/// <summary>
/// Initializes a new instance of the <see cref="ProcessSharp" /> class.
/// </summary>
/// <param name="native">The native process.</param>
/// <param name="type">The type of memory being manipulated.</param>
public ProcessSharp(Process native, MemoryType type)
{
native.EnableRaisingEvents = true;
native.Exited += (s, e) =>
{
ProcessExited?.Invoke(s, e);
HandleProcessExiting();
};
Native = native;
Handle = MemoryHelper.OpenProcess(ProcessAccessFlags.AllAccess, Native.Id);
switch (type)
{
case MemoryType.Local:
Memory = new LocalProcessMemory(Handle);
break;
case MemoryType.Remote:
Memory = new ExternalProcessMemory(Handle);
break;
default:
throw new ArgumentOutOfRangeException(nameof(type), type, null);
}
native.ErrorDataReceived += OutputDataReceived;
native.OutputDataReceived += OutputDataReceived;
ThreadFactory = new ThreadFactory(this);
ModuleFactory = new ModuleFactory(this);
MemoryFactory = new MemoryFactory(this);
WindowFactory = new WindowFactory(this);
}
internal Class276(ExternalProcessMemory memory)
{
externalProcessMemory_0 = memory;
intptr_0 = method_18("mono.dll");
intptr_1 = intptr_0 + 0x19319;
intptr_2 = intptr_0 + 0x166FF;
intptr_3 = intptr_0 + 0x1670A;
intptr_4 = intptr_0 + 0x12EBD;
intptr_5 = intptr_0 + 0x1D840;
intptr_6 = intptr_0 + 0x1345D;
intptr_7 = intptr_0 + 0x12099;
intptr_8 = intptr_0 + 0x1A452;
intptr_9 = intptr_0 + 0x27D50;
intptr_10 = intptr_0 + 0x2B649;
intptr_11 = intptr_0 + 0x6268D;
intptr_12 = intptr_0 + 0x2B41A;
intptr_13 = intptr_0 + 0x377BC;
intptr_14 = intptr_0 + 0x372D7;
intptr_15 = intptr_0 + 0x388AC;
intptr_16 = intptr_0 + 0x16715;
intptr_17 = intptr_0 + 0x80970;
intptr_18 = intptr_0 + 0x7FE70;
intptr_19 = intptr_0 + 0x1D783;
intptr_20 = intptr_0 + 0x372B1;
intptr_21 = intptr_0 + 0x1678C;
intptr_22 = intptr_0 + 0x5E694;
intptr_23 = intptr_0 + 0x68E78;
intptr_24 = intptr_0 + 0x5E638;
intptr_25 = intptr_0 + 0x5F5CF;
intptr_26 = intptr_0 + 0x5DD23;
intptr_27 = intptr_0 + 0x7E537;
intptr_28 = intptr_0 + 0x166DD;
intptr_29 = intptr_0 + 0x27D4A;
intptr_30 = intptr_0 + 0x16781;
intptr_31 = intptr_0 + 0x7FCFD;
intptr_32 = intptr_0 + 0x5F6AD;
intptr_33 = intptr_0 + 0x5CC9C;
intptr_34 = intptr_0 + 0x5E197;
intptr_35 = intptr_0 + 0x165F5;
intptr_36 = intptr_0 + 0x5DB53;
method_15 <bool>("boolean");
method_15 <object>("object");
method_15 <sbyte>("sbyte");
method_15 <byte>("byte");
method_15 <short>("int16");
method_15 <ushort>("uint16");
method_15 <int>("int32");
method_15 <uint>("uint32");
method_15 <long>("int64");
method_15 <ulong>("uint64");
method_15 <float>("single");
method_15 <double>("double");
method_15 <char>("char");
method_15 <string>("string");
method_15 <Enum>("enum");
}
public void DisposeMemory()
{
var epm = new ExternalProcessMemory(Process.GetCurrentProcess());
epm.Dispose();
Assert.IsTrue(epm.IsDisposed);
epm.Dispose();
}
/// <summary>
/// Initializes Orion by attaching to the specified CSGO process.
/// </summary>
/// <param name="process">The process.</param>
/// <param name="isInjected">if set to <c>true</c> [is injected].</param>
public static void Attach(Process process, bool isInjected = false)
{
if (_isAttached)
{
return;
}
// We won't require the injector for now - we're completely passive.
if (isInjected)
{
Memory = new LocalProcessMemory(process);
}
else
{
Memory = new ExternalProcessMemory(process);
}
ClientBase = Memory.GetModule("client.dll").BaseAddress;
EngineBase = Memory.GetModule("engine.dll").BaseAddress;
ClientSize = Memory.GetModule("client.dll").ModuleMemorySize;
EngineSize = Memory.GetModule("engine.dll").ModuleMemorySize;
BaseOffsets.Init();
_log.Debug($"Client Base Address: 0x{ClientBase}");
_log.Debug($"Engine Base Address: 0x{EngineBase}");
//Patchables.BaseOffsets.Initialize();
_log.Info("Initializing ObjectManager..");
Objects = new ObjectManager(ClientBase + (int)BaseOffsets.EntityList, 128);
GlowObjects = new GlowManager(ClientBase + (int)BaseOffsets.GlowObjBase);
var clientState = Memory.Read <IntPtr>(EngineBase + (int)BaseOffsets.ClientState);
_log.Debug($"Engine Pointer: 0x{clientState}");
if (clientState == IntPtr.Zero)
{
throw new Exception("Couldn't find Engine Ptr - are you sure your offsets are up to date?");
}
_log.Info("Initializing GameClient..");
Client = new GameClient(clientState);
_log.Debug($"Orion attached successfully to process with ID {process.Id}.");
_isAttached = true;
}
/// <summary>
/// 对当前解析插件对应的游戏进程进行注入
/// </summary>
private void Attach()
{
Debug.Assert(FFXIV != null);
try {
Memory = new ExternalProcessMemory(FFXIV, false, false);
Memory.WriteBytes(_entrancePtr, new byte[] { 76, 139, 220, 83, 86 });
Memory = new ExternalProcessMemory(FFXIV, true, false, _entrancePtr, false, 5, true);
PluginUI.Log($"已找到FFXIV进程 {FFXIV.Id}");
}
catch (Exception ex) {
MessageBox.Show($"注入进程时发生错误!\n{ex}", "鲶鱼精邮差", MessageBoxButtons.OK, MessageBoxIcon.Error);
Detach();
}
}
private void initMemory()
{
System.Diagnostics.Process dbfz = System.Diagnostics.Process.GetProcessesByName("RED-Win64-Shipping")[0];
var dbfzproc = new ProcessSharp(dbfz);
dbfzmem = new ExternalProcessMemory(dbfzproc.Handle);
var baseaddress = dbfzproc.ModuleFactory.MainModule.BaseAddress;
framecounter = IntPtr.Add(baseaddress, 0x35EAB48);
var recordingptr = (IntPtr)dbfzmem.Read <int>(IntPtr.Add(baseaddress, 0x3817BD8));
recordingStart = IntPtr.Add(recordingptr, 0x718);
inputbuffer = IntPtr.Add(baseaddress, 0x35EAC08);
}
public static void Attach(System.Diagnostics.Process process, bool isInjected = false)
{
if (_isAttached)
{
return;
}
if (isInjected)
{
Memory = new LocalProcessMemory(process);
}
else
{
Memory = new ExternalProcessMemory(process);
}
Thread.Sleep(2000);
Renderer = new Renderer(process);
ClientBase = Memory.GetModule("client.dll").BaseAddress;
EngineBase = Memory.GetModule("engine.dll").BaseAddress;
Offsets.Initialize();
ClientState = Memory.Read <int>(EngineBase + Offsets.ClientState.Base);
Objects = new ObjectManager(ClientBase + Offsets.Misc.EntityList);
Box = new Box();
HeadHelper = new HeadHelper();
SkinChanger = new SkinChanger();
ControlRecoil = new Rcs();
TriggerBot = new TriggerBot();
KeyUtils = new KeyUtils();
BunnyJump = new BunnyJump();
SoundEsp = new SoundEsp();
Radar = new Radar();
NoFlash = new NoFlash();
AutoPistol = new AutoPistol();
Glow = new Glow();
AimAssist = new AimAssist();
var enginePtr = Memory.Read <IntPtr>(EngineBase + Offsets.ClientState.Base);
if (enginePtr == IntPtr.Zero)
{
throw new Exception("Couldn't find Engine Ptr - are you sure your offsets are up to date?");
}
Client = new GameClient(enginePtr);
_isAttached = true;
}
public static Task GetWorldPtr()
{
process = new ProcessSharp(Utilities.BaseProc(), MemoryType.Remote);
mem = new ExternalProcessMemory(process.Handle);
//WorldPtr
IntPtr addr = Find(process.ModuleFactory.MainModule.Name, MemoryReader.WorldPTR, process).ReadAddress;
addr = addr + mem.Read <int>(addr + 3) + 7;
IntPtr WorldPtr = mem.Read <IntPtr>(addr);
Addresses.WorldPtr = WorldPtr;
return(Task.CompletedTask);
}
public void Setup(PostNamazu postNamazu)
{
FFXIV_ACT_Plugin = postNamazu.FFXIV_ACT_Plugin;
FFXIV = postNamazu.FFXIV;
Memory = postNamazu.Memory;
PluginUI = postNamazu.PluginUI;
SigScanner = postNamazu.SigScanner;
try {
GetOffsets();
}
catch (Exception ex) {
Log(ex.ToString());
isReady = false;
}
//Log("初始化完成");
if (FFXIV_ACT_Plugin != null && FFXIV != null && Memory != null)
{
isReady = true;
}
else
{
isReady = false;
}
}
internal static bool smethod_0(Process process_0, Delegate6 delegate6_0, out string string_0)
{
if (Initialized)
{
string_0 = "SmartInitialize has already been called.";
return(false);
}
if (process_0 == null)
{
string_0 = "process == null";
return(false);
}
if (delegate6_0 == null)
{
string_0 = "getOffsetsDelegate == null";
return(false);
}
if (Class247.smethod_1(process_0.MainModule.FileName) == Class247.UInt32_0)
{
string_0 = "This client version is unsupported.";
return(false);
}
if (delegate6_0(String_0, out string_0) != null)
{
if (!string.IsNullOrEmpty(string_0))
{
string_0 = string.Format("The data required to run the bot was not successfully obtained. Please make sure your key is still valid at the Buddy Auth Portal: http://buddyauth.com/User/Keys {0}{0}For any further assistance, please contact support: https://bosslandgmbh.zendesk.com/home", Environment.NewLine);
}
return(false);
}
try
{
ExternalProcessMemoryInitParams externalProcessMemoryInitParams = new ExternalProcessMemoryInitParams
{
Process = process_0,
StartupRasm = false,
DefaultCacheValue = true,
Executor = ExecutorInitParams.DX9()
};
externalProcessMemoryInitParams.Executor.MinSkipBytes = 8;
try
{
externalProcessMemory_0 = new ExternalProcessMemory(externalProcessMemoryInitParams);
}
catch (Exception ex)
{
if (!ex.Message.Equals("Could not find DX9 in process!"))
{
throw;
}
//TritonHs.ilog_0.Info("Process is not using DX9, now trying DX11...");
externalProcessMemoryInitParams = new ExternalProcessMemoryInitParams
{
Process = process_0,
StartupRasm = false,
DefaultCacheValue = true,
Executor = ExecutorInitParams.DX11()
};
externalProcessMemoryInitParams.Executor.MinSkipBytes = 8;
externalProcessMemory_0 = new ExternalProcessMemory(externalProcessMemoryInitParams);
}
externalProcessMemory_0.ProcessExited += Class246.ChuckInstance9.method_0;
class276_0 = new Class276(externalProcessMemory_0);
using (AcquireFrame())
{
intptr_1 = class276_0.method_2();
}
ProcessHookManager.smethod_3();
Hotkeys.Initialize(ClientWindowHandle);
Input.DebugMouseCursorPos = false;
Initialized = true;
TritonHs.bool_0 = false;
}
catch (Exception ex2)
{
string_0 = ex2.ToString();
return(false);
}
string_0 = string.Empty;
return(true);
}
private static void smethod_2()
{
var list = smethod_0();
if (list.Any(Class244.Instance.method_1))
{
return;
}
var @class = new Class243
{
int_0 = ExternalProcessMemory_0.Process.Id,
list_0 = new List <byte[]>()
};
ExternalProcessMemory externalProcessMemory_ = ExternalProcessMemory_0;
using (TritonHs.AcquireFrame())
{
@class.list_0.Add(externalProcessMemory_.Patches["ProcessHookManager_GetForegroundWindow"].OriginalBytes);
@class.list_0.Add(externalProcessMemory_.Patches["ProcessHookManager_GetActiveWindow"].OriginalBytes);
@class.list_0.Add(externalProcessMemory_.Patches["ProcessHookManager_GetKeyState"].OriginalBytes);
@class.list_0.Add(externalProcessMemory_.Patches["ProcessHookManager_GetCursorPos"].OriginalBytes);
@class.list_0.Add(externalProcessMemory_.Patches["ProcessHookManager_ScreenToClient"].OriginalBytes);
}
list.Add(@class);
foreach (Class243 class2 in list.ToArray())
{
try
{
Process processById = Process.GetProcessById(class2.int_0);
try
{
if (!processById.ProcessName.ToLowerInvariant().Contains("hearthstone"))
{
list.Remove(class2);
}
}
catch
{
list.Remove(class2);
}
}
catch (ArgumentException)
{
list.Remove(class2);
}
}
using (FileStream fileStream = File.Create(ProcessHookManager.String_0))
{
using (BinaryWriter binaryWriter = new BinaryWriter(fileStream))
{
binaryWriter.Write(list.Count);
foreach (Class243 class3 in list)
{
binaryWriter.Write(class3.int_0);
binaryWriter.Write(class3.list_0.Count);
foreach (byte[] array2 in class3.list_0)
{
binaryWriter.Write(array2.Length);
binaryWriter.Write(array2);
}
}
}
}
}
internal static void smethod_3()
{
State = StateEnum.None;
foreach (string path in string_0)
{
try
{
File.Delete(path);
}
catch
{
}
}
ExternalProcessMemory externalProcessMemory_ = ExternalProcessMemory_0;
intptr_1 = externalProcessMemory_.GetProcAddress("user32.dll", "GetActiveWindow");
if (intptr_1 == IntPtr.Zero)
{
throw new Exception("The function 'GetActiveWindow' was not found.");
}
intptr_0 = externalProcessMemory_.GetProcAddress("user32.dll", "GetForegroundWindow");
if (intptr_0 == IntPtr.Zero)
{
throw new Exception("The function 'GetForegroundWindow' was not found.");
}
intptr_2 = externalProcessMemory_.GetProcAddress("user32.dll", "GetKeyState");
if (intptr_2 == IntPtr.Zero)
{
throw new Exception("The function 'GetKeyState' was not found.");
}
intptr_3 = externalProcessMemory_.GetProcAddress("user32.dll", "GetCursorPos");
if (intptr_3 == IntPtr.Zero)
{
throw new Exception("The function 'GetCursorPos' was not found.");
}
intptr_4 = externalProcessMemory_.GetProcAddress("user32.dll", "ScreenToClient");
if (intptr_4 == IntPtr.Zero)
{
throw new Exception("The function 'ScreenToClient' was not found.");
}
allocatedMemory_0 = externalProcessMemory_.CreateAllocatedMemory(4096);
List <byte[]> list = ProcessHookManager.smethod_1();
if (list != null)
{
using (TritonHs.AcquireFrame())
{
ExternalProcessMemory_0.WriteBytes(intptr_0, list[0]);
ExternalProcessMemory_0.WriteBytes(intptr_1, list[1]);
ExternalProcessMemory_0.WriteBytes(intptr_2, list[2]);
ExternalProcessMemory_0.WriteBytes(intptr_3, list[3]);
ExternalProcessMemory_0.WriteBytes(intptr_4, list[4]);
}
}
bool flag = false;
try
{
IntPtr intPtr_ = ProcessHookManager.IntPtr_0;
ManagedFasm asm = externalProcessMemory_.Asm;
asm.Clear();
asm.smethod_3("mov eax, " + intPtr_);
asm.smethod_3("retn");
byte[] array2 = asm.Assemble();
asm.Clear();
allocatedMemory_0.WriteBytes(0, array2);
int value = (allocatedMemory_0.Address + 0).ToInt32() - intptr_0.ToInt32() - 5;
int value2 = (allocatedMemory_0.Address + 0).ToInt32() - intptr_1.ToInt32() - 5;
int num = 0 + array2.Length;
ProcessHookManager.byte_0 = new byte[5];
ProcessHookManager.byte_0[0] = 233;
byte[] bytes = BitConverter.GetBytes(value);
for (int j = 0; j < bytes.Length; j++)
{
ProcessHookManager.byte_0[j + 1] = bytes[j];
}
ProcessHookManager.byte_1 = new byte[5];
ProcessHookManager.byte_1[0] = 233;
byte[] bytes2 = BitConverter.GetBytes(value2);
for (int k = 0; k < bytes2.Length; k++)
{
ProcessHookManager.byte_1[k + 1] = bytes2[k];
}
externalProcessMemory_.Patches.Create(intptr_0, ProcessHookManager.byte_0, "ProcessHookManager_GetForegroundWindow");
externalProcessMemory_.Patches.Create(intptr_1, ProcessHookManager.byte_1, "ProcessHookManager_GetActiveWindow");
byte[] bytes3 = new byte[1024];
allocatedMemory_0.WriteBytes(num, bytes3);
IntPtr intPtr = allocatedMemory_0.Address + num;
ProcessHookManager.int_0 = num;
num += 1024;
byte[] bytes4 = new byte[8];
allocatedMemory_0.WriteBytes(num, bytes4);
IntPtr intPtr2 = allocatedMemory_0.Address + num;
num += 4;
IntPtr intPtr3 = allocatedMemory_0.Address + num;
num += 4;
ManagedFasm asm2 = externalProcessMemory_.Asm;
asm2.Clear();
asm2.smethod_3("pop eax");
asm2.smethod_4("mov [{0}], eax", new object[]
{
intPtr2
});
asm2.smethod_3("pop eax");
asm2.smethod_4("mov [{0}], eax", new object[]
{
intPtr3
});
asm2.smethod_3("imul eax, 4");
asm2.smethod_4("add eax, {0}", new object[]
{
intPtr
});
asm2.smethod_3("mov eax, [eax]");
asm2.smethod_4("pushd [{0}]", new object[]
{
intPtr2
});
asm2.smethod_3("retn");
byte[] array3 = asm2.Assemble();
asm2.Clear();
allocatedMemory_0.WriteBytes(num, array3);
int value3 = (allocatedMemory_0.Address + num).ToInt32() - intptr_2.ToInt32() - 5;
num += array3.Length;
ProcessHookManager.byte_2 = new byte[5];
ProcessHookManager.byte_2[0] = 233;
byte[] bytes5 = BitConverter.GetBytes(value3);
for (int l = 0; l < bytes5.Length; l++)
{
ProcessHookManager.byte_2[l + 1] = bytes5[l];
}
externalProcessMemory_.Patches.Create(intptr_2, ProcessHookManager.byte_2, "ProcessHookManager_GetKeyState");
byte[] array4 = new byte[12];
array4[8] = 1;
allocatedMemory_0.WriteBytes(num, array4);
IntPtr intPtr4 = allocatedMemory_0.Address + num;
ProcessHookManager.int_1 = num;
num += 4;
ProcessHookManager.int_2 = num;
num += 4;
ProcessHookManager.int_3 = num;
num += 4;
byte[] bytes6 = new byte[8];
allocatedMemory_0.WriteBytes(num, bytes6);
IntPtr intPtr5 = allocatedMemory_0.Address + num;
num += 4;
IntPtr intPtr6 = allocatedMemory_0.Address + num;
num += 4;
ManagedFasm asm3 = externalProcessMemory_.Asm;
asm3.Clear();
asm3.smethod_3("pop eax");
asm3.smethod_4("mov [{0}], eax", new object[]
{
intPtr5
});
asm3.smethod_3("pop eax");
asm3.smethod_4("mov [{0}], eax", new object[]
{
intPtr6
});
asm3.smethod_3("push ecx");
asm3.smethod_4("mov ecx, {0}", new object[]
{
intPtr4
});
asm3.smethod_3("mov ecx, [ecx]");
asm3.smethod_3("mov [eax], ecx");
asm3.smethod_3("add eax, 4");
asm3.smethod_4("mov ecx, {0}", new object[]
{
intPtr4
});
asm3.smethod_3("add ecx, 4");
asm3.smethod_3("mov ecx, [ecx]");
asm3.smethod_3("mov [eax], ecx");
asm3.smethod_4("mov ecx, {0}", new object[]
{
intPtr4
});
asm3.smethod_3("add ecx, 8");
asm3.smethod_3("mov eax, [ecx]");
asm3.smethod_3("pop ecx");
asm3.smethod_4("pushd [{0}]", new object[]
{
intPtr5
});
asm3.smethod_3("retn");
byte[] array5 = asm3.Assemble();
asm3.Clear();
allocatedMemory_0.WriteBytes(num, array5);
int value4 = (allocatedMemory_0.Address + num).ToInt32() - intptr_3.ToInt32() - 5;
num += array5.Length;
ProcessHookManager.byte_3 = new byte[5];
ProcessHookManager.byte_3[0] = 233;
byte[] bytes7 = BitConverter.GetBytes(value4);
for (int m = 0; m < bytes7.Length; m++)
{
ProcessHookManager.byte_3[m + 1] = bytes7[m];
}
externalProcessMemory_.Patches.Create(intptr_3, ProcessHookManager.byte_3, "ProcessHookManager_GetCursorPos");
byte[] array6 = new byte[12];
array6[8] = 1;
allocatedMemory_0.WriteBytes(num, array6);
IntPtr intPtr7 = allocatedMemory_0.Address + num;
ProcessHookManager.int_4 = num;
num += 4;
ProcessHookManager.int_5 = num;
num += 4;
ProcessHookManager.int_6 = num;
num += 4;
byte[] bytes8 = new byte[12];
allocatedMemory_0.WriteBytes(num, bytes8);
IntPtr intPtr8 = allocatedMemory_0.Address + num;
num += 4;
IntPtr intPtr9 = allocatedMemory_0.Address + num;
num += 4;
IntPtr intPtr10 = allocatedMemory_0.Address + num;
num += 4;
ManagedFasm asm4 = externalProcessMemory_.Asm;
asm4.Clear();
asm4.smethod_3("pop eax");
asm4.smethod_4("mov [{0}], eax", new object[]
{
intPtr8
});
asm4.smethod_3("pop eax");
asm4.smethod_4("mov [{0}], eax", new object[]
{
intPtr9
});
asm4.smethod_3("pop eax");
asm4.smethod_4("mov [{0}], eax", new object[]
{
intPtr10
});
asm4.smethod_3("push ecx");
asm4.smethod_4("mov ecx, {0}", new object[]
{
intPtr7
});
asm4.smethod_3("mov ecx, [ecx]");
asm4.smethod_3("mov [eax], ecx");
asm4.smethod_3("add eax, 4");
asm4.smethod_4("mov ecx, {0}", new object[]
{
intPtr7
});
asm4.smethod_3("add ecx, 4");
asm4.smethod_3("mov ecx, [ecx]");
asm4.smethod_3("mov [eax], ecx");
asm4.smethod_4("mov ecx, {0}", new object[]
{
intPtr7
});
asm4.smethod_3("add ecx, 8");
asm4.smethod_3("mov eax, [ecx]");
asm4.smethod_3("pop ecx");
asm4.smethod_4("pushd [{0}]", new object[]
{
intPtr8
});
asm4.smethod_3("retn");
byte[] array7 = asm4.Assemble();
asm4.Clear();
allocatedMemory_0.WriteBytes(num, array7);
int value5 = (allocatedMemory_0.Address + num).ToInt32() - intptr_4.ToInt32() - 5;
num += array7.Length;
ProcessHookManager.byte_4 = new byte[5];
ProcessHookManager.byte_4[0] = 233;
byte[] bytes9 = BitConverter.GetBytes(value5);
for (int n = 0; n < bytes9.Length; n++)
{
ProcessHookManager.byte_4[n + 1] = bytes9[n];
}
externalProcessMemory_.Patches.Create(intptr_4, ProcessHookManager.byte_4, "ProcessHookManager_ScreenToClient");
ProcessHookManager.smethod_2();
}
catch (Exception)
{
flag = true;
throw;
}
finally
{
if (flag && allocatedMemory_0 != null)
{
allocatedMemory_0.Dispose();
allocatedMemory_0 = null;
}
}
}
private static void smethod_2()
{
List <Class239> source = smethod_0();
if (!source.Any <Class239>((Class240.< > 9__36_0 ?? (Class240.< > 9__36_0 = new Func <Class239, bool>(Class240.< > 9.method_1)))))
{
Class239 item = new Class239 {
int_0 = ExternalProcessMemory_0.Process.Id,
list_0 = new List <byte[]>()
};
ExternalProcessMemory memory = ExternalProcessMemory_0;
using (TritonHs.AcquireFrame())
{
item.list_0.Add(memory.Patches["ProcessHookManager_GetForegroundWindow"].OriginalBytes);
item.list_0.Add(memory.Patches["ProcessHookManager_GetActiveWindow"].OriginalBytes);
item.list_0.Add(memory.Patches["ProcessHookManager_GetKeyState"].OriginalBytes);
item.list_0.Add(memory.Patches["ProcessHookManager_GetCursorPos"].OriginalBytes);
item.list_0.Add(memory.Patches["ProcessHookManager_ScreenToClient"].OriginalBytes);
}
source.Add(item);
Class239[] classArray = source.ToArray();
int index = 0;
while (true)
{
if (index >= classArray.Length)
{
break;
}
Class239 class3 = classArray[index];
try
{
Process processById = Process.GetProcessById(class3.int_0);
try
{
if (!processById.ProcessName.ToLowerInvariant().Contains("hearthstone"))
{
source.Remove(class3);
}
}
catch
{
source.Remove(class3);
}
}
catch (ArgumentException)
{
source.Remove(class3);
}
index++;
}
using (FileStream stream = File.Create(String_0))
{
using (BinaryWriter writer = new BinaryWriter(stream))
{
writer.Write(source.Count);
foreach (Class239 class4 in source)
{
writer.Write(class4.int_0);
writer.Write(class4.list_0.Count);
foreach (byte[] buffer in class4.list_0)
{
writer.Write(buffer.Length);
writer.Write(buffer);
}
}
}
}
}
}
public void CreateWithInjector()
{
var epm = new ExternalProcessMemory(Process.GetCurrentProcess(), new InjectorCreationOptions(true, true));
}
static void Main(string[] args)
{
Console.Title = "BlueRain.Injector";
Console.WriteLine("BlueRain Injector v1.0 - aevitas 2015, all rights reserved");
Console.WriteLine("This software is licensed under the Apache License 2\n\n");
if (args.Length < 2)
{
Console.WriteLine("Invalid args specified. Usage follows:\n");
Console.WriteLine("BlueInject -p procname dll");
Console.WriteLine("\tprocname:\tProcess name without extension (e.g. notepad)");
Console.WriteLine("\tdll:\t\tThe DLL file to be injected");
Console.ReadLine();
return;
}
var mode = args[0];
var procName = args[1];
var libName = args[2];
Console.WriteLine("Waiting for process \"{0}\"\n", procName);
Process proc = null;
while (proc == null)
{
try
{
var procs = Process.GetProcessesByName(procName);
if (procs.Length < 1)
{
continue;
}
if (procs.Length == 1)
{
proc = procs.First();
continue;
}
Console.WriteLine("Found {0} processes that match the specified name.", procs.Length);
Console.WriteLine("Will be using the first instance of the process I can find.\nPress ENTER to proceed...");
Console.ReadLine();
proc = procs.First();
}
catch (Win32Exception)
{
// Don't care.
}
}
if (proc.Modules.Cast <ProcessModule>().Any(mod => Path.GetFileName(mod.FileName).Equals(libName, StringComparison.OrdinalIgnoreCase)))
{
Console.WriteLine("Process with ID {0} already contains module {1}! Already injected?", proc.Id, libName);
Console.ReadLine();
return;
}
var epm = new ExternalProcessMemory(proc, true);
var module = epm.Injector.Inject(Path.GetFullPath(libName));
if (module == null)
{
Console.WriteLine("Injection failed!");
}
Console.ReadLine();
}
private static string smethod_0(ExternalProcessMemory externalProcessMemory_0)
{
return "(Hearthstone)";
}
internal static bool smethod_2(out Mutex mutex_0, out Process process_0)
{
mutex_0 = null;
process_0 = null;
Arguments arguments = CommandLine.Arguments;
if (arguments.Exists("pid"))
{
try
{
bool flag2;
int processId = int.Parse(arguments.Single("pid"));
process_0 = Process.GetProcessById(processId);
if (!smethod_3(process_0))
{
ilog_0.Error("Invalid PID specifier passed to the command line: " + arguments.Single("pid") + ". This process is not a Hearthstone client.");
return false;
}
mutex_0 = smethod_1(processId, out flag2);
if (!flag2)
{
mutex_0 = null;
process_0 = null;
ilog_0.Error("Invalid PID specifier passed to the command line: " + arguments.Single("pid") + ". This process has already been attached to.");
return false;
}
return true;
}
catch
{
ilog_0.Error("Invalid PID specifier passed to the command line: " + arguments.Single("pid"));
return false;
}
}
if (arguments.Exists("pname"))
{
try
{
string processName = arguments.Single("pname");
process_0 = Process.GetProcessesByName(processName).FirstOrDefault<Process>();
if ((process_0 != null) && smethod_3(process_0))
{
bool flag3;
mutex_0 = smethod_1(process_0.Id, out flag3);
if (!flag3)
{
mutex_0 = null;
process_0 = null;
ilog_0.Error("Invalid PNAME specifier passed to the command line: " + arguments.Single("pname") + ". This process has already been attached to.");
return false;
}
return true;
}
ilog_0.Error("Invalid PNAME specifier passed to the command line: " + arguments.Single("pname") + ". This process is not a Hearthstone client.");
return false;
}
catch
{
ilog_0.Error("Invalid PNAME specifier passed to the command line: " + arguments.Single("pname"));
return false;
}
}
List<Process> list = smethod_4().ToList<Process>();
if (list.Count != 0)
{
if (!arguments.Exists("noautoattach") && (list.Count == 1))
{
bool flag4;
mutex_0 = smethod_1(list[0].Id, out flag4);
if (flag4)
{
process_0 = list[0];
return true;
}
mutex_0.Dispose();
}
Dictionary<Process, string> availableProcs = new Dictionary<Process, string>();
foreach (Process process in list)
{
bool flag5;
mutex_0 = smethod_1(process.Id, out flag5);
if (flag5 && (mutex_0 != null))
{
using (ExternalProcessMemory memory = new ExternalProcessMemory(process, false, false, false))
{
availableProcs.Add(process, smethod_0(memory));
mutex_0.ReleaseMutex();
mutex_0.Dispose();
}
}
}
ProcessSelectorWindow window = new ProcessSelectorWindow(availableProcs) {
Topmost = true
};
bool? nullable = window.ShowDialog();
if (nullable.GetValueOrDefault() ? nullable.HasValue : false)
{
bool flag6;
process_0 = window.Selected;
mutex_0 = smethod_1(process_0.Id, out flag6);
return true;
}
}
return false;
}
internal static void smethod_3()
{
State = StateEnum.None;
string[] strArray = string_0;
int index = 0;
while (true)
{
if (index >= strArray.Length)
{
break;
}
string path = strArray[index];
try
{
File.Delete(path);
}
catch
{
}
index++;
}
ExternalProcessMemory memory = ExternalProcessMemory_0;
intptr_1 = memory.GetProcAddress("user32.dll", "GetActiveWindow");
if (intptr_1 == IntPtr.Zero)
{
throw new Exception("The function 'GetActiveWindow' was not found.");
}
intptr_0 = memory.GetProcAddress("user32.dll", "GetForegroundWindow");
if (intptr_0 == IntPtr.Zero)
{
throw new Exception("The function 'GetForegroundWindow' was not found.");
}
intptr_2 = memory.GetProcAddress("user32.dll", "GetKeyState");
if (intptr_2 == IntPtr.Zero)
{
throw new Exception("The function 'GetKeyState' was not found.");
}
intptr_3 = memory.GetProcAddress("user32.dll", "GetCursorPos");
if (intptr_3 == IntPtr.Zero)
{
throw new Exception("The function 'GetCursorPos' was not found.");
}
intptr_4 = memory.GetProcAddress("user32.dll", "ScreenToClient");
if (intptr_4 == IntPtr.Zero)
{
throw new Exception("The function 'ScreenToClient' was not found.");
}
allocatedMemory_0 = memory.CreateAllocatedMemory(0x1000);
List <byte[]> list = smethod_1();
if (list != null)
{
using (TritonHs.AcquireFrame())
{
ExternalProcessMemory_0.WriteBytes(intptr_0, list[0]);
ExternalProcessMemory_0.WriteBytes(intptr_1, list[1]);
ExternalProcessMemory_0.WriteBytes(intptr_2, list[2]);
ExternalProcessMemory_0.WriteBytes(intptr_3, list[3]);
ExternalProcessMemory_0.WriteBytes(intptr_4, list[4]);
}
}
bool flag = false;
try
{
int offsetInBytes = 0;
IntPtr ptr = IntPtr_0;
ManagedFasm asm = memory.Asm;
asm.Clear();
asm.AddLine("mov eax, " + ptr.ToString());
asm.AddLine("retn");
byte[] bytes = asm.Assemble();
asm.Clear();
allocatedMemory_0.WriteBytes(0, bytes);
IntPtr ptr2 = allocatedMemory_0.Address + IntPtr.Zero;
ptr2 = allocatedMemory_0.Address + IntPtr.Zero;
int num3 = (ptr2.ToInt32() - intptr_1.ToInt32()) - 5;
offsetInBytes = 0 + bytes.Length;
byte_0 = new byte[5];
byte_0[0] = 0xe9;
byte[] buffer2 = BitConverter.GetBytes((int)((ptr2.ToInt32() - intptr_0.ToInt32()) - 5));
for (int i = 0; i < buffer2.Length; i++)
{
byte_0[i + 1] = buffer2[i];
}
byte_1 = new byte[5];
byte_1[0] = 0xe9;
byte[] buffer3 = BitConverter.GetBytes(num3);
for (int j = 0; j < buffer3.Length; j++)
{
byte_1[j + 1] = buffer3[j];
}
memory.Patches.Create(intptr_0, byte_0, "ProcessHookManager_GetForegroundWindow");
memory.Patches.Create(intptr_1, byte_1, "ProcessHookManager_GetActiveWindow");
byte[] buffer4 = new byte[0x400];
allocatedMemory_0.WriteBytes(offsetInBytes, buffer4);
IntPtr ptr3 = allocatedMemory_0.Address + offsetInBytes;
int_0 = offsetInBytes;
offsetInBytes += 0x400;
byte[] buffer5 = new byte[8];
allocatedMemory_0.WriteBytes(offsetInBytes, buffer5);
IntPtr ptr4 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
IntPtr ptr5 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
ManagedFasm fasm = memory.Asm;
fasm.Clear();
fasm.AddLine("pop eax");
object[] args = new object[] { ptr4 };
fasm.AddLine("mov [{0}], eax", args);
fasm.AddLine("pop eax");
object[] objArray2 = new object[] { ptr5 };
fasm.AddLine("mov [{0}], eax", objArray2);
fasm.AddLine("imul eax, 4");
object[] objArray3 = new object[] { ptr3 };
fasm.AddLine("add eax, {0}", objArray3);
fasm.AddLine("mov eax, [eax]");
object[] objArray4 = new object[] { ptr4 };
fasm.AddLine("pushd [{0}]", objArray4);
fasm.AddLine("retn");
byte[] buffer6 = fasm.Assemble();
fasm.Clear();
allocatedMemory_0.WriteBytes(offsetInBytes, buffer6);
ptr2 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += buffer6.Length;
byte_2 = new byte[5];
byte_2[0] = 0xe9;
byte[] buffer7 = BitConverter.GetBytes((int)((ptr2.ToInt32() - intptr_2.ToInt32()) - 5));
for (int k = 0; k < buffer7.Length; k++)
{
byte_2[k + 1] = buffer7[k];
}
memory.Patches.Create(intptr_2, byte_2, "ProcessHookManager_GetKeyState");
byte[] buffer8 = new byte[12];
buffer8[8] = 1;
allocatedMemory_0.WriteBytes(offsetInBytes, buffer8);
IntPtr ptr6 = allocatedMemory_0.Address + offsetInBytes;
int_1 = offsetInBytes;
offsetInBytes += 4;
int_2 = offsetInBytes;
offsetInBytes += 4;
int_3 = offsetInBytes;
offsetInBytes += 4;
byte[] buffer9 = new byte[8];
allocatedMemory_0.WriteBytes(offsetInBytes, buffer9);
IntPtr ptr7 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
IntPtr ptr8 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
ManagedFasm fasm2 = memory.Asm;
fasm2.Clear();
fasm2.AddLine("pop eax");
object[] objArray5 = new object[] { ptr7 };
fasm2.AddLine("mov [{0}], eax", objArray5);
fasm2.AddLine("pop eax");
object[] objArray6 = new object[] { ptr8 };
fasm2.AddLine("mov [{0}], eax", objArray6);
fasm2.AddLine("push ecx");
object[] objArray7 = new object[] { ptr6 };
fasm2.AddLine("mov ecx, {0}", objArray7);
fasm2.AddLine("mov ecx, [ecx]");
fasm2.AddLine("mov [eax], ecx");
fasm2.AddLine("add eax, 4");
object[] objArray8 = new object[] { ptr6 };
fasm2.AddLine("mov ecx, {0}", objArray8);
fasm2.AddLine("add ecx, 4");
fasm2.AddLine("mov ecx, [ecx]");
fasm2.AddLine("mov [eax], ecx");
object[] objArray9 = new object[] { ptr6 };
fasm2.AddLine("mov ecx, {0}", objArray9);
fasm2.AddLine("add ecx, 8");
fasm2.AddLine("mov eax, [ecx]");
fasm2.AddLine("pop ecx");
object[] objArray10 = new object[] { ptr7 };
fasm2.AddLine("pushd [{0}]", objArray10);
fasm2.AddLine("retn");
byte[] buffer10 = fasm2.Assemble();
fasm2.Clear();
allocatedMemory_0.WriteBytes(offsetInBytes, buffer10);
ptr2 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += buffer10.Length;
byte_3 = new byte[5];
byte_3[0] = 0xe9;
byte[] buffer11 = BitConverter.GetBytes((int)((ptr2.ToInt32() - intptr_3.ToInt32()) - 5));
for (int m = 0; m < buffer11.Length; m++)
{
byte_3[m + 1] = buffer11[m];
}
memory.Patches.Create(intptr_3, byte_3, "ProcessHookManager_GetCursorPos");
byte[] buffer12 = new byte[12];
buffer12[8] = 1;
allocatedMemory_0.WriteBytes(offsetInBytes, buffer12);
IntPtr ptr9 = allocatedMemory_0.Address + offsetInBytes;
int_4 = offsetInBytes;
offsetInBytes += 4;
int_5 = offsetInBytes;
offsetInBytes += 4;
int_6 = offsetInBytes;
offsetInBytes += 4;
byte[] buffer13 = new byte[12];
allocatedMemory_0.WriteBytes(offsetInBytes, buffer13);
IntPtr ptr10 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
IntPtr ptr11 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
IntPtr ptr12 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += 4;
ManagedFasm fasm3 = memory.Asm;
fasm3.Clear();
fasm3.AddLine("pop eax");
object[] objArray11 = new object[] { ptr10 };
fasm3.AddLine("mov [{0}], eax", objArray11);
fasm3.AddLine("pop eax");
object[] objArray12 = new object[] { ptr11 };
fasm3.AddLine("mov [{0}], eax", objArray12);
fasm3.AddLine("pop eax");
object[] objArray13 = new object[] { ptr12 };
fasm3.AddLine("mov [{0}], eax", objArray13);
fasm3.AddLine("push ecx");
object[] objArray14 = new object[] { ptr9 };
fasm3.AddLine("mov ecx, {0}", objArray14);
fasm3.AddLine("mov ecx, [ecx]");
fasm3.AddLine("mov [eax], ecx");
fasm3.AddLine("add eax, 4");
object[] objArray15 = new object[] { ptr9 };
fasm3.AddLine("mov ecx, {0}", objArray15);
fasm3.AddLine("add ecx, 4");
fasm3.AddLine("mov ecx, [ecx]");
fasm3.AddLine("mov [eax], ecx");
object[] objArray16 = new object[] { ptr9 };
fasm3.AddLine("mov ecx, {0}", objArray16);
fasm3.AddLine("add ecx, 8");
fasm3.AddLine("mov eax, [ecx]");
fasm3.AddLine("pop ecx");
object[] objArray17 = new object[] { ptr10 };
fasm3.AddLine("pushd [{0}]", objArray17);
fasm3.AddLine("retn");
byte[] buffer14 = fasm3.Assemble();
fasm3.Clear();
allocatedMemory_0.WriteBytes(offsetInBytes, buffer14);
ptr2 = allocatedMemory_0.Address + offsetInBytes;
offsetInBytes += buffer14.Length;
byte_4 = new byte[5];
byte_4[0] = 0xe9;
byte[] buffer15 = BitConverter.GetBytes((int)((ptr2.ToInt32() - intptr_4.ToInt32()) - 5));
for (int n = 0; n < buffer15.Length; n++)
{
byte_4[n + 1] = buffer15[n];
}
memory.Patches.Create(intptr_4, byte_4, "ProcessHookManager_ScreenToClient");
smethod_2();
}
catch (Exception)
{
flag = true;
throw;
}
finally
{
if (flag && (allocatedMemory_0 != null))
{
allocatedMemory_0.Dispose();
allocatedMemory_0 = null;
}
}
}
