static void Main(string[] args)
{
uint dwCodeLoc;
wow = new BlackMagic();
if (wow.OpenProcessAndThread(SProcess.GetProcessFromProcessName("wow")))
{
Console.WriteLine(wow.GetModuleFilePath());
DateTime dt = DateTime.Now;
//dwCodeLoc = SPattern.FindPattern(wow.ProcessHandle, wow.MainModule, PATTERN_CLIENT_CONNECTION, MASK_CLIENT_CONNECTION, ' ');
dwCodeLoc = wow.FindPattern(PATTERN_CLIENT_CONNECTION, MASK_CLIENT_CONNECTION);
Console.WriteLine("Pattern found in {0}ms", DateTime.Now.Subtract(dt).TotalMilliseconds);
Console.WriteLine("Code loc: 0x{0:X08}", dwCodeLoc);
Console.WriteLine("CLIENT_CONNECTION: 0x{0:X08}", wow.ReadUInt(dwCodeLoc + 0x16));
Console.WriteLine("CURMGR_OFFSET: 0x{0:X08}", wow.ReadUInt(dwCodeLoc + 0x1C));
}
else
{
Console.WriteLine("World of Warcraft could not be opened for read/write.");
}
Console.ReadLine();
}
public static Structs.PatternList FindPatternList(Structs.PatternList patternList)
{
Structs.PatternList newPatternList = new Structs.PatternList();
newPatternList.processName = patternList.processName;
uint baseModule = 0;
BlackMagic memread = new BlackMagic();
if (memread.OpenProcessAndThread(SProcess.GetProcessFromProcessName(patternList.processName)))
{
try
{
// Dump module
ProcessModuleCollection modules = Process.GetProcessById(memread.ProcessId).Modules;
foreach (ProcessModule o in modules)
{
Structs.ModuleList m = new Structs.ModuleList();
m.Name = o.ModuleName;
m.baseAddressDec = (int)o.BaseAddress;
m.baseAddressHex = (o.BaseAddress).ToString("X");
patternList.Modules.Add(m);
// Check module base if exist.
if (patternList.baseModuleName != "")
{
if (patternList.baseModuleName.ToLower() == o.ModuleName.ToLower())
{
baseModule = (uint)o.BaseAddress;
}
}
}
}
catch { }
foreach (Structs.Pattern p in patternList.Patterns)
{
try
{
uint dwCodeLoc = memread.FindPattern(p.pattern, p.mask);
uint offset = memread.ReadUInt((uint)((int)dwCodeLoc + p.offsetLocation));
if (offset > 0)
{
offset = offset - baseModule;
dwCodeLoc = dwCodeLoc - baseModule;
}
if (offset > 0)
{
// Dump offset
p.offset = offset.ToString("X");
p.offsetDec = offset;
p.offsetUsedAtDec = (uint)((int)dwCodeLoc + p.offsetLocation);
p.offsetUsedAt = ((int)dwCodeLoc + p.offsetLocation).ToString("X");
try
{
switch (p.type)
{
case "int64":
p.value = Convert.ToString(memread.ReadUInt64(p.offsetDec));
break;
case "int":
p.value = Convert.ToString(memread.ReadInt(p.offsetDec));
break;
case "float":
p.value = Convert.ToString(memread.ReadFloat(p.offsetDec));
break;
case "string":
p.value = Convert.ToString(memread.ReadASCIIString(p.offsetDec, 30));
break;
}
}
catch { p.value = "No Found"; }
}
else
{
p.offset = "No Found";
}
}
catch
{ p.offset = "No Found"; }
newPatternList.Patterns.Add(p);
}
memread.Close();
}
else
{
MessageBox.Show("Process no found.");
}
return(patternList);
}
private void bCreatePattern_Click(object sender, EventArgs e)
{
if (cbProcess1.Text.Replace(" ", "") != "" && cbProcess2.Text.Replace(" ", "") != "" && tbOffset1.Text.Replace(" ", "").Replace("0x", "") != "" && tbOffset2.Text.Replace(" ", "").Replace("0x", "") != "")
{
string[] process1Array = cbProcess1.Text.Replace(" ", "").Split(Convert.ToChar("-"));
string[] process2Array = cbProcess2.Text.Replace(" ", "").Split(Convert.ToChar("-"));
if (process1Array != null && process2Array != null)
{
if (process1Array.Length > 0 && process2Array.Length > 0)
{
try
{
// Process choose to ID
int process1Id = Convert.ToInt32(process1Array[0]);
int process2Id = Convert.ToInt32(process2Array[0]);
// Open Process
BlackMagic process1BM = new BlackMagic();
BlackMagic process2BM = new BlackMagic();
if (!process1BM.OpenProcessAndThread(process1Id))
{
MessageBox.Show("Open Process 1 failled.");
return;
}
if (!process2BM.OpenProcessAndThread(process2Id))
{
MessageBox.Show("Open Process 2 failled.");
return;
}
// Get Module
uint moduleBase1BM = 0;
uint moduleBase2BM = 0;
string moduleShow = "";
if (baseModuleNameTB.Text != "")
{
moduleBase1BM = (uint)process1BM.GetModule(baseModuleNameTB.Text).BaseAddress;
moduleBase2BM = (uint)process2BM.GetModule(baseModuleNameTB.Text).BaseAddress;
moduleShow = baseModuleNameTB.Text + " + ";
if (moduleBase1BM <= 0 || moduleBase2BM <= 0)
{
MessageBox.Show("Module not found.");
return;
}
}
// Offset choose to uint
uint offset1 = uint.Parse(tbOffset1.Text.Replace(" ", "").Replace("0x", ""), System.Globalization.NumberStyles.HexNumber) + moduleBase1BM;
uint offset2 = uint.Parse(tbOffset2.Text.Replace(" ", "").Replace("0x", ""), System.Globalization.NumberStyles.HexNumber) + moduleBase2BM;
// Offset to 4 Byte
string tPattern1 = offset1.ToString("X");
while (tPattern1.Length < 8)
{
tPattern1 = "0" + tPattern1;
}
string tPattern2 = offset2.ToString("X");
while (tPattern2.Length < 8)
{
tPattern2 = "0" + tPattern2;
}
// Offset 4 byte inverse
string t2Pattern1 = tPattern1.Substring(6, 2);
t2Pattern1 += " " + tPattern1.Substring(4, 2);
t2Pattern1 += " " + tPattern1.Substring(2, 2);
t2Pattern1 += " " + tPattern1.Substring(0, 2);
string t2Pattern2 = tPattern2.Substring(6, 2);
t2Pattern2 += " " + tPattern2.Substring(4, 2);
t2Pattern2 += " " + tPattern2.Substring(2, 2);
t2Pattern2 += " " + tPattern2.Substring(0, 2);
// Find offset used at
string tMask = "xxxx";
uint dwCodeLoc1 = process1BM.FindPattern(t2Pattern1, tMask);
uint dwCodeLoc2 = process2BM.FindPattern(t2Pattern2, tMask);
if (dwCodeLoc1 <= 0 || dwCodeLoc2 <= 0)
{
MessageBox.Show("Offset not found.");
return;
}
// Read Pattern
byte[] bytesPorcess1 = process1BM.ReadBytes(dwCodeLoc1, 16);
byte[] bytesPorcess2 = process2BM.ReadBytes(dwCodeLoc2, 16);
// Make mask
string mask = "";
for (int i = 0; i <= bytesPorcess1.Length - 1; i++)
{
if (bytesPorcess1[i] == bytesPorcess2[i] && i > 3)
{
mask += "x";
}
else
{
bytesPorcess1[i] = 0;
bytesPorcess2[i] = 0;
mask += "?";
}
}
// Pattern to String
string pattern = BitConverter.ToString(bytesPorcess1);
pattern = pattern.Replace("-", " ");
// Show Result
tbPattern.Text = "";
tbPattern.Text += "Offset 1 used at: " + moduleShow + "0x" + (dwCodeLoc1 - moduleBase1BM).ToString("x") + Environment.NewLine;
tbPattern.Text += "Offset 2 used at: " + moduleShow + "0x" + (dwCodeLoc2 - moduleBase2BM).ToString("x") + Environment.NewLine + Environment.NewLine;
tbPattern.Text += "<Pattern>" + Environment.NewLine;
tbPattern.Text += " <offsetName>" + tbOffsetName.Text + "</offsetName>" + Environment.NewLine;
tbPattern.Text += " <pattern>" + pattern + "</pattern>" + Environment.NewLine;
tbPattern.Text += " <mask>" + mask + "</mask>" + Environment.NewLine;
tbPattern.Text += " <offsetLocation>0</offsetLocation>" + Environment.NewLine;
tbPattern.Text += " <type>" + cbValueType.Text + "</type>" + Environment.NewLine;
tbPattern.Text += "</Pattern>";
process1BM.Close();
process2BM.Close();
}
catch
{
MessageBox.Show("Error, please verif all info.");
}
}
else
{
MessageBox.Show("Please select Process.");
}
}
else
{
MessageBox.Show("Please select Process.");
}
}
else
{
MessageBox.Show("Please enter all information.");
}
}
