protected override Delegate InitializeDelegate()
{
GameSharpProcess process = GameSharpProcess.Instance;
ModulePointer ntdll = process.Modules["ntdll.dll"];
IMemoryPointer ntQueryInformationProcessPtr = ntdll.GetProcAddress("NtQueryInformationProcess");
return(ntQueryInformationProcessPtr.ToDelegate <NtQueryInformationProcessDelegate>());
}
protected override Delegate InitializeDelegate()
{
IProcess process = GameSharpProcess.Instance;
ModulePointer kernel32 = process.Modules["kernel32.dll"];
IMemoryPointer IsDebuggerPresentPtr = kernel32.GetProcAddress("IsDebuggerPresent");
return(IsDebuggerPresentPtr.ToDelegate <IsDebuggerPresentDelegate>());
}
protected override Delegate InitializeDelegate()
{
GameSharpProcess process = GameSharpProcess.Instance;
ModulePointer user32dll = process.Modules["user32.dll"];
IMemoryPointer messageBoxWPtr = user32dll.GetProcAddress("MessageBoxW");
return(messageBoxWPtr.ToDelegate <MessageBoxWDelegate>());
}
public override Delegate GetHookDelegate()
{
GameSharpProcess process = GameSharpProcess.Instance;
ModulePointer user32dll = process.Modules["user32.dll"];
IMemoryPointer messageBoxWPtr = user32dll.GetProcAddress("MessageBoxW");
return(messageBoxWPtr.ToDelegate <HookMessageBoxWDelegate>());
}
private void ValidateDbgBreakPoint()
{
ModulePointer ntdll = Process.Modules["ntdll.dll"];
MemoryPointer dbgBreakPointPtr = ntdll.GetProcAddress("DbgBreakPoint");
byte dbgBreakPointByte = dbgBreakPointPtr.Read <byte>();
if (dbgBreakPointByte != 0xCC)
{
MemoryPatches.Add(new MemoryPatch(dbgBreakPointPtr, new byte[] { 0xCC }));
}
}
public ModulePointer LoadLibrary(string pathToDll, bool resolveReferences = true)
{
byte[] loadLibraryOpcodes = LoadLibraryHelper.LoadLibraryPayload(pathToDll);
MemoryPointer allocatedMemory = AllocateManagedMemory(loadLibraryOpcodes.Length);
if (Kernel32.WriteProcessMemory(Native.Handle, allocatedMemory.Address, loadLibraryOpcodes, loadLibraryOpcodes.Length, out IntPtr _))
{
ModulePointer kernel32Module = Modules["kernel32.dll"];
MemoryPointer loadLibraryAddress;
if (resolveReferences)
{
loadLibraryAddress = kernel32Module.GetProcAddress("LoadLibraryW");
}
else
{
loadLibraryAddress = kernel32Module.GetProcAddress("LoadLibraryExW");
}
if (loadLibraryAddress == null)
{
throw new Win32Exception($"Couldn't get proc address, error code: {Marshal.GetLastWin32Error()}.");
}
if (Kernel32.CreateRemoteThread(Native.Handle, IntPtr.Zero, 0, loadLibraryAddress.Address, allocatedMemory.Address, 0, IntPtr.Zero) == IntPtr.Zero)
{
throw new Win32Exception($"Couldn't create a remote thread, error code: {Marshal.GetLastWin32Error()}.");
}
}
ModulePointer injectedModule;
while (!Modules.TryGetValue(Path.GetFileName(pathToDll).ToLower(), out injectedModule))
{
Thread.Sleep(1);
}
return(injectedModule);
}