Source:SimpleBF2Hack/bf2hack.cpp

From Codemotion
Jump to: navigation, search

Source:SimpleBF2Hack/bf2hack.cpp

Description

Simple BF2 Hack Source.

Code

Parent Directory: Source:SimpleBF2Hack
Plain Code: edit 

  1. #include <windows.h>
  2. #include <Tlhelp32.h>
  3. #include <iostream>
  4. #define WRITE(i,w,l) WriteProcessMemory(hProc,reinterpret_cast<LPVOID>(GameDLL + i),w,l,&dSize)
  5.  
  6. using namespace std;
  7.  
  8. DWORD GetPID (char* proc);
  9. void EnableDebugPriv();
  10. DWORD GetDLL (char* DllName, DWORD tPid);
  11.  
  12. int main(void)
  13. {
  14.     char str[24];
  15. 	char buf[24];
  16. 	int key = 10000;
  17.  
  18. 	strcpy(str, "Dibq~_7c0RV\"0Dqw0Xqs{7");
  19.  
  20. 	for(int i=0;i < strlen(str);i++) {
  21. 		char enc = (char)((int)str[i] ^ key);
  22. 		buf[i] = enc;
  23. 	}
  24. 	buf[strlen(str)] = 0;
  25.  
  26.     SetConsoleTitle(buf);
  27.  
  28.     if(GetPID("BF2.exe") == 0)
  29.     {
  30.         cout << "Please open BF2 1.41 before loading the hack." << endl << endl;
  31.         system("Pause");
  32.         return(0);
  33.     }
  34.     else
  35.     {
  36.         EnableDebugPriv();
  37.         HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, false, GetPID("BF2.exe"));
  38.         if(hProc)
  39. { 
  40.               cout << "BF2 Hack by TyranO loaded!" << endl << endl;
  41.               DWORD GameDLL = GetDLL("RendDX9.dll",GetPID("BF2.exe"));
  42.               DWORD NullBase = GetDLL("BF2.dll",GetPID("BF2.exe"));
  43.               DWORD dSize = 0;
  44.               SIZE_T BytesRead = 0;
  45.  
  46.               //Offset 1 (Fade out delay)
  47.               DWORD Address1 = 1227505;
  48.               DWORD Address2 = 1227506;
  49.               DWORD Address3 = 1227507;
  50.               DWORD Address4 = 1227508;
  51.               DWORD Buffer1 = 0;
  52.               DWORD Buffer2 = 0;
  53.               DWORD Buffer3 = 0;
  54.               DWORD Buffer4 = 0;
  55.  
  56.               // Offset 2 (Fade out delay fix)
  57.               DWORD Address5 = 1235082;
  58.               DWORD Address6 = 1235083;
  59.               DWORD Address7 = 1235084;
  60.               DWORD Address8 = 1235085;             
  61.               DWORD Buffer5 = 0;
  62.               DWORD Buffer6 = 0;
  63.               DWORD Buffer7 = 0;
  64.               DWORD Buffer8 = 0;
  65.  
  66.               // Offset 3 (Death delay)
  67.               DWORD Address9  = 1234918;
  68.               DWORD Address10 = 1234919;
  69.               DWORD Address11 = 1234920;
  70.               DWORD Address12 = 1234921;             
  71.               DWORD Buffer9  = 0;
  72.               DWORD Buffer10 = 0;
  73.               DWORD Buffer11 = 0;
  74.               DWORD Buffer12 = 0;
  75.  
  76.               // Offset 4 (Gun point tag delay)
  77.               DWORD Address13 = 1234473;
  78.               DWORD Address14 = 1234474;
  79.               DWORD Address15 = 1234475;
  80.               DWORD Address16 = 1234476;             
  81.               DWORD Buffer13  = 0;
  82.               DWORD Buffer14 = 0;
  83.               DWORD Buffer15 = 0;
  84.               DWORD Buffer16 = 0;
  85.  
  86.  
  87.               // Read Offset 1 ( 12BAEF )
  88.               ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address1), &Buffer1, 1, &BytesRead );
  89.               ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address2), &Buffer2, 1, &BytesRead );
  90.               ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address3), &Buffer3, 1, &BytesRead );
  91.               ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address4), &Buffer4, 1, &BytesRead );
  92.  
  93.               //Read Offset 2 ( 12D888 )
  94.               ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address5), &Buffer5, 1, &BytesRead );
  95.               ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address6), &Buffer6, 1, &BytesRead );
  96.               ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address7), &Buffer7, 1, &BytesRead );
  97.               ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address8), &Buffer8, 1, &BytesRead );
  98.  
  99.               //Read Offset 3 ( 12D7E4 )
  100.               ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address9), &Buffer9, 1, &BytesRead );
  101.               ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address10), &Buffer10, 1, &BytesRead );
  102.               ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address11), &Buffer11, 1, &BytesRead );
  103.               ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address12), &Buffer12, 1, &BytesRead );
  104.  
  105.               //Read Offset 4 ( 12D627 )
  106.               ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address13), &Buffer13, 1, &BytesRead );
  107.               ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address14), &Buffer14, 1, &BytesRead );
  108.               ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address15), &Buffer15, 1, &BytesRead );
  109.               ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address16), &Buffer16, 1, &BytesRead );
  110.  
  111.               DWORD Offset =  (Buffer4 * 16777216 + Buffer3* 65536 + Buffer2 * 256 + Buffer1 * 1 - GameDLL + 6);
  112.               DWORD Offset2 = (Buffer8 * 16777216 + Buffer7* 65536 + Buffer6 * 256 + Buffer5 * 1 - GameDLL + 0);
  113.               DWORD Offset3 = (Buffer12 * 16777216 + Buffer11* 65536 + Buffer10 * 256 + Buffer9 * 1 - GameDLL + 2);
  114.               DWORD Offset4 = (Buffer16 * 16777216 + Buffer15* 65536 + Buffer14 * 256 + Buffer13 * 1 - GameDLL + 6);
  115.  
  116.               DWORD FullOffset = Offset + GameDLL;
  117.               DWORD FullOffset2 = Offset2 + GameDLL;
  118.               DWORD FullOffset3 = Offset3 + GameDLL;
  119.               DWORD FullOffset4 = Offset4 + GameDLL;
  120.  
  121.               cout << "Base is:    " << GameDLL     << endl << endl;
  122.               cout << "Offset1 is: " << FullOffset  << endl << endl;
  123.               cout << "Offset2 is: " << FullOffset2 << endl << endl;
  124.               cout << "Offset3 is: " << FullOffset3 << endl << endl;
  125.               cout << "Offset4 is: " << FullOffset4 << endl << endl;
  126.  
  127.               // Writing offset 1 (Protected).
  128.               unsigned long Protection;   
  129.               VirtualProtectEx((void*)hProc,(void*)FullOffset,sizeof( Offset ),PAGE_READWRITE, &Protection);
  130.               //WRITE (Offset,"\x21\xD7\xE6\xFA\xE0\x31\xF4\x45",8);
  131.               WRITE (Offset,"\xF0\x7F",2);
  132.               if(dSize == 0)
  133. 			  {
  134.               cout << "Failed to write at offset." << endl<< endl;
  135. 			  }
  136. 			  VirtualProtectEx((void*)hProc,(void*)FullOffset,sizeof( Offset ),Protection, 0);
  137.  
  138. 			  // Writing offset 2 (Not protected).
  139.               WRITE (Offset2,"\x08\x8F\xA1\x6F",4);
  140.               if(dSize == 0)
  141. 			  {
  142.               cout << "Failed to write at offset2." << endl<< endl;
  143. 			  }
  144.  
  145. 			  // Writing offset 3 (Not protected).
  146.               WRITE (Offset3,"\x80\x7F",2);
  147.               if(dSize == 0)
  148. 			  {
  149.               cout << "Failed to write at offset3." << endl<< endl;
  150. 			  }
  151.  
  152. 			  // Writing offset 4 (Protected).
  153.               VirtualProtectEx((void*)hProc,(void*)FullOffset4,sizeof( Offset4 ),PAGE_READWRITE, &Protection); 
  154.               WRITE (Offset4,"\x00\x00",2);
  155.               if(dSize == 0)
  156. 			  {
  157.               cout << "Failed to write at offset4." << endl<< endl;
  158. 			  }
  159. 			  cout << Buffer13;
  160. 			  VirtualProtectEx((void*)hProc,(void*)FullOffset4,sizeof( Offset4 ),Protection, 0);
  161. 	          DWORD WINAPI GetLastError(void);
  162.               system("Pause");
  163. }
  164. }
  165. }            
  166.  
  167. // Get PID for process (proc).
  168. DWORD GetPID (char* proc)
  169. {
  170. 	BOOL			working=0;
  171. 	PROCESSENTRY32  lppe= {0};
  172. 	DWORD			targetPid=0;
  173. 	HANDLE hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS ,0);
  174.  
  175. 	if (hSnapshot) 
  176. 	{
  177. 		lppe.dwSize=sizeof(lppe);
  178. 		working=Process32First(hSnapshot,&lppe);
  179. 		while (working)
  180. 		{
  181. 			if (_stricmp(lppe.szExeFile,proc)==0)
  182. 			{
  183. 				targetPid=lppe.th32ProcessID;
  184. 				break;
  185. 			}
  186. 			working=Process32Next(hSnapshot,&lppe);
  187. 		}
  188. 	}
  189.  
  190. 	CloseHandle( hSnapshot );
  191. 	return targetPid;
  192. }
  193.  
  194. // Debug Priviledges.
  195. void EnableDebugPriv()
  196. {
  197. 	HANDLE hToken;
  198. 	LUID sedebugnameValue;
  199. 	TOKEN_PRIVILEGES tkp;
  200. 	OpenProcessToken( GetCurrentProcess( ), TOKEN_ADJUST_PRIVILEGES |TOKEN_QUERY, &hToken );
  201. 	LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue );
  202. 	tkp.PrivilegeCount = 1;
  203. 	tkp.Privileges[0].Luid = sedebugnameValue;
  204. 	tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
  205. 	AdjustTokenPrivileges( hToken, false, &tkp, sizeof( tkp ), NULL, NULL );
  206. 	CloseHandle( hToken );
  207. } 
  208.  
  209. // Base
  210. DWORD GetDLL(char* DllName, DWORD tPid)
  211. {
  212. 	HANDLE snapMod;  
  213. 	MODULEENTRY32 me32;
  214.  
  215. 	if (tPid == 0) return 0;
  216. 	snapMod = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, tPid);  
  217. 	me32.dwSize = sizeof(MODULEENTRY32);  
  218.  
  219. 	if (Module32First(snapMod, &me32)){ 
  220. 		do{
  221. 			if (strcmp(DllName,me32.szModule) == 0){ 
  222. 				CloseHandle(snapMod); 
  223. 				return (DWORD) me32.modBaseAddr; 
  224. 			}
  225. 		}while(Module32Next(snapMod,&me32));
  226. 	}
  227.  
  228. 	CloseHandle(snapMod); 
  229. 	return 0;  
  230.  
  231. }
Retrieved from "http://www.codemotion.net/cm/Source:SimpleBF2Hack/bf2hack.cpp"
Personal tools