/d4rk50ul5_ch43t3r.c Secret
Created
November 17, 2020 13:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <strsafe.h> | |
| #include <tlhelp32.h> | |
| #include <stdio.h> | |
| #include <string.h> | |
| #include <stdbool.h> | |
| #include <windows.h> | |
| #include <strsafe.h> | |
| void ErrorExit(LPTSTR lpszFunction) | |
| { | |
| // Retrieve the system error message for the last-error code | |
| LPVOID lpMsgBuf; | |
| LPVOID lpDisplayBuf; | |
| DWORD dw = GetLastError(); | |
| FormatMessage( | |
| FORMAT_MESSAGE_ALLOCATE_BUFFER | | |
| FORMAT_MESSAGE_FROM_SYSTEM | | |
| FORMAT_MESSAGE_IGNORE_INSERTS, | |
| NULL, | |
| dw, | |
| MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), | |
| (LPTSTR) &lpMsgBuf, | |
| 0, NULL ); | |
| // Display the error message and exit the process | |
| lpDisplayBuf = (LPVOID)LocalAlloc(LMEM_ZEROINIT, | |
| (lstrlen((LPCTSTR)lpMsgBuf) + lstrlen((LPCTSTR)lpszFunction) + 40) * sizeof(TCHAR)); | |
| StringCchPrintf((LPTSTR)lpDisplayBuf, | |
| LocalSize(lpDisplayBuf) / sizeof(TCHAR), | |
| TEXT("%s failed with error %d: %s"), | |
| lpszFunction, dw, lpMsgBuf); | |
| MessageBox(NULL, (LPCTSTR)lpDisplayBuf, TEXT("Error"), MB_OK); | |
| LocalFree(lpMsgBuf); | |
| LocalFree(lpDisplayBuf); | |
| ExitProcess(dw); | |
| } | |
| DWORD FindProcessIDByName(const char *name) { | |
| PROCESSENTRY32 entry; | |
| HANDLE hSnapshot; | |
| DWORD result = 0; | |
| hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); | |
| for (BOOL status = Process32First(hSnapshot, &entry); (status == true) && (result == 0); status = Process32Next(hSnapshot, &entry)) { | |
| if (strcmp(name, entry.szExeFile) == 0) { | |
| printf("szExeFile: \"%s\" => %lu\n", entry.szExeFile, entry.th32ProcessID); | |
| result = entry.th32ProcessID; | |
| } | |
| } | |
| CloseHandle(hSnapshot); | |
| return (result); | |
| } | |
| void ReadInteger(HANDLE hProcess, DWORD start, DWORD stop, int expected) { | |
| BOOL success; | |
| int actual; | |
| for (DWORD address = start; address < stop; ++address) { | |
| success = ReadProcessMemory(hProcess, (LPCVOID) address, (void*)&actual, sizeof(actual), NULL); | |
| if (success && actual == expected) { | |
| printf("Found: 0x%08X\n", address); | |
| } | |
| } | |
| } | |
| void WriteInteger(HANDLE hProcess, DWORD address, int value) { | |
| BOOL success; | |
| success = WriteProcessMemory(hProcess, (LPCVOID) address, (void*)&value, sizeof(value), NULL); | |
| if (success) { | |
| printf("Success!\n", address); | |
| } else { | |
| ErrorExit(TEXT("WriteInteger")); | |
| } | |
| } | |
| int main() { | |
| DWORD processId = FindProcessIDByName("DarkSoulsRemastered.exe"); | |
| printf("processId => %lu\n", processId); | |
| HANDLE h = OpenProcess(PROCESS_ALL_ACCESS, false, processId); | |
| if(h) { | |
| ReadInteger(h, 0x0C400000, 0x0C500000, 3536); | |
| WriteInteger(h, 0x0C49A6A4, 3536); | |
| /*/ | |
| int i; | |
| ReadProcessMemory(h, (LPCVOID) 0x00ADFE80, (void*)&i, sizeof(i), NULL); | |
| printf("value : %d\n", i); | |
| CloseHandle(h); | |
| /*/ | |
| } | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment