/// <summary>
/// The btn pd click.
/// </summary>
/// <param name="sender">
/// The sender.
/// </param>
/// <param name="e">
/// The e.
/// </param>
private void BtnPdClick(object sender, RoutedEventArgs e)
{
byte[] dllName = Encoding.ASCII.GetBytes("teknomw3.dll");
if (
MessageBox.Show(
"This is only intented if you have the game running in the backround connected to Steam and it is recommented that you are in the barracks.",
"Are you sure you want to continue?",
MessageBoxButton.YesNo,
MessageBoxImage.Question) == MessageBoxResult.No)
{
return;
}
Process[] proc = getProcesses("iw5mp.exe");
if (proc == null)
{
MessageBox.Show("Target process not found");
return;
}
IntPtr ptrProc = Win32Apis.OpenProcess(ACLOC, false, proc[0].Id);
if (ptrProc == IntPtr.Zero)
{
MessageBox.Show("Target process pointer is invalid");
return;
}
var retLib =
(IntPtr)((int)Win32Apis.GetProcAddress(Win32Apis.GetModuleHandle("Kernel32.dll"), "LoadLibraryA"));
if (retLib == (IntPtr)0)
{
MessageBox.Show("Loadlibrary unreachable");
return;
}
int objBuffer = dllName.Length + 1;
IntPtr objPtr = Win32Apis.VirtualAllocEx(
ptrProc, new IntPtr(0), (uint)objBuffer, (Win32Apis.AllocationType) 4096, (Win32Apis.MemoryProtection) 4);
if (objPtr == (IntPtr)0)
{
MessageBox.Show("Virtual alloc failure");
return;
}
UIntPtr byteswrite;
bool ret = Win32Apis.WriteProcessMemory(ptrProc, objPtr, dllName, (uint)objBuffer, out byteswrite);
if (byteswrite == (UIntPtr)0)
{
MessageBox.Show("Write process mem failure");
return;
}
var mutex = new Mutex(false, "TeknoPDump" + (proc[0].Id ^ 0x80).ToString("X8"));
Win32Apis.CreateRemoteThread(ptrProc, new IntPtr(0), new IntPtr(0), retLib, objPtr, 0, (IntPtr)0);
Win32Apis.CloseHandle(ptrProc);
Thread.Sleep(6000);
mutex.Close();
}
/// <summary>
/// The threadi.
/// </summary>
private void threadi()
{
var si = new STARTUPINFO();
var pi = new PROCESS_INFORMATION();
byte[] array = File.ReadAllBytes(this.ExecutableName);
var peptr = new byte[4];
Array.Copy(array, 0x3C, peptr, 0, 2);
var temparray = new byte[4];
int peLocation = BytesToInt(peptr);
int virtualSize = peLocation + 0x128;
int virtualAddress = peLocation + 0x12C;
int rawSize = peLocation + 0x130;
int rawLocation = peLocation + 0x134;
Array.Copy(array, rawSize, temparray, 0, 4);
rawSize = BytesToInt(temparray);
Array.Copy(array, rawLocation, temparray, 0, 4);
rawLocation = BytesToInt(temparray);
Array.Copy(array, virtualAddress, temparray, 0, 4);
virtualAddress = BytesToInt(temparray) + 0x400000;
Array.Copy(array, virtualSize, temparray, 0, 4);
virtualSize = Round1000(BytesToInt(temparray));
int steamapi = IndexOf(array, Encoding.ASCII.GetBytes("steam_api.dll"));
if (steamapi < rawLocation && steamapi > rawLocation + rawSize)
{
MessageBox.Show(
"Cannot find steam_api.dll string in executable, make sure you have the proper original files!");
return;
}
int location = steamapi - rawLocation;
if (
!Win32Apis.CreateProcess(
this.ExecutableName,
this.Commandargs,
IntPtr.Zero,
IntPtr.Zero,
false,
0x4 | 0x200,
IntPtr.Zero,
null,
ref si,
out pi))
{
MessageBox.Show("Cannot create process!");
return;
}
this.thread = pi.hThread;
uint oldprot;
Win32Apis.VirtualProtectEx(
pi.hProcess, new IntPtr(virtualAddress), new UIntPtr((uint)virtualSize), 0x40, out oldprot);
UIntPtr ptr;
Win32Apis.WriteProcessMemory(
pi.hProcess, new IntPtr(virtualAddress + location), Encoding.ASCII.GetBytes("teknomw3.dll"), 13, out ptr);
uint newprot;
Win32Apis.VirtualProtectEx(
pi.hProcess, new IntPtr(virtualAddress), new UIntPtr((uint)virtualSize), oldprot, out newprot);
if (ptr == (UIntPtr)0)
{
MessageBox.Show("Cannot write to process memory!");
Win32Apis.TerminateProcess(pi.hProcess, 0);
Win32Apis.TerminateThread(pi.hThread, 0);
return;
}
this.mutex = new Mutex(false, "TeknoMW3" + (pi.dwProcessId ^ 0x57).ToString("X8"));
Win32Apis.ResumeThread(pi.hThread);
}