public void SendPacketToServer(byte[] packet)
{
CodeCaveHelper cv = new CodeCaveHelper();
IntPtr MainThread = OpenAndSuspendThread(tProcess.Id);
uint OldPackelen = memRead.ReadUInt32(Addresses.MyAddresses.OutGoingPacketLen.Address);
byte[] OldPacket = memRead.ReadBytes(Addresses.MyAddresses.OutGoingBuffer.Address, OldPackelen);
IntPtr CodeCave = WinApi.VirtualAllocEx(tProcessHandle, IntPtr.Zero, 1024, WinApi.AllocationType.Commit | WinApi.AllocationType.Reserve, WinApi.MemoryProtection.ExecuteReadWrite);
//createPacket
byte packetType = (byte)packet[0];
cv.AddLine((byte)0xb9, (UInt32)packetType);
cv.AddLine((byte)0xB8, (uint)Addresses.MyAddresses.CreatePacket.Address);
cv.AddLine((byte)0xff, (byte)0xD0);
for (int i = 1; i < packet.Length; i++)
{
byte val = packet[i];
cv.AddLine((byte)0xb9, (UInt32)val);
cv.AddLine((byte)0xB8, (uint)Addresses.MyAddresses.AddPacketByte.Address);
cv.AddLine((byte)0xff, (byte)0xD0);
}
cv.AddLine((byte)0xb1, (byte)0x01); //push 1 as bool( using Xtea encrypt or not
cv.AddLine((byte)0xB8, (uint)Addresses.MyAddresses.SendPacket.Address);
cv.AddLine((byte)0xff, (byte)0xD0); // call eax Thanks Darkstar
cv.AddByte(0xC3); //ret
memRead.WriteBytes(CodeCave.ToInt32(), cv.Data, (uint)cv.Data.Length);
IntPtr hThread = WinApi.CreateRemoteThread(tProcessHandle, IntPtr.Zero, 0, CodeCave, IntPtr.Zero, 0, IntPtr.Zero);
if (Addresses.MyAddresses.IgnoreReadClientPacketAddress > 0)
{
memRead.WriteByte(Addresses.MyAddresses.IgnoreReadClientPacketAddress, 0);//ignore this
}
WinApi.WaitForSingleObject(hThread, 0xFFFFFFFF);
WinApi.CloseHandle(hThread);
WinApi.VirtualFreeEx(tProcessHandle, CodeCave, 1024, WinApi.AllocationType.Release);
memRead.WriteUInt32(Addresses.MyAddresses.OutGoingPacketLen.Address, OldPackelen);
memRead.WriteBytes(Addresses.MyAddresses.OutGoingBuffer.Address, OldPacket, (uint)OldPackelen);
ResumeAndCloseThread(MainThread);
}
public void SendPacketToServer(byte[] packet)
{
CodeCaveHelper cv = new CodeCaveHelper();
IntPtr MainThread = OpenAndSuspendThread(tProcess.Id);
uint OldPackelen = memRead.ReadUInt32(Addresses.MyAddresses.OutGoingPacketLen.Address);
byte[] OldPacket = memRead.ReadBytes(Addresses.MyAddresses.OutGoingBuffer.Address, OldPackelen);
IntPtr CodeCave = WinApi.VirtualAllocEx(tProcessHandle, IntPtr.Zero, 1024, WinApi.AllocationType.Commit | WinApi.AllocationType.Reserve, WinApi.MemoryProtection.ExecuteReadWrite);
//createPacket
byte packetType = (byte)packet[0];
cv.AddLine((byte)0xb9, (UInt32)packetType);
cv.AddLine((byte)0xB8, (uint)Addresses.MyAddresses.CreatePacket.Address);
cv.AddLine((byte)0xff, (byte)0xD0);
for (int i = 1; i < packet.Length; i++)
{
byte val = packet[i];
cv.AddLine((byte)0xb9, (UInt32)val);
cv.AddLine((byte)0xB8, (uint)Addresses.MyAddresses.AddPacketByte.Address);
cv.AddLine((byte)0xff, (byte)0xD0);
}
cv.AddLine((byte)0xb1, (byte)0x01); //push 1 as bool( using Xtea encrypt or not
cv.AddLine((byte)0xB8, (uint)Addresses.MyAddresses.SendPacket.Address);
cv.AddLine((byte)0xff, (byte)0xD0); // call eax Thanks Darkstar
cv.AddByte(0xC3);//ret
System.Windows.Forms.Clipboard.SetText(CodeCave.ToString("X"));
memRead.WriteBytes(CodeCave.ToInt32(), cv.Data, (uint)cv.Data.Length);
IntPtr hThread = WinApi.CreateRemoteThread(tProcessHandle, IntPtr.Zero, 0, CodeCave, IntPtr.Zero, 0, IntPtr.Zero);
WinApi.WaitForSingleObject(hThread, 0xFFFFFFFF);
WinApi.CloseHandle(hThread);
WinApi.VirtualFreeEx(tProcessHandle, CodeCave, 1024, WinApi.AllocationType.Release);
memRead.WriteUInt32(Addresses.MyAddresses.OutGoingPacketLen.Address, OldPackelen);
memRead.WriteBytes(Addresses.MyAddresses.OutGoingBuffer.Address, OldPacket, (uint)OldPackelen);
ResumeAndCloseThread(MainThread);
}
public void CreateCodeCave(int r, int g, int b, int x, int y, byte font, string text, string name)
{
byte[] bytes = System.Text.ASCIIEncoding.Default.GetBytes(text);
IntPtr stringAdr = WinApi.VirtualAllocEx(TibiaHandle, IntPtr.Zero, (uint)bytes.Length, WinApi.AllocationType.Commit | WinApi.AllocationType.Reserve, WinApi.MemoryProtection.ExecuteReadWrite);
memRead.WriteBytes(stringAdr.ToInt32(), bytes, (uint)bytes.Length);
CodeCaveHelper cv = new CodeCaveHelper();
cv.AddLine((byte)0x6A, (byte)0x00); //push 0
cv.AddLine((byte)0x68, (UInt32)stringAdr.ToInt32()); //mov ecx string
cv.AddLine((byte)0x68, (UInt32)b); //push blue int32
cv.AddLine((byte)0x68, (UInt32)g); //push green int32
cv.AddLine((byte)0x68, (UInt32)r); //push red int32
cv.AddLine((byte)0x6A, (byte)font); //push font byte
cv.AddLine((byte)0x68, (UInt32)y); //push x int32
cv.AddLine((byte)0xBA, (UInt32)x); //push y int32
cv.AddLine((byte)0xb9, (UInt32)0x1); //push 1
cv.AddLine((byte)0xB8, (UInt32)Addresses.MyAddresses.PrintText.Address); // mov eax dword PrintName
cv.AddLine((byte)0xff, (byte)0xD0); // call eax Thanks Darkstar
cv.AddLine((byte)0x83, (byte)0xc4, (byte)0x1c); //add esp,20
cv.AddByte(0xC3);
IntPtr CaveAddress = WinApi.VirtualAllocEx(TibiaHandle, IntPtr.Zero, (uint)cv.Data.Length, WinApi.AllocationType.Commit | WinApi.AllocationType.Reserve, WinApi.MemoryProtection.ExecuteReadWrite);
memRead.WriteBytes(CaveAddress.ToInt32(), cv.Data, (uint)cv.Data.Length);
ChangePrintFpsCall(CaveAddress);
System.Windows.Forms.Clipboard.SetText(CaveAddress.ToString("X"));
}
public void CreateCodeCave(int r, int g, int b, int x, int y, byte font, string text,string name)
{
byte[] bytes = System.Text.ASCIIEncoding.Default.GetBytes(text);
IntPtr stringAdr = WinApi.VirtualAllocEx(TibiaHandle, IntPtr.Zero, (uint)bytes.Length, WinApi.AllocationType.Commit | WinApi.AllocationType.Reserve, WinApi.MemoryProtection.ExecuteReadWrite);
memRead.WriteBytes(stringAdr.ToInt32(), bytes, (uint)bytes.Length);
CodeCaveHelper cv = new CodeCaveHelper();
cv.AddLine((byte)0x6A, (byte)0x00); //push 0
cv.AddLine((byte)0x68, (UInt32)stringAdr.ToInt32()); //mov ecx string
cv.AddLine((byte)0x68, (UInt32)b); //push blue int32
cv.AddLine((byte)0x68, (UInt32)g); //push green int32
cv.AddLine((byte)0x68, (UInt32)r); //push red int32
cv.AddLine((byte)0x6A, (byte)font); //push font byte
cv.AddLine((byte)0x68, (UInt32)y); //push x int32
cv.AddLine((byte)0xBA, (UInt32)x); //push y int32
cv.AddLine((byte)0xb9, (UInt32)0x1); //push 1
cv.AddLine((byte)0xB8, (UInt32)Addresses.MyAddresses.PrintText.Address); // mov eax dword PrintName
cv.AddLine((byte)0xff, (byte)0xD0); // call eax Thanks Darkstar
cv.AddLine((byte)0x83, (byte)0xc4, (byte)0x1c); //add esp,20
cv.AddByte(0xC3);
IntPtr CaveAddress = WinApi.VirtualAllocEx(TibiaHandle, IntPtr.Zero, (uint)cv.Data.Length, WinApi.AllocationType.Commit | WinApi.AllocationType.Reserve, WinApi.MemoryProtection.ExecuteReadWrite);
memRead.WriteBytes(CaveAddress.ToInt32(), cv.Data, (uint)cv.Data.Length);
ChangePrintFpsCall(CaveAddress);
System.Windows.Forms.Clipboard.SetText(CaveAddress.ToString("X"));
}