public string ReadUTF8String(uint Address, int Length) { byte[] buffer = Memory.ReadBytes(Address, Length); string ret = Encoding.UTF8.GetString(buffer); if (ret.IndexOf('\0') != -1) { ret = ret.Remove(ret.IndexOf('\0')); } return(ret); }
private void InstallHook() { #region Inject New Method ManagedFasm fasm = new ManagedFasm(d3.ProcessHandle); fasm.SetMemorySize(0x4096); // Allocate 16KB of memory string[] endSceneHookASM = new string[] { // Original EndScene instructions "mov edi, edi", "push ebp", "mov ebp, esp", // Save the state of the FPU and general purpose registers "pushfd", "pushad", "call " + InstallUsePower(), "call " + InstallPressButton(), // Restore FPU and general purpose registers "@out:", "popad", "popfd", // Return to right after where we detoured "jmp " + (oEndScene + 5), }; foreach (string line in RandomizeAsm(endSceneHookASM)) { fasm.AddLine(line); } byte[] compiled = fasm.Assemble(); uint hookCode = AllocateMemory("EndSceneHook", compiled.Length); fasm.Inject(hookCode); fasm.Clear(); #endregion Inject New Method #region Detour EndScene origEndSceneBytes = d3.ReadBytes(oEndScene, 5); fasm.AddLine("jmp 0x{0:X08}", hookCode); fasm.Inject(oEndScene); fasm.Clear(); #endregion Detour EndScene }
private void bCreatePattern_Click(object sender, EventArgs e) { if (cbProcess1.Text.Replace(" ", "") != "" && cbProcess2.Text.Replace(" ", "") != "" && tbOffset1.Text.Replace(" ", "").Replace("0x", "") != "" && tbOffset2.Text.Replace(" ", "").Replace("0x", "") != "") { string[] process1Array = cbProcess1.Text.Replace(" ", "").Split(Convert.ToChar("-")); string[] process2Array = cbProcess2.Text.Replace(" ", "").Split(Convert.ToChar("-")); if (process1Array != null && process2Array != null) { if (process1Array.Length > 0 && process2Array.Length > 0) { try { // Process choose to ID int process1Id = Convert.ToInt32(process1Array[0]); int process2Id = Convert.ToInt32(process2Array[0]); // Open Process BlackMagic process1BM = new BlackMagic(); BlackMagic process2BM = new BlackMagic(); if (!process1BM.OpenProcessAndThread(process1Id)) { MessageBox.Show("Open Process 1 failled."); return; } if (!process2BM.OpenProcessAndThread(process2Id)) { MessageBox.Show("Open Process 2 failled."); return; } // Get Module uint moduleBase1BM = 0; uint moduleBase2BM = 0; string moduleShow = ""; if (baseModuleNameTB.Text != "") { moduleBase1BM = (uint)process1BM.GetModule(baseModuleNameTB.Text).BaseAddress; moduleBase2BM = (uint)process2BM.GetModule(baseModuleNameTB.Text).BaseAddress; moduleShow = baseModuleNameTB.Text + " + "; if (moduleBase1BM <= 0 || moduleBase2BM <= 0) { MessageBox.Show("Module not found."); return; } } // Offset choose to uint uint offset1 = uint.Parse(tbOffset1.Text.Replace(" ", "").Replace("0x", ""), System.Globalization.NumberStyles.HexNumber) + moduleBase1BM; uint offset2 = uint.Parse(tbOffset2.Text.Replace(" ", "").Replace("0x", ""), System.Globalization.NumberStyles.HexNumber) + moduleBase2BM; // Offset to 4 Byte string tPattern1 = offset1.ToString("X"); while (tPattern1.Length < 8) { tPattern1 = "0" + tPattern1; } string tPattern2 = offset2.ToString("X"); while (tPattern2.Length < 8) { tPattern2 = "0" + tPattern2; } // Offset 4 byte inverse string t2Pattern1 = tPattern1.Substring(6, 2); t2Pattern1 += " " + tPattern1.Substring(4, 2); t2Pattern1 += " " + tPattern1.Substring(2, 2); t2Pattern1 += " " + tPattern1.Substring(0, 2); string t2Pattern2 = tPattern2.Substring(6, 2); t2Pattern2 += " " + tPattern2.Substring(4, 2); t2Pattern2 += " " + tPattern2.Substring(2, 2); t2Pattern2 += " " + tPattern2.Substring(0, 2); // Find offset used at string tMask = "xxxx"; uint dwCodeLoc1 = process1BM.FindPattern(t2Pattern1, tMask); uint dwCodeLoc2 = process2BM.FindPattern(t2Pattern2, tMask); if (dwCodeLoc1 <= 0 || dwCodeLoc2 <= 0) { MessageBox.Show("Offset not found."); return; } // Read Pattern byte[] bytesPorcess1 = process1BM.ReadBytes(dwCodeLoc1, 16); byte[] bytesPorcess2 = process2BM.ReadBytes(dwCodeLoc2, 16); // Make mask string mask = ""; for (int i = 0; i <= bytesPorcess1.Length - 1; i++) { if (bytesPorcess1[i] == bytesPorcess2[i] && i > 3) { mask += "x"; } else { bytesPorcess1[i] = 0; bytesPorcess2[i] = 0; mask += "?"; } } // Pattern to String string pattern = BitConverter.ToString(bytesPorcess1); pattern = pattern.Replace("-", " "); // Show Result tbPattern.Text = ""; tbPattern.Text += "Offset 1 used at: " + moduleShow + "0x" + (dwCodeLoc1 - moduleBase1BM).ToString("x") + Environment.NewLine; tbPattern.Text += "Offset 2 used at: " + moduleShow + "0x" + (dwCodeLoc2 - moduleBase2BM).ToString("x") + Environment.NewLine + Environment.NewLine; tbPattern.Text += "<Pattern>" + Environment.NewLine; tbPattern.Text += " <offsetName>" + tbOffsetName.Text + "</offsetName>" + Environment.NewLine; tbPattern.Text += " <pattern>" + pattern + "</pattern>" + Environment.NewLine; tbPattern.Text += " <mask>" + mask + "</mask>" + Environment.NewLine; tbPattern.Text += " <offsetLocation>0</offsetLocation>" + Environment.NewLine; tbPattern.Text += " <type>" + cbValueType.Text + "</type>" + Environment.NewLine; tbPattern.Text += "</Pattern>"; process1BM.Close(); process2BM.Close(); } catch { MessageBox.Show("Error, please verif all info."); } } else { MessageBox.Show("Please select Process."); } } else { MessageBox.Show("Please select Process."); } } else { MessageBox.Show("Please enter all information."); } }
public void Read() { try { try { playerbase = wow.ReadUInt(wow.ReadUInt(wow.ReadUInt((uint)Globals.s_PlayerBase) + 0x34) + 0x24); if (playerbase != 0) { Online = true; } else { Online = false; } } //this is the player base catch (Exception) { Online = false; } BgStatus = wow.ReadUInt((uint)Globals.BGStatus); IsIndoors = wow.ReadUInt((uint)Globals.IsIndoors); LastError = ReadRealName(wow.ReadBytes((uint)Globals.LastError, 120)); BattlefieldInstanceExpiration = 0; //wow.ReadUInt(0xC55A24) & 1; Combopoints = Convert.ToInt16(wow.ReadByte((uint)Globals.s_ComboPoint)); CharCount = Convert.ToInt16(wow.ReadByte((uint)Globals.CharCount)); CharNo = Convert.ToInt16(wow.ReadByte((uint)Globals.CharNo)); String WOWBuild = ReadRealName(wow.ReadBytes(0x00A30BE6, 10)); byte[] TT = wow.ReadBytes(0x00A30BE6, 10); LoginState = wow.ReadASCIIString(0xB6A9E0, 40); RealmName = ReadRealName(wow.ReadBytes((uint)Globals.s_RealmName, 120)); LoadingState = (int)wow.ReadUInt((uint)Globals.s_IsLoadingOrConnecting); WowControl.CheckLastError(LastError); ObjectInfo Target = new ObjectInfo(); byte[] UnitFields = wow.ReadBytes(wow.ReadUInt(playerbase + 0x8) + (0x17 * 4), 4); PlayerForm = Convert.ToInt32(UnitFields[3]); Objects.Clear(); IsMounted = wow.ReadUInt(playerbase + 0x9C0);// &1; Temp = new ObjectInfo(); Temp.Auras = getAuras(playerbase); WowControl.PlayerBuffs.Clear(); for (int i = 0; i < Temp.Auras.Count; i++) { WowControl.PlayerBuffs.Add(Temp.Auras[i].auraId); } Temp.Name = ReadRealName(wow.ReadBytes((uint)Globals.s_PlayerName, 120)); Temp.Level = wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + (0x36 * 4)); // Reads players level Temp.Health = wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + (0x18 * 4)); // Reads players health PowerList.Clear(); Temp.Power = GetUnitPower(playerbase); Temp.MaxHealth = wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + (0x20 * 4)); // Reads players maxhealth if ((Location != null) & (Location != "")) { if (Location != ReadRealName(wow.ReadBytes(wow.ReadUInt((uint)Globals.LocationName), 60))) { WowControl.LocationChangeTime = DateTime.Now; Location = ReadRealName(wow.ReadBytes(wow.ReadUInt((uint)Globals.LocationName), 60)); WowControl.BadObjects.Clear(); if (BgStatus == 3) { WowControl.WaitTime = DateTime.Now.AddSeconds(20); } else { WowControl.WaitTime = DateTime.Now.AddSeconds(1); } return; } } else { Location = ReadRealName(wow.ReadBytes(wow.ReadUInt((uint)Globals.LocationName), 60)); } Temp.X = wow.ReadFloat(playerbase + 0x798); // Read players xlocation Temp.Y = wow.ReadFloat(playerbase + 0x79C); // Read players ylocation Temp.Z = wow.ReadFloat(playerbase + 0x7A0); // Read players zlocation double Time = (DateTime.Now - LastRead).TotalMilliseconds; Speed = WowControl.CheckPoint(Temp.X, Temp.Y, Temp.Z, X, Y, Z) / Time; X = Temp.X; Y = Temp.Y; Z = Temp.Z; Temp.R = wow.ReadFloat(playerbase + 0x7A8); // Read players rotation Temp.IsInCombat = (wow.ReadUInt(wow.ReadUInt(playerbase + 208) + 212) >> 19) & 1; Temp.Faction = GetFaction(wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + (0x37 * 4))); //Faction Temp.Type = 4; Temp.GUID = wow.ReadUInt64(playerbase + 0x30); Objects.Add(Temp); LastRead = DateTime.Now; uint s_curMgr = wow.ReadUInt(wow.ReadUInt((uint)ObjectManager.CurMgrPointer) + (uint)ObjectManager.CurMgrOffset); uint curObj = wow.ReadUInt(s_curMgr + 0xAC); uint nextObj = curObj; UInt64 playerGUID = wow.ReadUInt64((uint)Globals.PlayerGUID); UInt64 targetGUID = wow.ReadUInt64((uint)Globals.TargetGUID); UInt64 localGUID = wow.ReadUInt64(s_curMgr + 0xC0); while (curObj != 0 && (curObj & 1) == 0) { UInt64 type = wow.ReadUInt(curObj + 0x14); UInt64 cGUID = wow.ReadUInt64(curObj + 0x30); Temp.Type = Convert.ToUInt32(type); if (Temp.Type == 7) { Temp.Type = 7; } Temp.GUID = cGUID; switch (type) { case 3: Temp.IsInCombat = (wow.ReadUInt(wow.ReadUInt(curObj + 208) + 212) >> 19) & 1; Temp.IsPlayer = false; Temp.IsTarget = false; Temp.Name = "Unit"; if (cGUID == targetGUID) { Temp.IsTarget = true; } Temp.X = wow.ReadFloat(curObj + 0x7D4); Temp.Y = wow.ReadFloat(curObj + 0x7D8); Temp.Z = wow.ReadFloat(curObj + 0x7DC); Temp.R = wow.ReadFloat(curObj + 0x7A8); Temp.Health = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x18 * 4)); // Reads health Temp.MaxHealth = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x20 * 4)); // Reads maxhealth Temp.Level = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x36 * 4)); // Reads level Temp.Name = ReadRealName(wow.ReadBytes(wow.ReadUInt(wow.ReadUInt(curObj + 0x964) + 0x5c), 60)); Temp.Faction = "Mob"; Temp.IsLootable = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x4F * 4)); Temp.Auras = getAuras(curObj); Temp.Power = GetUnitPower(curObj); if (cGUID == targetGUID) { Temp.IsTarget = true; Target = Temp; Target.Auras = getAuras(curObj); } Objects.Add(Temp); break; case 4: Temp.IsInCombat = (wow.ReadUInt(wow.ReadUInt(curObj + 208) + 212) >> 19) & 1; Temp.IsTarget = false; Temp.IsPlayer = false; Temp.Name = GetPlayerNameByGuid(cGUID); Temp.X = wow.ReadFloat(curObj + 0x7D4); Temp.Y = wow.ReadFloat(curObj + 0x7D8); Temp.Z = wow.ReadFloat(curObj + 0x7DC); Temp.R = wow.ReadFloat(curObj + 0x7A8); Temp.Health = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x18 * 4)); // Reads health Temp.MaxHealth = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x20 * 4)); // Reads maxhealth Temp.Level = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x36 * 4)); // Reads level Temp.Faction = GetFaction(wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x37 * 4))); //Faction Temp.Auras = getAuras(curObj); Temp.Power = GetUnitPower(curObj); if (cGUID == targetGUID) { Temp.IsTarget = true; Target = Temp; Target.Auras = getAuras(curObj); } else if (cGUID == playerGUID) { break; } if (Objects[0].GUID != Temp.GUID) { Objects.Add(Temp); } break; case 5: Temp.Faction = "Object"; Temp.IsInCombat = 0; Temp.Name = ""; Temp.IsPlayer = false; Temp.IsTarget = false; if (cGUID == targetGUID) { Temp.IsTarget = true; } Temp.Level = 0; Temp.Health = 0; Temp.MaxHealth = 0; Temp.X = wow.ReadFloat(curObj + 0xE8); Temp.Y = wow.ReadFloat(curObj + 0xEC); Temp.Z = wow.ReadFloat(curObj + 0xF0); Temp.R = wow.ReadFloat(curObj + 0x7A8); Temp.Name = ReadRealName(wow.ReadBytes(wow.ReadUInt(wow.ReadUInt(curObj + 0x1A4) + 0x90), 60)); Temp.Power = GetUnitPower(curObj); Objects.Add(Temp); break; } nextObj = wow.ReadUInt(curObj + 0x3C); if (nextObj == curObj) { break; } else { curObj = nextObj; } } Objects.Add(Target); WowControl.TargetBuffs.Clear(); if (Target.Auras != null) { for (int i = 0; i < Target.Auras.Count; i++) { WowControl.TargetBuffs.Add(Target.Auras[i].auraId); } } if (LastError == "Нет места.") { WowControl.FullBag = true; } } catch (Exception) { //WowControl.UpdateStatus("Error. " + E.Message); InitMemory(); } }
public void HookEndScene() { ThreadManager.suspendMainThread(this.getProcessId()); uint pDevice = Memory.ReadUInt(0x00BB672C); uint pEnd = Memory.ReadUInt(pDevice + 0x397C); uint pScene = Memory.ReadUInt(pEnd); uint pEndScene = Memory.ReadUInt(pScene + 0xA8); SendConsole("EndScene Offset : " + pEndScene.ToString("X"), ConsoleLvl.Debug); if (Memory.ReadByte(pEndScene) != 0xe9) // check if not already hooked { codeCave = Memory.AllocateMemory(0x2048); Memory.Asm.Clear(); //Demerdation de laddresse de endscene mon amour :))) byte[] Backup = Memory.ReadBytes(pEndScene, 25); int size = Memory.Asm.GetMemorySize(); Memory.Asm.AddLine("pushad"); Memory.Asm.AddLine("pushfd"); Memory.Asm.AddLine("mov esi, " + (codeCave + 256).ToString("X") + "h"); Memory.Asm.AddLine("cmp dword [esi], 0"); Memory.Asm.AddLine("je " + (codeCave + 0x1D).ToString("X") + "h"); //DO STRING Memory.Asm.AddLine("push {0}", 0); Memory.Asm.AddLine("mov eax, {0}", codeCave + 0x1024); Memory.Asm.AddLine("push eax"); Memory.Asm.AddLine("push eax"); Memory.Asm.AddLine("call {0}", (uint)0x004B32B0); Memory.Asm.AddLine("add esp, 0xC"); //EXIT Memory.Asm.AddLine("mov dword[" + (codeCave + 256).ToString("X") + "h], 0"); Memory.Asm.AddLine("popfd"); Memory.Asm.AddLine("popad"); Memory.Asm.Inject(codeCave); Memory.WriteBytes(codeCave + 0x29, Backup); Memory.Asm.Clear(); Memory.Asm.AddLine("jmp " + (pEndScene + 25).ToString("X") + "h"); //REMPLACEMENT POUR NOBUG Memory.Asm.Inject(codeCave + 0x29 + 25); // Okay on a le pointeur , que les choses serieuses commencent : YOUMEW EN MODE EXTRA BOUISSINCE Memory.Asm.Clear(); Memory.Asm.AddLine("jmp " + codeCave.ToString("X") + "h"); Memory.Asm.Inject(pEndScene); } else { codeCave = Memory.ReadUInt(pEndScene + 1) + 4 + pEndScene - 0xffffffff; } ThreadManager.resumeMainThread(this.getProcessId()); // ENDSCENE IS NOW HOOKED // HOOK BY LMEW // LA BOUISINCE A LETAT PURE }
public byte[] ReadBytes(uint dwAddress, int length) { return(D3.ReadBytes(dwAddress, length, buffer)); }
private void button2_Click(object sender, EventArgs e) { if (Utils.IsUserAdministrator()) { Utils.SYSTEM_INFO sys_info = new Utils.SYSTEM_INFO(); Utils.GetSystemInfo(out sys_info); IntPtr proc_min_address = sys_info.minimumApplicationAddress; IntPtr proc_max_address = sys_info.maximumApplicationAddress; long proc_min_address_l = (long)proc_min_address; long proc_max_address_l = (long)proc_max_address; logDebug(String.Format("Min {0} Max {1}", proc_min_address_l, proc_max_address_l)); BlackMagic bm = new BlackMagic(); if (bm.OpenProcessAndThread(SProcess.GetProcessFromProcessName(windowName[0]))) { logDebug("Found"); Utils.MEMORY_BASIC_INFORMATION mem_basic_info = new Utils.MEMORY_BASIC_INFORMATION(); while (proc_min_address_l < proc_max_address_l) { // 28 = sizeof(MEMORY_BASIC_INFORMATION) Utils.VirtualQueryEx(bm.ProcessHandle, proc_min_address, out mem_basic_info, 28); //logDebug(mem_basic_info.ToString()); // if this memory chunk is accessible if ((mem_basic_info.Protect == Utils.PAGE_READWRITE || mem_basic_info.Protect == Utils.PAGE_READONLY) && mem_basic_info.State == Utils.MEM_COMMIT) { //logDebug(String.Format("Addr={0:X8} Size={1}", mem_basic_info.BaseAddress, mem_basic_info.RegionSize)); byte[] buffer = new byte[mem_basic_info.RegionSize]; // read everything in the buffer above buffer = bm.ReadBytes((uint)mem_basic_info.BaseAddress, mem_basic_info.RegionSize); //Utils.ReadProcessMemory((int)bm.ProcessHandle, mem_basic_info.BaseAddress, buffer, mem_basic_info.RegionSize, ref bytesRead); MemoryStream ms = new MemoryStream(buffer); BinaryReader br = new BinaryReader(ms); while (ms.Position != ms.Length) { int data = br.ReadInt32(); if ((data == 18248) || (data == 18622)) { int readData = bm.ReadInt((uint)(mem_basic_info.BaseAddress + ms.Position - 4)); logDebug(String.Format("Found Addr={0:X8} Size={1}", mem_basic_info.BaseAddress + ms.Position - 4, readData)); } } // then output this in the file //for (int i = 0; i < mem_basic_info.RegionSize; i++) // sw.WriteLine("0x{0} : {1}", (mem_basic_info.BaseAddress + i).ToString("X"), (char)buffer[i]); } // move to the next memory chunk proc_min_address_l += mem_basic_info.RegionSize; proc_min_address = new IntPtr(proc_min_address_l); } bm.Close(); logDebug("Done"); } } else { logDebug("Need admin user"); } }