Звуковой датчик при респавне игрока10.01.2023 11:46
////////////////////////////////////////////////////////////////////////////////
// WinMain.cpp
//
// По умолчанию в UT99 звук воспроизводит: Galaxy.GalaxyAudioSubsystem.
// Если, что-то будет не так - проверьте файл UnrealTournament.ini,
// установлено-ли: AudioDevice=Galaxy.GalaxyAudioSubsystem
#include
#include
char* GAppname="Resp2A Trigger UT99'";
char* GAppname_UT="Unreal Tournament";
void mb(char* s);
void OnKbdLeds();
void ToggleLed(BOOL toggle, int led);
char* appGetOpenFileName();
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE, LPSTR, int)
{
CreateMutex(NULL,0,GAppname);
BOOL AlreadyRunning=(ERROR_ALREADY_EXISTS==GetLastError());
if(AlreadyRunning)
return 1;
// Load config
HKEY key;
RegCreateKey(HKEY_CURRENT_USER,
"Software\\MyCompany\\MyAppname",&key);
DWORD dwLen=MAX_PATH;
static char CommandLine[MAX_PATH];
RegQueryValueEx(key,"CommandLine",NULL,NULL,(BYTE*)CommandLine,&dwLen);
if(!CommandLine[0])
{
lstrcpy(CommandLine,appGetOpenFileName());
if(!CommandLine[0])
{
RegCloseKey(key);
return 0;
}
}
char CurrentDirectory[MAX_PATH];
lstrcpy(CurrentDirectory,CommandLine);
int i;
for(i=lstrlen(CurrentDirectory)-1;i>0;--i)
{
if('\\'==CurrentDirectory[i-1] || '//'==CurrentDirectory[i-1])
break;
}
CurrentDirectory[i]=0;
PROCESS_INFORMATION pi;
STARTUPINFO si;
memset(&si,0,sizeof(STARTUPINFO));
si.cb=sizeof(STARTUPINFO);
si.dwFlags=STARTF_FORCEOFFFEEDBACK;
char cmdLine[512];
wsprintf(cmdLine,"%s",CommandLine);
//wsprintf(cmdLine,"%s 195.98.73.166:6666",CommandLine);
CreateProcess(NULL,
cmdLine,NULL,NULL,0,0,NULL,CurrentDirectory,&si,&pi);
if(!pi.hProcess)
{
CommandLine[0]=0;
RegSetValueEx(key,"CommandLine",NULL,REG_SZ,(BYTE*)(CommandLine),MAX_PATH);
RegCloseKey(key);
char buf[512];
wsprintf(buf,"Failed CreateProcess\n\n\"%s\"",CommandLine);
mb(buf);
}
CloseHandle(pi.hThread);
// Save config
RegSetValueEx(key,"CommandLine",NULL,REG_SZ,(BYTE*)(CommandLine),MAX_PATH);
RegCloseKey(key);
HWND hWnd=FindWindow(NULL,GAppname_UT);
while(!hWnd)
{
Sleep(1000);
hWnd=FindWindow(NULL,GAppname_UT);
}
/*-------------------------------------------------------
The trigger
-------------------------------------------------------*/
DWORD addrTrigger=0x106361BA;
unsigned char codeTrigger[]=
"\x81\xFE\xF4\x20\x67\x10\x74\x02\xEB\x58\x81\xFF\x12\x04\x00\x00"
"\x74\x5B\x81\xFF\x26\x04\x00\x00\x74\x53\x81\xFF\x4A\x04\x00\x00"
"\x74\x4B\x81\xFF\x4C\x04\x00\x00\x74\x43\x81\xFF\x4D\x04\x00\x00"
"\x74\x3B\x81\xFF\x46\x04\x00\x00\x74\x33\x81\xFF\x4E\x04\x00\x00"
"\x74\x2B\x81\xFF\x4F\x04\x00\x00\x74\x23\x81\xFF\x48\x04\x00\x00"
"\x74\x1B\x81\xFF\x50\x04\x00\x00\x74\x13\x81\xFF\x8F\x0C\x00\x00"
"\x74\x0B\xFF\x15\xB4\xBE\x67\x10\xE9\xA1\xB5\xFD\xFF\x89\x3D\xE0"
"\xF0\x65\x10\xEB\xED";
DWORD codeTrigger_Len=117;
/*-------------------------------------------------------
The patch
-------------------------------------------------------*/
DWORD addrPatch=0x106117C2;
// E9F349020090
unsigned char codePatch[]="\xE9\xF3\x49\x02\x00\x90";
DWORD codePatch_Len=6;
DWORD dwMagic=0;
BYTE value[128];
BOOL bRet=FALSE;
int n=14; // Wait init "UT" 14 seconds
while(n)
{
ReadProcessMemory(pi.hProcess,
(LPVOID)addrPatch,&dwMagic,sizeof(dwMagic),NULL);
if(dwMagic)
{
if(0xBEB415FF==dwMagic)
{
memcpy(&value,codeTrigger,codeTrigger_Len);
bRet=WriteProcessMemory(pi.hProcess,
(LPVOID)addrTrigger,&value,codeTrigger_Len,NULL);
if(bRet)
{
memcpy(&value,codePatch,codePatch_Len);
bRet=WriteProcessMemory(pi.hProcess,
(LPVOID)addrPatch,&value,codePatch_Len,NULL);
}
}
break;
} // End "if dwMagic"
--n;
Sleep(1000);
} // End "while"
if(!bRet)
mb("Failed patch");
DWORD addrFound=0x1065F0E0;
DWORD dwFound=0;
hWnd=FindWindow(NULL,GAppname_UT);
while(hWnd)
{
ReadProcessMemory(pi.hProcess,
(LPVOID)addrFound,&dwFound,sizeof(dwFound),NULL);
if(dwFound)
{
switch(dwFound)
{
case 0x412:
dwFound=0xCDC31337;
break;
case 0x426:
dwFound=0xCDC31337;
break;
case 0x44A:
dwFound=0xCDC31337;
break;
case 0x44C:
dwFound=0xCDC31337;
break;
case 0x44D:
dwFound=0xCDC31337;
break;
case 0x446:
dwFound=0xCDC31337;
break;
case 0x44E:
dwFound=0xCDC31337;
break;
case 0x44F:
dwFound=0xCDC31337;
break;
case 0x448:
dwFound=0xCDC31337;
break;
case 0x450:
dwFound=0xCDC31337;
break;
case 0xC8F:
dwFound=0xCDC31337;
//break;
}
if(0xCDC31337==dwFound)
{
OnKbdLeds();
ToggleLed(1,1);
dwFound=0;
bRet=WriteProcessMemory(pi.hProcess,
(LPVOID)addrFound,&dwFound,sizeof(dwFound),NULL);
}
} // End "if dwFound"
Sleep(20); // Give up
hWnd=FindWindow(NULL,GAppname_UT);
} // End "while"
return 0;
}
void mb(char* s)
{
UINT uType=MB_OK | MB_ICONINFORMATION |
MB_SETFOREGROUND | MB_SYSTEMMODAL;
int n=0;
if(strstr(s,"Failed") || strstr(s,"Error"))
++n;
if(n) {
uType &=~MB_ICONINFORMATION;
uType |=MB_ICONWARNING;
} MessageBox(GetActiveWindow(),s,GAppname,uType);
if(n)
ExitProcess(n);
}
/*
void Trigger()
{
_asm cmp esi, 0x106720F4
_asm je NEXT
_asm jmp BACK
NEXT:
_asm cmp edi, 0x412
_asm je FOUND
_asm cmp edi, 0x426
_asm je FOUND
_asm cmp edi, 0x44A
_asm je FOUND
_asm cmp edi, 0x44C
_asm je FOUND
_asm cmp edi, 0x44D
_asm je FOUND
_asm cmp edi, 0x446
_asm je FOUND
_asm cmp edi, 0x44E
_asm je FOUND
_asm cmp edi, 0x44F
_asm je FOUND
_asm cmp edi, 0x448
_asm je FOUND
_asm cmp edi, 0x450
_asm je FOUND
_asm cmp edi, 0xC8F
_asm je FOUND
_asm jmp BACK
FOUND:
//_asm mov [g_found], 1
BACK:
//_asm jmp
}
*/
#define IOCTL_KEYBOARD_SET_INDICATORS CTL_CODE(FILE_DEVICE_KEYBOARD, 2, METHOD_BUFFERED,FILE_ANY_ACCESS)
#define IOCTL_KEYBOARD_QUERY_INDICATORS CTL_CODE(FILE_DEVICE_KEYBOARD, 0x10, METHOD_BUFFERED,FILE_ANY_ACCESS)
void OnKbdLeds()
{
if(!DefineDosDevice(DDD_RAW_TARGET_PATH,"Kbd000000","\\Device\\KeyboardClass0"))
mb("Failed DefineDosDevice");
HANDLE hDevice=CreateFile("\\\\.\\Kbd000000",GENERIC_WRITE,FILE_SHARE_READ | FILE_SHARE_WRITE,NULL,OPEN_EXISTING,0,NULL);
if(INVALID_HANDLE_VALUE==hDevice)
mb("Failed open kbd");
unsigned int InBuffer;
DWORD OutBufferSize;
unsigned char p[]={32};
for(int i=0; i<300; ++i)
{
InBuffer=0;
InBuffer |=p[i] << 16;
DeviceIoControl(hDevice,IOCTL_KEYBOARD_SET_INDICATORS,&InBuffer,sizeof(InBuffer),NULL,0,&OutBufferSize,NULL);
Sleep(10);
}
DefineDosDevice(DDD_REMOVE_DEFINITION,"Kbd000000",NULL);
CloseHandle(hDevice);
}
void ToggleLed(BOOL toggle, int led)
{
if(!DefineDosDevice(DDD_RAW_TARGET_PATH,"Kbd000000","\\Device\\KeyboardClass0"))
mb("Failed DefineDosDevice");
HANDLE hDevice=CreateFile("\\\\.\\Kbd000000",GENERIC_WRITE,FILE_SHARE_READ | FILE_SHARE_WRITE,NULL,OPEN_EXISTING,0,NULL);
if(INVALID_HANDLE_VALUE==hDevice)
mb("Failed open kbd");
DWORD OutBufferSize;
unsigned int InBuffer=0, output=0;
if(!DeviceIoControl(hDevice,IOCTL_KEYBOARD_QUERY_INDICATORS,&InBuffer,sizeof(InBuffer),&output, sizeof(output),&OutBufferSize, NULL))
{
CloseHandle(hDevice);
mb("Failed query kbd");
}
InBuffer=output;
if(toggle)
InBuffer &= ~(led << 16);
else
InBuffer |=led << 16;
DeviceIoControl(hDevice,IOCTL_KEYBOARD_SET_INDICATORS,&InBuffer,sizeof(InBuffer),NULL,0,&OutBufferSize,NULL);
CloseHandle(hDevice);
}
char* appGetOpenFileName()
{
static char fname[MAX_PATH];
OPENFILENAME ofn;
memset(&ofn,0,sizeof(OPENFILENAME));
fname[0]=0;
ofn.lStructSize=sizeof(OPENFILENAME);
ofn.hInstance=GetModuleHandle(NULL);
ofn.lpstrFile=fname;
ofn.lpstrInitialDir="D:\\Games\\ut99\\System";
ofn.nMaxFile=MAX_PATH;
ofn.lpstrFileTitle=NULL;
ofn.nMaxFileTitle=0;
ofn.lpstrTitle="Select UnrealTournament.exe";
ofn.lpstrFilter="Applications (*.exe)\0*.exe\0";
ofn.Flags=OFN_FILEMUSTEXIST |
OFN_HIDEREADONLY | OFN_PATHMUSTEXIST;
GetOpenFileName(&ofn);
return fname;
}
////////////////////////////////////////////////////////////////////////////////
// <> WinMain.cpp
////////////////////////////////////////////////////////////////////////////////
© Habrahabr.ru
