#include <windows.h>
#include <fstream>
#include <cstdarg>
#include <string>

// Comment the line below to not use voice
#define USE_VOICE
// I hate doing this but it makes it clear what needs to be updated
#define KILL_HACK_ADDRESS 0x004C6CB0
#define MAIN_BASE_ADDRESS 0x00B72AEC

// If USE_VOICE is defined we will speak player names
#ifdef USE_VOICE
#include <sapi.h>
#endif

void __cdecl Log(const char *format, ...);

void Speak(std::wstring text)
{
// This function does nothing if USE_VOICE is not defined
#ifdef USE_VOICE
static ISpVoice *voice = NULL;
// Only initialize our voice object if it has not been initialized
// Static is okay here since we are not multi threading
if (!voice)
{
// Initialize COM
HRESULT hr = CoInitialize(NULL);
if (FAILED(hr))
{
Log("CoInitialize failed! Speech is unavailable! (0x%08X)", hr);
return;
}
// Create an instance of our voice object
hr = CoCreateInstance(CLSID_SpVoice, NULL, CLSCTX_ALL, IID_ISpVoice, (void**)&voice);
if (FAILED(hr))
{
Log("CoCreateInstance failed! Speech is unavailable! (0x%08X)", hr);
return;
}
// Set the voice of the volume
voice->SetVolume(100);
}
// Speak our text asnychronously, interrupting anything currently being spoken
voice->Speak(text.c_str(), SPF_ASYNC | SPF_PURGEBEFORESPEAK, NULL);
#endif
}

// killer = the user index of the killer
// victim = the user index of the victim
// gun = the id of the gun that the killer will use to kill victim
// not_headshot = false if it is a headshot, true if it is not a headshot
void KillPlayer(int killer, int victim, int gun, int not_headshot)
{
// Set up a function pointer to the kill player function
typedef void (__stdcall *lpKillPlayer)(int killer, int victim, int gun, int not_headshot);
lpKillPlayer kill_player = (lpKillPlayer)KILL_HACK_ADDRESS;
// Call the function pointer (make killer kill victim with gun and headshot)
// Just in case anything goes wrong we wrap it in try except
__try
{
kill_player(killer, victim, gun, not_headshot);
}
__except(EXCEPTION_EXECUTE_HANDLER)
{

}
}

// Reverse engineered structures
// Stripped Smile

struct PlayerInfo //size 0x94
{
char Name[12]; //0x0
unsigned char Unknown[0x88]; //0xC
};


struct Pointer_11
{
unsigned char Unknown[0x129C]; //0x0
PlayerInfo Players[16]; // 0x129C
};

struct Pointer_10
{
unsigned char Unknown[0x14]; //0x0
Pointer_11 *P11; //0x14
};

struct Pointer_9
{
unsigned char Unknown[0x24]; //0x0
Pointer_10 *P10; //0x24
};

bool GetPlayerName(int index, std::wstring &out)
{
// Point our Pointer_9 structure to the address defined at the top
// of the source file
Pointer_9 **main_base = (Pointer_9**)MAIN_BASE_ADDRESS;
__try
{
// Check to make sure all pointers are valid
// Wrapped in try except to do our best to prevent crashes
if (main_base)
if (*main_base)
if ((*main_base)->P10)
if ((*main_base)->P10->P11)
{
// Temporaries
const char *ascii_player_name = &(*main_base)->P10->P11->Players[index].Name[0];
int player_name_length = strlen(ascii_player_name);
// Resize player name to length wchar_ts
out.resize(player_name_length);
// Hackish way to convert ascii to unicode, dont do it
for (int i = 0; i < player_name_length; ++i)
{
char *temp = (char*)&out[i];
temp[0] = ascii_player_name[i];
temp[1] = 0;
}
return true;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return false;
}
return false;
}

void SpeakIndex(int index)
{
std::wstring player_name;
// Try to get the player name
if (!GetPlayerName(index, player_name))
return;
// Speak name
Speak(player_name);
}

// For lack of a better function name
int ModifyIndex(int &index, bool increase)
{
if (increase)
{
// No wrap around, indexes cannot go past 15
if (index == 15)
return 15;
return ++index;
}
else
{
// No wrap around, indexes cannot go below 0
if (index == 0)
return 0;
return --index;
}
}

DWORD WINAPI KillHackThread(void*)
{
// Infinite loop, check hotkeys
int killer = 0;
int victim = 0;
while (true)
{
// Make the killer kill the victim using a glock headshot
if (GetAsyncKeyState(VK_F2)&1)
{
KillPlayer(killer, victim, 1, 0);
}
// If numpad 4 is hit, decrease the victim user index and speak it
if (GetAsyncKeyState(VK_NUMPAD4)&1)
{
SpeakIndex(ModifyIndex(victim, false));
}
// If numpad 6 is hit, increase the victim user index and speak it
if (GetAsyncKeyState(VK_NUMPAD6)&1)
{
SpeakIndex(ModifyIndex(victim, true));
}
// If numpad 2 is hit, decrease the killer user index and speak it
if (GetAsyncKeyState(VK_NUMPAD2)&1)
{
SpeakIndex(ModifyIndex(killer, false));
}
// If numpad 8 is hit, increase the killer user index and speak it
if (GetAsyncKeyState(VK_NUMPAD8)&1)
{
SpeakIndex(ModifyIndex(killer, true));
}
// If numpad 1 is hit, suicide the room
if (GetAsyncKeyState(VK_NUMPAD1)&1)
{
for (int i = 0; i < 16; ++i)
{
KillPlayer(i, i, 1, 0);
}
}
// Arbitrary sleep time, prevents disconnection due to too many packets
Sleep(50);
}

}

// Formatted logging function, supports variable number of args
// logs to Log.txt
void __cdecl Log(const char *format, ...)
{
char buffer[257];
std::ofstream file("Log.txt", std::ios::app);
if (file.is_open())
{
va_list list;
va_start(list, format);
vsnprintf_s(buffer, sizeof(buffer), sizeof(buffer) - 1, format, list);
file << buffer << "\n";
file.close();
va_end(list);
}
}

BOOL APIENTRY DllMain(HMODULE module, DWORD reason, LPVOID reserved)
{
if (reason == DLL_PROCESS_ATTACH)
{
// Create the kill hack thread only if the dll is being loaded
HANDLE thread_handle = CreateThread(NULL, NULL, KillHackThread, NULL, NULL, NULL);
if (thread_handle == NULL)
{
Log("Failed to create kill hack thread");
}
else
{
CloseHandle(thread_handle);
Log("Successfully created kill hack thread");
}
}
return TRUE;
}