Show Posts
I also uploaded a new version with a much smaller file size. Unfortunately 5 programs on VirusTotal show it's a generic trojan. So I release the source code here to disprove it:
Code:
#define WIN32_LEAN_AND_MEAN
#define UNICODE
#define OEMRESOURCE
#include <Windows.h>
#include <CommCtrl.h>
#include <TlHelp32.h>
#pragma function(memcmp, memset)
int __cdecl memcmp(const void* buf0, const void* buf1, size_t count)
{
if (count == 0)
return 0;
while (--count && *(unsigned char*)buf0 == *(unsigned char*)buf1)
{
buf0 = (unsigned char*)buf0 + 1;
buf1 = (unsigned char*)buf1 + 1;
}
return *(unsigned char*)buf0 - *(unsigned char*)buf1;
}
void* __cdecl memset(void* dst, int val, size_t count)
{
void *start = dst;
while (count--)
{
*(unsigned char*)dst = (unsigned char)val;
dst = (unsigned char*)dst + 1;
}
return start;
}
#define IDC_LABEL_FEATURES 0x8
#define IDC_CHECKBOX_GIRL 0x9
#define IDC_CHECKBOX_CHAD 0xA
#define IDC_CHECKBOX_LARRIES 0xB
#define IDC_BUTTON_ENABLE_ALL 0xC
#define IDC_BUTTON_DISABLE_ALL 0xD
#define PATCH_SIZE(size) size
#define PATCH_OFFSET(offset) (offset) & 0xFF, (offset) >> 0x8 & 0xFF, (offset) >> 0x10 & 0xFF, (offset) >> 0x18 & 0xFF
#define PATCH_ORIGINAL(...) __VA_ARGS__
#define PATCH_UPDATED(...) __VA_ARGS__
#pragma pack(push, 1)
struct PatchHeader
{
BYTE cbSize;
ptrdiff_t offset;
};
#pragma pack(pop)
BYTE patchInfoGirl[] =
{
PATCH_SIZE(0x2), PATCH_OFFSET(0x1FC7B), PATCH_ORIGINAL(0x75, 0x19), PATCH_UPDATED(0x90, 0x90),
PATCH_SIZE(0)
};
BYTE patchInfoChad[] =
{
PATCH_SIZE(0x1), PATCH_OFFSET(0x8B572), PATCH_ORIGINAL(0x7D), PATCH_UPDATED(0xEB),
PATCH_SIZE(0)
};
BYTE patchInfoLarries[] =
{
PATCH_SIZE(0x2), PATCH_OFFSET(0x8C955), PATCH_ORIGINAL(0x7E, 0x39), PATCH_UPDATED(0x90, 0x90),
PATCH_SIZE(0x2), PATCH_OFFSET(0x8C107), PATCH_ORIGINAL(0x7D, 0x14), PATCH_UPDATED(0x90, 0x90),
PATCH_SIZE(0)
};
HANDLE hHeap;
HANDLE hTargetProcess = NULL;
BYTE* pTargetBaseAddress;
bool bGirlEnabled = false;
bool bChadEnabled = false;
bool bLarriesEnabled = false;
HWND hWindow;
HWND hLabelFeatures;
HWND hCheckBoxGirl;
HWND hCheckBoxChad;
HWND hCheckBoxLarries;
HWND hButtonEnableAll;
HWND hButtonDisableAll;
const wchar_t szWindowTitle[] = L"Super Meat Boy Luck Manipulator";
const wchar_t szTargetName[] = L"SuperMeatBoy.exe";
const COLORREF crBackground = RGB(0xFF, 0xFF, 0xFF);
HBRUSH hbrBackground = NULL;
HFONT hfFont = NULL;
void CheckTarget();
bool ApplyPatch(BYTE* patchInfo);
bool RemovePatch(BYTE* patchInfo);
LRESULT CALLBACK WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam);
void WINAPI WinMainCRTStartup()
{
HINSTANCE hInstance = GetModuleHandleW(NULL);
HANDLE hToken = NULL;
ATOM WindowClassAtom = 0;
{
if (!(hHeap = GetProcessHeap()))
goto error;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
goto error;
TOKEN_PRIVILEGES TokenPrivileges;
TokenPrivileges.PrivilegeCount = 1;
if (!LookupPrivilegeValueW(NULL, SE_DEBUG_NAME, &TokenPrivileges.Privileges[0].Luid))
goto error;
TokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, sizeof(TokenPrivileges), NULL, NULL) || GetLastError() != ERROR_SUCCESS)
goto error;
CloseHandle(hToken);
hToken = NULL;
INITCOMMONCONTROLSEX icceStandard = {sizeof(INITCOMMONCONTROLSEX), ICC_STANDARD_CLASSES};
InitCommonControlsEx(&icceStandard);
hbrBackground = CreateSolidBrush(crBackground);
hfFont = CreateFontW(16, 0, 0, 0, FW_NORMAL, FALSE, FALSE, FALSE, ANSI_CHARSET, OUT_DEFAULT_PRECIS, CLIP_DEFAULT_PRECIS, DEFAULT_QUALITY, VARIABLE_PITCH | FF_DONTCARE, NULL);
WNDCLASSEXW WindowClass = {};
WindowClass.cbSize = sizeof(WNDCLASSEXW);
WindowClass.lpfnWndProc = WindowProc;
WindowClass.hInstance = hInstance;
WindowClass.hIcon = (HICON)LoadImageW(NULL, MAKEINTRESOURCEW(OIC_SAMPLE), IMAGE_ICON, 0, 0, LR_SHARED);
WindowClass.hCursor = (HCURSOR)LoadImageW(NULL, MAKEINTRESOURCEW(OCR_NORMAL), IMAGE_CURSOR, 0, 0, LR_SHARED);
WindowClass.hbrBackground = hbrBackground;
WindowClass.lpszClassName = L"WindowMain";
WindowClass.hIconSm = (HICON)LoadImageW(NULL, MAKEINTRESOURCEW(OIC_SAMPLE), IMAGE_ICON, 0, 0, LR_SHARED);
if (!(WindowClassAtom = RegisterClassExW(&WindowClass)))
goto error;
DWORD dwStyle = WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU;
const LONG lPadding = 12;
const LONG lGridWidth = 48;
const LONG lGridHeight = 24;
const LONG lClientWidth = 2*lPadding + 9*lGridWidth;
const LONG lClientHeight = 3*lPadding + 3*lGridHeight;
RECT Rect = {0, 0, lClientWidth, lClientHeight};
if (!AdjustWindowRect(&Rect, dwStyle, FALSE))
goto error;
if (!(hWindow = CreateWindowW(MAKEINTATOM(WindowClassAtom), szWindowTitle, dwStyle, CW_USEDEFAULT, CW_USEDEFAULT, Rect.right - Rect.left, Rect.bottom - Rect.top, NULL, NULL, hInstance, NULL)))
goto error;
if (!(hLabelFeatures = CreateWindowW(L"Static", L"Select features:", WS_CHILD | WS_VISIBLE | SS_LEFT, lPadding, lPadding, lGridWidth*3, lGridHeight, hWindow, (HMENU)IDC_LABEL_FEATURES, hInstance, NULL)))
goto error;
if (!(hCheckBoxGirl = CreateWindowW(L"Button", L"Glitched Girl", WS_CHILD | WS_VISIBLE | BS_CHECKBOX | BS_TEXT, lPadding, lPadding + lGridHeight, lGridWidth*3, lGridHeight, hWindow, (HMENU)IDC_CHECKBOX_GIRL, hInstance, NULL)))
goto error;
if (!(hCheckBoxChad = CreateWindowW(L"Button", L"C.H.A.D.", WS_CHILD | WS_VISIBLE | BS_CHECKBOX | BS_TEXT, lPadding + 3*lGridWidth, lPadding + lGridHeight, lGridWidth*3, lGridHeight, hWindow, (HMENU)IDC_CHECKBOX_CHAD, hInstance, NULL)))
goto error;
if (!(hCheckBoxLarries = CreateWindowW(L"Button", L"Larries", WS_CHILD | WS_VISIBLE | BS_CHECKBOX | BS_TEXT, lPadding + 6*lGridWidth, lPadding + lGridHeight, lGridWidth*3, lGridHeight, hWindow, (HMENU)IDC_CHECKBOX_LARRIES, hInstance, NULL)))
goto error;
if (!(hButtonEnableAll = CreateWindowW(L"Button", L"Enable All", WS_CHILD | WS_VISIBLE | BS_PUSHBUTTON | BS_TEXT, lPadding + 2*lGridWidth, 2*lPadding + 2*lGridHeight, 2*lGridWidth, lGridHeight, hWindow, (HMENU)IDC_BUTTON_ENABLE_ALL, hInstance, NULL)))
goto error;
if (!(hButtonDisableAll = CreateWindowW(L"Button", L"Disable All", WS_CHILD | WS_VISIBLE | BS_PUSHBUTTON | BS_TEXT, lPadding + 5*lGridWidth, 2*lPadding + 2*lGridHeight, 2*lGridWidth, lGridHeight, hWindow, (HMENU)IDC_BUTTON_DISABLE_ALL, hInstance, NULL)))
goto error;
SendMessageW(hLabelFeatures, WM_SETFONT, (WPARAM)hfFont, FALSE);
SendMessageW(hCheckBoxGirl, WM_SETFONT, (WPARAM)hfFont, FALSE);
SendMessageW(hCheckBoxChad, WM_SETFONT, (WPARAM)hfFont, FALSE);
SendMessageW(hCheckBoxLarries, WM_SETFONT, (WPARAM)hfFont, FALSE);
SendMessageW(hButtonEnableAll, WM_SETFONT, (WPARAM)hfFont, FALSE);
SendMessageW(hButtonDisableAll, WM_SETFONT, (WPARAM)hfFont, FALSE);
ShowWindow(hWindow, SW_SHOW);
UpdateWindow(hWindow);
MSG Message;
BOOL bRet;
while ((bRet = GetMessageW(&Message, NULL, 0, 0)) != 0)
{
if (bRet == -1)
goto error;
TranslateMessage(&Message);
DispatchMessageW(&Message);
}
UnregisterClassW(MAKEINTATOM(WindowClassAtom), hInstance);
DeleteObject(hbrBackground);
DeleteObject(hfFont);
if (hTargetProcess != NULL)
CloseHandle(hTargetProcess);
ExitProcess(0);
}
error:
if (WindowClassAtom != 0)
UnregisterClassW(MAKEINTATOM(WindowClassAtom), hInstance);
if (hbrBackground != NULL)
DeleteObject(hbrBackground);
if (hfFont != NULL)
DeleteObject(hfFont);
if (hToken != NULL)
CloseHandle(hToken);
if (hTargetProcess != NULL)
CloseHandle(hTargetProcess);
ExitProcess(1);
}
LRESULT CALLBACK WindowProc(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
switch (uMsg)
{
case WM_COMMAND:
{
if (LOWORD(wParam) == IDC_CHECKBOX_GIRL && HIWORD(wParam) == BN_CLICKED)
{
UINT uState = IsDlgButtonChecked(hWnd, IDC_CHECKBOX_GIRL);
CheckTarget();
if (uState == BST_UNCHECKED)
if (hTargetProcess != NULL && ApplyPatch(patchInfoGirl))
{
bGirlEnabled = true;
CheckDlgButton(hWnd, IDC_CHECKBOX_GIRL, BST_CHECKED);
}
else
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
else
if (hTargetProcess != NULL)
if(RemovePatch(patchInfoGirl))
{
bGirlEnabled = false;
CheckDlgButton(hWnd, IDC_CHECKBOX_GIRL, BST_UNCHECKED);
}
else
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (LOWORD(wParam) == IDC_CHECKBOX_CHAD && HIWORD(wParam) == BN_CLICKED)
{
UINT uState = IsDlgButtonChecked(hWnd, IDC_CHECKBOX_CHAD);
CheckTarget();
if (uState == BST_UNCHECKED)
if (hTargetProcess != NULL && ApplyPatch(patchInfoChad))
{
bChadEnabled = true;
CheckDlgButton(hWnd, IDC_CHECKBOX_CHAD, BST_CHECKED);
}
else
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
else
if (hTargetProcess != NULL)
if (RemovePatch(patchInfoChad))
{
bChadEnabled = false;
CheckDlgButton(hWnd, IDC_CHECKBOX_CHAD, BST_UNCHECKED);
}
else
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (LOWORD(wParam) == IDC_CHECKBOX_LARRIES && HIWORD(wParam) == BN_CLICKED)
{
UINT uState = IsDlgButtonChecked(hWnd, IDC_CHECKBOX_LARRIES);
CheckTarget();
if (uState == BST_UNCHECKED)
if (hTargetProcess != NULL && ApplyPatch(patchInfoLarries))
{
bLarriesEnabled = true;
CheckDlgButton(hWnd, IDC_CHECKBOX_LARRIES, BST_CHECKED);
}
else
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
else
if (hTargetProcess != NULL)
if (RemovePatch(patchInfoLarries))
{
bLarriesEnabled = false;
CheckDlgButton(hWnd, IDC_CHECKBOX_LARRIES, BST_UNCHECKED);
}
else
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (LOWORD(wParam) == IDC_BUTTON_ENABLE_ALL && HIWORD(wParam) == BN_CLICKED)
{
if (bGirlEnabled && bChadEnabled && bLarriesEnabled)
return 0;
CheckTarget();
if (hTargetProcess != NULL)
{
if (!bGirlEnabled)
if (ApplyPatch(patchInfoGirl))
{
bGirlEnabled = true;
CheckDlgButton(hWnd, IDC_CHECKBOX_GIRL, BST_CHECKED);
}
else
{
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (!bChadEnabled)
if (ApplyPatch(patchInfoChad))
{
bChadEnabled = true;
CheckDlgButton(hWnd, IDC_CHECKBOX_CHAD, BST_CHECKED);
}
else
{
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (!bLarriesEnabled)
if (ApplyPatch(patchInfoLarries))
{
bLarriesEnabled = true;
CheckDlgButton(hWnd, IDC_CHECKBOX_LARRIES, BST_CHECKED);
}
else
{
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
}
else
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (LOWORD(wParam) == IDC_BUTTON_DISABLE_ALL && HIWORD(wParam) == BN_CLICKED)
{
if (!bGirlEnabled && !bChadEnabled && !bLarriesEnabled)
return 0;
CheckTarget();
if (hTargetProcess != NULL)
{
if (bGirlEnabled)
if (RemovePatch(patchInfoGirl))
{
bGirlEnabled = false;
CheckDlgButton(hWnd, IDC_CHECKBOX_GIRL, BST_UNCHECKED);
}
else
{
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (bChadEnabled)
if (RemovePatch(patchInfoChad))
{
bChadEnabled = false;
CheckDlgButton(hWnd, IDC_CHECKBOX_CHAD, BST_UNCHECKED);
}
else
{
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (bLarriesEnabled)
if (RemovePatch(patchInfoLarries))
{
bLarriesEnabled = false;
CheckDlgButton(hWnd, IDC_CHECKBOX_LARRIES, BST_UNCHECKED);
}
else
{
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
}
else
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
}
case WM_CTLCOLORSTATIC:
case WM_CTLCOLORBTN:
{
HDC hdcStatic = (HDC)wParam;
SetBkColor(hdcStatic, crBackground);
return (LRESULT)hbrBackground;
}
case WM_CLOSE:
{
CheckTarget();
if (hTargetProcess == NULL)
break;
if (bGirlEnabled)
if (RemovePatch(patchInfoGirl))
{
bGirlEnabled = false;
CheckDlgButton(hWnd, IDC_CHECKBOX_GIRL, BST_UNCHECKED);
}
else
{
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (bChadEnabled)
if (RemovePatch(patchInfoChad))
{
bChadEnabled = false;
CheckDlgButton(hWnd, IDC_CHECKBOX_CHAD, BST_UNCHECKED);
}
else
{
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (bLarriesEnabled)
if (RemovePatch(patchInfoLarries))
{
bLarriesEnabled = false;
CheckDlgButton(hWnd, IDC_CHECKBOX_LARRIES, BST_UNCHECKED);
}
else
{
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
break;
}
case WM_DESTROY:
{
PostQuitMessage(0);
return 0;
}
}
return DefWindowProcW(hWnd, uMsg, wParam, lParam);
}
void CheckTarget()
{
if (hTargetProcess != NULL && WaitForSingleObject(hTargetProcess, 0) == WAIT_OBJECT_0) {
CloseHandle(hTargetProcess);
hTargetProcess = NULL;
bGirlEnabled = false;
bChadEnabled = false;
bLarriesEnabled = false;
CheckDlgButton(hWindow, IDC_CHECKBOX_GIRL, BST_UNCHECKED);
CheckDlgButton(hWindow, IDC_CHECKBOX_CHAD, BST_UNCHECKED);
CheckDlgButton(hWindow, IDC_CHECKBOX_LARRIES, BST_UNCHECKED);
}
if (hTargetProcess == NULL)
{
if (hTargetProcess != NULL) {
CloseHandle(hTargetProcess);
hTargetProcess = NULL;
}
HANDLE hSnapshot = INVALID_HANDLE_VALUE;
{
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot == INVALID_HANDLE_VALUE)
goto error;
PROCESSENTRY32W ProcessEntry;
ProcessEntry.dwSize = sizeof(PROCESSENTRY32W);
if (Process32FirstW(hSnapshot, &ProcessEntry))
do
if (!lstrcmpiW(ProcessEntry.szExeFile, szTargetName))
{
if (!(hTargetProcess = OpenProcess(PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION | SYNCHRONIZE, FALSE, ProcessEntry.th32ProcessID)))
goto error;
goto process_found;
}
while (Process32NextW(hSnapshot, &ProcessEntry));
goto error;
process_found:
CloseHandle(hSnapshot);
hSnapshot = INVALID_HANDLE_VALUE;
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessEntry.th32ProcessID);
if (hSnapshot == INVALID_HANDLE_VALUE)
goto error;
MODULEENTRY32W ModuleEntry;
ModuleEntry.dwSize = sizeof(MODULEENTRY32W);
if (Module32FirstW(hSnapshot, &ModuleEntry))
do
if (!lstrcmpiW(ModuleEntry.szModule, szTargetName))
{
pTargetBaseAddress = ModuleEntry.modBaseAddr;
goto module_found;
}
while (Module32NextW(hSnapshot, &ModuleEntry));
goto error;
module_found:
CloseHandle(hSnapshot);
hSnapshot = INVALID_HANDLE_VALUE;
return;
}
error:
if (hSnapshot != INVALID_HANDLE_VALUE)
CloseHandle(hSnapshot);
if (hTargetProcess)
{
CloseHandle(hTargetProcess);
hTargetProcess = NULL;
}
}
}
bool ApplyPatch(BYTE* patchInfo)
{
BYTE* bBuffer = (BYTE*)HeapAlloc(hHeap, 0, 0);
if (bBuffer == NULL)
return false;
PatchHeader* phHeader = (PatchHeader*)patchInfo;
while (phHeader->cbSize != 0)
{
bBuffer = (BYTE*)HeapReAlloc(hHeap, 0, bBuffer, phHeader->cbSize);
if (bBuffer == NULL)
return false;
if (!ReadProcessMemory(hTargetProcess, pTargetBaseAddress + phHeader->offset, bBuffer, phHeader->cbSize, NULL))
return false;
if (memcmp(bBuffer, (BYTE*)phHeader + sizeof(PatchHeader), phHeader->cbSize) && memcmp(bBuffer, (BYTE*)phHeader + sizeof(PatchHeader) + phHeader->cbSize, phHeader->cbSize))
return false;
phHeader = (PatchHeader*)((BYTE*)phHeader + sizeof(PatchHeader) + 2*phHeader->cbSize);
}
HeapFree(hHeap, 0, bBuffer);
phHeader = (PatchHeader*)patchInfo;
while (phHeader->cbSize != 0)
{
if (!WriteProcessMemory(hTargetProcess, pTargetBaseAddress + phHeader->offset, (BYTE*)phHeader + sizeof(PatchHeader) + phHeader->cbSize, phHeader->cbSize, NULL))
return false;
phHeader = (PatchHeader*)((BYTE*)phHeader + sizeof(PatchHeader) + 2*phHeader->cbSize);
}
return true;
}
bool RemovePatch(BYTE* patchInfo)
{
PatchHeader* phHeader = (PatchHeader*)patchInfo;
while (phHeader->cbSize != 0)
{
if (!WriteProcessMemory(hTargetProcess, pTargetBaseAddress + phHeader->offset, (BYTE*)phHeader + sizeof(PatchHeader), phHeader->cbSize, NULL))
return false;
phHeader = (PatchHeader*)((BYTE*)phHeader + sizeof(PatchHeader) + 2*phHeader->cbSize);
}
return true;
}
#define UNICODE
#define OEMRESOURCE
#include <Windows.h>
#include <CommCtrl.h>
#include <TlHelp32.h>
#pragma function(memcmp, memset)
int __cdecl memcmp(const void* buf0, const void* buf1, size_t count)
{
if (count == 0)
return 0;
while (--count && *(unsigned char*)buf0 == *(unsigned char*)buf1)
{
buf0 = (unsigned char*)buf0 + 1;
buf1 = (unsigned char*)buf1 + 1;
}
return *(unsigned char*)buf0 - *(unsigned char*)buf1;
}
void* __cdecl memset(void* dst, int val, size_t count)
{
void *start = dst;
while (count--)
{
*(unsigned char*)dst = (unsigned char)val;
dst = (unsigned char*)dst + 1;
}
return start;
}
#define IDC_LABEL_FEATURES 0x8
#define IDC_CHECKBOX_GIRL 0x9
#define IDC_CHECKBOX_CHAD 0xA
#define IDC_CHECKBOX_LARRIES 0xB
#define IDC_BUTTON_ENABLE_ALL 0xC
#define IDC_BUTTON_DISABLE_ALL 0xD
#define PATCH_SIZE(size) size
#define PATCH_OFFSET(offset) (offset) & 0xFF, (offset) >> 0x8 & 0xFF, (offset) >> 0x10 & 0xFF, (offset) >> 0x18 & 0xFF
#define PATCH_ORIGINAL(...) __VA_ARGS__
#define PATCH_UPDATED(...) __VA_ARGS__
#pragma pack(push, 1)
struct PatchHeader
{
BYTE cbSize;
ptrdiff_t offset;
};
#pragma pack(pop)
BYTE patchInfoGirl[] =
{
PATCH_SIZE(0x2), PATCH_OFFSET(0x1FC7B), PATCH_ORIGINAL(0x75, 0x19), PATCH_UPDATED(0x90, 0x90),
PATCH_SIZE(0)
};
BYTE patchInfoChad[] =
{
PATCH_SIZE(0x1), PATCH_OFFSET(0x8B572), PATCH_ORIGINAL(0x7D), PATCH_UPDATED(0xEB),
PATCH_SIZE(0)
};
BYTE patchInfoLarries[] =
{
PATCH_SIZE(0x2), PATCH_OFFSET(0x8C955), PATCH_ORIGINAL(0x7E, 0x39), PATCH_UPDATED(0x90, 0x90),
PATCH_SIZE(0x2), PATCH_OFFSET(0x8C107), PATCH_ORIGINAL(0x7D, 0x14), PATCH_UPDATED(0x90, 0x90),
PATCH_SIZE(0)
};
HANDLE hHeap;
HANDLE hTargetProcess = NULL;
BYTE* pTargetBaseAddress;
bool bGirlEnabled = false;
bool bChadEnabled = false;
bool bLarriesEnabled = false;
HWND hWindow;
HWND hLabelFeatures;
HWND hCheckBoxGirl;
HWND hCheckBoxChad;
HWND hCheckBoxLarries;
HWND hButtonEnableAll;
HWND hButtonDisableAll;
const wchar_t szWindowTitle[] = L"Super Meat Boy Luck Manipulator";
const wchar_t szTargetName[] = L"SuperMeatBoy.exe";
const COLORREF crBackground = RGB(0xFF, 0xFF, 0xFF);
HBRUSH hbrBackground = NULL;
HFONT hfFont = NULL;
void CheckTarget();
bool ApplyPatch(BYTE* patchInfo);
bool RemovePatch(BYTE* patchInfo);
LRESULT CALLBACK WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam);
void WINAPI WinMainCRTStartup()
{
HINSTANCE hInstance = GetModuleHandleW(NULL);
HANDLE hToken = NULL;
ATOM WindowClassAtom = 0;
{
if (!(hHeap = GetProcessHeap()))
goto error;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
goto error;
TOKEN_PRIVILEGES TokenPrivileges;
TokenPrivileges.PrivilegeCount = 1;
if (!LookupPrivilegeValueW(NULL, SE_DEBUG_NAME, &TokenPrivileges.Privileges[0].Luid))
goto error;
TokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, sizeof(TokenPrivileges), NULL, NULL) || GetLastError() != ERROR_SUCCESS)
goto error;
CloseHandle(hToken);
hToken = NULL;
INITCOMMONCONTROLSEX icceStandard = {sizeof(INITCOMMONCONTROLSEX), ICC_STANDARD_CLASSES};
InitCommonControlsEx(&icceStandard);
hbrBackground = CreateSolidBrush(crBackground);
hfFont = CreateFontW(16, 0, 0, 0, FW_NORMAL, FALSE, FALSE, FALSE, ANSI_CHARSET, OUT_DEFAULT_PRECIS, CLIP_DEFAULT_PRECIS, DEFAULT_QUALITY, VARIABLE_PITCH | FF_DONTCARE, NULL);
WNDCLASSEXW WindowClass = {};
WindowClass.cbSize = sizeof(WNDCLASSEXW);
WindowClass.lpfnWndProc = WindowProc;
WindowClass.hInstance = hInstance;
WindowClass.hIcon = (HICON)LoadImageW(NULL, MAKEINTRESOURCEW(OIC_SAMPLE), IMAGE_ICON, 0, 0, LR_SHARED);
WindowClass.hCursor = (HCURSOR)LoadImageW(NULL, MAKEINTRESOURCEW(OCR_NORMAL), IMAGE_CURSOR, 0, 0, LR_SHARED);
WindowClass.hbrBackground = hbrBackground;
WindowClass.lpszClassName = L"WindowMain";
WindowClass.hIconSm = (HICON)LoadImageW(NULL, MAKEINTRESOURCEW(OIC_SAMPLE), IMAGE_ICON, 0, 0, LR_SHARED);
if (!(WindowClassAtom = RegisterClassExW(&WindowClass)))
goto error;
DWORD dwStyle = WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU;
const LONG lPadding = 12;
const LONG lGridWidth = 48;
const LONG lGridHeight = 24;
const LONG lClientWidth = 2*lPadding + 9*lGridWidth;
const LONG lClientHeight = 3*lPadding + 3*lGridHeight;
RECT Rect = {0, 0, lClientWidth, lClientHeight};
if (!AdjustWindowRect(&Rect, dwStyle, FALSE))
goto error;
if (!(hWindow = CreateWindowW(MAKEINTATOM(WindowClassAtom), szWindowTitle, dwStyle, CW_USEDEFAULT, CW_USEDEFAULT, Rect.right - Rect.left, Rect.bottom - Rect.top, NULL, NULL, hInstance, NULL)))
goto error;
if (!(hLabelFeatures = CreateWindowW(L"Static", L"Select features:", WS_CHILD | WS_VISIBLE | SS_LEFT, lPadding, lPadding, lGridWidth*3, lGridHeight, hWindow, (HMENU)IDC_LABEL_FEATURES, hInstance, NULL)))
goto error;
if (!(hCheckBoxGirl = CreateWindowW(L"Button", L"Glitched Girl", WS_CHILD | WS_VISIBLE | BS_CHECKBOX | BS_TEXT, lPadding, lPadding + lGridHeight, lGridWidth*3, lGridHeight, hWindow, (HMENU)IDC_CHECKBOX_GIRL, hInstance, NULL)))
goto error;
if (!(hCheckBoxChad = CreateWindowW(L"Button", L"C.H.A.D.", WS_CHILD | WS_VISIBLE | BS_CHECKBOX | BS_TEXT, lPadding + 3*lGridWidth, lPadding + lGridHeight, lGridWidth*3, lGridHeight, hWindow, (HMENU)IDC_CHECKBOX_CHAD, hInstance, NULL)))
goto error;
if (!(hCheckBoxLarries = CreateWindowW(L"Button", L"Larries", WS_CHILD | WS_VISIBLE | BS_CHECKBOX | BS_TEXT, lPadding + 6*lGridWidth, lPadding + lGridHeight, lGridWidth*3, lGridHeight, hWindow, (HMENU)IDC_CHECKBOX_LARRIES, hInstance, NULL)))
goto error;
if (!(hButtonEnableAll = CreateWindowW(L"Button", L"Enable All", WS_CHILD | WS_VISIBLE | BS_PUSHBUTTON | BS_TEXT, lPadding + 2*lGridWidth, 2*lPadding + 2*lGridHeight, 2*lGridWidth, lGridHeight, hWindow, (HMENU)IDC_BUTTON_ENABLE_ALL, hInstance, NULL)))
goto error;
if (!(hButtonDisableAll = CreateWindowW(L"Button", L"Disable All", WS_CHILD | WS_VISIBLE | BS_PUSHBUTTON | BS_TEXT, lPadding + 5*lGridWidth, 2*lPadding + 2*lGridHeight, 2*lGridWidth, lGridHeight, hWindow, (HMENU)IDC_BUTTON_DISABLE_ALL, hInstance, NULL)))
goto error;
SendMessageW(hLabelFeatures, WM_SETFONT, (WPARAM)hfFont, FALSE);
SendMessageW(hCheckBoxGirl, WM_SETFONT, (WPARAM)hfFont, FALSE);
SendMessageW(hCheckBoxChad, WM_SETFONT, (WPARAM)hfFont, FALSE);
SendMessageW(hCheckBoxLarries, WM_SETFONT, (WPARAM)hfFont, FALSE);
SendMessageW(hButtonEnableAll, WM_SETFONT, (WPARAM)hfFont, FALSE);
SendMessageW(hButtonDisableAll, WM_SETFONT, (WPARAM)hfFont, FALSE);
ShowWindow(hWindow, SW_SHOW);
UpdateWindow(hWindow);
MSG Message;
BOOL bRet;
while ((bRet = GetMessageW(&Message, NULL, 0, 0)) != 0)
{
if (bRet == -1)
goto error;
TranslateMessage(&Message);
DispatchMessageW(&Message);
}
UnregisterClassW(MAKEINTATOM(WindowClassAtom), hInstance);
DeleteObject(hbrBackground);
DeleteObject(hfFont);
if (hTargetProcess != NULL)
CloseHandle(hTargetProcess);
ExitProcess(0);
}
error:
if (WindowClassAtom != 0)
UnregisterClassW(MAKEINTATOM(WindowClassAtom), hInstance);
if (hbrBackground != NULL)
DeleteObject(hbrBackground);
if (hfFont != NULL)
DeleteObject(hfFont);
if (hToken != NULL)
CloseHandle(hToken);
if (hTargetProcess != NULL)
CloseHandle(hTargetProcess);
ExitProcess(1);
}
LRESULT CALLBACK WindowProc(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
switch (uMsg)
{
case WM_COMMAND:
{
if (LOWORD(wParam) == IDC_CHECKBOX_GIRL && HIWORD(wParam) == BN_CLICKED)
{
UINT uState = IsDlgButtonChecked(hWnd, IDC_CHECKBOX_GIRL);
CheckTarget();
if (uState == BST_UNCHECKED)
if (hTargetProcess != NULL && ApplyPatch(patchInfoGirl))
{
bGirlEnabled = true;
CheckDlgButton(hWnd, IDC_CHECKBOX_GIRL, BST_CHECKED);
}
else
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
else
if (hTargetProcess != NULL)
if(RemovePatch(patchInfoGirl))
{
bGirlEnabled = false;
CheckDlgButton(hWnd, IDC_CHECKBOX_GIRL, BST_UNCHECKED);
}
else
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (LOWORD(wParam) == IDC_CHECKBOX_CHAD && HIWORD(wParam) == BN_CLICKED)
{
UINT uState = IsDlgButtonChecked(hWnd, IDC_CHECKBOX_CHAD);
CheckTarget();
if (uState == BST_UNCHECKED)
if (hTargetProcess != NULL && ApplyPatch(patchInfoChad))
{
bChadEnabled = true;
CheckDlgButton(hWnd, IDC_CHECKBOX_CHAD, BST_CHECKED);
}
else
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
else
if (hTargetProcess != NULL)
if (RemovePatch(patchInfoChad))
{
bChadEnabled = false;
CheckDlgButton(hWnd, IDC_CHECKBOX_CHAD, BST_UNCHECKED);
}
else
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (LOWORD(wParam) == IDC_CHECKBOX_LARRIES && HIWORD(wParam) == BN_CLICKED)
{
UINT uState = IsDlgButtonChecked(hWnd, IDC_CHECKBOX_LARRIES);
CheckTarget();
if (uState == BST_UNCHECKED)
if (hTargetProcess != NULL && ApplyPatch(patchInfoLarries))
{
bLarriesEnabled = true;
CheckDlgButton(hWnd, IDC_CHECKBOX_LARRIES, BST_CHECKED);
}
else
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
else
if (hTargetProcess != NULL)
if (RemovePatch(patchInfoLarries))
{
bLarriesEnabled = false;
CheckDlgButton(hWnd, IDC_CHECKBOX_LARRIES, BST_UNCHECKED);
}
else
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (LOWORD(wParam) == IDC_BUTTON_ENABLE_ALL && HIWORD(wParam) == BN_CLICKED)
{
if (bGirlEnabled && bChadEnabled && bLarriesEnabled)
return 0;
CheckTarget();
if (hTargetProcess != NULL)
{
if (!bGirlEnabled)
if (ApplyPatch(patchInfoGirl))
{
bGirlEnabled = true;
CheckDlgButton(hWnd, IDC_CHECKBOX_GIRL, BST_CHECKED);
}
else
{
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (!bChadEnabled)
if (ApplyPatch(patchInfoChad))
{
bChadEnabled = true;
CheckDlgButton(hWnd, IDC_CHECKBOX_CHAD, BST_CHECKED);
}
else
{
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (!bLarriesEnabled)
if (ApplyPatch(patchInfoLarries))
{
bLarriesEnabled = true;
CheckDlgButton(hWnd, IDC_CHECKBOX_LARRIES, BST_CHECKED);
}
else
{
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
}
else
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (LOWORD(wParam) == IDC_BUTTON_DISABLE_ALL && HIWORD(wParam) == BN_CLICKED)
{
if (!bGirlEnabled && !bChadEnabled && !bLarriesEnabled)
return 0;
CheckTarget();
if (hTargetProcess != NULL)
{
if (bGirlEnabled)
if (RemovePatch(patchInfoGirl))
{
bGirlEnabled = false;
CheckDlgButton(hWnd, IDC_CHECKBOX_GIRL, BST_UNCHECKED);
}
else
{
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (bChadEnabled)
if (RemovePatch(patchInfoChad))
{
bChadEnabled = false;
CheckDlgButton(hWnd, IDC_CHECKBOX_CHAD, BST_UNCHECKED);
}
else
{
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (bLarriesEnabled)
if (RemovePatch(patchInfoLarries))
{
bLarriesEnabled = false;
CheckDlgButton(hWnd, IDC_CHECKBOX_LARRIES, BST_UNCHECKED);
}
else
{
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
}
else
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
}
case WM_CTLCOLORSTATIC:
case WM_CTLCOLORBTN:
{
HDC hdcStatic = (HDC)wParam;
SetBkColor(hdcStatic, crBackground);
return (LRESULT)hbrBackground;
}
case WM_CLOSE:
{
CheckTarget();
if (hTargetProcess == NULL)
break;
if (bGirlEnabled)
if (RemovePatch(patchInfoGirl))
{
bGirlEnabled = false;
CheckDlgButton(hWnd, IDC_CHECKBOX_GIRL, BST_UNCHECKED);
}
else
{
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (bChadEnabled)
if (RemovePatch(patchInfoChad))
{
bChadEnabled = false;
CheckDlgButton(hWnd, IDC_CHECKBOX_CHAD, BST_UNCHECKED);
}
else
{
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (bLarriesEnabled)
if (RemovePatch(patchInfoLarries))
{
bLarriesEnabled = false;
CheckDlgButton(hWnd, IDC_CHECKBOX_LARRIES, BST_UNCHECKED);
}
else
{
MessageBoxW(hWnd, L"Unable to complete the task.", L"Error", MB_OK | MB_ICONERROR);
return 0;
}
break;
}
case WM_DESTROY:
{
PostQuitMessage(0);
return 0;
}
}
return DefWindowProcW(hWnd, uMsg, wParam, lParam);
}
void CheckTarget()
{
if (hTargetProcess != NULL && WaitForSingleObject(hTargetProcess, 0) == WAIT_OBJECT_0) {
CloseHandle(hTargetProcess);
hTargetProcess = NULL;
bGirlEnabled = false;
bChadEnabled = false;
bLarriesEnabled = false;
CheckDlgButton(hWindow, IDC_CHECKBOX_GIRL, BST_UNCHECKED);
CheckDlgButton(hWindow, IDC_CHECKBOX_CHAD, BST_UNCHECKED);
CheckDlgButton(hWindow, IDC_CHECKBOX_LARRIES, BST_UNCHECKED);
}
if (hTargetProcess == NULL)
{
if (hTargetProcess != NULL) {
CloseHandle(hTargetProcess);
hTargetProcess = NULL;
}
HANDLE hSnapshot = INVALID_HANDLE_VALUE;
{
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot == INVALID_HANDLE_VALUE)
goto error;
PROCESSENTRY32W ProcessEntry;
ProcessEntry.dwSize = sizeof(PROCESSENTRY32W);
if (Process32FirstW(hSnapshot, &ProcessEntry))
do
if (!lstrcmpiW(ProcessEntry.szExeFile, szTargetName))
{
if (!(hTargetProcess = OpenProcess(PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION | SYNCHRONIZE, FALSE, ProcessEntry.th32ProcessID)))
goto error;
goto process_found;
}
while (Process32NextW(hSnapshot, &ProcessEntry));
goto error;
process_found:
CloseHandle(hSnapshot);
hSnapshot = INVALID_HANDLE_VALUE;
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessEntry.th32ProcessID);
if (hSnapshot == INVALID_HANDLE_VALUE)
goto error;
MODULEENTRY32W ModuleEntry;
ModuleEntry.dwSize = sizeof(MODULEENTRY32W);
if (Module32FirstW(hSnapshot, &ModuleEntry))
do
if (!lstrcmpiW(ModuleEntry.szModule, szTargetName))
{
pTargetBaseAddress = ModuleEntry.modBaseAddr;
goto module_found;
}
while (Module32NextW(hSnapshot, &ModuleEntry));
goto error;
module_found:
CloseHandle(hSnapshot);
hSnapshot = INVALID_HANDLE_VALUE;
return;
}
error:
if (hSnapshot != INVALID_HANDLE_VALUE)
CloseHandle(hSnapshot);
if (hTargetProcess)
{
CloseHandle(hTargetProcess);
hTargetProcess = NULL;
}
}
}
bool ApplyPatch(BYTE* patchInfo)
{
BYTE* bBuffer = (BYTE*)HeapAlloc(hHeap, 0, 0);
if (bBuffer == NULL)
return false;
PatchHeader* phHeader = (PatchHeader*)patchInfo;
while (phHeader->cbSize != 0)
{
bBuffer = (BYTE*)HeapReAlloc(hHeap, 0, bBuffer, phHeader->cbSize);
if (bBuffer == NULL)
return false;
if (!ReadProcessMemory(hTargetProcess, pTargetBaseAddress + phHeader->offset, bBuffer, phHeader->cbSize, NULL))
return false;
if (memcmp(bBuffer, (BYTE*)phHeader + sizeof(PatchHeader), phHeader->cbSize) && memcmp(bBuffer, (BYTE*)phHeader + sizeof(PatchHeader) + phHeader->cbSize, phHeader->cbSize))
return false;
phHeader = (PatchHeader*)((BYTE*)phHeader + sizeof(PatchHeader) + 2*phHeader->cbSize);
}
HeapFree(hHeap, 0, bBuffer);
phHeader = (PatchHeader*)patchInfo;
while (phHeader->cbSize != 0)
{
if (!WriteProcessMemory(hTargetProcess, pTargetBaseAddress + phHeader->offset, (BYTE*)phHeader + sizeof(PatchHeader) + phHeader->cbSize, phHeader->cbSize, NULL))
return false;
phHeader = (PatchHeader*)((BYTE*)phHeader + sizeof(PatchHeader) + 2*phHeader->cbSize);
}
return true;
}
bool RemovePatch(BYTE* patchInfo)
{
PatchHeader* phHeader = (PatchHeader*)patchInfo;
while (phHeader->cbSize != 0)
{
if (!WriteProcessMemory(hTargetProcess, pTargetBaseAddress + phHeader->offset, (BYTE*)phHeader + sizeof(PatchHeader), phHeader->cbSize, NULL))
return false;
phHeader = (PatchHeader*)((BYTE*)phHeader + sizeof(PatchHeader) + 2*phHeader->cbSize);
}
return true;
}
