diff --git a/resource.rc b/resource.rc new file mode 100644 index 0000000..5b61049 --- /dev/null +++ b/resource.rc @@ -0,0 +1 @@ +1 ICON wcon.ico \ No newline at end of file diff --git a/wcon.ico b/wcon.ico new file mode 100644 index 0000000..7d4791b Binary files /dev/null and b/wcon.ico differ diff --git a/ys9injector.c b/ys9injector.c new file mode 100644 index 0000000..3a86855 --- /dev/null +++ b/ys9injector.c @@ -0,0 +1,92 @@ +#define WIN32_LEAN_AND_MEAN + +#include +#include + +#pragma comment(lib, "user32.lib") + +int main(void) +{ + wprintf(L"Listening for Ys IX: Monstrum Nox. "); + + HWND hWnd; + for(int i = 1; !(hWnd = FindWindowW(L"Ys IX: Monstrum Nox", NULL)); i++) + { + Sleep(999); + + switch(i % 3) + { + case 0: + wprintf(L"\b\b "); + break; + case 1: + wprintf(L"\b\b. "); + break; + case 2: + wprintf(L"\b\b.."); + break; + } + } + wprintf(L"\n"); + Sleep(999); + + DWORD dwProcessId; + GetWindowThreadProcessId(hWnd, &dwProcessId); + + HANDLE hProcess; + if(!(hProcess = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, FALSE, dwProcessId))) + { + return 1; + } + + LPVOID lpBaseAddress; + wchar_t dllPath[1024]; + if(!(lpBaseAddress = VirtualAllocEx(hProcess, NULL, sizeof(dllPath), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE))) + { + return 1; + } + + if(!(GetCurrentDirectoryW(sizeof(dllPath), dllPath))) + { + return 1; + } + + if(wcsncat_s(dllPath, sizeof(dllPath), L"\\ys9speed.dll", sizeof(L"\\ys9speed.dll"))) + { + return 1; + } + + if(!(WriteProcessMemory(hProcess, lpBaseAddress, dllPath, sizeof(dllPath), NULL))) + { + return 1; + } + + HMODULE hModule; + if(!(hModule = GetModuleHandleW(L"kernel32.dll"))) + { + return 1; + } + + LPTHREAD_START_ROUTINE lpStartAddress; + if(!(lpStartAddress = (LPTHREAD_START_ROUTINE) GetProcAddress(hModule, "LoadLibraryW"))) + { + return 1; + } + + HANDLE hObject; + if(!(hObject = CreateRemoteThread(hProcess, NULL, 0, lpStartAddress, lpBaseAddress, 0, NULL))) + { + return 1; + } + + wprintf(L"Injection successful."); + + if(!(CloseHandle(hObject))) + { + ; + } + + Sleep(999); + + return 0; +} \ No newline at end of file diff --git a/ys9speed.c b/ys9speed.c new file mode 100644 index 0000000..0c5b98b --- /dev/null +++ b/ys9speed.c @@ -0,0 +1,81 @@ +#define WIN32_LEAN_AND_MEAN + +#include +#include + +void *find_subarray_32(volatile uint32_t *const array, size_t length, const uint32_t *const subarray, size_t subarrayLength) +{ + for(size_t i = 0; i <= length - subarrayLength; i++) + { + for(size_t j = 0; array[i + j] == subarray[j]; j++) + { + if(j == subarrayLength - 1) + { + return (void*) &array[i]; + } + } + } + + return NULL; +} + +DWORD WINAPI ModuleMain(LPVOID lpParameter) +{ + HMODULE hModule; + if(!(hModule = GetModuleHandleW(NULL)))//GET EXECUTABLE BASE ADDRESS. + { + return 1; + } + + const uint32_t SPEED_SIGNATURE[] = {0x3F7D70A4, 0x3F7EB852, 0x3F7FBE77};//UNIQUE BYTE SIGNATURE FOUND WITH A DEBUGGER. NO OFFSET NEEDED. + float *speed; + if(!(speed = (float*) find_subarray_32((uint32_t*) ((uint8_t*) hModule + 0x600000), 0x200000, SPEED_SIGNATURE, sizeof(SPEED_SIGNATURE) / sizeof(SPEED_SIGNATURE[0])))) + { + return 1; + } + + DWORD protect1, protect2; + + if(!(VirtualProtect(speed, sizeof(float), PAGE_EXECUTE_READWRITE, &protect1))) + { + return 1; + } + + *speed = 1.09;//SET GAME SPEED. DEFAULT VALUE IS 0.99. LESS STUTTER COMPARED TO HOOKING QUERYPERFORMANCECOUNTER. + + if(!(VirtualProtect(speed, sizeof(float), protect1, &protect2))) + { + return 1; + } + + return 0; +} + +BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) +{ + switch(fdwReason) + { + case DLL_PROCESS_ATTACH: + if(!(DisableThreadLibraryCalls(hinstDLL))) + { + ; + } + + HANDLE hObject; + if(!(hObject = CreateThread(NULL, 0, ModuleMain, NULL, 0, NULL))) + { + return FALSE; + } + + if(!(CloseHandle(hObject))) + { + ; + } + + break; + default: + break; + } + + return TRUE; +} \ No newline at end of file