Ejemplo n.º 1
0
        public static List <ct_class> extract_ct(string path)
        {
            List <ct_class> _cts = new List <ct_class>();

            if (path != null)
            {
                try
                {
                    XmlDocument doc_xml = new XmlDocument();
                    doc_xml.Load(path);

                    XmlNodeList cheats = doc_xml.SelectNodes("CheatTable/CheatEntries/CheatEntry");

                    foreach (XmlNode item in cheats)
                    {
                        int id;
                        if (int.TryParse(item.SelectSingleNode("ID").InnerText, out id))
                        {
                            string desc = item.SelectSingleNode("Description").InnerText ?? $"No description - ID {id.ToString()} ";
                            //string color = item.SelectSingleNode("Color").InnerText ?? "FFFFFF";
                            string asm = item.SelectSingleNode("AssemblerScript").InnerText;

                            if (asm != null)
                            {
                                asm_class _asm = ExtractAsm(asm);

                                if (_asm != null)
                                {
                                    _cts.Add(new ct_class(id, desc, _asm));
                                }
                            }
                        }
                    }

                    return(_cts);
                }
                catch (Exception)
                {
                    MessageBox.Show("[-] Please Open A Correct CT file. \n[Must have scripts only] !");
                    return(null);
                }
            }

            return(null);
        }
Ejemplo n.º 2
0
        // this func n9edr n7tajha after [VIP users]
        // so better nkhaliha static  + public
        public static asm_class ExtractAsm(string asm)
        {
            try
            {
                asm_class tempAsm = null;

                // ASM CLASS ATTRS

                int AllocSize = 0;

                string ModuleName  = null;
                IntPtr Offset      = IntPtr.Zero;
                IntPtr FullAddress = IntPtr.Zero;

                List <byte> OriginalBytes = new List <byte>();
                List <byte> FakeBytes     = new List <byte>();

                ////////////////////////

                bool     isAOB    = asm.Contains("aobscanmodule");
                string[] asmLines = asm./*Substring(asm.IndexOf("[ENABLE]") + 1, asm.LastIndexOf("[DISABLE]") - asm.IndexOf("[ENABLE]") - 1)
                                         * .*/Split('\n').Where(line => !line.Trim().StartsWith("//") && !string.IsNullOrEmpty(line.Trim()))
                                    .ToArray();

                // we will have to remove amy // coments from the script


                // AllocSize
                // either aob or normal injec
                asmLines.First(line => line.Contains("alloc"))
                .Replace("$", "").Replace(")", "").Split(',')
                .Where(allocSize => int.TryParse(allocSize, out AllocSize));

                if (isAOB)
                {
                    byte bb;

                    string[] Mod_AOB = asmLines.First(line => line.Contains("aobscanmodule")).
                                       Replace(")", "").Split(',').ToArray();

                    // module name ex : saad.dll
                    ModuleName = Mod_AOB[1];
                    // Getting them bytes
                    foreach (string b in Mod_AOB[2].Split(' '))
                    {
                        if (byte.TryParse(b, out bb))
                        {
                            OriginalBytes.Add(bb);
                        }
                    }

                    // either get FullAddrss or offset
                    foreach (string line in asm.Split('\n').
                             Where(l => l.Contains(ModuleName) && l.Contains("+") ||
                                   l.Contains("ORIGINAL CODE - INJECTION POINT")).ToArray()
                             )
                    {
                        //Try and get offset of our module (inj pt)
                        if (line.Contains('+'))
                        {
                            Offset = new IntPtr(Convert.ToInt32(line.Split('+')[1].Trim().Replace("\n", ""), 16));
                        }
                        // if fail try to get the fullAddress yla kant
                        else
                        {
                            FullAddress = new IntPtr(Convert.ToInt32(line.Split(':')[1].Trim().Replace("\n", ""), 16));
                        }
                        // ba9i getting Fake butes
                    }
                }
                else
                {
                }

                return(tempAsm);
            }
            catch (Exception)
            {
                return(null);
            }
        }
Ejemplo n.º 3
0
 public ct_class(int iD, string description, asm_class assemblyScript)
 {
     ID             = iD;
     Description    = description;
     AssemblyScript = assemblyScript;
 }