private void FM_DemonWar_Load(object sender, EventArgs e)
{
bool IsProcess = SetPrivilege(); //获得内存操作权限
if (IsProcess)
{
War.GameName = "Warcraft III";
War.ProcessName = "War3";
War.DllName = "game.dll";
War.State = "未运行";
War.GamaValue = 0.1;
War.CallForm = new War.callForm(AutoStart);
War.HWnd = Api.FindWindow(War.GameName, War.GameName);
if (War.HWnd != IntPtr.Zero)
{
War.BaseAddre = WriteMemory.GetDllAddre(War.ProcessName, War.DllName);
//War.Version = GetWarVersion.GetVersion(War.ProcessName, War.DllName);
//string WarPath = GetWarVersion.GetUrPath(War.ProcessName);
//War.Path = WarPath.Substring(0, WarPath.LastIndexOf("\\"));
//War.PId = WriteMemory.GetPidByProcessName(War.ProcessName);
}
LoadConfig(); //加载配置
TM_State.Enabled = true; //打开计时器
}
else
{
MessageBox.Show("取权失败", "提示", MessageBoxButtons.OK, MessageBoxIcon.Stop);
}
}
//提权
public static bool SetPrivilege()
{
TOKEN_PRIVILEGES tmpKP = new TOKEN_PRIVILEGES();
tmpKP.PrivilegeCount = 1;
LUID_AND_ATTRIBUTES[] LAA = new LUID_AND_ATTRIBUTES[1];
LAA[0] = new LUID_AND_ATTRIBUTES(0, SE_PRIVILEGE_ENABLED);
tmpKP.Privileges = LAA;
bool retVal = false;
IntPtr hdlProcessHandle = IntPtr.Zero;
IntPtr hdlTokenHandle = IntPtr.Zero;
try
{
hdlProcessHandle = GetCurrentProcess();
retVal = OpenProcessToken(hdlProcessHandle, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref hdlTokenHandle);
retVal = LookupPrivilegeValue(null, SE_PRIVILEGE_NAMETEXT, ref tmpKP.Privileges[0].Luid);
retVal = AdjustTokenPrivileges(hdlTokenHandle, false, ref tmpKP, 0, IntPtr.Zero, IntPtr.Zero);
}
finally
{
WriteMemory.CloseHandle(hdlProcessHandle);
WriteMemory.CloseHandle(hdlTokenHandle);
}
return(retVal);
}
private void CB_ShowHp_CheckedChanged(object sender, EventArgs e)
{
if (War.HWnd != IntPtr.Zero)
{
if (CB_ShowHp.Checked)
{
switch (War.Version)
{
case "1.20E": WriteMemory.patch(0x17F141, "x75"); break;
}
}
}
}
private void CB_PassAH_CheckedChanged(object sender, EventArgs e)
{
if (War.HWnd != IntPtr.Zero)
{
if (CB_PassAH.Checked)
{
switch (War.Version)
{
case "1.20E": WriteMemory.PassAH120E(); break;
case "1.24E": WriteMemory.PassAH124E(); break;
case "1.24B": WriteMemory.PassAH124B(); break;
}
}
}
}
private void CB_DisplayInvisible_CheckedChanged(object sender, EventArgs e)
{
if (War.HWnd != IntPtr.Zero)
{
if (CB_DisplayInvisible.Checked)
{
switch (War.Version)
{
case "1.20E": WriteMemory.DisplayInvisible120E(); break;
case "1.24E": WriteMemory.DisplayInvisible124E(); break;
case "1.24B": WriteMemory.DisplayInvisible124B(); break;
}
}
}
}
private void CK_OpenFullFigure_CheckedChanged(object sender, EventArgs e)
{
if (War.HWnd != IntPtr.Zero)
{
if (CK_OpenFullFigure.Checked)
{
switch (War.Version)
{
case "1.20E": WriteMemory.SetWriteMemoryOneTwoE(); break;
case "1.24E": WriteMemory.SetWriteMemoryOneFourE(); break;
case "1.24B": WriteMemory.SetWriteMemoryOneFourB(); break;
}
//前置窗体
SetForegroundWindow(War.HWnd);
}
}
}
public static bool inject(byte[] fileByte, string proName, string path, string dllname)
{
const UInt32 INFINITE = 0xFFFFFFFF;
const Int32 PAGE_EXECUTE_READWRITE = 0x40;
const Int32 MEM_COMMIT = 0x1000;
const Int32 MEM_RESERVE = 0x2000;
Int32 AllocBaseAddress;
string dllPath = path + "\\" + dllname;
if (!System.IO.File.Exists(dllPath))
{
FileManage.FileCreate(fileByte, path, dllname);
}
Process[] process = Process.GetProcessesByName(proName);
IntPtr hWnd = process[0].Handle;
int umstrcnt = Encoding.Default.GetByteCount(dllPath);
AllocBaseAddress = VirtualAllocEx(hWnd, 0, umstrcnt, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
IntPtr AddrWM = Marshal.StringToHGlobalAnsi(dllPath);
int readSize;
bool isWrite = WriteMemory.WriteProcessMemory(hWnd, AllocBaseAddress, (int)AddrWM, umstrcnt, out readSize);
Marshal.FreeHGlobal(AddrWM);
int loadaddr = GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
IntPtr ThreadHwnd = (IntPtr)CreateRemoteThread(hWnd, 0, 0, loadaddr, AllocBaseAddress, 0, 0);
WaitForSingleObject(ThreadHwnd, INFINITE);
return(true);
}
/// <summary>是否在聊天
///
/// </summary>
/// <returns></returns>
public bool IsChatByVersion(string version)
{
int address = 0;
if ("1.20E".Equals(version) || "1.21".Equals(version))
{
address = 0x45CB8C;
}
else if ("1.24E".Equals(version) || "1.24B".Equals(version))
{
address = 0xAE8450;
}
int isChat = WriteMemory.ReadMemoryValueINT(address, War.ProcessName);
if (isChat == 0)
{
return(false);
}
else
{
return(true);
}
}
public static bool ManaStart(string dllname, bool isMana)
{
bool IsHaveFun = true;
IntPtr Handle = (IntPtr)0;
string filePath = "";
int baseaddress;
int temp = 0;
int Kernddr;
int yan;
bool ManaState = true;
int dlllength;
dlllength = dllname.Length + 1;
Process[] process = Process.GetProcessesByName(War.ProcessName);
Handle = process[0].Handle;
filePath = War.Path;
baseaddress = VirtualAllocEx(Handle, 0, dlllength, 4096, 4); //申请内存空间
WriteMemory.WriteProcessMemory(Handle, baseaddress, dllname, dlllength, temp); //写内存
Kernddr = GetProcAddress(GetModuleHandleA("Kernel32"), "LoadLibraryA"); //取得loadlibarary在kernek32.dll地址
yan = CreateRemoteThread(Handle, 0, 0, Kernddr, baseaddress, 0, temp); //创建远程线程。
if (yan != 0)
{
ManaState = true;
}
if (ManaState && isMana)
{
byte[] manaByte = WjeWar.Properties.Resources.mana;
if (!System.IO.File.Exists(filePath + "\\" + dllname))
{
System.IO.FileStream fs = new System.IO.FileStream(filePath + "\\" + dllname, System.IO.FileMode.Create, System.IO.FileAccess.ReadWrite);
fs.Write(manaByte, 0, manaByte.Length);
fs.Flush();
fs.Close();
}
IntPtr ManaDll = LoadLibrary(filePath + "\\" + dllname);
if (ManaDll != IntPtr.Zero)
{
IntPtr api = GetProcAddress(ManaDll, "HaveFun");
try
{
HaveFun HaveFun = (HaveFun)(Delegate)Marshal.GetDelegateForFunctionPointer(api, typeof(HaveFun));
IsHaveFun = HaveFun();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message.ToString());
}
}
}
return(IsHaveFun);
}