1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
#include <iostream>
using namespace std;
int main()
{
cout << "This is not working" << endl;
void SendPacket(BYTE* pBytes, size_t nBytes)
{
LPVOID BytesAddr;
DWORD dwBytesAddr;
BYTE Code[] = { 0x60, 0xA1, 0, 0, 0, 0, 0x8B, 0x0D, 0, 0, 0, 0, 0x68, 0, 0, 0, 0, 0x68, 0, 0, 0, 0, 0xBF, 0, 0, 0, 0, 0xFF, 0xD7, 0x61, 0xC3 };
BytesAddr = VirtualAllocEx(h_Game, 0, nBytes, MEM_COMMIT, PAGE_READWRITE);
if (BytesAddr != 0)
{
WriteProcessMemory(h_Game, BytesAddr, pBytes, nBytes, 0);
dwBytesAddr = (DWORD)BytesAddr;
CopyBytes(Code + 2, KO_PKTBMA );
CopyBytes(Code + 8, KO_PKTBMA );
CopyBytes(Code + 13, nBytes);
CopyBytes(Code + 18, dwBytesAddr);
CopyBytes(Code + 23, KO_SNDFNC);
ExecuteRemoteCode(Code, sizeof(Code));
}
VirtualFreeEx(h_Game, BytesAddr, 0, MEM_RELEASE);
}
void ExecuteRemoteCode(BYTE* pBytes, size_t nBytes)
{
LPVOID FuncPtr;
HANDLE hThread;
FuncPtr = VirtualAllocEx(h_Game, 0, nBytes, MEM_COMMIT, PAGE_READWRITE);
if ( FuncPtr == NULL ) return;
cout << FuncPtr << endl;
WriteProcessMemory(h_Game, (LPVOID)FuncPtr, pBytes, nBytes, 0);
hThread = CreateRemoteThread(h_Game, 0, 0, (LPTHREAD_START_ROUTINE)FuncPtr, 0, 0, 0);
if ( hThread != NULL ) WaitForSingleObject(hThread, INFINITE);
else printf("CreateRemoteThread failed with error %d\n.", GetLastError());
CloseHandle(hThread);
VirtualFreeEx(h_Game, FuncPtr, 0, MEM_RELEASE);
}
void Town2()
{
BYTE pBytes[] = {0x48,0x00};
SendPacket(pBytes,sizeof(pBytes));
}
while(true)
{
if (GetAsyncKeyState(VK_F12))
{
Town2();
Sleep(500);
cout << "Towned" << endl;
}
return 0;
}
| |
