internal IntPtr method_33(IntPtr intptr_37, string string_0, params Enum20[] enum20_0) { while (intptr_37 != IntPtr.Zero) { using (AllocatedMemory allocatedMemory = this.externalProcessMemory_0.CreateAllocatedMemory(256)) { allocatedMemory.AllocateOfChunk <IntPtr>("Itr"); IntPtr intPtr; while ((intPtr = this.method_35(intptr_37, allocatedMemory["Itr"])) != IntPtr.Zero) //mono_class_get_methods { IntPtr address = this.method_37(intPtr); //mono_method_get_name if (this.externalProcessMemory_0.ReadStringA(address) == string_0) { if (enum20_0 != null) { Enum20[] array = this.method_31(intPtr); if (array.Length != enum20_0.Length || !array.SequenceEqual(enum20_0)) { continue; } } return(intPtr); } } intptr_37 = this.method_25(intptr_37); } } return(IntPtr.Zero); }
public AllocatedMemory SerializeUsingMarshal <T>(T param) { byte[] bytes = SerializeToBytesUsingMarshal(param, out int size); AllocatedMemory memory = new AllocatedMemory(Process, IntPtr.Zero, bytes, size); return(memory); }
public static void SetOutParam(int index, int size) { if ((index < 0) || (index >= 0x20)) { throw new Exception(string.Format("index({0}) < 0 || index({0}) >= MaxOutParams({1})", index, 0x20)); } allocatedMemory_0[index] = new AllocatedMemory(ExternalProcessMemory_0, size); }
internal IntPtr method_19(string string_0) { IntPtr procAddress = externalProcessMemory_0.GetProcAddress("kernel32.dll", "GetProcAddress"); IntPtr result; var length = string_0.Length + 1; using (AllocatedMemory allocatedMemory = externalProcessMemory_0.CreateAllocatedMemory(length)) { allocatedMemory.WriteString(0, string_0, Encoding.ASCII); result = externalProcessMemory_0.CallInjected <IntPtr>(procAddress, CallingConvention.StdCall, intptr_0, allocatedMemory.Address); } return(result); }
/// <summary> /// /// </summary> /// <param name="libraryName">mono.dll</param> /// <returns></returns> internal IntPtr method_18(string libraryName) { IntPtr procAddress = externalProcessMemory_0.GetProcAddress("kernel32.dll", "GetModuleHandleW"); IntPtr result; var length = libraryName.Length * 2 + 2; using (AllocatedMemory allocatedMemory = externalProcessMemory_0.CreateAllocatedMemory(length)) { allocatedMemory.WriteString(0, libraryName, Encoding.Unicode); result = externalProcessMemory_0.CallInjected <IntPtr>(procAddress, CallingConvention.StdCall, allocatedMemory.Address); } return(result); }
/// <summary> /// 在游戏进程中执行给出的指令 /// </summary> /// <param name="command">需要执行的指令</param> private void DoTextCommand(string command) { if (FFXIV == null) { PluginUI.Log("执行错误:接收到指令,但是没有对应的游戏进程"); throw new Exception("没有对应的游戏进程"); } PluginUI.Log(command); if (command == "") { throw new Exception("指令为空"); } var assemblyLock = Memory.Executor.AssemblyLock; var flag = false; try { Monitor.Enter(assemblyLock, ref flag); var array = Encoding.UTF8.GetBytes(command); using (AllocatedMemory allocatedMemory = Memory.CreateAllocatedMemory(400), allocatedMemory2 = Memory.CreateAllocatedMemory(array.Length + 30)) { allocatedMemory2.AllocateOfChunk("cmd", array.Length); allocatedMemory2.WriteBytes("cmd", array); allocatedMemory.AllocateOfChunk <IntPtr>("cmdAddress"); allocatedMemory.AllocateOfChunk <long>("t1"); allocatedMemory.AllocateOfChunk <long>("tLength"); allocatedMemory.AllocateOfChunk <long>("t3"); allocatedMemory.Write("cmdAddress", allocatedMemory2.Address); allocatedMemory.Write("t1", 0x40); allocatedMemory.Write("tLength", array.Length + 1); allocatedMemory.Write("t3", 0x00); _ = Memory.CallInjected64 <int>(Offsets.ProcessChatBoxPtr, Offsets.RaptureModule, allocatedMemory.Address, Offsets.UiModule); } } finally { if (flag) { Monitor.Exit(assemblyLock); } } }
/// <summary> /// mono_assembly_open /// </summary> /// <param name="string_0"></param> /// <param name="int_0"></param> /// <returns></returns> internal IntPtr method_40(string string_0, out int int_0) { IntPtr result; using (AllocatedMemory allocatedMemory = this.externalProcessMemory_0.CreateAllocatedMemory(string_0.Length * 2 + 2 + 4)) { allocatedMemory.WriteString(4, string_0, Encoding.UTF8); IntPtr intPtr = this.method_17 <IntPtr>(this.intptr_6, //mono_assembly_open new object[] { allocatedMemory.Address + 4, allocatedMemory.Address }); int_0 = allocatedMemory.Read <int>(0); result = intPtr; } return(result); }
internal static void smethod_4() { Disable(); if (ExternalProcessMemory_0 != null) { using (ExternalProcessMemory_0.TemporaryCacheState(false)) { ExternalProcessMemory_0.Patches.Delete("ProcessHookManager_GetForegroundWindow"); ExternalProcessMemory_0.Patches.Delete("ProcessHookManager_GetActiveWindow"); ExternalProcessMemory_0.Patches.Delete("ProcessHookManager_GetKeyState"); ExternalProcessMemory_0.Patches.Delete("ProcessHookManager_GetCursorPos"); ExternalProcessMemory_0.Patches.Delete("ProcessHookManager_ScreenToClient"); } } if (allocatedMemory_0 != null) { allocatedMemory_0.Dispose(); allocatedMemory_0 = null; } }
internal IntPtr method_34(IntPtr intptr_37, string string_0) { while (intptr_37 != IntPtr.Zero) { using (AllocatedMemory allocatedMemory = this.externalProcessMemory_0.CreateAllocatedMemory(256)) { allocatedMemory.AllocateOfChunk <IntPtr>("Itr"); IntPtr intPtr; while ((intPtr = this.method_36(intptr_37, allocatedMemory["Itr"])) != IntPtr.Zero)//mono_class_get_fields { IntPtr address = this.method_38(intPtr); if (this.externalProcessMemory_0.ReadStringA(address) == string_0) { return(intPtr); } } } intptr_37 = this.method_25(intptr_37); } return(IntPtr.Zero); }
public virtual ParamData GetParam <T>(T param) { RemoteParamSerializer serializer = new RemoteParamSerializer(Process); if (param.GetType().IsPrimitive) { return(new ParamData { IsRemote = false, Value = Marshal.ReadIntPtr(param, 0) }); } AllocatedMemory memory = serializer.Serialize(param); return(new ParamData { Allocated = memory, IsRemote = true, Value = memory.Address }); }
internal IntPtr method_28(string string_0) { IntPtr result; using (AllocatedMemory allocatedMemory = this.externalProcessMemory_0.CreateAllocatedMemory((string_0.Length + 1) * 2)) { if (string_0.Length > 0) { allocatedMemory.WriteString(0, string_0, Encoding.UTF8); } else { allocatedMemory.Write <ushort>(0, 0); } IntPtr intPtr = this.method_27(); //mono_domain_get result = this.method_17 <IntPtr>(this.intptr_25, //mono_string_new new object[] { intPtr, allocatedMemory.Address }); } return(result); }
/// <summary> /// Apply the DirectX function hook to the WoW process /// </summary> /// <returns>true if it applied correctly. Otherwise, false</returns> internal static bool Apply() { lock (LockObject) { try { //Lets check if we are already hooked. if (_isApplied) { return(true); } if (BotManager.Memory == null || BotManager.Memory.Process.HasExited) { return(false); } _allocatedMemory = BotManager.Memory.CreateAllocatedMemory(CODECAVESIZE + 0x1000 + 0x4 + 0x4); var detourFunctionPointer = Offsets.Addresses["CGWorldFrame__Render"]; // store original bytes _originalBytes = BotManager.Memory.ReadBytes(detourFunctionPointer, 6); if (_originalBytes[0] == 0xE9) { MessageBox.Show( "It seems CoolFish might have crashed before it could clean up after itself. Please restart WoW and reattach the bot."); return(false); } _allocatedMemory.WriteBytes("codeCavePtr", Eraser); _allocatedMemory.WriteBytes("injectedCode", Eraser); _allocatedMemory.Write("addressInjection", 0); _allocatedMemory.Write("returnInjectionAsm", 0); var asm = new List <string> { "pushad", // save registers to the stack "pushfd", "mov eax, [" + _allocatedMemory["addressInjection"] + "]", "test eax, eax", // Test if you need launch injected code "je @out", "mov eax, [" + _allocatedMemory["addressInjection"] + "]", "call eax", // Launch Function "mov [" + _allocatedMemory["returnInjectionAsm"] + "], eax", // Copy pointer return value "mov edx, " + _allocatedMemory["addressInjection"], // Enter value 0 of so we know we are done "mov ecx, 0", "mov [edx], ecx", "@out:", // Close function "popfd", // load reg "popad" }; asm = AddRandomAsm(asm); // injected code int sizeAsm = Inject(asm, _allocatedMemory["injectedCode"]); // copy and save original instructions BotManager.Memory.WriteBytes(_allocatedMemory["injectedCode"] + sizeAsm, _originalBytes); asm.Clear(); asm.Add("jmp " + (detourFunctionPointer + _originalBytes.Length)); // create jump back stub Inject(asm, _allocatedMemory["injectedCode"] + sizeAsm + _originalBytes.Length); // create hook jump asm.Clear(); asm.Add("jmp " + _allocatedMemory["injectedCode"]); asm.Add("nop"); Inject(asm, detourFunctionPointer); _isApplied = true; } catch { _isApplied = false; if (_allocatedMemory != null) { _allocatedMemory.Dispose(); } throw; } return(true); } }
/// <summary> /// Apply the DirectX function hook to the WoW process /// </summary> /// <returns>true if it applied correctly. Otherwise, false</returns> internal static bool Apply() { lock (LockObject) { try { //Lets check if we are already hooked. if (_isApplied) { return true; } if (BotManager.Memory == null || BotManager.Memory.Process.HasExited) { return false; } _allocatedMemory = BotManager.Memory.CreateAllocatedMemory(CODECAVESIZE + 0x1000 + 0x4 + 0x4); var detourFunctionPointer = Offsets.Addresses["CGWorldFrame__Render"]; // store original bytes _originalBytes = BotManager.Memory.ReadBytes(detourFunctionPointer, 8); if (_originalBytes[0] == 0xE9) { MessageBox.Show( "It seems CoolFish might have crashed before it could clean up after itself. Please restart WoW and reattach the bot."); return false; } _allocatedMemory.WriteBytes("codeCavePtr", Eraser); _allocatedMemory.WriteBytes("injectedCode", Eraser); _allocatedMemory.Write("addressInjection", 0); _allocatedMemory.Write("returnInjectionAsm", 0); var asm = new List<string> { "pushad", // save registers to the stack "pushfd", "mov eax, [" + _allocatedMemory["addressInjection"] + "]", "test eax, eax", // Test if you need launch injected code "je .leave", "mov eax, [" + _allocatedMemory["addressInjection"] + "]", "call eax", // Launch Function "mov [" + _allocatedMemory["returnInjectionAsm"] + "], eax", // Copy pointer return value "mov edx, " + _allocatedMemory["addressInjection"], // Enter value 0 of so we know we are done "mov ecx, 0", "mov [edx], ecx", ".leave:", // Close function "popfd", "popad" }; asm = AddRandomAsm(asm); // injected code int sizeAsm = Inject(asm, _allocatedMemory["injectedCode"]); // copy and save original instructions BotManager.Memory.WriteBytes(_allocatedMemory["injectedCode"] + sizeAsm, _originalBytes); asm.Clear(); asm.Add("jmp " + (detourFunctionPointer + _originalBytes.Length)); // create jump back stub Inject(asm, _allocatedMemory["injectedCode"] + sizeAsm + _originalBytes.Length); // create hook jump asm.Clear(); asm.Add("jmp " + _allocatedMemory["injectedCode"]); asm.Add("nop"); asm.Add("nop"); asm.Add("nop"); Inject(asm, detourFunctionPointer); _isApplied = true; } catch { _isApplied = false; if (_allocatedMemory != null) { _allocatedMemory.Dispose(); } throw; } return true; } }
/// <summary> /// Retrieve global LUA variables from the WoW process /// </summary> /// <param name="commands">String names of variables to retrieve</param> /// <returns>values of the variables to retrieve</returns> /// <exception cref="Exception">Throws generic exception if the function hook we need is not applied</exception> public Dictionary <string, string> GetLocalizedText(IEnumerable <string> commands) { if (LocalSettings.Settings["DoDebugging"].As <bool>()) { var stackTrace = new StackTrace(); Logging.Log("[DEBUG] GetLocalizedText (enumerable) Lua from " + stackTrace.GetFrame(1).GetMethod().ReflectedType.Name + "." + stackTrace.GetFrame(1).GetMethod().Name); } if (!IsApplied) { throw new Exception( "Tried to Execute Lua Code when our hook wasn't applied. You should check Hook.IsApplied First!"); } var returnDict = new Dictionary <string, string>(); if (commands == null) { return(returnDict); } var enumerable = commands.ToList(); if (!enumerable.Any()) { return(returnDict); } var builder = new StringBuilder(enumerable.Count); enumerable.RemoveAll(string.IsNullOrWhiteSpace); foreach (var s in enumerable) { builder.Append(s); builder.Append('\0'); returnDict[s] = string.Empty; } int commandSpace = Encoding.UTF8.GetBytes(builder.ToString()).Length; commandSpace += commandSpace % 4; int returnAddressSpace = enumerable.Count == 0 ? 0x4 : enumerable.Count * 0x4; AllocatedMemory mem = BotManager.Memory.CreateAllocatedMemory(commandSpace + returnAddressSpace + 0x4 + 0x4); mem.WriteBytes("command", Encoding.UTF8.GetBytes(builder.ToString())); mem.WriteBytes("returnVarsPtr", new byte[enumerable.Count * 0x4]); mem.Write("numberOfReturnVarsAddress", 0); mem.Write("returnVarsNamesPtr", mem["command"]); try { lock (_lockObject) { InternalExecute(IntPtr.Zero, mem["returnVarsNamesPtr"], enumerable.Count, mem["returnVarsPtr"], mem["numberOfReturnVarsAddress"]); } byte[] address = BotManager.Memory.ReadBytes(mem["returnVarsPtr"], enumerable.Count * 4); Parallel.ForEach(enumerable, // source collection () => 0, // method to initialize the local variable (value, loop, offset) => // method invoked by the loop on each iteration { var retnByte = new List <byte>(); var dwAddress = new IntPtr(BitConverter.ToInt32(address, offset)); if (dwAddress != IntPtr.Zero) { var buf = BotManager.Memory.Read <byte>(dwAddress); while (buf != 0) { retnByte.Add(buf); dwAddress = dwAddress + 1; buf = BotManager.Memory.Read <byte>(dwAddress); } } returnDict[value] = Encoding.UTF8.GetString(retnByte.ToArray()); offset += 0x4; //modify local variable return(offset); // value to be passed to next iteration }, finalResult => {} ); } catch (Exception ex) { Logging.Log(ex); } finally { mem.Dispose(); } return(returnDict); }
internal IntPtr method_43(IntPtr intptr_37, IntPtr intptr_38, params object[] object_0) { if (object_0 != null && object_0.Length != 0) { IntPtr result; using (AllocatedMemory allocatedMemory = this.externalProcessMemory_0.CreateAllocatedMemory(2048)) { allocatedMemory.AllocateOfChunk("ArrayPtrs", 512); allocatedMemory.AllocateOfChunk("Args", 512); int num = 0; int num2 = 0; foreach (object obj in object_0) { object obj2 = obj; IntPtr intPtr; if (MonoClass.IsOutParam(num, out intPtr)) { obj2 = intPtr; } MonoClass monoClass = obj as MonoClass; if (monoClass != null) { obj2 = monoClass.GetClassInstance(); } else if (obj != null) { string text = obj as string; if (text != null) { obj2 = this.method_28(text); } else if (obj.GetType().IsEnum) { obj2 = Convert.ChangeType(obj2, ((Enum)obj2).GetTypeCode()); } } else { obj2 = IntPtr.Zero; } int num3 = 4; if (!(obj2 is IntPtr)) { if (obj2 is long) { allocatedMemory.Write <long>("Args", num2, (long)obj2); num3 = 8; } else if (obj2 is ulong) { allocatedMemory.Write <ulong>("Args", num2, (ulong)obj2); num3 = 8; } else if (obj2 is uint) { allocatedMemory.Write <uint>("Args", num2, (uint)obj2); } else if (obj2 is int) { allocatedMemory.Write <int>("Args", num2, (int)obj2); } else if (obj2 is bool) { allocatedMemory.Write <int>("Args", num2, ((bool)obj2) ? 1 : 0); } else if (obj2 is double) { allocatedMemory.Write <double>("Args", num2, (double)obj2); num3 = 8; } else if (obj2 is float) { allocatedMemory.Write <float>("Args", num2, (float)obj2); } else if (obj2 is Vector3) { Vector3 vector = (Vector3)obj2; allocatedMemory.Write <float>("Args", num2 + 0, vector.X); allocatedMemory.Write <float>("Args", num2 + 4, vector.Y); allocatedMemory.Write <float>("Args", num2 + 8, vector.Z); num3 = 12; } else { if (!(obj2 is RaycastHit)) { throw new Exception("Unknown type passed as argument: " + obj2.GetType()); } RaycastHit raycastHit = (RaycastHit)obj2; allocatedMemory.Write <float>("Args", num2 + 0, raycastHit.Point.X); allocatedMemory.Write <float>("Args", num2 + 4, raycastHit.Point.Y); allocatedMemory.Write <float>("Args", num2 + 8, raycastHit.Point.Z); allocatedMemory.Write <float>("Args", num2 + 12, raycastHit.Normal.X); allocatedMemory.Write <float>("Args", num2 + 16, raycastHit.Normal.Y); allocatedMemory.Write <float>("Args", num2 + 20, raycastHit.Normal.Z); allocatedMemory.Write <int>("Args", num2 + 24, raycastHit.FaceID); allocatedMemory.Write <float>("Args", num2 + 28, raycastHit.Distance); allocatedMemory.Write <float>("Args", num2 + 32, raycastHit.UV.X); allocatedMemory.Write <float>("Args", num2 + 36, raycastHit.UV.Y); num3 = 40; } } if (obj2 is IntPtr) { allocatedMemory.Write <IntPtr>("ArrayPtrs", 4 * num, (IntPtr)obj2); } else { allocatedMemory.Write <IntPtr>("ArrayPtrs", 4 * num, allocatedMemory["Args"] + num2); } num++; num2 += num3; } result = this.method_17 <IntPtr>(this.intptr_26,//mono_runtime_invoke new object[] { intptr_37, intptr_38, allocatedMemory["ArrayPtrs"], IntPtr.Zero }); } return(result); } IntPtr temp = this.method_17 <IntPtr>(this.intptr_26,//mono_runtime_invoke new object[] { intptr_37, intptr_38, IntPtr.Zero, IntPtr.Zero }); return(temp); }
internal static void smethod_3() { State = StateEnum.None; string[] strArray = string_0; int index = 0; while (true) { if (index >= strArray.Length) { break; } string path = strArray[index]; try { File.Delete(path); } catch { } index++; } ExternalProcessMemory memory = ExternalProcessMemory_0; intptr_1 = memory.GetProcAddress("user32.dll", "GetActiveWindow"); if (intptr_1 == IntPtr.Zero) { throw new Exception("The function 'GetActiveWindow' was not found."); } intptr_0 = memory.GetProcAddress("user32.dll", "GetForegroundWindow"); if (intptr_0 == IntPtr.Zero) { throw new Exception("The function 'GetForegroundWindow' was not found."); } intptr_2 = memory.GetProcAddress("user32.dll", "GetKeyState"); if (intptr_2 == IntPtr.Zero) { throw new Exception("The function 'GetKeyState' was not found."); } intptr_3 = memory.GetProcAddress("user32.dll", "GetCursorPos"); if (intptr_3 == IntPtr.Zero) { throw new Exception("The function 'GetCursorPos' was not found."); } intptr_4 = memory.GetProcAddress("user32.dll", "ScreenToClient"); if (intptr_4 == IntPtr.Zero) { throw new Exception("The function 'ScreenToClient' was not found."); } allocatedMemory_0 = memory.CreateAllocatedMemory(0x1000); List <byte[]> list = smethod_1(); if (list != null) { using (TritonHs.AcquireFrame()) { ExternalProcessMemory_0.WriteBytes(intptr_0, list[0]); ExternalProcessMemory_0.WriteBytes(intptr_1, list[1]); ExternalProcessMemory_0.WriteBytes(intptr_2, list[2]); ExternalProcessMemory_0.WriteBytes(intptr_3, list[3]); ExternalProcessMemory_0.WriteBytes(intptr_4, list[4]); } } bool flag = false; try { int offsetInBytes = 0; IntPtr ptr = IntPtr_0; ManagedFasm asm = memory.Asm; asm.Clear(); asm.AddLine("mov eax, " + ptr.ToString()); asm.AddLine("retn"); byte[] bytes = asm.Assemble(); asm.Clear(); allocatedMemory_0.WriteBytes(0, bytes); IntPtr ptr2 = allocatedMemory_0.Address + IntPtr.Zero; ptr2 = allocatedMemory_0.Address + IntPtr.Zero; int num3 = (ptr2.ToInt32() - intptr_1.ToInt32()) - 5; offsetInBytes = 0 + bytes.Length; byte_0 = new byte[5]; byte_0[0] = 0xe9; byte[] buffer2 = BitConverter.GetBytes((int)((ptr2.ToInt32() - intptr_0.ToInt32()) - 5)); for (int i = 0; i < buffer2.Length; i++) { byte_0[i + 1] = buffer2[i]; } byte_1 = new byte[5]; byte_1[0] = 0xe9; byte[] buffer3 = BitConverter.GetBytes(num3); for (int j = 0; j < buffer3.Length; j++) { byte_1[j + 1] = buffer3[j]; } memory.Patches.Create(intptr_0, byte_0, "ProcessHookManager_GetForegroundWindow"); memory.Patches.Create(intptr_1, byte_1, "ProcessHookManager_GetActiveWindow"); byte[] buffer4 = new byte[0x400]; allocatedMemory_0.WriteBytes(offsetInBytes, buffer4); IntPtr ptr3 = allocatedMemory_0.Address + offsetInBytes; int_0 = offsetInBytes; offsetInBytes += 0x400; byte[] buffer5 = new byte[8]; allocatedMemory_0.WriteBytes(offsetInBytes, buffer5); IntPtr ptr4 = allocatedMemory_0.Address + offsetInBytes; offsetInBytes += 4; IntPtr ptr5 = allocatedMemory_0.Address + offsetInBytes; offsetInBytes += 4; ManagedFasm fasm = memory.Asm; fasm.Clear(); fasm.AddLine("pop eax"); object[] args = new object[] { ptr4 }; fasm.AddLine("mov [{0}], eax", args); fasm.AddLine("pop eax"); object[] objArray2 = new object[] { ptr5 }; fasm.AddLine("mov [{0}], eax", objArray2); fasm.AddLine("imul eax, 4"); object[] objArray3 = new object[] { ptr3 }; fasm.AddLine("add eax, {0}", objArray3); fasm.AddLine("mov eax, [eax]"); object[] objArray4 = new object[] { ptr4 }; fasm.AddLine("pushd [{0}]", objArray4); fasm.AddLine("retn"); byte[] buffer6 = fasm.Assemble(); fasm.Clear(); allocatedMemory_0.WriteBytes(offsetInBytes, buffer6); ptr2 = allocatedMemory_0.Address + offsetInBytes; offsetInBytes += buffer6.Length; byte_2 = new byte[5]; byte_2[0] = 0xe9; byte[] buffer7 = BitConverter.GetBytes((int)((ptr2.ToInt32() - intptr_2.ToInt32()) - 5)); for (int k = 0; k < buffer7.Length; k++) { byte_2[k + 1] = buffer7[k]; } memory.Patches.Create(intptr_2, byte_2, "ProcessHookManager_GetKeyState"); byte[] buffer8 = new byte[12]; buffer8[8] = 1; allocatedMemory_0.WriteBytes(offsetInBytes, buffer8); IntPtr ptr6 = allocatedMemory_0.Address + offsetInBytes; int_1 = offsetInBytes; offsetInBytes += 4; int_2 = offsetInBytes; offsetInBytes += 4; int_3 = offsetInBytes; offsetInBytes += 4; byte[] buffer9 = new byte[8]; allocatedMemory_0.WriteBytes(offsetInBytes, buffer9); IntPtr ptr7 = allocatedMemory_0.Address + offsetInBytes; offsetInBytes += 4; IntPtr ptr8 = allocatedMemory_0.Address + offsetInBytes; offsetInBytes += 4; ManagedFasm fasm2 = memory.Asm; fasm2.Clear(); fasm2.AddLine("pop eax"); object[] objArray5 = new object[] { ptr7 }; fasm2.AddLine("mov [{0}], eax", objArray5); fasm2.AddLine("pop eax"); object[] objArray6 = new object[] { ptr8 }; fasm2.AddLine("mov [{0}], eax", objArray6); fasm2.AddLine("push ecx"); object[] objArray7 = new object[] { ptr6 }; fasm2.AddLine("mov ecx, {0}", objArray7); fasm2.AddLine("mov ecx, [ecx]"); fasm2.AddLine("mov [eax], ecx"); fasm2.AddLine("add eax, 4"); object[] objArray8 = new object[] { ptr6 }; fasm2.AddLine("mov ecx, {0}", objArray8); fasm2.AddLine("add ecx, 4"); fasm2.AddLine("mov ecx, [ecx]"); fasm2.AddLine("mov [eax], ecx"); object[] objArray9 = new object[] { ptr6 }; fasm2.AddLine("mov ecx, {0}", objArray9); fasm2.AddLine("add ecx, 8"); fasm2.AddLine("mov eax, [ecx]"); fasm2.AddLine("pop ecx"); object[] objArray10 = new object[] { ptr7 }; fasm2.AddLine("pushd [{0}]", objArray10); fasm2.AddLine("retn"); byte[] buffer10 = fasm2.Assemble(); fasm2.Clear(); allocatedMemory_0.WriteBytes(offsetInBytes, buffer10); ptr2 = allocatedMemory_0.Address + offsetInBytes; offsetInBytes += buffer10.Length; byte_3 = new byte[5]; byte_3[0] = 0xe9; byte[] buffer11 = BitConverter.GetBytes((int)((ptr2.ToInt32() - intptr_3.ToInt32()) - 5)); for (int m = 0; m < buffer11.Length; m++) { byte_3[m + 1] = buffer11[m]; } memory.Patches.Create(intptr_3, byte_3, "ProcessHookManager_GetCursorPos"); byte[] buffer12 = new byte[12]; buffer12[8] = 1; allocatedMemory_0.WriteBytes(offsetInBytes, buffer12); IntPtr ptr9 = allocatedMemory_0.Address + offsetInBytes; int_4 = offsetInBytes; offsetInBytes += 4; int_5 = offsetInBytes; offsetInBytes += 4; int_6 = offsetInBytes; offsetInBytes += 4; byte[] buffer13 = new byte[12]; allocatedMemory_0.WriteBytes(offsetInBytes, buffer13); IntPtr ptr10 = allocatedMemory_0.Address + offsetInBytes; offsetInBytes += 4; IntPtr ptr11 = allocatedMemory_0.Address + offsetInBytes; offsetInBytes += 4; IntPtr ptr12 = allocatedMemory_0.Address + offsetInBytes; offsetInBytes += 4; ManagedFasm fasm3 = memory.Asm; fasm3.Clear(); fasm3.AddLine("pop eax"); object[] objArray11 = new object[] { ptr10 }; fasm3.AddLine("mov [{0}], eax", objArray11); fasm3.AddLine("pop eax"); object[] objArray12 = new object[] { ptr11 }; fasm3.AddLine("mov [{0}], eax", objArray12); fasm3.AddLine("pop eax"); object[] objArray13 = new object[] { ptr12 }; fasm3.AddLine("mov [{0}], eax", objArray13); fasm3.AddLine("push ecx"); object[] objArray14 = new object[] { ptr9 }; fasm3.AddLine("mov ecx, {0}", objArray14); fasm3.AddLine("mov ecx, [ecx]"); fasm3.AddLine("mov [eax], ecx"); fasm3.AddLine("add eax, 4"); object[] objArray15 = new object[] { ptr9 }; fasm3.AddLine("mov ecx, {0}", objArray15); fasm3.AddLine("add ecx, 4"); fasm3.AddLine("mov ecx, [ecx]"); fasm3.AddLine("mov [eax], ecx"); object[] objArray16 = new object[] { ptr9 }; fasm3.AddLine("mov ecx, {0}", objArray16); fasm3.AddLine("add ecx, 8"); fasm3.AddLine("mov eax, [ecx]"); fasm3.AddLine("pop ecx"); object[] objArray17 = new object[] { ptr10 }; fasm3.AddLine("pushd [{0}]", objArray17); fasm3.AddLine("retn"); byte[] buffer14 = fasm3.Assemble(); fasm3.Clear(); allocatedMemory_0.WriteBytes(offsetInBytes, buffer14); ptr2 = allocatedMemory_0.Address + offsetInBytes; offsetInBytes += buffer14.Length; byte_4 = new byte[5]; byte_4[0] = 0xe9; byte[] buffer15 = BitConverter.GetBytes((int)((ptr2.ToInt32() - intptr_4.ToInt32()) - 5)); for (int n = 0; n < buffer15.Length; n++) { byte_4[n + 1] = buffer15[n]; } memory.Patches.Create(intptr_4, byte_4, "ProcessHookManager_ScreenToClient"); smethod_2(); } catch (Exception) { flag = true; throw; } finally { if (flag && (allocatedMemory_0 != null)) { allocatedMemory_0.Dispose(); allocatedMemory_0 = null; } } }
internal static void smethod_3() { State = StateEnum.None; foreach (string path in string_0) { try { File.Delete(path); } catch { } } ExternalProcessMemory externalProcessMemory_ = ExternalProcessMemory_0; intptr_1 = externalProcessMemory_.GetProcAddress("user32.dll", "GetActiveWindow"); if (intptr_1 == IntPtr.Zero) { throw new Exception("The function 'GetActiveWindow' was not found."); } intptr_0 = externalProcessMemory_.GetProcAddress("user32.dll", "GetForegroundWindow"); if (intptr_0 == IntPtr.Zero) { throw new Exception("The function 'GetForegroundWindow' was not found."); } intptr_2 = externalProcessMemory_.GetProcAddress("user32.dll", "GetKeyState"); if (intptr_2 == IntPtr.Zero) { throw new Exception("The function 'GetKeyState' was not found."); } intptr_3 = externalProcessMemory_.GetProcAddress("user32.dll", "GetCursorPos"); if (intptr_3 == IntPtr.Zero) { throw new Exception("The function 'GetCursorPos' was not found."); } intptr_4 = externalProcessMemory_.GetProcAddress("user32.dll", "ScreenToClient"); if (intptr_4 == IntPtr.Zero) { throw new Exception("The function 'ScreenToClient' was not found."); } allocatedMemory_0 = externalProcessMemory_.CreateAllocatedMemory(4096); List <byte[]> list = ProcessHookManager.smethod_1(); if (list != null) { using (TritonHs.AcquireFrame()) { ExternalProcessMemory_0.WriteBytes(intptr_0, list[0]); ExternalProcessMemory_0.WriteBytes(intptr_1, list[1]); ExternalProcessMemory_0.WriteBytes(intptr_2, list[2]); ExternalProcessMemory_0.WriteBytes(intptr_3, list[3]); ExternalProcessMemory_0.WriteBytes(intptr_4, list[4]); } } bool flag = false; try { IntPtr intPtr_ = ProcessHookManager.IntPtr_0; ManagedFasm asm = externalProcessMemory_.Asm; asm.Clear(); asm.smethod_3("mov eax, " + intPtr_); asm.smethod_3("retn"); byte[] array2 = asm.Assemble(); asm.Clear(); allocatedMemory_0.WriteBytes(0, array2); int value = (allocatedMemory_0.Address + 0).ToInt32() - intptr_0.ToInt32() - 5; int value2 = (allocatedMemory_0.Address + 0).ToInt32() - intptr_1.ToInt32() - 5; int num = 0 + array2.Length; ProcessHookManager.byte_0 = new byte[5]; ProcessHookManager.byte_0[0] = 233; byte[] bytes = BitConverter.GetBytes(value); for (int j = 0; j < bytes.Length; j++) { ProcessHookManager.byte_0[j + 1] = bytes[j]; } ProcessHookManager.byte_1 = new byte[5]; ProcessHookManager.byte_1[0] = 233; byte[] bytes2 = BitConverter.GetBytes(value2); for (int k = 0; k < bytes2.Length; k++) { ProcessHookManager.byte_1[k + 1] = bytes2[k]; } externalProcessMemory_.Patches.Create(intptr_0, ProcessHookManager.byte_0, "ProcessHookManager_GetForegroundWindow"); externalProcessMemory_.Patches.Create(intptr_1, ProcessHookManager.byte_1, "ProcessHookManager_GetActiveWindow"); byte[] bytes3 = new byte[1024]; allocatedMemory_0.WriteBytes(num, bytes3); IntPtr intPtr = allocatedMemory_0.Address + num; ProcessHookManager.int_0 = num; num += 1024; byte[] bytes4 = new byte[8]; allocatedMemory_0.WriteBytes(num, bytes4); IntPtr intPtr2 = allocatedMemory_0.Address + num; num += 4; IntPtr intPtr3 = allocatedMemory_0.Address + num; num += 4; ManagedFasm asm2 = externalProcessMemory_.Asm; asm2.Clear(); asm2.smethod_3("pop eax"); asm2.smethod_4("mov [{0}], eax", new object[] { intPtr2 }); asm2.smethod_3("pop eax"); asm2.smethod_4("mov [{0}], eax", new object[] { intPtr3 }); asm2.smethod_3("imul eax, 4"); asm2.smethod_4("add eax, {0}", new object[] { intPtr }); asm2.smethod_3("mov eax, [eax]"); asm2.smethod_4("pushd [{0}]", new object[] { intPtr2 }); asm2.smethod_3("retn"); byte[] array3 = asm2.Assemble(); asm2.Clear(); allocatedMemory_0.WriteBytes(num, array3); int value3 = (allocatedMemory_0.Address + num).ToInt32() - intptr_2.ToInt32() - 5; num += array3.Length; ProcessHookManager.byte_2 = new byte[5]; ProcessHookManager.byte_2[0] = 233; byte[] bytes5 = BitConverter.GetBytes(value3); for (int l = 0; l < bytes5.Length; l++) { ProcessHookManager.byte_2[l + 1] = bytes5[l]; } externalProcessMemory_.Patches.Create(intptr_2, ProcessHookManager.byte_2, "ProcessHookManager_GetKeyState"); byte[] array4 = new byte[12]; array4[8] = 1; allocatedMemory_0.WriteBytes(num, array4); IntPtr intPtr4 = allocatedMemory_0.Address + num; ProcessHookManager.int_1 = num; num += 4; ProcessHookManager.int_2 = num; num += 4; ProcessHookManager.int_3 = num; num += 4; byte[] bytes6 = new byte[8]; allocatedMemory_0.WriteBytes(num, bytes6); IntPtr intPtr5 = allocatedMemory_0.Address + num; num += 4; IntPtr intPtr6 = allocatedMemory_0.Address + num; num += 4; ManagedFasm asm3 = externalProcessMemory_.Asm; asm3.Clear(); asm3.smethod_3("pop eax"); asm3.smethod_4("mov [{0}], eax", new object[] { intPtr5 }); asm3.smethod_3("pop eax"); asm3.smethod_4("mov [{0}], eax", new object[] { intPtr6 }); asm3.smethod_3("push ecx"); asm3.smethod_4("mov ecx, {0}", new object[] { intPtr4 }); asm3.smethod_3("mov ecx, [ecx]"); asm3.smethod_3("mov [eax], ecx"); asm3.smethod_3("add eax, 4"); asm3.smethod_4("mov ecx, {0}", new object[] { intPtr4 }); asm3.smethod_3("add ecx, 4"); asm3.smethod_3("mov ecx, [ecx]"); asm3.smethod_3("mov [eax], ecx"); asm3.smethod_4("mov ecx, {0}", new object[] { intPtr4 }); asm3.smethod_3("add ecx, 8"); asm3.smethod_3("mov eax, [ecx]"); asm3.smethod_3("pop ecx"); asm3.smethod_4("pushd [{0}]", new object[] { intPtr5 }); asm3.smethod_3("retn"); byte[] array5 = asm3.Assemble(); asm3.Clear(); allocatedMemory_0.WriteBytes(num, array5); int value4 = (allocatedMemory_0.Address + num).ToInt32() - intptr_3.ToInt32() - 5; num += array5.Length; ProcessHookManager.byte_3 = new byte[5]; ProcessHookManager.byte_3[0] = 233; byte[] bytes7 = BitConverter.GetBytes(value4); for (int m = 0; m < bytes7.Length; m++) { ProcessHookManager.byte_3[m + 1] = bytes7[m]; } externalProcessMemory_.Patches.Create(intptr_3, ProcessHookManager.byte_3, "ProcessHookManager_GetCursorPos"); byte[] array6 = new byte[12]; array6[8] = 1; allocatedMemory_0.WriteBytes(num, array6); IntPtr intPtr7 = allocatedMemory_0.Address + num; ProcessHookManager.int_4 = num; num += 4; ProcessHookManager.int_5 = num; num += 4; ProcessHookManager.int_6 = num; num += 4; byte[] bytes8 = new byte[12]; allocatedMemory_0.WriteBytes(num, bytes8); IntPtr intPtr8 = allocatedMemory_0.Address + num; num += 4; IntPtr intPtr9 = allocatedMemory_0.Address + num; num += 4; IntPtr intPtr10 = allocatedMemory_0.Address + num; num += 4; ManagedFasm asm4 = externalProcessMemory_.Asm; asm4.Clear(); asm4.smethod_3("pop eax"); asm4.smethod_4("mov [{0}], eax", new object[] { intPtr8 }); asm4.smethod_3("pop eax"); asm4.smethod_4("mov [{0}], eax", new object[] { intPtr9 }); asm4.smethod_3("pop eax"); asm4.smethod_4("mov [{0}], eax", new object[] { intPtr10 }); asm4.smethod_3("push ecx"); asm4.smethod_4("mov ecx, {0}", new object[] { intPtr7 }); asm4.smethod_3("mov ecx, [ecx]"); asm4.smethod_3("mov [eax], ecx"); asm4.smethod_3("add eax, 4"); asm4.smethod_4("mov ecx, {0}", new object[] { intPtr7 }); asm4.smethod_3("add ecx, 4"); asm4.smethod_3("mov ecx, [ecx]"); asm4.smethod_3("mov [eax], ecx"); asm4.smethod_4("mov ecx, {0}", new object[] { intPtr7 }); asm4.smethod_3("add ecx, 8"); asm4.smethod_3("mov eax, [ecx]"); asm4.smethod_3("pop ecx"); asm4.smethod_4("pushd [{0}]", new object[] { intPtr8 }); asm4.smethod_3("retn"); byte[] array7 = asm4.Assemble(); asm4.Clear(); allocatedMemory_0.WriteBytes(num, array7); int value5 = (allocatedMemory_0.Address + num).ToInt32() - intptr_4.ToInt32() - 5; num += array7.Length; ProcessHookManager.byte_4 = new byte[5]; ProcessHookManager.byte_4[0] = 233; byte[] bytes9 = BitConverter.GetBytes(value5); for (int n = 0; n < bytes9.Length; n++) { ProcessHookManager.byte_4[n + 1] = bytes9[n]; } externalProcessMemory_.Patches.Create(intptr_4, ProcessHookManager.byte_4, "ProcessHookManager_ScreenToClient"); ProcessHookManager.smethod_2(); } catch (Exception) { flag = true; throw; } finally { if (flag && allocatedMemory_0 != null) { allocatedMemory_0.Dispose(); allocatedMemory_0 = null; } } }
/// <summary> /// Retrieve global LUA variables from the WoW process /// </summary> /// <param name="commands">String names of variables to retrieve</param> /// <returns>values of the variables to retrieve</returns> /// <exception cref="HookNotAppliedException">Thrown when the required hook has not been applied</exception> public static Dictionary <string, string> GetLocalizedText(IEnumerable <string> commands) { var returnDict = new Dictionary <string, string>(); if (commands == null) { throw new ArgumentNullException("commands"); } List <string> enumerable = commands.ToList(); if (!enumerable.Any()) { return(returnDict); } var builder = new StringBuilder(enumerable.Count); foreach (string s in enumerable.Where(s => !string.IsNullOrWhiteSpace(s))) { builder.Append(s); builder.Append('\0'); returnDict[s] = string.Empty; } int commandSpace = Encoding.UTF8.GetBytes(builder.ToString()).Length; commandSpace += commandSpace % 4; int returnAddressSpace = enumerable.Count == 0 ? 0x4 : enumerable.Count * 0x4; AllocatedMemory mem = BotManager.Memory.CreateAllocatedMemory(commandSpace + returnAddressSpace + 0x4); try { mem.WriteBytes("command", Encoding.UTF8.GetBytes(builder.ToString())); mem.WriteBytes("returnVarsPtr", new byte[enumerable.Count * 0x4]); mem.Write("returnVarsNamesPtr", mem["command"]); InternalExecute(IntPtr.Zero, mem["returnVarsNamesPtr"], enumerable.Count, mem["returnVarsPtr"]); if (enumerable.Any()) { byte[] address = BotManager.Memory.ReadBytes(mem["returnVarsPtr"], enumerable.Count * 4); Parallel.ForEach(enumerable, // source collection () => 0, // method to initialize the local variable (value, loop, offset) => // method invoked by the loop on each iteration { var retnByte = new List <byte>(); var dwAddress = new IntPtr(BitConverter.ToInt32(address, offset)); if (dwAddress != IntPtr.Zero) { var buf = BotManager.Memory.Read <byte>(dwAddress); while (buf != 0) { retnByte.Add(buf); dwAddress = dwAddress + 1; buf = BotManager.Memory.Read <byte>(dwAddress); } } returnDict[value] = Encoding.UTF8.GetString(retnByte.ToArray()); offset += 0x4; //modify local variable return(offset); // value to be passed to next iteration }, finalResult => { } ); } } finally { mem.Dispose(); } return(returnDict); }
/// <summary> /// Apply the DirectX function hook to the WoW process /// </summary> /// <returns>true if it applied correctly. Otherwise, false</returns> public bool Apply() { //Lets check if we are already hooked. if (IsApplied) { //Were already hooked. //So lets restore the original bytes. Restore(); } _allocatedMemory = BotManager.Memory.CreateAllocatedMemory(CODECAVESIZE + 0x1000 + 0x4 + 0x4); _dxAddress = new Dirext3D(BotManager.Memory.Process); // store original bytes _endSceneOriginalBytes = BotManager.Memory.ReadBytes(_dxAddress.HookPtr - 5, 10); int jumpLoc = 0; if (_endSceneOriginalBytes[5] == 0xE9) { DialogResult result = MessageBox.Show(LocalSettings.Translations["Hook Found"], LocalSettings.Translations["Warning"], MessageBoxButtons.YesNo, MessageBoxIcon.Warning); if (result == DialogResult.No) { return(false); } Logging.Log("Detected Another hook. Trying to hook anyway."); var offset = BotManager.Memory.Read <int>(_dxAddress.HookPtr + 1); jumpLoc = _dxAddress.HookPtr.ToInt32() + offset + 5; } foreach (int b in _endSceneOriginalBytes.Where(b => b == 0xE9).Select((b, i) => i)) { Logging.Log("E9 byte Detected at index: " + b); } if (_endSceneOriginalBytes[0] == 0xE9) { MessageBox.Show(LocalSettings.Translations["Reattach"]); return(false); } try { _allocatedMemory.WriteBytes("codeCavePtr", _eraser); _allocatedMemory.WriteBytes("injectedCode", _eraser); _allocatedMemory.Write("addressInjection", 0); _allocatedMemory.Write("returnInjectionAsm", 0); var asm = new List <string> { "pushad", // save registers to the stack "pushfd", "mov eax, [" + _allocatedMemory["addressInjection"] + "]", "test eax, eax", // Test if you need launch injected code "je @out", "mov eax, [" + _allocatedMemory["addressInjection"] + "]", "call eax", // Launch Function "mov [" + _allocatedMemory["returnInjectionAsm"] + "], eax", // Copy pointer return value "mov edx, " + _allocatedMemory["addressInjection"], // Enter value 0 of so we know we are done "mov ecx, 0", "mov [edx], ecx", "@out:", // Close function "popfd", // load reg "popad" }; asm = AddRandomAsm(asm); // injected code int sizeAsm = Inject(asm, _allocatedMemory["injectedCode"]); // Size asm jumpback int sizeJumpBack; // copy and save original instructions if (jumpLoc != 0) { asm.Clear(); asm.Add("jmp " + (uint)jumpLoc); Inject(asm, IntPtr.Add(_allocatedMemory["injectedCode"], sizeAsm)); sizeJumpBack = 5; } else { BotManager.Memory.WriteBytes(IntPtr.Add(_allocatedMemory["injectedCode"], sizeAsm), new[] { _endSceneOriginalBytes[5], _endSceneOriginalBytes[6] }); sizeJumpBack = 2; } asm.Clear(); asm.Add("jmp " + ((uint)_dxAddress.HookPtr + sizeJumpBack)); // short jump takes 2 bytes. // create jump back stub Inject(asm, _allocatedMemory["injectedCode"] + sizeAsm + sizeJumpBack); // create hook jump asm.Clear(); asm.Add("@top:"); asm.Add("jmp " + _allocatedMemory["injectedCode"]); asm.Add("jmp @top"); Inject(asm, _dxAddress.HookPtr - 5); IsApplied = true; } catch (Exception ex) { Logging.Log(ex); return(false); } return(true); }