Exemplo n.º 1
0
        protected override Delegate InitializeDelegate()
        {
            GameSharpProcess process = GameSharpProcess.Instance;
            ModulePointer    ntdll   = process.Modules["ntdll.dll"];
            IMemoryPointer   ntQueryInformationProcessPtr = ntdll.GetProcAddress("NtQueryInformationProcess");

            return(ntQueryInformationProcessPtr.ToDelegate <NtQueryInformationProcessDelegate>());
        }
Exemplo n.º 2
0
        protected override Delegate InitializeDelegate()
        {
            IProcess       process              = GameSharpProcess.Instance;
            ModulePointer  kernel32             = process.Modules["kernel32.dll"];
            IMemoryPointer IsDebuggerPresentPtr = kernel32.GetProcAddress("IsDebuggerPresent");

            return(IsDebuggerPresentPtr.ToDelegate <IsDebuggerPresentDelegate>());
        }
Exemplo n.º 3
0
        protected override Delegate InitializeDelegate()
        {
            GameSharpProcess process = GameSharpProcess.Instance;

            ModulePointer user32dll = process.Modules["user32.dll"];

            IMemoryPointer messageBoxWPtr = user32dll.GetProcAddress("MessageBoxW");

            return(messageBoxWPtr.ToDelegate <MessageBoxWDelegate>());
        }
Exemplo n.º 4
0
        public override Delegate GetHookDelegate()
        {
            GameSharpProcess process = GameSharpProcess.Instance;

            ModulePointer user32dll = process.Modules["user32.dll"];

            IMemoryPointer messageBoxWPtr = user32dll.GetProcAddress("MessageBoxW");

            return(messageBoxWPtr.ToDelegate <HookMessageBoxWDelegate>());
        }
Exemplo n.º 5
0
        public uint Call(IntPtr handle, ProcessInformationClass pic, out IMemoryPointer result, int resultLength, out IMemoryPointer bytesRead)
        {
            IMemoryPointer bytesReadInternal = GameSharpProcess.Instance.AllocateManagedMemory(resultLength);
            IMemoryPointer resultInternal    = GameSharpProcess.Instance.AllocateManagedMemory(resultLength);

            uint retval = Call <uint>(handle, pic, resultInternal.Address, (uint)resultLength, bytesReadInternal.Address);

            bytesRead = bytesReadInternal;
            result    = resultInternal;

            return(retval);
        }
Exemplo n.º 6
0
        /// <summary>
        /// Wrapper for the defautl WinApi NtQueryInformationProcess, makes the code more readable.
        /// </summary>
        /// <typeparam name="T"></typeparam>
        /// <param name="process"></param>
        /// <param name="pic"></param>
        /// <returns></returns>
        public static T WinApiNtQueryInformationProcess <T>(GameSharpProcess process, ProcessInformationClass pic) where T : struct
        {
            T returnResult = default;

            IMemoryPointer ntResult = process.AllocateManagedMemory(Marshal.SizeOf <T>());

            uint result = Ntdll.NtQueryInformationProcess(process.NativeHandle, pic, ntResult.Address, Marshal.SizeOf <T>(), out int _);

            if (result == 0)
            {
                returnResult = ntResult.Read <T>();
            }
            else
            {
                LoggingService.Error(
                    $"Couldn't query NtQueryInformationProcess, Error code: {Marshal.GetLastWin32Error().ToString("X")}, " +
                    $"Return value of NtQueryInformationProcess function is 0x{result.ToString("X")}.");
            }

            return(returnResult);
        }
 public void AddMetadata(int index, IMemoryPointer textPointer, TextWriter output)
 {
     output.WriteLine("##Index: {0}", index.ToHexString("0x"));
     output.WriteLine("##Memory: {0}", textPointer);
     output.WriteLine();
 }