#include #include #include DWORD GetProcId(const wchar_t* procName) { DWORD procId = 0; HANDLE hproc = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hproc != INVALID_HANDLE_VALUE) { PROCESSENTRY32 procEntry; procEntry.dwSize = sizeof(procEntry); if (Process32First(hproc, &procEntry)) { do { if (!_wcsicmp(procEntry.szExeFile, procName)) { procId = procEntry.th32ProcessID; break; } } while (Process32Next(hproc, &procEntry)); } } CloseHandle(hproc); return procId; } uintptr_t GetModuleBaseAddress(DWORD procId, const wchar_t* modName) { uintptr_t modBaseAddr = 0; HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId); if (hSnap != INVALID_HANDLE_VALUE) { MODULEENTRY32 modEntry; modEntry.dwSize = sizeof(modEntry); if (Module32First(hSnap, &modEntry)) { do { if (!_wcsicmp(modEntry.szModule, modName)) { modBaseAddr = (uintptr_t)modEntry.modBaseAddr; break; } } while (Module32Next(hSnap, &modEntry)); } } CloseHandle(hSnap); return modBaseAddr; } //Function that writes memory void WriteMem(char* dst, char* src, int size) { HANDLE hSnap = OpenProcess(PROCESS_ALL_ACCESS, NULL, GetProcId(L"PRBF2.exe")); DWORD oldprotect; VirtualProtectEx(hSnap, dst, size, PAGE_EXECUTE_READWRITE, &oldprotect); WriteProcessMemory(hSnap, dst, src, size, NULL); VirtualProtectEx(hSnap, dst, size, oldprotect, &oldprotect); } /* CHEATS START HERE! */ //===============================================================================================MAPHACK=============================================================================================== void MapHackOn(uintptr_t PRBF2Base) { WriteMem((char*)(PRBF2Base + 0x3786D7), (char*)"\x39\xDB", 2); //mm1 WriteMem((char*)(PRBF2Base + 0x3786FD), (char*)"\x39\xF6", 2); //mm2 //PatchEx((char*)(PRBF2Base + 0x378723), (char*)"\x39\xDB", 2); //mm3 WriteMem((char*)(PRBF2Base + 0x3787B3), (char*)"\x39\xDB", 2); //mm4 WriteMem((char*)(PRBF2Base + 0x3787D9), (char*)"\x39\xF6", 2); //mm5 //PatchEx((char*)(PRBF2Base + 0x3787FC), (char*)"\x39\xDB", 2); //mm6 WriteMem((char*)(PRBF2Base + 0x378816), (char*)"\x85\xD8", 2); //mm7 WriteMem((char*)(PRBF2Base + 0x3836F7), (char*)"\x39\xDB", 2); //mm8 } void MapHackOff(uintptr_t PRBF2Base) { WriteMem((char*)(PRBF2Base + 0x3786D7), (char*)"\x3B\xDF", 2); //mm1 WriteMem((char*)(PRBF2Base + 0x3786FD), (char*)"\x3B\xF0", 2); //mm2 //PatchEx((char*)(PRBF2Base + 0x378723), (char*)"\x39\xDB", 2); //mm3 WriteMem((char*)(PRBF2Base + 0x3787B3), (char*)"\x3B\xDF", 2); //mm4 WriteMem((char*)(PRBF2Base + 0x3787D9), (char*)"\x3B\xF0", 2); //mm5 //PatchEx((char*)(PRBF2Base + 0x3787FC), (char*)"\x39\xDB", 2); //mm6 WriteMem((char*)(PRBF2Base + 0x378816), (char*)"\x85\xC0", 2); //mm7 WriteMem((char*)(PRBF2Base + 0x3836F7), (char*)"\x3B\xC3", 2); //mm8 } //===============================================================================================RENDDX9DLL=============================================================================================== //UNDERGROWTH void UndergrowthOff(uintptr_t RendDX9Base) { WriteMem((char*)(RendDX9Base + 0x30C80), (char*)"\x01", 1); WriteMem((char*)(RendDX9Base + 0x306B1), (char*)"\x01", 1); } void UndergrowthOn(uintptr_t RendDX9Base) { WriteMem((char*)(RendDX9Base + 0x30C80), (char*)"\x00", 1); WriteMem((char*)(RendDX9Base + 0x306B1), (char*)"\x00", 1); } //POSTPRODUCTION - Replaced by Shellshock and TV Interference void PostProductionOff(uintptr_t RendDX9Base) { WriteMem((char*)(RendDX9Base + 0x30731), (char*)"\x01", 1); WriteMem((char*)(RendDX9Base + 0x30F09), (char*)"\x01", 1); WriteMem((char*)(RendDX9Base + 0x3104F), (char*)"\x01", 1); } void PostProductionOn(uintptr_t RendDX9Base) { WriteMem((char*)(RendDX9Base + 0x30731), (char*)"\x00", 1); WriteMem((char*)(RendDX9Base + 0x30F09), (char*)"\x00", 1); WriteMem((char*)(RendDX9Base + 0x3104F), (char*)"\x00", 1); } //SUNFLARE void SunFlareOff(uintptr_t RendDX9Base) { WriteMem((char*)(RendDX9Base + 0x30D58), (char*)"\x01", 1); WriteMem((char*)(RendDX9Base + 0x30EF0), (char*)"\x01", 1); WriteMem((char*)(RendDX9Base + 0x3113A), (char*)"\x01", 1); } void SunFlareOn(uintptr_t RendDX9Base) { WriteMem((char*)(RendDX9Base + 0x30D58), (char*)"\x00", 1); WriteMem((char*)(RendDX9Base + 0x30EF0), (char*)"\x00", 1); WriteMem((char*)(RendDX9Base + 0x3113A), (char*)"\x00", 1); } //PARTICLES void DrawParticlesOff(uintptr_t RendDX9Base) { WriteMem((char*)(RendDX9Base + 0x30679), (char*)"\x01", 1); WriteMem((char*)(RendDX9Base + 0x3069A), (char*)"\x01", 1); WriteMem((char*)(RendDX9Base + 0x306E4), (char*)"\x01", 1); WriteMem((char*)(RendDX9Base + 0x307BB), (char*)"\x01", 1); WriteMem((char*)(RendDX9Base + 0x30E02), (char*)"\x01", 1); WriteMem((char*)(RendDX9Base + 0x30E8F), (char*)"\x01", 1); WriteMem((char*)(RendDX9Base + 0x30EC1), (char*)"\x01", 1); WriteMem((char*)(RendDX9Base + 0x30ED9), (char*)"\x01", 1); //WriteMem((char*)(RendDX9Base + 0x30FA1), (char*)"\x01", 1); //This acuses crashes WriteMem((char*)(RendDX9Base + 0x31463), (char*)"\x01", 1); } void DrawParticlesOn(uintptr_t RendDX9Base) { WriteMem((char*)(RendDX9Base + 0x30679), (char*)"\x00", 1); WriteMem((char*)(RendDX9Base + 0x3069A), (char*)"\x00", 1); WriteMem((char*)(RendDX9Base + 0x306E4), (char*)"\x00", 1); WriteMem((char*)(RendDX9Base + 0x307BB), (char*)"\x00", 1); WriteMem((char*)(RendDX9Base + 0x30E02), (char*)"\x00", 1); WriteMem((char*)(RendDX9Base + 0x30E8F), (char*)"\x00", 1); WriteMem((char*)(RendDX9Base + 0x30EC1), (char*)"\x00", 1); WriteMem((char*)(RendDX9Base + 0x30ED9), (char*)"\x00", 1); //WriteMem((char*)(RendDX9Base + 0x30FA1), (char*)"\x00", 1); //This acuses crashes WriteMem((char*)(RendDX9Base + 0x31463), (char*)"\x00", 1); } //SHELLSHOCK void ShellShockOff(uintptr_t RendDX9Base) { WriteMem((char*)(RendDX9Base + 0x4F918), (char*)"\x00", 1); } void ShellShockOn(uintptr_t RendDX9Base) { WriteMem((char*)(RendDX9Base + 0x4F918), (char*)"\x0D", 1); } //TV INTERFERENCE void TVInterferenceOff(uintptr_t RendDX9Base) { WriteMem((char*)(RendDX9Base + 0x583AA), (char*)"\x90\x90", 2); } void TVInterferenceOn(uintptr_t RendDX9Base) { WriteMem((char*)(RendDX9Base + 0x583AA), (char*)"\x8B\x11", 2); } //FOG1 - REMOVE void FOG1Off(uintptr_t RendDX9Base) { WriteMem((char*)(RendDX9Base + 0x50710), (char*)"\xD9\x45\x06", 3); //last byte to 06 } void FOG1On(uintptr_t RendDX9Base) { WriteMem((char*)(RendDX9Base + 0x50710), (char*)"\xD9\x45\x08", 3); } //FOG2 - REMOVE void FOG2Off(uintptr_t RendDX9Base) { WriteMem((char*)(RendDX9Base + 0x50727), (char*)"\xD9\x45\x06", 3); //last byte to 06 } void FOG2On(uintptr_t RendDX9Base) { WriteMem((char*)(RendDX9Base + 0x50727), (char*)"\xD9\x45\x08", 3); } //==========================================================================================INSTRUCTIONS==================================================================================================== void InstructionCout() { std::cout << R"( _ ____ _____ ______ _____ ________ ____ _____ _________ / \ |_ \|_ _|.' ___ ||_ _||_ __ ||_ \|_ _|| _ _ | / _ \ | \ | | / .' \_| | | | |_ \_| | \ | | |_/ | | \_| / ___ \ | |\ \| | | | | | | _| _ | |\ \| | | | _/ / \ \_ _| |_\ |_\ `.___.'\ _| |_ _| |__/ | _| |_\ |_ _| |_ |____| |____||_____|\____|`.____ .'|_____||________||_____|\____| |_____| ______ _____ _____ ____ ____ ________ _______ ______ _ ______ ___ ____ .' ____ \ |_ _||_ _||_ _| |_ _||_ __ ||_ __ \ |_ _ \ / \ .' ___ ||_ ||_ _| | (___ \_| | | | | \ \ / / | |_ \_| | |__) | | |_) | / _ \ / .' \_| | |_/ / _.____`. | | | | _ \ \ / / | _| _ | __ / | __'. / ___ \ | | | __'. | \____) | _| |_ _| |__/ | \ ' / _| |__/ | _| | \ \_ _| |__) |_/ / \ \_\ `.___.'\ _| | \ \_ \______.'|_____||________| \_/ |________||____| |___||_______/|____| |____|`.____ .'|____||____| )"; std::cout << R"( ___ _ _ ___ _____ ___ _ _ ___ _____ ___ ___ _ _ ___ |_ _| \| / __|_ _| _ \ | | |/ __|_ _|_ _/ _ \| \| / __| | || .` \__ \ | | | / |_| | (__ | | | | (_) | .` \__ \ |___|_|\_|___/ |_| |_|_\\___/ \___| |_| |___\___/|_|\_|___/ )"; std::cout << "\n"; std::cout << "Pess F9 to toggle Maphack" << std::endl; std::cout << "Pess F10 to toggle RendDX9 Tweaks" << std::endl; std::cout << "Pess F11 to toggle RendDX9 Tweaks - Particles" << std::endl; std::cout << "Pess F12 to toggle FOG1" << std::endl; std::cout << "Pess DELETE to toggle FOG2" << std::endl; } //=========================================================================================================MAIN========================================================================================================= int main() { DWORD PrProcID = GetProcId(L"PRBF2.exe"); uintptr_t RendDX9BaseAddr = GetModuleBaseAddress(PrProcID, L"RendDX9.dll"); uintptr_t PRBF2BaseAddr = GetModuleBaseAddress(PrProcID, L"PRBF2.exe"); bool B_MapHackOn = false; bool B_RendDX9TweaksOn = false; bool B_NoFogOn = false; bool B_RendDX9TweaksOnParticles = false; if (PrProcID == 0) { std::cout << "PR is not open! You need to open it first and then run the program fat."; } else { std::cout << "PRBF2 Proccess ID: " << PrProcID << std::endl; } InstructionCout(); while (true) { //Maphack if (GetAsyncKeyState(VK_F9) & 1) { B_MapHackOn = !B_MapHackOn; MapHackOff(PRBF2BaseAddr); } if (B_MapHackOn) { MapHackOn(PRBF2BaseAddr); } //RendDX9Tweaks if (GetAsyncKeyState(VK_F10) & 1) { B_RendDX9TweaksOn = !B_RendDX9TweaksOn; UndergrowthOn(RendDX9BaseAddr); ShellShockOn(RendDX9BaseAddr); TVInterferenceOn(RendDX9BaseAddr); } if (B_RendDX9TweaksOn) { UndergrowthOff(RendDX9BaseAddr); ShellShockOff(RendDX9BaseAddr); TVInterferenceOff(RendDX9BaseAddr); } //RendDX9Tweaks - Particles if (GetAsyncKeyState(VK_F11) & 1) { B_RendDX9TweaksOnParticles = !B_RendDX9TweaksOnParticles; DrawParticlesOn(RendDX9BaseAddr); } if (B_RendDX9TweaksOnParticles) { DrawParticlesOff(RendDX9BaseAddr); } //FOG1 - REMOVE if (GetAsyncKeyState(VK_F12) & 1) { B_NoFogOn = !B_NoFogOn; FOG1On(RendDX9BaseAddr); } if (B_NoFogOn) { FOG1Off(RendDX9BaseAddr); } //FOG2 - REMOVE if (GetAsyncKeyState(VK_DELETE) & 1) { B_NoFogOn = !B_NoFogOn; FOG2On(RendDX9BaseAddr); } if (B_NoFogOn) { FOG2Off(RendDX9BaseAddr); } } Sleep(5); return 0; }