static byte[] ByteStringToArray(string input)
{
List <byte> ret = new List <byte>();
input = input.Replace(" ", "");
input = input.Trim();
if (input.Length % 2 == 1)
{
throw new Exception("Could not convert Byte String to Array. Size incorrect");
}
for (int i = 0; i < input.Length; i += 2)
{
ret.Add(byte.Parse(input.Substring(i, 2), System.Globalization.NumberStyles.HexNumber));
}
DLOG.Write("[FindAOB] IDA AOB: ");
foreach (byte b in ret)
{
if (b == 0xAA)
{
DLOG.Write("? ");
}
else
{
DLOG.Write("{0:X2} ", b);
}
}
DLOG.WriteLine();
return(ret.ToArray());
}
static bool FindAoBInFile(BinaryReader br, uint StartPos, byte[] AoB, byte skipbyte = 0xFF, bool skipbyteset = false, int length = 0)
{
br.BaseStream.Position = StartPos;
try
{
while (br.BaseStream.Position != br.BaseStream.Length)
{
byte[] tmpBuffer = br.ReadBytes(length == 0 ? (int)Math.Min(1024 * 10, br.BaseStream.Length - br.BaseStream.Position) : length);
int tmpint = 0;
int res = Array.FindIndex(tmpBuffer, 0, tmpBuffer.Length, (byte b) =>
{
if (skipbyteset && AoB[tmpint] == skipbyte)
{
tmpint += 1;
}
else if (b == AoB[tmpint])
{
tmpint += 1;
}
else
{
tmpint = 0;
}
return(tmpint == AoB.Length);
});
if (res >= 0)
{
long realpos = (br.BaseStream.Position - tmpBuffer.Length) + (res - tmpint) + 1;
br.BaseStream.Position = realpos;
DLOG.WriteLine("[FindAOB] Found @ {0:X8}", realpos + FileOffset);
return(true);
}
if (length != 0)
{
return(false);
}
}
}
catch { }
DLOG.WriteLine("[FindAOB] ------- EOF ---------");
br.BaseStream.Position = StartPos;
return(false);
}
public static long FindAoB(IntPtr pHandle, long pStart, byte[] AoB, byte skipbyte = 0xAA, bool skipbyteset = true)
{
long pMaxLen = 0x07ffffff;
const long BUFF_SIZE = 0x10000;
DateTime now = DateTime.Now;
while (pStart < pMaxLen)
{
long lenAvailable = Math.Min(pMaxLen - pStart, BUFF_SIZE);
byte[] data = new byte[lenAvailable];
Memory.ReadMemory(pHandle, pStart, ref data, (int)lenAvailable);
int tmpint = 0;
int res = Array.FindIndex(data, 0, data.Length, (byte b) =>
{
if (skipbyteset && AoB[tmpint] == skipbyte)
{
tmpint += 1;
}
else if (b == AoB[tmpint])
{
tmpint += 1;
}
else
{
tmpint = 0;
}
return(tmpint == AoB.Length);
});
if (res >= 0)
{
DLOG.WriteLine("{0} miliseconds", (DateTime.Now - now).TotalMilliseconds);
return(pStart + res + 1 - tmpint);
}
pStart -= tmpint; // To compensate w/ missing bytes
pStart += lenAvailable;
}
DLOG.WriteLine("{0} miliseconds", (DateTime.Now - now).TotalMilliseconds);
DLOG.WriteLine("-- Not found.");
return(0);
}
static void DebugBuffer(BinaryReader pBR, long pPos = 0)
{
var tmp = pBR.BaseStream.Position;
if (pPos != 0)
{
pBR.BaseStream.Position = pPos;
}
DLOG.WriteLine("[FDEBUG] ---------------------------------------------------------");
DLOG.WriteLine("[FDEBUG] Current Position {0:X8} ({1:X8})", pBR.BaseStream.Position, pBR.BaseStream.Position + FileOffset);
DLOG.Write("[FDEBUG] - Data: ");
var data = pBR.ReadBytes(50);
foreach (byte b in data)
{
DLOG.Write("{0:X2} ", b);
}
pBR.BaseStream.Position = tmp;
DLOG.WriteLine();
DLOG.WriteLine("[FDEBUG] ---------------------------------------------------------");
}
public static void Find(ProcessStream pStream, out byte[] pKey, out int pAmountOfStrings, out int pStringArrayListPosition)
{
DLOG.WriteLine("SEEKING DECODE FUNCTION");
int _key_pos = 0, _key_size = 0, _key_size_pos = 0, _strings_amount_pos = 0;
pAmountOfStrings = pStringArrayListPosition = 0;
pKey = new byte[0];
DLOG.Write("[METHOD 1] ");
long addr = Extension.FindAoB(pStream.pHandle, 0x00200000, _AoB_1);
if (addr != 0)
{
DLOG.WriteLine("Found addr = {0:X8}", addr);
pStream.Position = addr;
pStream.Position += 2;
pStringArrayListPosition = pStream.ReadInt();
pStream.Position += 0x44 + 2;
_key_size_pos = pStream.ReadInt();
pStream.Position += 1;
_key_pos = pStream.ReadInt();
_strings_amount_pos = _key_size_pos + 4;
goto ParseData;
}
DLOG.Write("[METHOD 2] ");
addr = Extension.FindAoB(pStream.pHandle, 0x00200000, _AoB_2);
if (addr != 0)
{
DLOG.WriteLine("Found addr = {0:X8}", addr);
pStream.Position = addr;
pStream.Position += 5 + 2 + 2 + 3;
pStringArrayListPosition = pStream.ReadInt();
pStream.Position += 0x44 + 2;
_key_size = pStream.ReadByte(); // Key Size O,o
pStream.Position += 1;
_key_pos = pStream.ReadInt();
_strings_amount_pos = _key_pos + _key_size + 4; // 4 = key size, once again
pStream.Position = _key_pos;
DLOG.WriteLine(pStream.ReadBytes(30));
goto ParseData;
}
DLOG.Write("[METHOD 3] ");
addr = Extension.FindAoB(pStream.pHandle, 0x00200000, _AoB_3);
if (addr != 0)
{
DLOG.WriteLine("Found addr = {0:X8}", addr);
pStream.Position = addr;
pStream.Position += 8;
_key_size = pStream.ReadByte(); // Key Size
pStream.Position += 1;
_key_pos = pStream.ReadInt();
_key_size_pos = _key_pos + _key_size;
_strings_amount_pos = _key_pos + _key_size + 4; // 4 = key size, once again
pStringArrayListPosition = pStream.ReadInt();
pStream.Position += 0x44 + 2;
goto ParseData;
}
ParseData:
DLOG.Write("Gathering data needed...");
if (_key_size_pos != 0)
{
// Read keysize!
pStream.Position = _key_size_pos;
_key_size = pStream.ReadInt();
}
// Read key
pStream.Position = _key_pos;
pKey = pStream.ReadBytes(_key_size);
// Read amount of strings
pStream.Position = _strings_amount_pos;
pAmountOfStrings = pStream.ReadInt();
DLOG.WriteLine("Done!");
}
void FollowCommands(BinaryReader pBR, Delegate pActionAfterCommand)
{
for (int i = 0; ; i++)
{
if (pBR.BaseStream.Position == pBR.BaseStream.Length)
{
break;
}
// 8 bits instruction destination thing
// [X X] [X X X] [X X X]
// MOD REG RM
byte opcode = pBR.ReadByte();
BitSet bs = new BitSet {
OpCode = opcode
};
bool isExpansionOpcode = opcode == 0x0F;
byte realOpcode = opcode;
byte addOpcode = (byte)(realOpcode >> 3);
if (!isExpansionOpcode)
{
if (addOpcode == 0)
{
byte derp = pBR.ReadByte();
byte from, to;
bool destinationOffsetted = true;
if (!bs.BitSet2) // mem -> reg
{
from = (byte)(derp & 0x07);
to = (byte)((derp >> 3) & 0x07);
}
else
{
from = (byte)((derp >> 3) & 0x07);
to = (byte)(derp & 0x07);
destinationOffsetted = false;
}
string destName = GetSourceDestinationType(to, !bs.BitSet1);
string sourceName = GetSourceDestinationType(from, !bs.BitSet1);
bs.OpCode = derp;
if (!bs.BitSet8 && !bs.BitSet7) // Register Indirect
{
}
else if (!bs.BitSet8 && bs.BitSet7) // One Byte displacement
{
sbyte offset = pBR.ReadSByte();
string addmelol = offset < 0 ? "+" : "-";
addmelol += Math.Abs(offset).ToString();
if (destinationOffsetted)
{
destName = string.Format("[{0}{1}]", destName, addmelol);
}
else
{
sourceName = string.Format("[{0}{1}]", sourceName, addmelol);
}
}
else if (bs.BitSet8 && !bs.BitSet7) // 4 Byte Displacement
{
int offset = pBR.ReadInt32();
string addmelol = offset < 0 ? "+" : "-";
addmelol += Math.Abs(offset).ToString();
if (destinationOffsetted)
{
destName = string.Format("[{0}{1}]", destName, addmelol);
}
else
{
sourceName = string.Format("[{0}{1}]", sourceName, addmelol);
}
}
else if (bs.BitSet8 && bs.BitSet7) // Register Addressing Mode
{
}
DLOG.WriteLine("ADD {0}, {1}", destName, sourceName);
}
switch (realOpcode)
{
default:
{
DLOG.WriteLine("Unknown opcode: {0:X2}", realOpcode);
break;
}
}
}
else
{
realOpcode = pBR.ReadByte();
switch (realOpcode)
{
default:
{
DLOG.WriteLine("Unknown opcode: (expansion) {0:X2}", realOpcode);
break;
}
}
}
}
}
private void LoadFile(string pFilename)
{
try
{
DLOG.WriteLine("---------------Loading File------------------");
DLOG.WriteLine("FileName: {0}", pFilename);
DLOG.WriteLine("---------------------------------------------");
GC.Collect();
openedFile = pFilename;
var SetTitleBar = (Action <string>) delegate(string pNewTitle)
{
this.Invoke((MethodInvoker) delegate
{
if (pNewTitle == "")
{
this.Text = tmpTitleBar;
tmpTitleBar = "";
}
else
{
if (tmpTitleBar == "")
{
tmpTitleBar = this.Text;
}
this.Text = "Loading... : " + pNewTitle;
}
});
};
MemoryStream memstream = new MemoryStream(File.ReadAllBytes(pFilename));
BinaryReader br = new BinaryReader(memstream);
{
SetTitleBar("Loading File");
var filetype = Encoding.ASCII.GetString(br.ReadBytes(2));
DLOG.WriteLine("[DEBUG] File Type: {0}", filetype);
if (filetype != "MZ")
{
MessageBox.Show("Not an executable file?");
return;
}
br.BaseStream.Position = 0x3C; // e_lfanew
var NTHeadersStart = br.ReadInt32();
DLOG.WriteLine("NT headers start at {0:X8}", NTHeadersStart);
br.BaseStream.Position = NTHeadersStart;
br.BaseStream.Position += 0x34; // Image Base
FileOffset = br.ReadUInt32();
br.BaseStream.Position += 4; // Skip Section Alignment, get File Alignment
FileAlignment = br.ReadUInt32();
DLOG.WriteLine("[DEBUG] File has Alignment of {0:X8}", FileAlignment);
if (FileAlignment != 0x1000)
{
FileOffset += 0x1000 + (FileAlignment * 2);
}
DLOG.WriteLine("[DEBUG] Current File Offset {0:X8}", FileOffset);
}
{
SetTitleBar("Searching for Packet Handlers");
DataTable dt = new DataTable("FileStrings");
dt.Columns.Add("Address", typeof(string)).ReadOnly = true;
dt.Columns.Add("Handler Function Address", typeof(string)).ReadOnly = true;
dt.Columns.Add("Opcode Range", typeof(string)).ReadOnly = true;
var AddHandlerRow = (Action <int, int, ushort, ushort>) delegate(int pAddr, int pHandlerAddr, ushort pOpStart, ushort pOpEnd)
{
string val1 = (pAddr + FileOffset).ToString("X8"), val2 = (pHandlerAddr + FileOffset).ToString("X8"), val3;
if (pHandlerAddr + FileOffset == 0)
{
val2 = "Unknown";
}
if (pOpStart != pOpEnd)
{
val3 = string.Format("{0:X4} - {1:X4} ({0} - {1})", pOpStart, pOpEnd);
}
else
{
val3 = string.Format("{0:X4} ({0})", pOpStart);
}
dt.Rows.Add(val1, val2, val3);
};
{
byte[] FindCompareLowerHigher = ByteStringToArray(
"3D AA AA 00 00" +
"7C 1B" + // Lower Than
"3D AA AA 00 00" +
"7F 14" // Higher Than
);
uint curpoozzz = 1000;
while (FindAoBInFile(br, curpoozzz, FindCompareLowerHigher, 0xAA, true))
{
br.ReadByte();
int min = br.ReadInt32();
br.ReadInt16();
br.ReadByte();
int max = br.ReadInt32();
//AddHandlerRow((int)br.BaseStream.Position, (ushort)min, (ushort)max);
curpoozzz = (uint)br.BaseStream.Position;
}
}
{
ushort currentOpcode = 0;
ushort result = 0;
var GetDerpAction = (Func <bool>) delegate
{
result = 0;
byte action = br.ReadByte();
if (action == 0x81) // substract (int?)
{
br.ReadByte();
ushort sub = (ushort)br.ReadInt32();
if (currentOpcode == 0)
{
result = sub;
}
else
{
result = (ushort)(currentOpcode + sub);
}
ushort action2 = br.ReadUInt16();
if (action2 == 0x840F) // Jump Equal Zero
{
int offset = br.ReadInt32();
AddHandlerRow((int)br.BaseStream.Position, offset + (int)br.BaseStream.Position, result, result);
return(true);
}
}
else if (action == 0x83) // substract (byte)
{
br.ReadByte();
ushort sub = (ushort)br.ReadByte();
if (currentOpcode == 0)
{
result = sub;
}
else
{
result = (ushort)(currentOpcode + sub);
}
ushort action2 = br.ReadUInt16();
if (action2 == 0x840F) // Jump Equal Zero
{
int offset = br.ReadInt32();
AddHandlerRow((int)br.BaseStream.Position, offset + (int)br.BaseStream.Position, result, result);
return(true);
}
else if (action2 % 0x100 == 0x0074) // Jump Equal Zero (byte jump)
{
int offset = br.ReadSByte();
AddHandlerRow((int)br.BaseStream.Position, offset + (int)br.BaseStream.Position, result, result);
return(true);
}
}
else if (action == 0x4A) // Decrease with 1
{
// O.o
if (currentOpcode == 0)
{
result = 1;
}
else
{
result = (ushort)(currentOpcode + 1);
}
ushort action2 = br.ReadUInt16();
if (action2 == 0x840F) // Jump Equal Zero
{
int offset = br.ReadInt32();
AddHandlerRow((int)br.BaseStream.Position, offset + (int)br.BaseStream.Position, result, result);
return(true);
}
}
else if (action == 0x48) // Decrease with 1 (byte?)
{
// O.o
if (currentOpcode == 0)
{
result = 1;
}
else
{
result = (ushort)(currentOpcode + 1);
}
while (br.ReadByte() == 0x48)
{
result += 1;
}
br.BaseStream.Position -= 1;
int offset = CalculateAddressLocation(br);
AddHandlerRow((int)br.BaseStream.Position, offset - (int)FileOffset, result, result);
return(true);
}
return(false);
};
byte[] FindBigIF = ByteStringToArray(
"8B AA" + // Moving
"81 EA AA AA 00 00" // Substract value from register (min)
);
uint curpoozzz = 1000;
while (FindAoBInFile(br, curpoozzz, FindBigIF, 0xAA, true))
{
br.ReadInt16();
while (GetDerpAction())
{
DLOG.WriteLine("Found something @ {0:X8}: {1:X4}", br.BaseStream.Position + FileOffset, result);
currentOpcode = result;
}
curpoozzz = (uint)br.BaseStream.Position;
}
byte[] FindSmallIF = ByteStringToArray(
"8B AA" + // Moving
"83 E8 AA" // Substract value from register (min) (small)
);
currentOpcode = 0;
curpoozzz = 1000;
while (FindAoBInFile(br, curpoozzz, FindSmallIF, 0xAA, true))
{
br.ReadInt16();
while (GetDerpAction())
{
DLOG.WriteLine("Found something @ {0:X8}: {1:X4}", br.BaseStream.Position + FileOffset, result);
currentOpcode = result;
}
curpoozzz = (uint)br.BaseStream.Position;
}
}
{
/**
*
* Switches en Jump Tables. Leuke dingen
* Wat er eerst gebeurt:
* - Switch value - minimum ( LEA register, [value - minimum] ) (signed)
* - Kijken of deze iig niet boven X is en lager dan 0 (CMP + JA)
* - Zowel: ga naar address, aangegeven door waarde van JA
* - Zoniet: ga verder en JUMP met Offset + (register * 4) (dus zal dus bij register = 3, 3 * 4 = 12, 12 bytes verder
* dan de offset van de jumptable kijken; een offset van de switch case)
* | Note 1: Jumptables hebben voor missende cases gewoon een case toegevoegt -> de default case
* | Note 2: Het zal _nooit_ voorkomen dat er 1 mist. Anders crasht de app lol.
*
* */
// Signed check
byte[] FindSwitch = ByteStringToArray(
"8D AA AA" + // LEA
"83 AA AA" + // Compare value with last byte
"0F 87 AA AA 00 00" + // Default Jump (jump if set), addr offset last 4 bytes
"FF 24 95 AA AA AA AA" // Jump Table Location
);
uint curpoozzz = 1000;
while (FindAoBInFile(br, curpoozzz, FindSwitch, 0xAA, true))
{
br.ReadByte();
br.ReadByte();
byte minus = 0;
var tmpMinus = br.ReadSByte();
minus = (byte)Math.Abs(tmpMinus);
br.ReadByte();
br.ReadByte();
byte aantal = br.ReadByte();
br.ReadByte();
br.ReadByte();
int jumpOffset1 = br.ReadInt32() + (int)br.BaseStream.Position;
br.ReadInt16();
br.ReadByte();
int jumpTable = br.ReadInt32() - (int)FileOffset;
var tmp = br.BaseStream.Position;
for (int i = 0; i < aantal; i++)
{
ushort realcaseval = (ushort)(minus + i);
br.BaseStream.Position = jumpTable + (i * 4);
int realAddr = (int)(br.ReadInt32() - FileOffset);
if (realAddr != jumpOffset1)
{
// Is a real case; not default
br.BaseStream.Position = realAddr;
int chkval = br.ReadInt32();
if ((uint)chkval == 0x830C75FF) // Normal
{
br.ReadInt16();
}
else if ((uint)chkval == 0x8B0C75FF) // Special 1
{
AddHandlerRow(realAddr, (int)(0 - FileOffset), realcaseval, realcaseval);
DLOG.WriteLine("Special 1 {0:X2} {1:X8}", realcaseval, br.BaseStream.Position + FileOffset);
continue;
}
else
{
DLOG.WriteLine("??? {0:X2} {1:X8}", realcaseval, br.BaseStream.Position + FileOffset);
break;
}
int handlerAddr = CalculateAddressLocation(br);
AddHandlerRow(realAddr, handlerAddr - (int)FileOffset, realcaseval, realcaseval);
}
else
{
DLOG.WriteLine("Switch case {0:X2} is not used here! {1:X8}", realcaseval, br.BaseStream.Position + FileOffset);
}
}
DLOG.WriteLine("Found switch. Min: {0:X2} ({0}) Max: {1:X2} ({1}) MinMaxCheckFailAddr: {2:X8} Addr: {3:X8}", minus, minus + aantal, jumpOffset1 + FileOffset, br.BaseStream.Position + FileOffset);
curpoozzz = (uint)tmp;
}
}
this.Invoke((MethodInvoker) delegate
{
dgvRecv.DataSource = dt;
});
}
AddNewFile(pFilename);
loadThread = null;
}
catch (Exception ex)
{
DLOG.WriteLine("EXC: Exception written to exlog.txt!");
MessageBox.Show(ex.ToString());
File.AppendAllText("exlog.txt", "---- " + DateTime.Now + " --" + "\r\n");
File.AppendAllText("exlog.txt", "--------------Exception--------------\r\n" + ex.ToString() + "\r\n\r\n\r\n\r\n");
}
}
public static void LoadIPs(ProcessStream ps)
{
_ips.Clear();
/*
* {
* long _start = 0x10000;
* while (true)
* {
* long _derp = Extension.FindAoB(ps.pHandle, _start, IPAoB_3);
* if (_derp == 0) break;
* ps.Position = _derp - 10;
* _start = _derp + IPAoB_3.Length;
* DLOG.WriteLine("IP?");
* DLOG.WriteLine(ps.ReadBytes(20));
* }
* _start = 0x10000;
* while (true)
* {
* long _derp = Extension.FindAoB(ps.pHandle, _start, IPAoB_4);
* if (_derp == 0) break;
* ps.Position = _derp;
* _start = _derp + IPAoB_4.Length;
* DLOG.WriteLine("PORT?");
* DLOG.WriteLine(ps.ReadBytes(10));
* }
* }
*/
int mode = 0;
ushort port = 0;
long posCurrent = 0x0010EEE8;
DLOG.WriteLine("SEEKING IPS");
DLOG.WriteLine("[INFO] Mode 1");
long addr = Extension.FindAoB(ps.pHandle, posCurrent, IPAoB_1);
if (addr != 0)
{
mode = 1;
goto LoadEm;
}
DLOG.WriteLine("[INFO] Mode 2");
addr = Extension.FindAoB(ps.pHandle, posCurrent, IPAoB_2);
if (addr != 0)
{
mode = 2;
ps.Position = addr - 4;
port = (ushort)ps.ReadInt();
goto LoadEm;
}
return;
LoadEm:
DLOG.WriteLine("Loading IPs");
posCurrent = addr;
for (int i = 0; ; i++)
{
string ip = "";
addr = Extension.FindAoB(ps.pHandle, posCurrent, IPAoB_1);
if (addr != 0)
{
if (addr - posCurrent > IPAoB_1.Length + 10)
{
DLOG.WriteLine("Broke with len size");
return;
}
ps.Position = addr;
if (mode == 1)
{
ps.ReadByte(); // Push
ps.ReadInt(); // Port
ps.ReadByte(); // Push
ps.ReadInt(); // IP (string)
ps.ReadByte(); // Move ECX
long store_addr = ps.ReadInt(); // location
long tmp = ps.Position;
store_addr += 2; // First 2 aren't needed (is 2 lol)
ps.Position = store_addr;
port = ps.ReadUShort();
ip = new System.Net.IPAddress(ps.ReadBytes(4)).ToString();
_ips.Add(new object[] { store_addr, ip, port });
ps.Position = tmp;
}
else if (mode == 2)
{
ps.ReadByte(); // Push port
ps.ReadByte(); // Push
ps.ReadInt(); // IP
ps.ReadByte(); // Move ECX
long store_addr = ps.ReadInt(); // location
long tmp = ps.Position;
store_addr += 2; // First 2 aren't needed (is 2 lol)
ps.Position = store_addr;
port = ps.ReadUShort();
ip = new System.Net.IPAddress(ps.ReadBytes(4)).ToString();
_ips.Add(new object[] { store_addr, ip, port });
ps.Position = tmp;
}
DLOG.WriteLine("{0}:{1} added", ip, port);
posCurrent = ps.Position;
}
else
{
break;
}
}
DLOG.WriteLine("Found {0} ips!", _ips.Count);
}
/*
* static List<IntPtr> processes = new List<IntPtr>();
*
* static void Main(string[] args)
* {
* while (true)
* {
* IntPtr[] d = Memory.FindWindowsByProcessName("MapleStory.exe");
* if (d != null)
* {
* foreach (var proc in d)
* {
* if (!processes.Contains(proc))
* {
* processes.Add(proc);
* MapleBypass.Injector.RemoveMutex(proc.ToInt32());
* }
* }
* }
* System.Threading.Thread.Sleep(1000);
* }
* }
*/
static void Main(string[] args)
{
Console.Title = "STREDIT - CONSOLE";
Change ch;
bool runAndSave = false;
if (args.Length >= 1 && System.IO.File.Exists(args[0]))
{
runAndSave = args.Length >= 2;
ch = Change.Load(args[0]);
}
else
{
ch = new Change();
}
IntPtr processID;
while (true)
{
processID = Memory.FindWindowByTitle("MapleStory");
if (processID == IntPtr.Zero)
{
processID = Memory.FindWindowByProcessName("MapleStory.exe");
}
if (processID == IntPtr.Zero)
{
processID = Memory.FindWindowByClassName("MapleStoryClass");
}
if (processID != IntPtr.Zero)
{
break;
}
DLOG.WriteLine("Couldn't find MapleStory client. Waiting 2 seconds");
System.Threading.Thread.Sleep(2000);
}
DLOG.WriteLine("Found client!");
ProcessStream ps = new ProcessStream(processID);
IntPtr handle = ps.pHandle;
/*
* {
* using (
* MemoryStream mem = new MemoryStream())
* {
* BinaryWriter bw = new BinaryWriter(mem);
* ps.Position = 0;
* long MaxAddress = 0x7fffffff;
* long address = 0;
* long data = 0;
* do
* {
* MEMORY_BASIC_INFORMATION m;
* int result = Extension.VirtualQuery_(System.Diagnostics.Process.GetCurrentProcess().Handle, address, out m);
* ps.Position = 0;
* Console.WriteLine("{0}-{1} : {2} bytes {3}", m.BaseAddress, (uint)m.BaseAddress + (uint)m.RegionSize - 1, m.RegionSize,(AllocationProtect)m.AllocationProtect);
*
* byte[] dijefoihew = ps.ReadBytes(10);
*
* data += m.RegionSize.ToInt32();
*
* if (address == (long)m.BaseAddress + (long)m.RegionSize)
* break;
* address = (long)m.BaseAddress + (long)m.RegionSize;
* } while (address <= MaxAddress);
* Console.WriteLine(data);
* byte[] buff = new byte[bw.BaseStream.Length];
* bw.BaseStream.Read(buff, 0, buff.Length);
* File.WriteAllBytes("dump.exe", buff);
* }
* }
*/
{
byte[] key;
int amount, keypos;
int _strings_start = 0x7FFFFFFF, _strings_end = 0;
Searchers.FindDecodeFunction.Find(ps, out key, out amount, out keypos);
DLOG.WriteLine("Amount of keys: {0}, starting @ {1:X8}", amount, keypos);
DLOG.WriteLine(key);
DLOG.WriteLine();
{
for (int i = 0; i < amount; i++)
{
bool isBstr;
int tmp1, tmp2;
string result = Extension.DecodeString(ps, key, keypos + (i * 4), out isBstr, out tmp1, out tmp2);
_strings.Add(new object[] { result, isBstr });
if (tmp1 < _strings_start)
{
_strings_start = tmp1;
}
if (tmp2 > _strings_end)
{
_strings_end = tmp2;
}
}
Console.Clear();
Searchers.FindIPs.LoadIPs(ps);
DLOG.WriteLine("STREDIT Console - Ready!");
DLOG.WriteLine("Loaded {0} strings.", _strings.Count);
}
DLOG.WriteLine();
if (runAndSave)
{
foreach (var kvp in ch.Changed)
{
_strings[kvp.Key][0] = kvp.Value;
}
int currentOffset = 0;
int i = 0;
foreach (object[] kv in _strings)
{
currentOffset += Extension.WriteString(ps, key, keypos + (i * 4), _strings_start + currentOffset, (string)kv[0], (bool)kv[1]);
i++;
}
}
else
{
while (true)
{
string cmd = Console.ReadLine();
string[] cmd_args = cmd.Split(' ');
if (cmd_args.Length >= 1)
{
switch (cmd_args[0])
{
case "edit":
case "write":
{
int id = int.Parse(cmd_args[1]);
string val = string.Join(" ", cmd_args, 2, cmd_args.Length - 2);
if (id < _strings.Count)
{
_strings[id][0] = val;
if (!ch.Changed.ContainsKey(id))
{
ch.Changed.Add(id, val);
}
ch.Changed[id] = val;
DLOG.WriteLine("Set value for {0} to {1}", id, val);
}
break;
}
case "read":
case "get":
{
int id = int.Parse(cmd_args[1]);
if (id < _strings.Count)
{
DLOG.WriteLine("Value of {0}: {1}", id, _strings[id][0]);
}
break;
}
case "save":
{
DLOG.WriteLine("Saving");
int currentOffset = 0;
int i = 0;
foreach (object[] kv in _strings)
{
currentOffset += Extension.WriteString(ps, key, keypos + (i * 4), _strings_start + currentOffset, (string)kv[0], (bool)kv[1]);
i++;
}
DLOG.WriteLine("Done");
break;
}
case "dump":
{
DLOG.WriteLine("Saving to dump.txt...");
string dmp = "";
int i = 0;
foreach (object[] kv in _strings)
{
dmp += string.Format("{0,-6} - {1}\r\n", i, kv[0]);
i++;
}
File.WriteAllText("dmp.txt", dmp);
DLOG.WriteLine("Done");
break;
}
case "savexml":
{
DLOG.WriteLine("Saving to XML...");
ch.Save("change.xml");
DLOG.WriteLine("Done");
break;
}
case "editips":
{
string ip = cmd_args[1];
System.Net.IPAddress o;
if (System.Net.IPAddress.TryParse(ip, out o))
{
foreach (var k in Searchers.FindIPs._ips)
{
// new object[] { store_addr, ip, port }
ps.Position = (long)k[0];
DLOG.WriteLine(ps.ReadBytes(0x10));
ps.Position = (long)k[0];
byte[] port = BitConverter.GetBytes((ushort)k[2]);
//Array.Reverse(port);
ps.WriteMemory(port);
ps.WriteMemory(o.GetAddressBytes()); // IP
ps.Position = (long)k[0];
DLOG.WriteLine(ps.ReadBytes(0x10));
}
}
else
{
DLOG.WriteLine("Incorrect IP entered!");
}
break;
}
case "loadips":
{
Searchers.FindIPs.LoadIPs(ps);
break;
}
}
}
}
}
}
}
