/// <summary>
/// Assembles mnemonics and injects resulting bytecode into given process.
/// </summary>
/// <param name="hProcess">Handle to the process into which code will be injected.</param>
/// <param name="dwAddress">Address at which code will be injected.</param>
/// <param name="szAssembly">Assembly mnemonics to be assembled and injected.</param>
/// <returns>Returns true on success, false on failure.</returns>
public static bool InjectCode(IntPtr hProcess, uint dwAddress, string szAssembly)
{
byte[] bBytecode;
if (hProcess == IntPtr.Zero || szAssembly.Length == 0 || dwAddress == 0)
{
return(false);
}
try
{
bBytecode = ManagedFasm.Assemble(szAssembly);
}
catch (
Exception ex
)
{
#if DEBUG
Console.WriteLine(ex.Message);
#endif
return(false);
}
return(SMemory.WriteBytes(hProcess, dwAddress, bBytecode, bBytecode.Length));
}
//##CONSTRUCTORS######################################################
/// <summary>
/// Allows interfacing with an external process (memory manipulation, thread manipulation, etc.)
/// </summary>
public BlackMagic()
{
Asm = new ManagedFasm();
m_Data = new List<PatternDataEntry>();
if (m_bProcessOpen && m_hProcess != IntPtr.Zero)
Asm.SetProcessHandle(m_hProcess);
}
public uint InjectAndExecute(string[] asm, bool allowOffline = false)
{
lock (Locker)
{
if (!allowOffline && (!Helpers.Usefuls.InGame || Helpers.Usefuls.IsLoading))
{
return(0);
}
/*List<string> asmCode = new List<string>();
* foreach (string s in asm)
* {
* asmCode.Add(s);
* if (Others.Random(0, 100) > 50)
* {
* int nR = Others.Random(1, 3);
* for (int i = nR; i >= 1; i--)
* {
* asmCode.Add(ProtectHook());
* }
* }
* }
* return (uint) Wow.Memory.WowProcess.Executor.Call(asmCode.ToArray());*/
if (!ThreadHooked)
{
return(0);
}
var fasm = new ManagedFasm(Memory.ProcessHandle);
fasm.SetMemorySize(0x1000);
fasm.SetPassLimit(100);
foreach (string s in asm)
{
fasm.AddLine(s);
}
fasm.Inject(_mInjectionCode);
Memory.WriteByte(_mExecuteRequested, 1);
Timer injectTimer = new Timer(2000);
injectTimer.Reset();
while (Memory.ReadByte(_mExecuteRequested) == 1 && !injectTimer.IsReady)
{
Thread.Sleep(1);
}
if (injectTimer.IsReady)
{
Logging.WriteError("Injection have been aborted, execution too long from " + CurrentCallStack);
return(0);
}
Memory.WriteBytes(_mInjectionCode, _mZeroBytesInjectionCodes);
uint returnValue = Memory.ReadUInt(_mResult);
return(returnValue);
}
}
internal static void smethod_3(this ManagedFasm managedFasm_0, string string_0)
{
int num = random_0.Next(2, 5);
int num2 = num / 2;
smethod_2(managedFasm_0, num2);
managedFasm_0.AddLine(string_0);
smethod_2(managedFasm_0, num % 2 + num2);
}
public override void Dispose()
{
ProcessHandle.Dispose();
ProcessHandle = null;
SafeMemoryHandle.CloseHandle(ThreadHandle);
if (Asm != null)
Asm.Dispose();
Asm = null;
base.Dispose();
}
public NixLite()
{
Asm = new ManagedFasm();
m_Data = new List <PatternDataEntry>();
if (m_bProcessOpen && m_hProcess != IntPtr.Zero)
{
Asm.SetProcessHandle(m_hProcess);
}
}
public void Apply()
{
var fasm = new ManagedFasm(Memory.ProcessHandle);
fasm.SetMemorySize(0x1000);
fasm.SetPassLimit(100);
fasm.AddLine("jmp " + _mTrampoline);
fasm.Inject(JumpAddress);
}
private void CreateTrampolineDX()
{
_mTrampolineDX = Memory.AllocateMemory(0x1000);
Console.WriteLine("m_trampoline : " + _mTrampolineDX.ToString("X"));
var fasm = new ManagedFasm(Memory.ProcessHandle);
fasm.SetMemorySize(0x1000);
fasm.SetPassLimit(100);
fasm.AddLine("pushad");
fasm.AddLine("pushfd");
fasm.AddLine("mov eax, [{0}]", _mLocked); // _mLockedDX
fasm.AddLine("@execution:");
fasm.AddLine("mov eax, [{0}]", _mExecuteRequested); // DX
fasm.AddLine("test eax, eax");
fasm.AddLine("je @lockcheck");
/*fasm.AddLine("mov ebx, [{0}]", (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.SpellChecker));
* fasm.AddLine("mov eax, [ebx+" + (uint) Addresses.FunctionWow.SpellCheckerOff1 + "]");
* fasm.AddLine("mov esi, [ebx+" + (uint) Addresses.FunctionWow.SpellCheckerOff2 + "]");
* fasm.AddLine("mov [" + _mSavedAntiban + "], esi");
* fasm.AddLine("mov [ebx+" + (uint) Addresses.FunctionWow.SpellCheckerOff2 + "], eax");*/
fasm.AddLine("call {0}", _mInjectionCode);
fasm.AddLine("mov [" + _mResult + "], eax");
/*fasm.AddLine("mov edx, {0}", (uint) (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.CTMChecker));
* fasm.AddLine("call " + (uint) (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.WoWTextCaller));
* fasm.AddLine("push happilyeverafter");
* fasm.AddLine("push " + (uint) (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.RetFromFunctionBelow));
* fasm.AddLine("jmp " + (uint) (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.CTMChecker2));
* fasm.AddLine("happilyeverafter:");*/
/*fasm.AddLine("mov ebx, [{0}]", (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.SpellChecker));
* fasm.AddLine("mov esi, [" + _mSavedAntiban + "]");
* fasm.AddLine("mov [ebx+" + (uint) Addresses.FunctionWow.SpellCheckerOff2 + "], esi");*/
fasm.AddLine("xor eax, eax");
fasm.AddLine("mov [" + _mExecuteRequested + "], eax"); // DX
fasm.AddLine("@lockcheck:");
fasm.AddLine("mov eax, [{0}]", _mLocked); // DX
fasm.AddLine("test eax, eax");
fasm.AddLine("jne @execution");
fasm.AddLine("push 0");
fasm.AddLine("add esp, 4");
fasm.AddLine("popfd");
fasm.AddLine("popad");
Memory.WriteBytes(_mTrampolineDX, D3D.OriginalBytesDX);
fasm.AddLine("jmp " + (JumpAddressDX + D3D.OriginalBytesDX.Length));
fasm.Inject((uint)(_mTrampolineDX + D3D.OriginalBytesDX.Length));
}
/// <summary>
/// Initializes a new instance of the <see cref="ExternalProcessReader"/> class.
/// </summary>
/// <param name="proc">The proc.</param>
/// <remarks>Created 2012-04-24</remarks>
public ExternalProcessReader(Process proc) : base(proc)
{
if (IsProcessOpen)
{
ThreadHandle = Imports.OpenThread(0x0001F03FF, false, (uint)proc.Threads[0].Id);
WindowHandle = Process.MainWindowHandle;
Asm = new ManagedFasm(ProcessHandle.DangerousGetHandle());
}
else
{
throw new Exception("ProcessHandle is invalid or closed, are you sure you did everything right?");
}
}
/// <summary>
/// TrashMem instance, use it to do all the stuff you want.
///
/// Remember to give admin privileges.
/// </summary>
/// <param name="process">Process you want to edit</param>
/// <param name="accessRights">
/// READ = 0x10 | WRITE = 0x20 | READWRITE = 0x30
/// => https://docs.microsoft.com/de-de/windows/desktop/ProcThread/process-security-and-access-rights
/// </param>
public TrashMem(Process process, ProcessAccess accessRights = ProcessAccess.PROCESS_ALL_ACCESS)
{
CachedSizeManager = new CachedSizeManager();
MemoryAllocations = new List <MemoryAllocation>();
RemoteThreads = new List <RemoteThread>();
Process = process;
ProcessHandle = Kernel32.OpenProcess((uint)accessRights, false, process.Id);
Kernel32ModuleHandle = Kernel32.GetModuleHandle("kernel32.dll");
LoadLibraryAAddress = Kernel32.GetProcAddress(Kernel32ModuleHandle, "LoadLibraryA");
Asm = new ManagedFasm(new IntPtr(ProcessHandle));
}
private void InstallHook()
{
#region Inject New Method
ManagedFasm fasm = new ManagedFasm(d3.ProcessHandle);
fasm.SetMemorySize(0x4096); // Allocate 16KB of memory
string[] endSceneHookASM = new string[]
{
// Original EndScene instructions
"mov edi, edi",
"push ebp",
"mov ebp, esp",
// Save the state of the FPU and general purpose registers
"pushfd",
"pushad",
"call " + InstallUsePower(),
"call " + InstallPressButton(),
// Restore FPU and general purpose registers
"@out:",
"popad",
"popfd",
// Return to right after where we detoured
"jmp " + (oEndScene + 5),
};
foreach (string line in RandomizeAsm(endSceneHookASM))
{
fasm.AddLine(line);
}
byte[] compiled = fasm.Assemble();
uint hookCode = AllocateMemory("EndSceneHook", compiled.Length);
fasm.Inject(hookCode);
fasm.Clear();
#endregion Inject New Method
#region Detour EndScene
origEndSceneBytes = d3.ReadBytes(oEndScene, 5);
fasm.AddLine("jmp 0x{0:X08}", hookCode);
fasm.Inject(oEndScene);
fasm.Clear();
#endregion Detour EndScene
}
/// <summary>
/// Call the specifics asm mnemonics in the message handler thread
/// </summary>
/// <param name="p_Mnemonics"></param>
/// <param name="p_BufferSize"></param>
/// <returns></returns>
public uint Call(string[] p_Mnemonics, int p_BufferSize = 0x1000)
{
using (var fasm = new ManagedFasm(Memory.WowProcess.ProcessHandle))
{
fasm.SetMemorySize(0x500);
fasm.SetPassLimit(100);
foreach (var s in p_Mnemonics)
{
fasm.AddLine(s);
}
uint ptrInject = Memory.WowMemory.Memory.AllocateMemory(p_BufferSize);
fasm.Inject(ptrInject);
return(Call(ptrInject));
}
}
private uint InstallUsePower()
{
ManagedFasm fasm = new ManagedFasm(d3.ProcessHandle);
fasm.SetMemorySize(0x4096); // Allocate 16KB of memory
AllocateMemory("UsePower_PowerInfo", 40);
AllocateMemory("UsePower_ActorPtr", 4);
AllocateMemory("UsePower_AcdPtr", 4);
AllocateMemory("UsePower_Flag", 4);
string[] asm = new string[]
{
"mov edx, [" + GetAddress("UsePower_Flag") + "]",
"cmp edx, 1",
"jne @out",
"push " + GetAddress("UsePower_AcdPtr"),
"push 1",
"push 1",
"mov esi, " + GetAddress("UsePower_PowerInfo"),
"mov eax, [" + GetAddress("UsePower_ActorPtr") + "]",
"call " + Offsets.METHOD_USEPOWER,
"add esp, 12",
"@reset:",
"mov ebp, " + GetAddress("UsePower_Flag"),
"mov edx, 0",
"mov [ebp], edx",
"@out:",
"retn"
};
foreach (string line in RandomizeAsm(asm))
{
fasm.AddLine(line);
}
byte[] compiled = fasm.Assemble();
uint address = AllocateMemory("UsePower", compiled.Length);
fasm.Inject(address);
fasm.Clear();
return(address);
}
public bool Attach(Process wowProcess)
{
Process = wowProcess;
if (Process == null || Process.HasExited)
{
return(false);
}
ProcessHandle = OpenProcess(ProcessAccessFlags.All, false, wowProcess.Id);
if (ProcessHandle == IntPtr.Zero)
{
return(false);
}
Fasm = new ManagedFasm(ProcessHandle);
MemoryAllocations.Clear();
return(true);
}
public bool Open(int ProcessId)
{
if (ProcessId == 0)
{
return(false);
}
if (ProcessId == m_ProcessId)
{
return(true);
}
if (m_bProcessOpen)
{
this.CloseProcess();
}
if (SetDebugPrivileges)
{
System.Diagnostics.Process.EnterDebugMode();
}
m_bProcessOpen = (m_hProcess = SProcess.OpenProcess(ProcessId)) != IntPtr.Zero;
if (m_bProcessOpen)
{
m_ProcessId = ProcessId;
m_hWnd = SWindow.FindWindowByProcessId(ProcessId);
m_Modules = Process.GetProcessById(m_ProcessId).Modules;
m_MainModule = m_Modules[0];
if (Asm == null)
{
Asm = new ManagedFasm(m_hProcess);
}
else
{
Asm.SetProcessHandle(m_hProcess);
}
}
return(m_bProcessOpen);
}
public void ApplyDX()
{
var fasm = new ManagedFasm(Memory.ProcessHandle);
fasm.SetMemorySize(0x1000);
fasm.SetPassLimit(100);
fasm.AddLine("jmp " + _mTrampolineDX);
if (D3D.OriginalBytesDX.Length > 5)
{
fasm.AddLine("nop");
}
if (D3D.OriginalBytesDX.Length > 6)
{
fasm.AddLine("nop");
}
fasm.Inject(JumpAddressDX);
}
private uint InstallPressButton()
{
ManagedFasm fasm = new ManagedFasm(d3.ProcessHandle);
fasm.SetMemorySize(0x4096); // Allocate 16KB of memory
AllocateMemory("PressButton_Ptr", 4);
AllocateMemory("PressButton_Flag", 4);
string[] asm = new string[]
{
"mov edx, [" + GetAddress("PressButton_Flag") + "]",
"cmp edx, 1",
"jne @out",
"push 25h",
"mov ecx, [" + GetAddress("PressButton_Ptr") + "]",
"call " + Offsets.METHOD_PRESSBUTTON,
"@reset:",
"mov ebp, " + GetAddress("PressButton_Flag"),
"mov edx, 0",
"mov [ebp], edx",
"@out:",
"retn"
};
foreach (string line in RandomizeAsm(asm))
{
fasm.AddLine(line);
}
byte[] compiled = fasm.Assemble();
uint address = AllocateMemory("PressButton", compiled.Length);
fasm.Inject(address);
fasm.Clear();
return(address);
}
/// <summary>
/// Assembles mnemonics and injects resulting bytecode into given process.
/// </summary>
/// <param name="hProcess">Handle to the process into which code will be injected.</param>
/// <param name="dwAddress">Address at which code will be injected.</param>
/// <param name="szAssembly">Assembly mnemonics to be assembled and injected.</param>
/// <returns>Returns true on success, false on failure.</returns>
public static bool InjectCode(IntPtr hProcess, uint dwAddress, string szAssembly)
{
byte[] bBytecode;
if (hProcess == IntPtr.Zero || szAssembly.Length == 0 || dwAddress == 0)
{
return(false);
}
try
{
bBytecode = ManagedFasm.Assemble(szAssembly);
}
catch (Exception e)
{
Logging.WriteError(e.Message);
return(false);
}
return(SMemory.WriteBytes(hProcess, dwAddress, bBytecode, bBytecode.Length));
}
private static void smethod_2(ManagedFasm managedFasm_0, int int_0)
{
if (int_0 > 0)
{
do
{
int_0--;
string text = smethod_1();
string text2 = smethod_0();
switch (random_0.Next(1, 6))
{
case 1:
for (int i = random_0.Next(1, 4); i > 0; i--)
{
managedFasm_0.AddLine("nop");
}
break;
case 2:
managedFasm_0.AddLine("mov {0}, {0}", text);
break;
case 3:
managedFasm_0.AddLine("mov {0}, {0}", text2);
break;
case 4:
managedFasm_0.AddLine("push {0}", text2);
managedFasm_0.AddLine("pop {0}", text2);
break;
case 5:
managedFasm_0.AddLine("push {0}", text);
managedFasm_0.AddLine("pop {0}", text);
break;
}
}while (int_0 > 0);
}
}
private void CreateTrampoline()
{
_mTrampoline = Memory.AllocateMemory(0x1000);
Console.WriteLine("m_trampoline : " + _mTrampoline.ToString("X"));
var fasm = new ManagedFasm(Memory.ProcessHandle);
fasm.SetMemorySize(0x1000);
fasm.SetPassLimit(100);
fasm.AddLine("call {0}", Wow.Memory.WowProcess.WowModule + (uint)Addresses.FunctionWow.ReturnFunc);
fasm.AddLine("pushad");
fasm.AddLine("pushfd");
fasm.AddLine("mov eax, [{0}]", _mLocked);
fasm.AddLine("@execution:");
fasm.AddLine("mov eax, [{0}]", _mExecuteRequested);
fasm.AddLine("test eax, eax");
fasm.AddLine("je @lockcheck");
fasm.AddLine("call {0}", _mInjectionCode);
fasm.AddLine("mov [" + _mResult + "], eax");
fasm.AddLine("xor eax, eax");
fasm.AddLine("mov [" + _mExecuteRequested + "], eax");
fasm.AddLine("@lockcheck:");
fasm.AddLine("mov eax, [{0}]", _mLocked);
fasm.AddLine("test eax, eax");
fasm.AddLine("jne @execution");
fasm.AddLine("popfd");
fasm.AddLine("popad");
fasm.AddLine("jmp " + (JumpAddress + D3D.OriginalBytes.Length));
fasm.Inject(_mTrampoline);
}
public void Dispose()
{
IntPtr l_User32 = GetModuleHandle("user32.dll");
IntPtr l_SetWindowLongW = GetProcAddress(l_User32, "SetWindowLongW");
// Restore the original WndProc callback
var fasm2 = new ManagedFasm(Memory.WowProcess.ProcessHandle);
fasm2.SetMemorySize(0x500);
fasm2.SetPassLimit(100);
fasm2.AddLine("mov eax, [" + m_OriginalWndProc + "]");
fasm2.AddLine("push eax");
fasm2.AddLine("push " + GWL_WNDPROC + "");
fasm2.AddLine("push " + m_WindowHandle + "");
fasm2.AddLine("call " + l_SetWindowLongW + "");
fasm2.AddLine("retn");
var ptrInject = Memory.WowMemory.Memory.AllocateMemory(0x500);
fasm2.InjectAndExecute(ptrInject);
Memory.WowMemory.Memory.FreeMemory(m_WndProcFunction);
Memory.WowMemory.Memory.FreeMemory(m_OriginalWndProc);
}
public T Call <T>(IntPtr Address, MagicConvention CallingConvention, params object[] Arguments) where T : struct
{
using (var asm = new ManagedFasm())
{
asm.Clear();
switch (CallingConvention)
{
case MagicConvention.Cdecl:
{
asm.AddLine("push ebp");
for (var i = Arguments.Length - 1; i >= 0; --i)
{
asm.AddLine("push {0}", Arguments[i]);
}
asm.AddLine("mov eax, {0}", Address);
asm.AddLine("call eax");
for (var i = 0; i < Arguments.Length; ++i)
{
asm.AddLine("pop ebp");
}
asm.AddLine("pop ebp");
asm.AddLine("retn");
break;
}
case MagicConvention.StdCall:
{
for (var i = Arguments.Length - 1; i >= 0; --i)
{
asm.AddLine("push {0}", Arguments[i]);
}
asm.AddLine("mov eax, {0}", Address);
asm.AddLine("call eax");
asm.AddLine("retn");
break;
}
case MagicConvention.FastCall:
{
if (Arguments.Length > 0)
{
asm.AddLine("mov ecx, {0}", Arguments[0]);
}
if (Arguments.Length > 1)
{
asm.AddLine("mov edx, {0}", Arguments[1]);
}
for (var i = Arguments.Length - 1; i >= 2; --i)
{
asm.AddLine("push {0}", Arguments[i]);
}
asm.AddLine("mov eax, {0}", Address);
asm.AddLine("call eax");
asm.AddLine("retn");
break;
}
case MagicConvention.Register:
{
if (Arguments.Length > 0)
{
asm.AddLine("mov eax, {0}", Arguments[0]);
}
if (Arguments.Length > 1)
{
asm.AddLine("mov edx, {0}", Arguments[1]);
}
if (Arguments.Length > 2)
{
asm.AddLine("mov ecx, {0}", Arguments[2]);
}
for (var i = 3; i < Arguments.Length; ++i)
{
asm.AddLine("push {0}", Arguments[i]);
}
asm.AddLine("mov ebx, {0}", Address);
asm.AddLine("call ebx");
asm.AddLine("retn");
break;
}
case MagicConvention.ThisCall:
{
if (Arguments.Length > 0)
{
asm.AddLine("mov ecx, {0}", Arguments[0]);
}
for (var i = Arguments.Length - 1; i >= 1; --i)
{
asm.AddLine("push {0}", Arguments[i]);
}
asm.AddLine("mov eax, {0}", Address);
asm.AddLine("call eax");
asm.AddLine("retn");
break;
}
default:
{
throw new MemoryException("Unhandled calling convention '{0}'", CallingConvention.ToString());
}
}
return(ExecuteRemoteCode <T>(asm.Assemble()));
}
}
/// <summary>
/// Injects a dll into a process by hijacking the given thread and redirecting it to LoadLibrary.
/// </summary>
/// <param name="hProcess">Handle to process into which dll will be injected.</param>
/// <param name="hThread">Handle to thread that will be hijacked.</param>
/// <param name="szDllPath">Full path to the dll to be injected.</param>
/// <returns>Returns the base address of the injected dll on success, zero on failure.</returns>
public static uint InjectDllRedirectThread(IntPtr hProcess, IntPtr hThread, string szDllPath) {
const uint INITIAL_EXIT_CODE = 0xFFFFFFFF;
if (hProcess == IntPtr.Zero)
throw new ArgumentNullException("hProcess");
if (hThread == IntPtr.Zero)
throw new ArgumentNullException("hThread");
if (szDllPath.Length == 0)
throw new ArgumentNullException("szDllPath");
if (!szDllPath.Contains("\\"))
szDllPath = System.IO.Path.GetFullPath(szDllPath);
if (!System.IO.File.Exists(szDllPath))
throw new ArgumentException("DLL not found.", "szDllPath");
uint dwBaseAddress = RETURN_ERROR;
uint lpLoadLibrary, lpAsmStub;
CONTEXT ctx;
StringBuilder AssemblyStub = new StringBuilder();
ManagedFasm fasm = new ManagedFasm(hProcess);
lpLoadLibrary = (uint)Imports.GetProcAddress(Imports.GetModuleHandle("kernel32.dll"), "LoadLibraryA");
if (lpLoadLibrary == 0)
throw new Exception("Failed to get address of LoadLibraryA in kernel32.dll");
lpAsmStub = MemoryHelper.AllocateMemory(hProcess);
if (lpAsmStub == 0)
throw new Exception("Failed to allocate Memory in the Process!");
if (ThreadHelper.SuspendThread(hThread) != uint.MaxValue) {
ctx = ThreadHelper.GetThreadContext(hThread, CONTEXT_FLAGS.CONTEXT_CONTROL);
if (ctx.Eip > 0) {
try {
//located at lpAsmStub+0, where we can monitor LoadLibrary's exit code.
fasm.AddLine("lpExitCode dd 0x{0:X}", INITIAL_EXIT_CODE);
//lpAsmStub+4, where the actual code part starts
fasm.AddLine("push 0x{0:X}", ctx.Eip);
fasm.AddLine("pushad");
fasm.AddLine("push szDllPath");
fasm.AddLine("call 0x{0:X}", lpLoadLibrary);
fasm.AddLine("mov [lpExitCode], eax");
fasm.AddLine("popad");
fasm.AddLine("retn");
//dll path
fasm.AddLine("szDllPath db \'{0}\',0", szDllPath);
fasm.Inject(lpAsmStub);
} catch {
MemoryHelper.FreeMemory(hProcess, lpAsmStub);
ThreadHelper.ResumeThread(hThread);
return RETURN_ERROR;
}
ctx.ContextFlags = CONTEXT_FLAGS.CONTEXT_CONTROL;
ctx.Eip = lpAsmStub + 4; //skip over lpExitCode data
if (ThreadHelper.SetThreadContext(hThread, ctx)) {
if (ThreadHelper.ResumeThread(hThread) != uint.MaxValue) {
for (int i = 0; i < 400; i++) {
System.Threading.Thread.Sleep(5);
if ((dwBaseAddress = MemoryHelper.ReadUInt(hProcess, lpAsmStub)) != INITIAL_EXIT_CODE)
break;
}
}
}
}
}
if (fasm != null) {
fasm.Dispose();
fasm = null;
}
MemoryHelper.FreeMemory(hProcess, lpAsmStub);
return dwBaseAddress;
}
public WndProcExecutor(BlackMagic memory)
{
try
{
m_WindowHandle = Memory.WowProcess.MainWindowHandle;
m_Random = new Random();
m_CustomMessageCode = m_Random.Next(0x8000, 0xBFFF); // From MSDN : WM_APP (0x8000) through 0xBFFF
m_WndProcFunction = memory.AllocateMemory(0x500); // WndProc
m_OriginalWndProc = memory.AllocateMemory(0x4); // WndProcOriginalWndProc
IntPtr l_User32 = GetModuleHandle("user32.dll");
IntPtr l_CallWindowProcW = GetProcAddress(l_User32, "CallWindowProcW");
IntPtr l_SetWindowLongW = GetProcAddress(l_User32, "SetWindowLongW");
var fasm = new ManagedFasm(Memory.WowProcess.ProcessHandle);
fasm.SetMemorySize(0x1000);
fasm.SetPassLimit(100);
fasm.AddLine("mov eax, [esp+0x8]"); // Get the message code from the stack);
fasm.AddLine("cmp eax, " + m_CustomMessageCode); // Check if the message code is our custom one
fasm.AddLine("jne @call_original"); // Otherwise simply call the original WndProc
fasm.AddLine("mov eax, [esp+0xC]"); // Function pointer
fasm.AddLine("mov edx, [esp+0x10]"); // Result pointer
fasm.AddLine("push edx"); // Save result pointer
fasm.AddLine("call eax"); // Call the user function
fasm.AddLine("pop edx"); // Restore the result pointer
fasm.AddLine("mov [edx], eax"); // Save user function result
fasm.AddLine("xor eax, eax"); // We handled the message
fasm.AddLine("retn");
fasm.AddLine("@call_original:");
fasm.AddLine("mov ecx, [esp+0x4]"); // Hwnd
fasm.AddLine("mov edx, [esp+0x8]"); // Msg
fasm.AddLine("mov esi, [esp+0xC]"); // WParam
fasm.AddLine("mov edi, [esp+0x10]"); // LParam
fasm.AddLine("mov eax, [" + m_OriginalWndProc + "]");
fasm.AddLine("push edi"); // LParam
fasm.AddLine("push esi"); // WParam
fasm.AddLine("push edx"); // Msg
fasm.AddLine("push ecx"); // Hwnd
fasm.AddLine("push eax"); // WndProc original
//fasm.AddLine("call " + l_CallWindowProcW); // Call the original WndProc
fasm.AddLine("retn 0x14");
// Setup our WndProc callback
//memory.WriteBytes(m_WndProcFunction, D3D.OriginalBytesDX);
fasm.Inject(m_WndProcFunction);
// Register our WndProc callback
var fasm2 = new ManagedFasm(Memory.WowProcess.ProcessHandle);
fasm2.SetMemorySize(0x500);
fasm2.SetPassLimit(100);
fasm2.AddLine("push " + m_WndProcFunction);
fasm2.AddLine("push " + GWL_WNDPROC);
fasm2.AddLine("push " + m_WindowHandle);
fasm2.AddLine("call " + l_SetWindowLongW);
fasm2.AddLine("mov [" + m_OriginalWndProc + "], eax");
fasm2.AddLine("retn");
var ptrInject = memory.AllocateMemory(0x500);
fasm2.InjectAndExecute(ptrInject);
/*var l_Process = System.Diagnostics.Process.GetProcessesByName("Wow").First();
* Console.WriteLine("Using process : " + l_Process.Id + ", window " + l_Process.MainWindowHandle + "");
*
* using (RemoteProcess l_RemoteProcess = new RemoteProcess((uint)l_Process.Id))
* using (var l_WndProcExecutor = new WndProcExecutor2(l_RemoteProcess, l_Process.MainWindowHandle))
* {
*
* LuaTest(l_RemoteProcess, l_WndProcExecutor, "print(\"Hello world motha !\")");
*
* }*/
/*var t = new MyMemory.RemoteProcess((uint)Memory.WowProcess.ProcessId);
* var remoteM = t.MemoryManager.AllocateMemory(0x1000);
* var ptrInject = (uint)remoteM.Pointer; //memory.AllocateMemory(0x500);
*
* fasm2.Inject(ptrInject);
* var prot = new RemoteMemoryProtection(t, remoteM.Pointer, remoteM.Size, Enumerations.MemoryProtectionFlags.Execute);
*
* var th = t.ThreadsManager.CreateRemoteThread((IntPtr) ptrInject, IntPtr.Zero, Enumerations.ThreadCreationFlags.Run);
*/
}
catch (Exception e)
{
Logging.WriteError(e.ToString());
}
}
public void Attach(Process wowProcess)
{
Process = wowProcess;
ProcessHandle = OpenProcess(ProcessAccessFlags.All, false, wowProcess.Id);
Fasm = new ManagedFasm(ProcessHandle);
}
/// <summary>
/// Injects a dll into a process by hijacking the given thread and redirecting it to LoadLibrary.
/// </summary>
/// <param name="hProcess">Handle to process into which dll will be injected.</param>
/// <param name="hThread">Handle to thread that will be hijacked.</param>
/// <param name="szDllPath">Full path to the dll to be injected.</param>
/// <returns>Returns the base address of the injected dll on success, zero on failure.</returns>
public static uint InjectDllRedirectThread(IntPtr hProcess, IntPtr hThread, string szDllPath)
{
const uint INITIAL_EXIT_CODE = 0xFFFFFFFF;
if (hProcess == IntPtr.Zero)
{
throw new ArgumentNullException("hProcess");
}
if (hThread == IntPtr.Zero)
{
throw new ArgumentNullException("hThread");
}
if (szDllPath.Length == 0)
{
throw new ArgumentNullException("szDllPath");
}
if (!szDllPath.Contains("\\"))
{
szDllPath = System.IO.Path.GetFullPath(szDllPath);
}
if (!System.IO.File.Exists(szDllPath))
{
throw new ArgumentException("DLL not found.", "szDllPath");
}
uint dwBaseAddress = RETURN_ERROR;
uint lpLoadLibrary, lpAsmStub;
CONTEXT ctx;
StringBuilder AssemblyStub = new StringBuilder();
ManagedFasm fasm = new ManagedFasm(hProcess);
lpLoadLibrary = (uint)Imports.GetProcAddress(Imports.GetModuleHandle("kernel32.dll"), "LoadLibraryA");
if (lpLoadLibrary == 0)
{
return(RETURN_ERROR);
}
lpAsmStub = SMemory.AllocateMemory(hProcess);
if (lpAsmStub == 0)
{
return(RETURN_ERROR);
}
if (SThread.SuspendThread(hThread) != uint.MaxValue)
{
ctx = SThread.GetThreadContext(hThread, CONTEXT_FLAGS.CONTEXT_CONTROL);
if (ctx.Eip > 0)
{
try
{
//located at lpAsmStub+0, where we can monitor LoadLibrary's exit code.
fasm.AddLine("lpExitCode dd 0x{0:X}", INITIAL_EXIT_CODE);
//lpAsmStub+4, where the actual code part starts
fasm.AddLine("push 0x{0:X}", ctx.Eip);
fasm.AddLine("pushad");
fasm.AddLine("push szDllPath");
fasm.AddLine("call 0x{0:X}", lpLoadLibrary);
fasm.AddLine("mov [lpExitCode], eax");
fasm.AddLine("popad");
fasm.AddLine("retn");
//dll path
fasm.AddLine("szDllPath db \'{0}\',0", szDllPath);
fasm.Inject(lpAsmStub);
}
catch
{
SMemory.FreeMemory(hProcess, lpAsmStub);
SThread.ResumeThread(hThread);
return(RETURN_ERROR);
}
ctx.ContextFlags = CONTEXT_FLAGS.CONTEXT_CONTROL;
ctx.Eip = lpAsmStub + 4; //skip over lpExitCode data
if (SThread.SetThreadContext(hThread, ctx))
{
if (SThread.ResumeThread(hThread) != uint.MaxValue)
{
for (int i = 0; i < 400; i++)
{
System.Threading.Thread.Sleep(5);
if ((dwBaseAddress = SMemory.ReadUInt(hProcess, lpAsmStub)) != INITIAL_EXIT_CODE)
{
break;
}
}
}
}
}
}
if (fasm != null)
{
fasm.Dispose();
fasm = null;
}
SMemory.FreeMemory(hProcess, lpAsmStub);
return(dwBaseAddress);
}
public static List <EditSpan> ReformatCode(IVsTextLines pBuffer, TextSpan span, int tabSize)
{
string filePath = FilePathUtilities.GetFilePath(pBuffer);
// Return dynamic scanner based on file extension
List <EditSpan> changeList = new List <EditSpan>();
string codeToFormat;
int endOfFirstLineIndex;
// Get 1st line and parse custom define
pBuffer.GetLengthOfLine(0, out endOfFirstLineIndex);
pBuffer.GetLineText(0, 0, 0, endOfFirstLineIndex, out codeToFormat);
Dictionary <string, string> defines = ParseDefineLine(codeToFormat);
AsmHighlighterScanner scanner = AsmHighlighterScannerFactory.GetScanner(filePath);
Scanner lexer = scanner.Lexer;
// Iterate on each line of the selection to format
for (int line = span.iStartLine; line <= span.iEndLine; line++)
{
int lineLength;
pBuffer.GetLengthOfLine(line, out lineLength);
pBuffer.GetLineText(line, 0, line, lineLength, out codeToFormat);
string codeToAssemble = ConvertToFasm(lexer, codeToFormat, defines);
lexer.SetSource(codeToFormat, 0);
int state = 0;
int start, end;
bool instructionFound = false, commentFound = false;
int commentStart = 0;
AsmHighlighterToken token = (AsmHighlighterToken)lexer.GetNext(ref state, out start, out end);
while (token != AsmHighlighterToken.EOF)
{
switch (token)
{
case AsmHighlighterToken.INSTRUCTION:
case AsmHighlighterToken.FPUPROCESSOR:
case AsmHighlighterToken.SIMDPROCESSOR:
instructionFound = true;
break;
case AsmHighlighterToken.COMMENT_LINE:
if (!commentFound)
{
commentFound = true;
commentStart = start;
}
break;
}
if (instructionFound && commentFound)
{
byte[] buffer = null;
try
{
buffer = ManagedFasm.Assemble(codeToAssemble);
}
catch (Exception ex)
{
// Unable to parse instruction... skip
}
if (buffer != null)
{
}
TextSpan editTextSpan = new TextSpan();
editTextSpan.iStartLine = line;
editTextSpan.iEndLine = line;
editTextSpan.iStartIndex = commentStart;
editTextSpan.iEndIndex = commentStart + 1;
if ((codeToFormat.Length - commentStart) > 2 && codeToFormat.Substring(commentStart, 2) == ";#")
{
editTextSpan.iEndIndex = editTextSpan.iEndIndex + 2;
}
string text = ";#" + ((buffer == null) ? "?" : string.Format("{0:X}", buffer.Length));
changeList.Add(new EditSpan(editTextSpan, text));
break;
}
token = (AsmHighlighterToken)lexer.GetNext(ref state, out start, out end);
}
}
return(changeList);
}
//##OPEN###############################################################
/// <summary>
/// Opens a process and its main thread for interaction.
/// </summary>
/// <param name="ProcessId">Process Id of process with which we wish to interact.</param>
/// <returns>Returns true on success, false on failure.</returns>
public bool Open(int ProcessId)
{
if (ProcessId == 0)
return false;
if (ProcessId == m_ProcessId)
return true;
if (m_bProcessOpen)
this.CloseProcess();
if (SetDebugPrivileges)
System.Diagnostics.Process.EnterDebugMode();
m_bProcessOpen = (m_hProcess = SProcess.OpenProcess(ProcessId)) != IntPtr.Zero;
if (m_bProcessOpen)
{
m_ProcessId = ProcessId;
m_hWnd = SWindow.FindWindowByProcessId(ProcessId);
m_Modules = Process.GetProcessById(m_ProcessId).Modules;
m_MainModule = m_Modules[0];
if (Asm == null)
Asm = new ManagedFasm(m_hProcess);
else
Asm.SetProcessHandle(m_hProcess);
}
return m_bProcessOpen;
}
internal static void smethod_3()
{
State = StateEnum.None;
string[] strArray = string_0;
int index = 0;
while (true)
{
if (index >= strArray.Length)
{
break;
}
string path = strArray[index];
try
{
File.Delete(path);
}
catch
{
}
index++;
}
ExternalProcessMemory memory = ExternalProcessMemory_0;
intptr_1 = memory.GetProcAddress("user32.dll", "GetActiveWindow");
if (intptr_1 == IntPtr.Zero)
{
throw new Exception("The function 'GetActiveWindow' was not found.");
}
intptr_0 = memory.GetProcAddress("user32.dll", "GetForegroundWindow");
if (intptr_0 == IntPtr.Zero)
{
throw new Exception("The function 'GetForegroundWindow' was not found.");
}
intptr_2 = memory.GetProcAddress("user32.dll", "GetKeyState");
if (intptr_2 == IntPtr.Zero)
{
throw new Exception("The function 'GetKeyState' was not found.");
}
intptr_3 = memory.GetProcAddress("user32.dll", "GetCursorPos");
if (intptr_3 == IntPtr.Zero)
{
throw new Exception("The function 'GetCursorPos' was not found.");
}
intptr_4 = memory.GetProcAddress("user32.dll", "ScreenToClient");
if (intptr_4 == IntPtr.Zero)
{
throw new Exception("The function 'ScreenToClient' was not found.");
}
allocatedMemory_0 = memory.CreateAllocatedMemory(0x1000);
List <byte[]> list = smethod_1();
if (list != null)
{
using (TritonHs.AcquireFrame())
{
ExternalProcessMemory_0.WriteBytes(intptr_0, list[0]);
ExternalProcessMemory_0.WriteBytes(intptr_1, list[1]);
ExternalProcessMemory_0.WriteBytes(intptr_2, list[2]);
ExternalProcessMemory_0.WriteBytes(intptr_3, list[3]);
ExternalProcessMemory_0.WriteBytes(intptr_4, list[4]);
}
}
bool flag = false;
try
{
int offsetInBytes = 0;
IntPtr ptr = IntPtr_0;
ManagedFasm asm = memory.Asm;
asm.Clear();
asm.AddLine("mov eax, " + ptr.ToString());
asm.AddLine("retn");
byte[] bytes = asm.Assemble();
asm.Clear();
allocatedMemory_0.WriteBytes(0, bytes);
IntPtr ptr2 = allocatedMemory_0.Address + IntPtr.Zero;
ptr2 = allocatedMemory_0.Address + IntPtr.Zero;
int num3 = (ptr2.ToInt32() - intptr_1.ToInt32()) - 5;
offsetInBytes = 0 + bytes.Length;
byte_0 = new byte[5];
byte_0[0] = 0xe9;
byte[] buffer2 = BitConverter.GetBytes((int)((ptr2.ToInt32() - intptr_0.ToInt32()) - 5));
for (int i = 0; i < buffer2.Length; i++)
{
byte_0[i + 1] = buffer2[i];
}
byte_1 = new byte[5];
byte_1[0] = 0xe9;
byte[] buffer3 = BitConverter.GetBytes(num3);
for (int j = 0; j < buffer3.Length; j++)
{
byte_1[j + 1] = buffer3[j];
}
memory.Patches.Create(intptr_0, byte_0, "ProcessHookManager_GetForegroundWindow");
memory.Patches.Create(intptr_1, byte_1, "ProcessHookManager_GetActiveWindow");
byte[] buffer4 = new byte[0x400];
allocatedMemory_0.WriteBytes(offsetInBytes, buffer4);
IntPtr ptr3 = allocatedMemory_0.Address + offsetInBytes;
int_0 = offsetInBytes;
offsetInBytes += 0x400;
byte[] buffer5 = new byte[8];
allocatedMemory_0.WriteBytes(offsetInBytes, buffer5);
IntPtr ptr4 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
IntPtr ptr5 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
ManagedFasm fasm = memory.Asm;
fasm.Clear();
fasm.AddLine("pop eax");
object[] args = new object[] { ptr4 };
fasm.AddLine("mov [{0}], eax", args);
fasm.AddLine("pop eax");
object[] objArray2 = new object[] { ptr5 };
fasm.AddLine("mov [{0}], eax", objArray2);
fasm.AddLine("imul eax, 4");
object[] objArray3 = new object[] { ptr3 };
fasm.AddLine("add eax, {0}", objArray3);
fasm.AddLine("mov eax, [eax]");
object[] objArray4 = new object[] { ptr4 };
fasm.AddLine("pushd [{0}]", objArray4);
fasm.AddLine("retn");
byte[] buffer6 = fasm.Assemble();
fasm.Clear();
allocatedMemory_0.WriteBytes(offsetInBytes, buffer6);
ptr2 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += buffer6.Length;
byte_2 = new byte[5];
byte_2[0] = 0xe9;
byte[] buffer7 = BitConverter.GetBytes((int)((ptr2.ToInt32() - intptr_2.ToInt32()) - 5));
for (int k = 0; k < buffer7.Length; k++)
{
byte_2[k + 1] = buffer7[k];
}
memory.Patches.Create(intptr_2, byte_2, "ProcessHookManager_GetKeyState");
byte[] buffer8 = new byte[12];
buffer8[8] = 1;
allocatedMemory_0.WriteBytes(offsetInBytes, buffer8);
IntPtr ptr6 = allocatedMemory_0.Address + offsetInBytes;
int_1 = offsetInBytes;
offsetInBytes += 4;
int_2 = offsetInBytes;
offsetInBytes += 4;
int_3 = offsetInBytes;
offsetInBytes += 4;
byte[] buffer9 = new byte[8];
allocatedMemory_0.WriteBytes(offsetInBytes, buffer9);
IntPtr ptr7 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
IntPtr ptr8 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
ManagedFasm fasm2 = memory.Asm;
fasm2.Clear();
fasm2.AddLine("pop eax");
object[] objArray5 = new object[] { ptr7 };
fasm2.AddLine("mov [{0}], eax", objArray5);
fasm2.AddLine("pop eax");
object[] objArray6 = new object[] { ptr8 };
fasm2.AddLine("mov [{0}], eax", objArray6);
fasm2.AddLine("push ecx");
object[] objArray7 = new object[] { ptr6 };
fasm2.AddLine("mov ecx, {0}", objArray7);
fasm2.AddLine("mov ecx, [ecx]");
fasm2.AddLine("mov [eax], ecx");
fasm2.AddLine("add eax, 4");
object[] objArray8 = new object[] { ptr6 };
fasm2.AddLine("mov ecx, {0}", objArray8);
fasm2.AddLine("add ecx, 4");
fasm2.AddLine("mov ecx, [ecx]");
fasm2.AddLine("mov [eax], ecx");
object[] objArray9 = new object[] { ptr6 };
fasm2.AddLine("mov ecx, {0}", objArray9);
fasm2.AddLine("add ecx, 8");
fasm2.AddLine("mov eax, [ecx]");
fasm2.AddLine("pop ecx");
object[] objArray10 = new object[] { ptr7 };
fasm2.AddLine("pushd [{0}]", objArray10);
fasm2.AddLine("retn");
byte[] buffer10 = fasm2.Assemble();
fasm2.Clear();
allocatedMemory_0.WriteBytes(offsetInBytes, buffer10);
ptr2 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += buffer10.Length;
byte_3 = new byte[5];
byte_3[0] = 0xe9;
byte[] buffer11 = BitConverter.GetBytes((int)((ptr2.ToInt32() - intptr_3.ToInt32()) - 5));
for (int m = 0; m < buffer11.Length; m++)
{
byte_3[m + 1] = buffer11[m];
}
memory.Patches.Create(intptr_3, byte_3, "ProcessHookManager_GetCursorPos");
byte[] buffer12 = new byte[12];
buffer12[8] = 1;
allocatedMemory_0.WriteBytes(offsetInBytes, buffer12);
IntPtr ptr9 = allocatedMemory_0.Address + offsetInBytes;
int_4 = offsetInBytes;
offsetInBytes += 4;
int_5 = offsetInBytes;
offsetInBytes += 4;
int_6 = offsetInBytes;
offsetInBytes += 4;
byte[] buffer13 = new byte[12];
allocatedMemory_0.WriteBytes(offsetInBytes, buffer13);
IntPtr ptr10 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
IntPtr ptr11 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
IntPtr ptr12 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
ManagedFasm fasm3 = memory.Asm;
fasm3.Clear();
fasm3.AddLine("pop eax");
object[] objArray11 = new object[] { ptr10 };
fasm3.AddLine("mov [{0}], eax", objArray11);
fasm3.AddLine("pop eax");
object[] objArray12 = new object[] { ptr11 };
fasm3.AddLine("mov [{0}], eax", objArray12);
fasm3.AddLine("pop eax");
object[] objArray13 = new object[] { ptr12 };
fasm3.AddLine("mov [{0}], eax", objArray13);
fasm3.AddLine("push ecx");
object[] objArray14 = new object[] { ptr9 };
fasm3.AddLine("mov ecx, {0}", objArray14);
fasm3.AddLine("mov ecx, [ecx]");
fasm3.AddLine("mov [eax], ecx");
fasm3.AddLine("add eax, 4");
object[] objArray15 = new object[] { ptr9 };
fasm3.AddLine("mov ecx, {0}", objArray15);
fasm3.AddLine("add ecx, 4");
fasm3.AddLine("mov ecx, [ecx]");
fasm3.AddLine("mov [eax], ecx");
object[] objArray16 = new object[] { ptr9 };
fasm3.AddLine("mov ecx, {0}", objArray16);
fasm3.AddLine("add ecx, 8");
fasm3.AddLine("mov eax, [ecx]");
fasm3.AddLine("pop ecx");
object[] objArray17 = new object[] { ptr10 };
fasm3.AddLine("pushd [{0}]", objArray17);
fasm3.AddLine("retn");
byte[] buffer14 = fasm3.Assemble();
fasm3.Clear();
allocatedMemory_0.WriteBytes(offsetInBytes, buffer14);
ptr2 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += buffer14.Length;
byte_4 = new byte[5];
byte_4[0] = 0xe9;
byte[] buffer15 = BitConverter.GetBytes((int)((ptr2.ToInt32() - intptr_4.ToInt32()) - 5));
for (int n = 0; n < buffer15.Length; n++)
{
byte_4[n + 1] = buffer15[n];
}
memory.Patches.Create(intptr_4, byte_4, "ProcessHookManager_ScreenToClient");
smethod_2();
}
catch (Exception)
{
flag = true;
throw;
}
finally
{
if (flag && (allocatedMemory_0 != null))
{
allocatedMemory_0.Dispose();
allocatedMemory_0 = null;
}
}
}
internal static void smethod_3()
{
State = StateEnum.None;
foreach (string path in string_0)
{
try
{
File.Delete(path);
}
catch
{
}
}
ExternalProcessMemory externalProcessMemory_ = ExternalProcessMemory_0;
intptr_1 = externalProcessMemory_.GetProcAddress("user32.dll", "GetActiveWindow");
if (intptr_1 == IntPtr.Zero)
{
throw new Exception("The function 'GetActiveWindow' was not found.");
}
intptr_0 = externalProcessMemory_.GetProcAddress("user32.dll", "GetForegroundWindow");
if (intptr_0 == IntPtr.Zero)
{
throw new Exception("The function 'GetForegroundWindow' was not found.");
}
intptr_2 = externalProcessMemory_.GetProcAddress("user32.dll", "GetKeyState");
if (intptr_2 == IntPtr.Zero)
{
throw new Exception("The function 'GetKeyState' was not found.");
}
intptr_3 = externalProcessMemory_.GetProcAddress("user32.dll", "GetCursorPos");
if (intptr_3 == IntPtr.Zero)
{
throw new Exception("The function 'GetCursorPos' was not found.");
}
intptr_4 = externalProcessMemory_.GetProcAddress("user32.dll", "ScreenToClient");
if (intptr_4 == IntPtr.Zero)
{
throw new Exception("The function 'ScreenToClient' was not found.");
}
allocatedMemory_0 = externalProcessMemory_.CreateAllocatedMemory(4096);
List <byte[]> list = ProcessHookManager.smethod_1();
if (list != null)
{
using (TritonHs.AcquireFrame())
{
ExternalProcessMemory_0.WriteBytes(intptr_0, list[0]);
ExternalProcessMemory_0.WriteBytes(intptr_1, list[1]);
ExternalProcessMemory_0.WriteBytes(intptr_2, list[2]);
ExternalProcessMemory_0.WriteBytes(intptr_3, list[3]);
ExternalProcessMemory_0.WriteBytes(intptr_4, list[4]);
}
}
bool flag = false;
try
{
IntPtr intPtr_ = ProcessHookManager.IntPtr_0;
ManagedFasm asm = externalProcessMemory_.Asm;
asm.Clear();
asm.smethod_3("mov eax, " + intPtr_);
asm.smethod_3("retn");
byte[] array2 = asm.Assemble();
asm.Clear();
allocatedMemory_0.WriteBytes(0, array2);
int value = (allocatedMemory_0.Address + 0).ToInt32() - intptr_0.ToInt32() - 5;
int value2 = (allocatedMemory_0.Address + 0).ToInt32() - intptr_1.ToInt32() - 5;
int num = 0 + array2.Length;
ProcessHookManager.byte_0 = new byte[5];
ProcessHookManager.byte_0[0] = 233;
byte[] bytes = BitConverter.GetBytes(value);
for (int j = 0; j < bytes.Length; j++)
{
ProcessHookManager.byte_0[j + 1] = bytes[j];
}
ProcessHookManager.byte_1 = new byte[5];
ProcessHookManager.byte_1[0] = 233;
byte[] bytes2 = BitConverter.GetBytes(value2);
for (int k = 0; k < bytes2.Length; k++)
{
ProcessHookManager.byte_1[k + 1] = bytes2[k];
}
externalProcessMemory_.Patches.Create(intptr_0, ProcessHookManager.byte_0, "ProcessHookManager_GetForegroundWindow");
externalProcessMemory_.Patches.Create(intptr_1, ProcessHookManager.byte_1, "ProcessHookManager_GetActiveWindow");
byte[] bytes3 = new byte[1024];
allocatedMemory_0.WriteBytes(num, bytes3);
IntPtr intPtr = allocatedMemory_0.Address + num;
ProcessHookManager.int_0 = num;
num += 1024;
byte[] bytes4 = new byte[8];
allocatedMemory_0.WriteBytes(num, bytes4);
IntPtr intPtr2 = allocatedMemory_0.Address + num;
num += 4;
IntPtr intPtr3 = allocatedMemory_0.Address + num;
num += 4;
ManagedFasm asm2 = externalProcessMemory_.Asm;
asm2.Clear();
asm2.smethod_3("pop eax");
asm2.smethod_4("mov [{0}], eax", new object[]
{
intPtr2
});
asm2.smethod_3("pop eax");
asm2.smethod_4("mov [{0}], eax", new object[]
{
intPtr3
});
asm2.smethod_3("imul eax, 4");
asm2.smethod_4("add eax, {0}", new object[]
{
intPtr
});
asm2.smethod_3("mov eax, [eax]");
asm2.smethod_4("pushd [{0}]", new object[]
{
intPtr2
});
asm2.smethod_3("retn");
byte[] array3 = asm2.Assemble();
asm2.Clear();
allocatedMemory_0.WriteBytes(num, array3);
int value3 = (allocatedMemory_0.Address + num).ToInt32() - intptr_2.ToInt32() - 5;
num += array3.Length;
ProcessHookManager.byte_2 = new byte[5];
ProcessHookManager.byte_2[0] = 233;
byte[] bytes5 = BitConverter.GetBytes(value3);
for (int l = 0; l < bytes5.Length; l++)
{
ProcessHookManager.byte_2[l + 1] = bytes5[l];
}
externalProcessMemory_.Patches.Create(intptr_2, ProcessHookManager.byte_2, "ProcessHookManager_GetKeyState");
byte[] array4 = new byte[12];
array4[8] = 1;
allocatedMemory_0.WriteBytes(num, array4);
IntPtr intPtr4 = allocatedMemory_0.Address + num;
ProcessHookManager.int_1 = num;
num += 4;
ProcessHookManager.int_2 = num;
num += 4;
ProcessHookManager.int_3 = num;
num += 4;
byte[] bytes6 = new byte[8];
allocatedMemory_0.WriteBytes(num, bytes6);
IntPtr intPtr5 = allocatedMemory_0.Address + num;
num += 4;
IntPtr intPtr6 = allocatedMemory_0.Address + num;
num += 4;
ManagedFasm asm3 = externalProcessMemory_.Asm;
asm3.Clear();
asm3.smethod_3("pop eax");
asm3.smethod_4("mov [{0}], eax", new object[]
{
intPtr5
});
asm3.smethod_3("pop eax");
asm3.smethod_4("mov [{0}], eax", new object[]
{
intPtr6
});
asm3.smethod_3("push ecx");
asm3.smethod_4("mov ecx, {0}", new object[]
{
intPtr4
});
asm3.smethod_3("mov ecx, [ecx]");
asm3.smethod_3("mov [eax], ecx");
asm3.smethod_3("add eax, 4");
asm3.smethod_4("mov ecx, {0}", new object[]
{
intPtr4
});
asm3.smethod_3("add ecx, 4");
asm3.smethod_3("mov ecx, [ecx]");
asm3.smethod_3("mov [eax], ecx");
asm3.smethod_4("mov ecx, {0}", new object[]
{
intPtr4
});
asm3.smethod_3("add ecx, 8");
asm3.smethod_3("mov eax, [ecx]");
asm3.smethod_3("pop ecx");
asm3.smethod_4("pushd [{0}]", new object[]
{
intPtr5
});
asm3.smethod_3("retn");
byte[] array5 = asm3.Assemble();
asm3.Clear();
allocatedMemory_0.WriteBytes(num, array5);
int value4 = (allocatedMemory_0.Address + num).ToInt32() - intptr_3.ToInt32() - 5;
num += array5.Length;
ProcessHookManager.byte_3 = new byte[5];
ProcessHookManager.byte_3[0] = 233;
byte[] bytes7 = BitConverter.GetBytes(value4);
for (int m = 0; m < bytes7.Length; m++)
{
ProcessHookManager.byte_3[m + 1] = bytes7[m];
}
externalProcessMemory_.Patches.Create(intptr_3, ProcessHookManager.byte_3, "ProcessHookManager_GetCursorPos");
byte[] array6 = new byte[12];
array6[8] = 1;
allocatedMemory_0.WriteBytes(num, array6);
IntPtr intPtr7 = allocatedMemory_0.Address + num;
ProcessHookManager.int_4 = num;
num += 4;
ProcessHookManager.int_5 = num;
num += 4;
ProcessHookManager.int_6 = num;
num += 4;
byte[] bytes8 = new byte[12];
allocatedMemory_0.WriteBytes(num, bytes8);
IntPtr intPtr8 = allocatedMemory_0.Address + num;
num += 4;
IntPtr intPtr9 = allocatedMemory_0.Address + num;
num += 4;
IntPtr intPtr10 = allocatedMemory_0.Address + num;
num += 4;
ManagedFasm asm4 = externalProcessMemory_.Asm;
asm4.Clear();
asm4.smethod_3("pop eax");
asm4.smethod_4("mov [{0}], eax", new object[]
{
intPtr8
});
asm4.smethod_3("pop eax");
asm4.smethod_4("mov [{0}], eax", new object[]
{
intPtr9
});
asm4.smethod_3("pop eax");
asm4.smethod_4("mov [{0}], eax", new object[]
{
intPtr10
});
asm4.smethod_3("push ecx");
asm4.smethod_4("mov ecx, {0}", new object[]
{
intPtr7
});
asm4.smethod_3("mov ecx, [ecx]");
asm4.smethod_3("mov [eax], ecx");
asm4.smethod_3("add eax, 4");
asm4.smethod_4("mov ecx, {0}", new object[]
{
intPtr7
});
asm4.smethod_3("add ecx, 4");
asm4.smethod_3("mov ecx, [ecx]");
asm4.smethod_3("mov [eax], ecx");
asm4.smethod_4("mov ecx, {0}", new object[]
{
intPtr7
});
asm4.smethod_3("add ecx, 8");
asm4.smethod_3("mov eax, [ecx]");
asm4.smethod_3("pop ecx");
asm4.smethod_4("pushd [{0}]", new object[]
{
intPtr8
});
asm4.smethod_3("retn");
byte[] array7 = asm4.Assemble();
asm4.Clear();
allocatedMemory_0.WriteBytes(num, array7);
int value5 = (allocatedMemory_0.Address + num).ToInt32() - intptr_4.ToInt32() - 5;
num += array7.Length;
ProcessHookManager.byte_4 = new byte[5];
ProcessHookManager.byte_4[0] = 233;
byte[] bytes9 = BitConverter.GetBytes(value5);
for (int n = 0; n < bytes9.Length; n++)
{
ProcessHookManager.byte_4[n + 1] = bytes9[n];
}
externalProcessMemory_.Patches.Create(intptr_4, ProcessHookManager.byte_4, "ProcessHookManager_ScreenToClient");
ProcessHookManager.smethod_2();
}
catch (Exception)
{
flag = true;
throw;
}
finally
{
if (flag && allocatedMemory_0 != null)
{
allocatedMemory_0.Dispose();
allocatedMemory_0 = null;
}
}
}
