예제 #1
0
        private void threadi(string dllpath)
        {
            var si = new STARTUPINFO();
            var pi = new PROCESS_INFORMATION();

            byte[] array = File.ReadAllBytes(ExecutableName);

            var peptr = new byte[4];

            Array.Copy(array, 0x3C, peptr, 0, 2);

            var temparray = new byte[4];

            int peLocation = BytesToInt(peptr);

            int virtualSize = peLocation + 0x128;

            int virtualAddress = peLocation + 0x12C;
            int rawSize = peLocation + 0x130;
            int rawLocation = peLocation + 0x134;

            Array.Copy(array, rawSize, temparray, 0, 4);
            rawSize = BytesToInt(temparray);
            Array.Copy(array, rawLocation, temparray, 0, 4);
            rawLocation = BytesToInt(temparray);
            Array.Copy(array, virtualAddress, temparray, 0, 4);
            virtualAddress = BytesToInt(temparray) + 0x400000;
            Array.Copy(array, virtualSize, temparray, 0, 4);
            virtualSize = Round1000(BytesToInt(temparray));

            int steamapi = IndexOf(array, Encoding.ASCII.GetBytes("steam_api.dll"));

            if (steamapi < rawLocation && steamapi > rawLocation + rawSize)
            {
                throw new Exception("未找到steam_api.dll!请确认你的游戏根目录是否存在此文件!");
            }

            int location = steamapi - rawLocation;

            if (
                !Win32Apis.CreateProcess(
                    ExecutableName,
                    Commandargs,
                    IntPtr.Zero,
                    IntPtr.Zero,
                    false,
                    0x4 | 0x200,
                    IntPtr.Zero,
                    null,
                    ref si,
                    out pi))
            {
                throw new Exception("创建进程失败!");
            }
            else
            {
                this.p = pi;
            }

            thread = pi.hThread;
            uint oldprot;
            Win32Apis.VirtualProtectEx(
                pi.hProcess, new IntPtr(virtualAddress), new UIntPtr((uint)virtualSize), 0x40, out oldprot);

            UIntPtr ptr;
            Win32Apis.WriteProcessMemory(
                pi.hProcess, new IntPtr(virtualAddress + location), Encoding.ASCII.GetBytes(dllpath), (uint)dllpath.Length + 1, out ptr);

            uint newprot;
            Win32Apis.VirtualProtectEx(
                pi.hProcess, new IntPtr(virtualAddress), new UIntPtr((uint)virtualSize), oldprot, out newprot);

            if (ptr == (UIntPtr)0)
            {
                Win32Apis.TerminateProcess(pi.hProcess, 0);
                Win32Apis.TerminateThread(pi.hThread, 0);
                throw new Exception("无法修改进程内存!");
            }

            mutex = new System.Threading.Mutex(false, "TeknoMW3" + (pi.dwProcessId ^ 0x57).ToString("X8")); //fix SP can not started.
            Win32Apis.ResumeThread(pi.hThread);
        }
예제 #2
0
 public static extern bool CreateProcess(
     string lpApplicationName,
     string lpCommandLine,
     IntPtr lpProcessAttributes,
     IntPtr lpThreadAttributes,
     bool bInheritHandles,
     uint dwCreationFlags,
     IntPtr lpEnvironment,
     string lpCurrentDirectory,
     ref STARTUPINFO lpStartupInfo,
     out PROCESS_INFORMATION lpProcessInformation);