public uint InjectAndExecute(string[] asm, bool allowOffline = false)
{
lock (Locker)
{
if (!allowOffline && (!Helpers.Usefuls.InGame || Helpers.Usefuls.IsLoading))
{
return(0);
}
/*List<string> asmCode = new List<string>();
* foreach (string s in asm)
* {
* asmCode.Add(s);
* if (Others.Random(0, 100) > 50)
* {
* int nR = Others.Random(1, 3);
* for (int i = nR; i >= 1; i--)
* {
* asmCode.Add(ProtectHook());
* }
* }
* }
* return (uint) Wow.Memory.WowProcess.Executor.Call(asmCode.ToArray());*/
if (!ThreadHooked)
{
return(0);
}
var fasm = new ManagedFasm(Memory.ProcessHandle);
fasm.SetMemorySize(0x1000);
fasm.SetPassLimit(100);
foreach (string s in asm)
{
fasm.AddLine(s);
}
fasm.Inject(_mInjectionCode);
Memory.WriteByte(_mExecuteRequested, 1);
Timer injectTimer = new Timer(2000);
injectTimer.Reset();
while (Memory.ReadByte(_mExecuteRequested) == 1 && !injectTimer.IsReady)
{
Thread.Sleep(1);
}
if (injectTimer.IsReady)
{
Logging.WriteError("Injection have been aborted, execution too long from " + CurrentCallStack);
return(0);
}
Memory.WriteBytes(_mInjectionCode, _mZeroBytesInjectionCodes);
uint returnValue = Memory.ReadUInt(_mResult);
return(returnValue);
}
}
public void Apply()
{
var fasm = new ManagedFasm(Memory.ProcessHandle);
fasm.SetMemorySize(0x1000);
fasm.SetPassLimit(100);
fasm.AddLine("jmp " + _mTrampoline);
fasm.Inject(JumpAddress);
}
private void CreateTrampolineDX()
{
_mTrampolineDX = Memory.AllocateMemory(0x1000);
Console.WriteLine("m_trampoline : " + _mTrampolineDX.ToString("X"));
var fasm = new ManagedFasm(Memory.ProcessHandle);
fasm.SetMemorySize(0x1000);
fasm.SetPassLimit(100);
fasm.AddLine("pushad");
fasm.AddLine("pushfd");
fasm.AddLine("mov eax, [{0}]", _mLocked); // _mLockedDX
fasm.AddLine("@execution:");
fasm.AddLine("mov eax, [{0}]", _mExecuteRequested); // DX
fasm.AddLine("test eax, eax");
fasm.AddLine("je @lockcheck");
/*fasm.AddLine("mov ebx, [{0}]", (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.SpellChecker));
* fasm.AddLine("mov eax, [ebx+" + (uint) Addresses.FunctionWow.SpellCheckerOff1 + "]");
* fasm.AddLine("mov esi, [ebx+" + (uint) Addresses.FunctionWow.SpellCheckerOff2 + "]");
* fasm.AddLine("mov [" + _mSavedAntiban + "], esi");
* fasm.AddLine("mov [ebx+" + (uint) Addresses.FunctionWow.SpellCheckerOff2 + "], eax");*/
fasm.AddLine("call {0}", _mInjectionCode);
fasm.AddLine("mov [" + _mResult + "], eax");
/*fasm.AddLine("mov edx, {0}", (uint) (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.CTMChecker));
* fasm.AddLine("call " + (uint) (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.WoWTextCaller));
* fasm.AddLine("push happilyeverafter");
* fasm.AddLine("push " + (uint) (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.RetFromFunctionBelow));
* fasm.AddLine("jmp " + (uint) (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.CTMChecker2));
* fasm.AddLine("happilyeverafter:");*/
/*fasm.AddLine("mov ebx, [{0}]", (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.SpellChecker));
* fasm.AddLine("mov esi, [" + _mSavedAntiban + "]");
* fasm.AddLine("mov [ebx+" + (uint) Addresses.FunctionWow.SpellCheckerOff2 + "], esi");*/
fasm.AddLine("xor eax, eax");
fasm.AddLine("mov [" + _mExecuteRequested + "], eax"); // DX
fasm.AddLine("@lockcheck:");
fasm.AddLine("mov eax, [{0}]", _mLocked); // DX
fasm.AddLine("test eax, eax");
fasm.AddLine("jne @execution");
fasm.AddLine("push 0");
fasm.AddLine("add esp, 4");
fasm.AddLine("popfd");
fasm.AddLine("popad");
Memory.WriteBytes(_mTrampolineDX, D3D.OriginalBytesDX);
fasm.AddLine("jmp " + (JumpAddressDX + D3D.OriginalBytesDX.Length));
fasm.Inject((uint)(_mTrampolineDX + D3D.OriginalBytesDX.Length));
}
/// <summary>
/// Call the specifics asm mnemonics in the message handler thread
/// </summary>
/// <param name="p_Mnemonics"></param>
/// <param name="p_BufferSize"></param>
/// <returns></returns>
public uint Call(string[] p_Mnemonics, int p_BufferSize = 0x1000)
{
using (var fasm = new ManagedFasm(Memory.WowProcess.ProcessHandle))
{
fasm.SetMemorySize(0x500);
fasm.SetPassLimit(100);
foreach (var s in p_Mnemonics)
{
fasm.AddLine(s);
}
uint ptrInject = Memory.WowMemory.Memory.AllocateMemory(p_BufferSize);
fasm.Inject(ptrInject);
return(Call(ptrInject));
}
}
public void ApplyDX()
{
var fasm = new ManagedFasm(Memory.ProcessHandle);
fasm.SetMemorySize(0x1000);
fasm.SetPassLimit(100);
fasm.AddLine("jmp " + _mTrampolineDX);
if (D3D.OriginalBytesDX.Length > 5)
{
fasm.AddLine("nop");
}
if (D3D.OriginalBytesDX.Length > 6)
{
fasm.AddLine("nop");
}
fasm.Inject(JumpAddressDX);
}
private void CreateTrampoline()
{
_mTrampoline = Memory.AllocateMemory(0x1000);
Console.WriteLine("m_trampoline : " + _mTrampoline.ToString("X"));
var fasm = new ManagedFasm(Memory.ProcessHandle);
fasm.SetMemorySize(0x1000);
fasm.SetPassLimit(100);
fasm.AddLine("call {0}", Wow.Memory.WowProcess.WowModule + (uint)Addresses.FunctionWow.ReturnFunc);
fasm.AddLine("pushad");
fasm.AddLine("pushfd");
fasm.AddLine("mov eax, [{0}]", _mLocked);
fasm.AddLine("@execution:");
fasm.AddLine("mov eax, [{0}]", _mExecuteRequested);
fasm.AddLine("test eax, eax");
fasm.AddLine("je @lockcheck");
fasm.AddLine("call {0}", _mInjectionCode);
fasm.AddLine("mov [" + _mResult + "], eax");
fasm.AddLine("xor eax, eax");
fasm.AddLine("mov [" + _mExecuteRequested + "], eax");
fasm.AddLine("@lockcheck:");
fasm.AddLine("mov eax, [{0}]", _mLocked);
fasm.AddLine("test eax, eax");
fasm.AddLine("jne @execution");
fasm.AddLine("popfd");
fasm.AddLine("popad");
fasm.AddLine("jmp " + (JumpAddress + D3D.OriginalBytes.Length));
fasm.Inject(_mTrampoline);
}
public void Dispose()
{
IntPtr l_User32 = GetModuleHandle("user32.dll");
IntPtr l_SetWindowLongW = GetProcAddress(l_User32, "SetWindowLongW");
// Restore the original WndProc callback
var fasm2 = new ManagedFasm(Memory.WowProcess.ProcessHandle);
fasm2.SetMemorySize(0x500);
fasm2.SetPassLimit(100);
fasm2.AddLine("mov eax, [" + m_OriginalWndProc + "]");
fasm2.AddLine("push eax");
fasm2.AddLine("push " + GWL_WNDPROC + "");
fasm2.AddLine("push " + m_WindowHandle + "");
fasm2.AddLine("call " + l_SetWindowLongW + "");
fasm2.AddLine("retn");
var ptrInject = Memory.WowMemory.Memory.AllocateMemory(0x500);
fasm2.InjectAndExecute(ptrInject);
Memory.WowMemory.Memory.FreeMemory(m_WndProcFunction);
Memory.WowMemory.Memory.FreeMemory(m_OriginalWndProc);
}
public WndProcExecutor(BlackMagic memory)
{
try
{
m_WindowHandle = Memory.WowProcess.MainWindowHandle;
m_Random = new Random();
m_CustomMessageCode = m_Random.Next(0x8000, 0xBFFF); // From MSDN : WM_APP (0x8000) through 0xBFFF
m_WndProcFunction = memory.AllocateMemory(0x500); // WndProc
m_OriginalWndProc = memory.AllocateMemory(0x4); // WndProcOriginalWndProc
IntPtr l_User32 = GetModuleHandle("user32.dll");
IntPtr l_CallWindowProcW = GetProcAddress(l_User32, "CallWindowProcW");
IntPtr l_SetWindowLongW = GetProcAddress(l_User32, "SetWindowLongW");
var fasm = new ManagedFasm(Memory.WowProcess.ProcessHandle);
fasm.SetMemorySize(0x1000);
fasm.SetPassLimit(100);
fasm.AddLine("mov eax, [esp+0x8]"); // Get the message code from the stack);
fasm.AddLine("cmp eax, " + m_CustomMessageCode); // Check if the message code is our custom one
fasm.AddLine("jne @call_original"); // Otherwise simply call the original WndProc
fasm.AddLine("mov eax, [esp+0xC]"); // Function pointer
fasm.AddLine("mov edx, [esp+0x10]"); // Result pointer
fasm.AddLine("push edx"); // Save result pointer
fasm.AddLine("call eax"); // Call the user function
fasm.AddLine("pop edx"); // Restore the result pointer
fasm.AddLine("mov [edx], eax"); // Save user function result
fasm.AddLine("xor eax, eax"); // We handled the message
fasm.AddLine("retn");
fasm.AddLine("@call_original:");
fasm.AddLine("mov ecx, [esp+0x4]"); // Hwnd
fasm.AddLine("mov edx, [esp+0x8]"); // Msg
fasm.AddLine("mov esi, [esp+0xC]"); // WParam
fasm.AddLine("mov edi, [esp+0x10]"); // LParam
fasm.AddLine("mov eax, [" + m_OriginalWndProc + "]");
fasm.AddLine("push edi"); // LParam
fasm.AddLine("push esi"); // WParam
fasm.AddLine("push edx"); // Msg
fasm.AddLine("push ecx"); // Hwnd
fasm.AddLine("push eax"); // WndProc original
//fasm.AddLine("call " + l_CallWindowProcW); // Call the original WndProc
fasm.AddLine("retn 0x14");
// Setup our WndProc callback
//memory.WriteBytes(m_WndProcFunction, D3D.OriginalBytesDX);
fasm.Inject(m_WndProcFunction);
// Register our WndProc callback
var fasm2 = new ManagedFasm(Memory.WowProcess.ProcessHandle);
fasm2.SetMemorySize(0x500);
fasm2.SetPassLimit(100);
fasm2.AddLine("push " + m_WndProcFunction);
fasm2.AddLine("push " + GWL_WNDPROC);
fasm2.AddLine("push " + m_WindowHandle);
fasm2.AddLine("call " + l_SetWindowLongW);
fasm2.AddLine("mov [" + m_OriginalWndProc + "], eax");
fasm2.AddLine("retn");
var ptrInject = memory.AllocateMemory(0x500);
fasm2.InjectAndExecute(ptrInject);
/*var l_Process = System.Diagnostics.Process.GetProcessesByName("Wow").First();
* Console.WriteLine("Using process : " + l_Process.Id + ", window " + l_Process.MainWindowHandle + "");
*
* using (RemoteProcess l_RemoteProcess = new RemoteProcess((uint)l_Process.Id))
* using (var l_WndProcExecutor = new WndProcExecutor2(l_RemoteProcess, l_Process.MainWindowHandle))
* {
*
* LuaTest(l_RemoteProcess, l_WndProcExecutor, "print(\"Hello world motha !\")");
*
* }*/
/*var t = new MyMemory.RemoteProcess((uint)Memory.WowProcess.ProcessId);
* var remoteM = t.MemoryManager.AllocateMemory(0x1000);
* var ptrInject = (uint)remoteM.Pointer; //memory.AllocateMemory(0x500);
*
* fasm2.Inject(ptrInject);
* var prot = new RemoteMemoryProtection(t, remoteM.Pointer, remoteM.Size, Enumerations.MemoryProtectionFlags.Execute);
*
* var th = t.ThreadsManager.CreateRemoteThread((IntPtr) ptrInject, IntPtr.Zero, Enumerations.ThreadCreationFlags.Run);
*/
}
catch (Exception e)
{
Logging.WriteError(e.ToString());
}
}