|
public GetUInt32 ( uint address ) : |
||
| address | uint | Memory location. |
| 리턴 | ||
/// <summary>
/// Retrieves kernel export table.
/// </summary>
/// <returns>Kernel export table.</returns>
private uint[] GetExportTable()
{
Xbox.ConnectionCheck();
uint TempPtr;
uint ExportCount;
//gets export table info
TempPtr = Xbox.GetUInt32(Base + 0x3C);
TempPtr = Xbox.GetUInt32(Base + TempPtr + 0x78);
ExportCount = Xbox.GetUInt32(Base + TempPtr + 0x14);
TempPtr = Base + Xbox.GetUInt32(Base + TempPtr + 0x1C); //export table base address
//dumps raw export table
byte[] RawExportTable = Xbox.GetMemory(TempPtr, ExportCount * 4);
//adjusts for actual addresses
uint[] ExportTable = new uint[450];
for (int i = 0; i < ExportCount; i++)
{
ExportTable[i + 1] = Base + BitConverter.ToUInt32(RawExportTable, i * 4);
}
return(ExportTable);
}
/// <summary>
/// Initializes the history page.
/// </summary>
public XboxHistory(Xbox xbox)
{
Xbox = xbox;
Xbox.SetMemory(0xB00292D0, ScriptBufferAddress); // set up the script buffer
if (IsPresent())
{
// restore our current allocations
Xbox.ReloadAllocationTable();
// check other settings like controller hook etc...
XInputGetStateAddress = Xbox.GetUInt32(Gamepad.XInputGetState);
OriginalGamepadCode = Xbox.GetMemory(Gamepad.OriginalCodeBuffer, 10);
}
else
{
// allocate memory for our history pages
AllocateHistoryPages(kSize);
Xbox.SetMemory(kBaseAddress, 0x6F6C6559); // "Yelo"
}
}
/// <summary>
/// Use in beginning when setting up our history page, since calladdressex will depend on that memory
/// </summary>
/// <param name="size"></param>
/// <returns>Allocated address.</returns>
uint AllocateHistoryPages(uint size)
{
// calculate actual size of allocation
size = Util.GetAlignedPageBoundary(size);
// checks if theres enough memory for allocation to take place
Xbox.IsEnoughMemory(size);
#region Reserve the memory
// store address to call
Xbox.SetMemory(0x10000, size);
Xbox.SetMemory(0x10004, 0x40000000);
// inject script
//push 4 ;protect
//push 2000h ;type
//push 10000h ;pSize
//push 0
//push 10004h ;pAddress
//mov eax, 012345678h ;export address
//call eax
//mov eax, 02DB0000h ;fake success
//retn 010h
Xbox.MemoryStream.Position = ScriptBufferAddress;
byte[] pt1 = { 0x6A, 0x04, 0x68, 0x00, 0x20, 0x00, 0x00, 0x68, 0x00, 0x00, 0x01, 0x00, 0x6A, 0x00, 0x68, 0x04, 0x00, 0x01, 0x00, 0xB8 };
Xbox.MemoryWriter.Write(pt1);
Xbox.MemoryWriter.Write(Xbox.Kernel.NtAllocateVirtualMemory);
byte[] pt2 = { 0xFF, 0xD0, 0xB8, 0x00, 0x00, 0xDB, 0x02, 0xC2, 0x10, 0x00 };
Xbox.MemoryWriter.Write(pt2);
// execute script via hijacked crashdump function
Xbox.SendCommand("crashdump");
// return the value of eax after the call
uint ptr = Xbox.GetUInt32(0x10004);
#endregion
#region Commit the memory
// store address to call
Xbox.SetMemory(0x10000, size);
Xbox.SetMemory(0x10004, 0x40000000);
// inject script
//push 4 ;protect
//push 1000h ;type
//push 10000h ;pSize
//push 0
//push 10004h ;pAddress
//mov eax, 012345678h ;export address
//call eax
//mov eax, 02DB0000h ;fake success
//retn 010h
Xbox.MemoryStream.Position = ScriptBufferAddress;
byte[] pt3 = { 0x6A, 0x04, 0x68, 0x00, 0x10, 0x00, 0x00, 0x68, 0x00, 0x00, 0x01, 0x00, 0x6A, 0x00, 0x68, 0x04, 0x00, 0x01, 0x00, 0xB8 };
Xbox.MemoryWriter.Write(pt3);
Xbox.MemoryWriter.Write(Xbox.Kernel.NtAllocateVirtualMemory);
byte[] pt4 = { 0xFF, 0xD0, 0xB8, 0x00, 0x00, 0xDB, 0x02, 0xC2, 0x10, 0x00 };
Xbox.MemoryWriter.Write(pt4);
// execute script via hijacked crashdump function
Xbox.SendCommand("crashdump");
// return the value of eax after the call
ptr = Xbox.GetUInt32(0x10004);
#endregion
// check for success, but DONT add to our allocation table...
if (ptr == 0)
{
throw new Exception("Failed to initialize YeloDebug in xbox memory.");
}
return(ptr);
}
/// <summary>
/// Initializes the history page.
/// </summary>
public XboxHistory(Xbox xbox)
{
Xbox = xbox;
Xbox.SetMemory(0xB00292D0, ScriptBufferAddress); // set up the script buffer
if (IsPresent())
{
// restore our current allocations
Xbox.ReloadAllocationTable();
// check other settings like controller hook etc...
XInputGetStateAddress = Xbox.GetUInt32(Gamepad.XInputGetState);
OriginalGamepadCode = Xbox.GetMemory(Gamepad.OriginalCodeBuffer, 10);
}
else
{
// allocate memory for our history pages
AllocateHistoryPages(kSize);
Xbox.SetMemory(kBaseAddress, 0x6F6C6559); // "Yelo"
}
}