public void CallCustomX86(Action <X86Writer> writeX86)
{
if (CodeHandle.IsClosed || CodeHandle.IsInvalid)
{
CompletelyReInitializeAndInjectCodeInNewLocation();
}
Kernel.CheckAddress(CodeHandle.GetHandle().ToInt64(), FUNCTION_CALL_ASM_BUFFER_SIZE, "execute function");
Buffer_ParamPointerList.Clear();
AsmBuffer.Position = 0;
X86Writer asm = new X86Writer(AsmBuffer, CodeHandle.GetHandle());
writeX86.Invoke(asm);
if (WriteAsm((uint)CodeHandle.GetHandle(), AsmBuffer.ToArray(), (int)AsmBuffer.Position))
{
var threadHandle = new SafeRemoteThreadHandle(CodeHandle);
if (!threadHandle.IsClosed & !threadHandle.IsInvalid)
{
Kernel.WaitForSingleObject(threadHandle.GetHandle(), MAX_WAIT);
}
threadHandle.Close();
threadHandle.Dispose();
threadHandle = null;
}
}
public T CallIngameFuncReg <T>(Memloc functionAddress, IEnumerable <dynamic> args,
dynamic eax = null,
dynamic ecx = null,
dynamic edx = null,
dynamic ebx = null,
dynamic esp = null,
dynamic esi = null,
dynamic edi = null)
{
if (CodeHandle.IsClosed || CodeHandle.IsInvalid)
{
CompletelyReInitializeAndInjectCodeInNewLocation();
}
Kernel.CheckAddress(CodeHandle.GetHandle(), FUNCTION_CALL_ASM_BUFFER_SIZE, "execute function");
Buffer_ParamPointerList.Clear();
InitAsmBuffer(functionAddress, args, Buffer_ParamPointerList, eax, ecx, edx, ebx, esp, esi, edi);
if (!InjectEntireCodeBuffer())
{
Extra.Dbg.PrintErr("WARNING: CODE INJECT FAILURE");
}
//luai.DebugUpdate()
foreach (SafeRemoteHandle ptr in Buffer_ParamPointerList)
{
ptr.Dispose();
}
Buffer_ResultBytes = ExecuteAsm();
Buffer_Result = GetFunctionCallResult <T>(Buffer_ResultBytes);
foreach (SafeRemoteHandle ptr in Buffer_ParamPointerList)
{
ptr.Close();
ptr.Dispose();
}
Buffer_ParamPointerList.Clear();
return(Buffer_Result);
}
public void CallArrayOfBytes(byte[] asmBytes)
{
if (CodeHandle.IsClosed || CodeHandle.IsInvalid)
{
CompletelyReInitializeAndInjectCodeInNewLocation();
}
if (WriteAsm((uint)CodeHandle.GetHandle().ToInt64(), asmBytes, asmBytes.Length))
{
var threadHandle = new SafeRemoteThreadHandle(CodeHandle);
if (!threadHandle.IsClosed & !threadHandle.IsInvalid)
{
Kernel.WaitForSingleObject(threadHandle.GetHandle(), MAX_WAIT);
}
threadHandle.Close();
threadHandle.Dispose();
threadHandle = null;
}
}
public T CallIngameFunc64 <T>(Memloc functionAddress, IEnumerable <dynamic> args)
{
if (CodeHandle.IsClosed || CodeHandle.IsInvalid)
{
CompletelyReInitializeAndInjectCodeInNewLocation();
}
Kernel.CheckAddress(CodeHandle.GetHandle(), FUNCTION_CALL_ASM_BUFFER_SIZE, "execute function");
byte[] byt = InitAsm64Buffer(functionAddress, args, Buffer_ParamPointerList);
if (!(WriteAsm(CodeHandle.GetHandle(), byt, byt.Length)))
{
Extra.Dbg.PrintErr("WARNING: CODE INJECT FAILURE");
}
foreach (SafeRemoteHandle ptr in Buffer_ParamPointerList)
{
ptr.Dispose();
}
Buffer_ResultBytes = ExecuteAsm();
Buffer_Result = GetFunctionCallResult <T>(Buffer_ResultBytes);
foreach (SafeRemoteHandle ptr in Buffer_ParamPointerList)
{
ptr.Close();
ptr.Dispose();
}
Buffer_ParamPointerList.Clear();
return(Buffer_Result);
}
private byte[] InitAsm64Buffer(IntPtr funcAddr, IEnumerable <dynamic> parameters, List <SafeRemoteHandle> allocPtrList,
dynamic rax = null,
dynamic rcx = null,
dynamic rdx = null,
dynamic rbx = null,
dynamic rsp = null,
dynamic rsi = null,
dynamic rdi = null)
{
var args = parameters.ToArray();
byte[] asm64 =
{
0x9C, //pushfq
0x48, 0x81, 0xC4, 0x80, 0x00, 0x00, 0x00, //add rsp, 00000080
0x48, 0xBA, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //mov rdx, 00 (0xA = rdx loc)
0x49, 0xB8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //mov r8, 00 (20d)
0x49, 0xB9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //mov r9, 00 (30d)
0x48, 0xB9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //mov rcx, 00 (40d)
0x48, 0x89, 0x4C, 0x24, 0x20, //mov [rsp+28],rcx
0x48, 0xB9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //mov rcx, 00 (55d)
0x48, 0x89, 0x4C, 0x24, 0x28, //mov [rsp+28],rcx
0xFF, 0x15, 0x02, 0x00, 0x00, 0x00, 0xEB, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //call absolute address (76d)
0x48, 0xBB, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //mov val return address to rbx (81d)
0x48, 0x89, 0x03, //mov [rbx], rax
0x48, 0x81, 0xEC, 0x80, 0x00, 0x00, 0x00, //sub rsp, 00000080
0x9D, //popfq
0xC3 //retn
};
/*
* if (args.Length > 0) { Array.Copy(BitConverter.GetBytes((Int64)args[0]), 0, asm64, 0xA, 8); }
* if (args.Length > 1) { Array.Copy(BitConverter.GetBytes((Int64)args[1]), 0, asm64, 20, 8); }
* if (args.Length > 2) { Array.Copy(BitConverter.GetBytes((Int64)args[2]), 0, asm64, 30, 8); }
* if (args.Length > 3) { Array.Copy(BitConverter.GetBytes((Int64)args[3]), 0, asm64, 40, 8); }
* if (args.Length > 4) { Array.Copy(BitConverter.GetBytes((Int64)args[4]), 0, asm64, 55, 8); }
*/
//Fix this damn int conversion crap
List <Int32> intargs = new List <Int32>();
for (int i = 0; i < (args.Count()); i++)
{
intargs.Add(ToInt32(args[i]));
}
if (intargs.Count() > 0)
{
Array.Copy(BitConverter.GetBytes(intargs[0]), 0, asm64, 0xA, 4);
}
if (intargs.Count() > 1)
{
Array.Copy(BitConverter.GetBytes(intargs[1]), 0, asm64, 20, 4);
}
if (intargs.Count() > 2)
{
Array.Copy(BitConverter.GetBytes(intargs[2]), 0, asm64, 30, 4);
}
if (intargs.Count() > 3)
{
Array.Copy(BitConverter.GetBytes(intargs[3]), 0, asm64, 40, 4);
}
if (intargs.Count() > 4)
{
Array.Copy(BitConverter.GetBytes(intargs[4]), 0, asm64, 55, 4);
}
Array.Copy(BitConverter.GetBytes((Int64)funcAddr), 0, asm64, 76, 8);
Array.Copy(BitConverter.GetBytes(CodeHandle.GetHandle().ToInt64() + 0x200), 0, asm64, 86, 8); //Move rax to return address
return(asm64);
}
private void InitAsmBuffer(int funcAddr, IEnumerable <dynamic> parameters, List <SafeRemoteHandle> allocPtrList,
dynamic eax = null,
dynamic ecx = null,
dynamic edx = null,
dynamic ebx = null,
dynamic esp = null,
dynamic esi = null,
dynamic edi = null)
{
var args = parameters.ToArray();
AsmBuffer.Position = 0;
X86Writer asm = new X86Writer(AsmBuffer, CodeHandle.GetHandle());
//ASM START:
asm.Push32(Reg32.EBP);
asm.Mov32(Reg32.EBP, Reg32.ESP);
asm.Push32(Reg32.EAX);
for (int i = args.Length - 1; i >= 0; i += -1)
{
asm.Mov32(Reg32.EAX, SquashIntoDword(ref allocPtrList, args[i]));
asm.Push32(Reg32.EAX);
}
if (eax != null)
{
asm.Mov32(Reg32.EAX, SquashIntoDword(ref allocPtrList, eax));
}
if (ecx != null)
{
asm.Mov32(Reg32.ECX, SquashIntoDword(ref allocPtrList, ecx));
}
if (edx != null)
{
asm.Mov32(Reg32.EDX, SquashIntoDword(ref allocPtrList, edx));
}
if (ebx != null)
{
asm.Mov32(Reg32.EBX, SquashIntoDword(ref allocPtrList, ebx));
}
if (esp != null)
{
asm.Mov32(Reg32.ESP, SquashIntoDword(ref allocPtrList, esp));
}
if (esi != null)
{
asm.Mov32(Reg32.ESI, SquashIntoDword(ref allocPtrList, esi));
}
if (edi != null)
{
asm.Mov32(Reg32.EDI, SquashIntoDword(ref allocPtrList, edi));
}
//CALL LUA FUNCTION:
asm.Call(new IntPtr(funcAddr));
AsmLocAfterLuaFunctionCall = new MoveableAddressOffset(this, asm.Position);
//SET RETURN POS:
asm.Mov32(Reg32.EBX, CodeHandle.GetHandle().ToInt32() + FUNC_RETURN_ADDR_OFFSET);
asm.Mov32(new Addr(Reg32.EBX, 0), Reg32.EAX);
//mov [ebx], eax
asm.Pop32(Reg32.EAX);
for (int i = args.Length - 1; i >= 0; i += -1)
{
asm.Pop32(Reg32.EAX);
}
asm.Mov32(Reg32.ESP, Reg32.EBP);
asm.Pop32(Reg32.EBP);
asm.Retn();
}
