private void uxApply_Click(object sender, RoutedEventArgs e)
{
if (uxClientPath.Text == string.Empty || !uxClientPath.Text.Contains(".exe"))
{
MessageBox.Show("Client path is not valid.");
return;
}
var process = Process.Start(uxClientPath.Text);
process.WaitForInputIdle();
while (process.MainWindowHandle == IntPtr.Zero)
{
process.Refresh();
Thread.Sleep(5);
}
var baseAddress = (uint)process.MainModule.BaseAddress.ToInt32();
var processHandle = WinAPI.OpenProcess((WinAPI.PROCESS_VM_READ | WinAPI.PROCESS_VM_WRITE | WinAPI.PROCESS_VM_OPERATION), 0, (uint)process.Id);
var buffer = Memory.ReadBytes(processHandle, baseAddress, (uint)process.MainModule.ModuleMemorySize);
var rsaKey = Memory.ScanString(buffer, Constants.RealTibiaRsaHexKey);
var loginServer = Memory.ScanString(buffer, Constants.LoginWebServiceUrl);
process.Kill();
var pi = new WinAPI.PROCESS_INFORMATION();
var si = new WinAPI.STARTUPINFO();
if (!WinAPI.CreateProcess(uxClientPath.Text, " ", IntPtr.Zero, IntPtr.Zero, false, WinAPI.CREATE_SUSPENDED, IntPtr.Zero, System.IO.Path.GetDirectoryName(uxClientPath.Text), ref si, out pi))
{
return;
}
processHandle = pi.hProcess;
process = Process.GetProcessById(Convert.ToInt32(pi.dwProcessId));
baseAddress = (uint)WinAPI.GetBaseAddress(processHandle).ToInt32();
Memory.WriteString(processHandle, rsaKey + baseAddress, Constants.OpenTibiaRsaHexKey);
Memory.WriteString(processHandle, loginServer + baseAddress, Memory.ReadString(processHandle, loginServer + baseAddress).Replace("https://secure.tibia.com/services/login.php", "http://127.0.0.1"));
WinAPI.ResumeThread(pi.hThread);
process.WaitForInputIdle();
WinAPI.CloseHandle(pi.hThread);
while (process.MainWindowHandle == IntPtr.Zero)
{
process.Refresh();
Thread.Sleep(5);
}
}
//public static void Main()
public string Run(string _Path)
{
int session = WinAPI.WTSGetActiveConsoleSessionId();
if (session == 0xFFFFFFFF)
{
return("NoActiveSession");
}
IntPtr userToken;
bool res = WinAPI.WTSQueryUserToken(session, out userToken);
string path = "C:\\Windows\\LauncherWord.exe";
string dir = Path.GetDirectoryName(path);
WinAPI.STARTUPINFO si = new WinAPI.STARTUPINFO();
si.lpDesktop = "winsta0\\default";
si.cb = (uint)Marshal.SizeOf(si);
WinAPI.PROCESS_INFORMATION pi = new WinAPI.PROCESS_INFORMATION();
WinAPI.SECURITY_ATTRIBUTES sa = new WinAPI.SECURITY_ATTRIBUTES();
sa.bInheritHandle = true;
sa.length = Marshal.SizeOf(sa);
sa.lpSecurityDescriptor = IntPtr.Zero;
if (!WinAPI.CreateProcessAsUser(userToken, // user token
path + " " + _Path, // exexutable path
"", // arguments
ref sa, // process security attributes ( none )
ref sa, // thread security attributes ( none )
true, // inherit handles?
0x02000000, // creation flags
IntPtr.Zero, // environment variables
dir, // current directory of the new process
ref si, // startup info
ref pi)) // receive process information in pi
{
int error = Marshal.GetLastWin32Error();
return("Error CreateProcessAsUser:"******" File: " + path + " " + _Path);
}
else
{
return("Success:" + path + " " + _Path);
}
}
/// <summary>
/// Private component to StartProcess, this is run in a seperate thread from the main thread.
/// </summary>
private void StartMultithreadedProcess()
{
WinAPI.STARTUP_INFO startup = new WinAPI.STARTUP_INFO();
WinAPI.PROCESS_INFORMATION procInfo = new WinAPI.PROCESS_INFORMATION();
if (this.settings.HideMainWindow)
startup.Desktop = DesktopName;
if (!WinAPI.CreateProcess(null, this.debuggeePath + " " + this.ProcessArguments, IntPtr.Zero, IntPtr.Zero, false, (DEBUG_PROCESS | CREATE_DEFAULT_ERROR_MODE | CREATE_NEW_CONSOLE | CREATE_NEW_PROCESS_GROUP), IntPtr.Zero, null, ref startup, ref procInfo))
throw new Exception("Error creating the process");
this.debuggee = Process.GetProcessById(procInfo.ProcessId);
this.debuggee.PriorityClass = ProcessPriorityClass.RealTime;
this.ErrorInformation.Append("Debuggee: " + this.debuggee.ProcessName + "\r\n");
this.ErrorInformation.Append("ProcessID: " + this.debuggee.Id.ToString() + "\r\n");
if (!WinAPI.CloseHandle(procInfo.Thread))
throw new Exception("Error closing handle to created thread");
if (!WinAPI.CloseHandle(procInfo.Process))
throw new Exception("Error closing handle to created process");
this.CheckProcessArchitecture();
this.MainDebuggerLoop();
}
private void uxApply_Click(object sender, RoutedEventArgs e)
{
try
{
if (uxClientPath.Text == string.Empty || !uxClientPath.Text.Contains(".exe"))
{
MessageBox.Show("Client path is not valid.");
return;
}
if (uxIP.Text.Equals(string.Empty))
{
MessageBox.Show("IP is not valid.");
return;
}
ushort port;
if (uxPort.Text.Equals(string.Empty) || !ushort.TryParse(uxPort.Text, out port))
{
MessageBox.Show("Port is not valid.");
return;
}
Environment.CurrentDirectory = uxClientPath.Text.Replace("Tibia.exe", "");
Process process = Process.Start(uxClientPath.Text);
process.WaitForInputIdle();
while (process.MainWindowHandle == IntPtr.Zero)
{
process.Refresh();
Thread.Sleep(5);
}
var version = FileVersionInfo.GetVersionInfo(uxClientPath.Text).FileVersion;
if (version == "1, 0, 0, 1")
{
version = "7.0.0";
}
var versionNumber = int.Parse(version.Replace(".", ""));
var baseAddress = (uint)process.MainModule.BaseAddress.ToInt32();
var processHandle = WinAPI.OpenProcess((WinAPI.PROCESS_VM_READ | WinAPI.PROCESS_VM_WRITE | WinAPI.PROCESS_VM_OPERATION), 0, (uint)process.Id);
var buffer = Memory.ReadBytes(processHandle, baseAddress, (uint)process.MainModule.ModuleMemorySize);
uint loginServerStart = 0;
if (versionNumber >= 10110)
{
loginServerStart = Memory.ScanBytes(buffer, Constants.LoginServerArrayCurrent) + baseAddress;
loginServerStart = Memory.ReadUInt32(processHandle, loginServerStart - Constants.LoginServerStartOffsetCurrent) - baseAddress;
}
else if (versionNumber >= 800)
{
loginServerStart = Memory.ScanBytes(buffer, Constants.LoginServerArrayPre10110) + baseAddress;
loginServerStart = Memory.ReadUInt32(processHandle, loginServerStart + Constants.LoginServerStartOffsetPre10110) - baseAddress;
}
else
{
loginServerStart = Memory.ScanBytes(buffer, Constants.LoginServerArrayPre8000) + baseAddress;
loginServerStart = Memory.ReadUInt32(processHandle, loginServerStart + Constants.LoginServerStartOffsetPre8000) - baseAddress;
}
uint loginServerEnd = 0;
uint loginServerStep = 0;
uint loginServerHostnamePtrOffset = 0;
uint loginServerIpPtrOffset = 0;
uint loginServerPortOffset = 0;
uint loginServerCount = 0;
if (versionNumber >= 10500)
{
loginServerEnd = loginServerStart + 0x04;
loginServerStep = 0x30;
loginServerHostnamePtrOffset = 0x04;
loginServerIpPtrOffset = 0x1C;
loginServerPortOffset = 0x28;
}
else if (versionNumber >= 10110)
{
loginServerEnd = loginServerStart + 0x04;
loginServerStep = 0x38;
loginServerHostnamePtrOffset = 0x04;
loginServerIpPtrOffset = 0x20;
loginServerPortOffset = 0x30;
loginServerCount = 0x0A;
}
else if (versionNumber >= 800)
{
loginServerStep = 0x70;
loginServerPortOffset = 0x64;
loginServerCount = 0x0A;
}
else
{
loginServerStep = 0x70;
loginServerPortOffset = 0x64;
loginServerCount = 0x04;
}
uint rsaKey = 0;
if (versionNumber >= 861)
{
rsaKey = Memory.ScanString(buffer, Constants.RsaKeyCurrent);
}
else if (versionNumber >= 772)
{
rsaKey = Memory.ScanString(buffer, Constants.RsaKeyOld);
}
process.Kill();
var pi = new WinAPI.PROCESS_INFORMATION();
var si = new WinAPI.STARTUPINFO();
if (!WinAPI.CreateProcess(uxClientPath.Text, " ", IntPtr.Zero, IntPtr.Zero, false, WinAPI.CREATE_SUSPENDED, IntPtr.Zero, System.IO.Path.GetDirectoryName(uxClientPath.Text), ref si, out pi))
{
return;
}
processHandle = pi.hProcess;
process = Process.GetProcessById(Convert.ToInt32(pi.dwProcessId));
baseAddress = (uint)WinAPI.GetBaseAddress(processHandle).ToInt32();
WinAPI.ResumeThread(pi.hThread);
process.WaitForInputIdle();
WinAPI.CloseHandle(pi.hThread);
while (process.MainWindowHandle == IntPtr.Zero)
{
process.Refresh();
Thread.Sleep(5);
}
var resolvedIp = uxIP.Text;
IPAddress ipa;
if (!IPAddress.TryParse(uxIP.Text, out ipa))
{
IPAddress[] addressList = Dns.GetHostEntry(uxIP.Text).AddressList;
if (addressList.Length > 0)
{
resolvedIp = addressList[0].ToString();
}
}
if (versionNumber >= 10110)
{
uint loginStart = Memory.ReadUInt32(processHandle, loginServerStart + baseAddress);
uint loginEnd = Memory.ReadUInt32(processHandle, loginServerEnd + baseAddress);
for (uint loginServer = loginStart; loginServer < loginEnd; loginServer += loginServerStep)
{
uint ipAddress = Memory.ReadUInt32(processHandle, loginServer + loginServerIpPtrOffset);
Memory.WriteInt32(processHandle, ipAddress, 0);
uint hostAddress = Memory.ReadUInt32(processHandle, loginServer + loginServerHostnamePtrOffset);
Memory.WriteString(processHandle, hostAddress, resolvedIp);
uint portAddress = loginServer + loginServerPortOffset;
var portValue = BitConverter.ToUInt16(Memory.ReadBytes(processHandle, portAddress, 2), 0);
Memory.WriteUInt16(processHandle, portAddress, port);
}
}
else
{
uint loginServer = loginServerStart + baseAddress;
for (int i = 0; i < loginServerCount; ++i)
{
Memory.WriteString(processHandle, loginServer, resolvedIp);
Memory.WriteUInt16(processHandle, loginServer + loginServerPortOffset, port);
loginServer += loginServerStep;
}
}
if (versionNumber >= 772)
{
Memory.WriteRsa(processHandle, (rsaKey + baseAddress), Constants.RsaKeyOpenTibia);
}
}
catch (Exception ex)
{
throw ex;
}
}
