Last active
November 28, 2023 14:52
-
-
Save alexandargyurov/0de3b53e3acd90ca47c249e9ebffb212 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // dllmain.cpp : Defines the entry point for the DLL application. | |
| #include "pch.h" | |
| #include <Windows.h> | |
| #include <iostream> | |
| // Helper function to compare memory data with a signature | |
| bool MemoryCompare(const BYTE* bData, const BYTE* bMask, const char* szMask) { | |
| for (; *szMask; ++szMask, ++bData, ++bMask) { | |
| if (*szMask == 'x' && *bData != *bMask) { | |
| return false; | |
| } | |
| } | |
| return (*szMask) == NULL; | |
| } | |
| // Memory scanning function | |
| DWORD_PTR FindSignature(DWORD_PTR dwAddress, DWORD_PTR dwLen, BYTE* bMask, char* szMask) { | |
| for (DWORD_PTR i = 0; i < dwLen; i++) { | |
| if (MemoryCompare((BYTE*)(dwAddress + i), bMask, szMask)) { | |
| return (DWORD_PTR)(dwAddress + i); | |
| } | |
| } | |
| return 0; | |
| } | |
| // Function to get the size of the game's memory space | |
| DWORD_PTR GetModuleSize(const char* moduleName) { | |
| HMODULE hModule = GetModuleHandleA(moduleName); | |
| if (!hModule) return 0; | |
| IMAGE_NT_HEADERS* pNTHeaders = (IMAGE_NT_HEADERS*)((LPBYTE)hModule + ((IMAGE_DOS_HEADER*)hModule)->e_lfanew); | |
| return pNTHeaders->OptionalHeader.SizeOfImage; | |
| } | |
| // DllMain function: Entry point for the DLL | |
| BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) { | |
| if (ul_reason_for_call == DLL_PROCESS_ATTACH) { | |
| MessageBoxA(NULL, "DLL Injected!", "Success", MB_ICONINFORMATION | MB_OK); | |
| DisableThreadLibraryCalls(hModule); | |
| const char* moduleName = "teardown.exe"; // Replace with the actual game executable name | |
| DWORD_PTR baseAddress = (DWORD_PTR)GetModuleHandleA(moduleName); | |
| DWORD_PTR sizeOfImage = GetModuleSize(moduleName); | |
| // Signature and mask for the pattern you're looking for | |
| BYTE signature[] = { 0xE8, 0x00, 0x00, 0x00, 0x00, 0x48, 0x8B, 0xF8, 0xEB, 0x02, 0x33, 0xFF, 0x48, 0x8D, 0x4D, 0xA7 }; | |
| char mask[] = "x????xxxxxxxxxxx"; | |
| DWORD_PTR foundAddress = FindSignature(baseAddress, sizeOfImage, signature, mask); | |
| if (foundAddress) { | |
| std::cout << "Signature found at address: " << std::hex << foundAddress << std::endl; | |
| MessageBoxA(NULL, "Signature found at address", "Success", MB_ICONINFORMATION | MB_OK); | |
| // Additional code to work with found signature | |
| } | |
| else { | |
| std::cout << "Signature not found." << std::endl; | |
| MessageBoxA(NULL, "Signature not found", "No signature", MB_ICONINFORMATION | MB_OK); | |
| } | |
| } | |
| return TRUE; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment