-
-
Save Zigzagix/c6311ef3edc5e0aa62eb25c1f7781565 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <TlHelp32.h> | |
#include <iostream> | |
#include <tchar.h> | |
#include <vector> | |
#include <stdlib.h> | |
uintptr_t GetModuleBaseAddress(DWORD procId, const wchar_t* modName) | |
{ | |
uintptr_t modBaseAddr = 0; | |
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId); | |
if (hSnap != INVALID_HANDLE_VALUE) { | |
MODULEENTRY32W modEntry; | |
modEntry.dwSize = sizeof(modEntry); | |
if (Module32FirstW(hSnap, &modEntry)) { | |
do { | |
if (!_wcsicmp(modEntry.szModule, modName)) { | |
modBaseAddr = (uintptr_t)modEntry.modBaseAddr; | |
break; | |
} | |
} while (Module32NextW(hSnap, &modEntry)); | |
} | |
} | |
CloseHandle(hSnap); | |
return modBaseAddr; | |
} | |
DWORD GetProcIdByModuleName(const wchar_t* moduleName) | |
{ | |
DWORD procId = 0; | |
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); | |
if (hSnap != INVALID_HANDLE_VALUE) { | |
PROCESSENTRY32W procEntry; | |
procEntry.dwSize = sizeof(procEntry); | |
if (Process32FirstW(hSnap, &procEntry)) { | |
do { | |
HANDLE hModSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procEntry.th32ProcessID); | |
if (hModSnap != INVALID_HANDLE_VALUE) { | |
MODULEENTRY32W modEntry; | |
modEntry.dwSize = sizeof(modEntry); | |
if (Module32FirstW(hModSnap, &modEntry)) { | |
do { | |
if (!_wcsicmp(modEntry.szModule, moduleName)) { | |
procId = procEntry.th32ProcessID; | |
CloseHandle(hModSnap); | |
CloseHandle(hSnap); | |
return procId; | |
} | |
} while (Module32NextW(hModSnap, &modEntry)); | |
} | |
CloseHandle(hModSnap); | |
} | |
} while (Process32NextW(hSnap, &procEntry)); | |
} | |
CloseHandle(hSnap); | |
} | |
return procId; | |
} | |
uintptr_t FindDMAAddy(HANDLE hProc, uintptr_t ptr, std::vector<unsigned int> offsets) | |
{ | |
uintptr_t addr = ptr; | |
for (unsigned int i = 0; i < offsets.size(); ++i) | |
{ | |
ReadProcessMemory(hProc, (BYTE*)addr, &addr, sizeof(addr), 0); | |
addr += offsets[i]; | |
} | |
return addr; | |
} | |
int main(){ | |
const wchar_t* modName = L"ac_client.exe"; | |
DWORD pid = GetProcIdByModuleName(modName); | |
if(pid != 0) | |
{ | |
std::cout<<"pid: "<<pid<<std::endl; | |
}else | |
{ | |
std::cout<<"El proceso no pudo ser encontrado "; | |
} | |
uintptr_t modBaseAddr = GetModuleBaseAddress(pid,modName); | |
HANDLE handler = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pid); | |
uintptr_t baseToPlayer = modBaseAddr + 0x17E0A8; | |
std::vector<unsigned int> offsets = {0x374,0x14,0x0}; | |
uintptr_t finalAddr = FindDMAAddy(handler,baseToPlayer,offsets); | |
int value ; | |
for( ;; ) | |
{ | |
ReadProcessMemory(handler, (BYTE*)finalAddr, &value, sizeof(value), nullptr); | |
std::cout<<"ammo: "<<value<<std::endl; | |
Sleep(60); | |
system("cls"); | |
} | |
CloseHandle(handler); | |
return 0; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment