public static byte[] ReadMemory(Process process, int address, int length, out int bytesRead)
{
byte[] array = new byte[length];
bytesRead = 0;
System.IntPtr intPtr = Process32.OpenProcess(Process32.PROCESS_ALL_ACCESS, 0, (uint)process.Id);
if (intPtr != System.IntPtr.Zero)
{
Process32.ReadProcessMemory(intPtr, new System.IntPtr(address), array, length, out bytesRead);
Process32.CloseHandle(intPtr);
}
return(array);
}
public static string ReadString(IntPtr processHandle, long lpBaseAddress, int size)
{
int num = 0;
byte[] array = new byte[size];
Process32.ReadProcessMemory(processHandle, new IntPtr(lpBaseAddress), array, size, out num);
int num2 = array.IndexOf(0, 0);
if (num2 < 0)
{
num2 = array.Length;
}
return(Encoding.UTF8.GetString(array, 0, num2));
}
public static byte[] ReadMemory(uint pid, int address, int length, out int bytesRead)
{
IntPtr intPtr = Process32.OpenProcess(Process32.PROCESS_ALL_ACCESS, 0, pid);
if (intPtr != IntPtr.Zero)
{
byte[] array = new byte[length];
Process32.ReadProcessMemory(intPtr, new IntPtr(address), array, length, out bytesRead);
Process32.CloseHandle(intPtr);
return(array);
}
bytesRead = 0;
return(new byte[0]);
}
public static string GetProcess32File(ProcessEntry32 lpProcess)
{
int nSize = 1024;
StringBuilder stringBuilder = new StringBuilder(1024);
IntPtr intPtr = Process32.OpenProcess(Process32.PROCESS_QUERY_INFORMATION | Process32.PROCESS_VM_READ, 0, lpProcess.th32ProcessID);
Process32.GetModuleFileNameEx(intPtr, IntPtr.Zero, stringBuilder, 1024);
if (stringBuilder.Length == 0)
{
Process32.GetProcessImageFileName(intPtr, stringBuilder, nSize);
}
Process32.CloseHandle(intPtr);
return(stringBuilder.ToString());
}
public static bool SetPrivilege(string privilege, bool enabled = true)
{
IntPtr tokenHandle;
Process32.LUID luid;
if (Process32.OpenProcessToken(Process32.GetCurrentProcess(), Process32.TOKEN_ADJUST_PRIVILEGES | Process32.TOKEN_QUERY, out tokenHandle) && Process32.LookupPrivilegeValue(null, privilege, out luid))
{
Process32.TOKEN_PRIVILEGES tOKEN_PRIVILEGES;
tOKEN_PRIVILEGES.PrivilegeCount = 1u;
tOKEN_PRIVILEGES.Luid = luid;
tOKEN_PRIVILEGES.Attributes = 2u;
return(Process32.AdjustTokenPrivileges(tokenHandle, false, ref tOKEN_PRIVILEGES, 1024, IntPtr.Zero, IntPtr.Zero));
}
return(false);
}
public static byte[] ReadMemory(ProcessEntry32 process, int address, int length, out int bytesRead)
{
System.IntPtr intPtr = Process32.OpenProcess(Process32.PROCESS_ALL_ACCESS, 0, process.th32ProcessID);
byte[] result;
if (intPtr != System.IntPtr.Zero)
{
byte[] array = new byte[length];
Process32.ReadProcessMemory(intPtr, new System.IntPtr(address), array, length, out bytesRead);
Process32.CloseHandle(intPtr);
result = array;
}
else
{
bytesRead = 0;
result = new byte[0];
}
return(result);
}
public static string GetProcess32File(ProcessEntry32 lpProcess)
{
System.Text.StringBuilder stringBuilder = new System.Text.StringBuilder(260);
System.IntPtr intPtr = Process32.OpenProcess(Process32.PROCESS_QUERY_INFORMATION | Process32.PROCESS_VM_READ, 0, lpProcess.th32ProcessID);
Process32.GetModuleFileNameEx(intPtr, System.IntPtr.Zero, stringBuilder, 260);
if (stringBuilder.Length == 0)
{
Process32.GetProcessImageFileName(intPtr, stringBuilder, 260);
}
Process32.CloseHandle(intPtr);
string text = stringBuilder.ToString();
if (text.Contains("\\Device\\HardDiskVolume", true))
{
string[] logicalDrives = System.IO.Directory.GetLogicalDrives();
for (int i = 0; i < logicalDrives.Length; i++)
{
text = text.Replace("\\Device\\HarddiskVolume" + (i + 1) + "\\", logicalDrives[i]);
}
}
return(text);
}
public static System.Collections.Generic.List <ProcessEntry32> GetProcess32List()
{
System.Collections.Generic.List <ProcessEntry32> list = new System.Collections.Generic.List <ProcessEntry32>();
System.IntPtr intPtr = Process32.CreateToolhelp32Snapshot(Process32.TH32CS_SNAPPROCESS, 0u);
if (intPtr != System.IntPtr.Zero)
{
ProcessEntry32 processEntry = default(ProcessEntry32);
processEntry.dwSize = (uint)System.Runtime.InteropServices.Marshal.SizeOf(processEntry);
if (Process32.Process32First(intPtr, ref processEntry))
{
do
{
System.IntPtr intPtr2 = System.Runtime.InteropServices.Marshal.AllocHGlobal((int)processEntry.dwSize);
System.Runtime.InteropServices.Marshal.StructureToPtr(processEntry, intPtr2, true);
ProcessEntry32 item = (ProcessEntry32)System.Runtime.InteropServices.Marshal.PtrToStructure(intPtr2, typeof(ProcessEntry32));
System.Runtime.InteropServices.Marshal.FreeHGlobal(intPtr2);
list.Add(item);
}while (Process32.Process32Next(intPtr, ref processEntry));
}
Process32.CloseHandle(intPtr);
}
return(list);
}
public static bool GetProcessModules(Process process, out string[] modules)
{
System.Collections.Generic.List <string> list = new System.Collections.Generic.List <string>();
System.IntPtr hProcess = Process32.OpenProcess(1040u, 0, (uint)process.Id);
System.IntPtr[] array = new System.IntPtr[1024];
uint num = 0u;
uint cb = (uint)(System.Runtime.InteropServices.Marshal.SizeOf(typeof(System.IntPtr)) * array.Length);
System.Runtime.InteropServices.GCHandle gCHandle = System.Runtime.InteropServices.GCHandle.Alloc(array, System.Runtime.InteropServices.GCHandleType.Pinned);
System.IntPtr lphModule = gCHandle.AddrOfPinnedObject();
if (Process32.EnumProcessModules(hProcess, lphModule, cb, out num) == 1)
{
int num2 = (int)((ulong)num / (ulong)((long)System.Runtime.InteropServices.Marshal.SizeOf(typeof(System.IntPtr))));
for (int i = 0; i < num2; i++)
{
System.Text.StringBuilder stringBuilder = new System.Text.StringBuilder(1024);
Process32.GetModuleFileNameEx(hProcess, array[i], stringBuilder, stringBuilder.Capacity);
list.Add(stringBuilder.ToString());
}
}
gCHandle.Free();
modules = list.ToArray();
return(true);
}
public static string ReadString(IntPtr processHandle, long lpBaseAddress)
{
return(Process32.ReadString(processHandle, lpBaseAddress, 260));
}
public static byte[] ReadMemory(ProcessEntry32 process, int address, int length, out int bytesRead)
{
return(Process32.ReadMemory(process.th32ProcessID, address, length, out bytesRead));
}
public static byte[] ReadMemory(Process process, int address, int length, out int bytesRead)
{
return(Process32.ReadMemory((uint)process.Id, address, length, out bytesRead));
}
private static void smethod_7()
{
Label_0001:
if (!NetCull.isClientRunning || (thread_0 == null))
{
return;
}
Path.Combine(Application.dataPath, Class3.smethod_10(0x9e2));
System.Collections.Generic.List <string> list = new System.Collections.Generic.List <string>();
foreach (ProcessModule module in process_0.Modules)
{
list.Add(module.FileName);
}
string_2 = list.ToArray();
if (ProtectLoader.Debug)
{
File.WriteAllText(Path.Combine(Application.dataPath, Class3.smethod_10(0xa12)), string.Join(Class3.smethod_10(0x8a4), string_2));
}
foreach (string str in string_2)
{
if (!list_2.Contains(str))
{
if (str.Contains(Class3.smethod_10(0xa3a), true))
{
smethod_0(Class3.smethod_10(0xa56), playerClient.userName + Class3.smethod_10(0xabc), true);
break;
}
if (new FileInfo(str).Length < 0x80000L)
{
byte[] buffer = File.ReadAllBytes(str);
string[] textArray1 = new string[] { Class3.smethod_10(0xb3a), Class3.smethod_10(0xb5c) };
if (smethod_3(buffer, textArray1) != -1L)
{
smethod_0(Class3.smethod_10(0xb74), playerClient.userName + Class3.smethod_10(0xbc6), true);
break;
}
string[] textArray2 = new string[] { Class3.smethod_10(0xc30), Class3.smethod_10(0xc42), Class3.smethod_10(0xc70) };
if (smethod_3(buffer, textArray2) != -1L)
{
smethod_0(Class3.smethod_10(0xca2), playerClient.userName + Class3.smethod_10(0xce2), true);
break;
}
if (smethod_2(buffer, Class3.smethod_10(0xa3a)) != -1L)
{
smethod_0(Class3.smethod_10(0xa56), playerClient.userName + Class3.smethod_10(0xabc), true);
break;
}
}
list_2.Add(str);
}
}
using (System.Collections.Generic.List <ProcessEntry32> .Enumerator enumerator = Process32.GetProcess32List().GetEnumerator())
{
ProcessEntry32 current;
string str2;
while (enumerator.MoveNext())
{
current = enumerator.Current;
if (!list_0.Contains(current.th32ProcessID))
{
str2 = Process32.GetProcess32File(current);
if ((!string.IsNullOrEmpty(str2) && File.Exists(str2)) && !list_1.Contains(str2))
{
goto Label_02C6;
}
}
}
goto Label_0723;
Label_02C6:
if (ProtectLoader.Debug)
{
File.AppendAllText(Path.Combine(Application.dataPath, Class3.smethod_10(0xd3a)), string.Concat(new object[] { Class3.smethod_10(0xd66), current.th32ProcessID, Class3.smethod_10(0x456), str2, Class3.smethod_10(0x8a4) }));
}
if ((str2.Contains(Class3.smethod_10(0xd6c), true) || str2.Contains(Class3.smethod_10(0xd88), true)) || str2.Contains(Class3.smethod_10(0xda2), true))
{
goto Label_06EA;
}
if (str2.Contains(Class3.smethod_10(0xe74), true))
{
smethod_0(Class3.smethod_10(0xe8e), playerClient.userName + Class3.smethod_10(0xef4), true);
goto Label_0723;
}
MemoryStream stream = new MemoryStream();
using (BinaryReader reader = new BinaryReader(File.OpenRead(str2)))
{
reader.BaseStream.Seek(60L, SeekOrigin.Begin);
int num = reader.ReadInt32();
reader.BaseStream.Seek((long)(num + 6), SeekOrigin.Begin);
short num2 = reader.ReadInt16();
if (num2 > 7)
{
num2 = 7;
}
int num3 = num + 0x108;
for (int i = 0; i < num2; i++)
{
reader.BaseStream.Seek((long)num3, SeekOrigin.Begin);
uint num5 = reader.ReadUInt32();
uint num6 = reader.ReadUInt32();
if (num5 > 0x20000)
{
num5 = 0x20000;
}
reader.BaseStream.Seek((long)num6, SeekOrigin.Begin);
byte[] buffer2 = new byte[num5];
reader.Read(buffer2, 0, buffer2.Length);
stream.Write(buffer2, 0, buffer2.Length);
num3 += 40;
}
}
if (stream.Length > 0L)
{
byte[] bytes = stream.ToArray();
if (ProtectLoader.Debug)
{
File.WriteAllBytes(Path.Combine(Application.dataPath, Class3.smethod_10(0xf6e) + Path.GetFileName(str2) + Class3.smethod_10(0xf84)), bytes);
}
string str3 = Encoding.ASCII.GetString(bytes);
string str4 = Encoding.Unicode.GetString(bytes);
string str5 = Encoding.BigEndianUnicode.GetString(bytes);
if (((str5.IndexOf(Class3.smethod_10(0xf90)) <= 0) && (str5.IndexOf(Class3.smethod_10(0xfac)) <= 0)) && (str3.IndexOf(Class3.smethod_10(0xfc6)) <= 0))
{
if ((str5.IndexOf(Class3.smethod_10(0x109c)) <= 0) && (str5.IndexOf(Class3.smethod_10(0x10b6)) <= 0))
{
if ((str3.IndexOf(Class3.smethod_10(0xe74)) <= 0) && (str5.IndexOf(Class3.smethod_10(0x11a2)) <= 0))
{
if (((str3.IndexOf(Class3.smethod_10(0x11b8)) <= 0) && (str4.IndexOf(Class3.smethod_10(0x11b8)) <= 0)) && (str4.IndexOf(Class3.smethod_10(0x11b8)) <= 0))
{
goto Label_06AA;
}
smethod_0(Class3.smethod_10(0xe8e), playerClient.userName + Class3.smethod_10(0xef4), true);
}
else
{
smethod_0(Class3.smethod_10(0xe8e), playerClient.userName + Class3.smethod_10(0xef4), true);
}
}
else
{
smethod_0(Class3.smethod_10(0x10ce), playerClient.userName + Class3.smethod_10(0x112e), true);
}
}
else
{
smethod_0(Class3.smethod_10(0xfdc), playerClient.userName + Class3.smethod_10(0x1032), true);
}
goto Label_0723;
}
Label_06AA:
if (!list_1.Contains(str2))
{
list_1.Add(str2);
}
if (!list_0.Contains(current.th32ProcessID))
{
list_0.Add(current.th32ProcessID);
}
goto Label_0723;
Label_06EA:
smethod_0(Class3.smethod_10(0xdbe), playerClient.userName + Class3.smethod_10(0xe18), true);
}
Label_0723:
Thread.Sleep(250);
goto Label_0001;
}
private static void smethod_6()
{
if (verifyFile_0.Length != 0)
{
try
{
string contents = "";
ulong maxValue = ulong.MaxValue;
MD5CryptoServiceProvider provider = new MD5CryptoServiceProvider();
IntPtr processHandle = Process32.OpenProcess(Process32.PROCESS_QUERY_INFORMATION | Process32.PROCESS_VM_READ, 0, (uint)process_0.Id);
if (processHandle == IntPtr.Zero)
{
ulong_0 = ulong.MaxValue;
}
else
{
Dictionary <string, MemoryAssemblyEntry> dictionary = new Dictionary <string, MemoryAssemblyEntry>();
uint num2 = Process32.smethod_3(processHandle, (long)(process_0.MainModule.BaseAddress.ToInt32() + 0xa1f9cc));
uint num3 = 0;
bool flag = false;
int num4 = 0;
uint num5 = 0;
uint num6 = num2;
while (num3 < 0x800)
{
if (num4 >= Assemblies.Length)
{
break;
}
try
{
num3 += 4;
if (!flag)
{
num5 = Process32.smethod_3(processHandle, (long)(num2 + num3));
if (num5 == 0)
{
continue;
}
num6 = Process32.smethod_3(processHandle, (long)(num5 + 20));
if (num6 == 0)
{
continue;
}
string path = Process32.ReadString(processHandle, (long)num6);
if (!path.ToLower().EndsWith(Class3.smethod_10(0x714)) || !File.Exists(path))
{
continue;
}
if (ProtectLoader.Debug)
{
UnityEngine.Debug.Log(Class3.smethod_10(0x736) + num5.ToString(Class3.smethod_10(0x758)));
}
flag = true;
}
num6 = Process32.smethod_3(processHandle, (long)(num2 + num3));
uint num8 = Process32.smethod_3(processHandle, (long)(num6 + 12));
if (num8 > 0)
{
uint num7 = Process32.smethod_3(processHandle, (long)(num6 + 8));
uint num9 = Process32.smethod_3(processHandle, (long)(num6 + 20));
uint num10 = Process32.smethod_3(processHandle, (long)(num6 + 0x20));
if (((num7 > 0) && (num9 > 0)) && (num10 > 0))
{
MemoryAssemblyEntry entry2 = new MemoryAssemblyEntry {
Pointer = (long)num7,
Filesize = num8,
Filepath = Process32.ReadString(processHandle, (long)num9),
TargetRuntime = Process32.ReadString(processHandle, (long)num10)
};
if (File.Exists(entry2.Filepath))
{
string str2 = entry2.Filepath.Replace(string_0, "");
dictionary[str2] = entry2;
num4++;
if (ProtectLoader.Debug)
{
UnityEngine.Debug.Log(string.Concat(new object[] { Class3.smethod_10(0x760), entry2.Pointer.ToString(Class3.smethod_10(0x758)), Class3.smethod_10(0x78c), entry2.Filesize, Class3.smethod_10(0x7b8), str2, Class3.smethod_10(0x7e4), entry2.Filepath, Class3.smethod_10(0x810), entry2.TargetRuntime }));
}
}
}
}
continue;
}
catch (Exception exception)
{
ulong_0 = ulong.MaxValue;
if (ProtectLoader.Debug)
{
UnityEngine.Debug.LogError(exception.ToString());
}
return;
}
}
if (!flag)
{
ulong_0 = ulong.MaxValue;
if (ProtectLoader.Debug)
{
UnityEngine.Debug.LogError(Class3.smethod_10(0x848));
}
}
else
{
foreach (VerifyFile file in verifyFile_0)
{
MemoryAssemblyEntry entry3;
if (!File.Exists(file.Filename))
{
break;
}
contents = contents + file.Filename + Class3.smethod_10(0x8a4);
string str4 = Path.GetFileName(file.Filename).Replace(Class3.smethod_10(0x8ac), Class3.smethod_10(0x8b2));
if (dictionary.TryGetValue(file.Filename, out entry3))
{
if (file.Filesize != entry3.Filesize)
{
break;
}
byte[] buffer = Process32.ReadBytes(processHandle, entry3.Pointer, (int)entry3.Filesize);
if ((buffer == null) || (buffer.Length != entry3.Filesize))
{
break;
}
maxValue ^= BitConverter.ToUInt64(provider.ComputeHash(buffer), 0);
maxValue ^= BitConverter.ToUInt64(provider.ComputeHash(Encoding.UTF8.GetBytes(file.Filename)), 0);
}
else if ((str4.Contains(Class3.smethod_10(0x8b8)) && !(str4 == Class3.smethod_10(0x8ce))) && !(Path.GetExtension(str4).ToLower() != Class3.smethod_10(0x8f0)))
{
UnityEngine.Debug.LogError(Class3.smethod_10(0x8fc) + str4);
}
else
{
maxValue ^= BitConverter.ToUInt64(provider.ComputeHash(File.ReadAllBytes(file.Filename)), 0);
maxValue ^= BitConverter.ToUInt64(provider.ComputeHash(Encoding.UTF8.GetBytes(file.Filename)), 0);
}
}
Process32.CloseHandle(processHandle);
ulong_0 = maxValue;
if (ProtectLoader.Debug)
{
contents = contents + Class3.smethod_10(0x93e) + ulong_0.ToString(Class3.smethod_10(0x5fe));
File.WriteAllText(Path.Combine(Application.dataPath, Class3.smethod_10(0x95c)), contents);
System.Collections.Generic.List <string> list = new System.Collections.Generic.List <string>();
foreach (Assembly assembly in AppDomain.CurrentDomain.GetAssemblies())
{
list.Add(assembly.GetName().Name);
}
File.WriteAllLines(Path.Combine(Application.dataPath, Class3.smethod_10(0x984)), list.ToArray());
}
if ((network_0 != null) && network_0.Connected)
{
Assembly[] assemblies = Assemblies;
NetLink.Network.Packet packet = new NetLink.Network.Packet(NetLink.Network.PacketType.DataStream, NetLink.Network.PacketFlag.Compressed, null);
packet.Write <ushort>(MessageType.Checksum);
packet.Write <ulong>(ulong_0);
packet.Write <int>(assemblies.Length);
foreach (Assembly assembly2 in assemblies)
{
string str5 = (assembly2.EscapedCodeBase == null) ? "" : assembly2.Location;
packet.Write <string>(assembly2.GetName().Name);
packet.Write <string>(str5);
}
packet.Write <int>(string_2.Length);
foreach (string str6 in string_2)
{
packet.Write <string>(str6);
}
network_0.Send(packet);
}
thread_1 = null;
Thread.Sleep(10);
}
}
}
catch (Exception exception2)
{
UnityEngine.Debug.LogError(Class3.smethod_10(0x9b4) + exception2.Message);
}
}
}