Created
June 15, 2019 15:12
-
-
Save eioo/c811bc53d90f23a4fee96b43f38d5671 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| #include <Windows.h> | |
| #include <TlHelp32.h> | |
| using namespace std; | |
| uintptr_t GetModuleBaseAddress(DWORD procId, const wchar_t* modName); | |
| void quit(const string& message); | |
| int main() { | |
| HWND hwnd = FindWindowA(NULL, "Areena 5 v1.21"); | |
| if (hwnd == NULL) { | |
| quit("Could not find window."); | |
| } | |
| cout << "Window found." << endl; | |
| DWORD procID; | |
| GetWindowThreadProcessId(hwnd, &procID); | |
| if (procID == NULL) { | |
| quit("Could not find process."); | |
| } | |
| cout << "Process opened." << endl << endl; | |
| HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, NULL, procID); | |
| uintptr_t moduleBase = GetModuleBaseAddress(procID, L"Areena 5.exe"); | |
| uintptr_t dynamicPtrBaseAddr = moduleBase + 0x001CC424; | |
| cout << "moduleBase = " << "0x" << hex << moduleBase << endl; | |
| cout << "dynamicPtrBaseAddr = " << "0x" << hex << dynamicPtrBaseAddr << endl; | |
| uintptr_t offset = 0xDE4; | |
| uintptr_t moneyAddress = dynamicPtrBaseAddr + offset; | |
| cout << "MoneyAddress = " << "0x" << hex << moneyAddress << endl; | |
| // Read from memory | |
| int moneyValue = 0; | |
| ReadProcessMemory(hProcess, (BYTE*)moneyAddress, &moneyValue, sizeof(moneyValue), nullptr); | |
| cout << endl << "Money: " << dec << moneyValue << endl; | |
| // Write to memory | |
| /* | |
| int newMoney = 6969; | |
| if (WriteProcessMemory(hProcess, (BYTE*)moneyAddress, &newMoney, sizeof(newMoney), nullptr)) { | |
| cout << "Success :D" << endl; | |
| } | |
| else { | |
| cout << "Fuck it failed" << endl; | |
| } | |
| */ | |
| getchar(); | |
| } | |
| uintptr_t GetModuleBaseAddress(DWORD procId, const wchar_t* modName) | |
| { | |
| uintptr_t modBaseAddr = 0; | |
| HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId); | |
| if (hSnap != INVALID_HANDLE_VALUE) | |
| { | |
| MODULEENTRY32 modEntry; | |
| modEntry.dwSize = sizeof(modEntry); | |
| if (Module32First(hSnap, &modEntry)) | |
| { | |
| do | |
| { | |
| if (!_wcsicmp(modEntry.szModule, modName)) | |
| { | |
| modBaseAddr = (uintptr_t)modEntry.modBaseAddr; | |
| break; | |
| } | |
| } while (Module32Next(hSnap, &modEntry)); | |
| } | |
| } | |
| CloseHandle(hSnap); | |
| return modBaseAddr; | |
| } | |
| void quit(const string& message) { | |
| cout << message << endl; | |
| getchar(); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment