// 主題醫院修改器Dlg.cpp : implementation file
//

#include "stdafx.h"
#include "主題醫院修改器.h"
#include <windows.h>
#include <tlhelp32.h>
#include "主題醫院修改器Dlg.h"

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

/////////////////////////////////////////////////////////////////////////////
// CMyDlg dialog

CMyDlg::CMyDlg(CWnd* pParent /*=NULL*/)
	: CDialog(CMyDlg::IDD, pParent)
{
	//{{AFX_DATA_INIT(CMyDlg)
	m_cash = 0;
	m_work = 0;
	m_heart = 0;
	m_pic1 = 0;
	m_pic2 = 0;
	m_pic3 = 0;
	//}}AFX_DATA_INIT
	m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}

void CMyDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	//{{AFX_DATA_MAP(CMyDlg)
	DDX_Text(pDX, IDC_EDIT1, m_cash);
	DDX_Text(pDX, IDC_EDIT2, m_work);
	DDV_MinMaxUInt(pDX, m_work, 0, 1000);
	DDX_Text(pDX, IDC_EDIT3, m_heart);
	DDV_MinMaxUInt(pDX, m_heart, 0, 3000);
	DDX_Text(pDX, IDC_PIC1, m_pic1);
	DDV_MinMaxUInt(pDX, m_pic1, 0, 255);
	DDX_Text(pDX, IDC_PIC2, m_pic2);
	DDV_MinMaxUInt(pDX, m_pic2, 0, 255);
	DDX_Text(pDX, IDC_PIC3, m_pic3);
	DDV_MinMaxUInt(pDX, m_pic3, 0, 255);
	//}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CMyDlg, CDialog)
	//{{AFX_MSG_MAP(CMyDlg)
	ON_WM_PAINT()
	ON_WM_QUERYDRAGICON()
	ON_BN_CLICKED(IDC_CHT0, OnCht0)
	ON_BN_CLICKED(IDC_CHT1, OnCht1)
	ON_BN_CLICKED(IDC_CHT2, OnCht2)
	ON_BN_CLICKED(IDC_REC, OnRec)
	ON_WM_DESTROY()
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CMyDlg message handlers

BOOL CMyDlg::OnInitDialog()
{
	CDialog::OnInitDialog();

	SetIcon(m_hIcon, TRUE);			// Set big icon
	SetIcon(m_hIcon, FALSE);		// Set small icon
	
	// TODO: Add extra initialization here
	add[0]=0;
	add1=0;add2=0;add3=0;add4=0;picadd=0;
	s=0;cash[0]=0;skill[0]=0;work[0]=0;heart[0]=0;
	pic1[0]=0;pic2[0]=0;pic3[0]=0;
	m_cash=0;m_work=0;m_heart=0;
	findpro();	
	return TRUE;  // return TRUE  unless you set the focus to a control
}

// If you add a minimize button to your dialog, you will need the code below
//  to draw the icon.  For MFC applications using the document/view model,
//  this is automatically done for you by the framework.

void CMyDlg::OnPaint() 
{readdata();
	if (IsIconic())
	{
		CPaintDC dc(this); // device context for painting

		SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);

		// Center icon in client rectangle
		int cxIcon = GetSystemMetrics(SM_CXICON);
		int cyIcon = GetSystemMetrics(SM_CYICON);
		CRect rect;
		GetClientRect(&rect);
		int x = (rect.Width() - cxIcon + 1) / 2;
		int y = (rect.Height() - cyIcon + 1) / 2;

		// Draw the icon
		dc.DrawIcon(x, y, m_hIcon);
	}
	else
	{
		CDialog::OnPaint();
	}
}

HCURSOR CMyDlg::OnQueryDragIcon()
{
	return (HCURSOR) m_hIcon;
}

void CMyDlg::OnCht0() 
{
	// TODO: Add your control notification handler code here
	s=3;
	writedata();
}

void CMyDlg::OnCht1() 
{
	// TODO: Add your control notification handler code here
	s=1;
	writedata();
}

void CMyDlg::OnCht2() 
{
	// TODO: Add your control notification handler code here
	s=2;
	writedata();
}

void CMyDlg::OnOK() 
{
	// TODO: Add extra validation here
	backdata();
	CDialog::OnOK();
}

void CMyDlg::findpro()
{
	HANDLE handle=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
	PROCESSENTRY32* info=new PROCESSENTRY32;
	info->dwSize=sizeof(PROCESSENTRY32);
	BOOL report;
	DWORD PID;
	char *szName="winmain.exe";
	int i=0;
	UINT OBJ_jmp[2]={0x0D25BBE9,0x00};
	UINT OBJ_cht[4]={0x1F203589,0x4E8B0055,0xE9C18B6C,0xFFF2DA35};
	UINT OBJ_code[1]={0x00};
	char OBJ_path[255];//目標所在目錄
	GetCurrentDirectory(255,OBJ_path);
	strcat(OBJ_path,"\\WINMAIN.EXE");

	report=Process32First(handle,info);
	while (report)
	{
		if (strncmp( strlwr(info->szExeFile),strlwr(szName),strlen(szName))==0)
		{
			PID=info->th32ProcessID;
			hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,PID);
			ReadProcessMemory(hProcess,(int *)0x0047F940,OBJ_code,1,0);
			if (OBJ_code[0]==0x8B)
			{
				WriteProcessMemory(hProcess,(int *)0x0047F940,OBJ_jmp,5,0);
				WriteProcessMemory(hProcess,(int *)0x00551F00,OBJ_cht,16,0);
				break;
			}
			else if (OBJ_code[0]==0xE9) break;
			else
			{
				MessageBox("游戲版本不對,請檢查!","錯誤!",MB_ICONSTOP);
				CloseHandle(hProcess);
				exit(0);
			}
		}
		report=Process32Next(handle,info);
		if (report==0)
		{
			MessageBox("游戲還沒有啟動吧?","錯誤!",MB_ICONSTOP);
			CloseHandle(hProcess);
			exit(0);
		}
	}
}

void CMyDlg::OnRec() 
{
	// TODO: Add your control notification handler code here
	backpro();
	MessageBox("游戲已復原!","游戲程序復原!",MB_ICONINFORMATION);
}

void CMyDlg::readdata()
{
	UpdateData();
	ReadProcessMemory(hProcess,(int *)0x00551F20,add,4,0);
	add1=add[0]+0x6C;
	add2=add1+0x10;
	add3=add2+0x02;
	picadd=add3+0x09;
	add4=add3+0x0E;
	ReadProcessMemory(hProcess,(int *)add1,cash,2,0);
	m_cash=cash[0];
	ReadProcessMemory(hProcess,(int *)add3,work,2,0);
	m_work=work[0];
	ReadProcessMemory(hProcess,(int *)add4,heart,2,0);
	m_heart=heart[0];
	ReadProcessMemory(hProcess,(int *)picadd,pic1,1,0);
	m_pic1=pic1[0];
	ReadProcessMemory(hProcess,(int *)(picadd+1),pic2,1,0);
	m_pic2=pic2[0];
	ReadProcessMemory(hProcess,(int *)(picadd+2),pic3,1,0);
	m_pic3=pic3[0];
	UpdateData(false);
}

void CMyDlg::writedata()
{
	UpdateData();
	UINT val1[1]={0x00};
	if (1==s)
	{
		cash[0]=m_cash;
		skill[0]=500;
		work[0]=m_work;
		heart[0]=m_heart;
		pic1[0]=m_pic1;
		pic2[0]=m_pic2;
		pic3[0]=m_pic3;
		WriteProcessMemory(hProcess,(int *)add1,cash,2,0);
		WriteProcessMemory(hProcess,(int *)(add1+4),val1,2,0);
		WriteProcessMemory(hProcess,(int *)add2,skill,2,0);
		WriteProcessMemory(hProcess,(int *)add3,work,2,0);
		WriteProcessMemory(hProcess,(int *)add4,heart,2,0);
		WriteProcessMemory(hProcess,(int *)picadd,pic1,1,0);
		WriteProcessMemory(hProcess,(int *)(picadd+1),pic2,1,0);
		WriteProcessMemory(hProcess,(int *)(picadd+2),pic3,1,0);
		MessageBox("該名員工的屬性被修改為指定值!","修改成功!",MB_ICONINFORMATION);
	}
	else if (2==s)
	{
		cash[0]=1;
		WriteProcessMemory(hProcess,(int *)add1,cash,2,0);
		WriteProcessMemory(hProcess,(int *)(add1+4),val1,2,0);
		skill[0]=500;
		WriteProcessMemory(hProcess,(int *)add2,skill,2,0);
		work[0]=1000;
		WriteProcessMemory(hProcess,(int *)add3,work,2,0);
		heart[0]=3000;
		WriteProcessMemory(hProcess,(int *)add4,heart,2,0);
		MessageBox("該名員工的屬性被修改為最佳值!","修改成功!",MB_ICONINFORMATION);
	}
	else if (3==s)
	{
		UINT OBJ_cht1[1]={0x78462966};
		UINT OBJ_cht2[1]={0x5146FF66};
		WriteProcessMemory(hProcess,(int *)0x004643F9,OBJ_cht1,4,0);
		WriteProcessMemory(hProcess,(int *)0x0046447D,OBJ_cht2,4,0);
		MessageBox("疲勞,士氣將不會減少,要復原請點擊'游戲復原'鍵!","修改成功!",MB_ICONINFORMATION);
	}
	UpdateData(false);
}

void CMyDlg::backdata()
{
	UINT OBJ_ocode1[2]={0x8B6C4E8B,0xC1};
	UINT OBJ_ocode2[4]={0x00000000,0x00000000,0x00000000,0x00000000};
	UINT OBJ_ocode3[1]={0x00000000};
	WriteProcessMemory(hProcess,(int *)0x0047F940,OBJ_ocode1,5,0);
	WriteProcessMemory(hProcess,(int *)0x00551F00,OBJ_ocode2,16,0);
	WriteProcessMemory(hProcess,(int *)0x00551F20,OBJ_ocode3,4,0);
	CloseHandle(hProcess);
}

void CMyDlg::backpro()
{
	UINT OBJ_ocode4[1]={0x78460166};
	UINT OBJ_ocode5[1]={0x514EFF66};
	WriteProcessMemory(hProcess,(int *)0x004643F9,OBJ_ocode4,4,0);
	WriteProcessMemory(hProcess,(int *)0x0046447D,OBJ_ocode5,4,0);
}

void CMyDlg::OnDestroy() 
{
	CDialog::OnDestroy();
	
	// TODO: Add your message handler code here
	backdata();
}