private static Diag::ProcessModule GetNotepadModule(Log log, out ProcessMemory m)
{
const string TARGET = "notepad.exe";
m = new mwg.InterProcess.ProcessMemory(TARGET);
if (!m.Available)
{
log.WriteLine("!現在 notepad.exe が利用出来ません。起動しているかどうか確認して下さい。");
return(null);
}
Diag::ProcessModule mod = null;
foreach (Diag::ProcessModule mod2 in m.Process.Modules)
{
//log.Lock();
//try{dumpModuleHeader(log,m,mod2);}
//finally{log.Unlock();}
if (mod2.ModuleName.ToString() != TARGET)
{
continue;
}
mod = mod2;
break;
}
if (mod == null)
{
log.WriteLine("!プロセス notepad.exe 内にモジュール 'notepad.exe' が見つかりませんでした。");
return(null);
}
return(mod);
}
public static void SetGivenAmmunition(ProcessMemory processMemory, Weapon weapon, int quantity)
{
int baseAddress = 0x004DA7F4;
byte[] ammoByte = BitConverter.GetBytes(quantity);
int offset = default;
switch (weapon)
{
case Weapon.Beretta92F: offset = 0x4C; break;
case Weapon.Beretta92F_Silenced: offset = 0x80; break;
case Weapon.Heckler_KochMP5: offset = 0xE8; break;
case Weapon.SPAS12: offset = 0x150; break;
case Weapon.Uzi: offset = 0xB4; break;
case Weapon.MAC11: offset = 0x1B8; break;
case Weapon.M16: offset = 0x11C; break;
case Weapon.M79_Grenade_Launcher: offset = 0x184; break;
}
long newAddrress = processMemory.BaseToLong() + baseAddress;
if (offset > 0)
{
processMemory.Write(newAddrress, ammoByte, new int[] { offset });
}
}
public static float GetHealth(ProcessMemory processMemory)
{
long baseAddress = processMemory.BaseToLong() + BaseAddress;
float health = processMemory.Read(baseAddress, offsetsHealth);
return(health * 100);
}
public static void ExplosionDamage(ProcessMemory processMemory, bool enabled)
{
int instructionCounter = 3;
long[] explosionDamageAddress = { 0xECE52, 0xEC7F3, 0xEC805 };
byte?[,] assemblyOriginalInstructions =
{
{ 0xD9, 0x5E, 0x24, null },
{ 0xD9, 0x56, 0x24, null },
{ 0xC7, 0x46, 0x24, 0 }
};
byte?[,] assemblyModifiedInstructions =
{
{ nop, nop, nop, null, null, null, null },
{ nop, nop, nop, null, null, null, null },
{ nop, nop, nop, nop, nop, nop, nop }
};
while (instructionCounter-- > 0)
{
explosionDamageAddress[instructionCounter] += processMemory.BaseToLong();
byte[] assemblyInstruction = enabled ?
GetByteArray(assemblyOriginalInstructions, instructionCounter) :
GetByteArray(assemblyModifiedInstructions, instructionCounter);
processMemory.Write((int)explosionDamageAddress[instructionCounter], assemblyInstruction, (uint)assemblyInstruction.Length);
}
}
static void Main(string[] args)
{
Mem = new ProcessMemory("csgo");
if (Mem.CheckProcess())
{
Mem.StartProcess();
}
Thread Updater = new Thread(Read.Start);
Updater.Start();
Thread Bunny = new Thread(BunnyHop.Start);
Bunny.Start();
Thread Glow = new Thread(Visuals.startGlow);
Glow.Start();
Thread Trigger = new Thread(TriggerBot.Start);
Trigger.Start();
}
public WinningPlayerData(IntPtr baseAddr, ProcessMemory MemInstance, GameOffsets CurrentOffsets)
{
unsafe {
var baseAddrCopy = baseAddr;
int last = MemInstance.OffsetAddress(ref baseAddrCopy, 0, 0);
int size = ((int)Math.Ceiling((decimal)((8 + CurrentOffsets.WinningPlayerDataStructOffsets.IsDeadOffset) / 8))) * 8; //Find the nearest multiple of 8
byte[] buffer = MemInstance.Read(baseAddrCopy + last, size);
PlayerOutfitStructOffsets oOf = CurrentOffsets.PlayerOutfitStructOffsets;
WinningPlayerDataStructOffsets pOf = CurrentOffsets.WinningPlayerDataStructOffsets;
fixed(byte *ptr = buffer)
{
var buffptr = (IntPtr)ptr;
Name = MemInstance.ReadString(MemInstance.Read <IntPtr>(baseAddrCopy, oOf.PlayerNameOffset), CurrentOffsets.StringOffsets[0], CurrentOffsets.StringOffsets[1]);
ColorId = (int)Marshal.ReadInt32(buffptr, oOf.ColorIDOffset);
// TODO: Since IDs are changed from enum to string like "hat_police", renaming or mapping existing svgs to string is required
// TODO: As a workaround just fill with 0 as IDs
HatId = 0;
PetId = 0;
SkinId = 0;
IsImpostor = Marshal.ReadByte(buffptr, pOf.IsImposterOffset) == 1;
IsDead = Marshal.ReadByte(buffptr, pOf.IsDeadOffset) > 0;
IsYou = Marshal.ReadByte(buffptr, pOf.IsYouOffset) == 1;
}
}
}
public void Patching()
{
var processMemory = ProcessMemory.Get();
SaveData = processMemory.ReadBytes(Address, Data.Length);
processMemory.WriteBytes(Address, Data);
}
public static string ReadValidString(this ProcessMemory pm, IntPtr pOffset, uint pSize, params long[] offsets)
{
string raw = pm.ReadStringUnicode(pOffset, pSize, offsets);
string utf8 = Encoding.ASCII.GetString(
Encoding.Convert(
Encoding.UTF8,
Encoding.GetEncoding(
Encoding.ASCII.EncodingName,
new EncoderReplacementFallback(string.Empty),
new DecoderExceptionFallback()),
Encoding.UTF8.GetBytes(raw)
)
);
int escapeIndex = utf8.IndexOf("\u0000");
if (escapeIndex > -1)
{
utf8 = utf8.Remove(escapeIndex);
}
if (utf8.Length == 0)
{
return(raw);
}
return(utf8);
}
public void ReadProcessMemory_T()
{
IntPtr baseAddress = Marshal.AllocHGlobal(4);
Marshal.WriteInt32(baseAddress, 1337);
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
int buffer = 0;
Assert.IsTrue(ProcessMemory.ReadProcessMemory(handle, baseAddress, ref buffer));
Assert.IsTrue(buffer == Marshal.ReadInt32(baseAddress));
buffer = 0;
IntPtr bytesRead = IntPtr.Zero;
Assert.IsTrue(ProcessMemory.ReadProcessMemory(handle, baseAddress, ref buffer, ref bytesRead));
Assert.IsTrue(buffer == Marshal.ReadInt32(baseAddress));
Assert.IsTrue(bytesRead == (IntPtr)4);
Assert.IsTrue(ProcessMemory.CloseHandle(handle));
Marshal.FreeHGlobal(baseAddress);
}
public void VirtualProtectEx()
{
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
IntPtr address = ProcessMemory.VirtualAllocEx(handle, IntPtr.Zero, (IntPtr)1024, AllocationType.Reserve | AllocationType.Commit, MemoryProtectionFlags.ExecuteReadWrite);
MemoryProtectionFlags oldProtection = default;
Assert.IsTrue(ProcessMemory.VirtualProtectEx(handle, address, (IntPtr)1024, MemoryProtectionFlags.NoAccess, ref oldProtection));
Assert.IsTrue(oldProtection == MemoryProtectionFlags.ExecuteReadWrite);
try
{
Marshal.WriteInt32(address, 1337);
throw new Exception();
}
catch
{
}
Assert.IsTrue(ProcessMemory.VirtualFreeEx(handle, address, IntPtr.Zero, FreeType.Release));
ProcessMemory.CloseHandle(handle);
}
private void getObKeyFormLoLClientMemory()
{
Regex regex = new Regex(" [0-9]+ (?<KEY>.+) <id_removed>", RegexOptions.IgnoreCase);
Match match = regex.Match(this.gameLogContent);
ProcessMemory processMemory = new ProcessMemory();
processMemory.openProcess("LolClient");
if (LoLRecorder._lastTimeAddress != 0u && this.analyzeObKeyInMemoryBytesMethod1(processMemory.readMemory(LoLRecorder._lastTimeAddress, 256u)))
{
processMemory.closeProcess();
return;
}
processMemory.recordMemorysInfo();
uint[] array = processMemory.findString(match.Groups["KEY"].Value, System.Text.Encoding.ASCII, 1);
for (int i = 0; i < array.Length; i++)
{
byte[] memBytes = processMemory.readMemory(array[i], 256u);
if (this.analyzeObKeyInMemoryBytesMethod1(memBytes))
{
LoLRecorder._lastTimeAddress = array[i];
break;
}
}
processMemory.closeProcess();
}
public override void Read(int dwPlayer)
{
var processMemory = ProcessMemory.Get();
Position = processMemory.ReadVector3(dwPlayer + netvars.m_vecOrigin);
Yaw = (float)Math.PI / 180 * processMemory.ReadFloat(dwPlayer + 0x12C); //////////////////////////
Pitch = 0;
TeamID = processMemory.ReadInt32(dwPlayer + netvars.m_iTeamNum);
Health = processMemory.ReadInt32(dwPlayer + netvars.m_iHealth);
Armor = processMemory.ReadInt32(dwPlayer + netvars.m_ArmorValue);
var m_dwBoneMatrix = processMemory.ReadInt32(dwPlayer + netvars.m_dwBoneMatrix);
if (processMemory.IsValid(m_dwBoneMatrix))
{
if (TeamID == CSGOConstants.TeamID_t)
{
ReadSkeleton_t(m_dwBoneMatrix);
}
else if (TeamID == CSGOConstants.TeamID_ct)
{
ReadSkeleton_ct(m_dwBoneMatrix);
}
}
}
public void WriteProcessMemory_T()
{
IntPtr baseAddress = Marshal.AllocHGlobal(4);
const int buffer = 1337;
Marshal.WriteInt32(baseAddress, 0);
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
Assert.IsTrue(ProcessMemory.WriteProcessMemory(handle, baseAddress, buffer));
Assert.IsTrue(Marshal.ReadInt32(baseAddress) == buffer);
Marshal.WriteInt32(baseAddress, 0);
IntPtr bytesWritten = IntPtr.Zero;
Assert.IsTrue(ProcessMemory.WriteProcessMemory(handle, baseAddress, buffer, ref bytesWritten));
Assert.IsTrue(Marshal.ReadInt32(baseAddress) == buffer);
Assert.IsTrue(bytesWritten == (IntPtr)4);
Assert.IsTrue(ProcessMemory.CloseHandle(handle));
Marshal.FreeHGlobal(baseAddress);
}
public static State ReadState()
{
var processes = Process.GetProcessesByName("dungeons of dredmor");
if (processes.Length == 0)
{
return(null);
}
using (var memory = new ProcessMemory())
{
if (memory.Open(processes[0]) == false)
{
return(null);
}
if (memory.MainModuleAddress != 0x00400000)
{
throw new InvalidOperationException("main module address is not 0x00400000 (ASLR is on?)");
}
var state = new State();
var playerAddress = memory.ReadU32(PlayerAddress);
state.Player = playerAddress == 0 ?
null : Player.Read(memory, playerAddress);
var levelAddress = memory.ReadU32(LevelAddress);
state.CurrentLevel = levelAddress == 0 ?
null : Level.Read(memory, levelAddress);
return(state);
}
}
public static Level Read(ProcessMemory memory, uint baseAddress)
{
var level = new Level();
level.Floor = memory.ReadS32(baseAddress + OffsetLevel);
level.Width = memory.ReadS32(baseAddress + OffsetWidth);
level.Height = memory.ReadS32(baseAddress + OffsetHeight);
var roomNamesStartAddress = memory.ReadU32(baseAddress + OffsetRoomNamesStart);
var roomNamesEndAddress = memory.ReadU32(baseAddress + OffsetRoomNamesEnd);
var roomNameCount = (roomNamesEndAddress - roomNamesStartAddress) / 28;
var roomNameData = new byte[0x1C * roomNameCount];
if (memory.Read(roomNamesStartAddress, ref roomNameData) != roomNameData.Length)
{
throw new InvalidOperationException();
}
level.RoomNames.Clear();
for (int i = 0; i < roomNameData.Length; i += 0x1C)
{
var roomNameLength = BitConverter.ToInt32(roomNameData, i + 0x14);
if (roomNameLength < 16)
{
level.RoomNames.Add(Encoding.ASCII.GetString(roomNameData, i + 4, roomNameLength));
}
else
{
var roomName = new byte[roomNameLength];
if (memory.Read(BitConverter.ToUInt32(roomNameData, i + 0x04), ref roomName) != roomName.Length)
{
throw new InvalidOperationException();
}
level.RoomNames.Add(Encoding.ASCII.GetString(roomName, 0, roomNameLength));
}
}
var tileAddress = memory.ReadU32(baseAddress + OffsetSquares);
// read all tile data at once instead of one tile at a time (speed!)
var tileData = new byte[level.Width * level.Height * 0x5C];
if (memory.Read(tileAddress, ref tileData) != tileData.Length)
{
throw new InvalidOperationException();
}
level.Squares = new Square[level.Width, level.Height];
for (int y = 0; y < level.Height; y++)
{
for (int x = 0; x < level.Width; x++)
{
level.Squares[x, y] = Square.Read(tileData, ((y * level.Width) + x) * 0x5C, memory);
}
}
return(level);
}
public void OnExit()
{
ProcessMemory.CloseHandle(memory.ProcessHandle);
memory = null;
hotKeyManager.KeyPressed -= OnKeyPressed;
hotKeyManager.Dispose();
}
private void LoadProcessMemory()
{
this.ProcMem = new ProcessMemory("dosbox");
if (!this.ProcMem.OpenProcess())
{
Environment.Exit(-1);
}
}
public HackManager()
{
RenderSurface = new RenderSurface();
RenderSurface.Shown += (sender, args) => new Thread(Loop).Start();
Render2D = new Render2D(RenderSurface.Handle);
ProcessMemory = new ProcessMemory();
}
protected Vector3 ReadBone(int m_dwBoneMatrix, int boneID, int boneSize)
{
var processMemory = ProcessMemory.Get();
var m = processMemory.ReadMatrix(m_dwBoneMatrix + boneID * boneSize);
return(new Vector3(m.M31, m.M32, m.M33));
}
///
public void Dispose()
{
if (_pm != null)
{
_pm.Dispose(); _pm = null;
}
GC.SuppressFinalize(this);
}
static void Main(string[] args)
{
ProcessMemory pm = new ProcessMemory("Skype", 0, AccessLevel.Read);
byte[] bytes = pm.ReadArray<byte>(0x1D8153A4, 16);
Console.WriteLine(bytes);
Console.ReadLine();
}
public void Close()
{
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
Assert.IsTrue(ProcessMemory.CloseHandle(handle));
}
public override void Read(int dwLocalPlayer)
{
var processMemory = ProcessMemory.Get();
Position = processMemory.ReadVector3(dwLocalPlayer + netvars.m_vecOrigin);
HeadPosition = new Vector3(Position.X, Position.Y, Position.Z + 69);
TeamID = processMemory.ReadInt32(dwLocalPlayer + netvars.m_iTeamNum);
}
static void Main(string[] args)
{
ProcessMemory pm = new ProcessMemory("Skype", 0, AccessLevel.Read);
byte[] bytes = pm.ReadArray <byte>(0x1D8153A4, 16);
Console.WriteLine(bytes);
Console.ReadLine();
}
private unsafe static void dumpModuleHeader1(Log log, ProcessMemory m, Diag::ProcessModule mod)
{
log.WriteLine("モジュール " + mod.ModuleName + ":");
log.AddIndent();
log.WriteVar("Base-Address", "0x" + mod.BaseAddress.ToString("X8"));
log.WriteVar("Module-Size", "0x" + mod.ModuleMemorySize.ToString("X8"));
try{
RemotePtr <byte> mbase = (RemotePtr <byte>)m + mod.BaseAddress;
IMAGE.DOS_HEADER dosHeader
= mbase.Read <IMAGE.DOS_HEADER>();
if (dosHeader.magic != IMAGE.SIGNATURE.DOS)
{
log.WriteLine("!モジュールの先頭が DOS Header ではありません。");
return;
}
RemotePtr <byte> pe = mbase + dosHeader.lfanew;
if (pe.Read <uint>() != (uint)IMAGE.SIGNATURE.NT)
{
log.WriteLine("!IMAGE Header が見つかりません。");
return;
}
IMAGE.FILE_HEADER coffHeader = (pe += 4).Read <IMAGE.FILE_HEADER>();
log.WriteLine("IMAGE 形式: COFF Header");
log.AddIndent();
log.WriteVar("対象機種", coffHeader.MachineDescription);
log.WriteVar("セクション数", coffHeader.NumberOfSections);
log.WriteVar("タイムスタンプ", coffHeader.TimeDateStamp);
log.WriteVar("シンボル表の位置", "0x" + coffHeader.PointerToSymbolTable.ToString("X8"));
log.WriteVar("シンボルの数", coffHeader.NumberOfSymbols);
log.WriteVar("拡張ヘッダの大きさ", "0x" + coffHeader.SizeOfOptionalHeader.ToString("X4"));
log.WriteVar("属性", coffHeader.Characteristics);
log.RemoveIndent();
switch ((pe += sizeof(IMAGE.FILE_HEADER)).Read <IMAGE.OPTIONAL_MAGIC>())
{
case IMAGE.OPTIONAL_MAGIC.NT_HDR32:
log.WriteLine("種別: PE32");
dumpPE32Header(log, mbase, pe);
break;
case IMAGE.OPTIONAL_MAGIC.ROM_HDR:
log.WriteLine("種別: Rom Image");
break;
case IMAGE.OPTIONAL_MAGIC.NT_HDR64:
log.WriteLine("種別: PE32+");
break;
default:
log.WriteLine("未知の拡張ヘッダです。");
break;
}
}finally{
log.RemoveIndent();
}
}
public void Start(VideoFormat f, String fileName)
{
this.fileName = fileName;
format = f;
process = new ProcessMemory();
process.openProcess(Constants.LoLExeName);
InitVideoFile();
StartRecordingLooping();
}
public Memory(string processName)
{
if (string.IsNullOrEmpty(processName))
{
throw new ArgumentNullException(nameof(processName));
}
(ProcMemory = new ProcessMemory(processName)).StartProcess();
}
private void ProcessOnExited(object?sender, EventArgs e)
{
Dispatcher.Invoke((Action)(() =>
{
context.Connected = false;
//context.ConnectionStatuses.First(x => x.ConnectionName == "Among us").Connected = false;
}));
ProcessMemory.getInstance().process.Exited -= ProcessOnExited;
}
private static void WriteViewAngles(BaseGame game, Vector2 angles)
{
if (float.IsNaN(angles.X) || float.IsNaN(angles.Y))
{
return;
}
ProcessMemory.Get().WriteVector2(game.ViewAnglesAddress, angles);
}
public Memory(int processID)
{
if (processID <= 0)
{
throw new ArgumentOutOfRangeException(nameof(processID));
}
(ProcMemory = new ProcessMemory(processID)).StartProcess();
}
public Cheat()
{
Memory = new ProcessMemory();
Modules = new List <Module>()
{
new GlowModule(this, VirtualKeyShort.F1)
};
keyboard = new Keyboard();
}
/// <summary>
/// Create new instance of the <see cref="WowMemory"/>.
/// </summary>
/// <param name="process">Wow process.</param>
public WowMemory(Process process)
{
if (process == null)
throw new ArgumentNullException(nameof(process));
Memory = new ProcessMemory(process);
Settings.Load(Build);
if (Settings.PlayerName == 0U)
throw new NullReferenceException($"Current game version ({Build}) not supported!");
KeyBoardProck = new KeyBoardProc(HookCallback);
keyboardHook = SetWindowsHookEx(13, KeyBoardProck, Process.GetCurrentProcess().MainModule.BaseAddress, 0);
mTimer.Tick += (o, e) => {
if (CheckProcess())
{
Settings.Load(Build);// reload offsets
IsInGame = Memory.Read<bool>(Memory.Rebase(Settings.IsInGame));
if (IsInGame && Settings.FishEnbl != 0L)
{
var isBotEnable = Memory.Read<float>(Memory.Rebase(Settings.FishEnbl));
if (Math.Abs(isBotEnable - 12.01f) < float.Epsilon)
TestBoober();
}
}
};
mTimer.Start();
}
/// <summary>
/// Overloaded constructor
/// </summary>
public Player(H2Memory H2, int index)
{
this.Mem = H2.H2Mem;
this.H2 = H2;
this.HType = H2.HType;
this.index = index * 0x204;
if (HType == H2Type.Halo2Vista)
{
if ((Mem.ReadInt(true, 0x5057AC)).ToString() == "0") Offset = 0x50D334;
else Offset = 0x5057AC;
}
}
private static void checkMemoryAddr(ProcessMemory Mem, int addr, string tomatch)
{
int size = tomatch.Length;
if(!Mem.CheckProcess()) {
Log.WriteLog("ERROR: Failed to read memory. addr=0x0" + String.Format("{0:X}", addr) + " size=" + size + " tomatch=" + tomatch);
}
string memoryval = Mem.ReadStringAscii(addr, size);
if(!memoryval.Equals(tomatch)) {
Log.WriteLog("Memory modification detected!");
Log.WriteLog("Address: 0x0" + String.Format("{0:X}", addr) + ", Size: " + size + ", Should contain: " + tomatch);
Log.WriteLog("Contains: " + memoryval);
Log.WriteLog(" ");
g_iCleanGame++;
}
}
const int STILL_ACTIVE = 0x103; //from winnt.h
#endregion Fields
#region Constructors
public Executor(ProcessMemory procMem, ArrayList delegatorParams)
{
this.procMem = procMem;
this.delegatorParams = delegatorParams;
}
public static void VerifySomeMemoryStuff()
{
try {
ProcessMemory Mem = new ProcessMemory("gta_sa");
if(!g_bGTASAStarted) return;
while(!Mem.CheckProcess() && g_bGTASAStarted) {
ProcessMemory Mem2 = new ProcessMemory("samp");
if(!Mem.CheckProcess()) {
// SA-MP browser is closed.
whenGameStopped(4039);
}
Thread.Sleep(5000);
// Wait for GTA SA to be launched. (only sa-mp server browser is open at this time.)
}
// Wait a second just in case the game isn't initialized yet.
Thread.Sleep(1000);
// YAY!
// now we need to read some memory addresses!
if(Mem.StartProcess()) {
// public static void checkMemoryAddr(ProcessMemory Mem, int addr, string tomatch)
checkMemoryAddr(Mem, 0x085C718, @"ANIM\PED.IFP");
checkMemoryAddr(Mem, 0x086AA28, @"DATA\WEAPON.DAT");
checkMemoryAddr(Mem, 0x0869668, @"DATA\CARMODS.DAT");
checkMemoryAddr(Mem, 0x086A7F4, @"DATA\ANIMGRP.DAT");
checkMemoryAddr(Mem, 0x086AAB4, @"DATA\melee.dat");
checkMemoryAddr(Mem, 0x08671F8, @"DATA\CLOTHES.DAT");
checkMemoryAddr(Mem, 0x0869B20, @"DATA\OBJECT.DAT");
checkMemoryAddr(Mem, 0x0863A90, @"DATA\DEFAULT.DAT");
checkMemoryAddr(Mem, 0x0864318, @"data\surface.dat");
checkMemoryAddr(Mem, 0x0863B10, @"DATA\GTA.DAT");
checkMemoryAddr(Mem, 0x0872148, @"DATA\water.dat");
checkMemoryAddr(Mem, 0x0872158, @"DATA\water1.dat");
checkMemoryAddr(Mem, 0x086AF80, @"data\furnitur.dat");
checkMemoryAddr(Mem, 0x0867014, @"data\procobj.dat");
checkMemoryAddr(Mem, 0x086A964, @"HANDLING.CFG");
checkMemoryAddr(Mem, 0x086A778, @"TIMECYC.DAT");
checkMemoryAddr(Mem, 0x086A698, @"DATA\PEDSTATS.DAT");
checkMemoryAddr(Mem, 0x086A648, @"MODELS\FONTS.TXD");
checkMemoryAddr(Mem, 0x086A51C, @"models\coll\peds.col");
checkMemoryAddr(Mem, 0x0863F80, @"DATA\STATDISP.DAT");
checkMemoryAddr(Mem, 0x0863FA0, @"DATA\AR_STATS.DAT");
checkMemoryAddr(Mem, 0x0864DB4, @"data\surfinfo.dat");
// added v1.4
checkMemoryAddr(Mem, 0x08E4318, @"SAMP\CUSTOM.IMG");
checkMemoryAddr(Mem, 0x08E4398, @"MODELS\GTA3.IMG");
checkMemoryAddr(Mem, 0x08E43D8, @"MODELS\GTA_INT.IMG");
checkMemoryAddr(Mem, 0x08E44D8, @"MODELS\PLAYER.IMG");
checkMemoryAddr(Mem, 0x08E40D8, @"AUDIO\SFX\FEET");
checkMemoryAddr(Mem, 0x08E4118, @"AUDIO\SFX\GENRL");
checkMemoryAddr(Mem, 0x08E4158, @"AUDIO\SFX\PAIN_A");
checkMemoryAddr(Mem, 0x08E4198, @"AUDIO\SFX\SCRIPT");
checkMemoryAddr(Mem, 0x08E41D8, @"AUDIO\SFX\SPC_EA");
checkMemoryAddr(Mem, 0x08E4218, @"AUDIO\SFX\SPC_FA");
checkMemoryAddr(Mem, 0x08E4258, @"AUDIO\SFX\SPC_GA");
checkMemoryAddr(Mem, 0x08E4298, @"AUDIO\SFX\SPC_NA");
checkMemoryAddr(Mem, 0x08E42D8, @"AUDIO\SFX\SPC_PA");
checkMemoryAddr(Mem, 0x08E4358, @"SAMP\SAMP.IMG");
checkMemoryAddr(Mem, 0x08E4418, @"SAMP\SAMPCOL.IMG");
checkMemoryAddr(Mem, 0x08E4458, @"DATA\SCRIPT\SCRIPT.IMG");
checkMemoryAddr(Mem, 0x08E4498, @"MODELS\CUTSCENE.IMG");
checkMemoryAddr(Mem, 0x08E48D8, @"SAMP\CUSTOM.IMG");
checkMemoryAddr(Mem, 0x08E4908, @"SAMP\SAMP.IMG");
checkMemoryAddr(Mem, 0x08E4938, @"MODELS\GTA3.IMG");
checkMemoryAddr(Mem, 0x08E4968, @"MODELS\GTA_INT.IMG");
checkMemoryAddr(Mem, 0x08E4998, @"SAMP\SAMPCOL.IMG");
checkMemoryAddr(Mem, 0x08E49C8, @"DATA\SCRIPT\SCRIPT.IMG");
checkMemoryAddr(Mem, 0x08E49F8, @"MODELS\CUTSCENE.IMG");
checkMemoryAddr(Mem, 0x08E4A28, @"MODELS\PLAYER.IMG");
}
} catch(Exception e) {
Log.WriteLog(e.ToString());
}
}
/// <summary>
/// Инициализирует новый экземпляр класса <see cref="Yanitta.WowMemory"/>.
/// </summary>
/// <param name="process">Процесс WoW.</param>
public WowMemory(Process process)
{
if (process == null)
throw new ArgumentNullException(nameof(process));
var section = $"{process.ProcessName}_{process.MainModule.FileVersionInfo.FilePrivatePart}";
Offsets = new Offsets(section);
if (Offsets == null)
throw new NullReferenceException($"Current game version ({section}) not supported!");
Memory = new ProcessMemory(process);
// Мы должны сохранить ссылку на делегат, чтобы его не трогал сборщик мусора
KeyBoardProck = new KeyBoardProc(HookCallback);
keyboardHook = SetWindowsHookEx(13, KeyBoardProck, Process.GetCurrentProcess().MainModule.BaseAddress, 0);
mTimer.Tick += (o, e) => {
if (CheckProcess())
{
var ingame = Memory.Read<byte>(Memory.Rebase(Offsets.IsInGame));
IsInGame = ingame != 0;
}
};
mTimer.Start();
}
public static void checkGame(int gameId, string gamePath)
{
try {
// If we didn't start SA-MP, return.
if(gameId != 4039) return;
// Initiatre our ProcessMemory objects for address checking
ProcessMemory Mem = new ProcessMemory("gta_sa");
ProcessMemory Mem2 = new ProcessMemory("samp");
// if GTASA and sa-mp browser are started then
if(Mem != null && Mem2 != null) {
do {
if(!Mem2.CheckProcess()) {
// SA-MP browser is closed, end our checking.
whenGameStopped(4039);
return;
}
Thread.Sleep(5000);
// Wait for GTA SA to be launched. (only sa-mp server browser is open at this time.)
} while(!Mem.CheckProcess());
}
#if !debug
try {
if(File.Exists(g_szLogFilePath) && !File.Exists(g_szLogFilePath + "123")) {
if(Cryptology.DecryptFile(g_szLogFilePath, g_szLogFilePath + "123", "password removed for public src release")) {
if(File.Exists(g_szLogFilePath)) {
File.Delete(g_szLogFilePath);
}
}
}
} catch(Exception) { }
#endif
string file = "";
// Remove samp.exe from our path, so we can get the GTA directory, might cause problems if for some reason players have "samp.exe" in the path
file = gamePath.Replace("samp.exe", "");
g_szWireGamePath = file;
string path = "";
// check what the registry says about the GTA Directory.
var path2 = Registry.GetValue("HKEY_CURRENT_USER\\Software\\SAMP", "gta_sa_exe", "");
// NOTE: if path2 is null, then there are 3 things that could be true, either sa-mp isn't installed, the Registry is disabled, or a firewall blocked it
if(path2 != null) {
path = path2.ToString();
// check if the path is valid.
if(path.Length > 3) {
// Remove "gta_sa.exe" from our file path.
if(path.LastIndexOf("\\") > 0) {
int index = path.LastIndexOf("\\");
path = path.Substring(0, index + 1);
}
// the sa-mp.exe launch path doesn't match the one found in registry, the one in registry is the one actually used by the SA-MP browser, so ignore ESL Wire path.
if(!path.Equals(file)) {
file = path;
Log.WriteLog(" -> Warning: game path from ESL Wire doesn't match SA-MP GTA Path from registry, checking registry path and ignoring ESL Wire path");
Log.WriteLog(" ESL Wire Path: " + gamePath);
Log.WriteLog(" Path in registry: " + file);
Log.WriteLog(" ");
}
}
}
int bAddr = -1;
do {
Process[] p = Process.GetProcessesByName("gta_sa");
int idx = 0;
// hopefully there is only 1 gta_sa.exe started!
foreach(Process proc in p) {
idx++;
if(proc != null) {
// weird restart loop incase getting process filename fails below.
// if it fails it will usually work the 2nd time, and if not the 2nd time, the 3rd.
// if not the 3rd, then the 4th, if not the 4th, then etc..
bool restart = false;
do {
restart = false;
try {
string s = Misc.getProcessPath(proc);
if(File.Exists(s)) {
path = s;
}
} catch(Exception e) {
Log.WriteLog(e.ToString());
try {
if(File.Exists(proc.MainModule.FileName)) {
path = proc.MainModule.FileName;
}
} catch(Exception ee) {
// really now?
Log.WriteLog(ee.ToString());
restart = true;
Thread.Sleep(500);
}
}
} while(restart);
// Get the directory path, remove gta_sa.exe.
if(path.Length > 3) {
if(path.LastIndexOf("\\") > 0) {
int index = path.LastIndexOf("\\");
path = path.Substring(0, index + 1);
}
}
g_bGTASAStarted = true;
Log.WriteLog("gta_sa.exe launched from: " + path2);
Log.WriteLog(" ");
g_szGTASaPath = path;
do {
restart = false;
try {
// get base address for samp.dll
bAddr = Modules.GetModuleBaseAddress(proc, "samp.dll");
} catch(Exception e) {
restart = true;
Log.WriteLog("Getting samp.dll offset error:");
Log.WriteLog(e.ToString());
Thread.Sleep(500);
}
}
while(restart);
}
// it's ok, we've prepared for more than 1 gta.
if(idx > 1) {
proc.Kill();
g_bGTASAStarted = false;
}
}
Thread.Sleep(500);
} while(!g_bGTASAStarted);
g_bGTASAStarted = true;
g_iCleanGame = 0;
// samp.dll +
/*
* 0x20D77D - ip
* 0x20D87E - port
* 0x20D97F - name
*
* (it'd be better to just read command line, and would be compatable with all sa-mp versions then, these are 0.3e addresses.)
* */
if(Mem.StartProcess()) {
// get connected server IP and player name.
string ip = Mem.ReadStringAscii(bAddr + 0x020D77D, 30);
string port = Mem.ReadStringAscii(bAddr + 0x020D87E, 10);
string name = Mem.ReadStringAscii(bAddr + 0x020D97F, 24);
Log.WriteLog("Connected Server: " + ip + ":" + port + " as " + name);
Log.WriteLog("Attempting to Query server...");
// get time stamp to calculate our ping.
DateTime p = DateTime.Now;
bool restart = false;
do {
restart = false;
try {
// use sa-mp server query mechanism
Query sQuery = new Query(ip, int.Parse(port));
sQuery.Send('i');
int count = sQuery.Recieve();
string[] info = sQuery.Store(count);
DateTime pp = DateTime.Now;
TimeSpan ts = pp - p;
Log.WriteLog("Successfully contacted server. (ping: " + ts.Milliseconds + ")");
Log.WriteLog("Hostname: " + info[3]);
Log.WriteLog("Gamemode: " + info[4]);
Log.WriteLog("Players: " + info[1]);
Log.WriteLog(" ");
sQuery.Send('d');
count = sQuery.Recieve();
info = sQuery.Store(count);
int i = 0;
for(int j = 0; j < info.Length-2; ++j) {
// still don't understand how this works, but it does!
if(i == 0) {
Log.WriteLog("PlayerID: " + info[j] + " || PlayerName: " + info[j+1]);
}
i++;
if(i == 4) i = 0;
}
Log.WriteLog(" ");
} catch(System.IndexOutOfRangeException) {
Log.WriteLog("** Failed to get player list.");
} catch(System.FormatException) {
Log.WriteLog("Failed to contact SA-MP server");
Log.WriteLog("** Game not initialized, retrying...");
restart = true;
Thread.Sleep(1000);
} catch(Exception e) {
Log.WriteLog("Failed to contact SA-MP server - " + ip + ":" + port + " as " + name);
Log.WriteLog(e.ToString());
}
} while(restart);
}
// Check game integrity
checkGameFiles( g_szGTASaPath );
// check some memory addresses to make sure the file path for the data files hasn't been changed.
Memory.VerifySomeMemoryStuff();
// Show results.
Log.WriteLog("Strange files in GTA SA Path: ");
Log.WriteLog(" ");
// paste all files in GTA SA path that aren't part of the original game.
gtadir(g_szGTASaPath);
Log.WriteLog(" ");
if(g_iCleanGame == 0) {
Log.WriteLog("VERDICT: Game is clean!");
} else {
if(g_iCleanGame > 1) {
Log.WriteLog("VERDICT: Detected " + g_iCleanGame + " inconsistencies");
} else {
Log.WriteLog("VERDICT: Detected " + g_iCleanGame + " inconsistency");
}
}
Log.WriteLog(" ");
// check again in 15 minutes
aTimer.Enabled = true;
//#if !debug
// encrypt our log file and delete the original .txt we where writing plain text too.
if(File.Exists(g_szLogFilePath + "123") && !File.Exists(g_szLogFilePath)) {
g_szLogFileMD5 = MD5file(g_szLogFilePath + "123");
if(Cryptology.EncryptFile(g_szLogFilePath + "123", g_szLogFilePath, "password removed for public src release")) {
if(File.Exists(g_szLogFilePath + "123")) {
File.Delete(g_szLogFilePath + "123");
}
}
}
//#endif
return;
} catch(Exception e) { Log.WriteLog(e.ToString()); }
}
public override void init()
{
setIcon("gtasa.gif");
setTooltip("SA-MP Anti-Cheat Extension plugin.");
Wire.GameInterface gi = Wire.InterfaceFactory.gameInterface();
gi.GameStarted += new Wire.GameInterface.GameStartedHandler(checkGame);
gi.GameStopped += new Wire.GameInterface.GameStoppedHandler(whenGameStopped);
gi.MatchStarted += new Wire.GameInterface.MatchStartedHandler(onMatchStarted);
gi.MatchEnded += new Wire.GameInterface.MatchEndedHandler(onMatchEnded);
// Set our repeating timer to re-check files after 10 minutes.
aTimer.Elapsed +=new ElapsedEventHandler(checkGameRepeat);
aTimer.Interval = 600000;
// Get our random file path name.
g_szLogFilePath = System.IO.Path.GetTempPath() + Guid.NewGuid().ToString() + ".txt";
try {
// Add the wire-plugin.exe to the Windows Firewall allowed list
Process p = Process.GetCurrentProcess();
if(p != null) {
if(Misc.GetOSName().Contains("Windows XP")) {
Misc.runCmdLine("netsh firewall delete allowedprogram \"" + p.MainModule.FileName + "\"");
Misc.runCmdLine("netsh firewall add allowedprogram program=\"" + p.MainModule.FileName + "\" name=\"ESL Wire Plugin\" mode=ENABLE scope=ALL profile=ALL");
} else {
Misc.runCmdLine("netsh advfirewall firewall delete rule name=\"ESL Wire Plugin\"");
Misc.runCmdLine("netsh advfirewall firewall add rule name=\"ESL Wire Plugin\" dir=in action=allow program=\"" + p.MainModule.FileName + "\" enable=yes remoteip=any profile=public,private");
}
}
} catch(Exception e) { Log.WriteLog(e.ToString()); }
try {
checkForUpdate();
} catch(Exception e) { Log.WriteLog(e.ToString()); }
try {
if(!UacHelper.IsProcessElevated) {
Misc.EndProcessAdmin();
}
} catch(Exception e) { Log.WriteLog(e.ToString()); }
// Check if SA-MP is open already
ProcessMemory Mem = new ProcessMemory("samp");
if(Mem.CheckProcess()) {
Log.WriteLog("Warning: SA-MP Was already started when ESL Wire was launched.");
Process[] p = Process.GetProcessesByName("samp");
foreach(Process proc in p) {
if(proc != null) {
checkGame(4039, proc.MainModule.FileName);
}
}
}
}