/// <summary>
/// Инжект движения
/// </summary>
/// <param name="processID"></param>
/// <param name="X"></param>
/// <param name="Y"></param>
/// <param name="Z"></param>
/// <param name="fly_mode"></param>
public static void WalkTo(IntPtr oph, float X, float Y, float Z, int walk)
{
try
{
//так как при walk_mode=2 надо инжектить значение 1
int walk_mode = 1;
if (walk == 0)
{
walk_mode = 0;
}
// ---- Создаем скелет пакета для инжектирования
#region my_inject
byte[] walk_packet =
{
0x60, //pushad
0xB8, /*2*/ 0x00,0x00, 0x00, 0x00, //mov eax, BA
0x8B, 0x00, //mox eax, dword ptr [eax]
0x8B, 0x40, 0x1c, //mov eax, dword ptr[eax + 1C]
0x8B, 0x78, 0x34, //mov edi, dword ptr[eax + 0x34]
0x8B, 0x8F, 0xC4, 0x15, 0x00, 0x00, //mov ecx, dword ptr[edi + 0x154C]
0x6A, 0x01, //push 1
0xB8, /*23*/ 0x00,0x00, 0x00, 0x00, //mov eax, action_1
0xFF, 0xD0, //call eax
0x8D, 0x54, 0x24, 0x1C, //lea edx, dword ptr[esp + 0x1C]
0x8B, 0xD8, //mov ebx, eax
0x52, //push edx
0x68, /*37*/ 0x00,0x00, 0x00, 0x00, //push walk_mode
0x8B, 0xCB, //mov ecx, ebx
0xB8, /*44*/ 0x00,0x00, 0x00, 0x00, //mov eax, action_2
0xFF, 0xD0, //call eax
0x8B, 0x8F, 0xC4, 0x15, 0x00, 0x00, //mov ecx, dword ptr [edi + 0x154C]
0xB8, /*57*/ 0x00,0x00, 0x00, 0x00, //mov eax, x
0x89, 0x43, 0x20, //mov dword ptr[ebx + 0x20], eax
0xB8, /*65*/ 0x00,0x00, 0x00, 0x00, //mov eax, z
0x89, 0x43, 0x24, //mov dword ptr[ebx + 0x24], eax
0xB8, /*73*/ 0x00,0x00, 0x00, 0x00, //mov eax, y
0x89, 0x43, 0x28, //mov dword ptr[ebx + 0x28], eax
0x6A, 0x00, //push 0
0x53, //push ebx
0x6A, 0x01, //push 1
0xB8, /*86*/ 0x00,0x00, 0x00, 0x00, //mov eax, action_2
0xFF, 0xD0, //call eax
0x61, //popad
0xC3 //ret
};
#endregion
// ---- пишем BA
Buffer.BlockCopy(BitConverter.GetBytes(Offsets.BaseAdress), 0, walk_packet, 2, 4);
// ---- пишем Action_1, Action_2, Action_3
Buffer.BlockCopy(BitConverter.GetBytes(Offsets.Action_1), 0, walk_packet, 23, 4);
Buffer.BlockCopy(BitConverter.GetBytes(Offsets.Action_2), 0, walk_packet, 44, 4);
Buffer.BlockCopy(BitConverter.GetBytes(Offsets.Action_3), 0, walk_packet, 86, 4);
// ---- пишем walk_mode
Buffer.BlockCopy(BitConverter.GetBytes(walk_mode), 0, walk_packet, 37, 4);
// ---- пишем X, Y, Z
Buffer.BlockCopy(BitConverter.GetBytes(X), 0, walk_packet, 57, 4);
Buffer.BlockCopy(BitConverter.GetBytes(Z * 2), 0, walk_packet, 65, 4);
Buffer.BlockCopy(BitConverter.GetBytes(Y), 0, walk_packet, 73, 4);
// ---- временные переменные
int lpNumberOfBytesWritten = 0;
IntPtr lpThreadId;
// ---- выделяем место в памяти
IntPtr walk_address = WinApi.VirtualAllocEx(oph, IntPtr.Zero, walk_packet.Length, WinApi.AllocationType.Commit, WinApi.MemoryProtection.ReadWrite);
// ---- записываем в выделенную память наш пакет
WinApi.WriteProcessMemory(oph, (int)walk_address, walk_packet, walk_packet.Length, out lpNumberOfBytesWritten);
// ---- запускаем записанную в память функцию
IntPtr hProcThread = WinApi.CreateRemoteThread(oph, IntPtr.Zero, 0, walk_address, IntPtr.Zero, 0, out lpThreadId);
// ---- Ожидаем завершения функции
WinApi.WaitForSingleObject(hProcThread, WinApi.INFINITE);
// ---- подчищаем за собой
WinApi.VirtualFreeEx(oph, walk_address, walk_packet.Length, WinApi.FreeType.Release);
WinApi.VirtualFreeEx(oph, hProcThread, walk_packet.Length, WinApi.FreeType.Release);
}
catch (Exception ex)
{
throw ex;
}
}
