private void HookTheGame(object sender, EventArgs e)
{
if (GameProcess == null)
{
try
{
// Game Process
GameProcess = new MemorySharp(ApplicationFinder.FromProcessName("Tsonic_win").First());
// If the first doesn't successfully happen this will never be hit
Invoke(new MethodInvoker(WriteGameIsHookedText));
Invoke(new MethodInvoker(DrawWindow));
Invoke(new MethodInvoker(DrawStuffTimer));
}
catch
{
Invoke(new MethodInvoker(WriteWaitingForGameText));
}
}
else if (GameProcess.IsRunning == false)
{
try
{
// Game Process
GameProcess = new MemorySharp(ApplicationFinder.FromProcessName("Tsonic_win").First());
// If the first doesn't successfully happen this will never be hit
Invoke(new MethodInvoker(WriteGameIsHookedText));
Invoke(new MethodInvoker(DrawWindow));
Invoke(new MethodInvoker(DrawStuffTimer));
}
catch
{
Invoke(new MethodInvoker(WriteWaitingForGameText));
}
}
}
/// <summary>
/// Initializes a new instance of the <see cref="MemoryFactory"/> class.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param>
internal MemoryFactory(MemorySharp memorySharp)
{
// Save the parameter
MemorySharp = memorySharp;
// Create a list containing all allocated memory
InternalRemoteAllocations = new List <RemoteAllocation>();
}
public void HookTheGame(object sender, EventArgs e)
{
if (GameProcess == null)
{
try
{
// Game Process
GameProcess = new MemorySharp(ApplicationFinder.FromProcessName("Tsonic_win").First());
// If the first doesn't successfully happen this will never be hit
HeroesHandle = WinAPIComponents.FindWindow(null, HEROES_WINDOW_NAME);
Program.xSmallMainWindow.Invoke(new MethodInvoker(WriteGameIsHookedText));
Program.xSmallMainWindow.Invoke(new MethodInvoker(DrawWindow));
}
catch
{
Program.xSmallMainWindow.Invoke(new MethodInvoker(WriteWaitingForGameText));
}
}
else if (GameProcess.IsRunning == false)
{
try
{
// Game Process
GameProcess = new MemorySharp(ApplicationFinder.FromProcessName("Tsonic_win").First());
// If the first doesn't successfully happen this will never be hit
HeroesHandle = WinAPIComponents.FindWindow(null, HEROES_WINDOW_NAME);
Program.xSmallMainWindow.Invoke(new MethodInvoker(WriteGameIsHookedText));
Program.xSmallMainWindow.Invoke(new MethodInvoker(DrawWindow));
}
catch
{
Program.xSmallMainWindow.Invoke(new MethodInvoker(WriteWaitingForGameText));
}
}
}
private void setFPS_Click(object sender, EventArgs e)
{
using (var sharp = new MemorySharp(ApplicationFinder.FromProcessName("halo5forge").FirstOrDefault()))
{
long fps;
try
{
fps = (long)Convert.ToInt32(FPSBox.Text);
}
catch (SystemException ex)
{
// this class's error string
MessageBox.Show("Invalid FPS value");
return;
}
bool fpsValid = long.TryParse(FPSBox.Text.ToString(), out fps);
if (fpsValid)
{
sharp[fpsAddress].Write <long>(1000000 / fps);
}
else
{
}
}
}
static void Main()
{
Console.WriteLine("sloobs ty fly");
Console.WriteLine("toggling fly!");
new Thread(() =>
{
while (true)
{
using (var m = new MemorySharp(ApplicationFinder.FromProcessName("TY2").First()))
{
var jumpPointer = new IntPtr(0x004465EC);
int[] offsets = { 0x3C, 0x3C, 0x238, 0x54, 0xDC, 0x4 };
jumpPointer = m[jumpPointer].Read <IntPtr>();
jumpPointer = m[jumpPointer + offsets[0], false].Read <IntPtr>();
jumpPointer = m[jumpPointer + offsets[1], false].Read <IntPtr>();
jumpPointer = m[jumpPointer + offsets[2], false].Read <IntPtr>();
jumpPointer = m[jumpPointer + offsets[3], false].Read <IntPtr>();
jumpPointer = m[jumpPointer + offsets[4], false].Read <IntPtr>();
m[jumpPointer + offsets[5], false].Write(1);
Thread.Sleep(50);
}
}
}).Start();
}
/// <summary>
/// Initializes a new instance of the <see cref="AssemblyFactory"/> class.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param>
internal AssemblyFactory(MemorySharp memorySharp)
{
// Save the parameter
MemorySharp = memorySharp;
// Create the tool
Assembler = new Fasm32Assembler();
}
public void LockProcess()
{
ProcessSharp = null;
bool lockingInProgress = true;
while (lockingInProgress)
{
Process[] processes = Process.GetProcesses();
bgw.ReportProgress(0, $"Ensure an executable with \"{ProcessSearchTerm}\" in its name is running.");
for (int i = 0; i < processes.Length; i++)
{
if (!processes[i].ProcessName.ToLower().Contains(ProcessSearchTerm.ToLower()))
{
continue;
}
if (processes[i] == null)
{
continue;
}
try { ProcessSharp = new MemorySharp(processes[i]); } catch { continue; }
ProcessSharp.Threads.SuspendAll();
InfoNotice(this, new NotificationEventArgs($"Found and locked on to \"{ProcessSharp.Native.ProcessName}\""));
lockingInProgress = false;
break;
}
}
}
private void setFov_Click(object sender, EventArgs e)
{
using (var sharp = new MemorySharp(ApplicationFinder.FromProcessName("halo5forge").FirstOrDefault()))
{
float fov;
try
{
fov = (float)Convert.ToDouble(fovBox.Text);
}
catch (SystemException ex)
{
// this class's error string
MessageBox.Show("Invalid FOV value");
return;
}
bool fovValid = float.TryParse(fovBox.Text.ToString(), out fov);
if (fovValid)
{
sharp[fovAddress].Write <float>(fov);
}
else
{
}
}
}
private static T Read <T>(this MemorySharp _mem, bool isRelative = false, params IntPtr[] addresses)
{
if (addresses.Length == 0)
{
throw new InvalidOperationException("Cannot read a value from unspecified addresses.");
}
if (addresses.Length == 1)
{
return(_mem.Read <T>(addresses[0], isRelative));
}
var temp = _mem.Read <IntPtr>(addresses[0], isRelative);
if (temp == IntPtr.Zero)
{
throw new InvalidOperationException("First addresses returned 0");
}
for (var i = 1; i < addresses.Length - 1; i++)
{
temp = _mem.Read <IntPtr>(temp + (int)addresses[i], isRelative);
}
return(_mem.Read <T>(temp + (int)addresses[addresses.Length - 1], isRelative));
}
/// <summary>
/// Initializes a new instance of the <see cref="ModuleFactory"/> class.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="MemoryManagement.MemorySharp"/> object.</param>
internal ModuleFactory(MemorySharp memorySharp)
{
// Save the parameter
MemorySharp = memorySharp;
// Create a list containing all injected modules
InternalInjectedModules = new List <InjectedModule>();
}
public static void OnLoad()
{
var processes = Process.GetProcessesByName("csgo");
while (processes.Length == 0)
{
Console.WriteLine(@"Waiting for csgo to start");
if (processes.Length == 1)
{
break;
}
}
while (ClientDll == null || EngineDll == null)
{
var sharp = new MemorySharp(processes[0]);
ClientDll = sharp.Modules.RemoteModules.FirstOrDefault(f => f.Name == "client.dll");
EngineDll = sharp.Modules.RemoteModules.FirstOrDefault(f => f.Name == "engine.dll");
}
Entities = new EntitesModule();
LocalPlayer = new PlayerModule();
Crosshair = new CrosshairModule();
Memory = new MemorySharp(processes[0]);
}
/// <summary>
/// Initializes a new instance of the <see cref="RemoteAllocation" /> class.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="MemorySharp" /> object.</param>
/// <param name="size">The size of the allocated memory.</param>
/// <param name="protection">The protection of the allocated memory.</param>
/// <param name="mustBeDisposed">The allocated memory will be released when the finalizer collects the object.</param>
internal RemoteAllocation(MemorySharp memorySharp, int size, MemoryProtectionFlags protection = MemoryProtectionFlags.ExecuteReadWrite, bool mustBeDisposed = true)
: base(memorySharp, MemoryCore.Allocate(memorySharp.Handle, size, protection))
{
// Set local vars
MustBeDisposed = mustBeDisposed;
IsDisposed = false;
}
public object GetValueFromPtr(MemorySharp m, IntPtr adr)
{
string result = "ERROR";
try
{
if (retHEX.Checked)
{
result = "0x" + m.Read <int>(adr, false).ToString("X4");
}
if (retINT.Checked)
{
result = m.Read <int>(adr, false).ToString();
}
if (retUINT.Checked)
{
result = m.Read <uint>(adr, false).ToString();
}
if (retFLOAT.Checked)
{
result = m.Read <float>(adr, false).ToString();
}
if (retSTRING.Checked)
{
result = m.ReadString(adr, false);
}
}
catch { }
return(result);
}
/// <summary>
/// Initializes a new instance of the <see cref="ModuleFactory" /> class.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="MemoryManagement.MemorySharp" /> object.</param>
internal ModuleFactory(MemorySharp memorySharp)
{
// Save the parameter
MemorySharp = memorySharp;
// Create a list containing all injected modules
InternalInjectedModules = new List<InjectedModule>();
}
private void ProcessCheckThread(object sender)
{
while (_process == null)
{
Process[] foundProcesses = Process.GetProcessesByName(Modules.MEGU);
if (foundProcesses.Length > 0)
{
Process foundProcess = foundProcesses[0];
ProcessModule module = foundProcess.Modules.Cast <ProcessModule>().FirstOrDefault(x => x.ModuleName == Modules.GCORE_DLL);
if (module != null)
{
_process = foundProcess;
_moduleGCore = module.BaseAddress;
_memory = new MemorySharp(_process.Id);
// Init memory watch thread
_memoryWatchThread = new Thread(new ParameterizedThreadStart(MemoryWatchThread));
_memoryWatchThread.Start();
// Show overlay UI
//_overlayForm.Invoke(new Action(() => _overlayForm.BindOverlayToGameProcess(_process)));
// Update process status to subscribers
UpdateProcessStatus(true);
}
}
Thread.Sleep(100);
}
}
/// <summary>
/// Initializes a new instance of the <see cref="MemoryFactory" /> class.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="MemorySharp" /> object.</param>
internal MemoryFactory(MemorySharp memorySharp)
{
// Save the parameter
MemorySharp = memorySharp;
// Create a list containing all allocated memory
InternalRemoteAllocations = new List<RemoteAllocation>();
}
private void WatchProcess()
{
while (true)
{
var procs = Process.GetProcessesByName("RobloxPlayerBeta");
if (procs.Length > 0 && procs.First().Id != CurrentPID)
{
Roblox = procs.First();
CurrentPID = Roblox.Id;
Thread.Sleep(2000); // Delay
Sharp = new MemorySharp(Roblox);
SigScanSharp Sigscan = new SigScanSharp(Roblox.Handle);
Sigscan.SelectModule(Roblox.MainModule);
IntPtr GetTaskscheduler = traceRelativeCall(Roblox.Handle, Sigscan.FindPattern("E8 ? ? ? ? 8A 4D 08 83 C0 04"));
Taskscheduler = new RemotePointer(Sharp, GetTaskscheduler).Execute <IntPtr>();
DelayOffset = FindTaskSchedulerFrameDelayOffset(Roblox.Handle, Taskscheduler);
WriteMemory <double>(Roblox.Handle, Taskscheduler + DelayOffset, CurrentFps);
}
Thread.Sleep(500);
}
}
/// <summary>
/// Initializes a new instance of the <see cref="RemoteAllocation"/> class.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param>
/// <param name="size">The size of the allocated memory.</param>
/// <param name="protection">The protection of the allocated memory.</param>
/// <param name="mustBeDisposed">The allocated memory will be released when the finalizer collects the object.</param>
internal RemoteAllocation(MemorySharp memorySharp, int size, MemoryProtectionFlags protection = MemoryProtectionFlags.ExecuteReadWrite,
bool mustBeDisposed = true)
: base(memorySharp, MemoryCore.Allocate(memorySharp.Handle, size, protection))
{
// Set local vars
MustBeDisposed = mustBeDisposed;
IsDisposed = false;
}
/// <summary>
/// Initializes a new instance of the <see cref="MarshalledValue{T}"/> class.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param>
/// <param name="value">The value to marshal.</param>
public MarshalledValue(MemorySharp memorySharp, T value)
{
// Save the parameters
MemorySharp = memorySharp;
Value = value;
// Marshal the value
Marshal();
}
public static void SetAspectRatio(float aspectratio)
{
using (var m = new MemorySharp(getProcess()))
{
var fovPtr = new IntPtr(0x332FC18);
m[fovPtr].Write <float>(aspectratio);
}
}
internal static void Detach()
{
MemorySharp?.Dispose();
MemorySharp = null;
ProcessExited?.Invoke();
OffsetScanner.Reset();
}
private void readCurrentValues()
{
using (var sharp = new MemorySharp(ApplicationFinder.FromProcessName("halo5forge").FirstOrDefault()))
{
fovBox.Text = Convert.ToString(sharp[fovAddress].Read <float>());
FPSBox.Text = Convert.ToString(1000000 / sharp[fpsAddress].Read <long>());
}
}
public static void SetResolutionWidth(int width)
{
using (var m = new MemorySharp(getProcess()))
{
var resHeightPtr = new IntPtr(0x4E97F60);
m[resHeightPtr].Write <int>(width);
}
}
public static void SetFOV(float fov)
{
using (var m = new MemorySharp(getProcess()))
{
var fovPtr = new IntPtr(0x58ECF90);
m[fovPtr].Write <float>(fov);
}
}
public static int GetFOV()
{
using (var m = new MemorySharp(getProcess()))
{
var fovPtr = new IntPtr(0x58ECF90);
return(Convert.ToInt16(m[fovPtr].Read <float>()));
}
}
private void InitializeGameInMemory()
{
Process[] processes = Process.GetProcessesByName(Constants.GAME_PROCESSNAME);
if (processes.Count() > 0)
{
this.gameMemory = new MemorySharp(processes[0]);
}
}
public static int GetResolutionWidth()
{
using (var m = new MemorySharp(getProcess()))
{
var resWidthPtr = new IntPtr(0x4E97F60);
return(Convert.ToInt16(m[resWidthPtr].Read <int>()));
}
}
private void button1_Click(object sender, EventArgs e)
{
if (!File.Exists(config.ClientDirectory))
{
GetOps(config);
}
var server = config.Servers.Find(i => i.ServerName == comboBox1.Text);
if (server == null)
{
MessageBox.Show("Error, Check config.");
return;
}
STARTUPINFO si = new STARTUPINFO();
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
bool success = NativeMethods.CreateProcess(config.ClientDirectory, null,
IntPtr.Zero, IntPtr.Zero, false,
ProcessCreationFlags.CREATE_SUSPENDED,
IntPtr.Zero, null, ref si, out pi);
MemorySharp memory;
try
{
memory = new MemorySharp((int)pi.dwProcessId);
}
catch
{
MessageBox.Show("This application needs to run as admin.");
return;
}
var payload = new byte[7];
var segments = server.IPAddress.Split('.');
if (server.ClientVersion == 718 && segments.Length == 4)
{
payload[0] = Convert.ToByte(segments[3]);
payload[1] = 0x6A;
payload[2] = Convert.ToByte(segments[2]);
payload[3] = 0x6A;
payload[4] = Convert.ToByte(segments[1]);
payload[5] = 0x6A;
payload[6] = Convert.ToByte(segments[0]);
memory.Write((IntPtr)(0x400000 + server.HookTable), payload, false);
memory.Write((IntPtr)(0x400000 + server.PatchTable), payload, false);
//kill
memory.Write((IntPtr)(0x400000 + server.SplashPtr), 0x87, false);
}
IntPtr ThreadHandle = pi.hThread;
NativeMethods.ResumeThread(ThreadHandle);
}
public MainWindow()
{
InitializeComponent();
try
{
_process = new MemorySharp(System.Diagnostics.Process.GetProcessesByName("csgo").FirstOrDefault());
}
catch (Exception e)
{
MessageBox.Show($"CS:GO is not running, please start CS:GO before attempting to run this program.\n\n {e}",
"CS:GO not running!", MessageBoxButton.OK, MessageBoxImage.Exclamation);
Environment.Exit(1);
}
_player = new Player(_process);
_entity = new Entity(_process);
var entities = Entity.AllEntities(_process);
var count = 0;
foreach (var entity in entities)
{
var distanceToPlayer = General.GetDistanceToEnemyFromPlayer(_player.Position, entity.Position);
lbxEntity.Items.Add($"({count})Entity Address: 0x{entity.EntityAddr:X8}, Distance: {distanceToPlayer:.##}m");
count++;
}
/*
* TEST STUFF
*/
/*var entityList = new List<Entity>();
*
* for (var i = 0; i < 32; i++)
* {
* try
* {
* _entity.SingleEntity(i);
*
* if (_entity.EntityAddr != 0)
* entityList.Add(_entity);
*
* }
* catch (Exception)
* {
*
* }
* }
*
* foreach (var entity in entityList)
* {
* lbxEntity.Items.Add(entity.Name + $" {entity.RadarNameAddress:X8}");
* }*/
}
/// <summary>
/// Initializes a new instance of the <see cref="AssemblyTransaction"/> class.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param>
/// <param name="address">The address where the assembly code is injected.</param>
/// <param name="autoExecute">Indicates whether the assembly code is executed once the object is disposed.</param>
public AssemblyTransaction(MemorySharp memorySharp, IntPtr address, bool autoExecute)
{
// Save the parameters
MemorySharp = memorySharp;
IsAutoExecuted = autoExecute;
Address = address;
// Initialize the string builder
Mnemonics = new StringBuilder();
}
#pragma warning restore AsyncFixer01 // Unnecessary async/await usage
private static byte[] ReadSessionKeyFromProcessMemory(string processId)
{
using (MemorySharp memorySharpProvider = new MemorySharp(Int32.Parse(processId)))
{
IntPtr sub_6B0970Result = memorySharpProvider.Read <IntPtr>((IntPtr)0x00C79CF4, false);
IntPtr sessionKeyAddress = sub_6B0970Result + 0x508;
return(memorySharpProvider.Read <byte>(sessionKeyAddress, 40, false));
}
}
/// <summary>
/// Initializes a new instance of the <see cref="RemoteWindow"/> class.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="Library.MemorySharp.MemorySharp"/> object.</param>
/// <param name="handle">The handle of a window.</param>
internal RemoteWindow(MemorySharp memorySharp, IntPtr handle)
{
// Save the parameters
MemorySharp = memorySharp;
Handle = handle;
// Create the tools
Keyboard = new MessageKeyboard(this);
Mouse = new SendInputMouse(this);
}
/// <summary>
/// Injects the specified module into the address space of the remote process.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param>
/// <param name="path">The path of the module. This can be either a library module (a .dll file) or an executable module (an .exe file).</param>
/// <returns>A new instance of the <see cref="InjectedModule"/>class.</returns>
internal static InjectedModule InternalInject(MemorySharp memorySharp, string path)
{
// Call LoadLibraryA remotely
var thread = memorySharp.Threads.CreateAndJoin(memorySharp["kernel32"]["LoadLibraryA"].BaseAddress, path);
// Get the inject module
if (thread.GetExitCode<IntPtr>() != IntPtr.Zero)
return new InjectedModule(memorySharp, memorySharp.Modules.NativeModules.First(m => m.BaseAddress == thread.GetExitCode<IntPtr>()));
return null;
}
/// <summary>
/// Initializes a new instance of the <see cref="AssemblyTransaction"/> class.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param>
/// <param name="address">The address where the assembly code is injected.</param>
/// <param name="autoExecute">Indicates whether the assembly code is executed once the object is disposed.</param>
public AssemblyTransaction(MemorySharp memorySharp, IntPtr address, bool autoExecute)
{
// Save the parameters
MemorySharp = memorySharp;
IsAutoExecuted = autoExecute;
Address = address;
// Initialize the string builder
Instructions = new List<string>();
}
/// <summary>
/// Initializes a new instance of the <see cref="ModuleFactory"/> class.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="MemoryManagement.MemorySharp"/> object.</param>
internal ModuleFactory(MemorySharp memorySharp)
{
// Save the parameter
MemorySharp = memorySharp;
// Create a list containing all injected modules
InternalInjectedModules = new List<InjectedModule>();
// Save a reference of the main module (the main module is required for a lot of operations, cached for speed reasons)
MainModule = FetchModule(MemorySharp.Native.MainModule);
}
/// <summary>
/// Initializes a new instance of the <see cref="MemoryProtection" /> class.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="MemorySharp" /> object.</param>
/// <param name="baseAddress">The base address of the memory to change the protection.</param>
/// <param name="size">The size of the memory to change.</param>
/// <param name="protection">The new protection to apply.</param>
/// <param name="mustBeDisposed">The resource will be automatically disposed when the finalizer collects the object.</param>
public MemoryProtection(MemorySharp memorySharp, IntPtr baseAddress, int size, MemoryProtectionFlags protection = MemoryProtectionFlags.ExecuteReadWrite, bool mustBeDisposed = true)
{
// Save the parameters
_memorySharp = memorySharp;
BaseAddress = baseAddress;
NewProtection = protection;
Size = size;
MustBeDisposed = mustBeDisposed;
// Change the memory protection
OldProtection = MemoryCore.ChangeProtection(_memorySharp.Handle, baseAddress, size, protection);
}
private void button2_Click(object sender, EventArgs e)
{
//Max Level
using (var m = new MemorySharp(ApplicationFinder.FromProcessName(gameName).FirstOrDefault()))
{
var levelPtr = new IntPtr(0x01CAC924);
int[] offsets = { 0x324, 0x38 };
levelPtr = m[levelPtr].Read<IntPtr>();
levelPtr = m[levelPtr + offsets[0], false].Read<IntPtr>();
m[levelPtr + offsets[1], false].Write<int>(15);
}
}
private void button1_Click(object sender, EventArgs e)
{
//Max Money
using (var m = new MemorySharp(ApplicationFinder.FromProcessName(gameName).FirstOrDefault()))
{
var moneyPtr = new IntPtr(0x01B71110);
int[] offsets = { 0x0, 0x14, 0x14, 0x218 };
moneyPtr = m[moneyPtr].Read<IntPtr>();
moneyPtr = m[moneyPtr + offsets[0], false].Read<IntPtr>();
moneyPtr = m[moneyPtr + offsets[1], false].Read<IntPtr>();
moneyPtr = m[moneyPtr + offsets[2], false].Read<IntPtr>();
m[moneyPtr + offsets[3], false].Write<int>(999999999);
}
}
public void Equality()
{
// Arrange
var notepad = Resources.MemorySharp;
var own = new MemorySharp(Resources.ProcessSelf);
// Act
var ptr1 = notepad[IntPtr.Zero];
var ptr2 = notepad[IntPtr.Zero];
var ptr3 = own[IntPtr.Zero];
// Assert
Assert.AreEqual(ptr1, ptr2, "IEquatable is not properly implemented.");
Assert.AreNotEqual(ptr2, ptr3, "IEquatable is not properly implemented.");
}
public void Equals()
{
// Arrange
var remote = Resources.MemorySharp;
var own = new MemorySharp(Resources.ProcessSelf);
// Act
var module1 = remote["kernel32"];
var module2 = remote["kernel32"];
var module3 = own["kernel32"];
// Assert
Assert.AreEqual(module1, module2);
Assert.AreNotEqual(module1, module3);
}
/// <summary>
/// Main window constructor
/// </summary>
public MainWindow()
{
InitializeComponent();
instance = this;
Process[] processes = Process.GetProcessesByName("StarCraft");
if (processes.Length > 0)
{
sharp = new MemorySharp(processes[0]);
UnitsController = new ItemController<Unit>(Units, unitTab, unitList);
SpritesController = new ItemController<Sprite>(Sprites, spriteTab, spriteList);
ImagesController = new ItemController<Image>(Images, imageTab, imageList);
ExtraImagesController = new ItemController<Image>(ExtraImages, extraImageTab, extraImageList);
HPImagesController = new ItemController<Image>(HPImages, hpImageTab, hpImageList);
}
}
/* Sets the games current money to max money. */
public static void SetMaxMoney(int money)
{
try
{
using (var m = new MemorySharp(getProcess()))
{
var moneyPtr = new IntPtr(0x01B71110);
int[] offsets = { 0x0, 0x14, 0x14, 0x218 };
moneyPtr = m[moneyPtr].Read<IntPtr>();
moneyPtr = m[moneyPtr + offsets[0], false].Read<IntPtr>();
moneyPtr = m[moneyPtr + offsets[1], false].Read<IntPtr>();
moneyPtr = m[moneyPtr + offsets[2], false].Read<IntPtr>();
m[moneyPtr + offsets[3], false].Write<int>(money);
}
}
catch (Win32Exception)
{
MessageBox.Show("An error occurred while writing to memory. This is most likely caused by not being in game when writing to memory.", "The Stick of Cheat", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
//const string WebMonoDll = "mono-1-vc.dll";
static void GetMonoRemoteFunctions(MemorySharp memorySharp, out RemoteFunction mono_get_root_domain, out RemoteFunction mono_thread_attach, out RemoteFunction mono_security_set_mode, out RemoteFunction mono_domain_get, out RemoteFunction mono_domain_assembly_open, out RemoteFunction mono_assembly_get_image, out RemoteFunction mono_class_from_name, out RemoteFunction mono_class_get_method_from_name, out RemoteFunction mono_runtime_invoke)
{
Console.ForegroundColor = ConsoleColor.White;
mono_get_root_domain = memorySharp[DesktopMonoDll].FindFunction("mono_get_root_domain"); // Returns MonoDomain.
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Function \"{0}\" found at 0x{1} address", mono_get_root_domain.Name, mono_get_root_domain.BaseAddress.ToString("X2"));
Console.ForegroundColor = ConsoleColor.White;
mono_thread_attach = memorySharp[DesktopMonoDll].FindFunction("mono_thread_attach"); // Returns MonoThread.
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Function \"{0}\" found at 0x{1} address", mono_thread_attach.Name, mono_thread_attach.BaseAddress.ToString("X2"));
Console.ForegroundColor = ConsoleColor.White;
mono_security_set_mode = memorySharp[DesktopMonoDll].FindFunction("mono_security_set_mode"); // Returns void.
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Function \"{0}\" found at 0x{1} address", mono_security_set_mode.Name, mono_security_set_mode.BaseAddress.ToString("X2"));
Console.ForegroundColor = ConsoleColor.White;
mono_domain_get = memorySharp[DesktopMonoDll].FindFunction("mono_domain_get"); // Returns MonoDomain.
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Function \"{0}\" found at 0x{1} address", mono_domain_get.Name, mono_domain_get.BaseAddress.ToString("X2"));
Console.ForegroundColor = ConsoleColor.White;
mono_domain_assembly_open = memorySharp[DesktopMonoDll].FindFunction("mono_domain_assembly_open"); // Returns MonoAssembly.
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Function \"{0}\" found at 0x{1} address", mono_domain_assembly_open.Name, mono_domain_assembly_open.BaseAddress.ToString("X2"));
Console.ForegroundColor = ConsoleColor.White;
mono_assembly_get_image = memorySharp[DesktopMonoDll].FindFunction("mono_assembly_get_image"); // Returns MonoImage.
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Function \"{0}\" found at 0x{1} address", mono_assembly_get_image.Name, mono_assembly_get_image.BaseAddress.ToString("X2"));
Console.ForegroundColor = ConsoleColor.White;
mono_class_from_name = memorySharp[DesktopMonoDll].FindFunction("mono_class_from_name"); // Returns MonoClass.
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Function \"{0}\" found at 0x{1} address", mono_class_from_name.Name, mono_class_from_name.BaseAddress.ToString("X2"));
Console.ForegroundColor = ConsoleColor.White;
mono_class_get_method_from_name = memorySharp[DesktopMonoDll].FindFunction("mono_class_get_method_from_name"); // Returns MonoMethod.
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Function \"{0}\" found at 0x{1} address", mono_class_get_method_from_name.Name, mono_class_get_method_from_name.BaseAddress.ToString("X2"));
Console.ForegroundColor = ConsoleColor.White;
mono_runtime_invoke = memorySharp[DesktopMonoDll].FindFunction("mono_runtime_invoke"); // Returns MonoObject.
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Function \"{0}\" found at 0x{1} address", mono_runtime_invoke.Name, mono_runtime_invoke.BaseAddress.ToString("X2"));
Console.ForegroundColor = ConsoleColor.White;
}
static void Main()
{
Console.Clear();
Console.Title = ".NET Mono Injector for Unity games by UnityInjector Team";
Console.BackgroundColor = ConsoleColor.Black;
Console.ForegroundColor = ConsoleColor.White;
Console.Write("Waiting for {0}.exe process to start", TargetProcessName);
Console.ForegroundColor = ConsoleColor.DarkGray;
Process p;
while (true)
{
try
{
// Using "dumb" and fixed target process name, keeping it very very simple and straightforward just for now.
// Start the game first, wait for loading to complete and then start UnityInjector 2 to avoid injector crash. We don't like to sleep here :zzzZZzzZZZzZzzZz
p = Process.GetProcessesByName(TargetProcessName)[0];
break;
}
catch
{
Console.Write(".");
}
}
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("{0}{1} process was found", Environment.NewLine, p.MainModule.FileName);
Console.ForegroundColor = ConsoleColor.White;
using (MemorySharp m = new MemorySharp(p.Id))
{
/* Using THE following PLAN:
mono_thread_attach(mono_get_root_domain());
mono_security_set_mode(0);
mono_runtime_invoke(
mono_class_get_method_from_name(
mono_class_from_name(
mono_assembly_get_image(
mono_domain_assembly_open(
mono_domain_get(),
"full_path_to_payload_file.dll"
)
),
"namespace",
"class"
),
"method",
0
),
0,
0,
0
);
*/
// NOTE: int mono_security_get_mode() function is no longer exported (after security gets nulled, it can't be restored back).
RemoteFunction mono_get_root_domain;
RemoteFunction mono_thread_attach;
RemoteFunction mono_security_set_mode;
RemoteFunction mono_domain_get;
RemoteFunction mono_domain_assembly_open;
RemoteFunction mono_assembly_get_image;
RemoteFunction mono_class_from_name;
RemoteFunction mono_class_get_method_from_name;
RemoteFunction mono_runtime_invoke;
GetMonoRemoteFunctions(m, out mono_get_root_domain, out mono_thread_attach, out mono_security_set_mode, out mono_domain_get, out mono_domain_assembly_open, out mono_assembly_get_image, out mono_class_from_name, out mono_class_get_method_from_name, out mono_runtime_invoke);
// Above code runs fine. From this point everything gets dirty, running/executing functions in order as the plan stated above :P
AttachToMainThread(mono_get_root_domain, mono_thread_attach);
NullMonoSecurity(mono_security_set_mode);
Console.ForegroundColor = ConsoleColor.Cyan;
Console.WriteLine("Injecting a payload...");
Console.ForegroundColor = ConsoleColor.White;
// We need to use generic RemotePointer.Execute<T> function instead of RemotePointer.Execute, where T is a return type of each mono function but its .NET representation (which are missing, that is an issue which has arrived)...
// Above is a list of functions and their return types on unmanaged side. We need their .NET representation or C++/CLI wrapper... Help will be appreciated.
IntPtr mono_domain_get_result = mono_domain_get.Execute(CallingConventions.Cdecl); // Pointer to MonoDomain? There is no MonoDomain in C# Mono (perhaps it is AppDomain?).
// Imagination of the code if there was .NET representation for unmanaged types like, MonoDomain which is returned by mono_domain_get function:
// MonoDomain mono_domain_get_return = mono_domain_get.Execute<MonoDomain>();
Console.WriteLine("{0} returned {1} (0x{2})", mono_domain_get.Name, mono_domain_get_result, mono_domain_get_result.ToString("X2"));
IntPtr mono_domain_assembly_open_result = mono_domain_assembly_open.Execute(CallingConventions.Cdecl,
mono_domain_get_result,
@"C:\Users\User\Documents\Visual Studio 2015\Projects\UnityInjector2\UnityInjector2\References\WarmodePayload.dll" // Update full path on your computer to match macro: @"$(SolutionDir)$(SolutionName)\References\WarmodePayload.dll"
//"WarmodePayload.dll" // Only DLL filename can be used if payload DLL is inside the game's EXE folder or registered in GAC; otherwise, full path to payload DLL file have to be specified? That's just OOP guess.
); // Pointer to MonoAssembly?
Console.WriteLine("{0} returned {1} (0x{2})", mono_domain_assembly_open.Name, mono_domain_assembly_open_result, mono_domain_assembly_open_result.ToString("X2"));
IntPtr mono_assembly_get_image_result = mono_assembly_get_image.Execute(CallingConventions.Cdecl, mono_domain_assembly_open_result); // Pointer to MonoImage?
Console.WriteLine("{0} returned {1} (0x{2})", mono_assembly_get_image.Name, mono_assembly_get_image_result, mono_assembly_get_image_result.ToString("X2"));
IntPtr mono_class_from_name_result = mono_class_from_name.Execute(CallingConventions.Cdecl, mono_assembly_get_image_result, "WarmodePayload", "MainPayloadLoader"); // Pointer to MonoClass?
Console.WriteLine("{0} returned {1} (0x{2})", mono_class_from_name.Name, mono_class_from_name_result, mono_class_from_name_result.ToString("X2"));
IntPtr mono_class_get_method_from_name_result = mono_class_get_method_from_name.Execute(CallingConventions.Cdecl, mono_class_from_name_result, "OnMainPayloadLoad", 0); // Pointer to MonoMethod?
Console.WriteLine("{0} returned {1} (0x{2})", mono_class_get_method_from_name.Name, mono_class_get_method_from_name_result, mono_class_get_method_from_name_result.ToString("X2"));
IntPtr mono_runtime_invoke_result = mono_runtime_invoke.Execute(CallingConventions.Cdecl,
mono_class_get_method_from_name_result,
0,
IntPtr.Zero,
IntPtr.Zero
); // Pointer to MonoObject?
Console.WriteLine("{0} returned {1} (0x{2})", mono_runtime_invoke.Name, mono_runtime_invoke_result, mono_runtime_invoke_result.ToString("X2"));
}
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Payload has been successfully injected into: {0} (0x{1}) {2}:{3} process", p.Id, p.Id.ToString("X2"), p.MainModule.FileName, p.MainWindowTitle);
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Press any key to exit...");
Console.ReadKey(true);
}
public RemoteFunction(MemorySharp memorySharp, IntPtr address, string functionName) : base(memorySharp, address)
{
// Save the parameter
Name = functionName;
}
/// <summary>
/// Initializes a new instance of the <see cref="ManagedTeb"/> class.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param>
/// <param name="address">The location of the teb.</param>
internal ManagedTeb(MemorySharp memorySharp, IntPtr address)
: base(memorySharp, address)
{
}
/// <summary>
/// Finds the pattern scan result from this instances data.
/// </summary>
/// <param name="memorySharp">The <see cref="MemorySharp" /> reference.</param>
/// <param name="remoteModule">The <see cref="RemoteModule" /> the pattern is found in.</param>
/// <returns></returns>
public PatternScanResult Find(MemorySharp memorySharp, RemoteModule remoteModule)
=> remoteModule.FindPattern(this);
/// <summary>
/// Initializes a new instance of the <see cref="ThreadFactory"/> class.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param>
internal ThreadFactory(MemorySharp memorySharp)
{
// Save the parameter
MemorySharp = memorySharp;
}
/// <summary>
/// Initializes a new instance of the <see cref="RemoteModule"/> class.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param>
/// <param name="module">The native <see cref="ProcessModule"/> object corresponding to this module.</param>
internal RemoteModule(MemorySharp memorySharp, ProcessModule module)
: base(memorySharp, module.BaseAddress)
{
// Save the parameter
Native = module;
}
/// <summary>
/// Frees the loaded dynamic-link library (DLL) module and, if necessary, decrements its reference count.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param>
/// <param name="module">The module to eject.</param>
internal static void InternalEject(MemorySharp memorySharp, RemoteModule module)
{
// Call FreeLibrary remotely
memorySharp.Threads.CreateAndJoin(memorySharp["kernel32"]["FreeLibrary"].BaseAddress, module.BaseAddress);
}
/// <summary>
/// Initializes a new instance of the <see cref="WindowFactory"/> class.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param>
internal WindowFactory(MemorySharp memorySharp)
{
// Save the parameter
_memorySharp = memorySharp;
}
/// <summary>
/// Initializes a new instance of the <see cref="InjectedModule"/> class.
/// </summary>
/// <param name="memorySharp">The reference of the <see cref="MemorySharp"/> object.</param>
/// <param name="module">The native <see cref="ProcessModule"/> object corresponding to the injected module.</param>
/// <param name="mustBeDisposed">The module will be ejected when the finalizer collects the object.</param>
internal InjectedModule(MemorySharp memorySharp, ProcessModule module, bool mustBeDisposed = true)
: base(memorySharp, module)
{
// Save the parameter
MustBeDisposed = mustBeDisposed;
}
