| public ReadStringAscii ( bool AddToImageAddress, int pOffset, int pSize ) : string | ||
| AddToImageAddress | bool | |
| pOffset | int | |
| pSize | int | |
| return | string | |
private static void checkMemoryAddr(ProcessMemory Mem, int addr, string tomatch)
{
int size = tomatch.Length;
if (!Mem.CheckProcess())
{
Log.WriteLog("ERROR: Failed to read memory. addr=0x0" + String.Format("{0:X}", addr) + " size=" + size + " tomatch=" + tomatch);
}
string memoryval = Mem.ReadStringAscii(addr, size);
if (!memoryval.Equals(tomatch))
{
Log.WriteLog("Memory modification detected!");
Log.WriteLog("Address: 0x0" + String.Format("{0:X}", addr) + ", Size: " + size + ", Should contain: " + tomatch);
Log.WriteLog("Contains: " + memoryval);
Log.WriteLog(" ");
g_iCleanGame++;
}
}
public static void checkGame(int gameId, string gamePath)
{
try {
// If we didn't start SA-MP, return.
if(gameId != 4039) return;
// Initiatre our ProcessMemory objects for address checking
ProcessMemory Mem = new ProcessMemory("gta_sa");
ProcessMemory Mem2 = new ProcessMemory("samp");
// if GTASA and sa-mp browser are started then
if(Mem != null && Mem2 != null) {
do {
if(!Mem2.CheckProcess()) {
// SA-MP browser is closed, end our checking.
whenGameStopped(4039);
return;
}
Thread.Sleep(5000);
// Wait for GTA SA to be launched. (only sa-mp server browser is open at this time.)
} while(!Mem.CheckProcess());
}
#if !debug
try {
if(File.Exists(g_szLogFilePath) && !File.Exists(g_szLogFilePath + "123")) {
if(Cryptology.DecryptFile(g_szLogFilePath, g_szLogFilePath + "123", "password removed for public src release")) {
if(File.Exists(g_szLogFilePath)) {
File.Delete(g_szLogFilePath);
}
}
}
} catch(Exception) { }
#endif
string file = "";
// Remove samp.exe from our path, so we can get the GTA directory, might cause problems if for some reason players have "samp.exe" in the path
file = gamePath.Replace("samp.exe", "");
g_szWireGamePath = file;
string path = "";
// check what the registry says about the GTA Directory.
var path2 = Registry.GetValue("HKEY_CURRENT_USER\\Software\\SAMP", "gta_sa_exe", "");
// NOTE: if path2 is null, then there are 3 things that could be true, either sa-mp isn't installed, the Registry is disabled, or a firewall blocked it
if(path2 != null) {
path = path2.ToString();
// check if the path is valid.
if(path.Length > 3) {
// Remove "gta_sa.exe" from our file path.
if(path.LastIndexOf("\\") > 0) {
int index = path.LastIndexOf("\\");
path = path.Substring(0, index + 1);
}
// the sa-mp.exe launch path doesn't match the one found in registry, the one in registry is the one actually used by the SA-MP browser, so ignore ESL Wire path.
if(!path.Equals(file)) {
file = path;
Log.WriteLog(" -> Warning: game path from ESL Wire doesn't match SA-MP GTA Path from registry, checking registry path and ignoring ESL Wire path");
Log.WriteLog(" ESL Wire Path: " + gamePath);
Log.WriteLog(" Path in registry: " + file);
Log.WriteLog(" ");
}
}
}
int bAddr = -1;
do {
Process[] p = Process.GetProcessesByName("gta_sa");
int idx = 0;
// hopefully there is only 1 gta_sa.exe started!
foreach(Process proc in p) {
idx++;
if(proc != null) {
// weird restart loop incase getting process filename fails below.
// if it fails it will usually work the 2nd time, and if not the 2nd time, the 3rd.
// if not the 3rd, then the 4th, if not the 4th, then etc..
bool restart = false;
do {
restart = false;
try {
string s = Misc.getProcessPath(proc);
if(File.Exists(s)) {
path = s;
}
} catch(Exception e) {
Log.WriteLog(e.ToString());
try {
if(File.Exists(proc.MainModule.FileName)) {
path = proc.MainModule.FileName;
}
} catch(Exception ee) {
// really now?
Log.WriteLog(ee.ToString());
restart = true;
Thread.Sleep(500);
}
}
} while(restart);
// Get the directory path, remove gta_sa.exe.
if(path.Length > 3) {
if(path.LastIndexOf("\\") > 0) {
int index = path.LastIndexOf("\\");
path = path.Substring(0, index + 1);
}
}
g_bGTASAStarted = true;
Log.WriteLog("gta_sa.exe launched from: " + path2);
Log.WriteLog(" ");
g_szGTASaPath = path;
do {
restart = false;
try {
// get base address for samp.dll
bAddr = Modules.GetModuleBaseAddress(proc, "samp.dll");
} catch(Exception e) {
restart = true;
Log.WriteLog("Getting samp.dll offset error:");
Log.WriteLog(e.ToString());
Thread.Sleep(500);
}
}
while(restart);
}
// it's ok, we've prepared for more than 1 gta.
if(idx > 1) {
proc.Kill();
g_bGTASAStarted = false;
}
}
Thread.Sleep(500);
} while(!g_bGTASAStarted);
g_bGTASAStarted = true;
g_iCleanGame = 0;
// samp.dll +
/*
* 0x20D77D - ip
* 0x20D87E - port
* 0x20D97F - name
*
* (it'd be better to just read command line, and would be compatable with all sa-mp versions then, these are 0.3e addresses.)
* */
if(Mem.StartProcess()) {
// get connected server IP and player name.
string ip = Mem.ReadStringAscii(bAddr + 0x020D77D, 30);
string port = Mem.ReadStringAscii(bAddr + 0x020D87E, 10);
string name = Mem.ReadStringAscii(bAddr + 0x020D97F, 24);
Log.WriteLog("Connected Server: " + ip + ":" + port + " as " + name);
Log.WriteLog("Attempting to Query server...");
// get time stamp to calculate our ping.
DateTime p = DateTime.Now;
bool restart = false;
do {
restart = false;
try {
// use sa-mp server query mechanism
Query sQuery = new Query(ip, int.Parse(port));
sQuery.Send('i');
int count = sQuery.Recieve();
string[] info = sQuery.Store(count);
DateTime pp = DateTime.Now;
TimeSpan ts = pp - p;
Log.WriteLog("Successfully contacted server. (ping: " + ts.Milliseconds + ")");
Log.WriteLog("Hostname: " + info[3]);
Log.WriteLog("Gamemode: " + info[4]);
Log.WriteLog("Players: " + info[1]);
Log.WriteLog(" ");
sQuery.Send('d');
count = sQuery.Recieve();
info = sQuery.Store(count);
int i = 0;
for(int j = 0; j < info.Length-2; ++j) {
// still don't understand how this works, but it does!
if(i == 0) {
Log.WriteLog("PlayerID: " + info[j] + " || PlayerName: " + info[j+1]);
}
i++;
if(i == 4) i = 0;
}
Log.WriteLog(" ");
} catch(System.IndexOutOfRangeException) {
Log.WriteLog("** Failed to get player list.");
} catch(System.FormatException) {
Log.WriteLog("Failed to contact SA-MP server");
Log.WriteLog("** Game not initialized, retrying...");
restart = true;
Thread.Sleep(1000);
} catch(Exception e) {
Log.WriteLog("Failed to contact SA-MP server - " + ip + ":" + port + " as " + name);
Log.WriteLog(e.ToString());
}
} while(restart);
}
// Check game integrity
checkGameFiles( g_szGTASaPath );
// check some memory addresses to make sure the file path for the data files hasn't been changed.
Memory.VerifySomeMemoryStuff();
// Show results.
Log.WriteLog("Strange files in GTA SA Path: ");
Log.WriteLog(" ");
// paste all files in GTA SA path that aren't part of the original game.
gtadir(g_szGTASaPath);
Log.WriteLog(" ");
if(g_iCleanGame == 0) {
Log.WriteLog("VERDICT: Game is clean!");
} else {
if(g_iCleanGame > 1) {
Log.WriteLog("VERDICT: Detected " + g_iCleanGame + " inconsistencies");
} else {
Log.WriteLog("VERDICT: Detected " + g_iCleanGame + " inconsistency");
}
}
Log.WriteLog(" ");
// check again in 15 minutes
aTimer.Enabled = true;
//#if !debug
// encrypt our log file and delete the original .txt we where writing plain text too.
if(File.Exists(g_szLogFilePath + "123") && !File.Exists(g_szLogFilePath)) {
g_szLogFileMD5 = MD5file(g_szLogFilePath + "123");
if(Cryptology.EncryptFile(g_szLogFilePath + "123", g_szLogFilePath, "password removed for public src release")) {
if(File.Exists(g_szLogFilePath + "123")) {
File.Delete(g_szLogFilePath + "123");
}
}
}
//#endif
return;
} catch(Exception e) { Log.WriteLog(e.ToString()); }
}
private static void checkMemoryAddr(ProcessMemory Mem, int addr, string tomatch)
{
int size = tomatch.Length;
if(!Mem.CheckProcess()) {
Log.WriteLog("ERROR: Failed to read memory. addr=0x0" + String.Format("{0:X}", addr) + " size=" + size + " tomatch=" + tomatch);
}
string memoryval = Mem.ReadStringAscii(addr, size);
if(!memoryval.Equals(tomatch)) {
Log.WriteLog("Memory modification detected!");
Log.WriteLog("Address: 0x0" + String.Format("{0:X}", addr) + ", Size: " + size + ", Should contain: " + tomatch);
Log.WriteLog("Contains: " + memoryval);
Log.WriteLog(" ");
g_iCleanGame++;
}
}