-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathThread.cpp
97 lines (90 loc) · 3.53 KB
/
Thread.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
#include"Thread.h"
#include"GameMain.h"
//
// 获取模块大小
//
DWORD Thread::GetModuleSize(DWORD64 base)
{
IMAGE_DOS_HEADER dos_header = { 0 };
IMAGE_NT_HEADERS nt_headers = { 0 };
if (!base)return -1;
dos_header = *(IMAGE_DOS_HEADER*)base;
nt_headers = *(IMAGE_NT_HEADERS*)(base + dos_header.e_lfanew);
return nt_headers.OptionalHeader.SizeOfImage;
}
//
//创建线程
//
void WINAPI Thread::MyFunctionThread(PCALL_MYFUNCTION pCMP)
{
if (pCMP != NULL && pCMP->dwEP != NULL)
{
_Function Function = (_Function)pCMP->dwEP;
Function(pCMP->pParam);
}
}
HANDLE Thread::MyCreateThread(LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, LPDWORD lpThreadID)
{
HANDLE hNtDll = GetModuleHandleA("ntdll.dll");
if (hNtDll != NULL)
{
DWORD dwImageSize = GetModuleSize((DWORD64)hNtDll);
BYTE* pMemoryData = (BYTE*)hNtDll + dwImageSize - 0x400;
if (pMemoryData != NULL)
{
DWORD dwProtect;
VirtualProtect(pMemoryData, 0x100, PAGE_EXECUTE_READWRITE, &dwProtect);
CALL_MYFUNCTION* pCMP = (CALL_MYFUNCTION*)VirtualAlloc(NULL, 0x100, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
pCMP->dwEP = (DWORD64)(lpStartAddress);
pCMP->pParam = lpParameter;
memcpy((LPVOID)pMemoryData, (LPVOID)MyFunctionThread, 0x100);
HANDLE hHandle = CreateRemoteThread(GetCurrentProcess(), NULL, 0, (LPTHREAD_START_ROUTINE)pMemoryData, pCMP, NULL, lpThreadID);
return hHandle;
}
}
return 0;
}
//
//主线程
//
DWORD Thread::InitThread()
{
//AllocConsole();
//FILE* stream;
//freopen_s(&stream, "CON", "w", stdout);
//SetConsoleTitle(L"SCUM 内部绘制 Hook ");
while (true)
{
if (GetAsyncKeyState(VK_HOME) != 0)
break;
}
Data::hGame = FindWindow(L"UnrealWindow", L"SCUM ");
Data::op.isShow = true;
Data::op.aimScope = 50;
Data::op.aimSpeed = 1;
Data::op.jumpSize = 1;
Data::op.speedSize = 1;
Data::op.carSpeedSize = 100;
/*#########################开始Hook################################################################*/
Hooks::GameHwnd = Data::hGame;
Data::BaseModule = (ULONG64)GetModuleHandleA("SCUM.exe");
GameBulletTrack::InitBulletTrack(); //初始化子弹追踪
GameBulletTrack::InitMagicBullet();//初始化魔术子弹
Hooks::oWndProc = (WNDPROC)SetWindowLongPtr(Hooks::GameHwnd, -4, (DWORD_PTR)Hooks::hkWndProc);
CloseHandle(Thread::MyCreateThread((LPTHREAD_START_ROUTINE)GameMain::DataLoop, NULL, NULL));
if (Hooks::oWndProc == nullptr) return 0;
//------------------------------------------------------------------------------------------------------------------
if (Hooks::Initialization(Data::hGame)) {
DWORD_PTR* pSwapChainVT = reinterpret_cast<DWORD_PTR*>(reinterpret_cast<DWORD_PTR*>(Hooks::pSwapChain)[0]);
Hooks::Present = reinterpret_cast<tPresent>(pSwapChainVT[8]);
Hooks::Resize = reinterpret_cast<tResize>(pSwapChainVT[13]);
//--------------------------------------------------------------------------------------------------------------
Hooks::OnHook(reinterpret_cast<PVOID*>(&Hooks::Present), (PVOID)Hooks::hookPresent);
Hooks::OnHook(reinterpret_cast<PVOID*>(&Hooks::Resize), (PVOID)Hooks::hookResize);
//--------------------------------------------------------------------------------------------------------------
Hooks::pDevice->Release();
Hooks::pContext->Release();
Hooks::pSwapChain->Release();
}
return 0;
}