tault_Broden
Total Posts: 2313
Joined: August 21st, 2004, 5:20 pm
|
Just compile these and they should be easy to run. They allow you to zoom in and out farther in game.
Code: Select all #include <windows.h>
#include <stdio.h>
#include <Tlhelp32.h>
struct OffsetInfo
{
char* lpszName; //Name of the patch
DWORD dwOffset; //Offset of the patch (Can be 0 -> need UpdateData then)
BYTE* lpbyData; //Data of the patch
DWORD dwLen; //lengh of the patch data
BYTE* lpbyUpdateData; //Bytes to search to get the offset
char* lpszMask; //Update mask (x valid byte, ? skip byte)
}
g_sPatchList[]={
{"LoLHack",
0,
(BYTE*)"\xEB",
1,
(BYTE*)"\x76\xF3\x0F\x11\x05\x5F\x5E\xB0\x01\x5b\x59\xc2\x04\x00",
"x?xxxx????xxxxxxxxx"},
};
LPMODULEENTRY32 GetModuleInfo(DWORD dwPid)
{
//We will get the module info of the main module
//Since we do need the base address (which is basically 0x0040000) and the size
static MODULEENTRY32 s_sModule;
HANDLE hSnapshot;
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,dwPid);
if( hSnapshot == INVALID_HANDLE_VALUE )
{
printf("CreateToolhelp32Snapshot failed: %i\n",GetLastError());
return NULL;
}
s_sModule.dwSize = sizeof(MODULEENTRY32);
if( Module32First(hSnapshot,&s_sModule) == FALSE )
{
CloseHandle(hSnapshot);
printf("Module32First failed: %i\n",GetLastError());
return NULL;
}
do
{
if( strcmp("League of Legends.exe",s_sModule.szModule) == 0 )
{
CloseHandle(hSnapshot);
return &s_sModule;
}
}while(Module32Next(hSnapshot,&s_sModule));
printf("League of legends not detected\n");
CloseHandle(hSnapshot);
return NULL;
}
void SetDebugPrivilege()
{
HANDLE Htoken;
TOKEN_PRIVILEGES tokprivls;
if(OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &Htoken))
{
tokprivls.PrivilegeCount = 1;
LookupPrivilegeValue(NULL, "SeDebugPrivilege", &tokprivls.Privileges[0].Luid);
tokprivls.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges( Htoken, FALSE, &tokprivls, sizeof(tokprivls), NULL, NULL);
CloseHandle(Htoken);
}
}
void FindOffset(HANDLE hProcess, LPMODULEENTRY32 lpsModule, int iNumber)
{
//Gets offsets from patch
bool bFound;
DWORD dwLen,dwRead, dwAdjust, dwParser;
BYTE* lpbyBuffer = new BYTE[lpsModule->modBaseSize];
dwLen = strlen(g_sPatchList[iNumber].lpszMask);
//Read the whole main module memory to a local buffer
ReadProcessMemory(hProcess,(void*)lpsModule->modBaseAddr,(void*)lpbyBuffer,lpsModule->modBaseSize,&dwRead);
//We'll now parse the local buffer for our searched offset
for( DWORD i = 0; i < dwRead; ++i )
{
if( g_sPatchList[iNumber].lpbyUpdateData[0] == lpbyBuffer[i] )
{
bFound = true;
dwAdjust = 0;
dwParser = 1;
for( DWORD a = 1; a < dwLen; ++a )
{
//Skip INT3 between functions
while( lpbyBuffer[i+a+dwAdjust] == 0xCC )
++dwAdjust;
//If the current char of the mask is "x" and the byte of the game memory is different from our searched byte,
//then continue with the next offset
if( g_sPatchList[iNumber].lpszMask[a] == 'x' && g_sPatchList[iNumber].lpbyUpdateData[dwParser++] != lpbyBuffer[i+a+dwAdjust] )
{
bFound = false;
break;
}
}
//If all bytes, following the offset, fit with the searched ones and the mask,
//then add the base address to the current position and safe it in the offset structure
if( bFound == true )
{
g_sPatchList[iNumber].dwOffset = (DWORD)lpsModule->modBaseAddr + i;
delete[]lpbyBuffer;
return;
}
}
}
delete[]lpbyBuffer;
}
int main()
{
HWND hWindow = 0,hWindowOld = 0;
DWORD dwWritten, dwPid;
HANDLE hProcess;
LPMODULEENTRY32 lpsModule;
SetConsoleTitle("LoLHack");
SetDebugPrivilege();
while(1)
{
printf("Looking for LoL\n");
//Try to find the League of Legends Client window
//Since the client is only loaded ingame, not while being in the lobby or queue
//We have to check if the "old" window handle is different from the new one (if a new one exists)
while( (hWindow = FindWindow(NULL, "League of Legends (TM) Client")) == 0 || hWindow == hWindowOld )
Sleep(1000);
hWindowOld = hWindow;
GetWindowThreadProcessId(hWindow, &dwPid);
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);
if( hProcess == NULL )
{
printf("Unable to find LoL\n\n");
continue;
}
printf("LoL Detected\n");
lpsModule = GetModuleInfo(dwPid);
//Parse the whole PatchList and apply offsets (if possible)
for( int i = 0; i < sizeof(g_sPatchList)/sizeof(OffsetInfo); ++i )
{
//If no offset was specified, then we have to search for it!
if( g_sPatchList[i].dwOffset == 0)
{
if( lpsModule )
FindOffset(hProcess, lpsModule, i);
}
//If there's still no offset available.. skip it!
if( g_sPatchList[i].dwOffset )
{
WriteProcessMemory(hProcess,(void*)g_sPatchList[i].dwOffset,(void*)g_sPatchList[i].lpbyData,g_sPatchList[i].dwLen,&dwWritten);
printf("Patched: %s\n",g_sPatchList[i].lpszName);
}else
printf("NOT Patched: %s\n",g_sPatchList[i].lpszName);
}
CloseHandle(hProcess);
printf("\n");
}
return 0;
}
Code: Select all #include <fstream>
#include <iostream>
#include <conio.h>
using namespace std;
char * buffer;
int counter = 0;
int main()
{
cout << "Opening file\n";
fstream lolFile;
lolFile.open("League of Legends.exe",ios::binary|ios::in|ios::ate|ios::out);
ifstream::pos_type size;
size = lolFile.tellg();
buffer = new char [size];
lolFile.seekg(0,ios::beg);
lolFile.read(buffer,size);
for(int i =0;i < size;i++)
{
int temp[4] = {(int)buffer[i],(int)buffer[i+1],(int)buffer[i+2],(int)buffer[i+3]};
if(temp[0] == 0x00 && temp[1] == 0xffffffa0 && temp[2] == 0x0c && temp[3] == 0x45)
{
char bufferz[8] = {0x00,0x40,0x9C,0x45};
lolFile.seekp(i);
lolFile.write(bufferz,sizeof(bufferz));
cout << "Wrote to file\n";
counter++;
}
}
lolFile.close();
delete buffer;
cout << "Writing to file\n";
cout << "Done patched " << counter << " 2 addresses, press any key to exit.";
_getch();
}
_________________
I DO NOT TAKE CREDIT FOR MY INFO.
I am a member of a exploit guild and post it here because i like this site and want to help it.
 |
|
Who is online