public IntPtr Execute(IOperation operation, RemoteProcess process) { Contract.Requires(operation != null); Contract.Requires(process != null); if (operation is OffsetOperation offsetOperation) { return(offsetOperation.Value); } if (operation is ModuleOffsetOperation moduleOffsetOperation) { var module = process.GetModuleByName(moduleOffsetOperation.Name); if (module != null) { return(module.Start); } return(IntPtr.Zero); } if (operation is AdditionOperation additionOperation) { var addition = additionOperation; return(Execute(addition.Argument1, process).Add(Execute(addition.Argument2, process))); } if (operation is SubtractionOperation subtractionOperation) { var addition = subtractionOperation; return(Execute(addition.Argument1, process).Sub(Execute(addition.Argument2, process))); } if (operation is MultiplicationOperation multiplicationOperation) { var multiplication = multiplicationOperation; return(Execute(multiplication.Argument1, process).Mul(Execute(multiplication.Argument2, process))); } if (operation is DivisionOperation divisionOperation) { var division = divisionOperation; return(Execute(division.Dividend, process).Div(Execute(division.Divisor, process))); } if (operation is ReadPointerOperation pointerOperation) { return(process.ReadRemoteIntPtr(Execute(pointerOperation.Argument, process))); } throw new ArgumentException($"Unsupported operation '{operation.GetType().FullName}'."); }
/// <summary>Creates a new default class.</summary> public void CreateNewDefaultClass() { var node = ClassNode.Create(); node.AddBytes(64); var mainModule = remoteProcess.GetModuleByName(remoteProcess.UnderlayingProcess?.Name); if (mainModule != null) { node.Address = mainModule.Start; } classesView.SelectedClass = node; }
private void OnProcessAttached(RemoteProcess process) { process.UpdateProcessInformations(); resolver = null; var processName = Path.GetFileName(process.UnderlayingProcess.Path).ToLower(); var settings = Applications.FirstOrDefault(s => s.ProcessName == processName); if (settings != null) { var moduleName = string.IsNullOrEmpty(settings.PatternModule) ? settings.ProcessName : settings.PatternModule; var namesArrayPtr = PatternScanner.FindPattern( BytePattern.Parse(settings.Pattern), process, process.GetModuleByName(moduleName) ); if (!namesArrayPtr.IsNull()) { switch (settings.PatternMethod) { case PatternMethod.Direct: namesArrayPtr = process.ReadRemoteIntPtr(namesArrayPtr + settings.PatternOffset); break; case PatternMethod.Derefence: var temp = process.ReadRemoteIntPtr(namesArrayPtr + settings.PatternOffset); namesArrayPtr = process.ReadRemoteIntPtr(temp); break; } if (namesArrayPtr.MayBeValid()) { switch (settings.Version) { case UnrealEngineVersion.UE1: resolver = new UnrealEngine1NameResolver(process, new UnrealEngine1Config(settings) { GlobalArrayPtr = namesArrayPtr }); break; case UnrealEngineVersion.UE2: resolver = new UnrealEngine2NameResolver(process, new UnrealEngine2Config(settings) { GlobalArrayPtr = namesArrayPtr }); break; case UnrealEngineVersion.UE3: resolver = new UnrealEngine3NameResolver(process, new UnrealEngine3Config(settings) { GlobalArrayPtr = namesArrayPtr }); break; case UnrealEngineVersion.UE4: resolver = new UnrealEngine4NameResolver(process, new UnrealEngine4Config(settings) { GlobalArrayPtr = namesArrayPtr }); break; default: throw new ArgumentOutOfRangeException(); } } } } }
/// <summary> /// Called when [process attached]. /// </summary> /// <param name="sender">The process instance.</param> void OnProcessAttached(RemoteProcess sender) { sender.UpdateProcessInformations(); var mainModule = sender.GetModuleByName(sender.UnderlayingProcess.Name); if (mainModule is null) { return; } dynamic gnames = null; switch (sender.UnderlayingProcess.Name) { case "RocketLeague.exe": { Game = GameType.RocketLeague; var namesPtr = PatternScanner.Search(sender, mainModule, "E8 [....] 48 83 CF FF 45 85 FF", (bytes, address) => { address += BitConverter.ToInt32(bytes, address) + 0x4 + 0x2c; address += BitConverter.ToInt32(bytes, address + 0x3) + 0x7; return(address); }); if (namesPtr.IsNull()) { return; } gnames = sender.ReadRemoteObject <RocketLeague.GNames>(namesPtr); break; } case "KFGame.exe": { Game = GameType.KillingFloor2; var namesPtr = PatternScanner.Search(sender, mainModule, "E8 [....] 48 83 CB FF 45 85 F6", (bytes, address) => { address += BitConverter.ToInt32(bytes, address) + 0x4 + 0x7a; address += BitConverter.ToInt32(bytes, address + 0x3) + 0x7; return(address); }); if (namesPtr.IsNull()) { return; } gnames = sender.ReadRemoteObject <KillingFloor2.GNames>(namesPtr); break; } default: Terminate(); return; } if (gnames.Names.Num is 0) { return; } NameDump.Clear(); for (var i = 0; i < gnames.Names.Num; i++) { var nameEntry = gnames.Names.Read(sender, i, true); if (nameEntry.Name is null) { continue; } NameDump.Add(i, nameEntry.Name); } }