internal CK_SESSION_INFO(NativeWindows native) { slotID = native.slotID; state = native.state; flags = native.flags; ulDeviceError = native.ulDeviceError; }
internal CK_SLOT_INFO(NativeWindows native) { flags = native.flags; hardwareVersion = new CK_VERSION(native.hardwareVersion); firmwareVersion = new CK_VERSION(native.firmwareVersion); slotDescription = Library.Utf8ToString(native.slotDescription); manufacturerID = Library.Utf8ToString(native.manufacturerID); }
internal CK_INFO(NativeWindows native) { cryptokiVersion = new CK_VERSION(native.cryptokiVersion); flags = native.flags; libraryVersion = native.libraryVersion; libraryDescription = Library.Utf8ToString(native.libraryDescription); manufacturerID = Library.Utf8ToString(native.manufacturerID); }
public static bool SuspendThread(int threadId) { var threadHandle = NativeWindows.OpenThread(ThreadAccessFlags.SuspendResume, false, (uint)threadId); if (threadHandle != IntPtr.Zero) { return(NativeWindows.SuspendThread(threadHandle) != -1); } return(false); }
public bool RemapAndPatch(Dictionary <string, Tuple <long, byte[]> > patches) { var mbi = new MemoryBasicInformation(); if (NativeWindows.VirtualQueryEx(ProcessHandle, BaseAddress, out mbi, mbi.Size) != 0) { return(RemapAndPatch(mbi.BaseAddress, mbi.RegionSize.ToInt32(), patches)); } return(false); }
internal Native(CK_MECHANISM mech) { if (isWindows) { windows = new NativeWindows(mech); } else { unix = new NativeUnix(mech); } }
public void Write(IntPtr address, byte[] data, MemProtection newProtection = MemProtection.ExecuteReadWrite) { try { NativeWindows.VirtualProtectEx(ProcessHandle, address, (uint)data.Length, (uint)newProtection, out var oldProtect); NativeWindows.WriteProcessMemory(ProcessHandle, address, data, data.Length, out var written); NativeWindows.FlushInstructionCache(ProcessHandle, address, (uint)data.Length); NativeWindows.VirtualProtectEx(ProcessHandle, address, (uint)data.Length, oldProtect, out oldProtect); } catch (Exception ex) { Console.WriteLine(ex.Message); } }
/// Private functions. IntPtr ReadImageBaseFromPEB(IntPtr processHandle) { try { if (NativeWindows.NtQueryInformationProcess(processHandle, 0, ref peb, peb.Size, out int sizeInfoReturned) == NtStatus.Success) { return(Read(peb.PebBaseAddress.ToInt64() + 0x10)); } } catch (Exception ex) { Console.WriteLine(ex.Message); } return(IntPtr.Zero); }
public byte[] Read(IntPtr address, int size) { try { var buffer = new byte[size]; if (NativeWindows.ReadProcessMemory(ProcessHandle, address, buffer, size, out var dummy)) { return(buffer); } } catch (Exception ex) { Console.WriteLine(ex.Message); } return(null); }
public IntPtr Read(IntPtr address) { try { var buffer = new byte[IntPtr.Size]; if (NativeWindows.ReadProcessMemory(ProcessHandle, address, buffer, buffer.Length, out var dummy)) { return(buffer.ToIntPtr()); } } catch (Exception ex) { Console.WriteLine(ex.Message); } return(IntPtr.Zero); }
internal CK_TOKEN_INFO(NativeWindows native) { firmwareVersion = new CK_VERSION(native.firmwareVersion); flags = native.flags; hardwareVersion = new CK_VERSION(native.hardwareVersion); label = Library.Utf8ToString(native.label); manufacturerID = Library.Utf8ToString(native.manufacturerID); model = Library.Utf8ToString(native.model); serialNumber = Library.Utf8ToString(native.serialNumber); ulFreePrivateMemory = native.ulFreePrivateMemory; ulFreePublicMemory = native.ulFreePublicMemory; ulMaxPinLen = native.ulMaxPinLen; ulMaxRwSessionCount = native.ulMaxRwSessionCount; ulMaxSessionCount = native.ulMaxSessionCount; ulMinPinLen = native.ulMinPinLen; ulRwSessionCount = native.ulRwSessionCount; ulSessionCount = native.ulSessionCount; ulTotalPrivateMemory = native.ulTotalPrivateMemory; ulTotalPublicMemory = native.ulTotalPublicMemory; utcTime = Library.Utf8ToString(native.utcTime); }
public bool RemapAndPatch(IntPtr viewAddress, int viewSize, Dictionary <string, Tuple <long, byte[]> > patches) { // Suspend before remapping to prevent crashes. NativeWindows.NtSuspendProcess(ProcessHandle); Data = Read(viewAddress, viewSize); if (Data != null) { var newViewHandle = IntPtr.Zero; var maxSize = new LargeInteger { Quad = viewSize }; if (NativeWindows.NtCreateSection(ref newViewHandle, 0xF001F, IntPtr.Zero, ref maxSize, 0x40u, 0x8000000, IntPtr.Zero) == NtStatus.Success && NativeWindows.NtUnmapViewOfSection(ProcessHandle, viewAddress) == NtStatus.Success) { var viewBase = viewAddress; // Map the view with original protections. var result = NativeWindows.NtMapViewOfSection(newViewHandle, ProcessHandle, ref viewBase, IntPtr.Zero, (ulong)viewSize, out var viewOffset, out var newViewSize, 2, IntPtr.Zero, (int)MemProtection.ExecuteRead); if (result == NtStatus.Success) { // Apply our patches. foreach (var p in patches) { var address = p.Value.Item1; var patch = p.Value.Item2; // We are in a different section here. if (address > Data.Length) { if (address < BaseAddress.ToInt64()) { address += BaseAddress.ToInt64(); } Write(address, patch, MemProtection.ReadWrite); continue; } for (var i = 0; i < patch.Length; i++) { Data[address + i] = patch[i]; } } var viewBase2 = IntPtr.Zero; // Create a writable view to write our patches through to preserve the original protections. result = NativeWindows.NtMapViewOfSection(newViewHandle, ProcessHandle, ref viewBase2, IntPtr.Zero, (uint)viewSize, out var viewOffset2, out var newViewSize2, 2, IntPtr.Zero, (int)MemProtection.ReadWrite); if (result == NtStatus.Success) { // Write our patched data trough the writable view to the memory. if (NativeWindows.WriteProcessMemory(ProcessHandle, viewBase2, Data, viewSize, out var dummy)) { // Unmap them writeable view, it's not longer needed. NativeWindows.NtUnmapViewOfSection(ProcessHandle, viewBase2); var mbi = new MemoryBasicInformation(); // Check if the allocation protections is the right one. if (NativeWindows.VirtualQueryEx(ProcessHandle, BaseAddress, out mbi, mbi.Size) != 0 && mbi.AllocationProtect == MemProtection.ExecuteRead) { // Also check if we can change the page protection. if (!NativeWindows.VirtualProtectEx(ProcessHandle, BaseAddress, 0x4000, (uint)MemProtection.ReadWrite, out var oldProtect)) { NativeWindows.NtResumeProcess(ProcessHandle); } return(true); } } } } Console.WriteLine("Error while mapping the view with the given protection."); } } else { Console.WriteLine("Error while creating the view backup."); } NativeWindows.NtResumeProcess(ProcessHandle); return(false); }
internal CK_MECHANISM_INFO(NativeWindows native) { ulMinKeySize = native.ulMaxKeySize; ulMaxKeySize = native.ulMaxKeySize; flags = native.flags; }
private bool Start(string appPath) { var startupInfo = new StartupInfo(); var processInfo = new ProcessInformation(); try { Logger.Instance.WriteLine($"Starting WoW ....", LogLevel.Debug); // Start process with suspend flags. if (NativeWindows.CreateProcess(null, $"{appPath}", IntPtr.Zero, IntPtr.Zero, false, 4U, IntPtr.Zero, null, ref startupInfo, out processInfo)) { var memory = new WinMemory(processInfo.ProcessHandle); var modulusOffset = IntPtr.Zero; // Get RSA modulus offset from file. modulusOffset = File.ReadAllBytes(appPath).FindPattern(Patterns.Common.Modulus, memory.BaseAddress.ToInt64()).ToIntPtr(); var sectionOffset = memory.Read(modulusOffset, 0x2000).FindPattern(Patterns.Common.Modulus); modulusOffset = (modulusOffset.ToInt64() + sectionOffset).ToIntPtr(); // Be sure that the modulus is written before the client is initialized. while (memory.Read(modulusOffset, 1)[0] != Patches.Common.Modulus[0]) { memory.Write(modulusOffset, Patches.Common.Modulus); } // Resume the process to initialize it. NativeWindows.NtResumeProcess(processInfo.ProcessHandle); var mbi = new MemoryBasicInformation(); // Wait for the memory region to be initialized. while (NativeWindows.VirtualQueryEx(processInfo.ProcessHandle, memory.BaseAddress, out mbi, mbi.Size) == 0 || mbi.RegionSize.ToInt32() <= 0x1000) { } if (mbi.BaseAddress != IntPtr.Zero) { // Get the memory content. var binary = new byte[0]; // Wait for client initialization. var initOffset = memory?.Read(mbi.BaseAddress, mbi.RegionSize.ToInt32())?.FindPattern(Store.InitializePattern) ?? 0; while (initOffset == 0) { initOffset = memory?.Read(mbi.BaseAddress, mbi.RegionSize.ToInt32())?.FindPattern(Store.InitializePattern) ?? 0; Logger.Instance.WriteLine($"Waiting initialization ...", LogLevel.Debug); } initOffset += BitConverter.ToUInt32(memory.Read((long)initOffset + memory.BaseAddress.ToInt64() + 2, 4), 0) + 10; while (memory?.Read((long)initOffset + memory.BaseAddress.ToInt64(), 1)?[0] == null || memory?.Read((long)initOffset + memory.BaseAddress.ToInt64(), 1)?[0] == 0) { binary = memory.Read(mbi.BaseAddress, mbi.RegionSize.ToInt32()); } // Suspend the process and handle the patches. NativeWindows.NtSuspendProcess(processInfo.ProcessHandle); //! Re-read the memory region for each pattern search. var certBundleOffset = memory.Read(mbi.BaseAddress, mbi.RegionSize.ToInt32()).FindPattern(Store.CertificateBundle); var signatureOffset = memory.Read(mbi.BaseAddress, mbi.RegionSize.ToInt32()).FindPattern(Store.SignatureBundle); if (certBundleOffset == 0 || signatureOffset == 0) { Logger.Instance.WriteLine("Can't find all patterns.", LogLevel.Error); Logger.Instance.WriteLine($"CertBundle: {certBundleOffset == 0}", LogLevel.Error); Logger.Instance.WriteLine($"Signature: {signatureOffset == 0}", LogLevel.Error); } // Add the patches to the patch list. PatchList.Add("CertBundle", Tuple.Create(certBundleOffset, Store.CertificatePatch)); PatchList.Add("Signature", Tuple.Create(signatureOffset, Store.SignaturePatch)); NativeWindows.NtResumeProcess(processInfo.ProcessHandle); if (memory.RemapAndPatch(PatchList)) { Logger.Instance.WriteLine($"Executeable successfully patched!", LogLevel.Debug); binary = null; return(true); } else { binary = null; Logger.Instance.WriteLine("Error while launching the client.", LogLevel.Error); NativeWindows.TerminateProcess(processInfo.ProcessHandle, 0); return(false); } } } } catch (Exception ex) { Logger.Instance.WriteLine(ex.ToString(), LogLevel.Error); NativeWindows.TerminateProcess(processInfo.ProcessHandle, 0); return(false); } return(false); }
internal CK_VERSION(NativeWindows native) { major = native.major; minor = native.minor; }
static void StartWindows() { Process process = null; try { var startupInfo = new StartupInfo(); var processInfo = new ProcessInformation(); // App info var curDir = Directory.GetCurrentDirectory(); var appPath = ""; // Check for existing WoW binaries. if (File.Exists($"{ curDir}\\WoW-64.exe")) { appPath = $"{curDir}\\WoW-64.exe"; } else if (File.Exists($"{curDir}\\WoWT-64.exe")) { appPath = $"{curDir}\\WoWT-64.exe"; } else if (File.Exists($"{curDir}\\WoWB-64.exe")) { appPath = $"{curDir}\\WoWB-64.exe"; } if (!File.Exists(appPath)) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("Please copy the launcher to your WoW directory."); WaitAndExit(); } var baseDirectory = Path.GetDirectoryName(curDir); // Write the cert bundle. if (!File.Exists($"{curDir}/ca_bundle.txt.signed")) { File.WriteAllBytes($"{curDir}/ca_bundle.txt.signed", Convert.FromBase64String(Patches.Common.CertBundleData)); } Console.ForegroundColor = ConsoleColor.White; Console.WriteLine("Starting WoW client..."); if (NativeWindows.CreateProcess(appPath, $"-console -console", IntPtr.Zero, IntPtr.Zero, false, 4U, IntPtr.Zero, null, ref startupInfo, out processInfo)) { process = Process.GetProcessById((int)processInfo.ProcessId); // Wait for process initialization. while (process == null) { process = Process.GetProcessById((int)processInfo.ProcessId); } var memory = new Memory(process.Handle); // Get RSA modulus offset from file. var modulusOffset = File.ReadAllBytes(appPath).FindPattern(Patterns.Common.Modulus, memory.BaseAddress.ToInt64()).ToIntPtr(); var sectionOffset = memory.Read(modulusOffset, 0x2000).FindPattern(Patterns.Common.Modulus); modulusOffset = (modulusOffset.ToInt64() + sectionOffset).ToIntPtr(); // Be sure that the modulus is written before the client is initialized. while (memory.Read(modulusOffset, 1)[0] != Patches.Common.Modulus[0]) { memory.Write(modulusOffset, Patches.Common.Modulus); } Memory.ResumeThreads(process); var mbi = new MemoryBasicInformation(); // Wait for the memory region to be initialized. while (NativeWindows.VirtualQueryEx(process.Handle, memory.BaseAddress, out mbi, mbi.Size) == 0 || mbi.RegionSize.ToInt32() <= 0x1000) { } if (mbi.BaseAddress != IntPtr.Zero) { // Get the memory content. var binary = memory.Read(mbi.BaseAddress, mbi.RegionSize.ToInt32()); var initOffset = IntPtr.Zero; // Search while not initialized. while ((initOffset = binary.FindPattern(initPattern, memory.BaseAddress.ToInt64()).ToIntPtr()) == IntPtr.Zero) { binary = memory.Read(mbi.BaseAddress, mbi.RegionSize.ToInt32()); } // Re-read the memory region for each pattern search. var connectOffset = memory.Read(mbi.BaseAddress, mbi.RegionSize.ToInt32()).FindPattern(connectPattern, memory.BaseAddress.ToInt64()); var certBundleOffset = memory.Read(mbi.BaseAddress, mbi.RegionSize.ToInt32()).FindPattern(certBundlePattern, memory.BaseAddress.ToInt64()); var signatureOffset = memory.Read(mbi.BaseAddress, mbi.RegionSize.ToInt32()).FindPattern(signaturePattern, memory.BaseAddress.ToInt64()); if (initOffset == IntPtr.Zero || modulusOffset == IntPtr.Zero || connectOffset == 0 || certBundleOffset == 0 || signatureOffset == 0) { Console.WriteLine($"0x{initOffset.ToInt64():X}"); Console.WriteLine($"0x{modulusOffset.ToInt64():X}"); Console.WriteLine($"0x{connectOffset:X}"); Console.WriteLine($"0x{certBundleOffset:X}"); Console.WriteLine($"0x{signatureOffset:X}"); process.Dispose(); process.Kill(); WaitAndExit(); } if (memory.RemapViewBase()) { memory.Write(connectOffset, connectPatch); memory.Write(certBundleOffset, certBundlePatch); memory.Write(signatureOffset, signaturePatch); Console.WriteLine("Done :) "); Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("You can login now."); binary = null; WaitAndExit(); } else { binary = null; Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("Error while launching the client."); process.Dispose(); process.Kill(); WaitAndExit(); } } } } catch (Exception) { process?.Dispose(); process?.Kill(); WaitAndExit(); } }