;Beavis & Butt-head Hock-a-Loogie Trainer +1 ;compiler directives .386 .model flat,stdcall option casemap:none ;standard includes include include\windows.inc include include\kernel32.inc include include\user32.inc includelib lib\kernel32.lib includelib lib\user32.lib ;Procedures DlgProc PROTO :DWORD,:DWORD,:DWORD,:DWORD Engine_Add PROTO :DWORD,:DWORD,:DWORD,:DWORD CheckHotKeys PROTO ;Id for our dialog (standard is 101) ID_DIALOG equ 101 .data WndCap db 'Beavis & Butt-head Hock-a-Loogie',0 ;Caption of target process's window HMODULE dd 0 ;Handle for GetModuleHandle hProcess dd 0 ;Handle for Process Dummy dd 0 ;Needed for our TrainerEngine ScoreAddr dd 0412F74h ;Location where score is saved ScoreBuf dd 0 ;a dword buffer for score Caption db 'defiler''s lame trainer-engine.',0 ;caption for msgbox ;Error messages: Err_patch db 'There was an error while writing to process!',0 Err_open db 'There was an error while opening process!',0 .code main: invoke GetModuleHandleA,0 ;invoke GetModuleHandle mov HMODULE,eax ;to get a handle for the timerproc ;and to invoke the dialog invoke SetTimer,HMODULE,123,1000,addr CheckHotKeys ;Set up a timer that will check for hotkeys every 1000ms xor eax, eax mov ax, ID_DIALOG ;Create and show the Dialog invoke DialogBoxParamA,HMODULE,eax,0,addr DlgProc,0 invoke ExitProcess,0 ;Exit Trainer after WM_CLOSE has been sent ;Here the tiny DialogProc DlgProc Proc hWin: DWORD, uMsg: DWORD, wParam: DWORD, lParam: DWORD .IF uMsg==WM_CLOSE ;Process WM_CLOSE invoke EndDialog,hWin,0 ;If WM_CLOSE, then end dialog .endif ret ret DlgProc endp ;This procedure will be called every 1000ms CheckHotKeys Proc ;to check for HotKeys and activate the TrainerEngine pushad ;saving regs is necessary (i debugged it and it crashed w/o) invoke GetAsyncKeyState,VK_F12 ;Has F12 been pressed? .IF eax==TRUE ;Yes? Great! Then ... ;Add 20 points to score invoke Engine_Add,addr WndCap, ScoreAddr, addr ScoreBuf,20 .endif popad ;restore regs ret CheckHotKeys endp Engine_Add Proc lpWndCap: DWORD, lpBaseAddress: DWORD, lpBuffer: DWORD, nToAdd: DWORD invoke FindWindowExA,0,0,0,lpWndCap ;Find Window invoke GetWindowThreadProcessId,eax,addr Dummy ;Get its process Id ;Open Process invoke OpenProcess,PROCESS_VM_READ or PROCESS_VM_WRITE,0,Dummy mov hProcess,eax ;Save Handle .IF eax==FALSE invoke MessageBoxA,0,addr Err_open,addr Caption,MB_ICONWARNING ret .endif ;Read current value invoke ReadProcessMemory,eax,lpBaseAddress,lpBuffer,4,addr Dummy mov ecx,nToAdd ;ecx = number to add mov ebx,dword ptr [lpBuffer] ;move address lpBuffer points to, to ebx add dword ptr [ebx],ecx ;and add ecx to the value ebx points to ;write new buffer: invoke WriteProcessMemory,hProcess,lpBaseAddress,lpBuffer,4,addr Dummy .IF eax==FALSE invoke MessageBoxA,0,addr Err_patch,addr Caption,MB_ICONWARNING .endif invoke CloseHandle,hProcess ;close handle for process ret Engine_Add endp end main