Created
June 15, 2020 07:13
-
-
Save einkoro/a781516e3e64df9294f4c6e8a2098575 to your computer and use it in GitHub Desktop.
Work around for the anti debugger junk in the C&C Remastered launcher
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <psapi.h> | |
| int main( void ) | |
| { | |
| // find the process ID | |
| HANDLE hProcess = NULL; | |
| { | |
| enum | |
| { | |
| kMaxProcesses = 1024*16, | |
| kMaxModules = 1024 | |
| }; | |
| DWORD processes[ kMaxProcesses ]; | |
| DWORD bytesNeeded; | |
| if ( !EnumProcesses( processes, sizeof(processes), &bytesNeeded ) ) | |
| { | |
| return 1; | |
| } | |
| const DWORD numProcesses = bytesNeeded / sizeof(DWORD); | |
| for( DWORD i = 0; i != numProcesses; ++i ) | |
| { | |
| const DWORD processID = processes[ i ]; | |
| hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, processID ); | |
| if( hProcess == NULL ) { continue; } | |
| HMODULE hModules[ kMaxModules ]; | |
| if( EnumProcessModules( hProcess, hModules, sizeof(hModules), &bytesNeeded ) ) | |
| { | |
| char fileName[ MAX_PATH ]; | |
| if( GetModuleFileNameExA( hProcess, hModules[ 0 ], fileName, sizeof(fileName) ) ) | |
| { | |
| int len = strlen( fileName ); | |
| if( len > 20 && strstr( fileName+len-20, "\\ClientLauncherG.exe" ) ) | |
| { | |
| break; | |
| } | |
| } | |
| } | |
| CloseHandle( hProcess ); | |
| hProcess = NULL; | |
| } | |
| } | |
| if( hProcess == NULL ) | |
| { | |
| return 1; | |
| } | |
| // adjust some memory | |
| unsigned char buf[6]; | |
| const DWORD addr = 0x00602AB3; | |
| SIZE_T bytesRead; | |
| if( ReadProcessMemory( hProcess, (void*)addr, buf, sizeof(buf), &bytesRead ) ) | |
| { | |
| if( buf[0] == 0x68 && buf[1] == 0x00 && buf[2] == 0x00 && buf[3] == 0x00 && buf[4] == 0x08 && buf[5] == 0x90 ) | |
| { | |
| printf( "memory was already written.\n" ); | |
| } | |
| else if( buf[0] == 0xFF && buf[1] == 0xB7 && buf[2] == 0xB0 && buf[3] == 0x41 && buf[4] == 0x00 && buf[5] == 0x00 ) | |
| { | |
| buf[0] = 0x68; // push immediate 32 bit | |
| buf[1] = 0x00; | |
| buf[2] = 0x00; | |
| buf[3] = 0x00; | |
| buf[4] = 0x08; | |
| buf[5] = 0x90; // NOP | |
| SIZE_T bytesWritten; | |
| if( WriteProcessMemory( hProcess, (void*)addr, buf, sizeof(buf), &bytesWritten ) ) | |
| { | |
| printf( "memory written successfully.\n" ); | |
| } | |
| CloseHandle( hProcess ); | |
| return 0; | |
| } | |
| } | |
| CloseHandle( hProcess ); | |
| return 1; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment