C# (CSharp) MemManager.SigScan Beispiele

Programmiersprache: C# (CSharp)

Klasse / Typ: MemManager

Methode / Funktion: SigScan

Beispiele auf hotexamples.com: 4

C# (CSharp) MemManager.SigScan - 4 Beispiele gefunden. Dies sind die am besten bewerteten C# (CSharp) Beispiele für die MemManager.SigScan, die aus Open Source-Projekten extrahiert wurden. Sie können Beispiele bewerten, um die Qualität der Beispiele zu verbessern.

Häufig verwendete Methoden

Anzeigen Verbergen

SigScan(4)

GetString(3)

Read(3)

GetCategory(2)

ReadDisplacement(2)

EvaluateOffsets(1)

GetAllocator(1)

GetNumberCategories(1)

ReadFloat(1)

ReadString(1)

ResumeFat(1)

Write4bytes(1)

WriteInt32(1)

Beispiel #1

Datei anzeigen

        public static GameVersion CheckGameVersion()
        {
            if (Manager == null || !Manager.IsHooked || Engine == null)
            {
                return(GameVersion.NONE);
            }

            try {
                IntPtr addr = Manager.SigScan(
                    Engine.BaseAddress,
                    Engine.ModuleMemorySize,
                    6,
                    "E8 ????????",    // call Engine.CON_GetBufferSize+480
                    "6A ??",          // push 07                          <--- Minor Version
                    "68 ????????",    // push 00002710                    <--- Major Version
                    "6A 04",          // push 04
                    "68 ????????"     // push Engine._ulEngineBuildMinor+118
                    );

                if (addr != IntPtr.Zero)
                {
                    byte minor = Manager.Read(addr, 1)[0];
                    int  major = Manager.Read <Int32>(IntPtr.Add(addr, 2));
                    if (major == 10000 && minor == 5)
                    {
                        return(GameVersion.TFE);
                    }
                    else if (major == 10000 && minor == 7)
                    {
                        return(GameVersion.TSE);
                    }
                }

                addr = Manager.SigScan(
                    Engine.BaseAddress,
                    Engine.ModuleMemorySize,
                    2,
                    "FF 35 ????????", // push [Engine._SE_VER_STRING]
                    "8D 85 30FFFFFF"  // lea eax,[ebp-000000D0]
                    );

                if (addr == IntPtr.Zero)
                {
                    return(GameVersion.NONE);
                }

                string versionStr = Manager.ReadString(Manager.Read <IntPtr>(Manager.Read <IntPtr>(addr)), Encoding.ASCII);

                if (versionStr.StartsWith("AP_3"))
                {
                    return(GameVersion.REVOLUTION);
                }
            } catch (Win32Exception) { }

            return(GameVersion.NONE);
        }

Beispiel #2

Datei anzeigen

        public static void TryHookGame()
        {
            foreach (Process p in Process.GetProcessesByName("SeriousSam"))
            {
                Manager = new MemManager(p);

                Engine = Manager.HookedProcess.Modules.Cast <ProcessModule>().Where(m => m.ModuleName == "Engine.dll").FirstOrDefault();
                if (Engine == null)
                {
                    continue;
                }

                CurrentVersion = CheckGameVersion();
                if (CurrentVersion != GameVersion.NONE)
                {
                    break;
                }
            }

            if (CurrentVersion == GameVersion.NONE)
            {
                return;
            }

            IntPtr _pNetwork = Manager.Read <IntPtr>(Manager.Read <IntPtr>(Manager.SigScan(
                                                                               Engine.BaseAddress,
                                                                               Engine.ModuleMemorySize,
                                                                               2,
                                                                               "8B 0D ????????", // mov ecx,[Engine._pNetwork]
                                                                               "83 C4 08",       // add esp,08
                                                                               "E8 ????????",    // call Engine.CNetworkLibrary::IsPaused
                                                                               "85 C0"           // test eax,eax
                                                                               )));

            if (_pNetwork == IntPtr.Zero)
            {
                CurrentVersion = GameVersion.NONE;
                return;
            }

            if (CurrentVersion == GameVersion.REVOLUTION)
            {
                difficultyPtr = new Pointer(_pNetwork, 0x9C);
                currentIGTPtr = new Pointer(_pNetwork, 0x20, 0x58);
                levelNamePtr  = new Pointer(_pNetwork, 0x12EC, 0x0);
            }
            else
            {
                difficultyPtr = new Pointer(_pNetwork, 0x988);
                currentIGTPtr = new Pointer(_pNetwork, 0x20, 0x38);
                levelNamePtr  = new Pointer(_pNetwork, (CurrentVersion == GameVersion.TFE)
                                              ? 0x1284
                                              : 0x1288, 0x0);
            }

            int     playerCount = Manager.Read <Int32>(new Pointer(_pNetwork, 0x20, 0x0));
            Pointer firstPlayer = new Pointer(_pNetwork, 0x20, 0x4, 0x0);

            AllPlayers = new Player[playerCount];
            for (int i = 0; i < playerCount; i++)
            {
                AllPlayers[i] = new Player(firstPlayer);
                firstPlayer   = firstPlayer.Adjust(PLAYER_TARGET_SIZE);
            }
        }

Beispiel #3

Datei anzeigen

Datei: AddressList_244_32.cs Projekt: apple1417/TalosTextTool

        public AddressList_244_32(MemManager manager)
        {
            FoundAddresses = false;
            ProcessModule exe = manager.HookedProcess.MainModule;

            InjectLocation = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 5,
                                             "E8 ????????",      // call Talos.exe + 63C640

                                                                 // jmp 017F0000
                                             "??????????",       // OR
                                                                 // mov ecx,[esi+08]
                                                                 // test ecx, ecx

                                             "0F84 ????????",    // je Talos.exe + 641B8E
                                             "E8 ????????",      // call Talos.exe + 867970
                                             "85 C0",            // test eax, eax
                                             "0F84 ????????",    // je Talos.exe + 641AEC
                                             "83 3D ???????? 00" // cmp dword ptr[Talos.exe + 118860C], 00

                                             );
            if (InjectLocation == IntPtr.Zero)
            {
                return;
            }
            InjectInstructionLength = 5;

            IntPtr tmp = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 6,
                                         "F3 0F11 45 CC", // movss[ebp - 34], xmm0
                                         "E8 ????????",   // call Talos.exe + 83A330
                                         "83 C4 14"       // add esp, 14
                                         );

            if (tmp == IntPtr.Zero)
            {
                return;
            }
            DrawText = manager.ReadDisplacement(tmp, false);

            tmp = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 1,
                                  "E8 ????????",    // call Talos.exe + 82FE20
                                  "8B 4D FC",       // mov ecx,[ebp - 04]
                                  "8B 15 ????????", // mov edx,[Talos.exe + 11E8A20]
                                  "0F57 C0",        // xorps xmm0, xmm0
                                  "83 C4 18"        // add esp, 18
                                  );
            if (tmp == IntPtr.Zero)
            {
                return;
            }
            DrawBox  = manager.ReadDisplacement(tmp, false);
            Viewport = manager.Read <IntPtr>(IntPtr.Add(tmp, 9));

            tmp = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 8,
                                  "83 C4 1C",    // add esp,1C
                                  "85 C0",       // test eax, eax
                                  "74 ??",       // je Talos.exe + 641B7E
                                  "68 ????????", // push Talos.exe + 11D6B60
                                  "E8 ????????"  // call Talos.exe + 81F230
                                  );
            if (tmp == IntPtr.Zero)
            {
                return;
            }
            Font    = manager.Read <IntPtr>(tmp);
            SetFont = manager.ReadDisplacement(IntPtr.Add(tmp, 5), false);

            FoundAddresses = true;
        }

Beispiel #4

Datei anzeigen

        public AddressList_440_64(MemManager manager)
        {
            FoundAddresses = false;
            ProcessModule exe = manager.HookedProcess.MainModule;

            InjectLocation = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 8,
                                             "49 8B CE",          // mov rcx, r14
                                             "E8 ????????",       // call Talos.exe + 69C50

                                                                  // jmp 13FFF0000
                                             "??????????????",    // OR
                                                                  // mov rcx,[r14 + 10]
                                                                  // test rcx, rcx

                                             "0F84 ????????",     // je Talos.exe + 688CC
                                             "83 3D ???????? 00", // cmp dword ptr [Talos.exe + 1E015B8], 00
                                             "0F84 ????????"      // je Talos.exe + 688CC
                                             );
            if (InjectLocation == IntPtr.Zero)
            {
                return;
            }
            InjectInstructionLength = 7;

            IntPtr tmp = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 15,
                                         "F3 0F11 4C 24 44",     // movss[rsp + 44], xmm1
                                         "C7 44 24 48 00000000", // mov[rsp + 48], 00000000
                                         "E8 ????????",          // call Talos.exe + A4AD80
                                         "48 8D 4C 24 50"        // lea rcx,[rsp+50]
                                         );

            if (tmp == IntPtr.Zero)
            {
                return;
            }
            DrawText = manager.ReadDisplacement(tmp, false);

            tmp = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 1,
                                  "E8 ????????",          // call Talos.exe + A47C60
                                  "48 8B 94 24 88000000", // mov rdx, [rsp + 00000088]
                                  "48 8B 0D ????????"     // mov rcx, [Talos.exe + 1E44500]
                                  );
            if (tmp == IntPtr.Zero)
            {
                return;
            }
            DrawBox  = manager.ReadDisplacement(tmp, false);
            Viewport = manager.ReadDisplacement(IntPtr.Add(tmp, 15), false);

            tmp = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 7,
                                  "85 C0",              // test eax, eax
                                  "74 4A",              // je Talos.exe + 688B8
                                  "48 8D 0D ????????",  // lea rcx, [Talos.exe + 1E017C0]
                                  "E8 ????????",        // call Talos.exe + A1AE80
                                  "F3 0F10 05 ????????" // movss xmm0, [Talos.exe + 12EDAA8]
                                  );
            if (tmp == IntPtr.Zero)
            {
                return;
            }
            Font    = manager.ReadDisplacement(tmp, false);
            SetFont = manager.ReadDisplacement(IntPtr.Add(tmp, 5), false);

            FoundAddresses = true;
        }