internal void Inject() { Thread.Sleep(1000); while (true) { using (var mem = new ProcessMemory(CurrentProcess.Id)) { using (var notemem = new ProcessMemory(Process.GetCurrentProcess().Id)) { if (mem.Is64Bit()) { throw new NotSupportedException("lolclient is running in 64bit mode which is not supported"); } var connect = new byte[_connectCc.Length]; _connectCc.CopyTo(connect, 0); int jmpaddrloc = connect.Length - 4; var mod = ProcessMemory.GetModule("ws2_32.dll"); Int32 reladdr = notemem.GetAddress(mod, "connect"); reladdr -= mod; var lolmod = GetModuleAddress(CurrentProcess, mem, "ws2_32.dll"); if (lolmod == 0) { //throw new FileNotFoundException("Lolclient has not yet loaded ws2_32.dll"); Thread.Sleep(1000); continue; } Int32 connectaddr = lolmod + reladdr; var bytes = mem.Read(connectaddr, 5); if (bytes[0] == 0xe9) { IsInjected = true; throw new WarningException("Connect already redirected"); } if (!bytes.SequenceEqual(_safeCheck)) { bytes = mem.Read(connectaddr, 20); throw new AccessViolationException(string.Format("Connect has unknown bytes [{0}]", Convert.ToBase64String(bytes))); } Int32 addr = mem.Alloc(_connectCc.Length); BitConverter.GetBytes((connectaddr + 5) - (addr + connect.Length)).CopyTo(connect, jmpaddrloc); mem.Write(addr, connect); var jmp = new byte[5]; jmp[0] = 0xE9; BitConverter.GetBytes(addr - (connectaddr + 5)).CopyTo(jmp, 1); mem.Write(connectaddr, jmp); } } IsInjected = true; break; } }
Int32 GetModuleAddress(Process curproc, ProcessMemory curmem, string name) { var mods = curmem.GetModuleInfos(); var mod = mods.FirstOrDefault(mi => mi.baseName.ToLowerInvariant() == name); if (mod == null) { return(0); } return(mod.baseOfDll.ToInt32()); }
Int32 GetModuleAddress(Process curproc, ProcessMemory curmem, string name) { var mods = curmem.GetModuleInfos(); var mod = mods.FirstOrDefault(mi => mi.baseName.ToLowerInvariant() == name); if (mod == null) return 0; return mod.baseOfDll.ToInt32(); }
internal void Inject() { Thread.Sleep(1000); while (true) { using (var mem = new ProcessMemory(CurrentProcess.Id)) { using (var notemem = new ProcessMemory(Process.GetCurrentProcess().Id)) { if (mem.Is64Bit()) throw new NotSupportedException("lolclient is running in 64bit mode which is not supported"); var connect = new byte[_connectCc.Length]; _connectCc.CopyTo(connect, 0); int jmpaddrloc = connect.Length - 4; var mod = ProcessMemory.GetModule("ws2_32.dll"); Int32 reladdr = notemem.GetAddress(mod, "connect"); reladdr -= mod; var lolmod = GetModuleAddress(CurrentProcess, mem, "ws2_32.dll"); if (lolmod == 0) { //throw new FileNotFoundException("Lolclient has not yet loaded ws2_32.dll"); Thread.Sleep(1000); continue; } Int32 connectaddr = lolmod + reladdr; var bytes = mem.Read(connectaddr, 5); if (bytes[0] == 0xe9) { IsInjected = true; throw new WarningException("Connect already redirected"); } if (!bytes.SequenceEqual(_safeCheck)) { bytes = mem.Read(connectaddr, 20); throw new AccessViolationException(string.Format("Connect has unknown bytes [{0}]", Convert.ToBase64String(bytes))); } Int32 addr = mem.Alloc(_connectCc.Length); BitConverter.GetBytes((connectaddr + 5) - (addr + connect.Length)).CopyTo(connect, jmpaddrloc); mem.Write(addr, connect); var jmp = new byte[5]; jmp[0] = 0xE9; BitConverter.GetBytes(addr - (connectaddr + 5)).CopyTo(jmp, 1); mem.Write(connectaddr, jmp); } } IsInjected = true; break; } }