protected override void BuildCustomRemoteCode(X86Writer w, MemoryStream ms)
{
RecordedValueHandle?.Dispose();
RecordedValueHandle = new SafeRemoteHandle(sizeof(int));
//Move address in Register into the value of RecordedValueHandle
//
// e.g. with RecordedValueHandle = 7777 and Register = X86Register32.EAX:
// mov [7777],eax
w.Mov32(new X86Address(X86Register32.None, RecordedValueHandle.GetHandle().ToInt32()), Register);
}
void DbgNodeRestore()
{
SafeRemoteHandle DbgMenuManFix_ = new SafeRemoteHandle(0x1000);
SafeRemoteHandle DbgMenuManGetNode_ = new SafeRemoteHandle(0x10);
IntPtr DbgMenuManFix = DbgMenuManFix_.GetHandle();
IntPtr DbgMenuManGetNode = DbgMenuManGetNode_.GetHandle();
var c = new Assembler(64);
c.jmp(0x140152b00);
var stream = new MemoryStream();
c.Assemble(new StreamCodeWriter(stream), (ulong)0x140152af0);
Hook.WBytes(0x140152af0, stream.ToArray());
c = new Assembler(64);
c.jmp((ulong)DbgMenuManGetNode);
stream = new MemoryStream();
c.Assemble(new StreamCodeWriter(stream), (ulong)0x140152b00);
Hook.WBytes(0x140152b00, stream.ToArray());
c = new Assembler(64);
Label SkipDbgMenuManGetNode = c.CreateLabel();
c.mov(rax, 0x141c04cc8);
c.mov(rax, __[rax]);
c.cmp(rax, 0);
c.je(SkipDbgMenuManGetNode);
c.mov(rax, __[rax + 8]);
c.Label(ref SkipDbgMenuManGetNode);
c.ret();
stream = new MemoryStream();
c.Assemble(new StreamCodeWriter(stream), (ulong)DbgMenuManGetNode);
Hook.WBytes(DbgMenuManGetNode, stream.ToArray());
c = new Assembler(64);
c.jmp((ulong)DbgMenuManFix);
stream = new MemoryStream();
c.Assemble(new StreamCodeWriter(stream), (ulong)0x140152a38);
Hook.WBytes(0x140152a38, stream.ToArray());
c = new Assembler(64);
c.mov(rcx, 0x1414acd70);
c.call(0x140466aa0);
c.mov(rcx, 0x141c04cc8);
c.mov(rcx, __[rcx]);
c.mov(__[rcx + 8], rax);
c.add(rsp, 0x28);
c.ret();
stream = new MemoryStream();
c.Assemble(new StreamCodeWriter(stream), (ulong)DbgMenuManFix);
Hook.WBytes(DbgMenuManFix, stream.ToArray());
}
public CodeHookBase(IntPtr originalLocalCodeStart, int originalLocalCodeLength, int customLocalCodeAllocSize, bool originalCodeAtEnd = false, byte[] specificOriginalCode = null)
{
OriginalLocalCodeStartOffset = originalLocalCodeStart;
OriginalLocalCodeLength = originalLocalCodeLength;
CustomLocalCodeAllocSize = customLocalCodeAllocSize;
OriginalCodeAtEnd = originalCodeAtEnd;
CustomRemoteCodeHandle = new SafeRemoteHandle(CustomLocalCodeAllocSize);
if (specificOriginalCode != null)
{
OriginalLocalCode = specificOriginalCode;
}
_buildAsmArrays();
}
private void CompletelyReInitializeAndInjectCodeInNewLocation()
{
UndoCodeInjection();
CodeHandle?.Dispose();
CodeHandle = new SafeRemoteHandle(FUNCTION_CALL_ASM_BUFFER_SIZE);
}
private int SquashIntoDword(ref List <SafeRemoteHandle> allocPtrList, dynamic arg)
{
Type typ = arg.GetType();
Buffer_SquashIntoDwordResult.Int1 = 0;
if (arg is int)
{
Buffer_SquashIntoDwordResult = (int)arg;
}
else if (arg is bool)
{
Buffer_SquashIntoDwordResult = (bool)arg;
}
else if (arg is float)
{
Buffer_SquashIntoDwordResult = (float)arg;
}
else if (arg is uint)
{
Buffer_SquashIntoDwordResult = (uint)arg;
}
else if (arg is short)
{
Buffer_SquashIntoDwordResult = (short)arg;
}
else if (arg is ushort)
{
Buffer_SquashIntoDwordResult = (ushort)arg;
}
else if (arg is byte)
{
Buffer_SquashIntoDwordResult = (byte)arg;
}
else if (arg is string argStr)
{
var hand = new SafeRemoteHandle((argStr.Length + 1) * 2);
var handVal = hand.GetHandle();
Hook.WUnicodeStr((IntPtr)handVal, argStr);
allocPtrList.Add(hand);
Buffer_SquashIntoDwordResult = (uint)handVal;
}
else if (arg is IntPtr)
{
Buffer_SquashIntoDwordResult.Int1 = ((IntPtr)arg).ToInt32();
}
else
{
var size = Marshal.SizeOf(arg);
if (size <= INT32_SIZE)
{
IntPtr ptrToArg = Marshal.AllocHGlobal(size);
//Allocate a place for our arg
try
{
Marshal.StructureToPtr(arg, ptrToArg, true); //Move arg to where that pointer points
byte[] argByt = new byte[size]; //Make a new byte array the size of the arg
Marshal.Copy(ptrToArg, argByt, 0, size); //Copy bytes from [ptrToArg] to argByt
Buffer_SquashIntoDwordResult.SetBytes(argByt);
}
catch (Exception ex)
{
throw ex;
}
finally
{
Marshal.FreeHGlobal(ptrToArg);
}
}
else
{
//Allocate a place for our arg
IntPtr ptrToArg = Marshal.AllocHGlobal(size);
try
{
var hand = new SafeRemoteHandle(size);
var unmanagedArg = new SafeMarshalledHandle(arg);
hand.MemPatch(unmanagedArg);
allocPtrList.Add(hand);
Buffer_SquashIntoDwordResult = unmanagedArg.GetHandle().ToInt32();
if (unmanagedArg != null)
{
unmanagedArg.Close();
unmanagedArg.Dispose();
unmanagedArg = null;
}
//##### OLD METHOD: #####
//Move arg to where that pointer points
//Marshal.StructureToPtr(arg, ptrToArg, True)
//'Make a new byte array the size of the arg
//Dim argByt(size - 1) As Byte
//'Copy bytes from where we just moved that object to, over to our byte array
//Marshal.Copy(ptrToArg, argByt, 0, size)
//' > argByt NOW CONTAINS ARG AS BYTES <
//Dim ingamePtrToArg As New IngameAllocatedPtr(size)
//WriteProcessMemory(CurrentProcessHandle, ingamePtrToArg.Address, argByt, size, New Integer())
//allocPtrList.Add(ingamePtrToArg)
//Return ingamePtrToArg.Address
}
catch (Exception ex)
{
throw ex;
//We mainly here for dat Finally my boi
}
finally
{
Marshal.FreeHGlobal(ptrToArg);
}
}
}
return(Buffer_SquashIntoDwordResult.Int1);
}