#include #include #include // lowercases a string (used by processbyname) void makelower(char* string) { DWORD x; for (x = 0; x < strlen(string); x++) if ((string[x] >= 'A') && (string[x] <= 'Z')) string[x] += ('a' - 'A'); } // this function opens a process by name rather than by pid. HANDLE processbyname(char* name) { DWORD pid; PROCESSENTRY32 pe; int x; makelower(name); HANDLE snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); if (Process32First(snap,&pe)) { for (x = strlen(pe.szExeFile); x >= 0; x--) if (pe.szExeFile[x] == '\\') break; makelower(pe.szExeFile); if (!strcmp(&pe.szExeFile[x + 1],name)) pid = pe.th32ProcessID; while (Process32Next(snap,&pe)) { for (x = strlen(pe.szExeFile); x >= 0; x--) if (pe.szExeFile[x] == '\\') break; makelower(pe.szExeFile); if (!strcmp(&pe.szExeFile[x + 1],name)) pid = pe.th32ProcessID; } } CloseHandle(snap); return OpenProcess(PROCESS_ALL_ACCESS,false,pid); } int __stdcall WinMain(HINSTANCE hInst,HINSTANCE,char* cmd,int) { // addresses in programs DWORD psobbPatchAddr = 0x008444BB; // address to patch in psobb DWORD psobbServerAddr1 = 0x009623CC; // address to write server's address to in psobb DWORD psobbServerAddr2 = 0x00962410; // second address to write server's address to in psobb DWORD onlinePatchAddr = 0x00553B24; // address to write launch.exe's name into online.exe // variables.... STARTUPINFO si; PROCESS_INFORMATION pi; HANDLE process = NULL; HWND window = NULL; BYTE data[6] = {0x0F,0x85,0xE4,0x02,0x00,0x00}; BYTE data2[] = {0x6F,0x70,0x74,0x69,0x6F,0x6E,0x2E,0x65,0x78,0x65,0x00,0x00}; DWORD x = 0; char dir[MAX_PATH]; HANDLE file; BYTE res,ex; DWORD bytesread; ZeroMemory(&si,sizeof(STARTUPINFO)); si.cb = sizeof(STARTUPINFO); // command check..... options mode? // these addresses may now be wrong if option.exe has been changed. removing this section // will not affect the program's workings; it will only make it so you have to restart // launch.exe if you change options. if (cmd[0] != 0) { if (!CreateProcess("option.exe","1397049153",NULL,NULL,false,DETACHED_PROCESS | CREATE_SUSPENDED,NULL,NULL,&si,&pi)) return -1; if (WriteProcessMemory(pi.hProcess,(void*)0x00402792,(void*)"\x8B\xC7",2,&bytesread) == 0) return -1; if (WriteProcessMemory(pi.hProcess,(void*)0x00403534,(void*)"\x90\x90\x90\x90\x90\x90\x90",7,&bytesread) == 0) return -1; if (WriteProcessMemory(pi.hProcess,(void*)0x004035F5,(void*)"\x90\x90\x90\x90\x90\x90\x90",7,&bytesread) == 0) return -1; if (WriteProcessMemory(pi.hProcess,(void*)0x004036E4,(void*)"\x90\x90\x90\x90\x90\x90\x90",7,&bytesread) == 0) return -1; ResumeThread(pi.hThread); WaitForSingleObject(pi.hProcess,INFINITE); CloseHandle(pi.hThread); CloseHandle(pi.hProcess); } // launch online.exe if (!CreateProcess("online.exe",NULL,NULL,NULL,false,DETACHED_PROCESS,NULL,NULL,&si,&pi)) return -1; if (WriteProcessMemory(pi.hProcess,(void*)onlinePatchAddr,(void*)"launch.exe\0\0",12,&bytesread) == 0) return -1; ResumeThread(pi.hThread); WaitForSingleObject(pi.hProcess,INFINITE); CloseHandle(pi.hThread); CloseHandle(pi.hProcess); // open psobb.exe pi.hProcess = processbyname("psobb.exe"); if (!pi.hProcess) return -1; // wait until psobb.exe is decompressed x = 0; while (memcmp(data,"\x0F\x85\xE4\x02\x00\x00",6)) { if (ReadProcessMemory(pi.hProcess,(void*)psobbPatchAddr,data,6,&bytesread) == 0) return -1; Sleep(5); x++; if (x > 800) return -1; } // get gameguard window RECT rc1,rc2 = {0,0,210,113}; POINT pt = {10,10}; x = 0; while (!window) { window = WindowFromPoint(pt); GetClassName(window,dir,MAX_PATH); GetWindowRect(window,&rc1); if (strcmp(dir,"#32770")) window = NULL; if (memcmp(&rc1,&rc2,sizeof(RECT))) window = NULL; Sleep(50); x++; if (x > 80) return -1; // 4 seconds } // write psobb.exe's memory if (WriteProcessMemory(pi.hProcess,(void*)psobbPatchAddr,(void*)"\x90\x90\x90\x90\x90\x90",6,&bytesread) == 0) return -1; // close gameguard SendMessage(window,WM_COMMAND,0x000003EE,(long)GetDlgItem(window,0x000003EE)); // write address if (cmd[0]) { // these addresses are WRONG! you'll have to find new ones inside psobb.exe. if (WriteProcessMemory(pi.hProcess,(void*)psobbServerAddr1,cmd,strlen(cmd) + 1,&bytesread) == 0) return -1; if (WriteProcessMemory(pi.hProcess,(void*)psobbServerAddr2,cmd,strlen(cmd) + 1,&bytesread) == 0) return -1; } CloseHandle(pi.hProcess); return 0; }