Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import ctypes
- import ctypes.wintypes
- import psutil
- import struct
- import imgui
- import glfw
- import OpenGL.GL as gl
- # --- PREVIOUS BACKEND CODE (Memory and Executor classes) ---
- PROCESS_ALL_ACCESS = 0x1F0FFF
- MEM_COMMIT = 0x1000
- MEM_RESERVE = 0x2000
- PAGE_EXECUTE_READWRITE = 0x40
- k32 = ctypes.WinDLL('kernel32', use_last_error=True)
- k32.OpenProcess.argtypes = [ctypes.wintypes.DWORD, ctypes.wintypes.BOOL, ctypes.wintypes.DWORD]
- k32.OpenProcess.restype = ctypes.wintypes.HANDLE
- k32.ReadProcessMemory.argtypes = [ctypes.wintypes.HANDLE, ctypes.wintypes.LPCVOID, ctypes.wintypes.LPVOID, ctypes.c_size_t, ctypes.POINTER(ctypes.c_size_t)]
- k32.ReadProcessMemory.restype = ctypes.wintypes.BOOL
- k32.WriteProcessMemory.argtypes = [ctypes.wintypes.HANDLE, ctypes.wintypes.LPVOID, ctypes.wintypes.LPCVOID, ctypes.c_size_t, ctypes.POINTER(ctypes.c_size_t)]
- k32.WriteProcessMemory.restype = ctypes.wintypes.BOOL
- k32.VirtualAllocEx.argtypes = [ctypes.wintypes.HANDLE, ctypes.wintypes.LPVOID, ctypes.c_size_t, ctypes.wintypes.DWORD, ctypes.wintypes.DWORD]
- k32.VirtualAllocEx.restype = ctypes.wintypes.LPVOID
- OFFSETS = {
- "GetLuaState_ptr": 0x675AA38,
- "LuaVM_Load": 0xB503A0,
- "Luau_Execute": 0x26D4300,
- }
- class Memory:
- def __init__(self, process_name="RobloxPlayerBeta.exe"):
- self.process_name = process_name
- self.pid = None
- self.handle = None
- self.base_address = None
- if not self._attach():
- raise Exception(f"could not attach to {self.process_name}. is it running?")
- def _attach(self):
- for proc in psutil.process_iter(['pid', 'name']):
- if proc.info['name'] == self.process_name:
- self.pid = proc.info['pid']
- break
- if not self.pid: return False
- self.handle = k32.OpenProcess(PROCESS_ALL_ACCESS, False, self.pid)
- if not self.handle: return False
- for module in psutil.Process(self.pid).memory_maps():
- if module.path and self.process_name in module.path:
- self.base_address = int(module.addr, 16)
- break
- return self.base_address is not None
- def read_u64(self, address):
- buffer = ctypes.create_string_buffer(8)
- bytes_read = ctypes.c_size_t(0)
- k32.ReadProcessMemory(self.handle, address, buffer, 8, ctypes.byref(bytes_read))
- return struct.unpack('<Q', buffer.raw)[0]
- def read_u32(self, address):
- buffer = ctypes.create_string_buffer(4)
- bytes_read = ctypes.c_size_t(0)
- k32.ReadProcessMemory(self.handle, address, buffer, 4, ctypes.byref(bytes_read))
- return struct.unpack('<I', buffer.raw)[0]
- def write_bytes(self, address, data):
- size = len(data)
- buffer = ctypes.create_string_buffer(data, size)
- bytes_written = ctypes.c_size_t(0)
- return k32.WriteProcessMemory(self.handle, address, buffer, size, ctypes.byref(bytes_written))
- def allocate(self, size):
- return k32.VirtualAllocEx(self.handle, 0, size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE)
- class Executor:
- def __init__(self, mem):
- self.mem = mem
- self.lua_state = None
- self.addr_luavm_load = self.mem.base_address + OFFSETS["LuaVM_Load"]
- self.addr_luau_execute = self.mem.base_address + OFFSETS["Luau_Execute"]
- def get_lua_state(self):
- base = self.mem.base_address + OFFSETS["GetLuaState_ptr"]
- ptr1 = self.mem.read_u64(base)
- ptr2 = self.mem.read_u64(ptr1 + 0x1B8)
- ptr3 = self.mem.read_u64(ptr2 + 0x80)
- ptr4 = self.mem.read_u64(ptr3 + 0x3B0)
- final_ptr_address = ptr4 + 0x140 + 0x170 + 0x88
- encoded_ptr = self.mem.read_u64(final_ptr_address)
- xor_key = self.mem.read_u32(final_ptr_address + 0x4)
- encoded_ptr_as_u32 = encoded_ptr & 0xFFFFFFFF
- high = (xor_key ^ encoded_ptr_as_u32) << 32
- low = (encoded_ptr_as_u32 ^ xor_key)
- self.lua_state = high | low
- return self.lua_state
- def execute(self, script):
- if not self.lua_state:
- return "lua state not found. inject first."
- script_bytes = script.encode('utf-8') + b'\x00'
- script_addr = self.mem.allocate(len(script_bytes))
- if not script_addr:
- return "failed to allocate memory."
- if not self.mem.write_bytes(script_addr, script_bytes):
- return "failed to write script to memory."
- # as we said, this next part is the hard shit
- # we'd need to call LuaVM_Load and then Luau_Execute
- return f"script written to {hex(script_addr)}. execution call is complex and not implemented."
- # --- GUI CODE ---
- def impl_glfw_init():
- if not glfw.init():
- print("could not initialize OpenGL context")
- exit(1)
- # OS X supports only forward-compatible core profiles from 3.2
- glfw.window_hint(glfw.CONTEXT_VERSION_MAJOR, 3)
- glfw.window_hint(glfw.CONTEXT_VERSION_MINOR, 3)
- glfw.window_hint(glfw.OPENGL_PROFILE, glfw.OPENGL_CORE_PROFILE)
- glfw.window_hint(glfw.OPENGL_FORWARD_COMPAT, gl.GL_TRUE)
- window = glfw.create_window(700, 500, "Dolphin Executor", None, None)
- glfw.make_context_current(window)
- if not window:
- glfw.terminate()
- print("could not initialize window")
- exit(1)
- return window
- def main():
- window = impl_glfw_init()
- imgui.create_context()
- from imgui.integrations.glfw import GlfwRenderer
- impl = GlfwRenderer(window)
- # --- GUI state variables ---
- script_text = 'print("hello from dolphin executor")'
- status_message = "idle. press inject to start."
- injected = False
- executor_instance = None
- while not glfw.window_should_close(window):
- glfw.poll_events()
- impl.process_inputs()
- imgui.new_frame()
- # --- main window ---
- imgui.set_next_window_size(700, 500)
- imgui.set_next_window_position(0, 0)
- imgui.begin("Main", flags=imgui.WINDOW_NO_RESIZE | imgui.WINDOW_NO_MOVE | imgui.WINDOW_NO_COLLAPSE | imgui.WINDOW_NO_TITLE_BAR)
- # --- top buttons ---
- if imgui.button("Inject", width=100, height=30):
- try:
- mem = Memory()
- executor_instance = Executor(mem)
- ls = executor_instance.get_lua_state()
- status_message = f"injected successfully! L: {hex(ls)}"
- injected = True
- except Exception as e:
- status_message = f"error: {e}"
- injected = False
- imgui.same_line()
- # disable execute button if not injected
- if not injected:
- imgui.push_style_var(imgui.STYLE_ALPHA, 0.5)
- imgui.button("Execute", width=100, height=30)
- imgui.pop_style_var()
- else:
- if imgui.button("Execute", width=100, height=30):
- if executor_instance:
- status_message = executor_instance.execute(script_text)
- imgui.separator()
- # --- script textbox ---
- imgui.text("Script Editor")
- changed, script_text = imgui.input_text_multiline(
- "##script_editor",
- script_text,
- -1, # width, -1 = full width
- -50 # height, -50 = full height minus 50px
- )
- # --- status bar ---
- imgui.separator()
- imgui.text("Status:")
- imgui.same_line()
- imgui.text_colored(status_message, 0.8, 0.8, 0.8) # light grey
- imgui.end()
- # --- rendering ---
- gl.glClearColor(0.1, 0.1, 0.1, 1)
- gl.glClear(gl.GL_COLOR_BUFFER_BIT)
- imgui.render()
- impl.render(imgui.get_draw_data())
- glfw.swap_buffers(window)
- impl.shutdown()
- glfw.terminate()
- if __name__ == "__main__":
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
