1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170
|
int WriteAllocCave(LPCWSTR szProcessName, LPCWSTR szModuleName, DWORD dwOffset, BYTE szOrigCode[], int nOrigCode, BYTE szCaveCode[], int nCaveCode)
{
HANDLE hProcess;
DWORD BaseAddress, lpAddress, dwOldProtect, nNops, lpBackAddress;
LPVOID lpCaveAddress;
char* BytesRead[255];
DWORD szJumpBytes[9] = {0x0E9, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90};
BYTE szJumpBack[5] = {0x0E9, 0x90, 0x90, 0x90, 0x90};
hProcess = GetProcessHandle(szProcessName);
if (hProcess == 0)
{
MessageBox(NULL, _T("Couldn't get process handle!"), szErrorTitle, NULL);
return 0;
}
BaseAddress = GetModuleBaseAddress(szProcessName, szModuleName);
if (BaseAddress == 0)
{
MessageBox(NULL, _T("Couldn't get module base address!"), szErrorTitle, NULL);
return 0;
}
lpAddress = (DWORD)BaseAddress + dwOffset;
int iCaveSize = nCaveCode + 5;
if((lpCaveAddress = VirtualAllocEx(hProcess, 0, iCaveSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE)) == 0)
{
MessageBox(NULL, _T("Failed to allocate memory!"), szErrorTitle, NULL);
return 0;
}
void* var = &szJumpBytes;
__asm
{
pushad
mov ebx, lpCaveAddress
mov ecx, lpAddress
add ecx, 5
sub ebx, ecx ;
mov edx, ebx ;
shr edx, 16
mov eax, var
mov byte ptr [eax+1], bl ;
mov byte ptr [eax+2], bh
mov byte ptr [eax+3], dl
mov byte ptr [eax+4], dh
;
mov ebx, nOrigCode ;
sub ebx, 5 ;
mov nNops, ebx ;
mov edx, 4
xor ebx, ebx
start:
cmp nNops, ebx
je End
INC edx
INC ebx
mov byte ptr [eax+edx], 144 ;
jmp start
End:
popad
}
if (VirtualProtectEx(hProcess, (LPVOID)lpAddress, nOrigCode, PAGE_EXECUTE_READWRITE, &dwOldProtect) == 0)
{
MessageBox(NULL, _T("VirtualProtectEx failed!"), szErrorTitle, NULL);
return 0;
}
if(ReadProcessMemory(hProcess, (LPVOID)lpAddress, (LPVOID)BytesRead, nOrigCode, 0) == 0)
{
MessageBox(NULL, _T("ReadProcessMemory failed!"), szErrorTitle, NULL);
return 0;
}
if(memcmp((const void*)BytesRead, szOrigCode, nOrigCode) == 0)
{
if((WriteProcessMemory(hProcess, (LPVOID)lpCaveAddress, (LPCVOID)szCaveCode, nCaveCode, 0)) == 0)
{
MessageBox(NULL, _T("Failed to write to process memory.."), szErrorTitle, NULL); return 0;
}
else
{
lpBackAddress = (DWORD)lpCaveAddress + nCaveCode;
var = &szJumpBack;
__asm
{
pushad ;
mov ebx, lpAddress
add ebx, 5 ;
mov ecx, lpBackAddress
add ecx, 5
sub ebx, ecx
mov edx, ebx ;
shr edx, 16
mov eax, var
mov byte ptr [eax+1], bl ;
mov byte ptr [eax+2], bh
mov byte ptr [eax+3], dl
mov byte ptr [eax+4], dh
popad ;
}
if((WriteProcessMemory(hProcess, (LPVOID)lpBackAddress, (LPCVOID)szJumpBack, sizeof szJumpBack, 0)) == 0)
{
MessageBox(NULL, _T("Failed to write to process memory.."), szErrorTitle, NULL);
return 0;
}
else
{
if((WriteProcessMemory(hProcess, (LPVOID)lpAddress, (LPCVOID)szJumpBytes, nOrigCode, 0)) == 0)
{
MessageBox(NULL, _T("Failed to write to process memory.."), szErrorTitle, NULL);
return 0;
}
else
{
Beep(0x1000,200);
return 1;
}
}
}
}
else if (memcmp((const void*)BytesRead, szJumpBytes, 1) == 0)
{
if ((WriteProcessMemory(hProcess, (LPVOID)lpAddress, (LPCVOID)szOrigCode, nOrigCode, 0)) == 0)
{
MessageBox(NULL, _T("Failed to write to process memory.."), szErrorTitle, NULL);
return 0;
}
else
{
Beep(0x500,200);
return 1;
}
}
else
{
MessageBox(NULL, _T("You have the wrong gameversion!"), szErrorTitle, NULL);
return 0;
}
return 0;
}
|