public static void Start()
{
while (true)
{
Thread.Sleep(1);
if (!Properties.Settings.Default.bhop)
{
continue;
}
if (!LocalPlayer.InGame)
{
continue;
}
if (LocalPlayer.Health <= 0)
{
continue;
}
if (LocalPlayer.Speed <= 0)
{
continue;
}
Vector3 oldAngle = LocalPlayer.ViewAngle;
while ((DllImport.GetAsyncKeyState(0x20) & 0x8000) != 0)
{
Thread.Sleep(1);
if (Properties.Settings.Default.autostrafe)
{
strafe = true;
Vector3 cuurentAngle = LocalPlayer.ViewAngle;
if (cuurentAngle.y > oldAngle.y)
{
LocalPlayer.MoveLeft();
}
else if (cuurentAngle.y < oldAngle.y)
{
LocalPlayer.MoveRight();
}
}
if (LocalPlayer.Flags == 257 || LocalPlayer.Flags == 263)
{
if (rnd.Next(100) < Properties.Settings.Default.bhopChoke)
{
Thread.Sleep(20);
}
LocalPlayer.Jump();
}
oldAngle = LocalPlayer.ViewAngle;
}
if (strafe)
{
LocalPlayer.MoveClearY();
strafe = false;
}
}
}
public static void Start()
{
while (Properties.Settings.Default.aimbot)
{
Thread.Sleep(1);
if (!LocalPlayer.InGame)
{
continue;
}
if (LocalPlayer.Health <= 0)
{
continue;
}
if (LocalPlayer.Dormant)
{
continue;
}
if (!((DllImport.GetAsyncKeyState(0x01) & 0x8000) != 0))
{
continue;
}
Entity target = BestFOV(Properties.Settings.Default.fov, Properties.Settings.Default.boneid);
if (target.Index == -1)
{
continue;
}
LocalPlayer.ViewAngle = NormalizedAngle(Smooth(LocalPlayer.ViewAngle, RSC(CalcAngle(LocalPlayer.ViewPosition, target.BonePosition(Properties.Settings.Default.boneid)))));
}
}
public IntPtr DXScreen()
{
var MEmus = DllImport.GetAllChildrenWindowHandles(IntPtr.Zero, "Qt5QWindowIcon", null, 10);
if (MEmus != null && MEmus.Count > 0)
{
foreach (var memu in MEmus)
{
IntPtr MEmu = memu;
if (DllImport.GetAllChildrenWindowHandles(MEmu, "Qt5QWindowIcon", null, 5).Count < 1)
{
MEmu = DllImport.GetParent(MEmu);
}
var MainWindowWindow = DllImport.FindWindowEx(MEmu, IntPtr.Zero, null, "MainWindowWindow");
if (MainWindowWindow != null && MainWindowWindow != IntPtr.Zero)
{
var CenterWidgetWindow = DllImport.FindWindowEx(MainWindowWindow, IntPtr.Zero, null, "CenterWidgetWindow");
if (CenterWidgetWindow != null && CenterWidgetWindow != IntPtr.Zero)
{
var RenderWindowWindow = DllImport.FindWindowEx(CenterWidgetWindow, IntPtr.Zero, null, "RenderWindowWindow");
if (RenderWindowWindow != null && RenderWindowWindow != IntPtr.Zero)
{
var sub = DllImport.FindWindowEx(RenderWindowWindow, IntPtr.Zero, null, "sub");
if (sub != null && sub != IntPtr.Zero)
{
return(sub);
}
}
}
}
}
}
return(IntPtr.Zero);
}
[PlatformSpecific(TestPlatforms.Windows)] // ThreadPoolBoundHandle.BindHandle is not supported on Unix
public unsafe void SingleOperationOverSingleHandle()
{
const int DATA_SIZE = 2;
SafeHandle handle = HandleFactory.CreateAsyncFileHandleForWrite(Path.Combine(TestDirectory, @"SingleOverlappedOverSingleHandle.tmp"));
ThreadPoolBoundHandle boundHandle = ThreadPoolBoundHandle.BindHandle(handle);
OverlappedContext result = new OverlappedContext();
byte[] data = new byte[DATA_SIZE];
data[0] = (byte)'A';
data[1] = (byte)'B';
NativeOverlapped *overlapped = boundHandle.AllocateNativeOverlapped(OnOverlappedOperationCompleted, result, data);
fixed(byte *p = data)
{
int retval = DllImport.WriteFile(boundHandle.Handle, p, DATA_SIZE, IntPtr.Zero, overlapped);
if (retval == 0)
{
Assert.Equal(DllImport.ERROR_IO_PENDING, Marshal.GetLastWin32Error());
}
// Wait for overlapped operation to complete
result.Event.WaitOne();
}
boundHandle.FreeNativeOverlapped(overlapped);
boundHandle.Dispose();
handle.Dispose();
Assert.Equal(0, result.ErrorCode);
Assert.Equal(DATA_SIZE, result.BytesWritten);
}
public static void Start()
{
while (true)
{
Thread.Sleep(50);
if (!Properties.Settings.Default.doorspammer)
{
continue;
}
if (!LocalPlayer.InGame)
{
continue;
}
if (LocalPlayer.Health <= 0)
{
continue;
}
while ((DllImport.GetAsyncKeyState(Properties.Hotkey.Default.doorspammerKey) & 0x8000) != 0)
{
LocalPlayer.Use = 5;
Thread.Sleep(13);
LocalPlayer.Use = 4;
Thread.Sleep(13);
}
}
}
public static void Start()
{
while (true)
{
Thread.Sleep(50);
if (!Properties.Settings.Default.doorspammer)
{
continue;
}
if (!LocalPlayer.InGame)
{
continue;
}
if (LocalPlayer.Health <= 0)
{
continue;
}
while ((DllImport.GetAsyncKeyState(Properties.Hotkey.Default.doorspammerKey) & 0x8000) != 0)
{
ClientCMD.Exec("+use"); // I did not add this to LocalPlayer to avoid delay. But i dont try, maybe this will not happen lol
Thread.Sleep(15);
ClientCMD.Exec("-use");
Thread.Sleep(15);
}
}
}
public static void Start() //disabled
{
while (true)
{
Thread.Sleep(1);
if (!Properties.Settings.Default.runboostbot)
{
continue;
}
if (!LocalPlayer.InGame)
{
continue;
}
if (LocalPlayer.Health <= 0)
{
continue;
}
if (LocalPlayer.Dormant)
{
continue;
}
Entity target = null;
while ((DllImport.GetAsyncKeyState(Properties.Hotkey.Default.runboostbotKey) & 0x8000) != 0)
{
Thread.Sleep(1);
if (target == null)
{
target = Aimbot.BestDistance();
}
boosting = true;
Vector3 position = target.Position;
if (target.Speed <= 0)
{
LocalPlayer.MoveClearX();
}
else
{
LocalPlayer.ViewAngleY = Aimbot.NormalizedAngle(Aimbot.CalcAngle(LocalPlayer.ViewPosition, position)).y;
LocalPlayer.MoveForward();
}
}
if (boosting)
{
LocalPlayer.MoveClearX();
boosting = false;
}
}
}
private static unsafe Win32Handle CreateHandle(bool async, string fileName)
{
Win32Handle handle;
#if !uap
handle = DllImport.CreateFile(
fileName,
DllImport.FileAccess.GenericWrite,
DllImport.FileShare.Write,
IntPtr.Zero,
DllImport.CreationDisposition.CreateAlways,
async ? DllImport.FileAttributes.Overlapped : DllImport.FileAttributes.Normal,
IntPtr.Zero);
#else
var p = new DllImport.CREATEFILE2_EXTENDED_PARAMETERS();
p.dwSize = (uint)sizeof(DllImport.CREATEFILE2_EXTENDED_PARAMETERS);
p.dwFileAttributes = DllImport.FileAttributes.Normal;
p.dwFileFlags = async ? DllImport.FileAttributes.Overlapped : DllImport.FileAttributes.Normal;
p.dwSecurityQosFlags = (uint)0;
p.lpSecurityAttributes = IntPtr.Zero;
p.hTemplateFile = IntPtr.Zero;
handle = DllImport.CreateFile2(
fileName,
DllImport.FileAccess.GenericWrite,
DllImport.FileShare.Write,
DllImport.CreationDisposition.CreateAlways,
&p);
#endif
if (!handle.IsInvalid)
{
return handle;
}
int errorCode = Marshal.GetLastWin32Error();
string filePath = Path.GetFullPath(fileName);
string message =
$"CreateFile or CreateFile2 failed (error code {errorCode}): {new Win32Exception(errorCode).Message}{Environment.NewLine}" +
$" File name: {fileName}{Environment.NewLine}" +
$" File path: {filePath}{Environment.NewLine}";
if (Directory.Exists(Path.GetDirectoryName(filePath)))
{
try
{
File.WriteAllText(filePath, string.Empty);
message += " Successfully wrote to the file.";
}
catch (Exception ex)
{
message += $" Failed to write to the file: {ex}";
}
}
else
{
message += $" Directory does not exist.";
}
throw new IOException(message);
}
private static IntPtr SetHook(LowLevelKeyboardProc proc)
{
using (Process curProcess = Process.GetCurrentProcess())
using (ProcessModule curModule = curProcess.MainModule)
{
return(DllImport.SetWindowsHookEx((IntPtr)Consts.WH_KEYBOARD_LL, proc,
DllImport.GetModuleHandle(curModule.ModuleName), 0));
}
}
private static IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam)
{
if (nCode >= 0 && wParam == (IntPtr)Consts.WM_KEYDOWN)
{
int Code = Marshal.ReadInt32(lParam);
}
return(DllImport.CallNextHookEx(hookId, nCode, wParam, lParam));
}
[PlatformSpecific(TestPlatforms.Windows)] // ThreadPoolBoundHandle.BindHandle is not supported on Unix
public unsafe void MultipleOperationsOverSingleHandle()
{
const int DATA_SIZE = 2;
SafeHandle handle = HandleFactory.CreateAsyncFileHandleForWrite(Path.Combine(TestDirectory, @"MultipleOperationsOverSingleHandle.tmp"));
ThreadPoolBoundHandle boundHandle = ThreadPoolBoundHandle.BindHandle(handle);
OverlappedContext result1 = new OverlappedContext();
OverlappedContext result2 = new OverlappedContext();
byte[] data1 = new byte[DATA_SIZE];
data1[0] = (byte)'A';
data1[1] = (byte)'B';
byte[] data2 = new byte[DATA_SIZE];
data2[0] = (byte)'C';
data2[1] = (byte)'D';
NativeOverlapped *overlapped1 = boundHandle.AllocateNativeOverlapped(OnOverlappedOperationCompleted, result1, data1);
NativeOverlapped *overlapped2 = boundHandle.AllocateNativeOverlapped(OnOverlappedOperationCompleted, result2, data2);
fixed(byte *p1 = data1, p2 = data2)
{
int retval = DllImport.WriteFile(boundHandle.Handle, p1, DATA_SIZE, IntPtr.Zero, overlapped1);
if (retval == 0)
{
Assert.Equal(DllImport.ERROR_IO_PENDING, Marshal.GetLastWin32Error());
}
// Start the offset after the above write, so that it doesn't overwrite the previous write
overlapped2->OffsetLow = DATA_SIZE;
retval = DllImport.WriteFile(boundHandle.Handle, p2, DATA_SIZE, IntPtr.Zero, overlapped2);
if (retval == 0)
{
Assert.Equal(DllImport.ERROR_IO_PENDING, Marshal.GetLastWin32Error());
}
// Wait for overlapped operations to complete
WaitHandle.WaitAll(new WaitHandle[] { result1.Event, result2.Event });
}
boundHandle.FreeNativeOverlapped(overlapped1);
boundHandle.FreeNativeOverlapped(overlapped2);
boundHandle.Dispose();
handle.Dispose();
Assert.Equal(0, result1.ErrorCode);
Assert.Equal(0, result2.ErrorCode);
Assert.Equal(DATA_SIZE, result1.BytesWritten);
Assert.Equal(DATA_SIZE, result2.BytesWritten);
}
private void IS3MainWindow_Loaded(object sender, RoutedEventArgs e)
{
DllImport.LoadExtension();
// DllImport.LoadTools();
this.WindowState = WindowState.Maximized;
//pageTransitionControl.ShowPage(new LoginPageForMon() { IS3MainWindow=this});
//pageTransitionControl.ShowPage(new ProjectListPage() { IS3MainWindow = this });
}
private static void CurrentDomain_UnhandledException(object sender, UnhandledExceptionEventArgs e)
{
if (Variables.Proc != null)
{
DllImport.SetParent(Variables.Proc.MainWindowHandle, IntPtr.Zero);
DllImport.MoveWindow(Variables.Proc.MainWindowHandle, PrivateVariable.Instance.EmuDefaultLocation.X, PrivateVariable.Instance.EmuDefaultLocation.Y, 0, 0, true);
}
Debug_.WriteLine(e.ExceptionObject.ToString());
File.WriteAllText("error.log", e.ExceptionObject.ToString());
MessageBox.Show(e.ExceptionObject.ToString());
Environment.Exit(0);
}
private static void Application_ThreadException(object sender, System.Threading.ThreadExceptionEventArgs e)
{
if (Variables.Proc != null)
{
DllImport.SetParent(Variables.Proc.MainWindowHandle, IntPtr.Zero);
DllImport.MoveWindow(Variables.Proc.MainWindowHandle, PrivateVariable.Instance.EmuDefaultLocation.X, PrivateVariable.Instance.EmuDefaultLocation.Y, 0, 0, true);
}
Debug_.WriteLine(e.Exception + " At: " + e.Exception.Source + " At: " + e.Exception.TargetSite);
File.WriteAllText("error.log", e.Exception.ToString());
MessageBox.Show(e.Exception.Message.ToString());
Environment.Exit(0);
}
[PlatformSpecific(TestPlatforms.Windows)] // ThreadPoolBoundHandle.BindHandle is not supported on Unix
public unsafe void FlowsAsyncLocalsToCallback_PreAllocatedOverlapped(bool shouldFlow)
{
// Makes sure that we flow async locals to callback
const int DATA_SIZE = 2;
SafeHandle handle = HandleFactory.CreateAsyncFileHandleForWrite(Path.Combine(TestDirectory, @"AsyncLocal.tmp"));
ThreadPoolBoundHandle boundHandle = ThreadPoolBoundHandle.BindHandle(handle);
OverlappedContext context = new OverlappedContext();
byte[] data = new byte[DATA_SIZE];
AsyncLocal <int> asyncLocal = new AsyncLocal <int>();
asyncLocal.Value = 10;
int?result = null;
IOCompletionCallback callback = (_, __, ___) => {
result = asyncLocal.Value;
OnOverlappedOperationCompleted(_, __, ___);
};
using (PreAllocatedOverlapped preAlloc = shouldFlow ?
new PreAllocatedOverlapped(callback, context, data) :
PreAllocatedOverlapped.UnsafeCreate(callback, context, data))
{
NativeOverlapped *overlapped = boundHandle.AllocateNativeOverlapped(preAlloc);
fixed(byte *p = data)
{
int retval = DllImport.WriteFile(boundHandle.Handle, p, DATA_SIZE, IntPtr.Zero, overlapped);
if (retval == 0)
{
Assert.Equal(DllImport.ERROR_IO_PENDING, Marshal.GetLastPInvokeError());
}
// Wait for overlapped operation to complete
context.Event.WaitOne();
}
boundHandle.FreeNativeOverlapped(overlapped);
}
boundHandle.Dispose();
handle.Dispose();
Assert.Equal(
shouldFlow ? 10 : 0,
result);
}
public static void Start()
{
while (true)
{
Thread.Sleep(10);
if (!Properties.Settings.Default.perfectnade)
{
continue;
}
if (!LocalPlayer.InGame)
{
continue;
}
if (LocalPlayer.Health <= 0)
{
continue;
}
if (LocalPlayer.ViewAngle.x != -89)
{
continue;
}
if (LocalPlayer.ActiveWeapon != 44)
{
continue;
}
if (LocalPlayer.Speed > 3)
{
continue;
}
if ((DllImport.GetAsyncKeyState(0x02) & 0x8000) != 0)
{
Thread.Sleep(800);
if (!((DllImport.GetAsyncKeyState(0x02) & 0x8000) != 0))
{
continue;
}
ClientCMD.Exec("+attack");
Thread.Sleep(80);
ClientCMD.Exec("-attack2");
Thread.Sleep(1);
ClientCMD.Exec("-attack");
}
}
}
public IntPtr DXScreen()
{
var ScreenBoardClassWindow = DllImport.FindWindowEx(Variables.Proc.Handle, IntPtr.Zero, "Qt5QWindowIcon", "ScreenBoardClassWindow");
if (ScreenBoardClassWindow != null)
{
var sub = DllImport.FindWindowEx(ScreenBoardClassWindow, IntPtr.Zero, "subWin", "sub");
if (sub != null)
{
return(sub);
}
}
return(IntPtr.Zero);
}
public void ConnectEmulator()
{
string[] MEmu = { "MEmu", "逍遥模拟器" };
foreach (var p in Process.GetProcessesByName("MEmu"))
{
Debug_.WriteLine(p.MainWindowTitle);
if (MEmu.Contains(p.MainWindowTitle))
{
IntPtr handle = DllImport.FindWindowEx(p.MainWindowHandle, IntPtr.Zero, string.Empty, string.Empty);
Variables.Proc = p;
Variables.ScriptLog("Emulator ID: " + p.Id, Color.DarkGreen);
break;
}
}
}
public void ConnectEmulator()
{
IntPtr handle = DllImport.FindWindow("CHWindow", "iTools 安卓模拟器");
if (handle != null)
{
foreach (Process p in Process.GetProcessesByName("iToolsAVM"))
{
if (p.MainWindowHandle == handle)
{
Variables.Proc = p;
break;
}
}
}
}
private static unsafe Win32Handle CreateHandle(bool async, string fileName)
{
Win32Handle handle = DllImport.CreateFile(
fileName,
DllImport.FileAccess.GenericWrite,
DllImport.FileShare.Write,
IntPtr.Zero,
DllImport.CreationDisposition.CreateAlways,
async ? DllImport.FileAttributes.Overlapped : DllImport.FileAttributes.Normal,
IntPtr.Zero);
if (!handle.IsInvalid)
{
return(handle);
}
int errorCode = Marshal.GetLastWin32Error();
string filePath = Path.GetFullPath(fileName);
string message =
$"CreateFile or CreateFile2 failed (error code {errorCode}): {new Win32Exception(errorCode).Message}{Environment.NewLine}" +
$" File name: {fileName}{Environment.NewLine}" +
$" File path: {filePath}{Environment.NewLine}";
if (Directory.Exists(Path.GetDirectoryName(filePath)))
{
try
{
File.WriteAllText(filePath, string.Empty);
message += " Successfully wrote to the file.";
}
catch (Exception ex)
{
message += $" Failed to write to the file: {ex}";
}
}
else
{
message += $" Directory does not exist.";
}
throw new IOException(message);
}
private static unsafe Win32Handle CreateHandle(bool async, string fileName = null)
{
#if !uap
// Assume the current directory is writable
return(DllImport.CreateFile(fileName ?? @"Overlapped.tmp", DllImport.FileAccess.GenericWrite, DllImport.FileShare.Write, IntPtr.Zero, DllImport.CreationDisposition.CreateAlways, async ? DllImport.FileAttributes.Overlapped : DllImport.FileAttributes.Normal, IntPtr.Zero));
#else
var p = new DllImport.CREATEFILE2_EXTENDED_PARAMETERS();
p.dwSize = (uint)sizeof(DllImport.CREATEFILE2_EXTENDED_PARAMETERS);
p.dwFileAttributes = DllImport.FileAttributes.Normal;
p.dwFileFlags = async ? DllImport.FileAttributes.Overlapped : DllImport.FileAttributes.Normal;
p.dwSecurityQosFlags = (uint)0;
p.lpSecurityAttributes = IntPtr.Zero;
p.hTemplateFile = IntPtr.Zero;
return(DllImport.CreateFile2(
fileName ?? @"Overlapped.tmp",
DllImport.FileAccess.GenericWrite,
DllImport.FileShare.Write,
DllImport.CreationDisposition.CreateAlways,
&p));
#endif
}
public static void SetWakeTimer(DateTime nextwake)
{
long duetime = nextwake.ToFileTime();
using (SafeWaitHandle handle = CreateWaitableTimer(IntPtr.Zero, true, "VCBot"))
{
if (SetWaitableTimer(handle, ref duetime, 0, IntPtr.Zero, IntPtr.Zero, true))
{
Sleep();
using (EventWaitHandle wh = new EventWaitHandle(false, EventResetMode.AutoReset))
{
wh.SafeWaitHandle = handle;
wh.WaitOne();
}
}
else
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
DllImport.mouse_event(DllImport.MOUSEEVENTF_MOVE, 0, 1, 0, 0);
}
public static void Exec(string szCmd, bool highPriority = false)
{
if (Address == IntPtr.Zero)
{
Allocator Alloc = new Allocator();
Address = Alloc.Alloc(Size);
if (Address == IntPtr.Zero)
{
return;
}
}
if (szCmd.Length > 255)
{
szCmd = szCmd.Substring(0, 255);
}
var szCmd_bytes = Encoding.UTF8.GetBytes(szCmd + "\0");
Memory.WriteProcessMemory(Memory.pHandle, Address, szCmd_bytes, szCmd_bytes.Length, 0);
IntPtr Thread = DllImport.CreateRemoteThread(Memory.pHandle, (IntPtr)null, IntPtr.Zero, new IntPtr(Memory.Engine + CalcedOffsets.ClientCMD), Address, 0, (IntPtr)null);
DllImport.CloseHandle(Thread);
DllImport.WaitForSingleObject(Thread, 0xFFFFFFFF);
}
/// <summary>
/// Background processing of a single PE file.
/// It can be lengthy since there are disk access (and misses).
/// </summary>
/// <param name="NewTreeContexts"> This variable is passed as reference to be updated since this function is run in a separate thread. </param>
/// <param name="newPe"> Current PE file analyzed </param>
private void ProcessPe(Dictionary <string, ImportContext> NewTreeContexts, PE newPe)
{
List <PeImportDll> PeImports = newPe.GetImports();
Environment.SpecialFolder WindowsSystemFolder = (this.Pe.IsWow64Dll()) ?
Environment.SpecialFolder.SystemX86 :
Environment.SpecialFolder.System;
string User32Filepath = Path.Combine(Environment.GetFolderPath(WindowsSystemFolder), "user32.dll");
string MsCoreeFilepath = Path.Combine(Environment.GetFolderPath(WindowsSystemFolder), "mscoree.dll");
foreach (PeImportDll DllImport in PeImports)
{
ImportContext ImportModule = new ImportContext();
ImportModule.PeFilePath = null;
ImportModule.PeProperties = null;
ImportModule.ModuleName = DllImport.Name;
ImportModule.ApiSetModuleName = null;
ImportModule.Flags = 0;
if (DllImport.IsDelayLoad())
{
ImportModule.Flags |= ModuleFlag.DelayLoad;
}
if (NewTreeContexts.ContainsKey(DllImport.Name))
{
continue;
}
// Find Dll in "paths"
Tuple <ModuleSearchStrategy, PE> ResolvedModule = BinaryCache.ResolveModule(this.Pe, DllImport.Name, this.SxsEntriesCache);
ImportModule.ModuleLocation = ResolvedModule.Item1;
if (ImportModule.ModuleLocation != ModuleSearchStrategy.NOT_FOUND)
{
ImportModule.PeProperties = ResolvedModule.Item2;
ImportModule.PeFilePath = ResolvedModule.Item2.Filepath;
}
// special case for apiset schema
ImportModule.IsApiSet = (ImportModule.ModuleLocation == ModuleSearchStrategy.ApiSetSchema);
if (ImportModule.IsApiSet)
{
ImportModule.ApiSetModuleName = BinaryCache.LookupApiSetLibrary(DllImport.Name);
}
// add warning for appv isv applications
if (String.Compare(DllImport.Name, "AppvIsvSubsystems32.dll", StringComparison.OrdinalIgnoreCase) == 0 ||
String.Compare(DllImport.Name, "AppvIsvSubsystems64.dll", StringComparison.OrdinalIgnoreCase) == 0)
{
if (!this._DisplayWarning)
{
MessageBoxResult result = MessageBox.Show(
"This binary use the App-V containerization technology which fiddle with search directories and PATH env in ways Dependencies can't handle.\n\nFollowing results are probably not quite exact.",
"App-V ISV disclaimer"
);
this._DisplayWarning = true; // prevent the same warning window to popup several times
}
}
NewTreeContexts.Add(DllImport.Name, ImportModule);
// AppInitDlls are triggered by user32.dll, so if the binary does not import user32.dll they are not loaded.
if (ImportModule.PeFilePath == User32Filepath)
{
string AppInitRegistryKey = (this.Pe.IsWow64Dll()) ?
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows" :
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows";
int LoadAppInitDlls = (int)Registry.GetValue(AppInitRegistryKey, "LoadAppInit_DLLs", 0);
string AppInitDlls = (string)Registry.GetValue(AppInitRegistryKey, "AppInit_DLLs", "");
if ((LoadAppInitDlls != 0) && (AppInitDlls != ""))
{
// Extremely crude parser. TODO : Add support for quotes wrapped paths with spaces
foreach (var AppInitDll in AppInitDlls.Split(' '))
{
Debug.WriteLine("AppInit loading " + AppInitDll);
// Do not process twice the same imported module
if (null != PeImports.Find(module => module.Name == AppInitDll))
{
continue;
}
if (NewTreeContexts.ContainsKey(AppInitDll))
{
continue;
}
ImportContext AppInitImportModule = new ImportContext();
AppInitImportModule.PeFilePath = null;
AppInitImportModule.PeProperties = null;
AppInitImportModule.ModuleName = AppInitDll;
AppInitImportModule.ApiSetModuleName = null;
AppInitImportModule.Flags = 0;
AppInitImportModule.ModuleLocation = ModuleSearchStrategy.AppInitDLL;
Tuple <ModuleSearchStrategy, PE> ResolvedAppInitModule = BinaryCache.ResolveModule(this.Pe, AppInitDll, this.SxsEntriesCache);
if (ResolvedAppInitModule.Item1 != ModuleSearchStrategy.NOT_FOUND)
{
AppInitImportModule.PeProperties = ResolvedAppInitModule.Item2;
AppInitImportModule.PeFilePath = ResolvedAppInitModule.Item2.Filepath;
}
NewTreeContexts.Add(AppInitDll, AppInitImportModule);
}
}
}
// if mscoree.dll is imported, it means the module is a C# assembly, and we can use Mono.Cecil to enumerate its references
if (ImportModule.PeFilePath == MsCoreeFilepath)
{
var resolver = new DefaultAssemblyResolver();
resolver.AddSearchDirectory(RootFolder);
AssemblyDefinition PeAssembly = AssemblyDefinition.ReadAssembly(newPe.Filepath);
foreach (var module in PeAssembly.Modules)
{
// Process CLR referenced assemblies
foreach (var assembly in module.AssemblyReferences)
{
AssemblyDefinition definition = resolver.Resolve(assembly);
foreach (var AssemblyModule in definition.Modules)
{
Debug.WriteLine("Referenced Assembling loading " + AssemblyModule.Name + " : " + AssemblyModule.FileName);
// Do not process twice the same imported module
if (null != PeImports.Find(mod => mod.Name == Path.GetFileName(AssemblyModule.FileName)))
{
continue;
}
ImportContext AppInitImportModule = new ImportContext();
AppInitImportModule.PeFilePath = null;
AppInitImportModule.PeProperties = null;
AppInitImportModule.ModuleName = Path.GetFileName(AssemblyModule.FileName);
AppInitImportModule.ApiSetModuleName = null;
AppInitImportModule.Flags = ModuleFlag.ClrReference;
AppInitImportModule.ModuleLocation = ModuleSearchStrategy.ClrAssembly;
Tuple <ModuleSearchStrategy, PE> ResolvedAppInitModule = BinaryCache.ResolveModule(this.Pe, AssemblyModule.FileName, this.SxsEntriesCache);
if (ResolvedAppInitModule.Item1 != ModuleSearchStrategy.NOT_FOUND)
{
AppInitImportModule.PeProperties = ResolvedAppInitModule.Item2;
AppInitImportModule.PeFilePath = ResolvedAppInitModule.Item2.Filepath;
}
if (!NewTreeContexts.ContainsKey(AppInitImportModule.ModuleName))
{
NewTreeContexts.Add(AppInitImportModule.ModuleName, AppInitImportModule);
}
}
}
// Process unmanaged dlls for native calls
foreach (var UnmanagedModule in module.ModuleReferences)
{
// some clr dll have a reference to an "empty" dll
if (UnmanagedModule.Name.Length == 0)
{
continue;
}
Debug.WriteLine("Referenced module loading " + UnmanagedModule.Name);
// Do not process twice the same imported module
if (null != PeImports.Find(m => m.Name == UnmanagedModule.Name))
{
continue;
}
ImportContext AppInitImportModule = new ImportContext();
AppInitImportModule.PeFilePath = null;
AppInitImportModule.PeProperties = null;
AppInitImportModule.ModuleName = UnmanagedModule.Name;
AppInitImportModule.ApiSetModuleName = null;
AppInitImportModule.Flags = ModuleFlag.ClrReference;
AppInitImportModule.ModuleLocation = ModuleSearchStrategy.ClrAssembly;
Tuple <ModuleSearchStrategy, PE> ResolvedAppInitModule = BinaryCache.ResolveModule(this.Pe, UnmanagedModule.Name, this.SxsEntriesCache);
if (ResolvedAppInitModule.Item1 != ModuleSearchStrategy.NOT_FOUND)
{
AppInitImportModule.PeProperties = ResolvedAppInitModule.Item2;
AppInitImportModule.PeFilePath = ResolvedAppInitModule.Item2.Filepath;
}
if (!NewTreeContexts.ContainsKey(AppInitImportModule.ModuleName))
{
NewTreeContexts.Add(AppInitImportModule.ModuleName, AppInitImportModule);
}
}
}
}
}
}
public void SetImports(List <PeImportDll> Imports, PhSymbolProvider SymPrv, DependencyWindow Dependencies)
{
this.Items.Clear();
foreach (PeImportDll DllImport in Imports)
{
PE ModuleImport = Dependencies.LoadImport(DllImport.Name, null, DllImport.IsDelayLoad());
string ModuleFilepath = (ModuleImport != null) ? ModuleImport.Filepath : null;
foreach (var Import in BinaryCache.LookupImports(DllImport, ModuleFilepath))
{
this.Items.Add(new DisplayPeImport(Import.Item1, SymPrv, ModuleFilepath, Import.Item2));
}
}
}
public static void Start2()
{
while (true)
{
Thread.Sleep(1);
if (!Properties.Settings.Default.blockbot)
{
continue;
}
if (!LocalPlayer.InGame)
{
continue;
}
if (LocalPlayer.Health <= 0)
{
continue;
}
Entity target = null;
bool blocked = false;
while ((DllImport.GetAsyncKeyState(Properties.Hotkey.Default.blockbotKey) & 0x8000) != 0)
{
if (target == null)
{
target = Aimbot.BestDistance();
Memory.Write <int>(Memory.Client + signatures.dwForceRight, 5);
Memory.Write <int>(Memory.Client + signatures.dwForceForward, 5);
blocked = true;
}
if ((LocalPlayer.Position - target.BonePosition(8)).Length < 43)
{
Vector3 targetOrigin = target.Position + target.Velocity * trajFactor;
targetOrigin.z = 0;
Vector3 localOrigin = LocalPlayer.Position;
localOrigin.z = 0;
float distance = (targetOrigin - localOrigin).Length;
distance *= distanceFactor;
if (distance > 10)
{
distance = 10;
}
float angle = LocalPlayer.ViewAngle.y - Aimbot.CalcAngle(LocalPlayer.Position, target.Position).y + 360.0f;
LocalPlayer.SideSpeed = (float)Math.Sin(angle * 0.0174533) * 45 * distance;
LocalPlayer.ForwardSpeed = (float)Math.Cos(angle * 0.0174533) * 45 * distance;
}
else
{
if ((DllImport.GetAsyncKeyState(0x57) & 0x8000) != 0)
{
LocalPlayer.ForwardSpeed = 450;
}
else
{
LocalPlayer.ForwardSpeed = 0;
}
Vector3 angle = Aimbot.CalcAngle(LocalPlayer.ViewPosition, target.Position);
angle.y -= LocalPlayer.ViewAngle.y;
angle = Aimbot.NormalizedAngle(angle);
float sidemove = -angle.y * 25;
LocalPlayer.SideSpeed = sidemove > 450 ? 450 : sidemove < -450 ? -450 : sidemove;
}
}
if (blocked)
{
Memory.Write <int>(Memory.Client + signatures.dwForceRight, 6);
Memory.Write <int>(Memory.Client + signatures.dwForceForward, 6);
LocalPlayer.SideSpeed = 450;
LocalPlayer.ForwardSpeed = 450;
}
}
}
protected override bool ReleaseHandle()
{
return(DllImport.CloseHandle(handle));
}
[PlatformSpecific(TestPlatforms.Windows)] // ThreadPoolBoundHandle.BindHandle is not supported on Unix
public unsafe void MultipleOperationsOverMultipleHandles()
{
const int DATA_SIZE = 2;
SafeHandle handle1 = HandleFactory.CreateAsyncFileHandleForWrite(Path.Combine(TestDirectory, @"MultipleOperationsOverMultipleHandle1.tmp"));
SafeHandle handle2 = HandleFactory.CreateAsyncFileHandleForWrite(Path.Combine(TestDirectory, @"MultipleOperationsOverMultipleHandle2.tmp"));
ThreadPoolBoundHandle boundHandle1 = ThreadPoolBoundHandle.BindHandle(handle1);
ThreadPoolBoundHandle boundHandle2 = ThreadPoolBoundHandle.BindHandle(handle2);
OverlappedContext result1 = new OverlappedContext();
OverlappedContext result2 = new OverlappedContext();
byte[] data1 = new byte[DATA_SIZE];
data1[0] = (byte)'A';
data1[1] = (byte)'B';
byte[] data2 = new byte[DATA_SIZE];
data2[0] = (byte)'C';
data2[1] = (byte)'D';
PreAllocatedOverlapped preAlloc1 = new PreAllocatedOverlapped(OnOverlappedOperationCompleted, result1, data1);
PreAllocatedOverlapped preAlloc2 = new PreAllocatedOverlapped(OnOverlappedOperationCompleted, result2, data2);
for (int i = 0; i < 10; i++)
{
NativeOverlapped *overlapped1 = boundHandle1.AllocateNativeOverlapped(preAlloc1);
NativeOverlapped *overlapped2 = boundHandle2.AllocateNativeOverlapped(preAlloc2);
fixed(byte *p1 = data1, p2 = data2)
{
int retval = DllImport.WriteFile(boundHandle1.Handle, p1, DATA_SIZE, IntPtr.Zero, overlapped1);
if (retval == 0)
{
Assert.Equal(DllImport.ERROR_IO_PENDING, Marshal.GetLastWin32Error());
}
retval = DllImport.WriteFile(boundHandle2.Handle, p2, DATA_SIZE, IntPtr.Zero, overlapped2);
if (retval == 0)
{
Assert.Equal(DllImport.ERROR_IO_PENDING, Marshal.GetLastWin32Error());
}
// Wait for overlapped operations to complete
WaitHandle.WaitAll(new WaitHandle[] { result1.Event, result2.Event });
}
boundHandle1.FreeNativeOverlapped(overlapped1);
boundHandle2.FreeNativeOverlapped(overlapped2);
result1.Event.Reset();
result2.Event.Reset();
Assert.Equal(0, result1.ErrorCode);
Assert.Equal(0, result2.ErrorCode);
Assert.Equal(DATA_SIZE, result1.BytesWritten);
Assert.Equal(DATA_SIZE, result2.BytesWritten);
}
boundHandle1.Dispose();
boundHandle2.Dispose();
preAlloc1.Dispose();
preAlloc2.Dispose();
handle1.Dispose();
handle2.Dispose();
}
/// <summary>
/// Background processing of a single PE file.
/// It can be lengthy since there are disk access (and misses).
/// </summary>
/// <param name="NewTreeContexts"> This variable is passed as reference to be updated since this function is run in a separate thread. </param>
/// <param name="newPe"> Current PE file analyzed </param>
private void ProcessPe(List <ImportContext> NewTreeContexts, PE newPe)
{
List <PeImportDll> PeImports = newPe.GetImports();
Environment.SpecialFolder WindowsSystemFolder = (this.Pe.IsWow64Dll()) ?
Environment.SpecialFolder.SystemX86 :
Environment.SpecialFolder.System;
string User32Filepath = Path.Combine(Environment.GetFolderPath(WindowsSystemFolder), "user32.dll");
foreach (PeImportDll DllImport in PeImports)
{
ImportContext ImportModule = new ImportContext();
ImportModule.PeFilePath = null;
ImportModule.PeProperties = null;
ImportModule.ModuleName = DllImport.Name;
ImportModule.ApiSetModuleName = null;
ImportModule.IsDelayLoadImport = DllImport.IsDelayLoad();
// Find Dll in "paths"
Tuple <ModuleSearchStrategy, PE> ResolvedModule = BinaryCache.ResolveModule(this.Pe, DllImport.Name, this.SxsEntriesCache);
ImportModule.ModuleLocation = ResolvedModule.Item1;
if (ImportModule.ModuleLocation != ModuleSearchStrategy.NOT_FOUND)
{
ImportModule.PeProperties = ResolvedModule.Item2;
ImportModule.PeFilePath = ResolvedModule.Item2.Filepath;
}
// special case for apiset schema
ImportModule.IsApiSet = (ImportModule.ModuleLocation == ModuleSearchStrategy.ApiSetSchema);
if (ImportModule.IsApiSet)
{
ImportModule.ApiSetModuleName = BinaryCache.LookupApiSetLibrary(DllImport.Name);
}
// add warning for appv isv applications
if (String.Compare(DllImport.Name, "AppvIsvSubsystems32.dll", StringComparison.OrdinalIgnoreCase) == 0 ||
String.Compare(DllImport.Name, "AppvIsvSubsystems64.dll", StringComparison.OrdinalIgnoreCase) == 0)
{
if (!this._DisplayWarning)
{
MessageBoxResult result = MessageBox.Show(
"This binary use the App-V containerization technology which fiddle with search directories and PATH env in ways Dependencies can't handle.\n\nFollowing results are probably not quite exact.",
"App-V ISV disclaimer"
);
this._DisplayWarning = true; // prevent the same warning window to popup several times
}
}
NewTreeContexts.Add(ImportModule);
// AppInitDlls are triggered by user32.dll, so if the binary does not import user32.dll they are not loaded.
if (ImportModule.PeFilePath == User32Filepath)
{
string AppInitRegistryKey = (this.Pe.IsWow64Dll()) ?
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows" :
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows";
int LoadAppInitDlls = (int)Registry.GetValue(AppInitRegistryKey, "LoadAppInit_DLLs", 0);
string AppInitDlls = (string)Registry.GetValue(AppInitRegistryKey, "AppInit_DLLs", "");
if ((LoadAppInitDlls != 0) && (AppInitDlls != ""))
{
// Extremely crude parser. TODO : Add support for quotes wrapped paths with spaces
foreach (var AppInitDll in AppInitDlls.Split(' '))
{
Debug.WriteLine("AppInit loading " + AppInitDll);
ImportContext AppInitImportModule = new ImportContext();
AppInitImportModule.PeFilePath = null;
AppInitImportModule.PeProperties = null;
AppInitImportModule.ModuleName = AppInitDll;
AppInitImportModule.ApiSetModuleName = null;
AppInitImportModule.IsDelayLoadImport = false;
AppInitImportModule.ModuleLocation = ModuleSearchStrategy.AppInitDLL;
Tuple <ModuleSearchStrategy, PE> ResolvedAppInitModule = BinaryCache.ResolveModule(this.Pe, AppInitDll, this.SxsEntriesCache);
if (ResolvedAppInitModule.Item1 != ModuleSearchStrategy.NOT_FOUND)
{
AppInitImportModule.PeProperties = ResolvedAppInitModule.Item2;
AppInitImportModule.PeFilePath = ResolvedAppInitModule.Item2.Filepath;
}
NewTreeContexts.Add(AppInitImportModule);
}
}
}
}
}
public void CloseWithoutDisposing()
{
DllImport.CloseHandle(handle);
}
public static DateTime FILETIMEToDateTime( DllImport.FILETIME fileTime, bool utc )
{
UInt64 high = ( (UInt64)( fileTime.dwHighDateTime ) );
UInt64 shiftedHigh = ( high & 0xFFFFFFFF ) << 32;
UInt64 low = (UInt64)( fileTime.dwLowDateTime & ( 0xFFFFFFFF ) );
long final = (long)( low | shiftedHigh );
return utc ? DateTime.FromFileTimeUtc( final ) : DateTime.FromFileTime( final );
}