private async void Button1_ClickAsync(object sender, EventArgs e)
{
if (pID != 0 && comp == true)
{
findBase_button.Text = "Please Wait!";
findBase_button.Enabled = false;
Cursor = Cursors.WaitCursor;
Enabled = false;
try
{
AoBadr = (await MemLib.AoBScan(AoBstr, true, true)).FirstOrDefault();
}
finally
{
Enabled = true;
Cursor = Cursors.Default;
findBase_button.Enabled = true;
}
if (AoBadr != 0)
{
findBase_button.Text = "Found!";
playerBase_label.Text = "0x" + AoBadr.ToString("x8");
}
else
{
findBase_button.Text = "Not Found!";
}
}
}
public static void afterGameLoad(Process proc)
{
new Game(proc);
GameEvents.startHandler();
new TowerShop();
new InjectionManager();
InjectionManager.manager.injectAll();
Game.getBTD5().setGameTitle("Bloons TD 5 - Game attached with NKHook5");
Console.WriteLine("Game hooked & Events registered!");
RichPresence.startRPC();
Console.WriteLine("Loading plugins...");
PluginLoader.loadPlugins();
List <long> res = memlib.AoBScan("68 74 74 70 73 3A 2F 2F 6E 65 77 67 61 6D 2E 65 73 2F 62 74 64 35 62 74 64 36", true, true).Result.ToList();
foreach (long addr in res)
{
memlib.writeMemory(addr.ToString("X"), "string", "https://discord.gg/VADMF2M");
}
BackgroundWorker bw = new BackgroundWorker();
bw.DoWork += (object sender, DoWorkEventArgs ev) =>
{
NKGDI gdi = new NKGDI(memlib);
System.Windows.Forms.Application.EnableVisualStyles();
System.Windows.Forms.Application.Run(gdi);
};
bw.RunWorkerAsync();
GameCloseEvent.Event += (object sender, EventArgs arg) =>
{
Environment.Exit(0);
};
}
static async void Test()
{
//"name": "dwLocalPlayer",
//"extra": 4,
//"relative": true,
//"module": "client_panorama.dll",
//"offsets": [
//3
// ],
//"pattern": "8D 34 85 ? ? ? ? 89 15 ? ? ? ? 8B 41 08 8B 48 04 83 F9 FF"
//dwLocalPlayer = 0xCF6A4C;
Mem mem = new Mem();
mem.OpenProcess("csgo");
long client_panorama = mem.modules["client_panorama.dll"].ToInt64();
long addr = (await mem.AoBScan("8D 34 85 ? ? ? ? 89 15 ? ? ? ? 8B 41 08 8B 48 04 83 F9 FF")).FirstOrDefault() + 3;
long dwLocalPlayer = mem.readInt(addr.ToString());
long a = 0xCF1A3C - dwLocalPlayer;
Console.ReadLine();
}
static void Main(string[] args) => EditMemory(); //pls do it this way so i wont feel like i wasted my time understanding how to hack program's memory
//static void Main(string[] args) => WriteFromFile(args[0]);
static void EditMemory()
{
Process aottg = (from proc in Process.GetProcesses() where proc.MainWindowTitle == "ATTACK_ON_TITAN" select proc).FirstOrDefault(); //get aottg process by process window title
while (aottg == null)
{
Console.WriteLine("No process found");
Thread.Sleep(10000); //wait 10s and try again
aottg = (from proc in Process.GetProcesses() where proc.MainWindowTitle == "ATTACK_ON_TITAN" select proc).FirstOrDefault();
}
Console.WriteLine("Process found!");
memoryEditor.OpenProcess(aottg.Id); //attach our memory editor to the process using its PID
Task <IEnumerable <long> > scan = memoryEditor.AoBScan(appID_bytes, true, false); //scans for an array of bytes in memory. we want to get old appID address and modify its value so we gotta scan for appID bytes
scan.Wait(); //wait for task to finish
foreach (long address in scan.Result) //now lets try to write the new appID in the addresses we got
{
//string prev = Encoding.Unicode.GetString(memoryEditor.ReadBytes(address.ToHex(), Encoding.Unicode.GetBytes(oldAppID).Length));
if (!memoryEditor.WriteMemory(address.ToHex(), "string", newAppID, "", Encoding.Unicode))
{
Console.WriteLine($"Failed writing address {address.ToHex()}");
}
else
{
Console.WriteLine($"Done! Written new AppID in address {address.ToHex()}");
}
//Console.WriteLine($"Done! Address {address.ToHex()} written\n(old value: {prev} | updated value: {Encoding.Unicode.GetString(memoryEditor.ReadBytes(address.ToHex(), Encoding.Unicode.GetBytes(newAppID).Length))})");
}
Console.WriteLine("You should be able to connect to new servers now");
memoryEditor.CloseProcess();
Console.ReadKey();
}
// ========================================================================
static async Task ScanDeathAddressAsync()
{
long aobScanAddress = (await Memory.AoBScan("48 8B 05 ?? ?? ?? ?? 48 85 C0 ?? ?? 48 8B 40 ?? C3")).FirstOrDefault();
int offset = Memory.readInt("0x" + (aobScanAddress + 3).ToString("X"));
long heroAddress = aobScanAddress + offset + 7;
_deathPtr = heroAddress.ToString("X") + ",0x98";
}
private void ThreadSignatureScan_DoWork(object sender, DoWorkEventArgs e)
{
m = new Mem();
curx = 0f; cury = 0f; curz = 0f;
m.OpenProcess("Astellia");
threadSignatureScan.ReportProgress(1);
Xbase = m.AoBScan(Properties.Settings.Default.positionAOB, true, true).Result.FirstOrDefault();
X = Xbase + 0x20;
Y = X + 0x4;
Z = X + 0x8;
threadSignatureScan.ReportProgress(100);
}
public async void getPlayerList()
{
playerlist.Clear();
//83 EC 0C C7 05 98 19 AE 00 01 00 00 00
//E0 22 AA 00 ?? 00 ?? 00 00 00 00 ?? 39 05 39 05
List <long> offsetofplayer = (await memory.AoBScan("E0 22 AA 00 ?? 00 ?? 00 00 00 00 ?? 39 05 39 05", true)).ToList();
foreach (long offset in offsetofplayer)
{
Player player = new Player(offset, false);
playerlist.Add(player);
}
long offsetself = (await memory.AoBScan("18 FC A9 00 00 00 00 00", true)).FirstOrDefault();
//long offsetcamera = (await memory.AoBScan("18 FC A9 00 00 00 00 00", true)).FirstOrDefault();
Self = new Player(offsetself, true);
//long playeroffset = (await memory.AoBScan("E0 22 AA 00 ?? 00 ?? 00 00 00 00 ?? 39 05 39 05", true)).FirstOrDefault();
}//D8 F4 D9 00 A6 6F 68 00 A0 FA AD
public static bool Attach()
{
bool code = mem.OpenProcess("ffxiv_dx11.exe");
currentGPAddress = mem.AoBScan(playerSig, true, true, "").Result.FirstOrDefault();
currentGPAddress += playerStartOffset + currentGPOffset;
while (currentGPAddress == 0)
{
}
scan = new System.Threading.Timer(new TimerCallback(TickTimer), null, 100, 100);
return(code);
}
/// <summary>
/// Scan for a byte signature in the .text section.
/// </summary>
/// <param name="signature">The signature.</param>
/// <returns>The real offset of the found signature.</returns>
public IntPtr ScanText(string signature)
{
var mBase = IsCopy ? this.moduleCopyPtr : TextSectionBase;
//var scanRet = Scan(mBase, TextSectionSize, signature);
var scanRet = (IntPtr)MemLib.AoBScan(signature, false, true).GetAwaiter().GetResult().FirstOrDefault();
//MemLib.AoBScan();
if (IsCopy)
{
scanRet = new IntPtr(scanRet.ToInt64() - this.moduleCopyOffset);
}
if (ReadByte(scanRet) == 0xE8)
{
return(ReadCallSig(scanRet));
}
return(scanRet);
}
private void BetterTextBox_CheckedChanged(object sender, EventArgs e)
{
if (betterTextBox.Checked)
{
//Change co-op text
List <long> coop = memlib.AoBScan("43 6F 2D 6F 70 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00", true, true).Result.ToList();
if (coop.Count > 0)
{
memlib.writeMemory("0x" + coop[0].ToString("X"), "bytes", "0x44 0x6F 0x6E 0x27 0x74 0x20 0x62 0x65 0x20 0x73 0x63 0x75 0x6D 0x00 0x00 0x00 0x0D");
}
//Change new game text
List <long> ng = memlib.AoBScan("4E 65 77 0A 47 61 6D 65 00 00 00 00 00 00 00 00 08", true, true).Result.ToList();
if (ng.Count > 0)
{
memlib.writeMemory("0x" + ng[0].ToString("X"), "bytes", "0x53 0x65 0x6E 0x64 0x0A 0x4E 0x75 0x64 0x65 0x73 0x00 0x00 0x00 0x00 0x00 0x00 0x0A");
}
//Change odessy text
List <long> odessy = memlib.AoBScan("4F 64 79 73 73 65 79 00 00 00 00 00 00 00 00 00 07", true, true).Result.ToList();
if (odessy.Count > 0)
{
memlib.writeMemory("0x" + odessy[0].ToString("X"), "bytes", "0x4E 0x6F 0x74 0x0A 0x4D 0x61 0x72 0x69 0x6F 0x0A 0x4F 0x64 0x79 0x73 0x73 0x65 0x79 0x0A");
}
}
else
{
//Change co-op text
List <long> coop = memlib.AoBScan("44 6F 6E 27 74 20 62 65 20 73 63 75 6D 00 00 00 0D", true, true).Result.ToList();
if (coop.Count > 0)
{
memlib.writeMemory("0x" + coop[0].ToString("X"), "bytes", "0x43 0x6F 0x2D 0x6F 0x70 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x05");
}
//Change new game text
List <long> ng = memlib.AoBScan("53 65 6E 64 0A 4E 75 64 65 73 00 00 00 00 00 00 0A", true, true).Result.ToList();
if (ng.Count > 0)
{
memlib.writeMemory("0x" + ng[0].ToString("X"), "bytes", "0x4E 0x65 0x77 0x0A 0x47 0x61 0x6D 0x65 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x08");
}
//Change odessy text
List <long> odessy = memlib.AoBScan("4E 6F 74 0A 4D 61 72 69 6F 0A 4F 64 79 73 73 65 79 0A", true, true).Result.ToList();
if (odessy.Count > 0)
{
memlib.writeMemory("0x" + odessy[0].ToString("X"), "bytes", "0x4F 0x64 0x79 0x73 0x73 0x65 0x79 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x07A 0x0");
}
}
}
private async void UpdateToolStripMenuItem_Click(object sender, EventArgs e)
{
if (memlib == null)
{
MessageBox.Show("Please attach to a process before updating.");
}
else
{
tsslStatus.Text = "Running";
foreach (ListViewItem items in lvAddy.Items)
{
tsslCompletionRate.Text = ((items.Index + 1) / (float)lvAddy.Items.Count).ToString("P0");
long myAddress = (await memlib.AoBScan(items.SubItems[3].Text)).FirstOrDefault();
if (myAddress == 0)
{
items.SubItems[1].Text = "0xERROR";
}
else if ((Enum.TryParse(items.SubItems[2].Text, true, out AoBType result) == true))
{
switch (result)
{
case AoBType.Address:
items.SubItems[1].Text = "0x" + myAddress.ToString("X8");
break;
case AoBType.FollowCall:
items.SubItems[1].Text = "0x" + GetCall(myAddress).ToString("X8");
break;
case AoBType.Pointer:
items.SubItems[1].Text = "0x" + GetPointer(myAddress).ToString("X8");
break;
}
}
private static void scan(object sender, DoWorkEventArgs e)
{
while (true)
{
List <long> scanResult = memlib.AoBScan("0? 01 00 01 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ?? ?? ?? ?? ?? ?? ?? ??", true, true).Result.ToList();
List <int> towerResult = new List <int>();
hoveredTowers = new List <int>();
selectedTowers = new List <int>();
foreach (long result in scanResult)
{
try
{
int baseV = (int)result & int.MaxValue;
string hexS = baseV.ToString("X");
int hexI = int.Parse(hexS, System.Globalization.NumberStyles.HexNumber);
hexI -= 0xF0;
int soldCheck = hexI + 0x12C;
if (memlib.readByte(soldCheck.ToString("X")) < 1)
{
towerResult.Add(hexI);
int hoverCheck = hexI + 0x215;
int selectedCheck = hexI + 0xF0;
if (memlib.readByte(hoverCheck.ToString("X")) > 0)
{
hoveredTowers.Add(hexI);
}
if (memlib.readByte(selectedCheck.ToString("X")) > 0)
{
selectedTowers.Add(hexI);
}
}
}
catch (OverflowException) { }
}
allTowers = towerResult;
}
}
public Task <IEnumerable <long> > AoBScan(string search)
{
return(meme.AoBScan(0x10000000000, 0x2FFFFFFFFFF, search, true, false));
}
public void ScanAobs(Mem m)
{
// Scan aob set health to 7FFFFFFF = freezes health: 2,147,483,647
aobStartHit0 = "8B 87 B4 03 00 00 89 06 8B 87 B8 03 00 00"; // aob Start
aobOnHit0 = Form1.ConvertStringToAOB("C7 82 B4 03 00 00 FF FF FF 7F 90 90 90 90"); // aob On
aobOffHit0 = Form1.ConvertStringToAOB(aobStartHit0);
System.Threading.Thread.Sleep(100);
if (m.AoBScan(0x01000000, 0xf10000000, "C7 82 B4 03 00 00 FF FF FF 7F").Result.ToList().Count >= 1)
{
System.Threading.Thread.Sleep(100);
addrsHit0 = m.AoBScan(0x01000000, 0xf10000000, "C7 82 B4 03 00 00 FF FF FF 7F").Result.FirstOrDefault();
addressHit0 = "0x" + addrsHit0.ToString("x8");
Form1.cbGodMode.Invoke((MethodInvoker)(() => Form1.cbGodMode.Checked = true));
Form1.cbGodMode.ForeColor = Color.Gold;
Form1.cbGodMode.Invoke((MethodInvoker)(() => Form1.cbGodMode.Enabled = true));
}
else if (m.AoBScan(0x01000000, 0xf10000000, "8B 87 B4 03 00 00 89 06 8B 87 B8 03 00 00").Result.ToList().Count >= 1)
{
System.Threading.Thread.Sleep(100);
addrsHit0 = m.AoBScan(0x01000000, 0xf10000000, "8B 87 B4 03 00 00 89 06 8B 87 B8 03 00 00").Result.LastOrDefault();
addressHit0 = "0x" + addrsHit0.ToString("x8");
Form1.cbGodMode.Invoke((MethodInvoker)(() => Form1.cbGodMode.Checked = false));
Form1.cbGodMode.ForeColor = Color.FromArgb(227, 227, 234);
Form1.cbGodMode.Invoke((MethodInvoker)(() => Form1.cbGodMode.Enabled = true));
}
// Scan aob detect hit
aobStartHit1 = "80 B8 C1 06 00 00 00 74 0D";
aobOnHit1 = Form1.ConvertStringToAOB("80 B8 C1 06 00 00 02");
aobOffHit1 = Form1.ConvertStringToAOB(aobStartHit1);
if (m.AoBScan(0x01000000, 0xf10000000, "80 B8 C1 06 00 00 02").Result.ToList().Count >= 1)
{
addrsHit1 = m.AoBScan(0x01000000, 0xf10000000, "80 B8 C1 06 00 00 02").Result.FirstOrDefault();
addressHit1 = "0x" + addrsHit1.ToString("x8");
Form1.cbUntouch.Invoke((MethodInvoker)(() => Form1.cbUntouch.Checked = true));
Form1.cbUntouch.ForeColor = Color.Gold;
Form1.cbUntouch.Enabled = true;
}
else if (m.AoBScan(0x01000000, 0xf10000000, "80 B8 C1 06 00 00 00 74 0D").Result.ToList().Count >= 1)
{
addrsHit1 = m.AoBScan(0x01000000, 0xf10000000, "80 B8 C1 06 00 00 00 74 0D").Result.FirstOrDefault();
addressHit1 = "0x" + addrsHit1.ToString("x8");
Form1.cbUntouch.Invoke((MethodInvoker)(() => Form1.cbUntouch.Checked = false));
Form1.cbUntouch.ForeColor = Color.FromArgb(227, 227, 234);
Form1.cbUntouch.Enabled = true;
}
// Set visible untouchable checkbox to true
if (Form1.cbGodMode.Checked)
{
Form1.cbUntouch.Invoke((MethodInvoker)(() => Form1.cbUntouch.Visible = true));
}
}
internal async Task AoBScanAsync()
{
IEnumerable <long> vs = await MemoryReader.AoBScan(AOB_SCAN_QUERY, writable : true);
baseAddress = vs.Single();
}
