Source:BF2Password/bf2pass.cpp
Source.
Parent Directory: Source:BF2Password
Plain Code: edit
#include <windows.h>#include <iostream>#include <Tlhelp32.h>#include "colors.cpp"using namespace std;
DWORD GetPID (char* proc);
void EnableDebugPriv();
DWORD GetDLL (char* DllName, DWORD tPid);
int main(int argc, char *argv[])
{SetColor(-1,1);
ClearConsole();
SetColor(7);
cout <<" |||||||||||||||||||||||||||||||||||||||||||||||||| ||\n";
SetColor(-21);
cout << " ~ TyranO's Battlefield 2 Pass Recover for BF2 1.41 ~\n";
SetColor(7);
cout <<" |||||||||||||||||||||||||||||||||||||||||||||||||| ||\n" << endl;
SetColor(11);
char str[24];
char buf[24];
int key = 10000;
strcpy(str, "Dibq~_7c0RV\"0`qcc0Bus_fub0");
for(int i=0;i < strlen(str);i++) {
char enc = (char)((int)str[i] ^ key);
//char dec = (char)((int)enc ^ key);//printf("char: %c (enc: %c)\n", str[i], enc);buf[i] = enc;
}buf[strlen(str)] = 0;
SetConsoleTitle(buf);
if(GetPID("BF2.exe") == 0)
{SetColor(-4);
cout << "BF2 was not found." << endl << endl;
SetColor(-1);
system("Pause");
exit(0);
}else{SetColor(-1);
cout << "Select or log in the account from which you want to recover the password." << endl << endl;
DWORD Address = 36977564;
DWORD Buffer = 0;
SIZE_T BytesRead = 0;
HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, false, GetPID("BF2.exe"));
EnableDebugPriv();
for(;;)
{char Name[20];
Name[19] = 0;
for( unsigned int i = 0; i < 19; i++ )
{ReadProcessMemory( hProc, (LPVOID)( Address + i ), &Buffer, 1, &BytesRead );
Name[i] = Buffer;
}SetColor(10);
cout << "Your current password is: ";
SetColor(-20);
cout << Name << endl << endl;
SetColor(-1);
system("Pause");
cout << endl;
}}}// Get PID for process (proc).DWORD GetPID (char* proc)
{BOOL working=0;
PROCESSENTRY32 lppe= {0};
DWORD targetPid=0;
HANDLE hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROC ESS ,0);
if (hSnapshot)
{lppe.dwSize=sizeof(lppe);
working=Process32First(hSnapshot,&lppe);
while (working)
{if (_stricmp(lppe.szExeFile,proc)==0)
{targetPid=lppe.th32ProcessID;
break;
}working=Process32Next(hSnapshot,&lppe);
}}CloseHandle( hSnapshot );
return targetPid;
}// Debug Priviledges.void EnableDebugPriv()
{HANDLE hToken;LUID sedebugnameValue;TOKEN_PRIVILEGES tkp;OpenProcessToken( GetCurrentProcess( ), TOKEN_ADJUST_PRIVILEGES |TOKEN_QUERY, &hToken );
LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue );
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges( hToken, false, &tkp, sizeof( tkp ), NULL, NULL );
CloseHandle( hToken );
}// DLL Base (6F).DWORD GetDLL(char* DllName, DWORD tPid)
{HANDLE snapMod;MODULEENTRY32 me32;if (tPid == 0) return 0;
snapMod = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, tPid);
me32.dwSize = sizeof(MODULEENTRY32);
if (Module32First(snapMod, &me32)){
do{
if (strcmp(DllName,me32.szModule) == 0){
CloseHandle(snapMod);
return (DWORD) me32.modBaseAddr;
}}while(Module32Next(snapMod,&me32));
}CloseHandle(snapMod);
return 0;
}