예제 #1
0
        private void RenderFile()
        {
            FFmpeg.AVFormatContext context = pFormatCtx.Handle;
            for (int index = 0; index < context.nb_streams; index++)
            {
                NativeWrapper<FFmpeg.AVStream> stream = new NativeWrapper<FFmpeg.AVStream>(context.streams[index]);
                NativeWrapper<FFmpeg.AVCodecContext> codec = new NativeWrapper<FFmpeg.AVCodecContext>(stream.Handle.codec);
                FFmpeg.AVCodecContext codecContext = codec.Handle;
                if (codecContext.codec_type == FFmpeg.CodecType.CODEC_TYPE_AUDIO)
                {
                    audioDecoder = new AvDecoder(stream, codec, index);
                }
                else if (codecContext.codec_type == FFmpeg.CodecType.CODEC_TYPE_VIDEO)
                {
                    videoDecoder = new AvDecoder(stream, codec, index);

                }
            }
            fileReader = new FileReader(pFormatCtx);
            demux = new Demux(pFormatCtx);
            audioRender = new AudioRender();
            videoRender = new VideoRender();

            //connect pipe
            fileReader.ConnectTo(demux);
            demux.ConnectTo(audioDecoder);
            demux.ConnectTo(videoDecoder);
            audioDecoder.ConnectTo(audioRender);
            videoDecoder.ConnectTo(videoRender);

        }
예제 #2
0
 protected override void Triggered(NativeWrapper.NativeEnvironment env)
 {
     IsGSOLoaded = true;
     if (GSOLoaded != null)
     {
         GSOLoaded();
     }
 }
예제 #3
0
 public FFmpegBase(string fileName)
 {
     IntPtr context = IntPtr.Zero;
     int ret = FFmpeg.av_open_input_file(out context, fileName, IntPtr.Zero, 0, IntPtr.Zero);
     if (ret < 0)
         throw new InvalidOperationException("can not open input file");
     ret = FFmpeg.av_find_stream_info(context);
     if (ret < 0)
         throw new InvalidOperationException("can not find stream info");
     pFormatCtx = new NativeWrapper<FFmpeg.AVFormatContext>(context);
     RenderFile();
 }
예제 #4
0
 private void DoThreadWork()
 {
     while(true)
     {
         if( !threadWorking )
             return;
         IntPtr pPacket = Marshal.AllocHGlobal(Marshal.SizeOf(new FFmpeg.AVPacket()));
         NativeWrapper<FFmpeg.AVPacket> hPacket = new NativeWrapper<FFmpeg.AVPacket>(pPacket);
         if (FFmpeg.av_read_frame(pFormatCtx.Ptr, hPacket.Ptr) < 0)
             continue;
         PushToNext(hPacket);
     }
 }
 protected override void Triggered(NativeWrapper.NativeEnvironment env)
 {
     var pResult = env.GetParameterP(6);
     var ret = _Original(
         env.GetParameterP(0),
         env.GetParameterI(1),
         env.GetParameterI(2),
         env.GetParameterP(3),
         env.GetParameterI(4),
         env.GetParameterP(5),
         pResult);
     env.SetReturnValue((IntPtr)ret);
     Direct3DHelper.OnDeviceCreated(Marshal.ReadIntPtr(pResult));
 }
            protected override void Triggered(NativeWrapper.NativeEnvironment env)
            {
                var p0 = env.GetParameterP(0);
                var p1 = env.GetParameterP(1);
                var p2 = env.GetParameterI(2);
                var p3 = env.GetParameterP(3);
                var p4 = env.GetParameterP(4);

                var ret = _Original(p0, p1, p2, p3, p4);
                env.SetReturnValue(ret);

                if (p2 == 0x17)
                {
                    new InjectCreateDevice().InjectSelf(Marshal.ReadIntPtr(p4));
                }
            }
예제 #7
0
        public string Compile(string rawSass)
        {
            var inputContext = new NativeWrapper<sass_context>();

            try
            {
                inputContext.Value.input_string = rawSass.ToPointer();
                SassLibNative.sass_compile(inputContext.Pointer);
                inputContext.Refresh();

                return inputContext.Value.output_string.ToManagedString();
            }
            finally
            {
                inputContext.Dispose();
            }
        }
            protected override void Triggered(NativeWrapper.NativeEnvironment env)
            {
                System.Windows.Forms.MessageBox.Show("draw");
                var p0 = env.GetParameterP(0);
                var p1 = env.GetParameterI(1);
                var p2 = env.GetParameterI(2);
                var p3 = env.GetParameterP(3);
                var p4 = env.GetParameterI(4);

                Marshal.Copy(p3, _Buffer, 0, _Buffer.Length);
                for (int i = 0; i < 4; ++i)
                {
                    _Buffer[i * 7] += _OffsetX;
                    _Buffer[i * 7 + 1] += _OffsetY;
                }
                Marshal.Copy(_Buffer, 0, p3, _Buffer.Length);

                env.SetReturnValue(_Original(p0, p1, p2, p3, p4));
            }
예제 #9
0
 public void Close()
 {
     if (fileReader != null)
         fileReader.Close();
     if (demux != null)
         demux.Close();
     if (audioDecoder != null)
         audioDecoder.Close();
     if (videoDecoder != null)
         videoDecoder.Close();
     if (audioRender != null)
         audioRender.Close();
     if (videoRender != null)
         videoRender.Close();
     if (pFormatCtx != null)
     {
         FFmpeg.av_close_input_file(pFormatCtx.Ptr);
         pFormatCtx = null;
     }
 }
 protected override void Triggered(NativeWrapper.NativeEnvironment env)
 {
     var p0 = env.GetParameterP(0);
     var p1 = env.GetParameterP(1);
     var p2 = env.GetParameterI(2);
     var p3 = env.GetParameterI(3);
     var p4 = env.GetParameterP(4);
     var p5 = env.GetParameterP(5);
     var ret = _Original(p0, p1, p2, p3, p4, p5);
     env.SetReturnValue(ret);
     if (ret >= 0)
     {
         StringBuilder sb = new StringBuilder();
         for (int i = 0; i < ret; ++i)
         {
             sb.Append(Marshal.ReadByte(p1, i).ToString("X2"));
             sb.Append(' ');
         }
         _Form.Append("Recv", sb.ToString());
     }
 }
            public int GetHostInfo(NativeWrapper.DOCHOSTUIINFO info)
            {
                const int DOCHOSTUIFLAG_ENABLE_REDIRECT_NOTIFICATION = 0x4000000;
                const int DOCHOSTUIFLAG_NO3DOUTERBORDER = 0x0020000;
                const int DOCHOSTUIFLAG_DISABLE_SCRIPT_INACTIVE = 0x00000010;
                const int DOCHOSTUIFLAG_NOTHEME = 0x00080000;
                const int DOCHOSTUIFLAG_SCROLL_NO = 0x00000008;
                const int DOCHOSTUIFLAG_FLAT_SCROLLBAR = 0x00000080;
                const int DOCHOSTUIFLAG_THEME = 0x00040000;
                const int DOCHOSTUIFLAG_DPI_AWARE = 0x40000000;

                WebBrowser host = this.host;
                info.dwDoubleClick = 0;
                info.dwFlags = DOCHOSTUIFLAG_NO3DOUTERBORDER | DOCHOSTUIFLAG_DISABLE_SCRIPT_INACTIVE;

                if (NativeWrapper.NativeMethods.IsProcessDPIAware())
                {
                    info.dwFlags |= DOCHOSTUIFLAG_DPI_AWARE;
                }

                if (host.ScrollBarsEnabled)
                {
                    info.dwFlags |= DOCHOSTUIFLAG_FLAT_SCROLLBAR;
                }
                else
                {
                    info.dwFlags |= DOCHOSTUIFLAG_SCROLL_NO;
                }
                if (Application.RenderWithVisualStyles)
                {
                    info.dwFlags |= DOCHOSTUIFLAG_THEME;
                }
                else
                {
                    info.dwFlags |= DOCHOSTUIFLAG_NOTHEME;
                }

                info.dwFlags |= DOCHOSTUIFLAG_ENABLE_REDIRECT_NOTIFICATION;
                return S_OK;
            }
예제 #12
0
        public AvDecoder(NativeWrapper<FFmpeg.AVStream> stream, NativeWrapper<FFmpeg.AVCodecContext> codecCtx, int index)
        {
            streamIndex = index;
            pStream = stream;
            pCodecCtx = codecCtx;
            FFmpeg.AVCodecContext codecContext = codecCtx.Handle;
            IntPtr decoder = FFmpeg.avcodec_find_decoder(codecContext.codec_id);
            if (decoder != IntPtr.Zero)
            {
                pCodec = new NativeWrapper<FFmpeg.AVCodec>(decoder);
                if ((pCodec.Handle.capabilities & FFmpeg.CODEC_FLAG_TRUNCATED) != 0)
                {
                    codecContext.flags |= FFmpeg.CODEC_FLAG_TRUNCATED;
                    pCodecCtx.Handle = codecContext;
                }
            }
            else
                throw new InvalidOperationException("no such decoder");

            int ret = FFmpeg.avcodec_open(pCodecCtx.Ptr, pCodec.Ptr);
            if (ret < 0)
                throw new InvalidOperationException("no such decoder");
        }
            protected override void Triggered(NativeWrapper.NativeEnvironment env)
            {
                var pVM = env.GetRegister(Register.EAX);
                SquirrelVM = pVM;

                SquirrelFunctions.pushroottable(pVM);
                SquirrelFunctions.pushstring(pVM, "MY_TEST_NUMBER", -1);
                SquirrelFunctions.pushinteger(pVM, 123);
                SquirrelFunctions.newslot(pVM, -3, 0);
                SquirrelFunctions.pop(pVM, 1);

                //var list = new Dictionary<string, SquirrelFuncDelegate>(UnregisteredFunction);
                //UnregisteredFunction.Clear();
                //foreach (var entry in list)
                //{
                //    SquirrelHelper.RegisterGlobalFunction(entry.Key, entry.Value);
                //}

                if (OnSquirrelCreated != null)
                {
                    OnSquirrelCreated(pVM);
                    OnSquirrelCreated = null;
                }
            }
예제 #14
0
        internal object GetProviderListProperty(EventLogHandle providerHandle, UnsafeNativeMethods.EvtPublisherMetadataPropertyId metadataProperty)
        {
            EventLogHandle elHandle = EventLogHandle.Zero;

            try
            {
                UnsafeNativeMethods.EvtPublisherMetadataPropertyId propName;
                UnsafeNativeMethods.EvtPublisherMetadataPropertyId propValue;
                UnsafeNativeMethods.EvtPublisherMetadataPropertyId propMessageId;
                ObjectTypeName objectTypeName;

                List <EventLevel>   levelList   = null;
                List <EventOpcode>  opcodeList  = null;
                List <EventKeyword> keywordList = null;
                List <EventTask>    taskList    = null;

                elHandle = NativeWrapper.EvtGetPublisherMetadataPropertyHandle(providerHandle, metadataProperty);

                int arraySize = NativeWrapper.EvtGetObjectArraySize(elHandle);

                switch (metadataProperty)
                {
                case UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevels:
                    propName       = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevelName;
                    propValue      = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevelValue;
                    propMessageId  = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevelMessageID;
                    objectTypeName = ObjectTypeName.Level;
                    levelList      = new List <EventLevel>(arraySize);
                    break;

                case UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodes:
                    propName       = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodeName;
                    propValue      = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodeValue;
                    propMessageId  = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodeMessageID;
                    objectTypeName = ObjectTypeName.Opcode;
                    opcodeList     = new List <EventOpcode>(arraySize);
                    break;

                case UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywords:
                    propName       = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywordName;
                    propValue      = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywordValue;
                    propMessageId  = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywordMessageID;
                    objectTypeName = ObjectTypeName.Keyword;
                    keywordList    = new List <EventKeyword>(arraySize);
                    break;

                case UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTasks:
                    propName       = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskName;
                    propValue      = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskValue;
                    propMessageId  = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskMessageID;
                    objectTypeName = ObjectTypeName.Task;
                    taskList       = new List <EventTask>(arraySize);
                    break;

                default:
                    return(null);
                }
                for (int index = 0; index < arraySize; index++)
                {
                    string generalName = (string)NativeWrapper.EvtGetObjectArrayProperty(elHandle, index, (int)propName);

                    uint generalValue        = 0;
                    long generalValueKeyword = 0;
                    if (objectTypeName != ObjectTypeName.Keyword)
                    {
                        generalValue = (uint)NativeWrapper.EvtGetObjectArrayProperty(elHandle, index, (int)propValue);
                    }
                    else
                    {
                        generalValueKeyword = unchecked ((long)((ulong)NativeWrapper.EvtGetObjectArrayProperty(elHandle, index, (int)propValue)));
                    }

                    int generalMessageId = unchecked ((int)((uint)NativeWrapper.EvtGetObjectArrayProperty(elHandle, index, (int)propMessageId)));

                    string generalDisplayName = null;

                    if (generalMessageId == -1)
                    {
                        if (providerHandle != _defaultProviderHandle)
                        {
                            if (_defaultProviderHandle.IsInvalid)
                            {
                                _defaultProviderHandle = NativeWrapper.EvtOpenProviderMetadata(_session.Handle, null, null, 0, 0);
                            }

                            switch (objectTypeName)
                            {
                            case ObjectTypeName.Level:
                                generalDisplayName = FindStandardLevelDisplayName(generalName, generalValue);
                                break;

                            case ObjectTypeName.Opcode:
                                generalDisplayName = FindStandardOpcodeDisplayName(generalName, generalValue >> 16);
                                break;

                            case ObjectTypeName.Keyword:
                                generalDisplayName = FindStandardKeywordDisplayName(generalName, generalValueKeyword);
                                break;

                            case ObjectTypeName.Task:
                                generalDisplayName = FindStandardTaskDisplayName(generalName, generalValue);
                                break;

                            default:
                                generalDisplayName = null;
                                break;
                            }
                        }
                    }
                    else
                    {
                        generalDisplayName = NativeWrapper.EvtFormatMessage(providerHandle, unchecked ((uint)generalMessageId));
                    }

                    switch (objectTypeName)
                    {
                    case ObjectTypeName.Level:
                        levelList.Add(new EventLevel(generalName, (int)generalValue, generalDisplayName));
                        break;

                    case ObjectTypeName.Opcode:
                        opcodeList.Add(new EventOpcode(generalName, (int)(generalValue >> 16), generalDisplayName));
                        break;

                    case ObjectTypeName.Keyword:
                        keywordList.Add(new EventKeyword(generalName, (long)generalValueKeyword, generalDisplayName));
                        break;

                    case ObjectTypeName.Task:
                        Guid taskGuid = (Guid)NativeWrapper.EvtGetObjectArrayProperty(elHandle, index, (int)UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskEventGuid);
                        taskList.Add(new EventTask(generalName, (int)generalValue, generalDisplayName, taskGuid));
                        break;

                    default:
                        return(null);
                    }
                }

                switch (objectTypeName)
                {
                case ObjectTypeName.Level:
                    return(levelList);

                case ObjectTypeName.Opcode:
                    return(opcodeList);

                case ObjectTypeName.Keyword:
                    return(keywordList);

                case ObjectTypeName.Task:
                    return(taskList);
                }
                return(null);
            }
            finally
            {
                elHandle.Dispose();
            }
        }
예제 #15
0
            public int TranslateAccelerator(ref NativeWrapper.MSG msg, ref Guid group, int nCmdID)
            {
                if (msg.message != WM_CHAR)
                {
                    if (ModifierKeys == Keys.Shift || ModifierKeys == Keys.Alt || ModifierKeys == Keys.Control)
                    {
                        int num = ((int) msg.wParam) | (int) ModifierKeys;
                        Shortcut s = (Shortcut) num;
                        if (shortcutBlacklist.Contains(s))
                        {
                            return S_OK;
                        }
                    }
                }

                return S_FALSE;
            }
예제 #16
0
 public int GetDropTarget(NativeWrapper.IOleDropTarget pDropTarget, out NativeWrapper.IOleDropTarget ppDropTarget)
 {
     ppDropTarget = null;
     return S_OK;
 }
 protected override void Triggered(NativeWrapper.NativeEnvironment env)
 {
     var filename = Marshal.PtrToStringAnsi(env.GetParameterP(0));
     CompileFileInjectionManager.BeforeCompileFile(filename);
 }
예제 #18
0
        private AccountDump GetDump()
        {
            var process = IsRaidRunning();

            if (process == null)
            {
                return(null);
            }

            if (!CheckRaidVersion(process))
            {
                return(null);
            }

            var handle = NativeWrapper.OpenProcess(ProcessAccessFlags.Read, true, process.Id);

            try
            {
                var gameAssembly = GetRaidAssembly(process);

                var klass = IntPtr.Zero;
                NativeWrapper.ReadProcessMemory(handle, gameAssembly.BaseAddress + MemoryLocation, ref klass);

                var appModel = klass;
                NativeWrapper.ReadProcessMemory(handle, appModel + 0x18, ref appModel);
                NativeWrapper.ReadProcessMemory(handle, appModel + 0xC0, ref appModel);
                NativeWrapper.ReadProcessMemory(handle, appModel + 0x0, ref appModel);
                NativeWrapper.ReadProcessMemory(handle, appModel + 0xB8, ref appModel);
                NativeWrapper.ReadProcessMemory(handle, appModel + 0x8, ref appModel);

                var userWrapper = appModel;
                NativeWrapper.ReadProcessMemory(handle, userWrapper + 0x148, ref userWrapper); // AppModel._userWrapper

                var heroesWrapper = userWrapper;
                NativeWrapper.ReadProcessMemory(handle, heroesWrapper + 0x28, ref heroesWrapper); // UserWrapper.Heroes

                var artifactsPointer = heroesWrapper;
                NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x40, ref artifactsPointer); // HeroesWrapperReadOnly.ArtifactData
                NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x28, ref artifactsPointer); // UserArtifactData.Artifacts

                var artifactCount = 0;
                NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x18, ref artifactCount); // List<Artifact>.Count

                var pointers = new List <IntPtr>();
                if (artifactCount > 0)
                {
                    var arrayPointer = artifactsPointer;
                    NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x10, ref arrayPointer); // List<Artifact>._array

                    var ptrs = new IntPtr[artifactCount];
                    NativeWrapper.ReadProcessMemoryArray(handle, arrayPointer + 0x20, ptrs);
                    pointers.AddRange(ptrs);
                }

                if (artifactCount == 0)
                {
                    // This means it's in external storage instead which is in a concurrent dictionary (teh sucks)
                    NativeWrapper.ReadProcessMemory(handle, gameAssembly.BaseAddress + ExternalStorageAddress, ref klass);

                    var artifactStorageResolver = klass;
                    NativeWrapper.ReadProcessMemory(handle, artifactStorageResolver + 0xB8, ref artifactStorageResolver); // ArtifactStorageResolver-StaticFields
                    NativeWrapper.ReadProcessMemory(handle, artifactStorageResolver, ref artifactStorageResolver);        // ArtifactStorageResolver-StaticFields._implementation

                    var state = artifactStorageResolver;
                    NativeWrapper.ReadProcessMemory(handle, state + 0x10, ref state); // ExternalArtifactsStorage._state

                    artifactsPointer = state;
                    NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x18, ref artifactsPointer); // _state._artifacts

                    var buckets = artifactsPointer;
                    NativeWrapper.ReadProcessMemory(handle, buckets + 0x10, ref buckets); // ConcurrentDictionary._tables
                    NativeWrapper.ReadProcessMemory(handle, buckets + 0x10, ref buckets); // _tables._buckets

                    var bucketCount = 0;
                    NativeWrapper.ReadProcessMemory(handle, buckets + 0x18, ref bucketCount);

                    var nodes = new IntPtr[bucketCount];
                    if (bucketCount > 0)
                    {
                        NativeWrapper.ReadProcessMemoryArray(handle, buckets + 0x20, nodes);
                    }

                    for (var i = 0; i < nodes.Length; i++)
                    {
                        var node = nodes[i];
                        while (node != IntPtr.Zero)
                        {
                            var pointer = node;
                            NativeWrapper.ReadProcessMemory(handle, pointer + 0x18, ref pointer); // Node.m_value
                            if (pointer != IntPtr.Zero)
                            {
                                pointers.Add(pointer);
                            }
                            NativeWrapper.ReadProcessMemory(handle, node + 0x20, ref node); // Node.m_next
                        }
                    }
                }

                var artifacts           = new List <Artifact>();
                var artifactStruct      = new ArtifactStruct();
                var artifactBonusStruct = new ArtifactBonusStruct();
                var bonusValueStruct    = new BonusValueStruct();
                foreach (var pointer in pointers)
                {
                    NativeWrapper.ReadProcessMemory(handle, pointer, ref artifactStruct);
                    NativeWrapper.ReadProcessMemory(handle, artifactStruct.PrimaryBonus, ref artifactBonusStruct);
                    NativeWrapper.ReadProcessMemory(handle, artifactBonusStruct.Value, ref bonusValueStruct);

                    var artifact = new Artifact
                    {
                        Id             = artifactStruct.Id,
                        SellPrice      = artifactStruct.SellPrice,
                        Price          = artifactStruct.Price,
                        Level          = artifactStruct.Level,
                        IsActivated    = artifactStruct.IsActivated,
                        Kind           = artifactStruct.KindId.ToString(),
                        Rank           = artifactStruct.RankId.ToString(),
                        Rarity         = artifactStruct.RarityId.ToString(),
                        SetKind        = artifactStruct.SetKindId.ToString(),
                        IsSeen         = artifactStruct.IsSeen,
                        FailedUpgrades = artifactStruct.FailedUpgrades
                    };

                    if (artifactStruct.RequiredFraction != HeroFraction.Unknown)
                    {
                        artifact.RequiredFraction = artifactStruct.RequiredFraction.ToString();
                    }

                    artifact.PrimaryBonus = new ArtifactBonus
                    {
                        Kind       = artifactBonusStruct.KindId.ToString(),
                        IsAbsolute = bonusValueStruct.IsAbsolute,
                        Value      = (float)Math.Round(bonusValueStruct.Value / (double)uint.MaxValue, 2),
                    };

                    var bonusesPointer = artifactStruct.SecondaryBonuses;
                    var bonusCount     = 0;
                    NativeWrapper.ReadProcessMemory(handle, bonusesPointer + 0x18, ref bonusCount);
                    NativeWrapper.ReadProcessMemory(handle, bonusesPointer + 0x10, ref bonusesPointer);

                    artifact.SecondaryBonuses = new List <ArtifactBonus>();

                    var bonuses = new IntPtr[bonusCount];
                    if (bonusCount > 0)
                    {
                        NativeWrapper.ReadProcessMemoryArray(handle, bonusesPointer + 0x20, bonuses, 0, bonuses.Length);
                    }

                    foreach (var bonusPointer in bonuses)
                    {
                        NativeWrapper.ReadProcessMemory(handle, bonusPointer, ref artifactBonusStruct);
                        NativeWrapper.ReadProcessMemory(handle, artifactBonusStruct.Value, ref bonusValueStruct);

                        var bonus = new ArtifactBonus
                        {
                            Kind        = artifactBonusStruct.KindId.ToString(),
                            IsAbsolute  = bonusValueStruct.IsAbsolute,
                            Value       = (float)Math.Round(bonusValueStruct.Value / (double)uint.MaxValue, 2),
                            Enhancement = (float)Math.Round(artifactBonusStruct.PowerUpValue / (double)uint.MaxValue, 2),
                            Level       = artifactBonusStruct.Level
                        };

                        artifact.SecondaryBonuses.Add(bonus);
                    }

                    artifacts.Add(artifact);
                }

                var heroesDataPointer = heroesWrapper;
                NativeWrapper.ReadProcessMemory(handle, heroesDataPointer + 0x38, ref heroesDataPointer); // HeroesWrapperReadOnly.HeroData
                NativeWrapper.ReadProcessMemory(handle, heroesDataPointer + 0x18, ref heroesDataPointer); // UserHeroData.HeroById

                var count = 0;
                NativeWrapper.ReadProcessMemory(handle, heroesDataPointer + 0x20, ref count);             // Dictionary<int, Hero>.Count
                NativeWrapper.ReadProcessMemory(handle, heroesDataPointer + 0x18, ref heroesDataPointer); // Dictionary<int, Hero>.entries

                var heroStruct          = new HeroStruct();
                var heroMasteriesStruct = new HeroMasteryDataStruct();
                var heroesById          = new Dictionary <int, Hero>();
                var heroes = new List <Hero>();
                for (var i = 0; i < count; i++)
                {
                    // Array of Dictionary-entry structs which are 0x18 in size (but we only need hero pointer)
                    var heroPointer = heroesDataPointer + 0x30 + 0x18 * i;
                    NativeWrapper.ReadProcessMemory(handle, heroPointer, ref heroPointer);
                    NativeWrapper.ReadProcessMemory(handle, heroPointer, ref heroStruct);

                    heroMasteriesStruct.Masteries = IntPtr.Zero;
                    NativeWrapper.ReadProcessMemory(handle, heroStruct.MasteryData, ref heroMasteriesStruct);

                    var hero = new Hero
                    {
                        Id             = heroStruct.Id,
                        TypeId         = heroStruct.TypeId,
                        Grade          = heroStruct.Grade.ToString(),
                        Level          = heroStruct.Level,
                        Experience     = heroStruct.Experience,
                        FullExperience = heroStruct.FullExperience,
                        Locked         = heroStruct.Locked,
                        InStorage      = heroStruct.InStorage,
                        Masteries      = new List <int>(),
                    };

                    var masteriesPtr = heroMasteriesStruct.Masteries;
                    var masteryCount = 0;
                    if (heroStruct.MasteryData != IntPtr.Zero && masteriesPtr != IntPtr.Zero)
                    {
                        NativeWrapper.ReadProcessMemory(handle, masteriesPtr + 0x18, ref masteryCount);
                        NativeWrapper.ReadProcessMemory(handle, masteriesPtr + 0x10, ref masteriesPtr);
                    }

                    var masteries = new int[masteryCount];
                    if (masteryCount > 0)
                    {
                        NativeWrapper.ReadProcessMemoryArray(handle, masteriesPtr + 0x20, masteries, 0, masteries.Length);
                    }
                    hero.Masteries.AddRange(masteries);

                    if (_heroTypeById.TryGetValue(hero.TypeId, out var heroType))
                    {
                        hero.Name           = heroType.Name;
                        hero.Fraction       = heroType.Fraction;
                        hero.Element        = heroType.Element;
                        hero.Rarity         = heroType.Rarity;
                        hero.Role           = heroType.Role;
                        hero.AwakenLevel    = heroType.AwakeLevel;
                        hero.Accuracy       = heroType.Accuracy;
                        hero.Attack         = heroType.Attack;
                        hero.Defense        = heroType.Defense;
                        hero.Health         = heroType.Health;
                        hero.Speed          = heroType.Speed;
                        hero.Resistance     = heroType.Resistance;
                        hero.CriticalChance = heroType.CriticalChance;
                        hero.CriticalDamage = heroType.CriticalDamage;
                        hero.CriticalHeal   = heroType.CriticalHeal;
                    }

                    var multiplier = _multipliers.FirstOrDefault(m => m.Stars == hero.Grade && m.Level == hero.Level);
                    if (multiplier != null)
                    {
                        hero.Attack  = (int)Math.Round(hero.Attack * multiplier.Multiplier);
                        hero.Defense = (int)Math.Round(hero.Defense * multiplier.Multiplier);
                        hero.Health  = (int)Math.Round(hero.Health * multiplier.Multiplier) * 15;
                    }

                    heroes.Add(hero);

                    heroesById[heroStruct.Id] = hero;
                }

                var artifactsByHeroIdPtr = heroesWrapper;
                NativeWrapper.ReadProcessMemory(handle, artifactsByHeroIdPtr + 0x40, ref artifactsByHeroIdPtr); // HeroesWrapperReadOnly.ArtifactData
                NativeWrapper.ReadProcessMemory(handle, artifactsByHeroIdPtr + 0x30, ref artifactsByHeroIdPtr); // UserArtifactData.ArtifactDataByHeroId

                NativeWrapper.ReadProcessMemory(handle, artifactsByHeroIdPtr + 0x20, ref count);
                NativeWrapper.ReadProcessMemory(handle, artifactsByHeroIdPtr + 0x18, ref artifactsByHeroIdPtr);

                for (var i = 0; i < count; i++)
                {
                    artifactsPointer = artifactsByHeroIdPtr + 0x30 + 0x18 * i;

                    var heroId = 0;
                    NativeWrapper.ReadProcessMemory(handle, artifactsPointer - 8, ref heroId);
                    NativeWrapper.ReadProcessMemory(handle, artifactsPointer, ref artifactsPointer);
                    NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x10, ref artifactsPointer);

                    artifactCount = 0;
                    NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x20, ref artifactCount);
                    NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x18, ref artifactsPointer);

                    var arts = new List <int>();
                    for (var a = 0; a < artifactCount; a++)
                    {
                        var artifactId = 0;
                        NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x2C + 0x10 * a, ref artifactId);
                        arts.Add(artifactId);
                    }

                    if (heroesById.TryGetValue(heroId, out var hero))
                    {
                        hero.Artifacts = arts;
                    }
                }

                return(new AccountDump
                {
                    Artifacts = artifacts,
                    Heroes = heroes
                });
            }
            finally
            {
                NativeWrapper.CloseHandle(handle);
            }
        }
예제 #19
0
        public void ClearLog(string logName, string backupPath)
        {
            ArgumentNullException.ThrowIfNull(logName);

            NativeWrapper.EvtClearLog(this.Handle, logName, backupPath, 0);
        }
 protected override void Triggered(NativeWrapper.NativeEnvironment env)
 {
     CompileFileCall c = new CompileFileCall();
     if (SquirrelFunctions.getstackobj(SquirrelInjectorPlugin.SquirrelVM, -1, out c.Table) == 0)
     {
         c.FileName = Marshal.PtrToStringAnsi(env.GetParameterP(0));
         _CallStack.Push(c);
     }
 }
예제 #21
0
 void OnDestroy()
 {
     NativeWrapper.StopThread();
 }
예제 #22
0
 public void CancelReading()
 {
     NativeWrapper.EvtCancel(_handle);
 }
예제 #23
0
 protected override bool ReleaseHandle()
 {
     NativeWrapper.EvtClose(handle);
     handle = IntPtr.Zero;
     return(true);
 }
예제 #24
0
 // Use this for initialization
 void Start()
 {
     _text       = GetComponent <Text> ();
     cntCallback = new Dispatcher.Callback(ShowCount);
     NativeWrapper.StartThread(cntCallback);
 }
예제 #25
0
        private AccountDump GetDump()
        {
            var process = Process.GetProcessesByName("Raid").FirstOrDefault();

            if (process == null)
            {
                MessageBox.Show("Raid needs to be running before running RaidExtractor", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
                return(null);
            }

            if (!process.MainModule.FileName.Contains("\\224\\"))
            {
                MessageBox.Show("Raid has been updated and needs a newer version of RaidExtractor", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
                return(null);
            }

            var handle = NativeWrapper.OpenProcess(ProcessAccessFlags.Read, true, process.Id);

            try
            {
                var gameAssembly = process.Modules.OfType <ProcessModule>().FirstOrDefault(m => m.ModuleName == "GameAssembly.dll");
                if (gameAssembly == null)
                {
                    MessageBox.Show("Unable to locate GameAssembly.dll in memory", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
                    return(null);
                }
                //
                var klass = IntPtr.Zero;
                NativeWrapper.ReadProcessMemory(handle, gameAssembly.BaseAddress + 50069800, ref klass);

                var appModel = klass;
                NativeWrapper.ReadProcessMemory(handle, appModel + 0x18, ref appModel);
                NativeWrapper.ReadProcessMemory(handle, appModel + 0xC0, ref appModel);
                NativeWrapper.ReadProcessMemory(handle, appModel + 0x0, ref appModel);
                NativeWrapper.ReadProcessMemory(handle, appModel + 0xB8, ref appModel);
                NativeWrapper.ReadProcessMemory(handle, appModel + 0x8, ref appModel);

                var userWrapper = appModel;
                NativeWrapper.ReadProcessMemory(handle, userWrapper + 0x150, ref userWrapper); // AppModel._userWrapper

                var heroesWrapper = userWrapper;
                NativeWrapper.ReadProcessMemory(handle, heroesWrapper + 0x28, ref heroesWrapper); // UserWrapper.Heroes

                var artifactsPointer = heroesWrapper;
                NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x40, ref artifactsPointer); // HeroesWrapperReadOnly.ArtifactData
                NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x20, ref artifactsPointer); // UserArtifactData.Artifacts

                var artifactCount = 0;
                NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x18, ref artifactCount); // List<Artifact>.Count

                var arrayPointer = artifactsPointer;
                NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x10, ref arrayPointer); // List<Artifact>._array

                var pointers = new IntPtr[artifactCount + 1];
                NativeWrapper.ReadProcessMemoryArray(handle, arrayPointer + 0x20, pointers);

                var artifacts           = new List <Artifact>();
                var artifactStruct      = new ArtifactStruct();
                var artifactBonusStruct = new ArtifactBonusStruct();
                var bonusValueStruct    = new BonusValueStruct();
                foreach (var pointer in pointers)
                {
                    NativeWrapper.ReadProcessMemory(handle, pointer, ref artifactStruct);
                    NativeWrapper.ReadProcessMemory(handle, artifactStruct.PrimaryBonus, ref artifactBonusStruct);
                    NativeWrapper.ReadProcessMemory(handle, artifactBonusStruct.Value, ref bonusValueStruct);

                    var artifact = new Artifact
                    {
                        Id             = artifactStruct.Id,
                        SellPrice      = artifactStruct.SellPrice,
                        Price          = artifactStruct.Price,
                        Level          = artifactStruct.Level,
                        IsActivated    = artifactStruct.IsActivated,
                        Kind           = artifactStruct.KindId.ToString(),
                        Rank           = artifactStruct.RankId.ToString(),
                        Rarity         = artifactStruct.RarityId.ToString(),
                        SetKind        = artifactStruct.SetKindId.ToString(),
                        IsSeen         = artifactStruct.IsSeen,
                        FailedUpgrades = artifactStruct.FailedUpgrades
                    };

                    if (artifactStruct.RequiredFraction != HeroFraction.Unknown)
                    {
                        artifact.RequiredFraction = artifactStruct.RequiredFraction.ToString();
                    }

                    artifact.PrimaryBonus = new ArtifactBonus
                    {
                        Kind       = artifactBonusStruct.KindId.ToString(),
                        IsAbsolute = bonusValueStruct.IsAbsolute,
                        Value      = (float)Math.Round(bonusValueStruct.Value / (double)uint.MaxValue, 2),
                    };

                    var bonusesPointer = artifactStruct.SecondaryBonuses;
                    var bonusCount     = 0;
                    NativeWrapper.ReadProcessMemory(handle, bonusesPointer + 0x18, ref bonusCount);
                    NativeWrapper.ReadProcessMemory(handle, bonusesPointer + 0x10, ref bonusesPointer);

                    artifact.SecondaryBonuses = new List <ArtifactBonus>();

                    var bonuses = new IntPtr[bonusCount];
                    if (bonusCount > 0)
                    {
                        NativeWrapper.ReadProcessMemoryArray(handle, bonusesPointer + 0x20, bonuses, 0, bonuses.Length);
                    }

                    foreach (var bonusPointer in bonuses)
                    {
                        NativeWrapper.ReadProcessMemory(handle, bonusPointer, ref artifactBonusStruct);
                        NativeWrapper.ReadProcessMemory(handle, artifactBonusStruct.Value, ref bonusValueStruct);

                        var bonus = new ArtifactBonus
                        {
                            Kind        = artifactBonusStruct.KindId.ToString(),
                            IsAbsolute  = bonusValueStruct.IsAbsolute,
                            Value       = (float)Math.Round(bonusValueStruct.Value / (double)uint.MaxValue, 2),
                            Enhancement = (float)Math.Round(artifactBonusStruct.PowerUpValue / (double)uint.MaxValue, 2),
                            Level       = artifactBonusStruct.Level
                        };

                        artifact.SecondaryBonuses.Add(bonus);
                    }

                    artifacts.Add(artifact);
                }

                var heroesDataPointer = heroesWrapper;
                NativeWrapper.ReadProcessMemory(handle, heroesDataPointer + 0x38, ref heroesDataPointer); // HeroesWrapperReadOnly.HeroData
                NativeWrapper.ReadProcessMemory(handle, heroesDataPointer + 0x18, ref heroesDataPointer); // UserHeroData.HeroById

                var count = 0;
                NativeWrapper.ReadProcessMemory(handle, heroesDataPointer + 0x20, ref count);             // Dictionary<int, Hero>.Count
                NativeWrapper.ReadProcessMemory(handle, heroesDataPointer + 0x18, ref heroesDataPointer); // Dictionary<int, Hero>.entries

                var heroStruct = new HeroStruct();
                var heroesById = new Dictionary <int, Hero>();
                var heroes     = new List <Hero>();
                for (var i = 0; i < count; i++)
                {
                    // Array of Dictionary-entry structs which are 0x18 in size (but we only need hero pointer)
                    var heroPointer = heroesDataPointer + 0x30 + 0x18 * i;
                    NativeWrapper.ReadProcessMemory(handle, heroPointer, ref heroPointer);
                    NativeWrapper.ReadProcessMemory(handle, heroPointer, ref heroStruct);

                    var hero = new Hero
                    {
                        Id             = heroStruct.Id,
                        TypeId         = heroStruct.TypeId,
                        Grade          = heroStruct.Grade.ToString(),
                        Level          = heroStruct.Level,
                        Experience     = heroStruct.Experience,
                        FullExperience = heroStruct.FullExperience,
                        Locked         = heroStruct.Locked,
                        InStorage      = heroStruct.InStorage
                    };

                    if (_heroTypeById.TryGetValue(hero.TypeId, out var heroType))
                    {
                        hero.Name           = heroType.Name;
                        hero.Fraction       = heroType.Fraction;
                        hero.Element        = heroType.Element;
                        hero.Rarity         = heroType.Rarity;
                        hero.Role           = heroType.Role;
                        hero.AwakenLevel    = heroType.AwakeLevel;
                        hero.Accuracy       = heroType.Accuracy;
                        hero.Attack         = heroType.Attack;
                        hero.Defense        = heroType.Defense;
                        hero.Health         = heroType.Health;
                        hero.Speed          = heroType.Speed;
                        hero.Resistance     = heroType.Resistance;
                        hero.CriticalChance = heroType.CriticalChance;
                        hero.CriticalDamage = heroType.CriticalDamage;
                        hero.CriticalHeal   = heroType.CriticalHeal;
                    }

                    var multiplier = _multipliers.FirstOrDefault(m => m.Stars == hero.Grade && m.Level == hero.Level);
                    if (multiplier != null)
                    {
                        hero.Attack  = (int)(hero.Attack * multiplier.Multiplier);
                        hero.Defense = (int)(hero.Defense * multiplier.Multiplier);
                        hero.Health  = (int)(hero.Health * multiplier.Multiplier) * 15;
                    }

                    heroes.Add(hero);

                    heroesById[heroStruct.Id] = hero;
                }

                var artifactsByHeroIdPtr = heroesWrapper;
                NativeWrapper.ReadProcessMemory(handle, artifactsByHeroIdPtr + 0x40, ref artifactsByHeroIdPtr); // HeroesWrapperReadOnly.ArtifactData
                NativeWrapper.ReadProcessMemory(handle, artifactsByHeroIdPtr + 0x28, ref artifactsByHeroIdPtr); // UserArtifactData.ArtifactDataByHeroId

                NativeWrapper.ReadProcessMemory(handle, artifactsByHeroIdPtr + 0x20, ref count);
                NativeWrapper.ReadProcessMemory(handle, artifactsByHeroIdPtr + 0x18, ref artifactsByHeroIdPtr);

                for (var i = 0; i < count; i++)
                {
                    artifactsPointer = artifactsByHeroIdPtr + 0x30 + 0x18 * i;

                    var heroId = 0;
                    NativeWrapper.ReadProcessMemory(handle, artifactsPointer - 8, ref heroId);
                    NativeWrapper.ReadProcessMemory(handle, artifactsPointer, ref artifactsPointer);
                    NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x10, ref artifactsPointer);

                    artifactCount = 0;
                    NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x20, ref artifactCount);
                    NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x18, ref artifactsPointer);

                    var arts = new List <int>();
                    for (var a = 0; a < artifactCount; a++)
                    {
                        var artifactId = 0;
                        NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x2C + 0x10 * a, ref artifactId);
                        arts.Add(artifactId);
                    }

                    if (heroesById.TryGetValue(heroId, out var hero))
                    {
                        hero.Artifacts = arts;
                    }
                }

                return(new AccountDump
                {
                    Artifacts = artifacts,
                    Heroes = heroes
                });
            }
            finally
            {
                NativeWrapper.CloseHandle(handle);
            }
        }
        internal object GetProviderListProperty(EventLogHandle providerHandle, Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId metadataProperty)
        {
            object         obj2;
            EventLogHandle zero = EventLogHandle.Zero;

            EventLogPermissionHolder.GetEventLogPermission().Demand();
            try
            {
                Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId evtPublisherMetadataOpcodeName;
                Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId evtPublisherMetadataOpcodeValue;
                Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId evtPublisherMetadataOpcodeMessageID;
                ObjectTypeName      opcode;
                List <EventLevel>   list  = null;
                List <EventOpcode>  list2 = null;
                List <EventKeyword> list3 = null;
                List <EventTask>    list4 = null;
                zero = NativeWrapper.EvtGetPublisherMetadataPropertyHandle(providerHandle, metadataProperty);
                int capacity = NativeWrapper.EvtGetObjectArraySize(zero);
                switch (metadataProperty)
                {
                case Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodes:
                    evtPublisherMetadataOpcodeName      = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodeName;
                    evtPublisherMetadataOpcodeValue     = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodeValue;
                    evtPublisherMetadataOpcodeMessageID = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodeMessageID;
                    opcode = ObjectTypeName.Opcode;
                    list2  = new List <EventOpcode>(capacity);
                    break;

                case Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywords:
                    evtPublisherMetadataOpcodeName      = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywordName;
                    evtPublisherMetadataOpcodeValue     = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywordValue;
                    evtPublisherMetadataOpcodeMessageID = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywordMessageID;
                    opcode = ObjectTypeName.Keyword;
                    list3  = new List <EventKeyword>(capacity);
                    break;

                case Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevels:
                    evtPublisherMetadataOpcodeName      = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevelName;
                    evtPublisherMetadataOpcodeValue     = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevelValue;
                    evtPublisherMetadataOpcodeMessageID = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevelMessageID;
                    opcode = ObjectTypeName.Level;
                    list   = new List <EventLevel>(capacity);
                    break;

                case Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTasks:
                    evtPublisherMetadataOpcodeName      = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskName;
                    evtPublisherMetadataOpcodeValue     = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskValue;
                    evtPublisherMetadataOpcodeMessageID = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskMessageID;
                    opcode = ObjectTypeName.Task;
                    list4  = new List <EventTask>(capacity);
                    break;

                default:
                    return(null);
                }
                for (int i = 0; i < capacity; i++)
                {
                    string name = (string)NativeWrapper.EvtGetObjectArrayProperty(zero, i, (int)evtPublisherMetadataOpcodeName);
                    uint   num3 = 0;
                    long   num4 = 0L;
                    if (opcode != ObjectTypeName.Keyword)
                    {
                        num3 = (uint)NativeWrapper.EvtGetObjectArrayProperty(zero, i, (int)evtPublisherMetadataOpcodeValue);
                    }
                    else
                    {
                        num4 = (long)((ulong)NativeWrapper.EvtGetObjectArrayProperty(zero, i, (int)evtPublisherMetadataOpcodeValue));
                    }
                    int    num5        = (int)((uint)NativeWrapper.EvtGetObjectArrayProperty(zero, i, (int)evtPublisherMetadataOpcodeMessageID));
                    string displayName = null;
                    if (num5 == -1)
                    {
                        if (providerHandle != this.defaultProviderHandle)
                        {
                            if (this.defaultProviderHandle.IsInvalid)
                            {
                                this.defaultProviderHandle = NativeWrapper.EvtOpenProviderMetadata(this.session.Handle, null, null, this.cultureInfo.LCID, 0);
                            }
                            switch (opcode)
                            {
                            case ObjectTypeName.Level:
                                displayName = this.FindStandardLevelDisplayName(name, num3);
                                goto Label_01BA;

                            case ObjectTypeName.Opcode:
                                displayName = this.FindStandardOpcodeDisplayName(name, num3 >> 0x10);
                                goto Label_01BA;

                            case ObjectTypeName.Task:
                                displayName = this.FindStandardTaskDisplayName(name, num3);
                                goto Label_01BA;

                            case ObjectTypeName.Keyword:
                                displayName = this.FindStandardKeywordDisplayName(name, num4);
                                goto Label_01BA;
                            }
                            displayName = null;
                        }
                    }
                    else
                    {
                        displayName = NativeWrapper.EvtFormatMessage(providerHandle, (uint)num5);
                    }
Label_01BA:
                    switch (opcode)
                    {
                    case ObjectTypeName.Level:
                        list.Add(new EventLevel(name, (int)num3, displayName));
                        break;

                    case ObjectTypeName.Opcode:
                        list2.Add(new EventOpcode(name, (int)(num3 >> 0x10), displayName));
                        break;

                    case ObjectTypeName.Task:
                    {
                        Guid guid = (Guid)NativeWrapper.EvtGetObjectArrayProperty(zero, i, 0x12);
                        list4.Add(new EventTask(name, (int)num3, displayName, guid));
                        break;
                    }

                    case ObjectTypeName.Keyword:
                        list3.Add(new EventKeyword(name, num4, displayName));
                        break;

                    default:
                        return(null);
                    }
                }
                switch (opcode)
                {
                case ObjectTypeName.Level:
                    return(list);

                case ObjectTypeName.Opcode:
                    return(list2);

                case ObjectTypeName.Task:
                    return(list4);

                case ObjectTypeName.Keyword:
                    return(list3);
                }
                obj2 = null;
            }
            finally
            {
                zero.Close();
            }
            return(obj2);
        }
예제 #27
0
 public override string ToXml()
 {
     char[] renderBuffer = GC.AllocateUninitializedArray <char>(2000);
     return(NativeWrapper.EvtRenderXml(EventLogHandle.Zero, Handle, renderBuffer));
 }
예제 #28
0
 public void CancelCurrentOperations()
 {
     NativeWrapper.EvtCancel(Handle);
 }
예제 #29
0
        public IList <object> GetPropertyValues(EventLogPropertySelector propertySelector)
        {
            ArgumentNullException.ThrowIfNull(propertySelector);

            return(NativeWrapper.EvtRenderBufferWithContextUserOrValues(propertySelector.Handle, Handle));
        }
예제 #30
0
 public void ExportLogAndMessages(string path, PathType pathType, string query, string targetFilePath, bool tolerateQueryErrors, CultureInfo targetCultureInfo)
 {
     ExportLog(path, pathType, query, targetFilePath, tolerateQueryErrors);
     // Ignore the CultureInfo, pass 0 to use the calling thread's locale
     NativeWrapper.EvtArchiveExportedLog(this.Handle, targetFilePath, 0, 0);
 }
예제 #31
0
 public SoulsMemoryHandler(Process gameProcess)
 {
     this.gameProcess  = gameProcess;
     this.memoryHandle = NativeWrapper.OpenProcess(ProcessAccessFlags.ReadWrite, gameProcess.Id);
 }
예제 #32
0
        public void Seek(SeekOrigin origin, long offset)
        {
            EventLogPermissionHolder.GetEventLogPermission().Demand();

            switch (origin)
            {
            case SeekOrigin.Begin:

                SeekReset();
                NativeWrapper.EvtSeek(this.handle, offset, EventLogHandle.Zero, 0, UnsafeNativeMethods.EvtSeekFlags.EvtSeekRelativeToFirst);
                return;

            case SeekOrigin.End:

                SeekReset();
                NativeWrapper.EvtSeek(this.handle, offset, EventLogHandle.Zero, 0, UnsafeNativeMethods.EvtSeekFlags.EvtSeekRelativeToLast);
                return;

            case SeekOrigin.Current:
                if (offset >= 0)
                {
                    //we can reuse elements in the batch.
                    if (this.currentIndex + offset < this.eventCount)
                    {
                        //
                        // We don't call Seek here, we can reposition within the batch.
                        //

                        // close all event handles between [currentIndex, currentIndex + offset)
                        int index = this.currentIndex;
                        while (index < this.currentIndex + offset)
                        {
                            NativeWrapper.EvtClose(eventsBuffer[index]);
                            index++;
                        }

                        this.currentIndex = (int)(this.currentIndex + offset);
                        //leave the eventCount unchanged
                        //leave the same Eof
                    }
                    else
                    {
                        SeekCommon(offset);
                    }
                }
                else
                {
                    //if inside the current buffer, we still cannot read the events, as the handles.
                    //may have already been closed.
                    if (currentIndex + offset >= 0)
                    {
                        SeekCommon(offset);
                    }
                    else      //outside the current buffer
                    {
                        SeekCommon(offset);
                    }
                }
                return;
            }
        }
예제 #33
0
 public bool WriteProcessMemoryArray <T>(IntPtr baseAddress, T[] buffer) where T : unmanaged
 {
     return(NativeWrapper.WriteProcessMemoryArray(memoryHandle, baseAddress, buffer));
 }
 protected override void Triggered(NativeWrapper.NativeEnvironment env)
 {
     var c = _CallStack.Pop();
     CompileFileInjectionManager.AfterCompileFile(c.FileName, ref c.Table);
 }
예제 #35
0
        public static void Main(string[] args)
        {
            // process start object
            ProcessStart ps = null;

            try
            {
                // if no parameters or help was provided
                if (args.Length == 0 ||
                    Array.Exists <string>(args, delegate(string s)
                {
                    return(s.ToLowerInvariant() == CommandSwitches.HELP);
                }))
                {
                    ShowUsageInfo();
                    Environment.Exit(args.Length == 1 ? ExitCodes.OK : ExitCodes.NO_PARAMETERS);
                }
                // get prepared startup parameters
                ProgramStartupParameters param = new ProgramStartupParameters(args);
                // ensure correct logging targets as given per arguments
                // do this before all other stuff, so we can ensure that these loggings are
                // activated if errors occur.
                LogFactory.InitConfiguration(param);
                // without knowledge of the current user, we exit here
                WindowsIdentity currentUser = WindowsIdentity.GetCurrent();
                if (currentUser == null)
                {
                    log.Fatal("Could not retrieve current user information.");
                    Program.Exit(ExitCodes.ERROR_RETRIEVING_CURRENT_USER);
                }
                log.Info("RunAsUser started execution by [{0}] on {1} with arguments [{2}]", currentUser.Name, DateTime.Now.ToString("G"), string.Join(" ", args));
                // if terminal server detected
                // TODO: check if impersonation influences this behavior
                if (RunningOnTerminalServer)
                {
                    log.Fatal("This tool cannot be run under Terminal Server environment!");
                    Program.Exit(ExitCodes.TERMINAL_SERVER_DETECTED);
                }
                // create and initialize processstart object
                // check if user credential informations are given per username and password
                if (param.CredentialMode == ProcessCredentialMode.Username)
                {
                    log.Info("Username and Password have been provided for creating primary access token. Username:[{0}]", string.IsNullOrEmpty(param.Userdomain) ? param.Username : string.Format("{0}\\{1}", param.Userdomain, param.Username));
                    ps = new ProcessStart(param.Username, param.UserPassword, param.Userdomain);
                }
                else if (param.CredentialMode == ProcessCredentialMode.LoggedOnUser)
                {
                    string usedProcessName = param.AccessTokenProcessName.Trim();
                    if (usedProcessName[usedProcessName.Length - 4] == '.')
                    {
                        usedProcessName = usedProcessName.Substring(0, usedProcessName.Length - 4);
                    }

                    log.Info("Process will be started using primary access token of first process found called [{0}].", usedProcessName);
                    // find all processes
                    Process[] accessTokenProcesses = Process.GetProcessesByName(usedProcessName);
                    // if nothing found..error
                    if (accessTokenProcesses.Length == 0)
                    {
                        log.Fatal("No process called [{0}] could be found resulting that no primary access token can be used.", param.AccessTokenProcessName);
                        if (param.IgnoreNoUser)
                        {
                            log.Info("Conigured to exit OK although no user could be retrieved to execute process.");
                            Program.Exit(ExitCodes.OK);
                        }
                        else
                        {
                            Program.Exit(ExitCodes.OPEN_ACCESS_TOKEN_ACCESS_DENIED);
                        }
                    }

                    // With logged on user is meant, a user that has been logged on using winlogon.exe.
                    // Per default a process called "explorer"
                    // is used to retrieve the primary access token for the user that is to be used.
                    // Therefor the process that is running this code must have priviledges granted to PROCESS_QUERY_INFORMATION

                    // TODO: The current processes' privileges must be enusred to have SE_DEBUG_NAME and SE_TCB_NAME enabled.
                    // To do so following steps must be done:
                    // OpenProcessToken(Process.GetCurrentProcess().Handle, TOKEN_ADJUST_PRIVILEGES)
                    // LookupPrivilegeValue("SeDebugPrivilege")
                    // AdjustTokenPrivilege()
                    EnsureCurrentProcessDebugPrivilegeEnabled();

                    IntPtr  tokenHandle = IntPtr.Zero;
                    Process p           = null;
                    if (!string.IsNullOrEmpty(param.AccessTokenAccountName))
                    {
                        foreach (Process t in accessTokenProcesses)
                        {
                            bool result = NativeWrapper.OpenProcessToken(
                                t.Handle,
                                NativeWrapper.TOKEN_QUERY | NativeWrapper.TOKEN_DUPLICATE | NativeWrapper.TOKEN_ASSIGN_PRIMARY,
                                out tokenHandle);
                            if (!result)
                            {
                                log.Fatal("Error opening process token for process [PID:{0} Name:{1}]. Win32 error: {2}", p.Id, p.ProcessName, new Win32Exception(Marshal.GetLastWin32Error()).Message);
                                if (param.IgnoreNoUser)
                                {
                                    log.Info("Configured to exit OK although no user could be retrieved to execute process.");
                                    Program.Exit(ExitCodes.OK);
                                }
                                else
                                {
                                    Program.Exit(ExitCodes.OPEN_ACCESS_TOKEN_ACCESS_DENIED);
                                }
                            }
                            else
                            {
                                WindowsIdentity id = new WindowsIdentity(tokenHandle);
                                if (string.Equals(id.Name, param.AccessTokenAccountName, StringComparison.InvariantCultureIgnoreCase))
                                {
                                    p = t;
                                    break;
                                }
                            }
                        }
                        if (p == null)
                        {
                            log.Fatal("No process called [{0}] could be found under account name [{1}].", param.AccessTokenProcessName, param.AccessTokenAccountName);
                            Program.Exit(ExitCodes.NO_ACCESS_TOKEN_PROCESS_RUNNING);
                        }
                    }
                    else
                    {
                        p = accessTokenProcesses[0];

                        bool result = NativeWrapper.OpenProcessToken(
                            p.Handle,
                            NativeWrapper.TOKEN_QUERY | NativeWrapper.TOKEN_DUPLICATE | NativeWrapper.TOKEN_ASSIGN_PRIMARY,
                            out tokenHandle);
                        if (!result)
                        {
                            log.Fatal("Error opening process token for process [PID:{0} Name:{1}]. Win32 error: {2}", p.Id, p.ProcessName, new Win32Exception(Marshal.GetLastWin32Error()).Message);
                            if (param.IgnoreNoUser)
                            {
                                log.Info("Configured to exit OK although no user could be retrieved to execute process.");
                                Program.Exit(ExitCodes.OK);
                            }
                            else
                            {
                                Program.Exit(ExitCodes.OPEN_ACCESS_TOKEN_ACCESS_DENIED);
                            }
                        }
                    }

                    ps = new ProcessStart(tokenHandle, true);
                }
                ps.CreateNoWindow       = true;
                ps.ProcessTimeout       = param.ProcessTimeout;
                ps.ProcessTimeoutAction = param.ProcessTimeoutAction;
                ps.Interactive          = !param.NoInteractiveLogon;
                ps.LoadUserProfile      = param.LoadUserProfile;
                ps.WorkingDirectory     = param.WorkingDirectory;
                // start
                int processStartResult = ps.Start(param.Commandline);

                Program.Exit(processStartResult);
            }
            catch (Exception ex)
            {
                log.Fatal("Error while execution. Message: {0}", ex.Message);
                Program.Exit(ExitCodes.ERROR_WHILE_EXECUTION);
            }
            finally
            {
                if (ps != null)
                {
                    ps.Dispose();
                }
            }
        }
예제 #36
0
 public FileReader(NativeWrapper<FFmpeg.AVFormatContext> pFormatCtx)
 {
     this.pFormatCtx = pFormatCtx;
 }
 public void SaveChanges()
 {
     NativeWrapper.EvtSaveChannelConfig(_handle, 0);
 }
 protected override void Triggered(NativeWrapper.NativeEnvironment env)
 {
     //exit now
     Environment.Exit(0);
 }
예제 #39
0
 public bool ReadProcessMemory <T>(IntPtr baseAddress, ref T buffer) where T : unmanaged
 {
     return(NativeWrapper.ReadProcessMemory(memoryHandle, baseAddress, ref buffer));
 }
예제 #40
0
 public int ShowUI(int dwID, NativeWrapper.IOleInPlaceActiveObject activeObject, NativeWrapper.IOleCommandTarget commandTarget, NativeWrapper.IOleInPlaceFrame frame, NativeWrapper.IOleInPlaceUIWindow doc)
 {
     return S_FALSE;
 }
예제 #41
0
        private static void EnsureCurrentProcessDebugPrivilegeEnabled()
        {
            IntPtr hToken = IntPtr.Zero;

            NativeWrapper.LUID             newLuid      = new NativeWrapper.LUID();
            NativeWrapper.TOKEN_PRIVILEGES newPrivilege = new NativeWrapper.TOKEN_PRIVILEGES();

            try
            {
                bool result = NativeWrapper.OpenProcessToken(Process.GetCurrentProcess().Handle, NativeWrapper.TOKEN_ADJUST_PRIVILEGES, out hToken);
                if (!result)
                {
                    log.Fatal("Error ensuring currents' process access rights");
                    Program.Exit(ExitCodes.ERROR_WHILE_EXECUTION);
                }

                result = NativeWrapper.LookupPrivilegeValue(null, NativeWrapper.SE_DEBUG_NAME, out newLuid);
                if (!result)
                {
                    log.Fatal("Unable to determine LUID");
                    Program.Exit(ExitCodes.ERROR_WHILE_EXECUTION);
                }

                newPrivilege.PrivilegeCount = 1;
                newPrivilege.Luid           = newLuid;
                newPrivilege.Attributes     = NativeWrapper.SE_PRIVILEGE_ENABLED;

                result = NativeWrapper.AdjustTokenPrivileges(
                    hToken,
                    false,
                    ref newPrivilege,
                    0,
                    IntPtr.Zero,
                    0);
                if (!result)
                {
                    log.Fatal("Error adjusting process privileges");
                    Program.Exit(ExitCodes.ERROR_WHILE_EXECUTION);
                }

                result = NativeWrapper.LookupPrivilegeValue(null, NativeWrapper.SE_TCB_NAME, out newLuid);
                if (!result)
                {
                    log.Fatal("Unable to determine LUID");
                    Program.Exit(ExitCodes.ERROR_WHILE_EXECUTION);
                }

                newPrivilege.PrivilegeCount = 1;
                newPrivilege.Luid           = newLuid;
                newPrivilege.Attributes     = NativeWrapper.SE_PRIVILEGE_ENABLED;

                result = NativeWrapper.AdjustTokenPrivileges(
                    hToken,
                    false,
                    ref newPrivilege,
                    0,
                    IntPtr.Zero,
                    0);
                if (!result)
                {
                    log.Fatal("Error adjusting process privileges");
                    Program.Exit(ExitCodes.ERROR_WHILE_EXECUTION);
                }
            }
            catch (Exception ex)
            {
            }
            finally
            {
                if (hToken != IntPtr.Zero)
                {
                    NativeWrapper.CloseHandle(hToken);
                }
            }
        }
            protected override void Triggered(NativeWrapper.NativeEnvironment env)
            {
                var p0 = env.GetParameterP(0);
                var p1 = env.GetParameterP(1);
                var p2 = env.GetParameterP(2);
                var p3 = env.GetParameterP(3);

                var ret = _Original(p0, p1, p2, p3);
                env.SetReturnValue(ret);

                if (!_Injected)
                {
                    _Injected = true;
                    new InjectGetDeviceState().InjectSelf(Marshal.ReadIntPtr(p2));
                }
            }
예제 #43
0
 public void Terminate()
 {
     NativeWrapper.CloseHandle(memoryHandle);
     memoryHandle = (IntPtr)0;
 }
예제 #44
0
        public EventLogReader(EventLogQuery eventQuery, EventBookmark bookmark)
        {
            if (eventQuery == null)
            {
                throw new ArgumentNullException("eventQuery");
            }

            string logfile = null;

            if (eventQuery.ThePathType == PathType.FilePath)
            {
                logfile = eventQuery.Path;
            }

            _cachedMetadataInformation = new ProviderMetadataCachedInformation(eventQuery.Session, logfile, 50);

            //explicit data
            _eventQuery = eventQuery;

            //implicit
            _batchSize    = 64;
            _eventsBuffer = new IntPtr[_batchSize];

            //
            // compute the flag.
            //
            int flag = 0;

            if (_eventQuery.ThePathType == PathType.LogName)
            {
                flag |= (int)UnsafeNativeMethods.EvtQueryFlags.EvtQueryChannelPath;
            }
            else
            {
                flag |= (int)UnsafeNativeMethods.EvtQueryFlags.EvtQueryFilePath;
            }

            if (_eventQuery.ReverseDirection)
            {
                flag |= (int)UnsafeNativeMethods.EvtQueryFlags.EvtQueryReverseDirection;
            }

            if (_eventQuery.TolerateQueryErrors)
            {
                flag |= (int)UnsafeNativeMethods.EvtQueryFlags.EvtQueryTolerateQueryErrors;
            }

            _handle = NativeWrapper.EvtQuery(_eventQuery.Session.Handle,
                                             _eventQuery.Path, _eventQuery.Query,
                                             flag);

            EventLogHandle bookmarkHandle = EventLogRecord.GetBookmarkHandleFromBookmark(bookmark);

            if (!bookmarkHandle.IsInvalid)
            {
                using (bookmarkHandle)
                {
                    NativeWrapper.EvtSeek(_handle, 1, bookmarkHandle, 0, UnsafeNativeMethods.EvtSeekFlags.EvtSeekRelativeToBookmark);
                }
            }
        }
            protected override void Triggered(NativeWrapper.NativeEnvironment env)
            {
                var p0 = env.GetParameterP(0);
                var p1 = env.GetParameterI(1);
                var p2 = env.GetParameterP(2);

                InputManager.ZeroInputData(p2, p1);
                var ret = _Original(p0, p1, p2);

                if (p0 == _InjectedInstance && InputManager.HandleAll(p2))
                {
                    env.SetReturnValue(ret);
                }
                else
                {
                    env.SetReturnValue(ret);
                }
            }
 protected override void Triggered(NativeWrapper.NativeEnvironment env)
 {
     var obj = _Original(env.GetParameterI(0));
     new InjectD3DCreateDevice().InjectSelf(obj);
     env.SetReturnValue(obj);
 }
예제 #47
0
 public int ResizeBorder(NativeWrapper.COMRECT rect, NativeWrapper.IOleInPlaceUIWindow doc, bool fFrameWindow)
 {
     return NotImplemented;
 }
예제 #48
0
 public int ShowContextMenu(int dwID, NativeWrapper.POINT pt, object pcmdtReserved, object pdispReserved)
 {
     switch (dwID)
     {
         // http://msdn.microsoft.com/en-us/library/aa753264(v=vs.85).aspx
         case 0x2: // this is edit CONTEXT_MENU_CONTROL
         case 0x4: // selected text CONTEXT_MENU_TEXTSELECT
         case 0x9: // CONTEXT_MENU_VSCROLL
         case 0x10: //CONTEXT_MENU_HSCROLL
              return S_FALSE; // allow to show menu; Host did not display its UI. MSHTML will display its UI.
             
     }
     return S_OK;
 }
예제 #49
0
        public AccountDump GetDump()
        {
            var process = IsRaidRunning();

            if (process == null)
            {
                return(null);
            }

            if (!CheckRaidVersion(process))
            {
                return(null);
            }

            var handle = NativeWrapper.OpenProcess(ProcessAccessFlags.Read, true, process.Id);

            try
            {
                var gameAssembly = GetRaidAssembly(process);

                var klass = IntPtr.Zero;
                NativeWrapper.ReadProcessMemory(handle, gameAssembly.BaseAddress + RaidStaticInformation.MemoryLocation, ref klass);

                var appModel = klass;
                // These Reposition the AppModel to be in the right place. TODO: Figure out where these magic numbers come from?
                NativeWrapper.ReadProcessMemory(handle, appModel + 0x18, ref appModel);
                NativeWrapper.ReadProcessMemory(handle, appModel + 0xC0, ref appModel);
                NativeWrapper.ReadProcessMemory(handle, appModel + 0x0, ref appModel);
                NativeWrapper.ReadProcessMemory(handle, appModel + 0xB8, ref appModel);
                NativeWrapper.ReadProcessMemory(handle, appModel + 0x8, ref appModel);

                var userWrapper = appModel;
                NativeWrapper.ReadProcessMemory(handle, userWrapper + RaidStaticInformation.AppModelUserWrapper, ref userWrapper); // AppModel._userWrapper

                var heroesWrapper = userWrapper;
                NativeWrapper.ReadProcessMemory(handle, heroesWrapper + RaidStaticInformation.UserWrapperHeroes, ref heroesWrapper); // UserWrapper.Heroes

                #region Artifact Extraction

                var artifactsPointer = heroesWrapper;
                NativeWrapper.ReadProcessMemory(handle, artifactsPointer + RaidStaticInformation.HeroesWrapperArtifactData, ref artifactsPointer); // HeroesWrapperReadOnly.ArtifactData
                NativeWrapper.ReadProcessMemory(handle, artifactsPointer + RaidStaticInformation.UserArtifactDataArtifacts, ref artifactsPointer); // UserArtifactData.Artifacts

                var artifactCount = 0;
                NativeWrapper.ReadProcessMemory(handle, artifactsPointer + RaidStaticInformation.ListCount, ref artifactCount); // List<Artifact>.Count

                var pointers = new List <IntPtr>();
                if (artifactCount > 0)
                {
                    var arrayPointer = artifactsPointer;
                    NativeWrapper.ReadProcessMemory(handle, artifactsPointer + RaidStaticInformation.ListIndexArray, ref arrayPointer); // List<Artifact>._array

                    var ptrs = new IntPtr[artifactCount];
                    NativeWrapper.ReadProcessMemoryArray(handle, arrayPointer + RaidStaticInformation.ListElementPointerArray, ptrs);
                    pointers.AddRange(ptrs);
                }

                if (artifactCount == 0)
                {
                    // This means it's in external storage instead which is in a concurrent dictionary (teh sucks)
                    NativeWrapper.ReadProcessMemory(handle, gameAssembly.BaseAddress + RaidStaticInformation.ExternalStorageAddress, ref klass);

                    var artifactStorageResolver = klass;
                    NativeWrapper.ReadProcessMemory(handle, artifactStorageResolver + 0xB8, ref artifactStorageResolver); // ArtifactStorageResolver-StaticFields
                    NativeWrapper.ReadProcessMemory(handle, artifactStorageResolver, ref artifactStorageResolver);        // ArtifactStorageResolver-StaticFields._implementation

                    var state = artifactStorageResolver;
                    NativeWrapper.ReadProcessMemory(handle, state + 0x10, ref state); // ExternalArtifactsStorage._state

                    artifactsPointer = state;
                    NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x18, ref artifactsPointer); // _state._artifacts

                    var buckets = artifactsPointer;
                    NativeWrapper.ReadProcessMemory(handle, buckets + 0x10, ref buckets); // ConcurrentDictionary._tables
                    NativeWrapper.ReadProcessMemory(handle, buckets + 0x10, ref buckets); // _tables._buckets

                    var bucketCount = 0;
                    NativeWrapper.ReadProcessMemory(handle, buckets + 0x18, ref bucketCount);

                    var nodes = new IntPtr[bucketCount];
                    if (bucketCount > 0)
                    {
                        NativeWrapper.ReadProcessMemoryArray(handle, buckets + RaidStaticInformation.ListElementPointerArray, nodes);
                    }

                    for (var i = 0; i < nodes.Length; i++)
                    {
                        var node = nodes[i];
                        while (node != IntPtr.Zero)
                        {
                            var pointer = node;
                            NativeWrapper.ReadProcessMemory(handle, pointer + 0x18, ref pointer); // Node.m_value
                            if (pointer != IntPtr.Zero)
                            {
                                pointers.Add(pointer);
                            }
                            NativeWrapper.ReadProcessMemory(handle, node + 0x20, ref node); // Node.m_next
                        }
                    }
                }

                var artifacts           = new List <Artifact>();
                var artifactStruct      = new ArtifactStruct();
                var artifactBonusStruct = new ArtifactBonusStruct();
                var bonusValueStruct    = new BonusValueStruct();
                foreach (var pointer in pointers)
                {
                    NativeWrapper.ReadProcessMemory(handle, pointer, ref artifactStruct);
                    NativeWrapper.ReadProcessMemory(handle, artifactStruct.PrimaryBonus, ref artifactBonusStruct);
                    NativeWrapper.ReadProcessMemory(handle, artifactBonusStruct.Value, ref bonusValueStruct);

                    var artifact = new Artifact
                    {
                        Id             = artifactStruct.Id,
                        SellPrice      = artifactStruct.SellPrice,
                        Price          = artifactStruct.Price,
                        Level          = artifactStruct.Level,
                        IsActivated    = artifactStruct.IsActivated,
                        Kind           = artifactStruct.KindId.ToString(),
                        Rank           = artifactStruct.RankId.ToString(),
                        Rarity         = artifactStruct.RarityId.ToString(),
                        SetKind        = artifactStruct.SetKindId.ToString(),
                        IsSeen         = artifactStruct.IsSeen,
                        FailedUpgrades = artifactStruct.FailedUpgrades
                    };

                    if (artifactStruct.RequiredFraction != HeroFraction.Unknown)
                    {
                        artifact.RequiredFraction = artifactStruct.RequiredFraction.ToString();
                    }

                    artifact.PrimaryBonus = new ArtifactBonus
                    {
                        Kind       = artifactBonusStruct.KindId.ToString(),
                        IsAbsolute = bonusValueStruct.IsAbsolute,
                        Value      = (float)Math.Round(bonusValueStruct.Value / (double)uint.MaxValue, 2),
                    };

                    var bonusesPointer = artifactStruct.SecondaryBonuses;
                    var bonusCount     = 0;
                    NativeWrapper.ReadProcessMemory(handle, bonusesPointer + RaidStaticInformation.ListCount, ref bonusCount);
                    NativeWrapper.ReadProcessMemory(handle, bonusesPointer + RaidStaticInformation.ListIndexArray, ref bonusesPointer);

                    artifact.SecondaryBonuses = new List <ArtifactBonus>();

                    var bonuses = new IntPtr[bonusCount];
                    if (bonusCount > 0)
                    {
                        NativeWrapper.ReadProcessMemoryArray(handle, bonusesPointer + RaidStaticInformation.ListElementPointerArray, bonuses, 0, bonuses.Length);
                    }

                    foreach (var bonusPointer in bonuses)
                    {
                        NativeWrapper.ReadProcessMemory(handle, bonusPointer, ref artifactBonusStruct);
                        NativeWrapper.ReadProcessMemory(handle, artifactBonusStruct.Value, ref bonusValueStruct);

                        var bonus = new ArtifactBonus
                        {
                            Kind        = artifactBonusStruct.KindId.ToString(),
                            IsAbsolute  = bonusValueStruct.IsAbsolute,
                            Value       = (float)Math.Round(bonusValueStruct.Value / (double)uint.MaxValue, 2),
                            Enhancement = (float)Math.Round(artifactBonusStruct.PowerUpValue / (double)uint.MaxValue, 2),
                            Level       = artifactBonusStruct.Level
                        };

                        artifact.SecondaryBonuses.Add(bonus);
                    }

                    artifacts.Add(artifact);
                }

                artifacts = artifacts.OrderBy(o => o.Id).ToList();
                #endregion

                #region Hero Extraction

                var heroesDataPointer = heroesWrapper;
                NativeWrapper.ReadProcessMemory(handle, heroesDataPointer + RaidStaticInformation.HeroesWrapperHeroData, ref heroesDataPointer); // HeroesWrapperReadOnly.HeroData
                NativeWrapper.ReadProcessMemory(handle, heroesDataPointer + RaidStaticInformation.UserHeroDataHeroById, ref heroesDataPointer);  // UserHeroData.HeroById

                var count = 0;
                NativeWrapper.ReadProcessMemory(handle, heroesDataPointer + RaidStaticInformation.DictionaryCount, ref count);               // Dictionary<int, Hero>.Count
                NativeWrapper.ReadProcessMemory(handle, heroesDataPointer + RaidStaticInformation.DictionaryEntries, ref heroesDataPointer); // Dictionary<int, Hero>.entries

                var heroStruct          = new HeroStruct();
                var heroMasteriesStruct = new HeroMasteryDataStruct();
                var skillStruct         = new SkillStruct();
                var heroesById          = new Dictionary <int, Hero>();
                var heroes = new List <Hero>();
                for (var i = 0; i < count; i++)
                {
                    // Array of Dictionary-entry structs which are 0x18 in size (but we only need hero pointer)
                    var heroPointer = heroesDataPointer + 0x30 + 0x18 * i;
                    NativeWrapper.ReadProcessMemory(handle, heroPointer, ref heroPointer);
                    NativeWrapper.ReadProcessMemory(handle, heroPointer, ref heroStruct);

                    heroMasteriesStruct.Masteries = IntPtr.Zero;
                    NativeWrapper.ReadProcessMemory(handle, heroStruct.MasteryData, ref heroMasteriesStruct);

                    var hero = new Hero
                    {
                        Id             = heroStruct.Id,
                        TypeId         = heroStruct.TypeId,
                        Grade          = heroStruct.Grade.ToString(),
                        Level          = heroStruct.Level,
                        Experience     = heroStruct.Experience,
                        FullExperience = heroStruct.FullExperience,
                        Locked         = heroStruct.Locked,
                        InStorage      = heroStruct.InStorage,
                        Marker         = heroStruct.Marker.ToString(),
                        Masteries      = new List <int>(),
                    };

                    var masteriesPtr = heroMasteriesStruct.Masteries;
                    var masteryCount = 0;
                    if (heroStruct.MasteryData != IntPtr.Zero && masteriesPtr != IntPtr.Zero)
                    {
                        NativeWrapper.ReadProcessMemory(handle, masteriesPtr + RaidStaticInformation.ListCount, ref masteryCount);
                        NativeWrapper.ReadProcessMemory(handle, masteriesPtr + RaidStaticInformation.ListIndexArray, ref masteriesPtr);
                    }

                    var masteries = new int[masteryCount];
                    if (masteryCount > 0)
                    {
                        NativeWrapper.ReadProcessMemoryArray(handle, masteriesPtr + RaidStaticInformation.ListElementPointerArray, masteries, 0, masteries.Length);
                    }
                    hero.Masteries.AddRange(masteries);

                    var skillsPtr   = heroStruct.Skills;
                    var skillsCount = 0;
                    if (skillsPtr != IntPtr.Zero)
                    {
                        NativeWrapper.ReadProcessMemory(handle, heroStruct.Skills + RaidStaticInformation.ListCount, ref skillsCount);
                        NativeWrapper.ReadProcessMemory(handle, heroStruct.Skills + RaidStaticInformation.ListIndexArray, ref skillsPtr);
                    }

                    hero.Skills = new List <Skill>();
                    var skills = new IntPtr[skillsCount];
                    if (skillsCount > 0)
                    {
                        NativeWrapper.ReadProcessMemoryArray(handle, skillsPtr + RaidStaticInformation.ListElementPointerArray, skills, 0, skills.Length);
                    }

                    foreach (var skillPointer in skills)
                    {
                        NativeWrapper.ReadProcessMemory(handle, skillPointer, ref skillStruct);

                        var skill = new Skill
                        {
                            Id     = skillStruct.Id,
                            TypeId = skillStruct.TypeId,
                            Level  = skillStruct.Level,
                        };

                        hero.Skills.Add(skill);
                    }

                    if (heroTypeById.TryGetValue(hero.TypeId, out var heroType))
                    {
                        hero.Name           = heroType.Name;
                        hero.Fraction       = heroType.Fraction;
                        hero.Element        = heroType.Element;
                        hero.Rarity         = heroType.Rarity;
                        hero.Role           = heroType.Role;
                        hero.AwakenLevel    = heroType.AwakeLevel;
                        hero.Accuracy       = heroType.Accuracy;
                        hero.Attack         = heroType.Attack;
                        hero.Defense        = heroType.Defense;
                        hero.Health         = heroType.Health;
                        hero.Speed          = heroType.Speed;
                        hero.Resistance     = heroType.Resistance;
                        hero.CriticalChance = heroType.CriticalChance;
                        hero.CriticalDamage = heroType.CriticalDamage;
                        hero.CriticalHeal   = heroType.CriticalHeal;
                    }

                    var multiplier = multipliers.FirstOrDefault(m => m.Stars == hero.Grade && m.Level == hero.Level);
                    if (multiplier != null)
                    {
                        hero.Attack  = (int)Math.Round(hero.Attack * multiplier.Multiplier);
                        hero.Defense = (int)Math.Round(hero.Defense * multiplier.Multiplier);
                        hero.Health  = (int)Math.Round(hero.Health * multiplier.Multiplier) * 15;
                    }

                    heroes.Add(hero);

                    heroesById[heroStruct.Id] = hero;
                }

                heroes = heroes.OrderBy(o => o.Id).ToList();
                #endregion

                #region Hero Artifact Extraction

                var artifactsByHeroIdPtr = heroesWrapper;
                NativeWrapper.ReadProcessMemory(handle, artifactsByHeroIdPtr + RaidStaticInformation.HeroesWrapperArtifactData, ref artifactsByHeroIdPtr);        // HeroesWrapperReadOnly.ArtifactData
                NativeWrapper.ReadProcessMemory(handle, artifactsByHeroIdPtr + RaidStaticInformation.UserArtifactArtifactDataByHeroId, ref artifactsByHeroIdPtr); // UserArtifactData.ArtifactDataByHeroId

                NativeWrapper.ReadProcessMemory(handle, artifactsByHeroIdPtr + RaidStaticInformation.DictionaryCount, ref count);
                NativeWrapper.ReadProcessMemory(handle, artifactsByHeroIdPtr + 0x18, ref artifactsByHeroIdPtr);

                for (var i = 0; i < count; i++)
                {
                    artifactsPointer = artifactsByHeroIdPtr + 0x30 + 0x18 * i;

                    var heroId = 0;
                    NativeWrapper.ReadProcessMemory(handle, artifactsPointer - 8, ref heroId);
                    NativeWrapper.ReadProcessMemory(handle, artifactsPointer, ref artifactsPointer);
                    NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x10, ref artifactsPointer);

                    artifactCount = 0;
                    NativeWrapper.ReadProcessMemory(handle, artifactsPointer + RaidStaticInformation.DictionaryCount, ref artifactCount);
                    NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x18, ref artifactsPointer);

                    var arts = new List <int>();
                    for (var a = 0; a < artifactCount; a++)
                    {
                        var artifactId = 0;
                        NativeWrapper.ReadProcessMemory(handle, artifactsPointer + 0x2C + 0x10 * a, ref artifactId);
                        arts.Add(artifactId);
                    }

                    if (heroesById.TryGetValue(heroId, out var hero))
                    {
                        hero.Artifacts = arts;
                    }
                }

                #endregion

                #region Arena League Extraction

                var arenaPtr = userWrapper;
                NativeWrapper.ReadProcessMemory(handle, userWrapper + RaidStaticInformation.UserWrapperArena, ref arenaPtr);

                ArenaLeagueId arenaLeague = 0;
                NativeWrapper.ReadProcessMemory(handle, arenaPtr + RaidStaticInformation.ArenaWrapperLeagueId, ref arenaLeague);

                #endregion

                #region Great Hall Extraction

                var villageDataPointer = IntPtr.Zero;
                NativeWrapper.ReadProcessMemory(handle, userWrapper + RaidStaticInformation.UserWrapperCapitol, ref villageDataPointer);               // UserWrapper.Capitol
                NativeWrapper.ReadProcessMemory(handle, villageDataPointer + RaidStaticInformation.CapitolWrapperVillageData, ref villageDataPointer); // Capitol.VillageData

                var bonusLevelPointer = IntPtr.Zero;
                NativeWrapper.ReadProcessMemory(handle, villageDataPointer + RaidStaticInformation.UserVillageDataCapitolBonusLevelByStatByElement, ref bonusLevelPointer); // UserVillageData.UserVillageDataCapitolBonusLevelByStatByElement

                count = 0;
                NativeWrapper.ReadProcessMemory(handle, bonusLevelPointer + RaidStaticInformation.DictionaryCount, ref count);               // Dictionary<Element, Dictionary<StatKindId, int>>.Count
                NativeWrapper.ReadProcessMemory(handle, bonusLevelPointer + RaidStaticInformation.DictionaryEntries, ref bonusLevelPointer); // Dictionary<Element, Dictionary<StatKindId, int>>.Entries

                var greatHall = new Dictionary <Element, Dictionary <StatKindId, int> >();

                for (var i = 0; i < count; i++)
                {
                    var elementPointer        = bonusLevelPointer + 0x28 + 0x18 * i; // Dictionary<Element, Dictionary<StatKindId, int>>.Key;
                    var statDictionaryPointer = bonusLevelPointer + 0x30 + 0x18 * i; // Dictionary<Element, Dictionary<StatKindId, int>>.Value

                    Element currentElement = 0;                                      // Initial value
                    NativeWrapper.ReadProcessMemory(handle, elementPointer, ref currentElement);
                    NativeWrapper.ReadProcessMemory(handle, statDictionaryPointer, ref statDictionaryPointer);

                    var statsCount      = 0;
                    var statsPointer    = IntPtr.Zero;
                    var statsDictionary = new Dictionary <StatKindId, int>();

                    NativeWrapper.ReadProcessMemory(handle, statDictionaryPointer + RaidStaticInformation.DictionaryCount, ref statsCount);     // Dictionary<StatKindId, int>().Count
                    NativeWrapper.ReadProcessMemory(handle, statDictionaryPointer + RaidStaticInformation.DictionaryEntries, ref statsPointer); // Dictionary<StatKindId, int>().Entries
                    for (var j = 0; j < statsCount; j++)
                    {
                        var statKindPointer  = statsPointer + 0x28 + 0x10 * j;
                        var statValuePointer = statsPointer + 0x2C + 0x10 * j;

                        StatKindId statKindId = 0;
                        int        statLevel  = 0;
                        NativeWrapper.ReadProcessMemory(handle, statKindPointer, ref statKindId);
                        NativeWrapper.ReadProcessMemory(handle, statValuePointer, ref statLevel);

                        statsDictionary.Add(statKindId, statLevel);
                    }
                    greatHall.Add(currentElement, statsDictionary);
                }

                #endregion

                #region Shard extraction
                var shards = new Dictionary <string, ShardInfo>();

                var shardsDataPointer = userWrapper;
                NativeWrapper.ReadProcessMemory(handle, shardsDataPointer + RaidStaticInformation.UserWrapperShards, ref shardsDataPointer); // UserWrapper.ShardWrapperReadOnly
                NativeWrapper.ReadProcessMemory(handle, shardsDataPointer + RaidStaticInformation.ShardWrapperData, ref shardsDataPointer);  // ShardWrapperReadOnly.UserShardData

                var shardSummonDataPointer = shardsDataPointer;
                NativeWrapper.ReadProcessMemory(handle, shardSummonDataPointer + RaidStaticInformation.ShardSummonData, ref shardSummonDataPointer); // UserShardData.SummonResults

                // Read the shard count data
                NativeWrapper.ReadProcessMemory(handle, shardsDataPointer + RaidStaticInformation.ShardData, ref shardsDataPointer);

                var shardCount = 0;
                NativeWrapper.ReadProcessMemory(handle, shardsDataPointer + RaidStaticInformation.ListCount, ref shardCount);

                List <IntPtr> shardPointers = new List <IntPtr>();
                if (shardCount > 0)
                {
                    var arrayPointer = shardsDataPointer;
                    NativeWrapper.ReadProcessMemory(handle, shardsDataPointer + RaidStaticInformation.ListIndexArray, ref arrayPointer);

                    var ptrs = new IntPtr[shardCount];
                    NativeWrapper.ReadProcessMemoryArray(handle, arrayPointer + RaidStaticInformation.ListElementPointerArray, ptrs);
                    shardPointers.AddRange(ptrs);
                }

                List <ShardStruct> shardCounts = new List <ShardStruct>();
                foreach (var pointer in shardPointers)
                {
                    ShardStruct countData = new ShardStruct();
                    NativeWrapper.ReadProcessMemory(handle, pointer, ref countData);

                    string key = countData.ShardTypeId.ToString();

                    if (!shards.ContainsKey(key))
                    {
                        shards.Add(key, new ShardInfo());
                        shards[key].SummonData = new List <ShardSummonInfo>();
                    }

                    shards[key].Count = countData.Count;
                }

                // Now read the summon data (pity system)
                var shardSummonCount = 0;
                NativeWrapper.ReadProcessMemory(handle, shardSummonDataPointer + RaidStaticInformation.ListCount, ref shardSummonCount);

                shardPointers = new List <IntPtr>();
                if (shardSummonCount > 0)
                {
                    var arrayPointer = shardSummonDataPointer;
                    NativeWrapper.ReadProcessMemory(handle, shardSummonDataPointer + RaidStaticInformation.ListIndexArray, ref arrayPointer);

                    var ptrs = new IntPtr[shardSummonCount];
                    NativeWrapper.ReadProcessMemoryArray(handle, arrayPointer + RaidStaticInformation.ListElementPointerArray, ptrs);
                    shardPointers.AddRange(ptrs);
                }

                List <ShardSummonData> shardSummons = new List <ShardSummonData>();
                foreach (var pointer in shardPointers)
                {
                    ShardSummonData summonData = new ShardSummonData();
                    NativeWrapper.ReadProcessMemory(handle, pointer, ref summonData);

                    string key = summonData.ShardTypeId.ToString();
                    if (!shards.ContainsKey(key))
                    {
                        // We might have to add an entry if the user has no shards of that type.
                        shards.Add(key, new ShardInfo());
                        shards[key].SummonData = new List <ShardSummonInfo>();
                        shards[key].Count      = 0;
                    }

                    ShardSummonInfo info = new ShardSummonInfo();
                    info.Rarity     = summonData.rarity.ToString();
                    info.LastHeroId = summonData.lastHeroId;
                    info.PullCount  = summonData.pullCount;
                    shards[key].SummonData.Add(info);
                }

                #endregion

                #region BattlePresets extraction

                var presetsPointer = heroesWrapper;
                NativeWrapper.ReadProcessMemory(handle, presetsPointer + RaidStaticInformation.HeroesWrapperHeroData, ref presetsPointer);     // HeroesWrapperReadOnly.HeroData
                NativeWrapper.ReadProcessMemory(handle, presetsPointer + RaidStaticInformation.UserHeroDataBattlePresets, ref presetsPointer); // UserHeroData.BattlePresets

                var battlePresetsCount = 0;
                var presetsDataPointer = IntPtr.Zero;

                NativeWrapper.ReadProcessMemory(handle, presetsPointer + RaidStaticInformation.DictionaryCount, ref battlePresetsCount);   // Dictionary<int, int[]>.Count
                NativeWrapper.ReadProcessMemory(handle, presetsPointer + RaidStaticInformation.DictionaryEntries, ref presetsDataPointer); // Dictionary<int, int[]>.Entries

                var stagePresets = new Dictionary <int, int[]>();

                for (var i = 0; i < battlePresetsCount; i++)
                {
                    var stageIdPointer     = presetsDataPointer + 0x28 + 0x18 * i; // Dictionary<int, int[]>.Key;
                    var heroIdArrayPointer = presetsDataPointer + 0x30 + 0x18 * i; // Dictionary<int, int[]>.Value
                    int currentStage       = 0;

                    NativeWrapper.ReadProcessMemory(handle, stageIdPointer, ref currentStage);
                    NativeWrapper.ReadProcessMemory(handle, heroIdArrayPointer, ref heroIdArrayPointer);

                    var heroArrayCount = 0;
                    NativeWrapper.ReadProcessMemory(handle, heroIdArrayPointer + RaidStaticInformation.ListCount, ref heroArrayCount); // Assuming Array.Count has identical offset as List.Count

                    // Making use of ReadProcessMemoryArray instead of iterating the array ourselves
                    if (heroArrayCount > 0)
                    {
                        var heroIdArray   = new int[heroArrayCount];
                        var heroIdPointer = heroIdArrayPointer + 0x20; // Location of the first entry

                        NativeWrapper.ReadProcessMemoryArray(handle, heroIdPointer, heroIdArray);
                        stagePresets[currentStage] = heroIdArray;
                    }
                }

                #endregion

                return(new AccountDump
                {
                    Artifacts = artifacts,
                    Heroes = heroes,
                    ArenaLeague = arenaLeague.ToString(),
                    GreatHall = greatHall,
                    Shards = shards,
                    StagePresets = stagePresets,
                });
            }
            finally
            {
                NativeWrapper.CloseHandle(handle);
            }
        }