private ulong FindMetadataRegistration_x86_YuanShen()
{
var s_Sections = exec.Concat(data);
SignatureScanner s_Scanner = new SignatureScanner(c_MetadataRegistrationSignature);
long s_Location = -1;
foreach (var s_Section in s_Sections)
{
il2Cpp.Position = s_Section.offset;
var s_Buffer = il2Cpp.ReadBytes((int)(s_Section.offsetEnd - s_Section.offset));
if (!s_Scanner.ResolveInBuffer(s_Buffer, out var s_Index, out var s_RelativeLocation))
{
continue;
}
s_Location = (long)s_Section.address + s_RelativeLocation;
break;
}
if (s_Location == -1)
{
return(0);
}
return((ulong)s_Location);
}
public override void OnGameAttached(GameState state)
{
base.OnGameAttached(state);
_cmdHandler.Init(state);
ProcessModuleWow64Safe server = state.GetModule("server.dll");
var scanner = new SignatureScanner(state.GameProcess, server.BaseAddress, server.ModuleMemorySize);
_getGlobalNameFuncPtr = scanner.Scan(new SigScanTarget("55 8B EC 51 FF 75 ?? 8D 45 ??"));
_roHandler = new RemoteOpsHandler(state.GameProcess);
if (GameMemory.GetBaseEntityMemberOffset("m_iHealth", state.GameProcess, scanner, out _baseEntityHealthOffset))
{
Debug.WriteLine("CBaseEntity::m_iHealth offset = 0x" + _baseEntityHealthOffset.ToString("X"));
}
if (server.ModuleMemorySize < _serverModernModuleSize)
{
_ebEndCommand.BValue = true;
// for mod, eb's final map name is different
if (server.ModuleMemorySize <= _serverModModuleSize)
{
_ebEndMap = "bm_c3a2h";
}
}
}
public IEnumerable <IntPtr> ScanSignature(string pattern, int extra, int offset, bool relative, bool firstOnly = true)
{
var regions = GetMemoryRegions().Where(x => x.Readable);
var result = new List <IntPtr>();
Parallel.ForEach(regions, (region) =>
{
var data = Memory.Read(region.Address, (int)region.Information.RegionSize);
result.AddRange(SignatureScanner.Scan(data, pattern, firstOnly).Select(x =>
{
var address = IntPtr.Add(region.Address, x + offset);
if (relative)
{
address = Memory.Read <IntPtr>(address);
}
return(IntPtr.Add(address, extra));
}));
});
GC.Collect();
return(result);
}
static public bool IsWithin(this SignatureScanner scanner, uint value)
{
uint start = (uint)scanner.Address;
uint end = start + (uint)scanner.Size;
return(start < value && value < end);
}
static public IntPtr ReadCall(this SignatureScanner scanner, IntPtr ptr)
{
if (ptr == IntPtr.Zero)
{
return(IntPtr.Zero);
}
return((IntPtr)(scanner.Process.ReadValue <int>(ptr + 0x1) + (int)(ptr + 5)));
}
/// <summary>
/// Open the PC game process with all security and access rights.
/// </summary>
public void OpenProcess(Process process)
{
Process = process;
if (!Process.Responding)
{
throw new Exception("Target process id not responding");
}
if (process.MainModule == null)
{
throw new Exception("Process has no main module");
}
Process.EnterDebugMode();
int debugPrivilegeCheck = CheckSeDebugPrivilege(out bool isDebugEnabled);
if (debugPrivilegeCheck != 0)
{
throw new Exception($"ERROR: CheckSeDebugPrivilege failed with error: {debugPrivilegeCheck}");
}
else if (!isDebugEnabled)
{
throw new Exception("ERROR: SeDebugPrivilege not enabled. Please report this!");
}
Handle = OpenProcess(0x001F0FFF, true, process.Id);
if (Handle == IntPtr.Zero)
{
int eCode = Marshal.GetLastWin32Error();
}
// Set all modules
this.modules.Clear();
foreach (ProcessModule?module in Process.Modules)
{
if (module == null)
{
continue;
}
if (string.IsNullOrEmpty(module.ModuleName))
{
continue;
}
if (this.modules.ContainsKey(module.ModuleName))
{
continue;
}
this.modules.Add(module.ModuleName, module.BaseAddress);
}
Scanner = new SignatureScanner(process.MainModule);
}
public override void OnGameAttached(GameState state)
{
ProcessModule server = state.GameProcess.Modules.Cast<ProcessModule>().FirstOrDefault(x => x.ModuleName.ToLower() == "server.dll");
Trace.Assert(server != null);
var scanner = new SignatureScanner(state.GameProcess, server.BaseAddress, server.ModuleMemorySize);
if (GameMemory.GetBaseEntityMemberOffset("m_flLaggedMovementValue", state.GameProcess, scanner, out _basePlayerLaggedMovementOffset))
Debug.WriteLine("CBasePlayer::m_flLaggedMovementValue offset = 0x" + _basePlayerLaggedMovementOffset.ToString("X"));
}
public override void OnGameAttached(GameState state)
{
ProcessModuleWow64Safe server = state.GetModule("server.dll");
var scanner = new SignatureScanner(state.GameProcess, server.BaseAddress, server.ModuleMemorySize);
if (GameMemory.GetBaseEntityMemberOffset("m_iHealth", state.GameProcess, scanner, out _baseEntityHealthOffset))
{
Debug.WriteLine("CBaseEntity::m_iHealth offset = 0x" + _baseEntityHealthOffset.ToString("X"));
}
}
public override void OnGameAttached(GameState state)
{
ProcessModuleWow64Safe server = state.GetModule("server.dll");
var scanner = new SignatureScanner(state.GameProcess, server.BaseAddress, server.ModuleMemorySize);
if (GameMemory.GetBaseEntityMemberOffset("m_bSuppressingCrosshair", state.GameProcess, scanner, out _playerSuppressingCrosshairOffset))
{
Debug.WriteLine("CPortalPlayer::m_bSuppressingCrosshair offset = 0x" + _playerSuppressingCrosshairOffset.ToString("X"));
}
}
public override void OnGameAttached(GameState state)
{
ProcessModuleWow64Safe server = state.GetModule("server.dll");
var scanner = new SignatureScanner(state.GameProcess, server.BaseAddress, server.ModuleMemorySize);
if (GameMemory.GetBaseEntityMemberOffset("m_flLaggedMovementValue", state.GameProcess, scanner, out _laggedMovementOffset))
{
Debug.WriteLine("CBasePlayer::m_flLaggedMovementValue offset = 0x" + _laggedMovementOffset.ToString("X"));
}
}
public override void OnGameAttached(GameState state)
{
ProcessModule server = state.GameProcess.Modules.Cast<ProcessModule>().FirstOrDefault(x => x.ModuleName.ToLower() == "server.dll");
Trace.Assert(server != null);
var scanner = new SignatureScanner(state.GameProcess, server.BaseAddress, server.ModuleMemorySize);
if (GameMemory.GetBaseEntityMemberOffset("m_hActiveWeapon", state.GameProcess, scanner, out _baseCombatCharacaterActiveWeaponOffset))
Debug.WriteLine("CBaseCombatCharacater::m_hActiveWeapon offset = 0x" + _baseCombatCharacaterActiveWeaponOffset.ToString("X"));
if (GameMemory.GetBaseEntityMemberOffset("m_iHealth", state.GameProcess, scanner, out _baseEntityHealthOffset));
Debug.WriteLine("CBaseEntity::m_iHealth offset = 0x" + _baseEntityHealthOffset.ToString("X"));
}
public override void OnGameAttached(GameState state)
{
ProcessModule server = state.GameProcess.Modules.Cast <ProcessModule>().FirstOrDefault(x => x.ModuleName.ToLower() == "server.dll");
Trace.Assert(server != null);
var scanner = new SignatureScanner(state.GameProcess, server.BaseAddress, server.ModuleMemorySize);
if (GameMemory.GetBaseEntityMemberOffset("m_flLaggedMovementValue", state.GameProcess, scanner, out _basePlayerLaggedMovementOffset))
{
Debug.WriteLine("CBasePlayer::m_flLaggedMovementValue offset = 0x" + _basePlayerLaggedMovementOffset.ToString("X"));
}
}
public override void OnGameAttached(GameState state)
{
ProcessModuleWow64Safe server = state.GameProcess.ModulesWow64Safe().FirstOrDefault(x => x.ModuleName.ToLower() == "server.dll");
Trace.Assert(server != null);
var scanner = new SignatureScanner(state.GameProcess, server.BaseAddress, server.ModuleMemorySize);
if (GameMemory.GetBaseEntityMemberOffset("m_iHealth", state.GameProcess, scanner, out _baseEntityHealthOffset))
{
Debug.WriteLine("CBaseEntity::m_iHealth offset = 0x" + _baseEntityHealthOffset.ToString("X"));
}
}
private void CheckMemory(object o)
{
foreach (var page in game.MemoryPages())
{
var scanner = new SignatureScanner(game, page.BaseAddress, (int)page.RegionSize);
IntPtr ptr = scanner.Scan(target);
if (ptr != IntPtr.Zero)
{
worldOwner = game.ReadPointer(game.ReadPointer(ptr));
timer.Dispose();
break;
}
}
}
public IEnumerable <IntPtr> ScanSignature(string pattern, int size, int offset, int extra, bool relative, bool firstOnly = true)
{
var addresses = SignatureScanner.Scan(Read(0, size), pattern).Select(x =>
{
var address = IntPtr.Add(Address, x + offset);
if (relative)
{
address = Memory.Read <IntPtr>(address);
}
return(IntPtr.Add(address, extra));
});
return(addresses);
}
protected override void DerefPointer(Process game)
{
boxPtr.Clear();
// normal deref
originDP.DerefOffsets(game, out originPtr);
// signature scan for trigger corners
IntPtr startPtr;
startSearch.DerefOffsets(game, out startPtr);
SignatureScanner scanner = new SignatureScanner(game, startPtr, searchLength);
SigScanTarget target = new SigScanTarget(signature);
var targets = scanner.ScanAll(target).ToList();
boxPtr.AddRange(targets);
}
public override void OnGameAttached(GameState state)
{
_ccHandler.Init(state);
server = state.GetModule("server.dll");
client = state.GetModule("client.dll");
engine = state.GetModule("engine.dll");
var serverScanner = new SignatureScanner(state.GameProcess, server.BaseAddress, server.ModuleMemorySize);
if (GameMemory.GetBaseEntityMemberOffset("m_angAbsRotation", state.GameProcess, serverScanner, out _baseEntityAngleOffset))
{
Debug.WriteLine("CBaseEntity::m_angAbsRotation offset = 0x" + _baseEntityAngleOffset.ToString("X"));
}
if (GameMemory.GetBaseEntityMemberOffset("m_vecAngVelocity", state.GameProcess, serverScanner, out _baseEntityAngleVelOffset))
{
Debug.WriteLine("CBaseEntity::m_vecAngVelocity offset = 0x" + _baseEntityAngleVelOffset.ToString("X"));
}
SigScanTarget _latest_Client_Trg = new SigScanTarget(0, Encoding.ASCII.GetBytes("ClientCommand, 0 length string supplied."));
_latest_Client_Trg.OnFound = (proc, scanner, ptr) =>
{
byte[] b = BitConverter.GetBytes(ptr.ToInt32());
var target = new SigScanTarget(2,
$"80 3D ?? ?? ?? ?? 00 75 ?? 68 {b[0]:X02} {b[1]:X02} {b[2]:X02} {b[3]:X02}"); // cmp byte ptr [clientcmdptr],00
IntPtr ptrPtr = scanner.Scan(target);
if (ptrPtr == IntPtr.Zero)
{
return(IntPtr.Zero);
}
IntPtr ret;
proc.ReadPointer(ptrPtr, out ret);
Debug.WriteLine("CVEngineServer::ClientCommand szOut ptr is 0x" + ret.ToString("X"));
return(ret);
};
var engineScanner = new SignatureScanner(state.GameProcess, engine.BaseAddress, engine.ModuleMemorySize);
_endingsWatcher.ResetAll();
_endingSeriousCount = 0;
_latestClientCmd = new StringWatcher(engineScanner.Scan(_latest_Client_Trg), 50);
_endingsWatcher.Add(_latestClientCmd);
}
private static void ScanIsInteracting(string signature)
{
var target = new SigScanTarget(0x34, signature);
foreach (var page in Game.MemoryPages())
{
var scanner = new SignatureScanner(Game, page.BaseAddress, (int)page.RegionSize);
var ptr = scanner.Scan(target);
if (ptr == IntPtr.Zero)
{
continue;
}
_isInteractingDP = new DeepPointer(ptr);
return;
}
}
public override void OnGameAttached(GameState state)
{
var bink = state.GetModule("video_bink.dll");
Trace.Assert(bink != null);
var binkScanner = new SignatureScanner(state.GameProcess, bink.BaseAddress, bink.ModuleMemorySize);
SigScanTarget target = new SigScanTarget(11, "C7 05 ?? ?? ?? ?? ?? ?? ?? ?? B9 ?? ?? ?? ??");
target.OnFound = (proc, scanner, ptr) => {
ptr = proc.ReadPointer(ptr) + 0xC;
Debug.WriteLine("bink is video playing pointer found at 0x" + ptr.ToString("X"));
return(ptr);
};
_videoPlaying = new MemoryWatcher <byte>(binkScanner.Scan(target));
}
public static IntPtr SigScan(string target)
{
var scantarget = new SigScanTarget(target);
IntPtr scan = IntPtr.Zero;
foreach (var page in FzzyComponent.process.MemoryPages(true).Reverse())
{
var scanner = new SignatureScanner(FzzyComponent.process, page.BaseAddress, (int)page.RegionSize);
var s = scanner.Scan(scantarget);
if (s != IntPtr.Zero)
{
scan = s;
break;
}
}
return(scan);
}
public void FindSignatures()
{
Debug.Assert(MemoryHandler != null, "No memory handler was specified. Ensure MemoryHandler is not null before calling FindSignatures().");
// MobArray is the address that holds a pointer to the mob array. MobArrayPosition is the address that holds the position.
this.MobArray = MemoryHandler.ResolvePointer(SignatureScanner.FindPattern(new byte[] { 0x8B, 0x56, 0x0C, 0x8B, 0x04, 0x2A, 0x8B, 0x04, 0x85 }, "xxxxxxxxx", 9));
this.MobArrayPosition = SignatureScanner.FindPattern(new byte[] { 0x66, 0xC7, 0x44, 0x24, 0x10, 0x79, 0x00, 0x50 }, "xxxxxxxx", 37);
this.BuffPtr = MemoryHandler.ResolvePointer(SignatureScanner.FindPattern(new byte[] { 0xEB, 0x0E, 0x33, 0xDB, 0x8A, 0xF8, 0x8A, 0xD9, 0x66, 0x89, 0x1C, 0x55 }, "xxxxxxxxxxxx", 12));
this.ZonePtr = SignatureScanner.FindPattern(new byte[] { 0x7C, 0xE1, 0x8B, 0x4E, 0x08, 0x8B, 0x15 }, "xxxxxxx", 7);
var index = (short)MemoryHandler.ResolvePointer(MemoryHandler.ResolvePointer(this.MobArrayPosition) + 4);
this.PlayerEntity = new Entity(MemoryHandler, MemoryHandler.ResolvePointer(MobArray + 4 * index));
this.PlayerDisplay = new Display(MemoryHandler, PlayerEntity.Display);
this.PlayerBuffs = new Buffs(MemoryHandler, this.BuffPtr);
}
/// <summary>
/// Initialize signature scanners and sigscan.
/// </summary>
private static void Init()
{
Log("Starting with default values", false);
Action <string, IntPtr> SigReport = (name, ptr) =>
{
Console.WriteLine("[INIT] " + name + (ptr == IntPtr.Zero ? " WAS NOT FOUND" : " is 0x" + ptr.ToString("X")));
};
SigScanTarget _entListSig = new SigScanTarget(6,
"40 ?? 48 ?? ?? ??",
"48 ?? ?? ?? ?? ?? ??", // MOV RAX,qword ptr [DAT_1814e3bc0]
"8b ?? 48 ?? ?? ?? ?? ?? ?? 48 ?? ?? ff ?? ?? ?? ?? ?? 4c ?? ??");
_entListSig.OnFound = (proc, scanner, ptr) => GetPointer(ptr, 3, 7);
SigScanTarget _gamePathSig = new SigScanTarget(7,
"48 8B 97 ?? ?? ?? ??",
"48 8D 0D ?? ?? ?? ??", // LEA RCX,[mapname]
"48 8B 5C 24 ??");
_gamePathSig.OnFound = (proc, scanner, ptr) => GetPointer(ptr, 3, 7);
ProcessModuleWow64Safe[] modules = game.ModulesWow64Safe();
ProcessModuleWow64Safe server = modules.FirstOrDefault(x => x.ModuleName.ToLower() == "server.dll");
ProcessModuleWow64Safe engine = modules.FirstOrDefault(x => x.ModuleName.ToLower() == "engine2.dll");
while (server == null || engine == null)
{
Console.WriteLine("[INIT] Modules aren't yet loaded! Waiting 1 second until next try");
Thread.Sleep(1000);
}
var serverScanner = new SignatureScanner(game, server.BaseAddress, server.ModuleMemorySize);
var engineScanner = new SignatureScanner(game, engine.BaseAddress, engine.ModuleMemorySize);
_entListPtr = serverScanner.Scan(_entListSig); SigReport("entity list", _entListPtr);
_gamePathPtr = engineScanner.Scan(_gamePathSig); SigReport("game path / map name", _gamePathPtr);
Console.WriteLine("gamepath " + game.ReadString(_gamePathPtr, 255) + " ");
_mapName = new StringWatcher(_mapNamePtr, 255);
_watchers.Add(_mapName);
}
private bool HookGameProcess()
{
game = Process.GetProcessesByName("GameApp_PcDx11_x64Final").FirstOrDefault(x => !x.HasExited);
switch (game)
{
case null:
return(false);
default:
scanner = new SignatureScanner(game, game.MainModuleWow64Safe().BaseAddress, game.MainModuleWow64Safe().ModuleMemorySize);
InjectionAddress = scanner.Scan(new SigScanTarget(7, "48 8B 0D ???????? 8B 81 ???????? 89 05 ???????? 8B 81 ???????? 89 05 ???????? 8B 81 ???????? 89 05 ???????? 4C 8D 4D B0"));
if (InjectionAddress == IntPtr.Zero)
{
IsAlreadyPatched = true;
InjectionAddress = scanner.Scan(new SigScanTarget(7, "48 8B 0D ???????? E9 ???????? 90 89 05 ???????? 8B 81 ???????? 89 05 ???????? 8B 81 ???????? 89 05 ???????? 4C 8D 4D B0"));
}
return(true);
}
}
static void Main()
{
var signature = ParseHelper.BytesFromPattern(Pattern, out var unknownByte);
Console.WriteLine($"Signature generated: {string.Join(" ", signature)}");
while (true)
{
var data = StartBench(() => GenerateData(DataLength), "Generating data.. ");
var generatedOffsets = StartBench(() => InjectSignaturesToData(data, signature, unknownByte, 60).OrderBy(x => x),
"Generating offsets.. ");
var offsets = StartBench(() => SignatureScanner.Scan(data, signature, unknownByte), "Scanning offsets.. ");
if (!Compare(generatedOffsets, offsets))
{
throw new Exception("Invalid scan.");
}
Console.WriteLine();
}
Console.ReadKey(true);
}
public override void OnGameAttached(GameState state)
{
ProcessModuleWow64Safe server = state.GetModule("server.dll");
ProcessModuleWow64Safe bink = state.GetModule("video_bink.dll");
var scanner = new SignatureScanner(state.GameProcess, server.BaseAddress, server.ModuleMemorySize);
if (GameMemory.GetBaseEntityMemberOffset("m_iHealth", state.GameProcess, scanner, out _baseEntityHealthOffset))
{
Debug.WriteLine("CBaseEntity::m_iHealth offset = 0x" + _baseEntityHealthOffset.ToString("X"));
}
if (GameMemory.GetBaseEntityMemberOffset("m_flLaggedMovementValue", state.GameProcess, scanner, out _basePlayerLaggedMovementOffset))
{
Debug.WriteLine("CBasePlayer::m_flLaggedMovementValue offset = 0x" + _basePlayerLaggedMovementOffset.ToString("X"));
}
_watcher.ResetAll();
// i would've sigscanned this but this dll is a 3rd party thing anyways so its unlikely to change between versions
// and the game crashes when i try to debug it so oh well...
_isInCutscene = new MemoryWatcher <byte>(bink.BaseAddress + 0x1b068);
_watcher.Add(_isInCutscene);
}
public override void OnGameAttached(GameState state)
{
ProcessModuleWow64Safe server = state.GetModule("server.dll");
var scanner = new SignatureScanner(state.GameProcess, server.BaseAddress, server.ModuleMemorySize);
this.EndOffsetTicks = 0;
IntPtr getStringPtr(string str)
{
return(scanner.Scan(new SigScanTarget(0, str.ConvertToHex() + " 00")));
}
IntPtr getPtrRef(IntPtr ptr, SignatureScanner scanner, params string[] prefixes)
{
if (ptr == IntPtr.Zero)
{
return(ptr);
}
string ptrStr = ptr.GetByteString();
SigScanTarget target = new SigScanTarget();
prefixes.ToList().ForEach(x => target.AddSignature(0, x + " " + ptrStr));
return(scanner.Scan(target));
}
IntPtr ptr;
SigScanTarget target;
if ((ptr = getPtrRef(getStringPtr("n_max"), scanner, "68")) == IntPtr.Zero)
{
return;
}
bool found = false;
target = new SigScanTarget(1, "68");
target.OnFound = (f_proc, f_scanner, f_ptr) =>
{
IntPtr ptr = f_proc.ReadPointer(f_ptr);
found = !(ptr.ToInt32() < scanner.Address.ToInt32() ||
ptr.ToInt32() > scanner.Address.ToInt32() + scanner.Size);
return(f_ptr);
};
var scanner2 = new SignatureScanner(state.GameProcess, ptr + 10, 0x1000);
while ((ptr = scanner2.Scan(target)) != IntPtr.Zero &&
!found &&
scanner2.Size > 6)
{
scanner2 = new SignatureScanner(
state.GameProcess,
ptr,
scanner2.Address.ToInt32() + 0x1000 - ptr.ToInt32());
}
if (ptr == IntPtr.Zero)
{
return;
}
ptr = state.GameProcess.ReadPointer(ptr);
target = new SigScanTarget(2, "80 ?? ?? ?? ?? 00 00 74");
target.AddSignature(2, "8A ?? ?? ?? 00 00 84");
scanner2 = new SignatureScanner(state.GameProcess, ptr, 0x100);
ptr = scanner2.Scan(target);
_nihiDeadOffset = state.GameProcess.ReadValue <int>(ptr);
Debug.WriteLine("nihi dead bool offset is 0x" + _nihiDeadOffset.ToString("x"));
}
void MemoryReadThread()
{
Debug.WriteLine("[NoLoads] MemoryReadThread");
while (!_cancelSource.IsCancellationRequested)
{
try
{
Debug.WriteLine("[NoLoads] Waiting for Build.exe...");
while ((game = GetGameProcess()) == null)
{
Thread.Sleep(250);
if (_cancelSource.IsCancellationRequested)
{
return;
}
isLoading = true;
if (isLoading != prevIsLoading)
{
loadingStarted = true;
// pause game timer
_uiThread.Post(d =>
{
if (OnLoadStarted != null)
{
OnLoadStarted(this, EventArgs.Empty);
}
}, null);
}
prevIsLoading = true;
SetInjectionLabelInSettings(InjectionStatus.NoProcess, IntPtr.Zero);
}
Debug.WriteLine("[NoLoads] Got games process!");
uint frameCounter = 0;
while (!game.HasExited)
{
if (currentIsPausedAddress == IntPtr.Zero)
{
#region Hooking
if (_settings.RescansLimit != 0 && failedScansCount >= _settings.RescansLimit)
{
var result = MessageBox.Show("Failed to find the pattern during the 3 scan loops. Want to retry scans?", "Error", MessageBoxButtons.RetryCancel, MessageBoxIcon.Exclamation);
if (result == DialogResult.Cancel)
{
_ignorePIDs.Add(game.Id);
}
else
{
failedScansCount = 0;
}
//Should refresh game pages... hopefully. The memory pages extansion is really poop.
game = null;
SetInjectionLabelInSettings(InjectionStatus.FailedScanning, IntPtr.Zero);
}
//Hook only if the process is at least 15s old (since it takes forever with allocating stuff)
else if (game.UserProcessorTime >= TimeSpan.FromSeconds(15))
{
SetInjectionLabelInSettings(InjectionStatus.Scanning, IntPtr.Zero);
var sigScanTarget = new SigScanTarget(SigScanPattern_InventoryStatusUpdateCurrentTimePlayed);
IntPtr StartOfUpdateCurrentTime = IntPtr.Zero;
Debug.WriteLine("[NOLOADS] Scanning for signature (InventoryStats:UpdateCurrentTimePlayed)");
foreach (var page in game.MemoryPages())
{
var scanner = new SignatureScanner(game, page.BaseAddress, (int)page.RegionSize);
if ((StartOfUpdateCurrentTime = scanner.Scan(sigScanTarget)) != IntPtr.Zero)
{
break;
}
}
if (StartOfUpdateCurrentTime == IntPtr.Zero)
{
failedScansCount++;
Debug.WriteLine("[NOLOADS] Failed scans: " + failedScansCount);
}
else
{
currentIsPausedAddress = StartOfUpdateCurrentTime + 0x9;
Debug.WriteLine("[NOLOADS] FOUND SIGNATURE FOR _isPaused AT: 0x" + currentIsPausedAddress.ToString("X8"));
SetInjectionLabelInSettings(InjectionStatus.Found, currentIsPausedAddress);
}
}
else
{
SetInjectionLabelInSettings(InjectionStatus.FoundProcessWaiting, IntPtr.Zero);
}
#endregion
}
else
{
var addy = new IntPtr(game.ReadValue <int>(currentIsPausedAddress));
isLoading = game.ReadValue <byte>(addy) == 0;
if (isLoading != prevIsLoading)
{
if (isLoading)
{
Debug.WriteLine(String.Format("[NoLoads] Load Start - {0}", frameCounter));
loadingStarted = true;
// pause game timer
_uiThread.Post(d =>
{
if (OnLoadStarted != null)
{
OnLoadStarted(this, EventArgs.Empty);
}
}, null);
}
else
{
Debug.WriteLine(String.Format("[NoLoads] Load End - {0}", frameCounter));
if (loadingStarted)
{
loadingStarted = false;
// unpause game timer
_uiThread.Post(d =>
{
if (OnLoadFinished != null)
{
OnLoadFinished(this, EventArgs.Empty);
}
}, null);
_uiThread.Post(d =>
{
if (OnFirstLevelLoad != null)
{
OnFirstLevelLoad(this, EventArgs.Empty);
}
}, null);
}
}
}
prevIsLoading = isLoading;
frameCounter++;
Thread.Sleep(15);
if (_cancelSource.IsCancellationRequested)
{
return;
}
}
}
// pause game timer on exit or crash
_uiThread.Post(d =>
{
if (OnLoadStarted != null)
{
OnLoadStarted(this, EventArgs.Empty);
}
}, null);
isLoading = true;
}
catch (Exception ex)
{
Debug.WriteLine(ex.ToString());
Thread.Sleep(1000);
}
}
}
void MemoryReadThread()
{
Debug.WriteLine("[NoLoads] MemoryReadThread");
while (!_cancelSource.IsCancellationRequested)
{
try
{
Debug.WriteLine("[NoLoads] Waiting for UA.exe...");
while ((game = GetGameProcess()) == null)
{
Thread.Sleep(250);
if (_cancelSource.IsCancellationRequested)
{
return;
}
isLoading = true;
if (isLoading != prevIsLoading)
{
loadingStarted = true;
// pause game timer
_uiThread.Post(d =>
{
if (OnLoadStarted != null)
{
OnLoadStarted(this, EventArgs.Empty);
}
}, null);
}
prevIsLoading = true;
SetInjectionLabelInSettings(InjectionStatus.NoProcess, IntPtr.Zero);
}
Debug.WriteLine("[NoLoads] Got games process!");
uint frameCounter = 0;
while (!game.HasExited)
{
if (!isLevelSystemHooked)
{
#region Hooking
#region BeforeIntroductionOfILCPP-internals
if (gameVersion < GameVersions.v1_4)
{
if (_settings.RescansLimit != 0 && failedScansCount >= _settings.RescansLimit)
{
var result = MessageBox.Show("Failed to find the pattern during the 3 scan loops. Want to retry scans?", "Error", MessageBoxButtons.RetryCancel, MessageBoxIcon.Exclamation);
if (result == DialogResult.Cancel)
{
_ignorePIDs.Add(game.Id);
}
else
{
failedScansCount = 0;
}
//Should refresh game pages... hopefully. The memory pages extansion is really poop.
game = null;
SetInjectionLabelInSettings(InjectionStatus.FailedScanning, IntPtr.Zero);
}
//Hook only if the process is at least 15s old (since it takes forever with allocating stuff)
else if (game.UserProcessorTime >= TimeSpan.FromSeconds(15))
{
SetInjectionLabelInSettings(InjectionStatus.Scanning, IntPtr.Zero);
var sigScanTarget = new SigScanTarget(
"48 8B EC " +
"48 83 EC 30 " +
"48 89 75 F8 " +
"48 8B F1 " +
"48 8B 46 10 " +
"48 85 C0 " +
"?? ?? " +
"48 8B 46 10 " +
"48 8B C8 " +
"48 89 45 F0 " +
"FF 50 18 " +
"48 8B 45 F0 ");
LevelSystemInstancePointer = game.AllocateMemory(IntPtr.Size);
Debug.WriteLine("[NOLOADS] injectedPtrForLevelSystemPtr allocated at: " + LevelSystemInstancePointer.ToString("X8"));
var injectedPtrForLevelSystemBytes = BitConverter.GetBytes(LevelSystemInstancePointer.ToInt64());
originalFunctionAddress = IntPtr.Zero;
var contentOfAHook = new List <byte>();
contentOfAHook.AddRange(OriginalInstructionBytesBefore14);
contentOfAHook.AddRange(new byte[] { 0x48, 0xB8 }); //mov rax,....
contentOfAHook.AddRange(injectedPtrForLevelSystemBytes); //address for rax^^
contentOfAHook.AddRange(new byte[] { 0x48, 0x89, 0x08 }); //mov [rax], rcx
contentOfAHook.AddRange(new byte[] { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 }); //14 nops for jmp back (actually needs I think 2 less)
Debug.WriteLine("[NOLOADS] Scanning for signature (LevelSystem:Update)");
foreach (var page in game.MemoryPages())
{
var scanner = new SignatureScanner(game, page.BaseAddress, (int)page.RegionSize);
if ((originalFunctionAddress = scanner.Scan(sigScanTarget)) != IntPtr.Zero)
{
break;
}
}
if (originalFunctionAddress == IntPtr.Zero)
{
failedScansCount++;
Debug.WriteLine("[NOLOADS] Failed scans: " + failedScansCount);
game.FreeMemory(LevelSystemInstancePointer);
}
else
{
Debug.WriteLine("[NOLOADS] FOUND SIGNATURE AT: 0x" + originalFunctionAddress.ToString("X8"));
codeDetour = game.AllocateMemory(contentOfAHook.Count);
game.Suspend();
try
{
var oInitPtr = game.WriteBytes(codeDetour, contentOfAHook.ToArray());
var detourInstalled = game.WriteDetour(originalFunctionAddress, 14, codeDetour);
var returnInstalled = game.WriteJumpInstruction(codeDetour + contentOfAHook.Count - 15, originalFunctionAddress + 14);
isLevelSystemHooked = true;
SetInjectionLabelInSettings(InjectionStatus.Injected, LevelSystemInstancePointer);
}
catch
{
SetInjectionLabelInSettings(InjectionStatus.FailedToInject, IntPtr.Zero);
throw;
}
finally
{
game.Resume();
}
}
}
else
{
SetInjectionLabelInSettings(InjectionStatus.FoundProcessWaiting, IntPtr.Zero);
}
}
#endregion
#region ILCPPInternals
else
{
LevelSystemInstancePointer = game.AllocateMemory(IntPtr.Size);
Debug.WriteLine("[NOLOADS] injectedPtrForLevelSystemPtr allocated at: " + LevelSystemInstancePointer.ToString("X8"));
var injectedPtrForLevelSystemBytes = BitConverter.GetBytes(LevelSystemInstancePointer.ToInt64());
originalFunctionAddress = game.ModulesWow64Safe().First(x => x.ModuleName.ToLower() == "gameassembly.dll").BaseAddress + 0x120D382;
var contentOfAHook = new List <byte>();
contentOfAHook.AddRange(OriginalInstructionBytesV14);
contentOfAHook.AddRange(new byte[] { 0x48, 0xB8 }); //mov rax,....
contentOfAHook.AddRange(injectedPtrForLevelSystemBytes); //address for rax^^
contentOfAHook.AddRange(new byte[] { 0x48, 0x89, 0x38 }); //mov [rax], rdi (rdi is base of an object)
contentOfAHook.AddRange(new byte[] { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 }); //14 nops for jmp back (actually needs I think 2 less)
//Thankfully no longer need to do sig scans... f**k sigscans
Debug.WriteLine("[NOLOADS] INJECTING AT: 0x" + originalFunctionAddress.ToString("X8"));
codeDetour = game.AllocateMemory(contentOfAHook.Count);
game.Suspend();
try
{
var oInitPtr = game.WriteBytes(codeDetour, contentOfAHook.ToArray());
var detourInstalled = game.WriteDetour(originalFunctionAddress, OriginalInstructionBytesV14.Length, codeDetour);
var returnInstalled = game.WriteJumpInstruction(codeDetour + contentOfAHook.Count - 15, originalFunctionAddress + OriginalInstructionBytesV14.Length);
isLevelSystemHooked = true;
SetInjectionLabelInSettings(InjectionStatus.Injected, LevelSystemInstancePointer);
}
catch
{
SetInjectionLabelInSettings(InjectionStatus.FailedToInject, IntPtr.Zero);
throw;
}
finally
{
game.Resume();
}
}
#endregion
#endregion
}
else
{
switch (gameVersion)
{
case GameVersions.v1_00:
currentLevelName = game.ReadString(game.ReadPointer(game.ReadPointer(LevelSystemInstancePointer) + 0x50) + 0x14, ReadStringType.UTF16, 30);
isLoading = !(game.ReadValue <bool>(game.ReadPointer(LevelSystemInstancePointer) + 0xB2));
break;
case GameVersions.v1_02:
currentLevelName = game.ReadString(game.ReadPointer(game.ReadPointer(LevelSystemInstancePointer) + 0x50) + 0x14, ReadStringType.UTF16, 30);
isLoading = !(game.ReadValue <bool>(game.ReadPointer(LevelSystemInstancePointer) + 0xB2));
break;
case GameVersions.v1_1:
currentLevelName = game.ReadString(game.ReadPointer(game.ReadPointer(LevelSystemInstancePointer) + 0x50) + 0x14, ReadStringType.UTF16, 30);
isLoading = !(game.ReadValue <bool>(game.ReadPointer(LevelSystemInstancePointer) + 0xB2));
break;
case GameVersions.v1_3:
currentLevelName = game.ReadString(game.ReadPointer(game.ReadPointer(LevelSystemInstancePointer) + 0x50) + 0x14, ReadStringType.UTF16, 30);
isLoading = !(game.ReadValue <bool>(game.ReadPointer(LevelSystemInstancePointer) + 0xBA));
break;
default:
currentLevelName = game.ReadString(game.ReadPointer(game.ReadPointer(LevelSystemInstancePointer) + 0x50) + 0x14, ReadStringType.UTF16, 30);
isLoading = !(game.ReadValue <bool>(game.ReadPointer(LevelSystemInstancePointer) + 0x62));
break;
}
if (isLoading != prevIsLoading || currentLevelName != prevLevelName)
{
#if DEBUG
if (currentLevelName != prevLevelName)
{
Debug.WriteLine("Level changed from " + prevLevelName + " -> " + currentLevelName);
}
#endif
if (isLoading || (currentLevelName != null && LevelsExcludedFromAutosplitting.Contains(currentLevelName)))
{
Debug.WriteLine(String.Format("[NoLoads] Load Start - {0}", frameCounter));
loadingStarted = true;
// pause game timer
_uiThread.Post(d =>
{
if (OnLoadStarted != null)
{
OnLoadStarted(this, EventArgs.Empty);
}
}, null);
}
else
{
Debug.WriteLine(String.Format("[NoLoads] Load End - {0}", frameCounter));
if (loadingStarted)
{
loadingStarted = false;
// unpause game timer
_uiThread.Post(d =>
{
if (OnLoadFinished != null)
{
OnLoadFinished(this, EventArgs.Empty);
}
}, null);
_uiThread.Post(d =>
{
if (OnFirstLevelLoad != null)
{
OnFirstLevelLoad(this, EventArgs.Empty);
}
}, null);
}
}
if (currentLevelName != prevLevelName && prevLevelName != null && currentLevelName != null && !LevelsExcludedFromAutosplitting.Contains(currentLevelName) && !LevelsExcludedFromAutosplitting.Contains(prevLevelName))
{
_uiThread.Post(d =>
{
if (OnLevelChanged != null)
{
OnLevelChanged(this, EventArgs.Empty);
}
}, null);
}
}
prevIsLoading = isLoading;
prevLevelName = currentLevelName;
frameCounter++;
Thread.Sleep(15);
if (_cancelSource.IsCancellationRequested)
{
return;
}
}
}
// pause game timer on exit or crash
_uiThread.Post(d =>
{
if (OnLoadStarted != null)
{
OnLoadStarted(this, EventArgs.Empty);
}
}, null);
isLoading = true;
}
catch (Exception ex)
{
Debug.WriteLine(ex.ToString());
Thread.Sleep(1000);
}
}
}
override protected bool Inject()
{
if (_injected)
{
return(true);
}
//this injection point seems a bit f****d up. It gets rewritten when the player enters certain locations. Shouldn't be a problem though.
var scanTarget = new SigScanTarget(0,
"0F 28 C6", // movaps xmm0, xmm6
"F3 0F 59 05 ?? ?? ?? ??", // mulss xmm0, [????????]
"F3 48 0F 2C C0", // cvttss2si rax, eax
"01 81" // add [timerPtr], eax
);
var scanner = new SignatureScanner(_dsProcess, _dsProcess.Modules[0].BaseAddress, _dsProcess.Modules[0].ModuleMemorySize);
try
{
//allocate mem for detour function body
if ((_detourFuncBodyPtr = _dsProcess.AllocateMemory(1000)) == IntPtr.Zero)
{
throw new Win32Exception();
}
//scan for injection point
_detourPtr = scanner.Scan(scanTarget);
if (_detourPtr == IntPtr.Zero)
{
throw new Win32Exception();
}
_detourPtr = _detourPtr + 0x1D; //inject 0x1D bytes after scanner target
//read bytes from instruction point.
_overwrittenBytes = _dsProcess.ReadBytes(_detourPtr, _overrideLength);
if (_overwrittenBytes == null)
{
throw new Win32Exception();
}
//build detour function body
var detourFuncBodyBytes = new List <byte>()
{
};
detourFuncBodyBytes.AddRange(_overwrittenBytes);
detourFuncBodyBytes.AddRange(new byte[] { 0x41, 0x56, 0x4C, 0x8B, 0xF0, 0x49, 0x81, 0xC6 });
detourFuncBodyBytes.AddRange(_overwrittenBytes.ToList().GetRange(2, 4).ToArray());
detourFuncBodyBytes.AddRange(new byte[] { 0x4C, 0x89, 0x34, 0x25 });
detourFuncBodyBytes.AddRange(BitConverter.GetBytes((int)(_detourFuncBodyPtr + 0x41)));
detourFuncBodyBytes.AddRange(new byte[] { 0x41, 0x5E });
detourFuncBodyBytes.AddRange(new byte[] { 0xFF, 0x25, 0x00, 0x00, 0x00, 0x00 });
detourFuncBodyBytes.AddRange(BitConverter.GetBytes((long)(_detourPtr + 0x16)));
//build detour
var detourBytes = new List <byte>()
{
0xFF, 0x25, 0x00, 0x00, 0x00, 0x00
};
detourBytes.AddRange(BitConverter.GetBytes(((long)_detourFuncBodyPtr)));
detourBytes.AddRange(new byte[] { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 });
//write memory.
_dsProcess.Suspend();
//write injection function
if (!_dsProcess.WriteBytes(_detourFuncBodyPtr, detourFuncBodyBytes.ToArray()))
{
throw new Win32Exception();
}
//write detour
if (!_dsProcess.WriteBytes(_detourPtr, detourBytes.ToArray()))
{
throw new Win32Exception();
}
_dsProcess.Resume();
}
catch
{
_dsProcess.FreeMemory(_detourFuncBodyPtr);
_dsProcess.Resume();
return(false);
}
_injected = true;
Trace.WriteLine("Timer Injection: success");
Thread.Sleep(100); //wait a bit for the process to pass through the injection
return(true);
}
override protected bool Inject()
{
if (_injected)
{
return(true);
}
var scanTarget = new SigScanTarget(0,
"40 57", // push rdi
"41 56", // push r14
"48 83 EC 28", // rsp, 28
"80 B9 ?? ?? ?? ?? 00", // cmp byte ptr[rcx + 00000228], 00
"45 0F B6 F0" // movzx r14d, r8l
);
var scanner = new SignatureScanner(_dsProcess, _dsProcess.Modules[0].BaseAddress, _dsProcess.Modules[0].ModuleMemorySize);
try
{
//allocate mem for detour function body
if ((_detourFuncBodyPtr = _dsProcess.AllocateMemory(1000)) == IntPtr.Zero)
{
throw new Win32Exception();
}
//scan for injection point
_detourPtr = scanner.Scan(scanTarget);
if (_detourPtr == IntPtr.Zero)
{
throw new Win32Exception();
}
//read bytes from instruction point.
_overwrittenBytes = _dsProcess.ReadBytes(_detourPtr, _overrideLength);
if (_overwrittenBytes == null)
{
throw new Win32Exception();
}
//build detour function body
var detourFuncBodyBytes = new List <byte>()
{
};
detourFuncBodyBytes.AddRange(_overwrittenBytes);
detourFuncBodyBytes.AddRange(new byte[] { 0x48, 0x89, 0x0D, 0x22, 0x00, 0x00, 0x00, 0xFF, 0x25, 0x00, 0x00, 0x00, 0x00 });
byte[] returnAddressBytes = BitConverter.GetBytes(((long)(_detourPtr + 0x0E)));
detourFuncBodyBytes.AddRange(returnAddressBytes);
//build detour
var detourBytes = new List <byte>()
{
0xFF, 0x25, 0x00, 0x00, 0x00, 0x00
};
detourBytes.AddRange(BitConverter.GetBytes(((long)_detourFuncBodyPtr)));
detourBytes.AddRange(new byte[] { 0x90 });
//write memory.
_dsProcess.Suspend();
//write injection function
if (!_dsProcess.WriteBytes(_detourFuncBodyPtr, detourFuncBodyBytes.ToArray()))
{
throw new Win32Exception();
}
//write detour
if (!_dsProcess.WriteBytes(_detourPtr, detourBytes.ToArray()))
{
throw new Win32Exception();
}
_dsProcess.Resume();
}
catch
{
_dsProcess.FreeMemory(_detourFuncBodyPtr);
_dsProcess.Resume();
return(false);
}
_injected = true;
Trace.WriteLine("World Flag Injection: success");
Thread.Sleep(100); //wait a bit for the process to pass through the injection
return(true);
}
