コード例 #1
0
        public static ReadMemoryResults ReadMemory()
        {
            ReadMemoryResults results = null;
            SYSTEM_INFO       sys_info;

            GetSystemInfo(out sys_info);

            IntPtr proc_min_address = sys_info.minimumApplicationAddress;
            IntPtr proc_max_address = sys_info.maximumApplicationAddress;

            long proc_min_address_l = (long)proc_min_address;
            long proc_max_address_l = (long)proc_max_address;

            Process[] processes = ProcessManager.GetTibiaProcesses();
            if (processes == null || processes.Length == 0)
            {
                return(null);
            }

            results     = new ReadMemoryResults();
            flashClient = ProcessManager.IsFlashClient();
            Dictionary <int, HashSet <long> > newWhitelistedAddresses = null;

            Interlocked.Exchange(ref newWhitelistedAddresses, whiteListedAddresses);
            foreach (Process process in processes)
            {
                HashSet <long> whitelist;
                if (!newWhitelistedAddresses.TryGetValue(process.Id, out whitelist))
                {
                    continue;
                }

                IntPtr processHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_WM_READ, false, process.Id);

                int bytesRead = 0;  // number of bytes read with ReadProcessMemory
                foreach (long addr in whitelist)
                {
                    proc_min_address = new IntPtr(addr);

                    MEMORY_BASIC_INFORMATION mem_basic_info;
                    VirtualQueryEx(processHandle, proc_min_address, out mem_basic_info, 28);

                    if (mem_basic_info.Protect == PAGE_READWRITE && mem_basic_info.State == MEM_COMMIT)
                    {
                        if (memoryBuffer == null || memoryBuffer.Length < mem_basic_info.RegionSize)
                        {
                            memoryBuffer = new byte[mem_basic_info.RegionSize];
                        }

                        // read everything in the buffer above
                        ReadProcessMemory((int)processHandle, mem_basic_info.BaseAddress, memoryBuffer, mem_basic_info.RegionSize, ref bytesRead);
                        // scan the memory for strings that start with timestamps and end with the null terminator ('\0')
                        IEnumerable <string> timestampLines;
                        if (!flashClient)
                        {
                            timestampLines = Parser.FindTimestamps(memoryBuffer, bytesRead);
                        }
                        else
                        {
                            timestampLines = Parser.FindTimestampsFlash(memoryBuffer, bytesRead);
                        }

                        SearchChunk(timestampLines, results);
                    }
                }

                process.Dispose();
            }
            FinalCleanup(results);
            return(results);
        }
コード例 #2
0
ファイル: MainTab.cs プロジェクト: akalic/Tibialyzer
 private void detectFlashClientButton_Click(object sender, EventArgs e)
 {
     ProcessManager.DetectFlashClient();
 }
コード例 #3
0
        /// <summary>
        /// Scan the memory for any chunks that are missing from the whitelist table
        /// </summary>
        public static void ScanMissingChunks()
        {
            SYSTEM_INFO sys_info;

            GetSystemInfo(out sys_info);

            IntPtr proc_min_address = sys_info.minimumApplicationAddress;
            IntPtr proc_max_address = sys_info.maximumApplicationAddress;

            long proc_min_address_l = (long)proc_min_address;
            long proc_max_address_l = (long)proc_max_address;

            long sys_min_address_l = (long)proc_min_address;

            Process[] processes = ProcessManager.GetTibiaProcesses();
            if (processes == null || processes.Length == 0)
            {
                return;
            }
            flashClient = ProcessManager.IsFlashClient();
            var newWhitelistedAddresses = whiteListedAddresses.ToDictionary(x => x.Key, x => new HashSet <long>(x.Value));

            foreach (Process process in processes)
            {
                HashSet <long> whitelist;
                if (!newWhitelistedAddresses.TryGetValue(process.Id, out whitelist))
                {
                    whitelist = new HashSet <long>();
                    newWhitelistedAddresses[process.Id] = whitelist;
                }

                proc_min_address_l = sys_min_address_l;

                IntPtr processHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_WM_READ, false, process.Id);
                MEMORY_BASIC_INFORMATION mem_basic_info;
                List <int> stamps    = TimestampManager.getLatestStamps(3, ignoreStamp);
                int        bytesRead = 0; // number of bytes read with ReadProcessMemory

                try
                {
                    while (proc_min_address_l < proc_max_address_l)
                    {
                        proc_min_address = new IntPtr(proc_min_address_l);
                        // 28 = sizeof(MEMORY_BASIC_INFORMATION)
                        VirtualQueryEx(processHandle, proc_min_address, out mem_basic_info, 28);

                        long addr = (long)proc_min_address;
                        // check if this memory chunk is accessible
                        if (mem_basic_info.Protect == PAGE_READWRITE && mem_basic_info.State == MEM_COMMIT)
                        {
                            if (!whitelist.Contains(addr))
                            {
                                if (missingChunksBuffer == null || missingChunksBuffer.Length < mem_basic_info.RegionSize)
                                {
                                    missingChunksBuffer = new byte[mem_basic_info.RegionSize];
                                }

                                // read everything in the buffer above
                                ReadProcessMemory((int)processHandle, mem_basic_info.BaseAddress, missingChunksBuffer, mem_basic_info.RegionSize, ref bytesRead);
                                // scan the memory for strings that start with timestamps and end with the null terminator ('\0')
                                IEnumerable <string> timestampLines;
                                if (!flashClient)
                                {
                                    timestampLines = Parser.FindTimestamps(missingChunksBuffer, bytesRead);
                                    // if there are any timestamps found, add the address to the list of whitelisted addresses
                                    if (timestampLines.Any(x => stamps.Contains(TimestampManager.getStamp(int.Parse(x.Substring(0, 2)), int.Parse(x.Substring(3, 2))))))
                                    {
                                        whitelist.Add(addr);
                                    }
                                }
                                else
                                {
                                    if (Parser.HasAnyValidTimestampsFlash(missingChunksBuffer, bytesRead, stamps))
                                    {
                                        whitelist.Add(addr);
                                    }
                                }
                            }
                        }
                        // move to the next memory chunk
                        proc_min_address_l += mem_basic_info.RegionSize;
                    }
                }
                catch (Exception ex)
                {
                    Console.WriteLine(ex.Message);
                    return;
                }
            }

            Interlocked.Exchange(ref whiteListedAddresses, newWhitelistedAddresses);
        }
コード例 #4
0
        public static void ShowNotification(NotificationForm f, string command, string screenshot_path = "")
        {
            if (f == null)
            {
                return;
            }

            if (screenshot_path == "")
            {
                TibialyzerCommand cmd = new TibialyzerCommand(command);
                command_stack.Push(cmd);
                f.command = cmd;
            }
            f.Visible = false;
            int richX    = -1;
            int richY    = -1;
            int anchor   = 0;
            int duration = 5;
            int group    = 0;

            for (int it = 0; it < Constants.NotificationTypeObjects.Count; it++)
            {
                if (f.GetType() == Constants.NotificationTypeObjects[it])
                {
                    string settingObject = Constants.NotificationTypes[it].Replace(" ", "");
                    richX    = SettingsManager.getSettingInt(settingObject + "XOffset");
                    richY    = SettingsManager.getSettingInt(settingObject + "YOffset");
                    anchor   = SettingsManager.getSettingInt(settingObject + "Anchor");
                    duration = SettingsManager.getSettingInt(settingObject + "Duration");
                    group    = Math.Min(Math.Max(SettingsManager.getSettingInt(settingObject + "Group"), 0), 9);
                    break;
                }
            }
            f.notificationDuration = duration;
            f.LoadForm();
            if (screenshot_path != "")
            {
                Bitmap bitmap = new Bitmap(f.Width, f.Height);
                f.DrawToBitmap(bitmap, new Rectangle(0, 0, f.Width, f.Height));
                foreach (Control c in f.Controls)
                {
                    c.DrawToBitmap(bitmap, new Rectangle(new Point(Math.Min(Math.Max(c.Location.X, 0), f.Width), Math.Min(Math.Max(c.Location.Y, 0), f.Height)), c.Size));
                }
                bitmap.Save(screenshot_path);
                bitmap.Dispose();
                f.Dispose();
                return;
            }
            if (NotificationFormGroups[group] != null)
            {
                NotificationFormGroups[group].close();
            }
            int     position_x = 0, position_y = 0;
            Screen  screen;
            Process tibia_process = ProcessManager.GetTibiaProcess();

            if (tibia_process == null)
            {
                screen = Screen.FromControl(MainForm.mainForm);
            }
            else
            {
                screen = Screen.FromHandle(tibia_process.MainWindowHandle);
            }

            int xOffset = richX == -1 ? 30 : richX;
            int yOffset = richY == -1 ? 30 : richY;

            switch (anchor)
            {
            case 3:
                position_x = screen.WorkingArea.Right - xOffset - f.Width;
                position_y = screen.WorkingArea.Bottom - yOffset - f.Height;
                break;

            case 2:
                position_x = screen.WorkingArea.Left + xOffset;
                position_y = screen.WorkingArea.Bottom - yOffset - f.Height;
                break;

            case 1:
                position_x = screen.WorkingArea.Right - xOffset - f.Width;
                position_y = screen.WorkingArea.Top + yOffset;
                break;

            default:
                position_x = screen.WorkingArea.Left + xOffset;
                position_y = screen.WorkingArea.Top + yOffset;
                break;
            }

            f.StartPosition = FormStartPosition.Manual;
            f.SetDesktopLocation(position_x, position_y);
            f.TopMost = true;
            f.Show();
            NotificationFormGroups[group] = f;
        }