Code:#include <windows.h> #include <stdio.h> #include <Tlhelp32.h> struct OffsetInfo { char* lpszName; //Name of the patch DWORD dwOffset; //Offset of the patch (Can be 0 -> need UpdateData then) BYTE* lpbyData; //Data of the patch DWORD dwLen; //lengh of the patch data BYTE* lpbyUpdateData; //Bytes to search to get the offset char* lpszMask; //Update mask (x valid byte, ? skip byte) } g_sPatchList[]={ {"LoLHack", 0, (BYTE*)"\xEB", 1, (BYTE*)"\x76\xF3\x0F\x11\x05\x5F\x5E\xB0\x01\x5b\x59\xc2\x04\x00", "x?xxxx????xxxxxxxxx"}, }; LPMODULEENTRY32 GetModuleInfo(DWORD dwPid) { //We will get the module info of the main module //Since we do need the base address (which is basically 0x0040000) and the size static MODULEENTRY32 s_sModule; HANDLE hSnapshot; hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,dwPid); if( hSnapshot == INVALID_HANDLE_VALUE ) { printf("CreateToolhelp32Snapshot failed: %i\n",GetLastError()); return NULL; } s_sModule.dwSize = sizeof(MODULEENTRY32); if( Module32First(hSnapshot,&s_sModule) == FALSE ) { CloseHandle(hSnapshot); printf("Module32First failed: %i\n",GetLastError()); return NULL; } do { if( strcmp("League of Legends.exe",s_sModule.szModule) == 0 ) { CloseHandle(hSnapshot); return &s_sModule; } }while(Module32Next(hSnapshot,&s_sModule)); printf("League of legends not detected\n"); CloseHandle(hSnapshot); return NULL; } void SetDebugPrivilege() { HANDLE Htoken; TOKEN_PRIVILEGES tokprivls; if(OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &Htoken)) { tokprivls.PrivilegeCount = 1; LookupPrivilegeValue(NULL, "SeDebugPrivilege", &tokprivls.Privileges[0].Luid); tokprivls.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges( Htoken, FALSE, &tokprivls, sizeof(tokprivls), NULL, NULL); CloseHandle(Htoken); } } void FindOffset(HANDLE hProcess, LPMODULEENTRY32 lpsModule, int iNumber) { //Gets offsets from patch bool bFound; DWORD dwLen,dwRead, dwAdjust, dwParser; BYTE* lpbyBuffer = new BYTE[lpsModule->modBaseSize]; dwLen = strlen(g_sPatchList[iNumber].lpszMask); //Read the whole main module memory to a local buffer ReadProcessMemory(hProcess,(void*)lpsModule->modBaseAddr,(void*)lpbyBuffer,lpsModule->modBaseSize,&dwRead); //We'll now parse the local buffer for our searched offset for( DWORD i = 0; i < dwRead; ++i ) { if( g_sPatchList[iNumber].lpbyUpdateData[0] == lpbyBuffer[i] ) { bFound = true; dwAdjust = 0; dwParser = 1; for( DWORD a = 1; a < dwLen; ++a ) { //Skip INT3 between functions while( lpbyBuffer[i+a+dwAdjust] == 0xCC ) ++dwAdjust; //If the current char of the mask is "x" and the byte of the game memory is different from our searched byte, //then continue with the next offset if( g_sPatchList[iNumber].lpszMask[a] == 'x' && g_sPatchList[iNumber].lpbyUpdateData[dwParser++] != lpbyBuffer[i+a+dwAdjust] ) { bFound = false; break; } } //If all bytes, following the offset, fit with the searched ones and the mask, //then add the base address to the current position and safe it in the offset structure if( bFound == true ) { g_sPatchList[iNumber].dwOffset = (DWORD)lpsModule->modBaseAddr + i; delete[]lpbyBuffer; return; } } } delete[]lpbyBuffer; } int main() { HWND hWindow = 0,hWindowOld = 0; DWORD dwWritten, dwPid; HANDLE hProcess; LPMODULEENTRY32 lpsModule; SetConsoleTitle("LoLHack"); SetDebugPrivilege(); while(1) { printf("Looking for LoL\n"); //Try to find the League of Legends Client window //Since the client is only loaded ingame, not while being in the lobby or queue //We have to check if the "old" window handle is different from the new one (if a new one exists) while( (hWindow = FindWindow(NULL, "League of Legends (TM) Client")) == 0 || hWindow == hWindowOld ) Sleep(1000); hWindowOld = hWindow; GetWindowThreadProcessId(hWindow, &dwPid); hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid); if( hProcess == NULL ) { printf("Unable to find LoL\n\n"); continue; } printf("LoL Detected\n"); lpsModule = GetModuleInfo(dwPid); //Parse the whole PatchList and apply offsets (if possible) for( int i = 0; i < sizeof(g_sPatchList)/sizeof(OffsetInfo); ++i ) { //If no offset was specified, then we have to search for it! if( g_sPatchList[i].dwOffset == 0) { if( lpsModule ) FindOffset(hProcess, lpsModule, i); } //If there's still no offset available.. skip it! if( g_sPatchList[i].dwOffset ) { WriteProcessMemory(hProcess,(void*)g_sPatchList[i].dwOffset,(void*)g_sPatchList[i].lpbyData,g_sPatchList[i].dwLen,&dwWritten); printf("Patched: %s\n",g_sPatchList[i].lpszName); }else printf("NOT Patched: %s\n",g_sPatchList[i].lpszName); } CloseHandle(hProcess); printf("\n"); } return 0; }Enjoy!Code:#include <fstream> #include <iostream> #include <conio.h> using namespace std; char * buffer; int counter = 0; int main() { cout << "Opening file\n"; fstream lolFile; lolFile.open("League of Legends.exe",ios::binary|ios::in|ios::ate|ios::out); ifstream::pos_type size; size = lolFile.tellg(); buffer = new char [size]; lolFile.seekg(0,ios::beg); lolFile.read(buffer,size); for(int i =0;i < size;i++) { int temp[4] = {(int)buffer[i],(int)buffer[i+1],(int)buffer[i+2],(int)buffer[i+3]}; if(temp[0] == 0x00 && temp[1] == 0xffffffa0 && temp[2] == 0x0c && temp[3] == 0x45) { char bufferz[8] = {0x00,0x40,0x9C,0x45}; lolFile.seekp(i); lolFile.write(bufferz,sizeof(bufferz)); cout << "Wrote to file\n"; counter++; } } lolFile.close(); delete buffer; cout << "Writing to file\n"; cout << "Done patched " << counter << " 2 addresses, press any key to exit."; _getch(); }