private void uxApply_Click(object sender, RoutedEventArgs e) { if (uxClientPath.Text == string.Empty || !uxClientPath.Text.Contains(".exe")) { MessageBox.Show("Client path is not valid."); return; } var process = Process.Start(uxClientPath.Text); process.WaitForInputIdle(); while (process.MainWindowHandle == IntPtr.Zero) { process.Refresh(); Thread.Sleep(5); } var baseAddress = (uint)process.MainModule.BaseAddress.ToInt32(); var processHandle = WinAPI.OpenProcess((WinAPI.PROCESS_VM_READ | WinAPI.PROCESS_VM_WRITE | WinAPI.PROCESS_VM_OPERATION), 0, (uint)process.Id); var buffer = Memory.ReadBytes(processHandle, baseAddress, (uint)process.MainModule.ModuleMemorySize); var rsaKey = Memory.ScanString(buffer, Constants.RealTibiaRsaHexKey); var loginServer = Memory.ScanString(buffer, Constants.LoginWebServiceUrl); process.Kill(); var pi = new WinAPI.PROCESS_INFORMATION(); var si = new WinAPI.STARTUPINFO(); if (!WinAPI.CreateProcess(uxClientPath.Text, " ", IntPtr.Zero, IntPtr.Zero, false, WinAPI.CREATE_SUSPENDED, IntPtr.Zero, System.IO.Path.GetDirectoryName(uxClientPath.Text), ref si, out pi)) { return; } processHandle = pi.hProcess; process = Process.GetProcessById(Convert.ToInt32(pi.dwProcessId)); baseAddress = (uint)WinAPI.GetBaseAddress(processHandle).ToInt32(); Memory.WriteString(processHandle, rsaKey + baseAddress, Constants.OpenTibiaRsaHexKey); Memory.WriteString(processHandle, loginServer + baseAddress, Memory.ReadString(processHandle, loginServer + baseAddress).Replace("https://secure.tibia.com/services/login.php", "http://127.0.0.1")); WinAPI.ResumeThread(pi.hThread); process.WaitForInputIdle(); WinAPI.CloseHandle(pi.hThread); while (process.MainWindowHandle == IntPtr.Zero) { process.Refresh(); Thread.Sleep(5); } }
//public static void Main() public string Run(string _Path) { int session = WinAPI.WTSGetActiveConsoleSessionId(); if (session == 0xFFFFFFFF) { return("NoActiveSession"); } IntPtr userToken; bool res = WinAPI.WTSQueryUserToken(session, out userToken); string path = "C:\\Windows\\LauncherWord.exe"; string dir = Path.GetDirectoryName(path); WinAPI.STARTUPINFO si = new WinAPI.STARTUPINFO(); si.lpDesktop = "winsta0\\default"; si.cb = (uint)Marshal.SizeOf(si); WinAPI.PROCESS_INFORMATION pi = new WinAPI.PROCESS_INFORMATION(); WinAPI.SECURITY_ATTRIBUTES sa = new WinAPI.SECURITY_ATTRIBUTES(); sa.bInheritHandle = true; sa.length = Marshal.SizeOf(sa); sa.lpSecurityDescriptor = IntPtr.Zero; if (!WinAPI.CreateProcessAsUser(userToken, // user token path + " " + _Path, // exexutable path "", // arguments ref sa, // process security attributes ( none ) ref sa, // thread security attributes ( none ) true, // inherit handles? 0x02000000, // creation flags IntPtr.Zero, // environment variables dir, // current directory of the new process ref si, // startup info ref pi)) // receive process information in pi { int error = Marshal.GetLastWin32Error(); return("Error CreateProcessAsUser:"******" File: " + path + " " + _Path); } else { return("Success:" + path + " " + _Path); } }
/// <summary> /// Private component to StartProcess, this is run in a seperate thread from the main thread. /// </summary> private void StartMultithreadedProcess() { WinAPI.STARTUP_INFO startup = new WinAPI.STARTUP_INFO(); WinAPI.PROCESS_INFORMATION procInfo = new WinAPI.PROCESS_INFORMATION(); if (this.settings.HideMainWindow) startup.Desktop = DesktopName; if (!WinAPI.CreateProcess(null, this.debuggeePath + " " + this.ProcessArguments, IntPtr.Zero, IntPtr.Zero, false, (DEBUG_PROCESS | CREATE_DEFAULT_ERROR_MODE | CREATE_NEW_CONSOLE | CREATE_NEW_PROCESS_GROUP), IntPtr.Zero, null, ref startup, ref procInfo)) throw new Exception("Error creating the process"); this.debuggee = Process.GetProcessById(procInfo.ProcessId); this.debuggee.PriorityClass = ProcessPriorityClass.RealTime; this.ErrorInformation.Append("Debuggee: " + this.debuggee.ProcessName + "\r\n"); this.ErrorInformation.Append("ProcessID: " + this.debuggee.Id.ToString() + "\r\n"); if (!WinAPI.CloseHandle(procInfo.Thread)) throw new Exception("Error closing handle to created thread"); if (!WinAPI.CloseHandle(procInfo.Process)) throw new Exception("Error closing handle to created process"); this.CheckProcessArchitecture(); this.MainDebuggerLoop(); }
private void uxApply_Click(object sender, RoutedEventArgs e) { try { if (uxClientPath.Text == string.Empty || !uxClientPath.Text.Contains(".exe")) { MessageBox.Show("Client path is not valid."); return; } if (uxIP.Text.Equals(string.Empty)) { MessageBox.Show("IP is not valid."); return; } ushort port; if (uxPort.Text.Equals(string.Empty) || !ushort.TryParse(uxPort.Text, out port)) { MessageBox.Show("Port is not valid."); return; } Environment.CurrentDirectory = uxClientPath.Text.Replace("Tibia.exe", ""); Process process = Process.Start(uxClientPath.Text); process.WaitForInputIdle(); while (process.MainWindowHandle == IntPtr.Zero) { process.Refresh(); Thread.Sleep(5); } var version = FileVersionInfo.GetVersionInfo(uxClientPath.Text).FileVersion; if (version == "1, 0, 0, 1") { version = "7.0.0"; } var versionNumber = int.Parse(version.Replace(".", "")); var baseAddress = (uint)process.MainModule.BaseAddress.ToInt32(); var processHandle = WinAPI.OpenProcess((WinAPI.PROCESS_VM_READ | WinAPI.PROCESS_VM_WRITE | WinAPI.PROCESS_VM_OPERATION), 0, (uint)process.Id); var buffer = Memory.ReadBytes(processHandle, baseAddress, (uint)process.MainModule.ModuleMemorySize); uint loginServerStart = 0; if (versionNumber >= 10110) { loginServerStart = Memory.ScanBytes(buffer, Constants.LoginServerArrayCurrent) + baseAddress; loginServerStart = Memory.ReadUInt32(processHandle, loginServerStart - Constants.LoginServerStartOffsetCurrent) - baseAddress; } else if (versionNumber >= 800) { loginServerStart = Memory.ScanBytes(buffer, Constants.LoginServerArrayPre10110) + baseAddress; loginServerStart = Memory.ReadUInt32(processHandle, loginServerStart + Constants.LoginServerStartOffsetPre10110) - baseAddress; } else { loginServerStart = Memory.ScanBytes(buffer, Constants.LoginServerArrayPre8000) + baseAddress; loginServerStart = Memory.ReadUInt32(processHandle, loginServerStart + Constants.LoginServerStartOffsetPre8000) - baseAddress; } uint loginServerEnd = 0; uint loginServerStep = 0; uint loginServerHostnamePtrOffset = 0; uint loginServerIpPtrOffset = 0; uint loginServerPortOffset = 0; uint loginServerCount = 0; if (versionNumber >= 10500) { loginServerEnd = loginServerStart + 0x04; loginServerStep = 0x30; loginServerHostnamePtrOffset = 0x04; loginServerIpPtrOffset = 0x1C; loginServerPortOffset = 0x28; } else if (versionNumber >= 10110) { loginServerEnd = loginServerStart + 0x04; loginServerStep = 0x38; loginServerHostnamePtrOffset = 0x04; loginServerIpPtrOffset = 0x20; loginServerPortOffset = 0x30; loginServerCount = 0x0A; } else if (versionNumber >= 800) { loginServerStep = 0x70; loginServerPortOffset = 0x64; loginServerCount = 0x0A; } else { loginServerStep = 0x70; loginServerPortOffset = 0x64; loginServerCount = 0x04; } uint rsaKey = 0; if (versionNumber >= 861) { rsaKey = Memory.ScanString(buffer, Constants.RsaKeyCurrent); } else if (versionNumber >= 772) { rsaKey = Memory.ScanString(buffer, Constants.RsaKeyOld); } process.Kill(); var pi = new WinAPI.PROCESS_INFORMATION(); var si = new WinAPI.STARTUPINFO(); if (!WinAPI.CreateProcess(uxClientPath.Text, " ", IntPtr.Zero, IntPtr.Zero, false, WinAPI.CREATE_SUSPENDED, IntPtr.Zero, System.IO.Path.GetDirectoryName(uxClientPath.Text), ref si, out pi)) { return; } processHandle = pi.hProcess; process = Process.GetProcessById(Convert.ToInt32(pi.dwProcessId)); baseAddress = (uint)WinAPI.GetBaseAddress(processHandle).ToInt32(); WinAPI.ResumeThread(pi.hThread); process.WaitForInputIdle(); WinAPI.CloseHandle(pi.hThread); while (process.MainWindowHandle == IntPtr.Zero) { process.Refresh(); Thread.Sleep(5); } var resolvedIp = uxIP.Text; IPAddress ipa; if (!IPAddress.TryParse(uxIP.Text, out ipa)) { IPAddress[] addressList = Dns.GetHostEntry(uxIP.Text).AddressList; if (addressList.Length > 0) { resolvedIp = addressList[0].ToString(); } } if (versionNumber >= 10110) { uint loginStart = Memory.ReadUInt32(processHandle, loginServerStart + baseAddress); uint loginEnd = Memory.ReadUInt32(processHandle, loginServerEnd + baseAddress); for (uint loginServer = loginStart; loginServer < loginEnd; loginServer += loginServerStep) { uint ipAddress = Memory.ReadUInt32(processHandle, loginServer + loginServerIpPtrOffset); Memory.WriteInt32(processHandle, ipAddress, 0); uint hostAddress = Memory.ReadUInt32(processHandle, loginServer + loginServerHostnamePtrOffset); Memory.WriteString(processHandle, hostAddress, resolvedIp); uint portAddress = loginServer + loginServerPortOffset; var portValue = BitConverter.ToUInt16(Memory.ReadBytes(processHandle, portAddress, 2), 0); Memory.WriteUInt16(processHandle, portAddress, port); } } else { uint loginServer = loginServerStart + baseAddress; for (int i = 0; i < loginServerCount; ++i) { Memory.WriteString(processHandle, loginServer, resolvedIp); Memory.WriteUInt16(processHandle, loginServer + loginServerPortOffset, port); loginServer += loginServerStep; } } if (versionNumber >= 772) { Memory.WriteRsa(processHandle, (rsaKey + baseAddress), Constants.RsaKeyOpenTibia); } } catch (Exception ex) { throw ex; } }