				if (!_wcsicmp(modEntry.szModule, modName))
				{
					modBaseAddr = (uintptr_t)modEntry.modBaseAddr;
					break;
				}
			} while (Module32Next(hSnap, &modEntry));
		}
	}
	CloseHandle(hSnap);
	return modBaseAddr;
}

int main()
{
	DWORD procId = 0; uintptr_t  moduleBase = 0x0; HANDLE hProcess = 0;
	uintptr_t uLocalPlayer = 0x10f4f4; unsigned int uHealth = 0xF8;
	std::cout << "get PID : ";
	procId = GetProcId(L"ac_client.exe");
	if (procId == 0)
	{
		while (true)
		{
			procId = GetProcId(L"ac_client.exe");
			if (procId != 0)
			{
				break;
			}
			Sleep(100);
		}
	}
	std::cout << procId <<"\n";
	moduleBase = GetModuleBaseAddress(procId, L"ac_client.exe");
	hProcess = OpenProcess(PROCESS_ALL_ACCESS, NULL, procId);
	if (hProcess != 0)
	{
		while (true)
		{
			uintptr_t dynamicPtrBaseAddr = moduleBase + uLocalPlayer;
			std::vector<unsigned int> healthOffset = { 0xF8 };

			uintptr_t healthAdr = FindDMAAddy(hProcess, dynamicPtrBaseAddr, healthOffset);
			int health = 1337;
			WriteProcessMemory(hProcess, (BYTE*)healthAdr, &health, sizeof(health), nullptr);
			std::cout <<std::hex<< healthAdr <<" write ptr health  = "<<std::dec << health << std::endl;
			Sleep(10);
		}
	}
}
Leave a Comment