protected override Delegate InitializeDelegate() { GameSharpProcess process = GameSharpProcess.Instance; ModulePointer ntdll = process.Modules["ntdll.dll"]; IMemoryPointer ntQueryInformationProcessPtr = ntdll.GetProcAddress("NtQueryInformationProcess"); return(ntQueryInformationProcessPtr.ToDelegate <NtQueryInformationProcessDelegate>()); }
protected override Delegate InitializeDelegate() { IProcess process = GameSharpProcess.Instance; ModulePointer kernel32 = process.Modules["kernel32.dll"]; IMemoryPointer IsDebuggerPresentPtr = kernel32.GetProcAddress("IsDebuggerPresent"); return(IsDebuggerPresentPtr.ToDelegate <IsDebuggerPresentDelegate>()); }
public override Delegate GetHookDelegate() { GameSharpProcess process = GameSharpProcess.Instance; ModulePointer user32dll = process.Modules["user32.dll"]; IMemoryPointer messageBoxWPtr = user32dll.GetProcAddress("MessageBoxW"); return(messageBoxWPtr.ToDelegate <HookMessageBoxWDelegate>()); }
protected override Delegate InitializeDelegate() { GameSharpProcess process = GameSharpProcess.Instance; ModulePointer user32dll = process.Modules["user32.dll"]; IMemoryPointer messageBoxWPtr = user32dll.GetProcAddress("MessageBoxW"); return(messageBoxWPtr.ToDelegate <MessageBoxWDelegate>()); }
private void ValidateDbgBreakPoint() { ModulePointer ntdll = Process.Modules["ntdll.dll"]; MemoryPointer dbgBreakPointPtr = ntdll.GetProcAddress("DbgBreakPoint"); byte dbgBreakPointByte = dbgBreakPointPtr.Read <byte>(); if (dbgBreakPointByte != 0xCC) { MemoryPatches.Add(new MemoryPatch(dbgBreakPointPtr, new byte[] { 0xCC })); } }
public ModulePointer LoadLibrary(string pathToDll, bool resolveReferences = true) { byte[] loadLibraryOpcodes = LoadLibraryHelper.LoadLibraryPayload(pathToDll); MemoryPointer allocatedMemory = AllocateManagedMemory(loadLibraryOpcodes.Length); if (Kernel32.WriteProcessMemory(Native.Handle, allocatedMemory.Address, loadLibraryOpcodes, loadLibraryOpcodes.Length, out IntPtr _)) { ModulePointer kernel32Module = Modules["kernel32.dll"]; MemoryPointer loadLibraryAddress; if (resolveReferences) { loadLibraryAddress = kernel32Module.GetProcAddress("LoadLibraryW"); } else { loadLibraryAddress = kernel32Module.GetProcAddress("LoadLibraryExW"); } if (loadLibraryAddress == null) { throw new Win32Exception($"Couldn't get proc address, error code: {Marshal.GetLastWin32Error()}."); } if (Kernel32.CreateRemoteThread(Native.Handle, IntPtr.Zero, 0, loadLibraryAddress.Address, allocatedMemory.Address, 0, IntPtr.Zero) == IntPtr.Zero) { throw new Win32Exception($"Couldn't create a remote thread, error code: {Marshal.GetLastWin32Error()}."); } } ModulePointer injectedModule; while (!Modules.TryGetValue(Path.GetFileName(pathToDll).ToLower(), out injectedModule)) { Thread.Sleep(1); } return(injectedModule); }
public HardwareBreakPoint(ModulePointer Pointer, BreakpointCondition Condition, int Length) { if (Condition == BreakpointCondition.Code) { Length = 1; } this.Pointer = Pointer; this.Condition = Condition; switch (Length) { case 1: this.Length = 0; break; case 2: this.Length = 1; break; case 4: this.Length = 3; break; case 8: this.Length = 2; break; default: throw new BreakPointException("Invalid length!"); } }
public void Call(ModulePointer Pointer, MagicConvention CallingConvention, params object[] Arguments) => Call(GetAddress(Pointer), CallingConvention, Arguments);
public void Write <T>(ModulePointer offs, T value) where T : struct { Write <T>(GetAddress(offs), value); }
public ValuePointer(ModulePointer Pointer) { this.Pointer = Pointer; }
public FunctionPointer(ModulePointer Pointer, MagicConvention CallingConvention) { this.Pointer = Pointer; this.CallingConvention = CallingConvention; }
public CodeBreakpoint(ModulePointer Pointer) : base(Pointer, BreakpointCondition.Code, 1) { }
public void Call(ModulePointer offs, MagicConvention cv, params object[] args) { Call(GetAddress(offs), cv, args); }
public T Call <T>(ModulePointer offs, MagicConvention cv, params object[] args) where T : struct { return(Call <T>(GetAddress(offs), cv, args)); }
/// <summary> /// Initializes a new instance of the <see cref="MemoryScanner" /> class. /// </summary> /// <param name="module"><see cref="ProcessModule"/> which we are going to scan.</param> public MemoryScanner(ModulePointer module) { ModuleBase = module.MemoryPointer; Bytes = ModuleBase.Read(module.Size); }
public IntPtr GetAddress(ModulePointer offs) { return(GetModuleAddress(offs.ModuleName).Add(offs.Offset)); }
public IntPtr GetAddress(ModulePointer Pointer) => GetModuleAddress(Pointer.ModuleName).Add(Pointer.Offset);
public T Read <T>(ModulePointer offs) where T : struct { return(Read <T>(GetAddress(offs))); }
public T Call <T>(ModulePointer Pointer, MagicConvention CallingConvention, params object[] Arguments) where T : struct => Call <T>(GetAddress(Pointer), CallingConvention, Arguments);
public void Write <T>(ModulePointer Pointer, T Value) where T : struct => Write <T>(GetAddress(Pointer), Value);
public T Read <T>(ModulePointer Pointer) where T : struct => Read <T>(GetAddress(Pointer));