Last active
May 30, 2018 20:22
-
-
Save boboben1/26453bc7906e08e5c53ce333f607f9fd to your computer and use it in GitHub Desktop.
Dishonored 2 Mana Hack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include "PolyHook\Polyhook.hpp" | |
uintptr_t FindPattern( uintptr_t base, uintptr_t size, const char* pattern ) | |
{ | |
const unsigned char* pat = reinterpret_cast<const unsigned char*>( pattern ); | |
uintptr_t firstMatch = 0; | |
uintptr_t range = base + size; | |
for ( uintptr_t pCurrent = base; pCurrent < range; ++pCurrent ) | |
{ | |
if ( *const_cast<PBYTE>( pat ) == static_cast<BYTE>( '\?' ) || *reinterpret_cast<BYTE*>( pCurrent ) == GETBYTE( pat ) ) | |
{ | |
if ( !firstMatch ) | |
firstMatch = pCurrent; | |
if ( !pat[2] ) | |
return firstMatch; | |
pat += ( *( PWORD )pat == ( WORD )'\?\?' || *( PBYTE )pat != ( BYTE )'\?' ) ? 3 : 2; | |
if ( !*pat ) | |
return firstMatch; | |
} else if ( firstMatch ) { | |
pCurrent = firstMatch; | |
pat = reinterpret_cast<const unsigned char*>( pattern ); | |
firstMatch = 0; | |
} | |
} | |
return NULL; | |
} | |
uintptr_t FindPattern(const char* module, const char* pattern) | |
{ | |
MODULEINFO moduleInfo; | |
if (module) | |
GetModuleInformation(GetCurrentProcess(), GetModuleHandleA(module), &moduleInfo, sizeof(MODULEINFO)); | |
else | |
GetModuleInformation(GetCurrentProcess(), GetModuleHandleA(nullptr), &moduleInfo, sizeof(MODULEINFO)); | |
auto pStartAddr = reinterpret_cast< uintptr_t >(moduleInfo.lpBaseOfDll); | |
std::size_t ScanSize = moduleInfo.SizeOfImage; | |
return FindPattern(pStartAddr, ScanSize, pattern); | |
} | |
struct ManaInfo | |
{ | |
char Unknown0[0x20]; | |
float mana; | |
char unk24[0x8]; | |
float mana_regen_val; | |
}; | |
typedef signed int(__fastcall* tUseSpell)(__int64 a1, float a2, char a3); | |
tUseSpell oUseSpell = 0; | |
PLH::X64Detour* useSpell; | |
signed int __fastcall hkUseSpell(__int64 a1, float a2, char a3) | |
{ | |
auto ret = oUseSpell(a1, a2, a3); | |
((ManaInfo*)a1)->mana_regen_val = 100; | |
return ret; | |
} | |
void OnAttach() | |
{ | |
uintptr_t sig = FindPattern(0, "48 89 5C 24 ? 57 48 81 EC ? ? ? ? 48 8B 41 08 48 89 CB"); //Found in IDA | |
useSpell = new PLH::X64Detour(); | |
useSpell->SetupHook((BYTE*)sig, (BYTE*)&hkUseSpell); | |
useSpell->Hook(); | |
oUseSpell = useSpell->GetOriginal<tUseSpell>(); | |
} | |
BOOL WINAPI DllMain( | |
_In_ HINSTANCE hinstDLL, | |
_In_ DWORD fdwReason, | |
_In_ LPVOID lpvReserved | |
) | |
{ | |
switch (fdwReason) | |
{ | |
case DLL_PROCESS_ATTACH: | |
DisableThreadLibraryCalls(hinstDLL); | |
CreateThread(0, 0, (LPTHREAD_START_ROUTINE)OnAttach, 0, 0, 0); | |
break; | |
case DLL_PROCESS_DETACH: | |
delete useSpell; | |
break; | |
default: | |
break; | |
} | |
return TRUE; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
your missing GETBYTE