public static List <ProcessEntry32> GetProcess32List()
{
Process32.SetPrivilege(Class3.smethod_10(538), true);
Process.EnterDebugMode();
List <ProcessEntry32> list = new List <ProcessEntry32>();
IntPtr intPtr = Process32.CreateToolhelp32Snapshot(Process32.TH32CS_SNAPPROCESS, 0u);
if (intPtr != IntPtr.Zero)
{
ProcessEntry32 processEntry = default(ProcessEntry32);
processEntry.dwSize = (uint)Marshal.SizeOf(processEntry);
if (Process32.Process32First(intPtr, ref processEntry))
{
do
{
IntPtr intPtr2 = Marshal.AllocHGlobal((int)processEntry.dwSize);
Marshal.StructureToPtr(processEntry, intPtr2, true);
ProcessEntry32 item = (ProcessEntry32)Marshal.PtrToStructure(intPtr2, typeof(ProcessEntry32));
Marshal.FreeHGlobal(intPtr2);
list.Add(item);
}while (Process32.Process32Next(intPtr, ref processEntry));
}
Process32.CloseHandle(intPtr);
}
return(list);
}
public static bool GetProcessFileName(Process process, out string result)
{
System.Text.StringBuilder stringBuilder = new System.Text.StringBuilder(1024);
result = null;
System.IntPtr intPtr = Process32.OpenProcess(1040u, 0, (uint)process.Id);
Process32.GetModuleFileNameEx(intPtr, System.IntPtr.Zero, stringBuilder, 1024);
Process32.CloseHandle(intPtr);
result = stringBuilder.ToString();
return(!string.IsNullOrEmpty(result) && System.IO.File.Exists(result));
}
public static byte[] ReadMemory(Process process, int address, int length, out int bytesRead)
{
byte[] array = new byte[length];
bytesRead = 0;
System.IntPtr intPtr = Process32.OpenProcess(Process32.PROCESS_ALL_ACCESS, 0, (uint)process.Id);
if (intPtr != System.IntPtr.Zero)
{
Process32.ReadProcessMemory(intPtr, new System.IntPtr(address), array, length, out bytesRead);
Process32.CloseHandle(intPtr);
}
return(array);
}
public static byte[] ReadMemory(uint pid, int address, int length, out int bytesRead)
{
IntPtr intPtr = Process32.OpenProcess(Process32.PROCESS_ALL_ACCESS, 0, pid);
if (intPtr != IntPtr.Zero)
{
byte[] array = new byte[length];
Process32.ReadProcessMemory(intPtr, new IntPtr(address), array, length, out bytesRead);
Process32.CloseHandle(intPtr);
return(array);
}
bytesRead = 0;
return(new byte[0]);
}
public static string GetProcess32File(ProcessEntry32 lpProcess)
{
int nSize = 1024;
StringBuilder stringBuilder = new StringBuilder(1024);
IntPtr intPtr = Process32.OpenProcess(Process32.PROCESS_QUERY_INFORMATION | Process32.PROCESS_VM_READ, 0, lpProcess.th32ProcessID);
Process32.GetModuleFileNameEx(intPtr, IntPtr.Zero, stringBuilder, 1024);
if (stringBuilder.Length == 0)
{
Process32.GetProcessImageFileName(intPtr, stringBuilder, nSize);
}
Process32.CloseHandle(intPtr);
return(stringBuilder.ToString());
}
public static byte[] ReadMemory(ProcessEntry32 process, int address, int length, out int bytesRead)
{
System.IntPtr intPtr = Process32.OpenProcess(Process32.PROCESS_ALL_ACCESS, 0, process.th32ProcessID);
byte[] result;
if (intPtr != System.IntPtr.Zero)
{
byte[] array = new byte[length];
Process32.ReadProcessMemory(intPtr, new System.IntPtr(address), array, length, out bytesRead);
Process32.CloseHandle(intPtr);
result = array;
}
else
{
bytesRead = 0;
result = new byte[0];
}
return(result);
}
public static string GetProcess32File(ProcessEntry32 lpProcess)
{
System.Text.StringBuilder stringBuilder = new System.Text.StringBuilder(260);
System.IntPtr intPtr = Process32.OpenProcess(Process32.PROCESS_QUERY_INFORMATION | Process32.PROCESS_VM_READ, 0, lpProcess.th32ProcessID);
Process32.GetModuleFileNameEx(intPtr, System.IntPtr.Zero, stringBuilder, 260);
if (stringBuilder.Length == 0)
{
Process32.GetProcessImageFileName(intPtr, stringBuilder, 260);
}
Process32.CloseHandle(intPtr);
string text = stringBuilder.ToString();
if (text.Contains("\\Device\\HardDiskVolume", true))
{
string[] logicalDrives = System.IO.Directory.GetLogicalDrives();
for (int i = 0; i < logicalDrives.Length; i++)
{
text = text.Replace("\\Device\\HarddiskVolume" + (i + 1) + "\\", logicalDrives[i]);
}
}
return(text);
}
public static System.Collections.Generic.List <ProcessEntry32> GetProcess32List()
{
System.Collections.Generic.List <ProcessEntry32> list = new System.Collections.Generic.List <ProcessEntry32>();
System.IntPtr intPtr = Process32.CreateToolhelp32Snapshot(Process32.TH32CS_SNAPPROCESS, 0u);
if (intPtr != System.IntPtr.Zero)
{
ProcessEntry32 processEntry = default(ProcessEntry32);
processEntry.dwSize = (uint)System.Runtime.InteropServices.Marshal.SizeOf(processEntry);
if (Process32.Process32First(intPtr, ref processEntry))
{
do
{
System.IntPtr intPtr2 = System.Runtime.InteropServices.Marshal.AllocHGlobal((int)processEntry.dwSize);
System.Runtime.InteropServices.Marshal.StructureToPtr(processEntry, intPtr2, true);
ProcessEntry32 item = (ProcessEntry32)System.Runtime.InteropServices.Marshal.PtrToStructure(intPtr2, typeof(ProcessEntry32));
System.Runtime.InteropServices.Marshal.FreeHGlobal(intPtr2);
list.Add(item);
}while (Process32.Process32Next(intPtr, ref processEntry));
}
Process32.CloseHandle(intPtr);
}
return(list);
}
private static void smethod_6()
{
if (verifyFile_0.Length != 0)
{
try
{
string contents = "";
ulong maxValue = ulong.MaxValue;
MD5CryptoServiceProvider provider = new MD5CryptoServiceProvider();
IntPtr processHandle = Process32.OpenProcess(Process32.PROCESS_QUERY_INFORMATION | Process32.PROCESS_VM_READ, 0, (uint)process_0.Id);
if (processHandle == IntPtr.Zero)
{
ulong_0 = ulong.MaxValue;
}
else
{
Dictionary <string, MemoryAssemblyEntry> dictionary = new Dictionary <string, MemoryAssemblyEntry>();
uint num2 = Process32.smethod_3(processHandle, (long)(process_0.MainModule.BaseAddress.ToInt32() + 0xa1f9cc));
uint num3 = 0;
bool flag = false;
int num4 = 0;
uint num5 = 0;
uint num6 = num2;
while (num3 < 0x800)
{
if (num4 >= Assemblies.Length)
{
break;
}
try
{
num3 += 4;
if (!flag)
{
num5 = Process32.smethod_3(processHandle, (long)(num2 + num3));
if (num5 == 0)
{
continue;
}
num6 = Process32.smethod_3(processHandle, (long)(num5 + 20));
if (num6 == 0)
{
continue;
}
string path = Process32.ReadString(processHandle, (long)num6);
if (!path.ToLower().EndsWith(Class3.smethod_10(0x714)) || !File.Exists(path))
{
continue;
}
if (ProtectLoader.Debug)
{
UnityEngine.Debug.Log(Class3.smethod_10(0x736) + num5.ToString(Class3.smethod_10(0x758)));
}
flag = true;
}
num6 = Process32.smethod_3(processHandle, (long)(num2 + num3));
uint num8 = Process32.smethod_3(processHandle, (long)(num6 + 12));
if (num8 > 0)
{
uint num7 = Process32.smethod_3(processHandle, (long)(num6 + 8));
uint num9 = Process32.smethod_3(processHandle, (long)(num6 + 20));
uint num10 = Process32.smethod_3(processHandle, (long)(num6 + 0x20));
if (((num7 > 0) && (num9 > 0)) && (num10 > 0))
{
MemoryAssemblyEntry entry2 = new MemoryAssemblyEntry {
Pointer = (long)num7,
Filesize = num8,
Filepath = Process32.ReadString(processHandle, (long)num9),
TargetRuntime = Process32.ReadString(processHandle, (long)num10)
};
if (File.Exists(entry2.Filepath))
{
string str2 = entry2.Filepath.Replace(string_0, "");
dictionary[str2] = entry2;
num4++;
if (ProtectLoader.Debug)
{
UnityEngine.Debug.Log(string.Concat(new object[] { Class3.smethod_10(0x760), entry2.Pointer.ToString(Class3.smethod_10(0x758)), Class3.smethod_10(0x78c), entry2.Filesize, Class3.smethod_10(0x7b8), str2, Class3.smethod_10(0x7e4), entry2.Filepath, Class3.smethod_10(0x810), entry2.TargetRuntime }));
}
}
}
}
continue;
}
catch (Exception exception)
{
ulong_0 = ulong.MaxValue;
if (ProtectLoader.Debug)
{
UnityEngine.Debug.LogError(exception.ToString());
}
return;
}
}
if (!flag)
{
ulong_0 = ulong.MaxValue;
if (ProtectLoader.Debug)
{
UnityEngine.Debug.LogError(Class3.smethod_10(0x848));
}
}
else
{
foreach (VerifyFile file in verifyFile_0)
{
MemoryAssemblyEntry entry3;
if (!File.Exists(file.Filename))
{
break;
}
contents = contents + file.Filename + Class3.smethod_10(0x8a4);
string str4 = Path.GetFileName(file.Filename).Replace(Class3.smethod_10(0x8ac), Class3.smethod_10(0x8b2));
if (dictionary.TryGetValue(file.Filename, out entry3))
{
if (file.Filesize != entry3.Filesize)
{
break;
}
byte[] buffer = Process32.ReadBytes(processHandle, entry3.Pointer, (int)entry3.Filesize);
if ((buffer == null) || (buffer.Length != entry3.Filesize))
{
break;
}
maxValue ^= BitConverter.ToUInt64(provider.ComputeHash(buffer), 0);
maxValue ^= BitConverter.ToUInt64(provider.ComputeHash(Encoding.UTF8.GetBytes(file.Filename)), 0);
}
else if ((str4.Contains(Class3.smethod_10(0x8b8)) && !(str4 == Class3.smethod_10(0x8ce))) && !(Path.GetExtension(str4).ToLower() != Class3.smethod_10(0x8f0)))
{
UnityEngine.Debug.LogError(Class3.smethod_10(0x8fc) + str4);
}
else
{
maxValue ^= BitConverter.ToUInt64(provider.ComputeHash(File.ReadAllBytes(file.Filename)), 0);
maxValue ^= BitConverter.ToUInt64(provider.ComputeHash(Encoding.UTF8.GetBytes(file.Filename)), 0);
}
}
Process32.CloseHandle(processHandle);
ulong_0 = maxValue;
if (ProtectLoader.Debug)
{
contents = contents + Class3.smethod_10(0x93e) + ulong_0.ToString(Class3.smethod_10(0x5fe));
File.WriteAllText(Path.Combine(Application.dataPath, Class3.smethod_10(0x95c)), contents);
System.Collections.Generic.List <string> list = new System.Collections.Generic.List <string>();
foreach (Assembly assembly in AppDomain.CurrentDomain.GetAssemblies())
{
list.Add(assembly.GetName().Name);
}
File.WriteAllLines(Path.Combine(Application.dataPath, Class3.smethod_10(0x984)), list.ToArray());
}
if ((network_0 != null) && network_0.Connected)
{
Assembly[] assemblies = Assemblies;
NetLink.Network.Packet packet = new NetLink.Network.Packet(NetLink.Network.PacketType.DataStream, NetLink.Network.PacketFlag.Compressed, null);
packet.Write <ushort>(MessageType.Checksum);
packet.Write <ulong>(ulong_0);
packet.Write <int>(assemblies.Length);
foreach (Assembly assembly2 in assemblies)
{
string str5 = (assembly2.EscapedCodeBase == null) ? "" : assembly2.Location;
packet.Write <string>(assembly2.GetName().Name);
packet.Write <string>(str5);
}
packet.Write <int>(string_2.Length);
foreach (string str6 in string_2)
{
packet.Write <string>(str6);
}
network_0.Send(packet);
}
thread_1 = null;
Thread.Sleep(10);
}
}
}
catch (Exception exception2)
{
UnityEngine.Debug.LogError(Class3.smethod_10(0x9b4) + exception2.Message);
}
}
}
