private IntPtr Inject_SkyrimVR() { int len = 6; int data_offset = 0x100; byte[] bytes_program = { 0x48, 0x8B, 0xF2, //mov rsi,rdx <-newmem 0x48, 0x8B, 0x39, //mov rdi,[rcx] 0x51, 0x50, 0x48, 0xB8, 0x00, 0x00, 0xEC, 0x4E, 0xF7, 0x7F, 0x00, 0x00, //mov rax,SkyrimSE.exe SkyrimSE.exe 0x48, 0x05, 0x68, 0x96, 0xF8, 0x01, // 1st offset 0x48, 0x8B, 0x00, //mov rax,[rax] 0x48, 0x05, 0xD0, 0x00, 0x00, 0x00, // 2th offset 0x48, 0x8B, 0x00, //mov rax,[rax] 0x48, 0x83, 0xC0, 0x08, // 3th offset 0x48, 0x8B, 0x00, //mov rax,[rax] 0x48, 0x05, 0xA8, 0x01, 0x00, 0x00, // 4th offset 0x48, 0x8B, 0x00, //mov rax,[rax] 0x48, 0x05, 0x90, 0x00, 0x00, 0x00, // 5tffset 0x48, 0x8B, 0x00, //mov rax,[rax] 0x48, 0x83, 0xC0, 0x68, // 6tffset 0x4C, 0x39, 0xF0, 0x0F, 0x85, 0x39, 0x00, 0x00, 0x00, //jne finishUp 0x48, 0xB8, 0x8A, 0x00, 0xEB, 0xC4, 0xF7, 0x7F, 0x00, 0x00, //mov rax,randomData randomData 0x48, 0x05, 0xF0, 0x00, 0x00, 0x00, 0x48, 0x83, 0xC0, 0x10, // <-increaseArray 0x48, 0x39, 0x38, 0x0F, 0x84, 0x0E, 0x00, 0x00, 0x00, //je countUoArrayItem 0x83, 0x38, 0x00, 0x0F, 0x84, 0x02, 0x00, 0x00, 0x00, //je createNewArrayItem 0xEB, 0xE8, //jmp increaseArray <-createNewArrayItem 0x48, 0x89, 0x38, // <-countUpArrayItem 0x48, 0x83, 0xC0, 0x08, 0x48, 0x8B, 0x08, 0x48, 0x83, 0xC1, 0x01, 0x48, 0x89, 0x08, 0x58, //pop rax <-finishUp 0x59, //pop rcx 0xE9, 0x28, 0x1C, 0x1B, 0x00 //jmp INJECT INJECT // <-randomData }; AOB_Scanner.AOB_Scanner aob_scanner = new AOB_Scanner.AOB_Scanner(memory.process, memory.ProcessHandle, "48 8B C4 57 48 81 EC 40 01 00 00 48 C7 44 24 20 FE FF FF FF 48 89 58 10 48 89 70 18"); aob_scanner.setModule(memory.process.MainModule); IntPtr ptr_inject = (IntPtr)aob_scanner.FindPattern(); if (ptr_inject == IntPtr.Zero) { Notification_Message?.Invoke(this, new StringArg("Could not inject, did the game load past the main menu?")); return(IntPtr.Zero); } ptr_inject += 0x1C; //check if we already injected code byte b = memory.ReadByte(ptr_inject); if (b == 0xE9) { Notification_Message?.Invoke(this, new StringArg("Skipping injection (already injected)")); return((IntPtr)((long)memory.ReadInt32(ptr_inject + 0x1) + (long)ptr_inject) + 5 + bytes_program.Length + data_offset); } IntPtr ptr_functon = memory.AllocateMemory(10000, ptr_inject); IntPtr ptr_data = ptr_functon + bytes_program.Length; byte[] bytes = new byte[10000]; //write program Array.Copy(bytes_program, bytes, bytes_program.Length); ////////////////////////////////////////// /// Replace long jumps in the program ////////////////////////////////////////// //replace SkyrimSE.exe byte[] bytes_ptr_baseAddress = BitConverter.GetBytes((ulong)memory.process.MainModule.BaseAddress); for (int i = 0; i < 8; i++) { bytes[0x0A + i] = bytes_ptr_baseAddress[i]; } //replace randomData byte[] bytes_ptr_data = BitConverter.GetBytes((ulong)ptr_data); for (int i = 0; i < 8; i++) { bytes[0x4C + i] = bytes_ptr_data[i]; } //replace INJECT byte[] bytes_ptr_return = BitConverter.GetBytes((ulong)ptr_inject + (ulong)len - (ulong)ptr_functon - (ulong)0x8A); for (int i = 0; i < 4; i++) { bytes[0x86 + i] = bytes_ptr_return[i]; } memory.WriteBytes(ptr_functon, bytes); memory.Hook(ptr_inject, ptr_functon, len, true); return(ptr_data + data_offset); }
private IntPtr Inject_TESV() { int len = 5; int data_offset = 0x100; byte[] bytes_program = { 0x8B, 0xF0, 0x50, 0xB8, 0xA6, 0x00, 0xF1, 0x01, 0x83, 0xC0, 0x50, 0x89, 0x08, 0x8B, 0xC8, 0x83, 0xC1, 0x08, 0x58, 0x89, 0x01, 0x83, 0xC1, 0x08, 0x89, 0x11, 0x83, 0xC1, 0x08, 0x58, 0x89, 0x01, 0x83, 0xC1, 0x08, 0x58, 0x89, 0x01, 0x58, 0x8B, 0xD0, 0x50, 0x8B, 0x01, 0x50, 0x83, 0xE9, 0x08, 0x8B, 0x01, 0x50, 0x83, 0xE9, 0x08, 0xFF, 0x31, 0x83, 0xE9, 0x08, 0xFF, 0x31, 0x83, 0xE9, 0x08, 0xFF, 0x31, 0xB8, 0x00, 0x00, 0x40, 0x00, 0x05, 0x3C, 0x06, 0xF1, 0x00, 0x8B, 0x00, 0x83, 0xC0, 0x74, 0x8B, 0x00, 0x83, 0xC0, 0x04, 0x8B, 0x00, 0x05, 0x00, 0x01, 0x00, 0x00, 0x8B, 0x00, 0x83, 0xC0, 0x10, 0x8B, 0x00, 0x83, 0xC0, 0x38, 0x39, 0xC2, 0x0F, 0x85, 0x2C, 0x00, 0x00, 0x00, 0xB8, 0xA6, 0x00, 0xF1, 0x01, 0x05, 0xF0, 0x00, 0x00, 0x00, 0x83, 0xC0, 0x10, 0x39, 0x38, 0x0F, 0x84, 0x0D, 0x00, 0x00, 0x00, 0x83, 0x38, 0x00, 0x0F, 0x84, 0x02, 0x00, 0x00, 0x00, 0xEB, 0xEA, 0x89, 0x38, 0x83, 0xC0, 0x08, 0x8B, 0x18, 0x83, 0xC3, 0x01, 0x89, 0x18, 0x5A, 0x58, 0x58, 0x83, 0xFE, 0x04, 0xE9, 0x00, 0x00, 0x00, 0x00 }; AOB_Scanner.AOB_Scanner aob_scanner = new AOB_Scanner.AOB_Scanner(memory.process, memory.ProcessHandle, "8B 44 24 04 81 EC 08 01 00 00 53 56 57 8B 38 8B C7 32 DB 8D 50 01 8A 08 40 84 C9 75 F9 2B C2"); aob_scanner.setModule(memory.process.MainModule); IntPtr ptr_inject = (IntPtr)aob_scanner.FindPattern(); if (ptr_inject == IntPtr.Zero) { Error_Message?.Invoke(this, new StringArg("Could not inject, did the game load past the main menu?")); return(IntPtr.Zero); } ptr_inject += 0x1f; //check if we already injected code byte b = memory.ReadByte(ptr_inject); if (b == 0xE9) { Notification_Message?.Invoke(this, new StringArg("Skipping injection (already injected)")); return((IntPtr)((long)memory.ReadInt32(ptr_inject + 0x1) + (long)ptr_inject) + 5 + bytes_program.Length + data_offset); } IntPtr ptr_functon = memory.AllocateMemory(10000); IntPtr ptr_data = ptr_functon + 0xA6; byte[] bytes = new byte[10000]; //write program Array.Copy(bytes_program, bytes, bytes_program.Length); //some parts in the program are static addresses that need to be overwriten byte[] bytes_ptr_data = BitConverter.GetBytes((ulong)ptr_data); for (int i = 0; i < 4; i++) { bytes[4 + i] = bytes_ptr_data[i]; } for (int i = 0; i < 4; i++) { bytes[112 + i] = bytes_ptr_data[i]; } byte[] bytes_ptr_return = BitConverter.GetBytes((ulong)ptr_inject - (ulong)bytes_program.Length + (ulong)len - (ulong)ptr_functon); for (int i = 0; i < 4; i++) { bytes[162 + i] = bytes_ptr_return[i]; } memory.WriteBytes(ptr_functon, bytes); memory.Hook(ptr_inject, ptr_functon, len); return(ptr_data + 0x100); }