Add files via upload

resource.rc

@@ -0,0 +1 @@
+1 ICON wcon.ico

ys9injector.c

@@ -0,0 +1,92 @@
+#define WIN32_LEAN_AND_MEAN
+
+#include <wchar.h>
+#include <windows.h>
+
+#pragma comment(lib, "user32.lib")
+
+int main(void)
+{
+    wprintf(L"Listening for Ys IX: Monstrum Nox.  ");
+
+    HWND hWnd;
+    for(int i = 1; !(hWnd = FindWindowW(L"Ys IX: Monstrum Nox", NULL)); i++)
+    {
+        Sleep(999);
+
+        switch(i % 3)
+        {
+            case 0:
+                wprintf(L"\b\b  ");
+                break;
+            case 1:
+                wprintf(L"\b\b. ");
+                break;
+            case 2:
+                wprintf(L"\b\b..");
+                break;
+        }
+    }
+    wprintf(L"\n");
+    Sleep(999);
+
+    DWORD dwProcessId;
+    GetWindowThreadProcessId(hWnd, &dwProcessId);
+
+    HANDLE hProcess;
+    if(!(hProcess = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, FALSE, dwProcessId)))
+    {
+        return 1;
+    }
+
+    LPVOID lpBaseAddress;
+    wchar_t dllPath[1024];
+    if(!(lpBaseAddress = VirtualAllocEx(hProcess, NULL, sizeof(dllPath), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE)))
+    {
+        return 1;
+    }
+
+    if(!(GetCurrentDirectoryW(sizeof(dllPath), dllPath)))
+    {
+        return 1;
+    }
+
+    if(wcsncat_s(dllPath, sizeof(dllPath), L"\\ys9speed.dll", sizeof(L"\\ys9speed.dll")))
+    {
+        return 1;
+    }
+
+    if(!(WriteProcessMemory(hProcess, lpBaseAddress, dllPath, sizeof(dllPath), NULL)))
+    {
+        return 1;
+    }
+
+    HMODULE hModule;
+    if(!(hModule = GetModuleHandleW(L"kernel32.dll")))
+    {
+        return 1;
+    }
+
+    LPTHREAD_START_ROUTINE lpStartAddress;
+    if(!(lpStartAddress = (LPTHREAD_START_ROUTINE) GetProcAddress(hModule, "LoadLibraryW")))
+    {
+        return 1;
+    }
+
+    HANDLE hObject;
+    if(!(hObject = CreateRemoteThread(hProcess, NULL, 0, lpStartAddress, lpBaseAddress, 0, NULL)))
+    {
+        return 1;
+    }
+
+    wprintf(L"Injection successful.");
+
+    if(!(CloseHandle(hObject)))
+    {
+        ;
+    }
+
+    Sleep(999);
+
+    return 0;
+}

ys9speed.c

@@ -0,0 +1,81 @@
+#define WIN32_LEAN_AND_MEAN
+
+#include <stdint.h>
+#include <windows.h>
+
+void *find_subarray_32(volatile uint32_t *const array, size_t length, const uint32_t *const subarray, size_t subarrayLength)
+{
+	for(size_t i = 0; i <= length - subarrayLength; i++)
+	{
+		for(size_t j = 0; array[i + j] == subarray[j]; j++)
+		{
+			if(j == subarrayLength - 1)
+			{
+				return (void*) &array[i];
+			}
+		}
+	}
+
+	return NULL;
+}
+
+DWORD WINAPI ModuleMain(LPVOID lpParameter)
+{
+	HMODULE hModule;
+	if(!(hModule = GetModuleHandleW(NULL)))//GET EXECUTABLE BASE ADDRESS.
+	{
+		return 1;
+	}
+
+	const uint32_t SPEED_SIGNATURE[] = {0x3F7D70A4, 0x3F7EB852, 0x3F7FBE77};//UNIQUE BYTE SIGNATURE FOUND WITH A DEBUGGER. NO OFFSET NEEDED.
+	float *speed;
+	if(!(speed = (float*) find_subarray_32((uint32_t*) ((uint8_t*) hModule + 0x600000), 0x200000, SPEED_SIGNATURE, sizeof(SPEED_SIGNATURE) / sizeof(SPEED_SIGNATURE[0]))))
+	{
+		return 1;
+	}
+
+	DWORD protect1, protect2;
+
+	if(!(VirtualProtect(speed, sizeof(float), PAGE_EXECUTE_READWRITE, &protect1)))
+	{
+		return 1;
+	}
+
+	*speed = 1.09;//SET GAME SPEED. DEFAULT VALUE IS 0.99. LESS STUTTER COMPARED TO HOOKING QUERYPERFORMANCECOUNTER.
+
+	if(!(VirtualProtect(speed, sizeof(float), protect1, &protect2)))
+	{
+		return 1;
+	}
+
+	return 0;
+}
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
+{
+	switch(fdwReason)
+	{
+		case DLL_PROCESS_ATTACH:
+			if(!(DisableThreadLibraryCalls(hinstDLL)))
+			{
+				;
+			}
+
+			HANDLE hObject;
+			if(!(hObject = CreateThread(NULL, 0, ModuleMain, NULL, 0, NULL)))
+			{
+				return FALSE;
+			}
+
+			if(!(CloseHandle(hObject)))
+			{
+				;
+			}
+
+			break;
+		default:
+			break;
+	}
+
+	return TRUE;
+}