Code:
#include <windows.h>
#include <Tlhelp32.h>
#include <iostream>
#define WRITE(i,w,l) WriteProcessMemory(hProc,reinterpret_cast<LPVOID>(GameDLL + i),w,l,&dSize)
using namespace std;
DWORD GetPID (char* proc);
void EnableDebugPriv();
DWORD GetDLL (char* DllName, DWORD tPid);
int main(void)
{
char str[24];
char buf[24];
int key = 10000;
strcpy(str, "Dibq~_7c0RV\"0Dqw0Xqs{7");
for(int i=0;i < strlen(str);i++) {
char enc = (char)((int)str[i] ^ key);
//char dec = (char)((int)enc ^ key);
//printf("char: %c (enc: %c)\n", str[i], enc);
buf[i] = enc;
}
buf[strlen(str)] = 0;
SetConsoleTitle(buf);
if(GetPID("BF2.exe") == 0)
{
cout << "Please open BF2 1.41 before loading the hack." << endl << endl;
system("Pause");
return(0);
}
else
{
EnableDebugPriv();
HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, false, GetPID("BF2.exe"));
if(hProc)
{
cout << "BF2 Hack by TyranO loaded!" << endl << endl;
DWORD GameDLL = GetDLL("RendDX9.dll",GetPID("BF2.exe"));
DWORD NullBase = GetDLL("BF2.dll",GetPID("BF2.exe"));
DWORD dSize = 0;
SIZE_T BytesRead = 0;
//Offset 1 (Fade out delay)
DWORD Address1 = 1227505;
DWORD Address2 = 1227506;
DWORD Address3 = 1227507;
DWORD Address4 = 1227508;
DWORD Buffer1 = 0;
DWORD Buffer2 = 0;
DWORD Buffer3 = 0;
DWORD Buffer4 = 0;
// Offset 2 (Fade out delay fix)
DWORD Address5 = 1235082;
DWORD Address6 = 1235083;
DWORD Address7 = 1235084;
DWORD Address8 = 1235085;
DWORD Buffer5 = 0;
DWORD Buffer6 = 0;
DWORD Buffer7 = 0;
DWORD Buffer8 = 0;
// Offset 3 (Death delay)
DWORD Address9 = 1234918;
DWORD Address10 = 1234919;
DWORD Address11 = 1234920;
DWORD Address12 = 1234921;
DWORD Buffer9 = 0;
DWORD Buffer10 = 0;
DWORD Buffer11 = 0;
DWORD Buffer12 = 0;
// Offset 4 (Gun point tag delay)
DWORD Address13 = 1234473;
DWORD Address14 = 1234474;
DWORD Address15 = 1234475;
DWORD Address16 = 1234476;
DWORD Buffer13 = 0;
DWORD Buffer14 = 0;
DWORD Buffer15 = 0;
DWORD Buffer16 = 0;
// Read Offset 1 ( 12BAEF )
ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address1), &Buffer1, 1, &BytesRead );
ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address2), &Buffer2, 1, &BytesRead );
ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address3), &Buffer3, 1, &BytesRead );
ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address4), &Buffer4, 1, &BytesRead );
//Read Offset 2 ( 12D888 )
ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address5), &Buffer5, 1, &BytesRead );
ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address6), &Buffer6, 1, &BytesRead );
ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address7), &Buffer7, 1, &BytesRead );
ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address8), &Buffer8, 1, &BytesRead );
//Read Offset 3 ( 12D7E4 )
ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address9), &Buffer9, 1, &BytesRead );
ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address10), &Buffer10, 1, &BytesRead );
ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address11), &Buffer11, 1, &BytesRead );
ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address12), &Buffer12, 1, &BytesRead );
//Read Offset 4 ( 12D627 )
ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address13), &Buffer13, 1, &BytesRead );
ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address14), &Buffer14, 1, &BytesRead );
ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address15), &Buffer15, 1, &BytesRead );
ReadProcessMemory( hProc, (LPVOID)( GameDLL + Address16), &Buffer16, 1, &BytesRead );
DWORD Offset = (Buffer4 * 16777216 + Buffer3* 65536 + Buffer2 * 256 + Buffer1 * 1 - GameDLL + 6);
DWORD Offset2 = (Buffer8 * 16777216 + Buffer7* 65536 + Buffer6 * 256 + Buffer5 * 1 - GameDLL + 0);
DWORD Offset3 = (Buffer12 * 16777216 + Buffer11* 65536 + Buffer10 * 256 + Buffer9 * 1 - GameDLL + 2);
DWORD Offset4 = (Buffer16 * 16777216 + Buffer15* 65536 + Buffer14 * 256 + Buffer13 * 1 - GameDLL + 6);
DWORD FullOffset = Offset + GameDLL;
DWORD FullOffset2 = Offset2 + GameDLL;
DWORD FullOffset3 = Offset3 + GameDLL;
DWORD FullOffset4 = Offset4 + GameDLL;
cout << "Base is: " << GameDLL << endl << endl;
cout << "Offset1 is: " << FullOffset << endl << endl;
cout << "Offset2 is: " << FullOffset2 << endl << endl;
cout << "Offset3 is: " << FullOffset3 << endl << endl;
cout << "Offset4 is: " << FullOffset4 << endl << endl;
// Writing offset 1 (Protected).
unsigned long Protection;
VirtualProtectEx((void*)hProc,(void*)FullOffset,sizeof( Offset ),PAGE_READWRITE, &Protection);
//WRITE (Offset,"\x21\xD7\xE6\xFA\xE0\x31\xF4\x45",8);
WRITE (Offset,"\xF0\x7F",2);
if(dSize == 0)
{
cout << "Failed to write at offset." << endl<< endl;
}
VirtualProtectEx((void*)hProc,(void*)FullOffset,sizeof( Offset ),Protection, 0);
// Writing offset 2 (Not protected).
WRITE (Offset2,"\x08\x8F\xA1\x6F",4);
if(dSize == 0)
{
cout << "Failed to write at offset2." << endl<< endl;
}
// Writing offset 3 (Not protected).
WRITE (Offset3,"\x80\x7F",2);
if(dSize == 0)
{
cout << "Failed to write at offset3." << endl<< endl;
}
// Writing offset 4 (Protected).
VirtualProtectEx((void*)hProc,(void*)FullOffset4,sizeof( Offset4 ),PAGE_READWRITE, &Protection);
WRITE (Offset4,"\x00\x00",2);
if(dSize == 0)
{
cout << "Failed to write at offset4." << endl<< endl;
}
cout << Buffer13;
VirtualProtectEx((void*)hProc,(void*)FullOffset4,sizeof( Offset4 ),Protection, 0);
DWORD WINAPI GetLastError(void);
system("Pause");
}
}
}
// Get PID for process (proc).
DWORD GetPID (char* proc)
{
BOOL working=0;
PROCESSENTRY32 lppe= {0};
DWORD targetPid=0;
HANDLE hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS ,0);
if (hSnapshot)
{
lppe.dwSize=sizeof(lppe);
working=Process32First(hSnapshot,&lppe);
while (working)
{
if (_stricmp(lppe.szExeFile,proc)==0)
{
targetPid=lppe.th32ProcessID;
break;
}
working=Process32Next(hSnapshot,&lppe);
}
}
CloseHandle( hSnapshot );
return targetPid;
}
// Debug Priviledges.
void EnableDebugPriv()
{
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
OpenProcessToken( GetCurrentProcess( ), TOKEN_ADJUST_PRIVILEGES |TOKEN_QUERY, &hToken );
LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue );
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges( hToken, false, &tkp, sizeof( tkp ), NULL, NULL );
CloseHandle( hToken );
}
// Base (6F).
DWORD GetDLL(char* DllName, DWORD tPid)
{
HANDLE snapMod;
MODULEENTRY32 me32;
if (tPid == 0) return 0;
snapMod = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, tPid);
me32.dwSize = sizeof(MODULEENTRY32);
if (Module32First(snapMod, &me32)){
do{
if (strcmp(DllName,me32.szModule) == 0){
CloseHandle(snapMod);
return (DWORD) me32.modBaseAddr;
}
}while(Module32Next(snapMod,&me32));
}
CloseHandle(snapMod);
return 0;
}
For more C++ hack sources you can go on my user page there on **********: