Code:
#include <Windows.h>
#include <tlhelp32.h>
#include <tchar.h>
DWORD get_module(DWORD pid, char *module_name) {
HANDLE hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pid);
MODULEENTRY32 me32;
me32.dwSize = sizeof(MODULEENTRY32);
while (Module32Next(hModuleSnap, &me32)) {
if (strcmp(me32.szModule, module_name) == 0) {
return (DWORD)me32.modBaseAddr;
}
} return NULL;
}
bool bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask) {
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask )
return false;
return (*szMask) == NULL;
}
DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask) {
for(DWORD i=0; i < dwLen; i++)
if( bCompare( (BYTE*)( dwAddress+i ),bMask,szMask) )
return (DWORD)(dwAddress+i);
return 0;
}
void WriteToMemory(uintptr_t address, char* value, int bytes) {
unsigned long oldProdection;
VirtualProtect((LPVOID)(address), bytes, PAGE_EXECUTE_READWRITE, &oldProdection);
memcpy((LPVOID)address, value, bytes);
VirtualProtect((LPVOID)(address), bytes, oldProdection, NULL);
}
void lala() {
DWORD dw_player = NULL;
while (!dw_player) dw_player = get_module(GetCurrentProcessId(), "player.dll");
WriteToMemory(dw_player + 0xB3AD, "\xE9\xBE\xFD\xFF\xFF", 5); // bypas "data corruption detected bla bla bla"
DWORD no_recoil = FindPattern(dw_player, 0x228000, (PBYTE)"\xFF\xD0\x84\xC0\x0F\x94\xC0", "xxxxxxx");
if (no_recoil) WriteToMemory(no_recoil + 0x20 +6, "\x01", 1);
}
BOOL WINAPI DllMain(HINSTANCE hInst, DWORD reason, LPVOID) {
if (reason == DLL_PROCESS_ATTACH) {
CreateThread(0, 0, (LPTHREAD_START_ROUTINE)&lala, 0, 0, 0);
}
return 1;
}
tested on :