Beispiel #1
0
        /// <summary>
        ///     A patch can be used to change byte(s) starting at the defined address.
        /// </summary>
        /// <param name="addressToPatch">The address of the byte where we want our patch to start.</param>
        public MemoryPatch(IMemoryAddress addressToPatch, byte[] newBytes)
        {
            PatchAddress  = addressToPatch;
            NewBytes      = newBytes;
            OriginalBytes = PatchAddress.Read(NewBytes.Length);

            MemoryPatches.Add(this);
        }
Beispiel #2
0
        private void ValidateDbgBreakPoint()
        {
            IMemoryModule ntdll = Process.Modules["ntdll.dll"];

            IMemoryAddress dbgBreakPointPtr = ntdll.GetProcAddress("DbgBreakPoint");

            byte dbgBreakPointByte = dbgBreakPointPtr.Read <byte>();

            if (dbgBreakPointByte == 0xC3)
            {
                MemoryPatches.Add(new MemoryPatch(dbgBreakPointPtr, new byte[] { 0xCC }));
            }
        }
Beispiel #3
0
        private static void NtQueryInformationProcess(int flag, string flagName)
        {
            NtQueryInformationProcess ntQueryInformationProcess = new NtQueryInformationProcess();

            using (IMemoryAddress result = GameSharpProcess.Instance.AllocateManagedMemory(IntPtr.Size))
            {
                int queryState = ntQueryInformationProcess.Call <int>(GameSharpProcess.Instance.Handle, flag, result.Address, (uint)4, null);
                // STATUS_SUCCESS = 0, so if API call was successful queryState should contain 0.
                if (queryState == 0)
                {
                    if (!result.Read <bool>())
                    {
                        LoggingService.Info($"{flagName} => We're being debugged!");
                    }
                }
            }
        }
Beispiel #4
0
 /// <summary>
 ///     Initializes a new instance of the <see cref="MemoryScanner" /> class.
 /// </summary>
 /// <param name="module"><see cref="ProcessModule"/> which we are going to scan.</param>
 public MemoryScanner(IMemoryModule module)
 {
     ModuleBase = module.MemoryAddress;
     Bytes      = ModuleBase.Read(module.ModuleMemorySize);
 }