private IntPtr Inject_SkyrimVR()
{
int len = 6;
int data_offset = 0x100;
byte[] bytes_program =
{
0x48, 0x8B, 0xF2, //mov rsi,rdx <-newmem
0x48, 0x8B, 0x39, //mov rdi,[rcx]
0x51,
0x50,
0x48, 0xB8, 0x00, 0x00, 0xEC, 0x4E, 0xF7, 0x7F, 0x00, 0x00, //mov rax,SkyrimSE.exe SkyrimSE.exe
0x48, 0x05, 0x68, 0x96, 0xF8, 0x01, // 1st offset
0x48, 0x8B, 0x00, //mov rax,[rax]
0x48, 0x05, 0xD0, 0x00, 0x00, 0x00, // 2th offset
0x48, 0x8B, 0x00, //mov rax,[rax]
0x48, 0x83, 0xC0, 0x08, // 3th offset
0x48, 0x8B, 0x00, //mov rax,[rax]
0x48, 0x05, 0xA8, 0x01, 0x00, 0x00, // 4th offset
0x48, 0x8B, 0x00, //mov rax,[rax]
0x48, 0x05, 0x90, 0x00, 0x00, 0x00, // 5tffset
0x48, 0x8B, 0x00, //mov rax,[rax]
0x48, 0x83, 0xC0, 0x68, // 6tffset
0x4C, 0x39, 0xF0,
0x0F, 0x85, 0x39, 0x00, 0x00, 0x00, //jne finishUp
0x48, 0xB8, 0x8A, 0x00, 0xEB, 0xC4, 0xF7, 0x7F, 0x00, 0x00, //mov rax,randomData randomData
0x48, 0x05, 0xF0, 0x00, 0x00, 0x00,
0x48, 0x83, 0xC0, 0x10, // <-increaseArray
0x48, 0x39, 0x38,
0x0F, 0x84, 0x0E, 0x00, 0x00, 0x00, //je countUoArrayItem
0x83, 0x38, 0x00,
0x0F, 0x84, 0x02, 0x00, 0x00, 0x00, //je createNewArrayItem
0xEB, 0xE8, //jmp increaseArray <-createNewArrayItem
0x48, 0x89, 0x38, // <-countUpArrayItem
0x48, 0x83, 0xC0, 0x08,
0x48, 0x8B, 0x08,
0x48, 0x83, 0xC1, 0x01,
0x48, 0x89, 0x08,
0x58, //pop rax <-finishUp
0x59, //pop rcx
0xE9, 0x28, 0x1C, 0x1B, 0x00 //jmp INJECT INJECT
// <-randomData
};
AOB_Scanner.AOB_Scanner aob_scanner = new AOB_Scanner.AOB_Scanner(memory.process, memory.ProcessHandle, "48 8B C4 57 48 81 EC 40 01 00 00 48 C7 44 24 20 FE FF FF FF 48 89 58 10 48 89 70 18");
aob_scanner.setModule(memory.process.MainModule);
IntPtr ptr_inject = (IntPtr)aob_scanner.FindPattern();
if (ptr_inject == IntPtr.Zero)
{
Notification_Message?.Invoke(this, new StringArg("Could not inject, did the game load past the main menu?"));
return(IntPtr.Zero);
}
ptr_inject += 0x1C;
//check if we already injected code
byte b = memory.ReadByte(ptr_inject);
if (b == 0xE9)
{
Notification_Message?.Invoke(this, new StringArg("Skipping injection (already injected)"));
return((IntPtr)((long)memory.ReadInt32(ptr_inject + 0x1) + (long)ptr_inject) + 5 + bytes_program.Length + data_offset);
}
IntPtr ptr_functon = memory.AllocateMemory(10000, ptr_inject);
IntPtr ptr_data = ptr_functon + bytes_program.Length;
byte[] bytes = new byte[10000];
//write program
Array.Copy(bytes_program, bytes, bytes_program.Length);
//////////////////////////////////////////
/// Replace long jumps in the program
//////////////////////////////////////////
//replace SkyrimSE.exe
byte[] bytes_ptr_baseAddress = BitConverter.GetBytes((ulong)memory.process.MainModule.BaseAddress);
for (int i = 0; i < 8; i++)
{
bytes[0x0A + i] = bytes_ptr_baseAddress[i];
}
//replace randomData
byte[] bytes_ptr_data = BitConverter.GetBytes((ulong)ptr_data);
for (int i = 0; i < 8; i++)
{
bytes[0x4C + i] = bytes_ptr_data[i];
}
//replace INJECT
byte[] bytes_ptr_return = BitConverter.GetBytes((ulong)ptr_inject + (ulong)len - (ulong)ptr_functon - (ulong)0x8A);
for (int i = 0; i < 4; i++)
{
bytes[0x86 + i] = bytes_ptr_return[i];
}
memory.WriteBytes(ptr_functon, bytes);
memory.Hook(ptr_inject, ptr_functon, len, true);
return(ptr_data + data_offset);
}
private IntPtr Inject_TESV()
{
int len = 5;
int data_offset = 0x100;
byte[] bytes_program = { 0x8B, 0xF0, 0x50, 0xB8, 0xA6, 0x00, 0xF1, 0x01, 0x83, 0xC0, 0x50, 0x89, 0x08, 0x8B, 0xC8, 0x83, 0xC1, 0x08, 0x58, 0x89, 0x01, 0x83, 0xC1, 0x08, 0x89, 0x11, 0x83, 0xC1, 0x08, 0x58, 0x89, 0x01, 0x83, 0xC1, 0x08, 0x58, 0x89, 0x01, 0x58, 0x8B, 0xD0, 0x50, 0x8B, 0x01, 0x50, 0x83, 0xE9, 0x08, 0x8B, 0x01, 0x50, 0x83, 0xE9, 0x08, 0xFF, 0x31, 0x83, 0xE9, 0x08, 0xFF, 0x31, 0x83, 0xE9, 0x08, 0xFF, 0x31, 0xB8, 0x00, 0x00, 0x40, 0x00, 0x05, 0x3C, 0x06, 0xF1, 0x00, 0x8B, 0x00, 0x83, 0xC0, 0x74, 0x8B, 0x00, 0x83, 0xC0, 0x04, 0x8B, 0x00, 0x05, 0x00, 0x01, 0x00, 0x00, 0x8B, 0x00, 0x83, 0xC0, 0x10, 0x8B, 0x00, 0x83, 0xC0, 0x38, 0x39, 0xC2, 0x0F, 0x85, 0x2C, 0x00, 0x00, 0x00, 0xB8, 0xA6, 0x00, 0xF1, 0x01, 0x05, 0xF0, 0x00, 0x00, 0x00, 0x83, 0xC0, 0x10, 0x39, 0x38, 0x0F, 0x84, 0x0D, 0x00, 0x00, 0x00, 0x83, 0x38, 0x00, 0x0F, 0x84, 0x02, 0x00, 0x00, 0x00, 0xEB, 0xEA, 0x89, 0x38, 0x83, 0xC0, 0x08, 0x8B, 0x18, 0x83, 0xC3, 0x01, 0x89, 0x18, 0x5A, 0x58, 0x58, 0x83, 0xFE, 0x04, 0xE9, 0x00, 0x00, 0x00, 0x00 };
AOB_Scanner.AOB_Scanner aob_scanner = new AOB_Scanner.AOB_Scanner(memory.process, memory.ProcessHandle, "8B 44 24 04 81 EC 08 01 00 00 53 56 57 8B 38 8B C7 32 DB 8D 50 01 8A 08 40 84 C9 75 F9 2B C2");
aob_scanner.setModule(memory.process.MainModule);
IntPtr ptr_inject = (IntPtr)aob_scanner.FindPattern();
if (ptr_inject == IntPtr.Zero)
{
Error_Message?.Invoke(this, new StringArg("Could not inject, did the game load past the main menu?"));
return(IntPtr.Zero);
}
ptr_inject += 0x1f;
//check if we already injected code
byte b = memory.ReadByte(ptr_inject);
if (b == 0xE9)
{
Notification_Message?.Invoke(this, new StringArg("Skipping injection (already injected)"));
return((IntPtr)((long)memory.ReadInt32(ptr_inject + 0x1) + (long)ptr_inject) + 5 + bytes_program.Length + data_offset);
}
IntPtr ptr_functon = memory.AllocateMemory(10000);
IntPtr ptr_data = ptr_functon + 0xA6;
byte[] bytes = new byte[10000];
//write program
Array.Copy(bytes_program, bytes, bytes_program.Length);
//some parts in the program are static addresses that need to be overwriten
byte[] bytes_ptr_data = BitConverter.GetBytes((ulong)ptr_data);
for (int i = 0; i < 4; i++)
{
bytes[4 + i] = bytes_ptr_data[i];
}
for (int i = 0; i < 4; i++)
{
bytes[112 + i] = bytes_ptr_data[i];
}
byte[] bytes_ptr_return = BitConverter.GetBytes((ulong)ptr_inject - (ulong)bytes_program.Length + (ulong)len - (ulong)ptr_functon);
for (int i = 0; i < 4; i++)
{
bytes[162 + i] = bytes_ptr_return[i];
}
memory.WriteBytes(ptr_functon, bytes);
memory.Hook(ptr_inject, ptr_functon, len);
return(ptr_data + 0x100);
}
