| private OpenProcess ( uint dwDesiredAccess, bool bInheritHandle, int dwProcessId ) : int | ||
| dwDesiredAccess | uint | |
| bInheritHandle | bool | |
| dwProcessId | int | |
| return | int | |
public void WriteProcessMemory_T()
{
IntPtr baseAddress = Marshal.AllocHGlobal(4);
const int buffer = 1337;
Marshal.WriteInt32(baseAddress, 0);
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
Assert.IsTrue(ProcessMemory.WriteProcessMemory(handle, baseAddress, buffer));
Assert.IsTrue(Marshal.ReadInt32(baseAddress) == buffer);
Marshal.WriteInt32(baseAddress, 0);
IntPtr bytesWritten = IntPtr.Zero;
Assert.IsTrue(ProcessMemory.WriteProcessMemory(handle, baseAddress, buffer, ref bytesWritten));
Assert.IsTrue(Marshal.ReadInt32(baseAddress) == buffer);
Assert.IsTrue(bytesWritten == (IntPtr)4);
Assert.IsTrue(ProcessMemory.CloseHandle(handle));
Marshal.FreeHGlobal(baseAddress);
}
public void ReadProcessMemory_T()
{
IntPtr baseAddress = Marshal.AllocHGlobal(4);
Marshal.WriteInt32(baseAddress, 1337);
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
int buffer = 0;
Assert.IsTrue(ProcessMemory.ReadProcessMemory(handle, baseAddress, ref buffer));
Assert.IsTrue(buffer == Marshal.ReadInt32(baseAddress));
buffer = 0;
IntPtr bytesRead = IntPtr.Zero;
Assert.IsTrue(ProcessMemory.ReadProcessMemory(handle, baseAddress, ref buffer, ref bytesRead));
Assert.IsTrue(buffer == Marshal.ReadInt32(baseAddress));
Assert.IsTrue(bytesRead == (IntPtr)4);
Assert.IsTrue(ProcessMemory.CloseHandle(handle));
Marshal.FreeHGlobal(baseAddress);
}
public void VirtualProtectEx()
{
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
IntPtr address = ProcessMemory.VirtualAllocEx(handle, IntPtr.Zero, (IntPtr)1024, AllocationType.Reserve | AllocationType.Commit, MemoryProtectionFlags.ExecuteReadWrite);
MemoryProtectionFlags oldProtection = default;
Assert.IsTrue(ProcessMemory.VirtualProtectEx(handle, address, (IntPtr)1024, MemoryProtectionFlags.NoAccess, ref oldProtection));
Assert.IsTrue(oldProtection == MemoryProtectionFlags.ExecuteReadWrite);
try
{
Marshal.WriteInt32(address, 1337);
throw new Exception();
}
catch
{
}
Assert.IsTrue(ProcessMemory.VirtualFreeEx(handle, address, IntPtr.Zero, FreeType.Release));
ProcessMemory.CloseHandle(handle);
}
public void Close()
{
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
Assert.IsTrue(ProcessMemory.CloseHandle(handle));
}
public void CreateRemoteThreadEx()
{
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
TestCreateRemoteThread_1(handle);
TestCreateRemoteThread_2(handle);
TestCreateRemoteThread_3(handle);
TestCreateRemoteThread_4(handle);
Assert.IsTrue(ProcessMemory.CloseHandle(handle));
}
private void MetroWindow_Loaded(object sender, RoutedEventArgs e)
{
_externalWindow.Owner = this;
_externalWindow.Show();
while (!_processMemory.OpenProcess(Config.ProcessName))
{
Thread.Sleep(100);
}
Thread.Sleep(1000);
Console.WriteLine("Hack on.");
_timer.Tick += (o, args) => Hack.Run(_game);
_timer.Interval = TimeSpan.FromMilliseconds(10);
_timer.Start();
}
public void VirtualAllocAndFree()
{
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
IntPtr address = ProcessMemory.VirtualAllocEx(handle, IntPtr.Zero, (IntPtr)1024, AllocationType.Reserve | AllocationType.Commit, MemoryProtectionFlags.ExecuteReadWrite);
Assert.IsFalse(address == IntPtr.Zero);
Assert.IsTrue(Marshal.ReadInt32(address) == 0);
Marshal.WriteInt32(address, 1337);
Assert.IsTrue(Marshal.ReadInt32(address) == 1337);
Assert.IsTrue(ProcessMemory.VirtualFreeEx(handle, address, IntPtr.Zero, FreeType.Release));
ProcessMemory.CloseHandle(handle);
}
protected override void Loop()
{
if (!ProcessMemory.IsRunProcess())
{
ConsoleSpiner consoleSpiner = new ConsoleSpiner();
Console.Write("Wait process ");
while (!ProcessMemory.OpenProcess(Config.Game.Process))
{
consoleSpiner.Turn();
Thread.Sleep(100);
}
Console.WriteLine("...");
Console.WriteLine($"Found process: ID:{ProcessMemory.Process.Id}");
}
while (true)
{
Render2D.WindowRenderTarget.Resize(new Size2(RenderSurface.Size.Width, RenderSurface.Height));
WriteMemory();
ReadMemory();
Render2D.BeginDraw();
Render2D.Clear();
Render2D.BrushColor = Color.Green;
Render2D.DrawRectangle(new SharpDX.RectangleF(0, 0, 1920, 1080));
Render2D.DrawLine(new Vector2(0, 0), new Vector2(1920, 1080));
Render2D.DrawLine(new Vector2(1920, 0), new Vector2(0, 1080));
Draw();
Render2D.EndDraw();
if (!ProcessMemory.IsRunProcess())
{
break;
}
}
}
public void WriteProcessMemory_TArray()
{
IntPtr baseAddress = Marshal.AllocHGlobal(16);
int[] buffer = new int[4];
for (int i = 0; i < buffer.Length; i++)
{
buffer[i] = 1337;
Marshal.WriteInt32(baseAddress, i * 4, 0);
}
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
Assert.IsTrue(ProcessMemory.WriteProcessMemoryArray(handle, baseAddress, buffer));
for (int i = 0; i < buffer.Length; i++)
{
Assert.IsTrue(Marshal.ReadInt32(baseAddress, i * 4) == 1337);
Marshal.WriteInt32(baseAddress, i * 4, 0);
}
IntPtr bytesWritten = IntPtr.Zero;
Assert.IsTrue(ProcessMemory.WriteProcessMemoryArray(handle, baseAddress, buffer, ref bytesWritten));
Assert.IsTrue(bytesWritten == (IntPtr)16);
for (int i = 0; i < buffer.Length; i++)
{
Assert.IsTrue(Marshal.ReadInt32(baseAddress, i * 4) == 1337);
}
Assert.IsTrue(ProcessMemory.CloseHandle(handle));
Marshal.FreeHGlobal(baseAddress);
}
public void ReadProcessMemory_TArray()
{
IntPtr baseAddress = Marshal.AllocHGlobal(16);
for (int i = 0; i < 16; i += 4)
{
Marshal.WriteInt32(baseAddress, i, 1337);
}
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
int[] buffer = new int[4];
Assert.IsTrue(ProcessMemory.ReadProcessMemoryArray(handle, baseAddress, buffer));
for (int i = 0; i < buffer.Length; i++)
{
Assert.IsTrue(buffer[i] == Marshal.ReadInt32(baseAddress, i * 4));
buffer[i] = 0;
}
IntPtr bytesRead = IntPtr.Zero;
Assert.IsTrue(ProcessMemory.ReadProcessMemoryArray(handle, baseAddress, buffer, ref bytesRead));
Assert.IsTrue(bytesRead == (IntPtr)(buffer.Length * 4));
for (int i = 0; i < buffer.Length; i++)
{
Assert.IsTrue(buffer[i] == Marshal.ReadInt32(baseAddress, i * 4));
}
Assert.IsTrue(ProcessMemory.CloseHandle(handle));
Marshal.FreeHGlobal(baseAddress);
}
private void _searchTimer_Tick(object sender, EventArgs e)
{
distanceUpDown.Visibility = Visibility.Hidden;
fovUpDown.Visibility = Visibility.Hidden;
rangeCheckbox.Visibility = Visibility.Hidden;
Process[] processes = Process.GetProcessesByName("dota");
if (processes.Length == 0)
{
return;
}
_processMemory.OpenProcess(processes[0]);
_playerResourceAddress = _processMemory.FindPattern(new byte[] {
0xC6, 0x40, 0x10, 0x02, 0x8B, 0x35, 0xFF, 0xFF, 0xFF, 0xFF, 0x85, 0xF6
}, "xxxxxx????xx", _processMemory.GetModuleBaseAddress("client.dll"), 0xffffff);
_playerResourceAddress = _processMemory.ReadInt32Ptr(_playerResourceAddress + 6);
_dotaPlayerAddress = _processMemory.FindPattern(new byte[] {
0xA1, 0xFF, 0xFF, 0xFF, 0xFF, 0x83, 0xEC, 0x10, 0x53, 0x57
}, "x????xxxxx", _processMemory.GetModuleBaseAddress("client.dll"), 0xffffff);
_dotaPlayerAddress = _processMemory.ReadInt32Ptr(_dotaPlayerAddress + 1);
_playersListAddress = _processMemory.FindPattern(new byte[] { // dota_players_list
0x7c, 0x71, 0xBB, 0xFF, 0xFF, 0xFF, 0xFF
}, "xxx????", _processMemory.GetModuleBaseAddress("client.dll"), 0xffffff);
_playersListAddress = _processMemory.ReadInt32Ptr(_playersListAddress + 3);
_engineAddress = _processMemory.FindPattern(new byte[] { // hero_npc_list
0xC1, 0xEB, 0x10, 0x81, 0xC2, 0xFF, 0xFF, 0xFF, 0xFF
}, "xxxxx????", _processMemory.GetModuleBaseAddress("client.dll"), 0xffffff);
_engineAddress = _processMemory.ReadInt32Ptr(_engineAddress + 5);
IntPtr offsetAddress = _processMemory.FindPattern(new byte[] {
0x8B, 0x0D, 0xFF, 0xFF, 0xFF, 0xFF, 0x8B, 0x40, 0x08, 0x66, 0x0F, 0xD6, 0x44, 0x24, 0xFF
}, "xx????xxxxxxxx?", _processMemory.GetModuleBaseAddress("client.dll"), 0xffffff);
_distanceAddress = _processMemory.ReadInt32Ptr(offsetAddress + 2) + 0x14;
_fovAddress = _processMemory.FindPattern(new byte[] {
0x74, 0x08, 0x8B, 0xCE, 0x5E, 0xE9, 0xFF, 0xFF, 0xFF, 0xFF, 0xD9, 0x05
}, "xxxxxx????xx", _processMemory.GetModuleBaseAddress("client.dll"), 0xffffff);
_fovAddress = _processMemory.ReadInt32Ptr(_fovAddress + 12);
_rangeAddress = _processMemory.FindPattern(new byte[] {
0xA3, 0xFF, 0xFF, 0xFF, 0xFF, 0x33, 0xC9
}, "x????xx", _processMemory.GetModuleBaseAddress("client.dll"), 0xffffff);
_rangeAddress = _processMemory.ReadInt32Ptr(_rangeAddress + 1);
_searchTimer.Stop();
_checkTimer.Start();
distanceUpDown.Value = Settings.Default.distance;
fovUpDown.Value = Settings.Default.fov;
distanceUpDown.Visibility = Visibility.Visible;
fovUpDown.Visibility = Visibility.Visible;
rangeCheckbox.Visibility = Visibility.Visible;
}
public static InjectResult Inject(Process process, string dllPath, TimeSpan timeout)
{
InjectResult result = InjectResult.None;
//Get the full path of the DLL.
string fullPath = Path.GetFullPath(dllPath);
//Return if the DLL is not found.
if (!File.Exists(fullPath))
{
return(InjectResult.Dll_Not_Found);
}
//Process modules aren't automatically updated in a stored process variable.
//Grab the updated process.
Process updatedProcess = Process.GetProcessById(process.Id);
//Sometimes randomly fails due to 64-bit OS accessing 32-bit process ProcessMemory...
//Try again if fails.
bool success = false;
string pathCompare = fullPath.ToLower();
while (!success)
{
try
{
foreach (ProcessModule pm in updatedProcess.Modules)
{
if (pm.FileName.ToLower() == pathCompare)
//Return if the DLL is found to
//prevent injecting duplicates.
{
return(InjectResult.Dll_Already_Jnjected);
}
}
success = true;
}
catch { }
}
//Open handle with all permissions to avoid any unexpected access violation errors...
IntPtr hProcess = ProcessMemory.OpenProcess(ProcessAccessFlags.All, true, process.Id);
//Return if the handle is 0. This is an invalid result.
if (hProcess == IntPtr.Zero)
{
return(InjectResult.Process_Handle_Invalid);
}
//Get the handle for kernel32.dll.
IntPtr hKernel = ProcessMemory.GetModuleHandle("kernel32.dll");
//Return if the handle is 0. This is an invalid result.
if (hKernel == IntPtr.Zero)
{
return(InjectResult.Kernel_Module_Not_Found);
}
//Get the address for LoadLibraryA, which is used to load a process
//module into a process and calls the DllMain entry point.
IntPtr hLoadLibraryA = ProcessMemory.GetProcAddress(hKernel, "LoadLibraryA");
//Return if the address is 0. This is an invalid result.
if (hLoadLibraryA == IntPtr.Zero)
{
return(InjectResult.Load_Library_A_Not_Found);
}
//Allocation space for the full path of the module and
//+1 for the null terminator (0x00) of the string.
int allocationSize = fullPath.Length + 1;
//Allocate memory space in the process and store the address
//the allocation was made at.
IntPtr allocatedAddr = ProcessMemory.VirtualAllocEx(hProcess, IntPtr.Zero, (IntPtr)allocationSize,
AllocationType.Commit | AllocationType.Reserve,
MemoryProtection.ExecuteReadWrite);
//Return if the address is 0. Allocation was not made.
if (allocatedAddr == IntPtr.Zero)
{
return(InjectResult.Memory_Allocation_Failed);
}
//Convert the full path string into bytes.
byte[] buffer = Encoding.UTF8.GetBytes(fullPath);
IntPtr numWritten;
//Write the bytes to the space we allocated within the process.
if (!ProcessMemory.WriteProcessMemory(hProcess, allocatedAddr, buffer, buffer.Length, out numWritten))
{
//Writing to memory failed if WriteProcessMemory returned false.
result = InjectResult.Memory_Write_Failed;
//Free the memory we allocated into the process.
//dwSize must be 0 to free all pages allocated by VirtualAllocEx.
if (!ProcessMemory.VirtualFreeEx(hProcess, allocatedAddr, 0, FreeType.Release))
{
//Freeing the allocated memory failed if VirtualFreeEx returned false.
result |= InjectResult.Memory_Release_Failed;
}
//Return due to failing to write the bytes to ProcessMemory.
return(result);
}
//Create a new remote thread, calling the LoadLibraryA function in our target
//process with the address we allocated our string bytes at as the parameter.
//This will load the DLL into the process using the full path to the DLL that
//was specified and call the DLL's DllMain entry point.
IntPtr threadId;
IntPtr hThread = ProcessMemory.CreateRemoteThread(hProcess, IntPtr.Zero, 0, hLoadLibraryA, allocatedAddr, 0, out threadId);
if (hThread == IntPtr.Zero)
{
//The remote thread failed to create if the thread handle is is 0.
result = InjectResult.Thread_Creation_Failed;
//Free the memory we allocated into the process.
//dwSize must be 0 to free all pages allocated by VirtualAllocEx.
if (!ProcessMemory.VirtualFreeEx(hProcess, allocatedAddr, 0, FreeType.Release))
{
//Freeing the allocated memory failed if VirtualFreeEx returned false.
result |= InjectResult.Memory_Release_Failed;
}
//Return due to failing to create the remote thread.
return(result);
}
//Wait for the thread to finish, with specified timeout if it never finishes.
ProcessMemory.WaitForSingleObject(hThread, (uint)timeout.TotalMilliseconds);
//Free the memory we allocated into the process.
//dwSize must be 0 to free all pages allocated by VirtualAllocEx.
if (!ProcessMemory.VirtualFreeEx(hProcess, allocatedAddr, 0, FreeType.Release))
{
//Freeing the allocated memory failed if VirtualFreeEx returned false.
result |= InjectResult.Memory_Release_Failed;
}
//Close the handle created by CreateRemoteThread.
if (!ProcessMemory.CloseHandle(hThread))
{
result |= InjectResult.Thread_Close_Failed;
}
//Close the handle created by OpenProcess.
if (!ProcessMemory.CloseHandle(hProcess))
{
result |= InjectResult.Process_Handle_Close_Failed;
}
return(result |= InjectResult.Success);
}