/// <summary>
/// The dispatcher timer_ tick.
/// </summary>
/// <param name="sender">
/// The sender.
/// </param>
/// <param name="e">
/// The e.
/// </param>
private void DispatcherTimer_Tick(object sender, EventArgs e)
{
if (this.initialized == false)
{
this.initialized = true;
var t = new Thread(this.threadi);
t.Start();
this.dispatcherTimer.Interval = new TimeSpan(0, 0, 5);
return;
}
var context = new CONTEXT();
try
{
if (this.ExecutableName == "iw5mp_server.exe")
{
this.mutex.Close();
this.canclose = true;
this.Close();
}
if (!Win32Apis.GetThreadContext(this.thread, ref context))
{
this.mutex.Close();
this.canclose = true;
this.Close();
}
}
catch (Exception)
{
try
{
this.mutex.Close();
this.canclose = true;
this.Close();
}
catch (Exception)
{
this.canclose = true;
this.Close();
}
}
}
/// <summary>
/// The is assembly signed.
/// </summary>
/// <param name="path">
/// The path.
/// </param>
/// <returns>
/// The is assembly signed.
/// </returns>
private bool IsAssemblySigned(string path)
{
int contentType;
int formatType;
int ignored;
IntPtr context = IntPtr.Zero;
IntPtr pIgnored = IntPtr.Zero;
IntPtr cryptMsg = IntPtr.Zero;
if (
!Win32Apis.CryptQueryObject(
Win32Apis.CERT_QUERY_OBJECT_FILE,
Marshal.StringToHGlobalUni(path),
Win32Apis.CERT_QUERY_CONTENT_FLAG_ALL,
Win32Apis.CERT_QUERY_FORMAT_FLAG_ALL,
0,
out ignored,
out contentType,
out formatType,
ref pIgnored,
ref cryptMsg,
ref context))
{
int error = Marshal.GetLastWin32Error();
Console.WriteLine((new Win32Exception(error)).Message);
return(false);
}
// expecting '10'; CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
if (contentType != 10)
{
return(false);
}
// MessageBox.Show("Context Type: " + contentType);
////Which implies this is set
// MessageBox.Show("Crypt Msg: " + cryptMsg.ToString());
return(true);
}
/// <summary>
/// The btn pd click.
/// </summary>
/// <param name="sender">
/// The sender.
/// </param>
/// <param name="e">
/// The e.
/// </param>
private void BtnPdClick(object sender, RoutedEventArgs e)
{
byte[] dllName = Encoding.ASCII.GetBytes("teknomw3.dll");
if (
MessageBox.Show(
"This is only intented if you have the game running in the backround connected to Steam and it is recommented that you are in the barracks.",
"Are you sure you want to continue?",
MessageBoxButton.YesNo,
MessageBoxImage.Question) == MessageBoxResult.No)
{
return;
}
Process[] proc = getProcesses("iw5mp.exe");
if (proc == null)
{
MessageBox.Show("Target process not found");
return;
}
IntPtr ptrProc = Win32Apis.OpenProcess(ACLOC, false, proc[0].Id);
if (ptrProc == IntPtr.Zero)
{
MessageBox.Show("Target process pointer is invalid");
return;
}
var retLib =
(IntPtr)((int)Win32Apis.GetProcAddress(Win32Apis.GetModuleHandle("Kernel32.dll"), "LoadLibraryA"));
if (retLib == (IntPtr)0)
{
MessageBox.Show("Loadlibrary unreachable");
return;
}
int objBuffer = dllName.Length + 1;
IntPtr objPtr = Win32Apis.VirtualAllocEx(
ptrProc, new IntPtr(0), (uint)objBuffer, (Win32Apis.AllocationType) 4096, (Win32Apis.MemoryProtection) 4);
if (objPtr == (IntPtr)0)
{
MessageBox.Show("Virtual alloc failure");
return;
}
UIntPtr byteswrite;
bool ret = Win32Apis.WriteProcessMemory(ptrProc, objPtr, dllName, (uint)objBuffer, out byteswrite);
if (byteswrite == (UIntPtr)0)
{
MessageBox.Show("Write process mem failure");
return;
}
var mutex = new Mutex(false, "TeknoPDump" + (proc[0].Id ^ 0x80).ToString("X8"));
Win32Apis.CreateRemoteThread(ptrProc, new IntPtr(0), new IntPtr(0), retLib, objPtr, 0, (IntPtr)0);
Win32Apis.CloseHandle(ptrProc);
Thread.Sleep(6000);
mutex.Close();
}
/// <summary>
/// The threadi.
/// </summary>
private void threadi()
{
var si = new STARTUPINFO();
var pi = new PROCESS_INFORMATION();
byte[] array = File.ReadAllBytes(this.ExecutableName);
var peptr = new byte[4];
Array.Copy(array, 0x3C, peptr, 0, 2);
var temparray = new byte[4];
int peLocation = BytesToInt(peptr);
int virtualSize = peLocation + 0x128;
int virtualAddress = peLocation + 0x12C;
int rawSize = peLocation + 0x130;
int rawLocation = peLocation + 0x134;
Array.Copy(array, rawSize, temparray, 0, 4);
rawSize = BytesToInt(temparray);
Array.Copy(array, rawLocation, temparray, 0, 4);
rawLocation = BytesToInt(temparray);
Array.Copy(array, virtualAddress, temparray, 0, 4);
virtualAddress = BytesToInt(temparray) + 0x400000;
Array.Copy(array, virtualSize, temparray, 0, 4);
virtualSize = Round1000(BytesToInt(temparray));
int steamapi = IndexOf(array, Encoding.ASCII.GetBytes("steam_api.dll"));
if (steamapi < rawLocation && steamapi > rawLocation + rawSize)
{
MessageBox.Show(
"Cannot find steam_api.dll string in executable, make sure you have the proper original files!");
return;
}
int location = steamapi - rawLocation;
if (
!Win32Apis.CreateProcess(
this.ExecutableName,
this.Commandargs,
IntPtr.Zero,
IntPtr.Zero,
false,
0x4 | 0x200,
IntPtr.Zero,
null,
ref si,
out pi))
{
MessageBox.Show("Cannot create process!");
return;
}
this.thread = pi.hThread;
uint oldprot;
Win32Apis.VirtualProtectEx(
pi.hProcess, new IntPtr(virtualAddress), new UIntPtr((uint)virtualSize), 0x40, out oldprot);
UIntPtr ptr;
Win32Apis.WriteProcessMemory(
pi.hProcess, new IntPtr(virtualAddress + location), Encoding.ASCII.GetBytes("teknomw3.dll"), 13, out ptr);
uint newprot;
Win32Apis.VirtualProtectEx(
pi.hProcess, new IntPtr(virtualAddress), new UIntPtr((uint)virtualSize), oldprot, out newprot);
if (ptr == (UIntPtr)0)
{
MessageBox.Show("Cannot write to process memory!");
Win32Apis.TerminateProcess(pi.hProcess, 0);
Win32Apis.TerminateThread(pi.hThread, 0);
return;
}
this.mutex = new Mutex(false, "TeknoMW3" + (pi.dwProcessId ^ 0x57).ToString("X8"));
Win32Apis.ResumeThread(pi.hThread);
}
