private static Diag::ProcessModule GetNotepadModule(Log log, out ProcessMemory m) { const string TARGET = "notepad.exe"; m = new mwg.InterProcess.ProcessMemory(TARGET); if (!m.Available) { log.WriteLine("!現在 notepad.exe が利用出来ません。起動しているかどうか確認して下さい。"); return(null); } Diag::ProcessModule mod = null; foreach (Diag::ProcessModule mod2 in m.Process.Modules) { //log.Lock(); //try{dumpModuleHeader(log,m,mod2);} //finally{log.Unlock();} if (mod2.ModuleName.ToString() != TARGET) { continue; } mod = mod2; break; } if (mod == null) { log.WriteLine("!プロセス notepad.exe 内にモジュール 'notepad.exe' が見つかりませんでした。"); return(null); } return(mod); }
public static void SetGivenAmmunition(ProcessMemory processMemory, Weapon weapon, int quantity) { int baseAddress = 0x004DA7F4; byte[] ammoByte = BitConverter.GetBytes(quantity); int offset = default; switch (weapon) { case Weapon.Beretta92F: offset = 0x4C; break; case Weapon.Beretta92F_Silenced: offset = 0x80; break; case Weapon.Heckler_KochMP5: offset = 0xE8; break; case Weapon.SPAS12: offset = 0x150; break; case Weapon.Uzi: offset = 0xB4; break; case Weapon.MAC11: offset = 0x1B8; break; case Weapon.M16: offset = 0x11C; break; case Weapon.M79_Grenade_Launcher: offset = 0x184; break; } long newAddrress = processMemory.BaseToLong() + baseAddress; if (offset > 0) { processMemory.Write(newAddrress, ammoByte, new int[] { offset }); } }
public static float GetHealth(ProcessMemory processMemory) { long baseAddress = processMemory.BaseToLong() + BaseAddress; float health = processMemory.Read(baseAddress, offsetsHealth); return(health * 100); }
public static void ExplosionDamage(ProcessMemory processMemory, bool enabled) { int instructionCounter = 3; long[] explosionDamageAddress = { 0xECE52, 0xEC7F3, 0xEC805 }; byte?[,] assemblyOriginalInstructions = { { 0xD9, 0x5E, 0x24, null }, { 0xD9, 0x56, 0x24, null }, { 0xC7, 0x46, 0x24, 0 } }; byte?[,] assemblyModifiedInstructions = { { nop, nop, nop, null, null, null, null }, { nop, nop, nop, null, null, null, null }, { nop, nop, nop, nop, nop, nop, nop } }; while (instructionCounter-- > 0) { explosionDamageAddress[instructionCounter] += processMemory.BaseToLong(); byte[] assemblyInstruction = enabled ? GetByteArray(assemblyOriginalInstructions, instructionCounter) : GetByteArray(assemblyModifiedInstructions, instructionCounter); processMemory.Write((int)explosionDamageAddress[instructionCounter], assemblyInstruction, (uint)assemblyInstruction.Length); } }
static void Main(string[] args) { Mem = new ProcessMemory("csgo"); if (Mem.CheckProcess()) { Mem.StartProcess(); } Thread Updater = new Thread(Read.Start); Updater.Start(); Thread Bunny = new Thread(BunnyHop.Start); Bunny.Start(); Thread Glow = new Thread(Visuals.startGlow); Glow.Start(); Thread Trigger = new Thread(TriggerBot.Start); Trigger.Start(); }
public WinningPlayerData(IntPtr baseAddr, ProcessMemory MemInstance, GameOffsets CurrentOffsets) { unsafe { var baseAddrCopy = baseAddr; int last = MemInstance.OffsetAddress(ref baseAddrCopy, 0, 0); int size = ((int)Math.Ceiling((decimal)((8 + CurrentOffsets.WinningPlayerDataStructOffsets.IsDeadOffset) / 8))) * 8; //Find the nearest multiple of 8 byte[] buffer = MemInstance.Read(baseAddrCopy + last, size); PlayerOutfitStructOffsets oOf = CurrentOffsets.PlayerOutfitStructOffsets; WinningPlayerDataStructOffsets pOf = CurrentOffsets.WinningPlayerDataStructOffsets; fixed(byte *ptr = buffer) { var buffptr = (IntPtr)ptr; Name = MemInstance.ReadString(MemInstance.Read <IntPtr>(baseAddrCopy, oOf.PlayerNameOffset), CurrentOffsets.StringOffsets[0], CurrentOffsets.StringOffsets[1]); ColorId = (int)Marshal.ReadInt32(buffptr, oOf.ColorIDOffset); // TODO: Since IDs are changed from enum to string like "hat_police", renaming or mapping existing svgs to string is required // TODO: As a workaround just fill with 0 as IDs HatId = 0; PetId = 0; SkinId = 0; IsImpostor = Marshal.ReadByte(buffptr, pOf.IsImposterOffset) == 1; IsDead = Marshal.ReadByte(buffptr, pOf.IsDeadOffset) > 0; IsYou = Marshal.ReadByte(buffptr, pOf.IsYouOffset) == 1; } } }
public void Patching() { var processMemory = ProcessMemory.Get(); SaveData = processMemory.ReadBytes(Address, Data.Length); processMemory.WriteBytes(Address, Data); }
public static string ReadValidString(this ProcessMemory pm, IntPtr pOffset, uint pSize, params long[] offsets) { string raw = pm.ReadStringUnicode(pOffset, pSize, offsets); string utf8 = Encoding.ASCII.GetString( Encoding.Convert( Encoding.UTF8, Encoding.GetEncoding( Encoding.ASCII.EncodingName, new EncoderReplacementFallback(string.Empty), new DecoderExceptionFallback()), Encoding.UTF8.GetBytes(raw) ) ); int escapeIndex = utf8.IndexOf("\u0000"); if (escapeIndex > -1) { utf8 = utf8.Remove(escapeIndex); } if (utf8.Length == 0) { return(raw); } return(utf8); }
public void ReadProcessMemory_T() { IntPtr baseAddress = Marshal.AllocHGlobal(4); Marshal.WriteInt32(baseAddress, 1337); IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId); Assert.IsFalse(handle == IntPtr.Zero); int buffer = 0; Assert.IsTrue(ProcessMemory.ReadProcessMemory(handle, baseAddress, ref buffer)); Assert.IsTrue(buffer == Marshal.ReadInt32(baseAddress)); buffer = 0; IntPtr bytesRead = IntPtr.Zero; Assert.IsTrue(ProcessMemory.ReadProcessMemory(handle, baseAddress, ref buffer, ref bytesRead)); Assert.IsTrue(buffer == Marshal.ReadInt32(baseAddress)); Assert.IsTrue(bytesRead == (IntPtr)4); Assert.IsTrue(ProcessMemory.CloseHandle(handle)); Marshal.FreeHGlobal(baseAddress); }
public void VirtualProtectEx() { IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId); Assert.IsFalse(handle == IntPtr.Zero); IntPtr address = ProcessMemory.VirtualAllocEx(handle, IntPtr.Zero, (IntPtr)1024, AllocationType.Reserve | AllocationType.Commit, MemoryProtectionFlags.ExecuteReadWrite); MemoryProtectionFlags oldProtection = default; Assert.IsTrue(ProcessMemory.VirtualProtectEx(handle, address, (IntPtr)1024, MemoryProtectionFlags.NoAccess, ref oldProtection)); Assert.IsTrue(oldProtection == MemoryProtectionFlags.ExecuteReadWrite); try { Marshal.WriteInt32(address, 1337); throw new Exception(); } catch { } Assert.IsTrue(ProcessMemory.VirtualFreeEx(handle, address, IntPtr.Zero, FreeType.Release)); ProcessMemory.CloseHandle(handle); }
private void getObKeyFormLoLClientMemory() { Regex regex = new Regex(" [0-9]+ (?<KEY>.+) <id_removed>", RegexOptions.IgnoreCase); Match match = regex.Match(this.gameLogContent); ProcessMemory processMemory = new ProcessMemory(); processMemory.openProcess("LolClient"); if (LoLRecorder._lastTimeAddress != 0u && this.analyzeObKeyInMemoryBytesMethod1(processMemory.readMemory(LoLRecorder._lastTimeAddress, 256u))) { processMemory.closeProcess(); return; } processMemory.recordMemorysInfo(); uint[] array = processMemory.findString(match.Groups["KEY"].Value, System.Text.Encoding.ASCII, 1); for (int i = 0; i < array.Length; i++) { byte[] memBytes = processMemory.readMemory(array[i], 256u); if (this.analyzeObKeyInMemoryBytesMethod1(memBytes)) { LoLRecorder._lastTimeAddress = array[i]; break; } } processMemory.closeProcess(); }
public override void Read(int dwPlayer) { var processMemory = ProcessMemory.Get(); Position = processMemory.ReadVector3(dwPlayer + netvars.m_vecOrigin); Yaw = (float)Math.PI / 180 * processMemory.ReadFloat(dwPlayer + 0x12C); ////////////////////////// Pitch = 0; TeamID = processMemory.ReadInt32(dwPlayer + netvars.m_iTeamNum); Health = processMemory.ReadInt32(dwPlayer + netvars.m_iHealth); Armor = processMemory.ReadInt32(dwPlayer + netvars.m_ArmorValue); var m_dwBoneMatrix = processMemory.ReadInt32(dwPlayer + netvars.m_dwBoneMatrix); if (processMemory.IsValid(m_dwBoneMatrix)) { if (TeamID == CSGOConstants.TeamID_t) { ReadSkeleton_t(m_dwBoneMatrix); } else if (TeamID == CSGOConstants.TeamID_ct) { ReadSkeleton_ct(m_dwBoneMatrix); } } }
public void WriteProcessMemory_T() { IntPtr baseAddress = Marshal.AllocHGlobal(4); const int buffer = 1337; Marshal.WriteInt32(baseAddress, 0); IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId); Assert.IsFalse(handle == IntPtr.Zero); Assert.IsTrue(ProcessMemory.WriteProcessMemory(handle, baseAddress, buffer)); Assert.IsTrue(Marshal.ReadInt32(baseAddress) == buffer); Marshal.WriteInt32(baseAddress, 0); IntPtr bytesWritten = IntPtr.Zero; Assert.IsTrue(ProcessMemory.WriteProcessMemory(handle, baseAddress, buffer, ref bytesWritten)); Assert.IsTrue(Marshal.ReadInt32(baseAddress) == buffer); Assert.IsTrue(bytesWritten == (IntPtr)4); Assert.IsTrue(ProcessMemory.CloseHandle(handle)); Marshal.FreeHGlobal(baseAddress); }
public static State ReadState() { var processes = Process.GetProcessesByName("dungeons of dredmor"); if (processes.Length == 0) { return(null); } using (var memory = new ProcessMemory()) { if (memory.Open(processes[0]) == false) { return(null); } if (memory.MainModuleAddress != 0x00400000) { throw new InvalidOperationException("main module address is not 0x00400000 (ASLR is on?)"); } var state = new State(); var playerAddress = memory.ReadU32(PlayerAddress); state.Player = playerAddress == 0 ? null : Player.Read(memory, playerAddress); var levelAddress = memory.ReadU32(LevelAddress); state.CurrentLevel = levelAddress == 0 ? null : Level.Read(memory, levelAddress); return(state); } }
public static Level Read(ProcessMemory memory, uint baseAddress) { var level = new Level(); level.Floor = memory.ReadS32(baseAddress + OffsetLevel); level.Width = memory.ReadS32(baseAddress + OffsetWidth); level.Height = memory.ReadS32(baseAddress + OffsetHeight); var roomNamesStartAddress = memory.ReadU32(baseAddress + OffsetRoomNamesStart); var roomNamesEndAddress = memory.ReadU32(baseAddress + OffsetRoomNamesEnd); var roomNameCount = (roomNamesEndAddress - roomNamesStartAddress) / 28; var roomNameData = new byte[0x1C * roomNameCount]; if (memory.Read(roomNamesStartAddress, ref roomNameData) != roomNameData.Length) { throw new InvalidOperationException(); } level.RoomNames.Clear(); for (int i = 0; i < roomNameData.Length; i += 0x1C) { var roomNameLength = BitConverter.ToInt32(roomNameData, i + 0x14); if (roomNameLength < 16) { level.RoomNames.Add(Encoding.ASCII.GetString(roomNameData, i + 4, roomNameLength)); } else { var roomName = new byte[roomNameLength]; if (memory.Read(BitConverter.ToUInt32(roomNameData, i + 0x04), ref roomName) != roomName.Length) { throw new InvalidOperationException(); } level.RoomNames.Add(Encoding.ASCII.GetString(roomName, 0, roomNameLength)); } } var tileAddress = memory.ReadU32(baseAddress + OffsetSquares); // read all tile data at once instead of one tile at a time (speed!) var tileData = new byte[level.Width * level.Height * 0x5C]; if (memory.Read(tileAddress, ref tileData) != tileData.Length) { throw new InvalidOperationException(); } level.Squares = new Square[level.Width, level.Height]; for (int y = 0; y < level.Height; y++) { for (int x = 0; x < level.Width; x++) { level.Squares[x, y] = Square.Read(tileData, ((y * level.Width) + x) * 0x5C, memory); } } return(level); }
public void OnExit() { ProcessMemory.CloseHandle(memory.ProcessHandle); memory = null; hotKeyManager.KeyPressed -= OnKeyPressed; hotKeyManager.Dispose(); }
private void LoadProcessMemory() { this.ProcMem = new ProcessMemory("dosbox"); if (!this.ProcMem.OpenProcess()) { Environment.Exit(-1); } }
public HackManager() { RenderSurface = new RenderSurface(); RenderSurface.Shown += (sender, args) => new Thread(Loop).Start(); Render2D = new Render2D(RenderSurface.Handle); ProcessMemory = new ProcessMemory(); }
protected Vector3 ReadBone(int m_dwBoneMatrix, int boneID, int boneSize) { var processMemory = ProcessMemory.Get(); var m = processMemory.ReadMatrix(m_dwBoneMatrix + boneID * boneSize); return(new Vector3(m.M31, m.M32, m.M33)); }
/// public void Dispose() { if (_pm != null) { _pm.Dispose(); _pm = null; } GC.SuppressFinalize(this); }
static void Main(string[] args) { ProcessMemory pm = new ProcessMemory("Skype", 0, AccessLevel.Read); byte[] bytes = pm.ReadArray<byte>(0x1D8153A4, 16); Console.WriteLine(bytes); Console.ReadLine(); }
public void Close() { IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId); Assert.IsFalse(handle == IntPtr.Zero); Assert.IsTrue(ProcessMemory.CloseHandle(handle)); }
public override void Read(int dwLocalPlayer) { var processMemory = ProcessMemory.Get(); Position = processMemory.ReadVector3(dwLocalPlayer + netvars.m_vecOrigin); HeadPosition = new Vector3(Position.X, Position.Y, Position.Z + 69); TeamID = processMemory.ReadInt32(dwLocalPlayer + netvars.m_iTeamNum); }
static void Main(string[] args) { ProcessMemory pm = new ProcessMemory("Skype", 0, AccessLevel.Read); byte[] bytes = pm.ReadArray <byte>(0x1D8153A4, 16); Console.WriteLine(bytes); Console.ReadLine(); }
private unsafe static void dumpModuleHeader1(Log log, ProcessMemory m, Diag::ProcessModule mod) { log.WriteLine("モジュール " + mod.ModuleName + ":"); log.AddIndent(); log.WriteVar("Base-Address", "0x" + mod.BaseAddress.ToString("X8")); log.WriteVar("Module-Size", "0x" + mod.ModuleMemorySize.ToString("X8")); try{ RemotePtr <byte> mbase = (RemotePtr <byte>)m + mod.BaseAddress; IMAGE.DOS_HEADER dosHeader = mbase.Read <IMAGE.DOS_HEADER>(); if (dosHeader.magic != IMAGE.SIGNATURE.DOS) { log.WriteLine("!モジュールの先頭が DOS Header ではありません。"); return; } RemotePtr <byte> pe = mbase + dosHeader.lfanew; if (pe.Read <uint>() != (uint)IMAGE.SIGNATURE.NT) { log.WriteLine("!IMAGE Header が見つかりません。"); return; } IMAGE.FILE_HEADER coffHeader = (pe += 4).Read <IMAGE.FILE_HEADER>(); log.WriteLine("IMAGE 形式: COFF Header"); log.AddIndent(); log.WriteVar("対象機種", coffHeader.MachineDescription); log.WriteVar("セクション数", coffHeader.NumberOfSections); log.WriteVar("タイムスタンプ", coffHeader.TimeDateStamp); log.WriteVar("シンボル表の位置", "0x" + coffHeader.PointerToSymbolTable.ToString("X8")); log.WriteVar("シンボルの数", coffHeader.NumberOfSymbols); log.WriteVar("拡張ヘッダの大きさ", "0x" + coffHeader.SizeOfOptionalHeader.ToString("X4")); log.WriteVar("属性", coffHeader.Characteristics); log.RemoveIndent(); switch ((pe += sizeof(IMAGE.FILE_HEADER)).Read <IMAGE.OPTIONAL_MAGIC>()) { case IMAGE.OPTIONAL_MAGIC.NT_HDR32: log.WriteLine("種別: PE32"); dumpPE32Header(log, mbase, pe); break; case IMAGE.OPTIONAL_MAGIC.ROM_HDR: log.WriteLine("種別: Rom Image"); break; case IMAGE.OPTIONAL_MAGIC.NT_HDR64: log.WriteLine("種別: PE32+"); break; default: log.WriteLine("未知の拡張ヘッダです。"); break; } }finally{ log.RemoveIndent(); } }
public void Start(VideoFormat f, String fileName) { this.fileName = fileName; format = f; process = new ProcessMemory(); process.openProcess(Constants.LoLExeName); InitVideoFile(); StartRecordingLooping(); }
public Memory(string processName) { if (string.IsNullOrEmpty(processName)) { throw new ArgumentNullException(nameof(processName)); } (ProcMemory = new ProcessMemory(processName)).StartProcess(); }
private void ProcessOnExited(object?sender, EventArgs e) { Dispatcher.Invoke((Action)(() => { context.Connected = false; //context.ConnectionStatuses.First(x => x.ConnectionName == "Among us").Connected = false; })); ProcessMemory.getInstance().process.Exited -= ProcessOnExited; }
private static void WriteViewAngles(BaseGame game, Vector2 angles) { if (float.IsNaN(angles.X) || float.IsNaN(angles.Y)) { return; } ProcessMemory.Get().WriteVector2(game.ViewAnglesAddress, angles); }
public Memory(int processID) { if (processID <= 0) { throw new ArgumentOutOfRangeException(nameof(processID)); } (ProcMemory = new ProcessMemory(processID)).StartProcess(); }
public Cheat() { Memory = new ProcessMemory(); Modules = new List <Module>() { new GlowModule(this, VirtualKeyShort.F1) }; keyboard = new Keyboard(); }
/// <summary> /// Create new instance of the <see cref="WowMemory"/>. /// </summary> /// <param name="process">Wow process.</param> public WowMemory(Process process) { if (process == null) throw new ArgumentNullException(nameof(process)); Memory = new ProcessMemory(process); Settings.Load(Build); if (Settings.PlayerName == 0U) throw new NullReferenceException($"Current game version ({Build}) not supported!"); KeyBoardProck = new KeyBoardProc(HookCallback); keyboardHook = SetWindowsHookEx(13, KeyBoardProck, Process.GetCurrentProcess().MainModule.BaseAddress, 0); mTimer.Tick += (o, e) => { if (CheckProcess()) { Settings.Load(Build);// reload offsets IsInGame = Memory.Read<bool>(Memory.Rebase(Settings.IsInGame)); if (IsInGame && Settings.FishEnbl != 0L) { var isBotEnable = Memory.Read<float>(Memory.Rebase(Settings.FishEnbl)); if (Math.Abs(isBotEnable - 12.01f) < float.Epsilon) TestBoober(); } } }; mTimer.Start(); }
/// <summary> /// Overloaded constructor /// </summary> public Player(H2Memory H2, int index) { this.Mem = H2.H2Mem; this.H2 = H2; this.HType = H2.HType; this.index = index * 0x204; if (HType == H2Type.Halo2Vista) { if ((Mem.ReadInt(true, 0x5057AC)).ToString() == "0") Offset = 0x50D334; else Offset = 0x5057AC; } }
private static void checkMemoryAddr(ProcessMemory Mem, int addr, string tomatch) { int size = tomatch.Length; if(!Mem.CheckProcess()) { Log.WriteLog("ERROR: Failed to read memory. addr=0x0" + String.Format("{0:X}", addr) + " size=" + size + " tomatch=" + tomatch); } string memoryval = Mem.ReadStringAscii(addr, size); if(!memoryval.Equals(tomatch)) { Log.WriteLog("Memory modification detected!"); Log.WriteLog("Address: 0x0" + String.Format("{0:X}", addr) + ", Size: " + size + ", Should contain: " + tomatch); Log.WriteLog("Contains: " + memoryval); Log.WriteLog(" "); g_iCleanGame++; } }
const int STILL_ACTIVE = 0x103; //from winnt.h #endregion Fields #region Constructors public Executor(ProcessMemory procMem, ArrayList delegatorParams) { this.procMem = procMem; this.delegatorParams = delegatorParams; }
public static void VerifySomeMemoryStuff() { try { ProcessMemory Mem = new ProcessMemory("gta_sa"); if(!g_bGTASAStarted) return; while(!Mem.CheckProcess() && g_bGTASAStarted) { ProcessMemory Mem2 = new ProcessMemory("samp"); if(!Mem.CheckProcess()) { // SA-MP browser is closed. whenGameStopped(4039); } Thread.Sleep(5000); // Wait for GTA SA to be launched. (only sa-mp server browser is open at this time.) } // Wait a second just in case the game isn't initialized yet. Thread.Sleep(1000); // YAY! // now we need to read some memory addresses! if(Mem.StartProcess()) { // public static void checkMemoryAddr(ProcessMemory Mem, int addr, string tomatch) checkMemoryAddr(Mem, 0x085C718, @"ANIM\PED.IFP"); checkMemoryAddr(Mem, 0x086AA28, @"DATA\WEAPON.DAT"); checkMemoryAddr(Mem, 0x0869668, @"DATA\CARMODS.DAT"); checkMemoryAddr(Mem, 0x086A7F4, @"DATA\ANIMGRP.DAT"); checkMemoryAddr(Mem, 0x086AAB4, @"DATA\melee.dat"); checkMemoryAddr(Mem, 0x08671F8, @"DATA\CLOTHES.DAT"); checkMemoryAddr(Mem, 0x0869B20, @"DATA\OBJECT.DAT"); checkMemoryAddr(Mem, 0x0863A90, @"DATA\DEFAULT.DAT"); checkMemoryAddr(Mem, 0x0864318, @"data\surface.dat"); checkMemoryAddr(Mem, 0x0863B10, @"DATA\GTA.DAT"); checkMemoryAddr(Mem, 0x0872148, @"DATA\water.dat"); checkMemoryAddr(Mem, 0x0872158, @"DATA\water1.dat"); checkMemoryAddr(Mem, 0x086AF80, @"data\furnitur.dat"); checkMemoryAddr(Mem, 0x0867014, @"data\procobj.dat"); checkMemoryAddr(Mem, 0x086A964, @"HANDLING.CFG"); checkMemoryAddr(Mem, 0x086A778, @"TIMECYC.DAT"); checkMemoryAddr(Mem, 0x086A698, @"DATA\PEDSTATS.DAT"); checkMemoryAddr(Mem, 0x086A648, @"MODELS\FONTS.TXD"); checkMemoryAddr(Mem, 0x086A51C, @"models\coll\peds.col"); checkMemoryAddr(Mem, 0x0863F80, @"DATA\STATDISP.DAT"); checkMemoryAddr(Mem, 0x0863FA0, @"DATA\AR_STATS.DAT"); checkMemoryAddr(Mem, 0x0864DB4, @"data\surfinfo.dat"); // added v1.4 checkMemoryAddr(Mem, 0x08E4318, @"SAMP\CUSTOM.IMG"); checkMemoryAddr(Mem, 0x08E4398, @"MODELS\GTA3.IMG"); checkMemoryAddr(Mem, 0x08E43D8, @"MODELS\GTA_INT.IMG"); checkMemoryAddr(Mem, 0x08E44D8, @"MODELS\PLAYER.IMG"); checkMemoryAddr(Mem, 0x08E40D8, @"AUDIO\SFX\FEET"); checkMemoryAddr(Mem, 0x08E4118, @"AUDIO\SFX\GENRL"); checkMemoryAddr(Mem, 0x08E4158, @"AUDIO\SFX\PAIN_A"); checkMemoryAddr(Mem, 0x08E4198, @"AUDIO\SFX\SCRIPT"); checkMemoryAddr(Mem, 0x08E41D8, @"AUDIO\SFX\SPC_EA"); checkMemoryAddr(Mem, 0x08E4218, @"AUDIO\SFX\SPC_FA"); checkMemoryAddr(Mem, 0x08E4258, @"AUDIO\SFX\SPC_GA"); checkMemoryAddr(Mem, 0x08E4298, @"AUDIO\SFX\SPC_NA"); checkMemoryAddr(Mem, 0x08E42D8, @"AUDIO\SFX\SPC_PA"); checkMemoryAddr(Mem, 0x08E4358, @"SAMP\SAMP.IMG"); checkMemoryAddr(Mem, 0x08E4418, @"SAMP\SAMPCOL.IMG"); checkMemoryAddr(Mem, 0x08E4458, @"DATA\SCRIPT\SCRIPT.IMG"); checkMemoryAddr(Mem, 0x08E4498, @"MODELS\CUTSCENE.IMG"); checkMemoryAddr(Mem, 0x08E48D8, @"SAMP\CUSTOM.IMG"); checkMemoryAddr(Mem, 0x08E4908, @"SAMP\SAMP.IMG"); checkMemoryAddr(Mem, 0x08E4938, @"MODELS\GTA3.IMG"); checkMemoryAddr(Mem, 0x08E4968, @"MODELS\GTA_INT.IMG"); checkMemoryAddr(Mem, 0x08E4998, @"SAMP\SAMPCOL.IMG"); checkMemoryAddr(Mem, 0x08E49C8, @"DATA\SCRIPT\SCRIPT.IMG"); checkMemoryAddr(Mem, 0x08E49F8, @"MODELS\CUTSCENE.IMG"); checkMemoryAddr(Mem, 0x08E4A28, @"MODELS\PLAYER.IMG"); } } catch(Exception e) { Log.WriteLog(e.ToString()); } }
/// <summary> /// Инициализирует новый экземпляр класса <see cref="Yanitta.WowMemory"/>. /// </summary> /// <param name="process">Процесс WoW.</param> public WowMemory(Process process) { if (process == null) throw new ArgumentNullException(nameof(process)); var section = $"{process.ProcessName}_{process.MainModule.FileVersionInfo.FilePrivatePart}"; Offsets = new Offsets(section); if (Offsets == null) throw new NullReferenceException($"Current game version ({section}) not supported!"); Memory = new ProcessMemory(process); // Мы должны сохранить ссылку на делегат, чтобы его не трогал сборщик мусора KeyBoardProck = new KeyBoardProc(HookCallback); keyboardHook = SetWindowsHookEx(13, KeyBoardProck, Process.GetCurrentProcess().MainModule.BaseAddress, 0); mTimer.Tick += (o, e) => { if (CheckProcess()) { var ingame = Memory.Read<byte>(Memory.Rebase(Offsets.IsInGame)); IsInGame = ingame != 0; } }; mTimer.Start(); }
public static void checkGame(int gameId, string gamePath) { try { // If we didn't start SA-MP, return. if(gameId != 4039) return; // Initiatre our ProcessMemory objects for address checking ProcessMemory Mem = new ProcessMemory("gta_sa"); ProcessMemory Mem2 = new ProcessMemory("samp"); // if GTASA and sa-mp browser are started then if(Mem != null && Mem2 != null) { do { if(!Mem2.CheckProcess()) { // SA-MP browser is closed, end our checking. whenGameStopped(4039); return; } Thread.Sleep(5000); // Wait for GTA SA to be launched. (only sa-mp server browser is open at this time.) } while(!Mem.CheckProcess()); } #if !debug try { if(File.Exists(g_szLogFilePath) && !File.Exists(g_szLogFilePath + "123")) { if(Cryptology.DecryptFile(g_szLogFilePath, g_szLogFilePath + "123", "password removed for public src release")) { if(File.Exists(g_szLogFilePath)) { File.Delete(g_szLogFilePath); } } } } catch(Exception) { } #endif string file = ""; // Remove samp.exe from our path, so we can get the GTA directory, might cause problems if for some reason players have "samp.exe" in the path file = gamePath.Replace("samp.exe", ""); g_szWireGamePath = file; string path = ""; // check what the registry says about the GTA Directory. var path2 = Registry.GetValue("HKEY_CURRENT_USER\\Software\\SAMP", "gta_sa_exe", ""); // NOTE: if path2 is null, then there are 3 things that could be true, either sa-mp isn't installed, the Registry is disabled, or a firewall blocked it if(path2 != null) { path = path2.ToString(); // check if the path is valid. if(path.Length > 3) { // Remove "gta_sa.exe" from our file path. if(path.LastIndexOf("\\") > 0) { int index = path.LastIndexOf("\\"); path = path.Substring(0, index + 1); } // the sa-mp.exe launch path doesn't match the one found in registry, the one in registry is the one actually used by the SA-MP browser, so ignore ESL Wire path. if(!path.Equals(file)) { file = path; Log.WriteLog(" -> Warning: game path from ESL Wire doesn't match SA-MP GTA Path from registry, checking registry path and ignoring ESL Wire path"); Log.WriteLog(" ESL Wire Path: " + gamePath); Log.WriteLog(" Path in registry: " + file); Log.WriteLog(" "); } } } int bAddr = -1; do { Process[] p = Process.GetProcessesByName("gta_sa"); int idx = 0; // hopefully there is only 1 gta_sa.exe started! foreach(Process proc in p) { idx++; if(proc != null) { // weird restart loop incase getting process filename fails below. // if it fails it will usually work the 2nd time, and if not the 2nd time, the 3rd. // if not the 3rd, then the 4th, if not the 4th, then etc.. bool restart = false; do { restart = false; try { string s = Misc.getProcessPath(proc); if(File.Exists(s)) { path = s; } } catch(Exception e) { Log.WriteLog(e.ToString()); try { if(File.Exists(proc.MainModule.FileName)) { path = proc.MainModule.FileName; } } catch(Exception ee) { // really now? Log.WriteLog(ee.ToString()); restart = true; Thread.Sleep(500); } } } while(restart); // Get the directory path, remove gta_sa.exe. if(path.Length > 3) { if(path.LastIndexOf("\\") > 0) { int index = path.LastIndexOf("\\"); path = path.Substring(0, index + 1); } } g_bGTASAStarted = true; Log.WriteLog("gta_sa.exe launched from: " + path2); Log.WriteLog(" "); g_szGTASaPath = path; do { restart = false; try { // get base address for samp.dll bAddr = Modules.GetModuleBaseAddress(proc, "samp.dll"); } catch(Exception e) { restart = true; Log.WriteLog("Getting samp.dll offset error:"); Log.WriteLog(e.ToString()); Thread.Sleep(500); } } while(restart); } // it's ok, we've prepared for more than 1 gta. if(idx > 1) { proc.Kill(); g_bGTASAStarted = false; } } Thread.Sleep(500); } while(!g_bGTASAStarted); g_bGTASAStarted = true; g_iCleanGame = 0; // samp.dll + /* * 0x20D77D - ip * 0x20D87E - port * 0x20D97F - name * * (it'd be better to just read command line, and would be compatable with all sa-mp versions then, these are 0.3e addresses.) * */ if(Mem.StartProcess()) { // get connected server IP and player name. string ip = Mem.ReadStringAscii(bAddr + 0x020D77D, 30); string port = Mem.ReadStringAscii(bAddr + 0x020D87E, 10); string name = Mem.ReadStringAscii(bAddr + 0x020D97F, 24); Log.WriteLog("Connected Server: " + ip + ":" + port + " as " + name); Log.WriteLog("Attempting to Query server..."); // get time stamp to calculate our ping. DateTime p = DateTime.Now; bool restart = false; do { restart = false; try { // use sa-mp server query mechanism Query sQuery = new Query(ip, int.Parse(port)); sQuery.Send('i'); int count = sQuery.Recieve(); string[] info = sQuery.Store(count); DateTime pp = DateTime.Now; TimeSpan ts = pp - p; Log.WriteLog("Successfully contacted server. (ping: " + ts.Milliseconds + ")"); Log.WriteLog("Hostname: " + info[3]); Log.WriteLog("Gamemode: " + info[4]); Log.WriteLog("Players: " + info[1]); Log.WriteLog(" "); sQuery.Send('d'); count = sQuery.Recieve(); info = sQuery.Store(count); int i = 0; for(int j = 0; j < info.Length-2; ++j) { // still don't understand how this works, but it does! if(i == 0) { Log.WriteLog("PlayerID: " + info[j] + " || PlayerName: " + info[j+1]); } i++; if(i == 4) i = 0; } Log.WriteLog(" "); } catch(System.IndexOutOfRangeException) { Log.WriteLog("** Failed to get player list."); } catch(System.FormatException) { Log.WriteLog("Failed to contact SA-MP server"); Log.WriteLog("** Game not initialized, retrying..."); restart = true; Thread.Sleep(1000); } catch(Exception e) { Log.WriteLog("Failed to contact SA-MP server - " + ip + ":" + port + " as " + name); Log.WriteLog(e.ToString()); } } while(restart); } // Check game integrity checkGameFiles( g_szGTASaPath ); // check some memory addresses to make sure the file path for the data files hasn't been changed. Memory.VerifySomeMemoryStuff(); // Show results. Log.WriteLog("Strange files in GTA SA Path: "); Log.WriteLog(" "); // paste all files in GTA SA path that aren't part of the original game. gtadir(g_szGTASaPath); Log.WriteLog(" "); if(g_iCleanGame == 0) { Log.WriteLog("VERDICT: Game is clean!"); } else { if(g_iCleanGame > 1) { Log.WriteLog("VERDICT: Detected " + g_iCleanGame + " inconsistencies"); } else { Log.WriteLog("VERDICT: Detected " + g_iCleanGame + " inconsistency"); } } Log.WriteLog(" "); // check again in 15 minutes aTimer.Enabled = true; //#if !debug // encrypt our log file and delete the original .txt we where writing plain text too. if(File.Exists(g_szLogFilePath + "123") && !File.Exists(g_szLogFilePath)) { g_szLogFileMD5 = MD5file(g_szLogFilePath + "123"); if(Cryptology.EncryptFile(g_szLogFilePath + "123", g_szLogFilePath, "password removed for public src release")) { if(File.Exists(g_szLogFilePath + "123")) { File.Delete(g_szLogFilePath + "123"); } } } //#endif return; } catch(Exception e) { Log.WriteLog(e.ToString()); } }
public override void init() { setIcon("gtasa.gif"); setTooltip("SA-MP Anti-Cheat Extension plugin."); Wire.GameInterface gi = Wire.InterfaceFactory.gameInterface(); gi.GameStarted += new Wire.GameInterface.GameStartedHandler(checkGame); gi.GameStopped += new Wire.GameInterface.GameStoppedHandler(whenGameStopped); gi.MatchStarted += new Wire.GameInterface.MatchStartedHandler(onMatchStarted); gi.MatchEnded += new Wire.GameInterface.MatchEndedHandler(onMatchEnded); // Set our repeating timer to re-check files after 10 minutes. aTimer.Elapsed +=new ElapsedEventHandler(checkGameRepeat); aTimer.Interval = 600000; // Get our random file path name. g_szLogFilePath = System.IO.Path.GetTempPath() + Guid.NewGuid().ToString() + ".txt"; try { // Add the wire-plugin.exe to the Windows Firewall allowed list Process p = Process.GetCurrentProcess(); if(p != null) { if(Misc.GetOSName().Contains("Windows XP")) { Misc.runCmdLine("netsh firewall delete allowedprogram \"" + p.MainModule.FileName + "\""); Misc.runCmdLine("netsh firewall add allowedprogram program=\"" + p.MainModule.FileName + "\" name=\"ESL Wire Plugin\" mode=ENABLE scope=ALL profile=ALL"); } else { Misc.runCmdLine("netsh advfirewall firewall delete rule name=\"ESL Wire Plugin\""); Misc.runCmdLine("netsh advfirewall firewall add rule name=\"ESL Wire Plugin\" dir=in action=allow program=\"" + p.MainModule.FileName + "\" enable=yes remoteip=any profile=public,private"); } } } catch(Exception e) { Log.WriteLog(e.ToString()); } try { checkForUpdate(); } catch(Exception e) { Log.WriteLog(e.ToString()); } try { if(!UacHelper.IsProcessElevated) { Misc.EndProcessAdmin(); } } catch(Exception e) { Log.WriteLog(e.ToString()); } // Check if SA-MP is open already ProcessMemory Mem = new ProcessMemory("samp"); if(Mem.CheckProcess()) { Log.WriteLog("Warning: SA-MP Was already started when ESL Wire was launched."); Process[] p = Process.GetProcessesByName("samp"); foreach(Process proc in p) { if(proc != null) { checkGame(4039, proc.MainModule.FileName); } } } }