private void HookTheGame(object sender, EventArgs e) { if (GameProcess == null) { try { // Game Process GameProcess = new MemorySharp(ApplicationFinder.FromProcessName("Tsonic_win").First()); // If the first doesn't successfully happen this will never be hit Invoke(new MethodInvoker(WriteGameIsHookedText)); Invoke(new MethodInvoker(DrawWindow)); Invoke(new MethodInvoker(DrawStuffTimer)); } catch { Invoke(new MethodInvoker(WriteWaitingForGameText)); } } else if (GameProcess.IsRunning == false) { try { // Game Process GameProcess = new MemorySharp(ApplicationFinder.FromProcessName("Tsonic_win").First()); // If the first doesn't successfully happen this will never be hit Invoke(new MethodInvoker(WriteGameIsHookedText)); Invoke(new MethodInvoker(DrawWindow)); Invoke(new MethodInvoker(DrawStuffTimer)); } catch { Invoke(new MethodInvoker(WriteWaitingForGameText)); } } }
/// <summary> /// Initializes a new instance of the <see cref="MemoryFactory"/> class. /// </summary> /// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param> internal MemoryFactory(MemorySharp memorySharp) { // Save the parameter MemorySharp = memorySharp; // Create a list containing all allocated memory InternalRemoteAllocations = new List <RemoteAllocation>(); }
public void HookTheGame(object sender, EventArgs e) { if (GameProcess == null) { try { // Game Process GameProcess = new MemorySharp(ApplicationFinder.FromProcessName("Tsonic_win").First()); // If the first doesn't successfully happen this will never be hit HeroesHandle = WinAPIComponents.FindWindow(null, HEROES_WINDOW_NAME); Program.xSmallMainWindow.Invoke(new MethodInvoker(WriteGameIsHookedText)); Program.xSmallMainWindow.Invoke(new MethodInvoker(DrawWindow)); } catch { Program.xSmallMainWindow.Invoke(new MethodInvoker(WriteWaitingForGameText)); } } else if (GameProcess.IsRunning == false) { try { // Game Process GameProcess = new MemorySharp(ApplicationFinder.FromProcessName("Tsonic_win").First()); // If the first doesn't successfully happen this will never be hit HeroesHandle = WinAPIComponents.FindWindow(null, HEROES_WINDOW_NAME); Program.xSmallMainWindow.Invoke(new MethodInvoker(WriteGameIsHookedText)); Program.xSmallMainWindow.Invoke(new MethodInvoker(DrawWindow)); } catch { Program.xSmallMainWindow.Invoke(new MethodInvoker(WriteWaitingForGameText)); } } }
private void setFPS_Click(object sender, EventArgs e) { using (var sharp = new MemorySharp(ApplicationFinder.FromProcessName("halo5forge").FirstOrDefault())) { long fps; try { fps = (long)Convert.ToInt32(FPSBox.Text); } catch (SystemException ex) { // this class's error string MessageBox.Show("Invalid FPS value"); return; } bool fpsValid = long.TryParse(FPSBox.Text.ToString(), out fps); if (fpsValid) { sharp[fpsAddress].Write <long>(1000000 / fps); } else { } } }
static void Main() { Console.WriteLine("sloobs ty fly"); Console.WriteLine("toggling fly!"); new Thread(() => { while (true) { using (var m = new MemorySharp(ApplicationFinder.FromProcessName("TY2").First())) { var jumpPointer = new IntPtr(0x004465EC); int[] offsets = { 0x3C, 0x3C, 0x238, 0x54, 0xDC, 0x4 }; jumpPointer = m[jumpPointer].Read <IntPtr>(); jumpPointer = m[jumpPointer + offsets[0], false].Read <IntPtr>(); jumpPointer = m[jumpPointer + offsets[1], false].Read <IntPtr>(); jumpPointer = m[jumpPointer + offsets[2], false].Read <IntPtr>(); jumpPointer = m[jumpPointer + offsets[3], false].Read <IntPtr>(); jumpPointer = m[jumpPointer + offsets[4], false].Read <IntPtr>(); m[jumpPointer + offsets[5], false].Write(1); Thread.Sleep(50); } } }).Start(); }
/// <summary> /// Initializes a new instance of the <see cref="AssemblyFactory"/> class. /// </summary> /// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param> internal AssemblyFactory(MemorySharp memorySharp) { // Save the parameter MemorySharp = memorySharp; // Create the tool Assembler = new Fasm32Assembler(); }
public void LockProcess() { ProcessSharp = null; bool lockingInProgress = true; while (lockingInProgress) { Process[] processes = Process.GetProcesses(); bgw.ReportProgress(0, $"Ensure an executable with \"{ProcessSearchTerm}\" in its name is running."); for (int i = 0; i < processes.Length; i++) { if (!processes[i].ProcessName.ToLower().Contains(ProcessSearchTerm.ToLower())) { continue; } if (processes[i] == null) { continue; } try { ProcessSharp = new MemorySharp(processes[i]); } catch { continue; } ProcessSharp.Threads.SuspendAll(); InfoNotice(this, new NotificationEventArgs($"Found and locked on to \"{ProcessSharp.Native.ProcessName}\"")); lockingInProgress = false; break; } } }
private void setFov_Click(object sender, EventArgs e) { using (var sharp = new MemorySharp(ApplicationFinder.FromProcessName("halo5forge").FirstOrDefault())) { float fov; try { fov = (float)Convert.ToDouble(fovBox.Text); } catch (SystemException ex) { // this class's error string MessageBox.Show("Invalid FOV value"); return; } bool fovValid = float.TryParse(fovBox.Text.ToString(), out fov); if (fovValid) { sharp[fovAddress].Write <float>(fov); } else { } } }
private static T Read <T>(this MemorySharp _mem, bool isRelative = false, params IntPtr[] addresses) { if (addresses.Length == 0) { throw new InvalidOperationException("Cannot read a value from unspecified addresses."); } if (addresses.Length == 1) { return(_mem.Read <T>(addresses[0], isRelative)); } var temp = _mem.Read <IntPtr>(addresses[0], isRelative); if (temp == IntPtr.Zero) { throw new InvalidOperationException("First addresses returned 0"); } for (var i = 1; i < addresses.Length - 1; i++) { temp = _mem.Read <IntPtr>(temp + (int)addresses[i], isRelative); } return(_mem.Read <T>(temp + (int)addresses[addresses.Length - 1], isRelative)); }
/// <summary> /// Initializes a new instance of the <see cref="ModuleFactory"/> class. /// </summary> /// <param name="memorySharp">The reference of the <see cref="MemoryManagement.MemorySharp"/> object.</param> internal ModuleFactory(MemorySharp memorySharp) { // Save the parameter MemorySharp = memorySharp; // Create a list containing all injected modules InternalInjectedModules = new List <InjectedModule>(); }
public static void OnLoad() { var processes = Process.GetProcessesByName("csgo"); while (processes.Length == 0) { Console.WriteLine(@"Waiting for csgo to start"); if (processes.Length == 1) { break; } } while (ClientDll == null || EngineDll == null) { var sharp = new MemorySharp(processes[0]); ClientDll = sharp.Modules.RemoteModules.FirstOrDefault(f => f.Name == "client.dll"); EngineDll = sharp.Modules.RemoteModules.FirstOrDefault(f => f.Name == "engine.dll"); } Entities = new EntitesModule(); LocalPlayer = new PlayerModule(); Crosshair = new CrosshairModule(); Memory = new MemorySharp(processes[0]); }
/// <summary> /// Initializes a new instance of the <see cref="RemoteAllocation" /> class. /// </summary> /// <param name="memorySharp">The reference of the <see cref="MemorySharp" /> object.</param> /// <param name="size">The size of the allocated memory.</param> /// <param name="protection">The protection of the allocated memory.</param> /// <param name="mustBeDisposed">The allocated memory will be released when the finalizer collects the object.</param> internal RemoteAllocation(MemorySharp memorySharp, int size, MemoryProtectionFlags protection = MemoryProtectionFlags.ExecuteReadWrite, bool mustBeDisposed = true) : base(memorySharp, MemoryCore.Allocate(memorySharp.Handle, size, protection)) { // Set local vars MustBeDisposed = mustBeDisposed; IsDisposed = false; }
public object GetValueFromPtr(MemorySharp m, IntPtr adr) { string result = "ERROR"; try { if (retHEX.Checked) { result = "0x" + m.Read <int>(adr, false).ToString("X4"); } if (retINT.Checked) { result = m.Read <int>(adr, false).ToString(); } if (retUINT.Checked) { result = m.Read <uint>(adr, false).ToString(); } if (retFLOAT.Checked) { result = m.Read <float>(adr, false).ToString(); } if (retSTRING.Checked) { result = m.ReadString(adr, false); } } catch { } return(result); }
/// <summary> /// Initializes a new instance of the <see cref="ModuleFactory" /> class. /// </summary> /// <param name="memorySharp">The reference of the <see cref="MemoryManagement.MemorySharp" /> object.</param> internal ModuleFactory(MemorySharp memorySharp) { // Save the parameter MemorySharp = memorySharp; // Create a list containing all injected modules InternalInjectedModules = new List<InjectedModule>(); }
private void ProcessCheckThread(object sender) { while (_process == null) { Process[] foundProcesses = Process.GetProcessesByName(Modules.MEGU); if (foundProcesses.Length > 0) { Process foundProcess = foundProcesses[0]; ProcessModule module = foundProcess.Modules.Cast <ProcessModule>().FirstOrDefault(x => x.ModuleName == Modules.GCORE_DLL); if (module != null) { _process = foundProcess; _moduleGCore = module.BaseAddress; _memory = new MemorySharp(_process.Id); // Init memory watch thread _memoryWatchThread = new Thread(new ParameterizedThreadStart(MemoryWatchThread)); _memoryWatchThread.Start(); // Show overlay UI //_overlayForm.Invoke(new Action(() => _overlayForm.BindOverlayToGameProcess(_process))); // Update process status to subscribers UpdateProcessStatus(true); } } Thread.Sleep(100); } }
/// <summary> /// Initializes a new instance of the <see cref="MemoryFactory" /> class. /// </summary> /// <param name="memorySharp">The reference of the <see cref="MemorySharp" /> object.</param> internal MemoryFactory(MemorySharp memorySharp) { // Save the parameter MemorySharp = memorySharp; // Create a list containing all allocated memory InternalRemoteAllocations = new List<RemoteAllocation>(); }
private void WatchProcess() { while (true) { var procs = Process.GetProcessesByName("RobloxPlayerBeta"); if (procs.Length > 0 && procs.First().Id != CurrentPID) { Roblox = procs.First(); CurrentPID = Roblox.Id; Thread.Sleep(2000); // Delay Sharp = new MemorySharp(Roblox); SigScanSharp Sigscan = new SigScanSharp(Roblox.Handle); Sigscan.SelectModule(Roblox.MainModule); IntPtr GetTaskscheduler = traceRelativeCall(Roblox.Handle, Sigscan.FindPattern("E8 ? ? ? ? 8A 4D 08 83 C0 04")); Taskscheduler = new RemotePointer(Sharp, GetTaskscheduler).Execute <IntPtr>(); DelayOffset = FindTaskSchedulerFrameDelayOffset(Roblox.Handle, Taskscheduler); WriteMemory <double>(Roblox.Handle, Taskscheduler + DelayOffset, CurrentFps); } Thread.Sleep(500); } }
/// <summary> /// Initializes a new instance of the <see cref="RemoteAllocation"/> class. /// </summary> /// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param> /// <param name="size">The size of the allocated memory.</param> /// <param name="protection">The protection of the allocated memory.</param> /// <param name="mustBeDisposed">The allocated memory will be released when the finalizer collects the object.</param> internal RemoteAllocation(MemorySharp memorySharp, int size, MemoryProtectionFlags protection = MemoryProtectionFlags.ExecuteReadWrite, bool mustBeDisposed = true) : base(memorySharp, MemoryCore.Allocate(memorySharp.Handle, size, protection)) { // Set local vars MustBeDisposed = mustBeDisposed; IsDisposed = false; }
/// <summary> /// Initializes a new instance of the <see cref="MarshalledValue{T}"/> class. /// </summary> /// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param> /// <param name="value">The value to marshal.</param> public MarshalledValue(MemorySharp memorySharp, T value) { // Save the parameters MemorySharp = memorySharp; Value = value; // Marshal the value Marshal(); }
public static void SetAspectRatio(float aspectratio) { using (var m = new MemorySharp(getProcess())) { var fovPtr = new IntPtr(0x332FC18); m[fovPtr].Write <float>(aspectratio); } }
internal static void Detach() { MemorySharp?.Dispose(); MemorySharp = null; ProcessExited?.Invoke(); OffsetScanner.Reset(); }
private void readCurrentValues() { using (var sharp = new MemorySharp(ApplicationFinder.FromProcessName("halo5forge").FirstOrDefault())) { fovBox.Text = Convert.ToString(sharp[fovAddress].Read <float>()); FPSBox.Text = Convert.ToString(1000000 / sharp[fpsAddress].Read <long>()); } }
public static void SetResolutionWidth(int width) { using (var m = new MemorySharp(getProcess())) { var resHeightPtr = new IntPtr(0x4E97F60); m[resHeightPtr].Write <int>(width); } }
public static void SetFOV(float fov) { using (var m = new MemorySharp(getProcess())) { var fovPtr = new IntPtr(0x58ECF90); m[fovPtr].Write <float>(fov); } }
public static int GetFOV() { using (var m = new MemorySharp(getProcess())) { var fovPtr = new IntPtr(0x58ECF90); return(Convert.ToInt16(m[fovPtr].Read <float>())); } }
private void InitializeGameInMemory() { Process[] processes = Process.GetProcessesByName(Constants.GAME_PROCESSNAME); if (processes.Count() > 0) { this.gameMemory = new MemorySharp(processes[0]); } }
public static int GetResolutionWidth() { using (var m = new MemorySharp(getProcess())) { var resWidthPtr = new IntPtr(0x4E97F60); return(Convert.ToInt16(m[resWidthPtr].Read <int>())); } }
private void button1_Click(object sender, EventArgs e) { if (!File.Exists(config.ClientDirectory)) { GetOps(config); } var server = config.Servers.Find(i => i.ServerName == comboBox1.Text); if (server == null) { MessageBox.Show("Error, Check config."); return; } STARTUPINFO si = new STARTUPINFO(); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); bool success = NativeMethods.CreateProcess(config.ClientDirectory, null, IntPtr.Zero, IntPtr.Zero, false, ProcessCreationFlags.CREATE_SUSPENDED, IntPtr.Zero, null, ref si, out pi); MemorySharp memory; try { memory = new MemorySharp((int)pi.dwProcessId); } catch { MessageBox.Show("This application needs to run as admin."); return; } var payload = new byte[7]; var segments = server.IPAddress.Split('.'); if (server.ClientVersion == 718 && segments.Length == 4) { payload[0] = Convert.ToByte(segments[3]); payload[1] = 0x6A; payload[2] = Convert.ToByte(segments[2]); payload[3] = 0x6A; payload[4] = Convert.ToByte(segments[1]); payload[5] = 0x6A; payload[6] = Convert.ToByte(segments[0]); memory.Write((IntPtr)(0x400000 + server.HookTable), payload, false); memory.Write((IntPtr)(0x400000 + server.PatchTable), payload, false); //kill memory.Write((IntPtr)(0x400000 + server.SplashPtr), 0x87, false); } IntPtr ThreadHandle = pi.hThread; NativeMethods.ResumeThread(ThreadHandle); }
public MainWindow() { InitializeComponent(); try { _process = new MemorySharp(System.Diagnostics.Process.GetProcessesByName("csgo").FirstOrDefault()); } catch (Exception e) { MessageBox.Show($"CS:GO is not running, please start CS:GO before attempting to run this program.\n\n {e}", "CS:GO not running!", MessageBoxButton.OK, MessageBoxImage.Exclamation); Environment.Exit(1); } _player = new Player(_process); _entity = new Entity(_process); var entities = Entity.AllEntities(_process); var count = 0; foreach (var entity in entities) { var distanceToPlayer = General.GetDistanceToEnemyFromPlayer(_player.Position, entity.Position); lbxEntity.Items.Add($"({count})Entity Address: 0x{entity.EntityAddr:X8}, Distance: {distanceToPlayer:.##}m"); count++; } /* * TEST STUFF */ /*var entityList = new List<Entity>(); * * for (var i = 0; i < 32; i++) * { * try * { * _entity.SingleEntity(i); * * if (_entity.EntityAddr != 0) * entityList.Add(_entity); * * } * catch (Exception) * { * * } * } * * foreach (var entity in entityList) * { * lbxEntity.Items.Add(entity.Name + $" {entity.RadarNameAddress:X8}"); * }*/ }
/// <summary> /// Initializes a new instance of the <see cref="AssemblyTransaction"/> class. /// </summary> /// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param> /// <param name="address">The address where the assembly code is injected.</param> /// <param name="autoExecute">Indicates whether the assembly code is executed once the object is disposed.</param> public AssemblyTransaction(MemorySharp memorySharp, IntPtr address, bool autoExecute) { // Save the parameters MemorySharp = memorySharp; IsAutoExecuted = autoExecute; Address = address; // Initialize the string builder Mnemonics = new StringBuilder(); }
#pragma warning restore AsyncFixer01 // Unnecessary async/await usage private static byte[] ReadSessionKeyFromProcessMemory(string processId) { using (MemorySharp memorySharpProvider = new MemorySharp(Int32.Parse(processId))) { IntPtr sub_6B0970Result = memorySharpProvider.Read <IntPtr>((IntPtr)0x00C79CF4, false); IntPtr sessionKeyAddress = sub_6B0970Result + 0x508; return(memorySharpProvider.Read <byte>(sessionKeyAddress, 40, false)); } }
/// <summary> /// Initializes a new instance of the <see cref="RemoteWindow"/> class. /// </summary> /// <param name="memorySharp">The reference of the <see cref="Library.MemorySharp.MemorySharp"/> object.</param> /// <param name="handle">The handle of a window.</param> internal RemoteWindow(MemorySharp memorySharp, IntPtr handle) { // Save the parameters MemorySharp = memorySharp; Handle = handle; // Create the tools Keyboard = new MessageKeyboard(this); Mouse = new SendInputMouse(this); }
/// <summary> /// Injects the specified module into the address space of the remote process. /// </summary> /// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param> /// <param name="path">The path of the module. This can be either a library module (a .dll file) or an executable module (an .exe file).</param> /// <returns>A new instance of the <see cref="InjectedModule"/>class.</returns> internal static InjectedModule InternalInject(MemorySharp memorySharp, string path) { // Call LoadLibraryA remotely var thread = memorySharp.Threads.CreateAndJoin(memorySharp["kernel32"]["LoadLibraryA"].BaseAddress, path); // Get the inject module if (thread.GetExitCode<IntPtr>() != IntPtr.Zero) return new InjectedModule(memorySharp, memorySharp.Modules.NativeModules.First(m => m.BaseAddress == thread.GetExitCode<IntPtr>())); return null; }
/// <summary> /// Initializes a new instance of the <see cref="AssemblyTransaction"/> class. /// </summary> /// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param> /// <param name="address">The address where the assembly code is injected.</param> /// <param name="autoExecute">Indicates whether the assembly code is executed once the object is disposed.</param> public AssemblyTransaction(MemorySharp memorySharp, IntPtr address, bool autoExecute) { // Save the parameters MemorySharp = memorySharp; IsAutoExecuted = autoExecute; Address = address; // Initialize the string builder Instructions = new List<string>(); }
/// <summary> /// Initializes a new instance of the <see cref="ModuleFactory"/> class. /// </summary> /// <param name="memorySharp">The reference of the <see cref="MemoryManagement.MemorySharp"/> object.</param> internal ModuleFactory(MemorySharp memorySharp) { // Save the parameter MemorySharp = memorySharp; // Create a list containing all injected modules InternalInjectedModules = new List<InjectedModule>(); // Save a reference of the main module (the main module is required for a lot of operations, cached for speed reasons) MainModule = FetchModule(MemorySharp.Native.MainModule); }
/// <summary> /// Initializes a new instance of the <see cref="MemoryProtection" /> class. /// </summary> /// <param name="memorySharp">The reference of the <see cref="MemorySharp" /> object.</param> /// <param name="baseAddress">The base address of the memory to change the protection.</param> /// <param name="size">The size of the memory to change.</param> /// <param name="protection">The new protection to apply.</param> /// <param name="mustBeDisposed">The resource will be automatically disposed when the finalizer collects the object.</param> public MemoryProtection(MemorySharp memorySharp, IntPtr baseAddress, int size, MemoryProtectionFlags protection = MemoryProtectionFlags.ExecuteReadWrite, bool mustBeDisposed = true) { // Save the parameters _memorySharp = memorySharp; BaseAddress = baseAddress; NewProtection = protection; Size = size; MustBeDisposed = mustBeDisposed; // Change the memory protection OldProtection = MemoryCore.ChangeProtection(_memorySharp.Handle, baseAddress, size, protection); }
private void button2_Click(object sender, EventArgs e) { //Max Level using (var m = new MemorySharp(ApplicationFinder.FromProcessName(gameName).FirstOrDefault())) { var levelPtr = new IntPtr(0x01CAC924); int[] offsets = { 0x324, 0x38 }; levelPtr = m[levelPtr].Read<IntPtr>(); levelPtr = m[levelPtr + offsets[0], false].Read<IntPtr>(); m[levelPtr + offsets[1], false].Write<int>(15); } }
private void button1_Click(object sender, EventArgs e) { //Max Money using (var m = new MemorySharp(ApplicationFinder.FromProcessName(gameName).FirstOrDefault())) { var moneyPtr = new IntPtr(0x01B71110); int[] offsets = { 0x0, 0x14, 0x14, 0x218 }; moneyPtr = m[moneyPtr].Read<IntPtr>(); moneyPtr = m[moneyPtr + offsets[0], false].Read<IntPtr>(); moneyPtr = m[moneyPtr + offsets[1], false].Read<IntPtr>(); moneyPtr = m[moneyPtr + offsets[2], false].Read<IntPtr>(); m[moneyPtr + offsets[3], false].Write<int>(999999999); } }
public void Equality() { // Arrange var notepad = Resources.MemorySharp; var own = new MemorySharp(Resources.ProcessSelf); // Act var ptr1 = notepad[IntPtr.Zero]; var ptr2 = notepad[IntPtr.Zero]; var ptr3 = own[IntPtr.Zero]; // Assert Assert.AreEqual(ptr1, ptr2, "IEquatable is not properly implemented."); Assert.AreNotEqual(ptr2, ptr3, "IEquatable is not properly implemented."); }
public void Equals() { // Arrange var remote = Resources.MemorySharp; var own = new MemorySharp(Resources.ProcessSelf); // Act var module1 = remote["kernel32"]; var module2 = remote["kernel32"]; var module3 = own["kernel32"]; // Assert Assert.AreEqual(module1, module2); Assert.AreNotEqual(module1, module3); }
/// <summary> /// Main window constructor /// </summary> public MainWindow() { InitializeComponent(); instance = this; Process[] processes = Process.GetProcessesByName("StarCraft"); if (processes.Length > 0) { sharp = new MemorySharp(processes[0]); UnitsController = new ItemController<Unit>(Units, unitTab, unitList); SpritesController = new ItemController<Sprite>(Sprites, spriteTab, spriteList); ImagesController = new ItemController<Image>(Images, imageTab, imageList); ExtraImagesController = new ItemController<Image>(ExtraImages, extraImageTab, extraImageList); HPImagesController = new ItemController<Image>(HPImages, hpImageTab, hpImageList); } }
/* Sets the games current money to max money. */ public static void SetMaxMoney(int money) { try { using (var m = new MemorySharp(getProcess())) { var moneyPtr = new IntPtr(0x01B71110); int[] offsets = { 0x0, 0x14, 0x14, 0x218 }; moneyPtr = m[moneyPtr].Read<IntPtr>(); moneyPtr = m[moneyPtr + offsets[0], false].Read<IntPtr>(); moneyPtr = m[moneyPtr + offsets[1], false].Read<IntPtr>(); moneyPtr = m[moneyPtr + offsets[2], false].Read<IntPtr>(); m[moneyPtr + offsets[3], false].Write<int>(money); } } catch (Win32Exception) { MessageBox.Show("An error occurred while writing to memory. This is most likely caused by not being in game when writing to memory.", "The Stick of Cheat", MessageBoxButtons.OK, MessageBoxIcon.Error); } }
//const string WebMonoDll = "mono-1-vc.dll"; static void GetMonoRemoteFunctions(MemorySharp memorySharp, out RemoteFunction mono_get_root_domain, out RemoteFunction mono_thread_attach, out RemoteFunction mono_security_set_mode, out RemoteFunction mono_domain_get, out RemoteFunction mono_domain_assembly_open, out RemoteFunction mono_assembly_get_image, out RemoteFunction mono_class_from_name, out RemoteFunction mono_class_get_method_from_name, out RemoteFunction mono_runtime_invoke) { Console.ForegroundColor = ConsoleColor.White; mono_get_root_domain = memorySharp[DesktopMonoDll].FindFunction("mono_get_root_domain"); // Returns MonoDomain. Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("Function \"{0}\" found at 0x{1} address", mono_get_root_domain.Name, mono_get_root_domain.BaseAddress.ToString("X2")); Console.ForegroundColor = ConsoleColor.White; mono_thread_attach = memorySharp[DesktopMonoDll].FindFunction("mono_thread_attach"); // Returns MonoThread. Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("Function \"{0}\" found at 0x{1} address", mono_thread_attach.Name, mono_thread_attach.BaseAddress.ToString("X2")); Console.ForegroundColor = ConsoleColor.White; mono_security_set_mode = memorySharp[DesktopMonoDll].FindFunction("mono_security_set_mode"); // Returns void. Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("Function \"{0}\" found at 0x{1} address", mono_security_set_mode.Name, mono_security_set_mode.BaseAddress.ToString("X2")); Console.ForegroundColor = ConsoleColor.White; mono_domain_get = memorySharp[DesktopMonoDll].FindFunction("mono_domain_get"); // Returns MonoDomain. Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("Function \"{0}\" found at 0x{1} address", mono_domain_get.Name, mono_domain_get.BaseAddress.ToString("X2")); Console.ForegroundColor = ConsoleColor.White; mono_domain_assembly_open = memorySharp[DesktopMonoDll].FindFunction("mono_domain_assembly_open"); // Returns MonoAssembly. Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("Function \"{0}\" found at 0x{1} address", mono_domain_assembly_open.Name, mono_domain_assembly_open.BaseAddress.ToString("X2")); Console.ForegroundColor = ConsoleColor.White; mono_assembly_get_image = memorySharp[DesktopMonoDll].FindFunction("mono_assembly_get_image"); // Returns MonoImage. Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("Function \"{0}\" found at 0x{1} address", mono_assembly_get_image.Name, mono_assembly_get_image.BaseAddress.ToString("X2")); Console.ForegroundColor = ConsoleColor.White; mono_class_from_name = memorySharp[DesktopMonoDll].FindFunction("mono_class_from_name"); // Returns MonoClass. Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("Function \"{0}\" found at 0x{1} address", mono_class_from_name.Name, mono_class_from_name.BaseAddress.ToString("X2")); Console.ForegroundColor = ConsoleColor.White; mono_class_get_method_from_name = memorySharp[DesktopMonoDll].FindFunction("mono_class_get_method_from_name"); // Returns MonoMethod. Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("Function \"{0}\" found at 0x{1} address", mono_class_get_method_from_name.Name, mono_class_get_method_from_name.BaseAddress.ToString("X2")); Console.ForegroundColor = ConsoleColor.White; mono_runtime_invoke = memorySharp[DesktopMonoDll].FindFunction("mono_runtime_invoke"); // Returns MonoObject. Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("Function \"{0}\" found at 0x{1} address", mono_runtime_invoke.Name, mono_runtime_invoke.BaseAddress.ToString("X2")); Console.ForegroundColor = ConsoleColor.White; }
static void Main() { Console.Clear(); Console.Title = ".NET Mono Injector for Unity games by UnityInjector Team"; Console.BackgroundColor = ConsoleColor.Black; Console.ForegroundColor = ConsoleColor.White; Console.Write("Waiting for {0}.exe process to start", TargetProcessName); Console.ForegroundColor = ConsoleColor.DarkGray; Process p; while (true) { try { // Using "dumb" and fixed target process name, keeping it very very simple and straightforward just for now. // Start the game first, wait for loading to complete and then start UnityInjector 2 to avoid injector crash. We don't like to sleep here :zzzZZzzZZZzZzzZz p = Process.GetProcessesByName(TargetProcessName)[0]; break; } catch { Console.Write("."); } } Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("{0}{1} process was found", Environment.NewLine, p.MainModule.FileName); Console.ForegroundColor = ConsoleColor.White; using (MemorySharp m = new MemorySharp(p.Id)) { /* Using THE following PLAN: mono_thread_attach(mono_get_root_domain()); mono_security_set_mode(0); mono_runtime_invoke( mono_class_get_method_from_name( mono_class_from_name( mono_assembly_get_image( mono_domain_assembly_open( mono_domain_get(), "full_path_to_payload_file.dll" ) ), "namespace", "class" ), "method", 0 ), 0, 0, 0 ); */ // NOTE: int mono_security_get_mode() function is no longer exported (after security gets nulled, it can't be restored back). RemoteFunction mono_get_root_domain; RemoteFunction mono_thread_attach; RemoteFunction mono_security_set_mode; RemoteFunction mono_domain_get; RemoteFunction mono_domain_assembly_open; RemoteFunction mono_assembly_get_image; RemoteFunction mono_class_from_name; RemoteFunction mono_class_get_method_from_name; RemoteFunction mono_runtime_invoke; GetMonoRemoteFunctions(m, out mono_get_root_domain, out mono_thread_attach, out mono_security_set_mode, out mono_domain_get, out mono_domain_assembly_open, out mono_assembly_get_image, out mono_class_from_name, out mono_class_get_method_from_name, out mono_runtime_invoke); // Above code runs fine. From this point everything gets dirty, running/executing functions in order as the plan stated above :P AttachToMainThread(mono_get_root_domain, mono_thread_attach); NullMonoSecurity(mono_security_set_mode); Console.ForegroundColor = ConsoleColor.Cyan; Console.WriteLine("Injecting a payload..."); Console.ForegroundColor = ConsoleColor.White; // We need to use generic RemotePointer.Execute<T> function instead of RemotePointer.Execute, where T is a return type of each mono function but its .NET representation (which are missing, that is an issue which has arrived)... // Above is a list of functions and their return types on unmanaged side. We need their .NET representation or C++/CLI wrapper... Help will be appreciated. IntPtr mono_domain_get_result = mono_domain_get.Execute(CallingConventions.Cdecl); // Pointer to MonoDomain? There is no MonoDomain in C# Mono (perhaps it is AppDomain?). // Imagination of the code if there was .NET representation for unmanaged types like, MonoDomain which is returned by mono_domain_get function: // MonoDomain mono_domain_get_return = mono_domain_get.Execute<MonoDomain>(); Console.WriteLine("{0} returned {1} (0x{2})", mono_domain_get.Name, mono_domain_get_result, mono_domain_get_result.ToString("X2")); IntPtr mono_domain_assembly_open_result = mono_domain_assembly_open.Execute(CallingConventions.Cdecl, mono_domain_get_result, @"C:\Users\User\Documents\Visual Studio 2015\Projects\UnityInjector2\UnityInjector2\References\WarmodePayload.dll" // Update full path on your computer to match macro: @"$(SolutionDir)$(SolutionName)\References\WarmodePayload.dll" //"WarmodePayload.dll" // Only DLL filename can be used if payload DLL is inside the game's EXE folder or registered in GAC; otherwise, full path to payload DLL file have to be specified? That's just OOP guess. ); // Pointer to MonoAssembly? Console.WriteLine("{0} returned {1} (0x{2})", mono_domain_assembly_open.Name, mono_domain_assembly_open_result, mono_domain_assembly_open_result.ToString("X2")); IntPtr mono_assembly_get_image_result = mono_assembly_get_image.Execute(CallingConventions.Cdecl, mono_domain_assembly_open_result); // Pointer to MonoImage? Console.WriteLine("{0} returned {1} (0x{2})", mono_assembly_get_image.Name, mono_assembly_get_image_result, mono_assembly_get_image_result.ToString("X2")); IntPtr mono_class_from_name_result = mono_class_from_name.Execute(CallingConventions.Cdecl, mono_assembly_get_image_result, "WarmodePayload", "MainPayloadLoader"); // Pointer to MonoClass? Console.WriteLine("{0} returned {1} (0x{2})", mono_class_from_name.Name, mono_class_from_name_result, mono_class_from_name_result.ToString("X2")); IntPtr mono_class_get_method_from_name_result = mono_class_get_method_from_name.Execute(CallingConventions.Cdecl, mono_class_from_name_result, "OnMainPayloadLoad", 0); // Pointer to MonoMethod? Console.WriteLine("{0} returned {1} (0x{2})", mono_class_get_method_from_name.Name, mono_class_get_method_from_name_result, mono_class_get_method_from_name_result.ToString("X2")); IntPtr mono_runtime_invoke_result = mono_runtime_invoke.Execute(CallingConventions.Cdecl, mono_class_get_method_from_name_result, 0, IntPtr.Zero, IntPtr.Zero ); // Pointer to MonoObject? Console.WriteLine("{0} returned {1} (0x{2})", mono_runtime_invoke.Name, mono_runtime_invoke_result, mono_runtime_invoke_result.ToString("X2")); } Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("Payload has been successfully injected into: {0} (0x{1}) {2}:{3} process", p.Id, p.Id.ToString("X2"), p.MainModule.FileName, p.MainWindowTitle); Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("Press any key to exit..."); Console.ReadKey(true); }
public RemoteFunction(MemorySharp memorySharp, IntPtr address, string functionName) : base(memorySharp, address) { // Save the parameter Name = functionName; }
/// <summary> /// Initializes a new instance of the <see cref="ManagedTeb"/> class. /// </summary> /// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param> /// <param name="address">The location of the teb.</param> internal ManagedTeb(MemorySharp memorySharp, IntPtr address) : base(memorySharp, address) { }
/// <summary> /// Finds the pattern scan result from this instances data. /// </summary> /// <param name="memorySharp">The <see cref="MemorySharp" /> reference.</param> /// <param name="remoteModule">The <see cref="RemoteModule" /> the pattern is found in.</param> /// <returns></returns> public PatternScanResult Find(MemorySharp memorySharp, RemoteModule remoteModule) => remoteModule.FindPattern(this);
/// <summary> /// Initializes a new instance of the <see cref="ThreadFactory"/> class. /// </summary> /// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param> internal ThreadFactory(MemorySharp memorySharp) { // Save the parameter MemorySharp = memorySharp; }
/// <summary> /// Initializes a new instance of the <see cref="RemoteModule"/> class. /// </summary> /// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param> /// <param name="module">The native <see cref="ProcessModule"/> object corresponding to this module.</param> internal RemoteModule(MemorySharp memorySharp, ProcessModule module) : base(memorySharp, module.BaseAddress) { // Save the parameter Native = module; }
/// <summary> /// Frees the loaded dynamic-link library (DLL) module and, if necessary, decrements its reference count. /// </summary> /// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param> /// <param name="module">The module to eject.</param> internal static void InternalEject(MemorySharp memorySharp, RemoteModule module) { // Call FreeLibrary remotely memorySharp.Threads.CreateAndJoin(memorySharp["kernel32"]["FreeLibrary"].BaseAddress, module.BaseAddress); }
/// <summary> /// Initializes a new instance of the <see cref="WindowFactory"/> class. /// </summary> /// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param> internal WindowFactory(MemorySharp memorySharp) { // Save the parameter _memorySharp = memorySharp; }
/// <summary> /// Initializes a new instance of the <see cref="InjectedModule"/> class. /// </summary> /// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param> /// <param name="module">The native <see cref="ProcessModule"/> object corresponding to the injected module.</param> /// <param name="mustBeDisposed">The module will be ejected when the finalizer collects the object.</param> internal InjectedModule(MemorySharp memorySharp, ProcessModule module, bool mustBeDisposed = true) : base(memorySharp, module) { // Save the parameter MustBeDisposed = mustBeDisposed; }