private void InstallHook()
{
#region Inject New Method
ManagedFasm fasm = new ManagedFasm(d3.ProcessHandle);
fasm.SetMemorySize(0x4096); // Allocate 16KB of memory
string[] endSceneHookASM = new string[]
{
// Original EndScene instructions
"mov edi, edi",
"push ebp",
"mov ebp, esp",
// Save the state of the FPU and general purpose registers
"pushfd",
"pushad",
"call " + InstallUsePower(),
"call " + InstallPressButton(),
// Restore FPU and general purpose registers
"@out:",
"popad",
"popfd",
// Return to right after where we detoured
"jmp " + (oEndScene + 5),
};
foreach (string line in RandomizeAsm(endSceneHookASM))
{
fasm.AddLine(line);
}
byte[] compiled = fasm.Assemble();
uint hookCode = AllocateMemory("EndSceneHook", compiled.Length);
fasm.Inject(hookCode);
fasm.Clear();
#endregion Inject New Method
#region Detour EndScene
origEndSceneBytes = d3.ReadBytes(oEndScene, 5);
fasm.AddLine("jmp 0x{0:X08}", hookCode);
fasm.Inject(oEndScene);
fasm.Clear();
#endregion Detour EndScene
}
public uint InjectAndExecute(string[] asm, bool allowOffline = false)
{
lock (Locker)
{
if (!allowOffline && (!Helpers.Usefuls.InGame || Helpers.Usefuls.IsLoading))
{
return(0);
}
/*List<string> asmCode = new List<string>();
* foreach (string s in asm)
* {
* asmCode.Add(s);
* if (Others.Random(0, 100) > 50)
* {
* int nR = Others.Random(1, 3);
* for (int i = nR; i >= 1; i--)
* {
* asmCode.Add(ProtectHook());
* }
* }
* }
* return (uint) Wow.Memory.WowProcess.Executor.Call(asmCode.ToArray());*/
if (!ThreadHooked)
{
return(0);
}
var fasm = new ManagedFasm(Memory.ProcessHandle);
fasm.SetMemorySize(0x1000);
fasm.SetPassLimit(100);
foreach (string s in asm)
{
fasm.AddLine(s);
}
fasm.Inject(_mInjectionCode);
Memory.WriteByte(_mExecuteRequested, 1);
Timer injectTimer = new Timer(2000);
injectTimer.Reset();
while (Memory.ReadByte(_mExecuteRequested) == 1 && !injectTimer.IsReady)
{
Thread.Sleep(1);
}
if (injectTimer.IsReady)
{
Logging.WriteError("Injection have been aborted, execution too long from " + CurrentCallStack);
return(0);
}
Memory.WriteBytes(_mInjectionCode, _mZeroBytesInjectionCodes);
uint returnValue = Memory.ReadUInt(_mResult);
return(returnValue);
}
}
internal static void smethod_3(this ManagedFasm managedFasm_0, string string_0)
{
int num = random_0.Next(2, 5);
int num2 = num / 2;
smethod_2(managedFasm_0, num2);
managedFasm_0.AddLine(string_0);
smethod_2(managedFasm_0, num % 2 + num2);
}
public void ApplyDX()
{
var fasm = new ManagedFasm(Memory.ProcessHandle);
fasm.SetMemorySize(0x1000);
fasm.SetPassLimit(100);
fasm.AddLine("jmp " + _mTrampolineDX);
if (D3D.OriginalBytesDX.Length > 5)
{
fasm.AddLine("nop");
}
if (D3D.OriginalBytesDX.Length > 6)
{
fasm.AddLine("nop");
}
fasm.Inject(JumpAddressDX);
}
public void Apply()
{
var fasm = new ManagedFasm(Memory.ProcessHandle);
fasm.SetMemorySize(0x1000);
fasm.SetPassLimit(100);
fasm.AddLine("jmp " + _mTrampoline);
fasm.Inject(JumpAddress);
}
/// <summary>
/// Call the specifics asm mnemonics in the message handler thread
/// </summary>
/// <param name="p_Mnemonics"></param>
/// <param name="p_BufferSize"></param>
/// <returns></returns>
public uint Call(string[] p_Mnemonics, int p_BufferSize = 0x1000)
{
using (var fasm = new ManagedFasm(Memory.WowProcess.ProcessHandle))
{
fasm.SetMemorySize(0x500);
fasm.SetPassLimit(100);
foreach (var s in p_Mnemonics)
{
fasm.AddLine(s);
}
uint ptrInject = Memory.WowMemory.Memory.AllocateMemory(p_BufferSize);
fasm.Inject(ptrInject);
return(Call(ptrInject));
}
}
private uint InstallUsePower()
{
ManagedFasm fasm = new ManagedFasm(d3.ProcessHandle);
fasm.SetMemorySize(0x4096); // Allocate 16KB of memory
AllocateMemory("UsePower_PowerInfo", 40);
AllocateMemory("UsePower_ActorPtr", 4);
AllocateMemory("UsePower_AcdPtr", 4);
AllocateMemory("UsePower_Flag", 4);
string[] asm = new string[]
{
"mov edx, [" + GetAddress("UsePower_Flag") + "]",
"cmp edx, 1",
"jne @out",
"push " + GetAddress("UsePower_AcdPtr"),
"push 1",
"push 1",
"mov esi, " + GetAddress("UsePower_PowerInfo"),
"mov eax, [" + GetAddress("UsePower_ActorPtr") + "]",
"call " + Offsets.METHOD_USEPOWER,
"add esp, 12",
"@reset:",
"mov ebp, " + GetAddress("UsePower_Flag"),
"mov edx, 0",
"mov [ebp], edx",
"@out:",
"retn"
};
foreach (string line in RandomizeAsm(asm))
{
fasm.AddLine(line);
}
byte[] compiled = fasm.Assemble();
uint address = AllocateMemory("UsePower", compiled.Length);
fasm.Inject(address);
fasm.Clear();
return(address);
}
private uint InstallPressButton()
{
ManagedFasm fasm = new ManagedFasm(d3.ProcessHandle);
fasm.SetMemorySize(0x4096); // Allocate 16KB of memory
AllocateMemory("PressButton_Ptr", 4);
AllocateMemory("PressButton_Flag", 4);
string[] asm = new string[]
{
"mov edx, [" + GetAddress("PressButton_Flag") + "]",
"cmp edx, 1",
"jne @out",
"push 25h",
"mov ecx, [" + GetAddress("PressButton_Ptr") + "]",
"call " + Offsets.METHOD_PRESSBUTTON,
"@reset:",
"mov ebp, " + GetAddress("PressButton_Flag"),
"mov edx, 0",
"mov [ebp], edx",
"@out:",
"retn"
};
foreach (string line in RandomizeAsm(asm))
{
fasm.AddLine(line);
}
byte[] compiled = fasm.Assemble();
uint address = AllocateMemory("PressButton", compiled.Length);
fasm.Inject(address);
fasm.Clear();
return(address);
}
private static void smethod_2(ManagedFasm managedFasm_0, int int_0)
{
if (int_0 > 0)
{
do
{
int_0--;
string text = smethod_1();
string text2 = smethod_0();
switch (random_0.Next(1, 6))
{
case 1:
for (int i = random_0.Next(1, 4); i > 0; i--)
{
managedFasm_0.AddLine("nop");
}
break;
case 2:
managedFasm_0.AddLine("mov {0}, {0}", text);
break;
case 3:
managedFasm_0.AddLine("mov {0}, {0}", text2);
break;
case 4:
managedFasm_0.AddLine("push {0}", text2);
managedFasm_0.AddLine("pop {0}", text2);
break;
case 5:
managedFasm_0.AddLine("push {0}", text);
managedFasm_0.AddLine("pop {0}", text);
break;
}
}while (int_0 > 0);
}
}
public void Dispose()
{
IntPtr l_User32 = GetModuleHandle("user32.dll");
IntPtr l_SetWindowLongW = GetProcAddress(l_User32, "SetWindowLongW");
// Restore the original WndProc callback
var fasm2 = new ManagedFasm(Memory.WowProcess.ProcessHandle);
fasm2.SetMemorySize(0x500);
fasm2.SetPassLimit(100);
fasm2.AddLine("mov eax, [" + m_OriginalWndProc + "]");
fasm2.AddLine("push eax");
fasm2.AddLine("push " + GWL_WNDPROC + "");
fasm2.AddLine("push " + m_WindowHandle + "");
fasm2.AddLine("call " + l_SetWindowLongW + "");
fasm2.AddLine("retn");
var ptrInject = Memory.WowMemory.Memory.AllocateMemory(0x500);
fasm2.InjectAndExecute(ptrInject);
Memory.WowMemory.Memory.FreeMemory(m_WndProcFunction);
Memory.WowMemory.Memory.FreeMemory(m_OriginalWndProc);
}
public WndProcExecutor(BlackMagic memory)
{
try
{
m_WindowHandle = Memory.WowProcess.MainWindowHandle;
m_Random = new Random();
m_CustomMessageCode = m_Random.Next(0x8000, 0xBFFF); // From MSDN : WM_APP (0x8000) through 0xBFFF
m_WndProcFunction = memory.AllocateMemory(0x500); // WndProc
m_OriginalWndProc = memory.AllocateMemory(0x4); // WndProcOriginalWndProc
IntPtr l_User32 = GetModuleHandle("user32.dll");
IntPtr l_CallWindowProcW = GetProcAddress(l_User32, "CallWindowProcW");
IntPtr l_SetWindowLongW = GetProcAddress(l_User32, "SetWindowLongW");
var fasm = new ManagedFasm(Memory.WowProcess.ProcessHandle);
fasm.SetMemorySize(0x1000);
fasm.SetPassLimit(100);
fasm.AddLine("mov eax, [esp+0x8]"); // Get the message code from the stack);
fasm.AddLine("cmp eax, " + m_CustomMessageCode); // Check if the message code is our custom one
fasm.AddLine("jne @call_original"); // Otherwise simply call the original WndProc
fasm.AddLine("mov eax, [esp+0xC]"); // Function pointer
fasm.AddLine("mov edx, [esp+0x10]"); // Result pointer
fasm.AddLine("push edx"); // Save result pointer
fasm.AddLine("call eax"); // Call the user function
fasm.AddLine("pop edx"); // Restore the result pointer
fasm.AddLine("mov [edx], eax"); // Save user function result
fasm.AddLine("xor eax, eax"); // We handled the message
fasm.AddLine("retn");
fasm.AddLine("@call_original:");
fasm.AddLine("mov ecx, [esp+0x4]"); // Hwnd
fasm.AddLine("mov edx, [esp+0x8]"); // Msg
fasm.AddLine("mov esi, [esp+0xC]"); // WParam
fasm.AddLine("mov edi, [esp+0x10]"); // LParam
fasm.AddLine("mov eax, [" + m_OriginalWndProc + "]");
fasm.AddLine("push edi"); // LParam
fasm.AddLine("push esi"); // WParam
fasm.AddLine("push edx"); // Msg
fasm.AddLine("push ecx"); // Hwnd
fasm.AddLine("push eax"); // WndProc original
//fasm.AddLine("call " + l_CallWindowProcW); // Call the original WndProc
fasm.AddLine("retn 0x14");
// Setup our WndProc callback
//memory.WriteBytes(m_WndProcFunction, D3D.OriginalBytesDX);
fasm.Inject(m_WndProcFunction);
// Register our WndProc callback
var fasm2 = new ManagedFasm(Memory.WowProcess.ProcessHandle);
fasm2.SetMemorySize(0x500);
fasm2.SetPassLimit(100);
fasm2.AddLine("push " + m_WndProcFunction);
fasm2.AddLine("push " + GWL_WNDPROC);
fasm2.AddLine("push " + m_WindowHandle);
fasm2.AddLine("call " + l_SetWindowLongW);
fasm2.AddLine("mov [" + m_OriginalWndProc + "], eax");
fasm2.AddLine("retn");
var ptrInject = memory.AllocateMemory(0x500);
fasm2.InjectAndExecute(ptrInject);
/*var l_Process = System.Diagnostics.Process.GetProcessesByName("Wow").First();
* Console.WriteLine("Using process : " + l_Process.Id + ", window " + l_Process.MainWindowHandle + "");
*
* using (RemoteProcess l_RemoteProcess = new RemoteProcess((uint)l_Process.Id))
* using (var l_WndProcExecutor = new WndProcExecutor2(l_RemoteProcess, l_Process.MainWindowHandle))
* {
*
* LuaTest(l_RemoteProcess, l_WndProcExecutor, "print(\"Hello world motha !\")");
*
* }*/
/*var t = new MyMemory.RemoteProcess((uint)Memory.WowProcess.ProcessId);
* var remoteM = t.MemoryManager.AllocateMemory(0x1000);
* var ptrInject = (uint)remoteM.Pointer; //memory.AllocateMemory(0x500);
*
* fasm2.Inject(ptrInject);
* var prot = new RemoteMemoryProtection(t, remoteM.Pointer, remoteM.Size, Enumerations.MemoryProtectionFlags.Execute);
*
* var th = t.ThreadsManager.CreateRemoteThread((IntPtr) ptrInject, IntPtr.Zero, Enumerations.ThreadCreationFlags.Run);
*/
}
catch (Exception e)
{
Logging.WriteError(e.ToString());
}
}
public T Call <T>(IntPtr Address, MagicConvention CallingConvention, params object[] Arguments) where T : struct
{
using (var asm = new ManagedFasm())
{
asm.Clear();
switch (CallingConvention)
{
case MagicConvention.Cdecl:
{
asm.AddLine("push ebp");
for (var i = Arguments.Length - 1; i >= 0; --i)
{
asm.AddLine("push {0}", Arguments[i]);
}
asm.AddLine("mov eax, {0}", Address);
asm.AddLine("call eax");
for (var i = 0; i < Arguments.Length; ++i)
{
asm.AddLine("pop ebp");
}
asm.AddLine("pop ebp");
asm.AddLine("retn");
break;
}
case MagicConvention.StdCall:
{
for (var i = Arguments.Length - 1; i >= 0; --i)
{
asm.AddLine("push {0}", Arguments[i]);
}
asm.AddLine("mov eax, {0}", Address);
asm.AddLine("call eax");
asm.AddLine("retn");
break;
}
case MagicConvention.FastCall:
{
if (Arguments.Length > 0)
{
asm.AddLine("mov ecx, {0}", Arguments[0]);
}
if (Arguments.Length > 1)
{
asm.AddLine("mov edx, {0}", Arguments[1]);
}
for (var i = Arguments.Length - 1; i >= 2; --i)
{
asm.AddLine("push {0}", Arguments[i]);
}
asm.AddLine("mov eax, {0}", Address);
asm.AddLine("call eax");
asm.AddLine("retn");
break;
}
case MagicConvention.Register:
{
if (Arguments.Length > 0)
{
asm.AddLine("mov eax, {0}", Arguments[0]);
}
if (Arguments.Length > 1)
{
asm.AddLine("mov edx, {0}", Arguments[1]);
}
if (Arguments.Length > 2)
{
asm.AddLine("mov ecx, {0}", Arguments[2]);
}
for (var i = 3; i < Arguments.Length; ++i)
{
asm.AddLine("push {0}", Arguments[i]);
}
asm.AddLine("mov ebx, {0}", Address);
asm.AddLine("call ebx");
asm.AddLine("retn");
break;
}
case MagicConvention.ThisCall:
{
if (Arguments.Length > 0)
{
asm.AddLine("mov ecx, {0}", Arguments[0]);
}
for (var i = Arguments.Length - 1; i >= 1; --i)
{
asm.AddLine("push {0}", Arguments[i]);
}
asm.AddLine("mov eax, {0}", Address);
asm.AddLine("call eax");
asm.AddLine("retn");
break;
}
default:
{
throw new MemoryException("Unhandled calling convention '{0}'", CallingConvention.ToString());
}
}
return(ExecuteRemoteCode <T>(asm.Assemble()));
}
}
/// <summary>
/// Injects a dll into a process by hijacking the given thread and redirecting it to LoadLibrary.
/// </summary>
/// <param name="hProcess">Handle to process into which dll will be injected.</param>
/// <param name="hThread">Handle to thread that will be hijacked.</param>
/// <param name="szDllPath">Full path to the dll to be injected.</param>
/// <returns>Returns the base address of the injected dll on success, zero on failure.</returns>
public static uint InjectDllRedirectThread(IntPtr hProcess, IntPtr hThread, string szDllPath)
{
const uint INITIAL_EXIT_CODE = 0xFFFFFFFF;
if (hProcess == IntPtr.Zero)
{
throw new ArgumentNullException("hProcess");
}
if (hThread == IntPtr.Zero)
{
throw new ArgumentNullException("hThread");
}
if (szDllPath.Length == 0)
{
throw new ArgumentNullException("szDllPath");
}
if (!szDllPath.Contains("\\"))
{
szDllPath = System.IO.Path.GetFullPath(szDllPath);
}
if (!System.IO.File.Exists(szDllPath))
{
throw new ArgumentException("DLL not found.", "szDllPath");
}
uint dwBaseAddress = RETURN_ERROR;
uint lpLoadLibrary, lpAsmStub;
CONTEXT ctx;
StringBuilder AssemblyStub = new StringBuilder();
ManagedFasm fasm = new ManagedFasm(hProcess);
lpLoadLibrary = (uint)Imports.GetProcAddress(Imports.GetModuleHandle("kernel32.dll"), "LoadLibraryA");
if (lpLoadLibrary == 0)
{
return(RETURN_ERROR);
}
lpAsmStub = SMemory.AllocateMemory(hProcess);
if (lpAsmStub == 0)
{
return(RETURN_ERROR);
}
if (SThread.SuspendThread(hThread) != uint.MaxValue)
{
ctx = SThread.GetThreadContext(hThread, CONTEXT_FLAGS.CONTEXT_CONTROL);
if (ctx.Eip > 0)
{
try
{
//located at lpAsmStub+0, where we can monitor LoadLibrary's exit code.
fasm.AddLine("lpExitCode dd 0x{0:X}", INITIAL_EXIT_CODE);
//lpAsmStub+4, where the actual code part starts
fasm.AddLine("push 0x{0:X}", ctx.Eip);
fasm.AddLine("pushad");
fasm.AddLine("push szDllPath");
fasm.AddLine("call 0x{0:X}", lpLoadLibrary);
fasm.AddLine("mov [lpExitCode], eax");
fasm.AddLine("popad");
fasm.AddLine("retn");
//dll path
fasm.AddLine("szDllPath db \'{0}\',0", szDllPath);
fasm.Inject(lpAsmStub);
}
catch
{
SMemory.FreeMemory(hProcess, lpAsmStub);
SThread.ResumeThread(hThread);
return(RETURN_ERROR);
}
ctx.ContextFlags = CONTEXT_FLAGS.CONTEXT_CONTROL;
ctx.Eip = lpAsmStub + 4; //skip over lpExitCode data
if (SThread.SetThreadContext(hThread, ctx))
{
if (SThread.ResumeThread(hThread) != uint.MaxValue)
{
for (int i = 0; i < 400; i++)
{
System.Threading.Thread.Sleep(5);
if ((dwBaseAddress = SMemory.ReadUInt(hProcess, lpAsmStub)) != INITIAL_EXIT_CODE)
{
break;
}
}
}
}
}
}
if (fasm != null)
{
fasm.Dispose();
fasm = null;
}
SMemory.FreeMemory(hProcess, lpAsmStub);
return(dwBaseAddress);
}
/// <summary>
/// Injects a dll into a process by hijacking the given thread and redirecting it to LoadLibrary.
/// </summary>
/// <param name="hProcess">Handle to process into which dll will be injected.</param>
/// <param name="hThread">Handle to thread that will be hijacked.</param>
/// <param name="szDllPath">Full path to the dll to be injected.</param>
/// <returns>Returns the base address of the injected dll on success, zero on failure.</returns>
public static uint InjectDllRedirectThread(IntPtr hProcess, IntPtr hThread, string szDllPath) {
const uint INITIAL_EXIT_CODE = 0xFFFFFFFF;
if (hProcess == IntPtr.Zero)
throw new ArgumentNullException("hProcess");
if (hThread == IntPtr.Zero)
throw new ArgumentNullException("hThread");
if (szDllPath.Length == 0)
throw new ArgumentNullException("szDllPath");
if (!szDllPath.Contains("\\"))
szDllPath = System.IO.Path.GetFullPath(szDllPath);
if (!System.IO.File.Exists(szDllPath))
throw new ArgumentException("DLL not found.", "szDllPath");
uint dwBaseAddress = RETURN_ERROR;
uint lpLoadLibrary, lpAsmStub;
CONTEXT ctx;
StringBuilder AssemblyStub = new StringBuilder();
ManagedFasm fasm = new ManagedFasm(hProcess);
lpLoadLibrary = (uint)Imports.GetProcAddress(Imports.GetModuleHandle("kernel32.dll"), "LoadLibraryA");
if (lpLoadLibrary == 0)
throw new Exception("Failed to get address of LoadLibraryA in kernel32.dll");
lpAsmStub = MemoryHelper.AllocateMemory(hProcess);
if (lpAsmStub == 0)
throw new Exception("Failed to allocate Memory in the Process!");
if (ThreadHelper.SuspendThread(hThread) != uint.MaxValue) {
ctx = ThreadHelper.GetThreadContext(hThread, CONTEXT_FLAGS.CONTEXT_CONTROL);
if (ctx.Eip > 0) {
try {
//located at lpAsmStub+0, where we can monitor LoadLibrary's exit code.
fasm.AddLine("lpExitCode dd 0x{0:X}", INITIAL_EXIT_CODE);
//lpAsmStub+4, where the actual code part starts
fasm.AddLine("push 0x{0:X}", ctx.Eip);
fasm.AddLine("pushad");
fasm.AddLine("push szDllPath");
fasm.AddLine("call 0x{0:X}", lpLoadLibrary);
fasm.AddLine("mov [lpExitCode], eax");
fasm.AddLine("popad");
fasm.AddLine("retn");
//dll path
fasm.AddLine("szDllPath db \'{0}\',0", szDllPath);
fasm.Inject(lpAsmStub);
} catch {
MemoryHelper.FreeMemory(hProcess, lpAsmStub);
ThreadHelper.ResumeThread(hThread);
return RETURN_ERROR;
}
ctx.ContextFlags = CONTEXT_FLAGS.CONTEXT_CONTROL;
ctx.Eip = lpAsmStub + 4; //skip over lpExitCode data
if (ThreadHelper.SetThreadContext(hThread, ctx)) {
if (ThreadHelper.ResumeThread(hThread) != uint.MaxValue) {
for (int i = 0; i < 400; i++) {
System.Threading.Thread.Sleep(5);
if ((dwBaseAddress = MemoryHelper.ReadUInt(hProcess, lpAsmStub)) != INITIAL_EXIT_CODE)
break;
}
}
}
}
}
if (fasm != null) {
fasm.Dispose();
fasm = null;
}
MemoryHelper.FreeMemory(hProcess, lpAsmStub);
return dwBaseAddress;
}
internal static void smethod_3()
{
State = StateEnum.None;
string[] strArray = string_0;
int index = 0;
while (true)
{
if (index >= strArray.Length)
{
break;
}
string path = strArray[index];
try
{
File.Delete(path);
}
catch
{
}
index++;
}
ExternalProcessMemory memory = ExternalProcessMemory_0;
intptr_1 = memory.GetProcAddress("user32.dll", "GetActiveWindow");
if (intptr_1 == IntPtr.Zero)
{
throw new Exception("The function 'GetActiveWindow' was not found.");
}
intptr_0 = memory.GetProcAddress("user32.dll", "GetForegroundWindow");
if (intptr_0 == IntPtr.Zero)
{
throw new Exception("The function 'GetForegroundWindow' was not found.");
}
intptr_2 = memory.GetProcAddress("user32.dll", "GetKeyState");
if (intptr_2 == IntPtr.Zero)
{
throw new Exception("The function 'GetKeyState' was not found.");
}
intptr_3 = memory.GetProcAddress("user32.dll", "GetCursorPos");
if (intptr_3 == IntPtr.Zero)
{
throw new Exception("The function 'GetCursorPos' was not found.");
}
intptr_4 = memory.GetProcAddress("user32.dll", "ScreenToClient");
if (intptr_4 == IntPtr.Zero)
{
throw new Exception("The function 'ScreenToClient' was not found.");
}
allocatedMemory_0 = memory.CreateAllocatedMemory(0x1000);
List <byte[]> list = smethod_1();
if (list != null)
{
using (TritonHs.AcquireFrame())
{
ExternalProcessMemory_0.WriteBytes(intptr_0, list[0]);
ExternalProcessMemory_0.WriteBytes(intptr_1, list[1]);
ExternalProcessMemory_0.WriteBytes(intptr_2, list[2]);
ExternalProcessMemory_0.WriteBytes(intptr_3, list[3]);
ExternalProcessMemory_0.WriteBytes(intptr_4, list[4]);
}
}
bool flag = false;
try
{
int offsetInBytes = 0;
IntPtr ptr = IntPtr_0;
ManagedFasm asm = memory.Asm;
asm.Clear();
asm.AddLine("mov eax, " + ptr.ToString());
asm.AddLine("retn");
byte[] bytes = asm.Assemble();
asm.Clear();
allocatedMemory_0.WriteBytes(0, bytes);
IntPtr ptr2 = allocatedMemory_0.Address + IntPtr.Zero;
ptr2 = allocatedMemory_0.Address + IntPtr.Zero;
int num3 = (ptr2.ToInt32() - intptr_1.ToInt32()) - 5;
offsetInBytes = 0 + bytes.Length;
byte_0 = new byte[5];
byte_0[0] = 0xe9;
byte[] buffer2 = BitConverter.GetBytes((int)((ptr2.ToInt32() - intptr_0.ToInt32()) - 5));
for (int i = 0; i < buffer2.Length; i++)
{
byte_0[i + 1] = buffer2[i];
}
byte_1 = new byte[5];
byte_1[0] = 0xe9;
byte[] buffer3 = BitConverter.GetBytes(num3);
for (int j = 0; j < buffer3.Length; j++)
{
byte_1[j + 1] = buffer3[j];
}
memory.Patches.Create(intptr_0, byte_0, "ProcessHookManager_GetForegroundWindow");
memory.Patches.Create(intptr_1, byte_1, "ProcessHookManager_GetActiveWindow");
byte[] buffer4 = new byte[0x400];
allocatedMemory_0.WriteBytes(offsetInBytes, buffer4);
IntPtr ptr3 = allocatedMemory_0.Address + offsetInBytes;
int_0 = offsetInBytes;
offsetInBytes += 0x400;
byte[] buffer5 = new byte[8];
allocatedMemory_0.WriteBytes(offsetInBytes, buffer5);
IntPtr ptr4 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
IntPtr ptr5 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
ManagedFasm fasm = memory.Asm;
fasm.Clear();
fasm.AddLine("pop eax");
object[] args = new object[] { ptr4 };
fasm.AddLine("mov [{0}], eax", args);
fasm.AddLine("pop eax");
object[] objArray2 = new object[] { ptr5 };
fasm.AddLine("mov [{0}], eax", objArray2);
fasm.AddLine("imul eax, 4");
object[] objArray3 = new object[] { ptr3 };
fasm.AddLine("add eax, {0}", objArray3);
fasm.AddLine("mov eax, [eax]");
object[] objArray4 = new object[] { ptr4 };
fasm.AddLine("pushd [{0}]", objArray4);
fasm.AddLine("retn");
byte[] buffer6 = fasm.Assemble();
fasm.Clear();
allocatedMemory_0.WriteBytes(offsetInBytes, buffer6);
ptr2 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += buffer6.Length;
byte_2 = new byte[5];
byte_2[0] = 0xe9;
byte[] buffer7 = BitConverter.GetBytes((int)((ptr2.ToInt32() - intptr_2.ToInt32()) - 5));
for (int k = 0; k < buffer7.Length; k++)
{
byte_2[k + 1] = buffer7[k];
}
memory.Patches.Create(intptr_2, byte_2, "ProcessHookManager_GetKeyState");
byte[] buffer8 = new byte[12];
buffer8[8] = 1;
allocatedMemory_0.WriteBytes(offsetInBytes, buffer8);
IntPtr ptr6 = allocatedMemory_0.Address + offsetInBytes;
int_1 = offsetInBytes;
offsetInBytes += 4;
int_2 = offsetInBytes;
offsetInBytes += 4;
int_3 = offsetInBytes;
offsetInBytes += 4;
byte[] buffer9 = new byte[8];
allocatedMemory_0.WriteBytes(offsetInBytes, buffer9);
IntPtr ptr7 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
IntPtr ptr8 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
ManagedFasm fasm2 = memory.Asm;
fasm2.Clear();
fasm2.AddLine("pop eax");
object[] objArray5 = new object[] { ptr7 };
fasm2.AddLine("mov [{0}], eax", objArray5);
fasm2.AddLine("pop eax");
object[] objArray6 = new object[] { ptr8 };
fasm2.AddLine("mov [{0}], eax", objArray6);
fasm2.AddLine("push ecx");
object[] objArray7 = new object[] { ptr6 };
fasm2.AddLine("mov ecx, {0}", objArray7);
fasm2.AddLine("mov ecx, [ecx]");
fasm2.AddLine("mov [eax], ecx");
fasm2.AddLine("add eax, 4");
object[] objArray8 = new object[] { ptr6 };
fasm2.AddLine("mov ecx, {0}", objArray8);
fasm2.AddLine("add ecx, 4");
fasm2.AddLine("mov ecx, [ecx]");
fasm2.AddLine("mov [eax], ecx");
object[] objArray9 = new object[] { ptr6 };
fasm2.AddLine("mov ecx, {0}", objArray9);
fasm2.AddLine("add ecx, 8");
fasm2.AddLine("mov eax, [ecx]");
fasm2.AddLine("pop ecx");
object[] objArray10 = new object[] { ptr7 };
fasm2.AddLine("pushd [{0}]", objArray10);
fasm2.AddLine("retn");
byte[] buffer10 = fasm2.Assemble();
fasm2.Clear();
allocatedMemory_0.WriteBytes(offsetInBytes, buffer10);
ptr2 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += buffer10.Length;
byte_3 = new byte[5];
byte_3[0] = 0xe9;
byte[] buffer11 = BitConverter.GetBytes((int)((ptr2.ToInt32() - intptr_3.ToInt32()) - 5));
for (int m = 0; m < buffer11.Length; m++)
{
byte_3[m + 1] = buffer11[m];
}
memory.Patches.Create(intptr_3, byte_3, "ProcessHookManager_GetCursorPos");
byte[] buffer12 = new byte[12];
buffer12[8] = 1;
allocatedMemory_0.WriteBytes(offsetInBytes, buffer12);
IntPtr ptr9 = allocatedMemory_0.Address + offsetInBytes;
int_4 = offsetInBytes;
offsetInBytes += 4;
int_5 = offsetInBytes;
offsetInBytes += 4;
int_6 = offsetInBytes;
offsetInBytes += 4;
byte[] buffer13 = new byte[12];
allocatedMemory_0.WriteBytes(offsetInBytes, buffer13);
IntPtr ptr10 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
IntPtr ptr11 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
IntPtr ptr12 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
ManagedFasm fasm3 = memory.Asm;
fasm3.Clear();
fasm3.AddLine("pop eax");
object[] objArray11 = new object[] { ptr10 };
fasm3.AddLine("mov [{0}], eax", objArray11);
fasm3.AddLine("pop eax");
object[] objArray12 = new object[] { ptr11 };
fasm3.AddLine("mov [{0}], eax", objArray12);
fasm3.AddLine("pop eax");
object[] objArray13 = new object[] { ptr12 };
fasm3.AddLine("mov [{0}], eax", objArray13);
fasm3.AddLine("push ecx");
object[] objArray14 = new object[] { ptr9 };
fasm3.AddLine("mov ecx, {0}", objArray14);
fasm3.AddLine("mov ecx, [ecx]");
fasm3.AddLine("mov [eax], ecx");
fasm3.AddLine("add eax, 4");
object[] objArray15 = new object[] { ptr9 };
fasm3.AddLine("mov ecx, {0}", objArray15);
fasm3.AddLine("add ecx, 4");
fasm3.AddLine("mov ecx, [ecx]");
fasm3.AddLine("mov [eax], ecx");
object[] objArray16 = new object[] { ptr9 };
fasm3.AddLine("mov ecx, {0}", objArray16);
fasm3.AddLine("add ecx, 8");
fasm3.AddLine("mov eax, [ecx]");
fasm3.AddLine("pop ecx");
object[] objArray17 = new object[] { ptr10 };
fasm3.AddLine("pushd [{0}]", objArray17);
fasm3.AddLine("retn");
byte[] buffer14 = fasm3.Assemble();
fasm3.Clear();
allocatedMemory_0.WriteBytes(offsetInBytes, buffer14);
ptr2 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += buffer14.Length;
byte_4 = new byte[5];
byte_4[0] = 0xe9;
byte[] buffer15 = BitConverter.GetBytes((int)((ptr2.ToInt32() - intptr_4.ToInt32()) - 5));
for (int n = 0; n < buffer15.Length; n++)
{
byte_4[n + 1] = buffer15[n];
}
memory.Patches.Create(intptr_4, byte_4, "ProcessHookManager_ScreenToClient");
smethod_2();
}
catch (Exception)
{
flag = true;
throw;
}
finally
{
if (flag && (allocatedMemory_0 != null))
{
allocatedMemory_0.Dispose();
allocatedMemory_0 = null;
}
}
}
private void CreateTrampoline()
{
_mTrampoline = Memory.AllocateMemory(0x1000);
Console.WriteLine("m_trampoline : " + _mTrampoline.ToString("X"));
var fasm = new ManagedFasm(Memory.ProcessHandle);
fasm.SetMemorySize(0x1000);
fasm.SetPassLimit(100);
fasm.AddLine("call {0}", Wow.Memory.WowProcess.WowModule + (uint)Addresses.FunctionWow.ReturnFunc);
fasm.AddLine("pushad");
fasm.AddLine("pushfd");
fasm.AddLine("mov eax, [{0}]", _mLocked);
fasm.AddLine("@execution:");
fasm.AddLine("mov eax, [{0}]", _mExecuteRequested);
fasm.AddLine("test eax, eax");
fasm.AddLine("je @lockcheck");
fasm.AddLine("call {0}", _mInjectionCode);
fasm.AddLine("mov [" + _mResult + "], eax");
fasm.AddLine("xor eax, eax");
fasm.AddLine("mov [" + _mExecuteRequested + "], eax");
fasm.AddLine("@lockcheck:");
fasm.AddLine("mov eax, [{0}]", _mLocked);
fasm.AddLine("test eax, eax");
fasm.AddLine("jne @execution");
fasm.AddLine("popfd");
fasm.AddLine("popad");
fasm.AddLine("jmp " + (JumpAddress + D3D.OriginalBytes.Length));
fasm.Inject(_mTrampoline);
}
private void CreateTrampolineDX()
{
_mTrampolineDX = Memory.AllocateMemory(0x1000);
Console.WriteLine("m_trampoline : " + _mTrampolineDX.ToString("X"));
var fasm = new ManagedFasm(Memory.ProcessHandle);
fasm.SetMemorySize(0x1000);
fasm.SetPassLimit(100);
fasm.AddLine("pushad");
fasm.AddLine("pushfd");
fasm.AddLine("mov eax, [{0}]", _mLocked); // _mLockedDX
fasm.AddLine("@execution:");
fasm.AddLine("mov eax, [{0}]", _mExecuteRequested); // DX
fasm.AddLine("test eax, eax");
fasm.AddLine("je @lockcheck");
/*fasm.AddLine("mov ebx, [{0}]", (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.SpellChecker));
* fasm.AddLine("mov eax, [ebx+" + (uint) Addresses.FunctionWow.SpellCheckerOff1 + "]");
* fasm.AddLine("mov esi, [ebx+" + (uint) Addresses.FunctionWow.SpellCheckerOff2 + "]");
* fasm.AddLine("mov [" + _mSavedAntiban + "], esi");
* fasm.AddLine("mov [ebx+" + (uint) Addresses.FunctionWow.SpellCheckerOff2 + "], eax");*/
fasm.AddLine("call {0}", _mInjectionCode);
fasm.AddLine("mov [" + _mResult + "], eax");
/*fasm.AddLine("mov edx, {0}", (uint) (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.CTMChecker));
* fasm.AddLine("call " + (uint) (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.WoWTextCaller));
* fasm.AddLine("push happilyeverafter");
* fasm.AddLine("push " + (uint) (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.RetFromFunctionBelow));
* fasm.AddLine("jmp " + (uint) (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.CTMChecker2));
* fasm.AddLine("happilyeverafter:");*/
/*fasm.AddLine("mov ebx, [{0}]", (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.SpellChecker));
* fasm.AddLine("mov esi, [" + _mSavedAntiban + "]");
* fasm.AddLine("mov [ebx+" + (uint) Addresses.FunctionWow.SpellCheckerOff2 + "], esi");*/
fasm.AddLine("xor eax, eax");
fasm.AddLine("mov [" + _mExecuteRequested + "], eax"); // DX
fasm.AddLine("@lockcheck:");
fasm.AddLine("mov eax, [{0}]", _mLocked); // DX
fasm.AddLine("test eax, eax");
fasm.AddLine("jne @execution");
fasm.AddLine("push 0");
fasm.AddLine("add esp, 4");
fasm.AddLine("popfd");
fasm.AddLine("popad");
Memory.WriteBytes(_mTrampolineDX, D3D.OriginalBytesDX);
fasm.AddLine("jmp " + (JumpAddressDX + D3D.OriginalBytesDX.Length));
fasm.Inject((uint)(_mTrampolineDX + D3D.OriginalBytesDX.Length));
}