protected override Delegate InitializeDelegate()
{
GameSharpProcess process = GameSharpProcess.Instance;
ModulePointer ntdll = process.Modules["ntdll.dll"];
IMemoryPointer ntQueryInformationProcessPtr = ntdll.GetProcAddress("NtQueryInformationProcess");
return(ntQueryInformationProcessPtr.ToDelegate <NtQueryInformationProcessDelegate>());
}
protected override Delegate InitializeDelegate()
{
IProcess process = GameSharpProcess.Instance;
ModulePointer kernel32 = process.Modules["kernel32.dll"];
IMemoryPointer IsDebuggerPresentPtr = kernel32.GetProcAddress("IsDebuggerPresent");
return(IsDebuggerPresentPtr.ToDelegate <IsDebuggerPresentDelegate>());
}
public override Delegate GetHookDelegate()
{
GameSharpProcess process = GameSharpProcess.Instance;
ModulePointer user32dll = process.Modules["user32.dll"];
IMemoryPointer messageBoxWPtr = user32dll.GetProcAddress("MessageBoxW");
return(messageBoxWPtr.ToDelegate <HookMessageBoxWDelegate>());
}
protected override Delegate InitializeDelegate()
{
GameSharpProcess process = GameSharpProcess.Instance;
ModulePointer user32dll = process.Modules["user32.dll"];
IMemoryPointer messageBoxWPtr = user32dll.GetProcAddress("MessageBoxW");
return(messageBoxWPtr.ToDelegate <MessageBoxWDelegate>());
}
private void ValidateDbgBreakPoint()
{
ModulePointer ntdll = Process.Modules["ntdll.dll"];
MemoryPointer dbgBreakPointPtr = ntdll.GetProcAddress("DbgBreakPoint");
byte dbgBreakPointByte = dbgBreakPointPtr.Read <byte>();
if (dbgBreakPointByte != 0xCC)
{
MemoryPatches.Add(new MemoryPatch(dbgBreakPointPtr, new byte[] { 0xCC }));
}
}
public ModulePointer LoadLibrary(string pathToDll, bool resolveReferences = true)
{
byte[] loadLibraryOpcodes = LoadLibraryHelper.LoadLibraryPayload(pathToDll);
MemoryPointer allocatedMemory = AllocateManagedMemory(loadLibraryOpcodes.Length);
if (Kernel32.WriteProcessMemory(Native.Handle, allocatedMemory.Address, loadLibraryOpcodes, loadLibraryOpcodes.Length, out IntPtr _))
{
ModulePointer kernel32Module = Modules["kernel32.dll"];
MemoryPointer loadLibraryAddress;
if (resolveReferences)
{
loadLibraryAddress = kernel32Module.GetProcAddress("LoadLibraryW");
}
else
{
loadLibraryAddress = kernel32Module.GetProcAddress("LoadLibraryExW");
}
if (loadLibraryAddress == null)
{
throw new Win32Exception($"Couldn't get proc address, error code: {Marshal.GetLastWin32Error()}.");
}
if (Kernel32.CreateRemoteThread(Native.Handle, IntPtr.Zero, 0, loadLibraryAddress.Address, allocatedMemory.Address, 0, IntPtr.Zero) == IntPtr.Zero)
{
throw new Win32Exception($"Couldn't create a remote thread, error code: {Marshal.GetLastWin32Error()}.");
}
}
ModulePointer injectedModule;
while (!Modules.TryGetValue(Path.GetFileName(pathToDll).ToLower(), out injectedModule))
{
Thread.Sleep(1);
}
return(injectedModule);
}
public HardwareBreakPoint(ModulePointer Pointer, BreakpointCondition Condition, int Length)
{
if (Condition == BreakpointCondition.Code)
{
Length = 1;
}
this.Pointer = Pointer;
this.Condition = Condition;
switch (Length)
{
case 1: this.Length = 0; break;
case 2: this.Length = 1; break;
case 4: this.Length = 3; break;
case 8: this.Length = 2; break;
default: throw new BreakPointException("Invalid length!");
}
}
public void Call(ModulePointer Pointer, MagicConvention CallingConvention, params object[] Arguments) => Call(GetAddress(Pointer), CallingConvention, Arguments);
public void Write <T>(ModulePointer offs, T value) where T : struct
{
Write <T>(GetAddress(offs), value);
}
public ValuePointer(ModulePointer Pointer)
{
this.Pointer = Pointer;
}
public FunctionPointer(ModulePointer Pointer, MagicConvention CallingConvention)
{
this.Pointer = Pointer;
this.CallingConvention = CallingConvention;
}
public CodeBreakpoint(ModulePointer Pointer) : base(Pointer, BreakpointCondition.Code, 1)
{
}
public void Call(ModulePointer offs, MagicConvention cv, params object[] args)
{
Call(GetAddress(offs), cv, args);
}
public T Call <T>(ModulePointer offs, MagicConvention cv, params object[] args) where T : struct
{
return(Call <T>(GetAddress(offs), cv, args));
}
/// <summary>
/// Initializes a new instance of the <see cref="MemoryScanner" /> class.
/// </summary>
/// <param name="module"><see cref="ProcessModule"/> which we are going to scan.</param>
public MemoryScanner(ModulePointer module)
{
ModuleBase = module.MemoryPointer;
Bytes = ModuleBase.Read(module.Size);
}
public IntPtr GetAddress(ModulePointer offs)
{
return(GetModuleAddress(offs.ModuleName).Add(offs.Offset));
}
public IntPtr GetAddress(ModulePointer Pointer) => GetModuleAddress(Pointer.ModuleName).Add(Pointer.Offset);
public T Read <T>(ModulePointer offs) where T : struct
{
return(Read <T>(GetAddress(offs)));
}
public T Call <T>(ModulePointer Pointer, MagicConvention CallingConvention, params object[] Arguments) where T : struct => Call <T>(GetAddress(Pointer), CallingConvention, Arguments);
public void Write <T>(ModulePointer Pointer, T Value) where T : struct => Write <T>(GetAddress(Pointer), Value);
public T Read <T>(ModulePointer Pointer) where T : struct => Read <T>(GetAddress(Pointer));
