static void Main(string[] args)
{
Mem = new ProcessMemory("csgo");
if (Mem.CheckProcess())
{
Mem.StartProcess();
}
Thread Updater = new Thread(Read.Start);
Updater.Start();
Thread Bunny = new Thread(BunnyHop.Start);
Bunny.Start();
Thread Glow = new Thread(Visuals.startGlow);
Glow.Start();
Thread Trigger = new Thread(TriggerBot.Start);
Trigger.Start();
}
private void StartHook()
{
Log.Message("StartHook [" + Settings.ProcessName + "]");
this.memory = new ProcessMemory(Settings.ProcessName, 0);
memory.StartProcess();
if (memory.CheckProcess() == false)
{
Log.Message("Process not found: " + Settings.ProcessName);
}
this.keyboardHook = new Hook("InputManager");
keyboardHook.KeyDownEvent += OnKeyPressed;
}
private static void checkMemoryAddr(ProcessMemory Mem, int addr, string tomatch)
{
int size = tomatch.Length;
if (!Mem.CheckProcess())
{
Log.WriteLog("ERROR: Failed to read memory. addr=0x0" + String.Format("{0:X}", addr) + " size=" + size + " tomatch=" + tomatch);
}
string memoryval = Mem.ReadStringAscii(addr, size);
if (!memoryval.Equals(tomatch))
{
Log.WriteLog("Memory modification detected!");
Log.WriteLog("Address: 0x0" + String.Format("{0:X}", addr) + ", Size: " + size + ", Should contain: " + tomatch);
Log.WriteLog("Contains: " + memoryval);
Log.WriteLog(" ");
g_iCleanGame++;
}
}
static void Main(string[] args)
{
ProcessMemory vam = new ProcessMemory("ac_client");
if (vam.CheckProcess())
{
vam.StartProcess();
}
int LocalPlayer = vam.ReadInt(localBase);
while (true)
{
int addressHealth = LocalPlayer + health;
vam.WriteInt(addressHealth, 9999999);
Thread.Sleep(100);
}
}
static void Loop(object e)
{
if (Process.GetProcessesByName("Discord").Length > 0 && PPT.CheckProcess())
{
SetPresence(true);
PPT.TrustProcess = true;
RichPresence GameState = GetState(out bool success);
if (success)
{
Presence.SetPresence(GameState);
}
PPT.TrustProcess = false;
}
else
{
SetPresence(false);
}
}
public static bool CheckProcess() => Game.CheckProcess();
private bool DoPatch64Bit(string appExe, string dllName)
{
ProcessMemory Mem = new ProcessMemory(appExe);
if (!Mem.CheckProcess())
{
//"Is Running ?"
return(false);
}
else
{
Mem.StartProcess();
}
byte[] buff;
IntPtr baseoffset;
IntPtr offset;
baseoffset = Mem.DllImageAddress(dllName);
offset = baseoffset + 23704519;
buff = Mem.ReadMem(offset, 3);
if (!(buff[0] == 0xC6 && buff[1] == 0x00 && buff[2] == 0x24))
{
//"Not Found!"
return(false);
}
buff[0] = 0x90;
buff[1] = 0x90;
buff[2] = 0x90;
Mem.WriteMem(offset, buff);
offset = baseoffset + 23704541;
buff = Mem.ReadMem(offset, 5);
if (!(buff[0] == 0xC6 && buff[1] == 0x44 && buff[2] == 0x08 && buff[3] == 0xFF))
{
//"Not Found!"
return(false);
}
buff[0] = 0x90;
buff[1] = 0x90;
buff[2] = 0x90;
buff[3] = 0x90;
buff[4] = 0x90;
Mem.WriteMem(offset, buff);
offset = baseoffset + 22128914;
buff = Mem.ReadMem(offset, 2);
if (!(buff[0] == 0x74 && buff[1] == 0x03))
{
//"Not Found!"
return(false);
}
buff[0] = 0xEB;
Mem.WriteMem(offset, buff);
offset = baseoffset + 22129554;
buff = Mem.ReadMem(offset, 4);
if (!(buff[0] == 0x0F && buff[1] == 0x85 && buff[2] == 0xB5 && buff[3] == 0x03))
{
//"Not Found!"
return(false);
}
buff[2] = 0x00;
buff[3] = 0x00;
Mem.WriteMem(offset, buff);
offset = baseoffset + 22128738;
buff = Mem.ReadMem(offset, 2);
if (!(buff[0] == 0x74 && buff[1] == 0x03))
{
//"Not Found!"
return(false);
}
buff[0] = 0xEB;
Mem.WriteMem(offset, buff);
offset = baseoffset + 22128504;
buff = Mem.ReadMem(offset, 2);
if (!(buff[0] == 0x74 && buff[1] == 0x03))
{
//"Not Found!"
return(false);
}
buff[0] = 0xEB;
Mem.WriteMem(offset, buff);
offset = baseoffset + 23735088;
buff = Mem.ReadMem(offset, 8);
if (!(buff[0] == 0x41 && buff[1] == 0x80 && buff[2] == 0xBD && buff[3] == 0xC4 && buff[4] == 0x02))
{
//"Not Found!"
return(false);
}
buff[1] = 0xC6;
buff[2] = 0x85;
buff[7] = 0x01;
Mem.WriteMem(offset, buff);
offset = baseoffset + 23735096;
buff = Mem.ReadMem(offset, 5);
if (!(buff[0] == 0x0F && buff[1] == 0x85 && buff[2] == 0xAB && buff[3] == 0x00 && buff[4] == 0x00))
{
//"Not Found!"
return(false);
}
buff[0] = 0x90;
buff[1] = 0xE9;
Mem.WriteMem(offset, buff);
return(true);
}
public static void VerifySomeMemoryStuff()
{
try {
ProcessMemory Mem = new ProcessMemory("gta_sa");
if (!g_bGTASAStarted)
{
return;
}
while (!Mem.CheckProcess() && g_bGTASAStarted)
{
ProcessMemory Mem2 = new ProcessMemory("samp");
if (!Mem.CheckProcess())
{
// SA-MP browser is closed.
whenGameStopped(4039);
}
Thread.Sleep(5000);
// Wait for GTA SA to be launched. (only sa-mp server browser is open at this time.)
}
// Wait a second just in case the game isn't initialized yet.
Thread.Sleep(1000);
// YAY!
// now we need to read some memory addresses!
if (Mem.StartProcess())
{
// public static void checkMemoryAddr(ProcessMemory Mem, int addr, string tomatch)
checkMemoryAddr(Mem, 0x085C718, @"ANIM\PED.IFP");
checkMemoryAddr(Mem, 0x086AA28, @"DATA\WEAPON.DAT");
checkMemoryAddr(Mem, 0x0869668, @"DATA\CARMODS.DAT");
checkMemoryAddr(Mem, 0x086A7F4, @"DATA\ANIMGRP.DAT");
checkMemoryAddr(Mem, 0x086AAB4, @"DATA\melee.dat");
checkMemoryAddr(Mem, 0x08671F8, @"DATA\CLOTHES.DAT");
checkMemoryAddr(Mem, 0x0869B20, @"DATA\OBJECT.DAT");
checkMemoryAddr(Mem, 0x0863A90, @"DATA\DEFAULT.DAT");
checkMemoryAddr(Mem, 0x0864318, @"data\surface.dat");
checkMemoryAddr(Mem, 0x0863B10, @"DATA\GTA.DAT");
checkMemoryAddr(Mem, 0x0872148, @"DATA\water.dat");
checkMemoryAddr(Mem, 0x0872158, @"DATA\water1.dat");
checkMemoryAddr(Mem, 0x086AF80, @"data\furnitur.dat");
checkMemoryAddr(Mem, 0x0867014, @"data\procobj.dat");
checkMemoryAddr(Mem, 0x086A964, @"HANDLING.CFG");
checkMemoryAddr(Mem, 0x086A778, @"TIMECYC.DAT");
checkMemoryAddr(Mem, 0x086A698, @"DATA\PEDSTATS.DAT");
checkMemoryAddr(Mem, 0x086A648, @"MODELS\FONTS.TXD");
checkMemoryAddr(Mem, 0x086A51C, @"models\coll\peds.col");
checkMemoryAddr(Mem, 0x0863F80, @"DATA\STATDISP.DAT");
checkMemoryAddr(Mem, 0x0863FA0, @"DATA\AR_STATS.DAT");
checkMemoryAddr(Mem, 0x0864DB4, @"data\surfinfo.dat");
// added v1.4
checkMemoryAddr(Mem, 0x08E4318, @"SAMP\CUSTOM.IMG");
checkMemoryAddr(Mem, 0x08E4398, @"MODELS\GTA3.IMG");
checkMemoryAddr(Mem, 0x08E43D8, @"MODELS\GTA_INT.IMG");
checkMemoryAddr(Mem, 0x08E44D8, @"MODELS\PLAYER.IMG");
checkMemoryAddr(Mem, 0x08E40D8, @"AUDIO\SFX\FEET");
checkMemoryAddr(Mem, 0x08E4118, @"AUDIO\SFX\GENRL");
checkMemoryAddr(Mem, 0x08E4158, @"AUDIO\SFX\PAIN_A");
checkMemoryAddr(Mem, 0x08E4198, @"AUDIO\SFX\SCRIPT");
checkMemoryAddr(Mem, 0x08E41D8, @"AUDIO\SFX\SPC_EA");
checkMemoryAddr(Mem, 0x08E4218, @"AUDIO\SFX\SPC_FA");
checkMemoryAddr(Mem, 0x08E4258, @"AUDIO\SFX\SPC_GA");
checkMemoryAddr(Mem, 0x08E4298, @"AUDIO\SFX\SPC_NA");
checkMemoryAddr(Mem, 0x08E42D8, @"AUDIO\SFX\SPC_PA");
checkMemoryAddr(Mem, 0x08E4358, @"SAMP\SAMP.IMG");
checkMemoryAddr(Mem, 0x08E4418, @"SAMP\SAMPCOL.IMG");
checkMemoryAddr(Mem, 0x08E4458, @"DATA\SCRIPT\SCRIPT.IMG");
checkMemoryAddr(Mem, 0x08E4498, @"MODELS\CUTSCENE.IMG");
checkMemoryAddr(Mem, 0x08E48D8, @"SAMP\CUSTOM.IMG");
checkMemoryAddr(Mem, 0x08E4908, @"SAMP\SAMP.IMG");
checkMemoryAddr(Mem, 0x08E4938, @"MODELS\GTA3.IMG");
checkMemoryAddr(Mem, 0x08E4968, @"MODELS\GTA_INT.IMG");
checkMemoryAddr(Mem, 0x08E4998, @"SAMP\SAMPCOL.IMG");
checkMemoryAddr(Mem, 0x08E49C8, @"DATA\SCRIPT\SCRIPT.IMG");
checkMemoryAddr(Mem, 0x08E49F8, @"MODELS\CUTSCENE.IMG");
checkMemoryAddr(Mem, 0x08E4A28, @"MODELS\PLAYER.IMG");
}
} catch (Exception e) {
Log.WriteLog(e.ToString());
}
}
public static void checkGame(int gameId, string gamePath)
{
try {
// If we didn't start SA-MP, return.
if(gameId != 4039) return;
// Initiatre our ProcessMemory objects for address checking
ProcessMemory Mem = new ProcessMemory("gta_sa");
ProcessMemory Mem2 = new ProcessMemory("samp");
// if GTASA and sa-mp browser are started then
if(Mem != null && Mem2 != null) {
do {
if(!Mem2.CheckProcess()) {
// SA-MP browser is closed, end our checking.
whenGameStopped(4039);
return;
}
Thread.Sleep(5000);
// Wait for GTA SA to be launched. (only sa-mp server browser is open at this time.)
} while(!Mem.CheckProcess());
}
#if !debug
try {
if(File.Exists(g_szLogFilePath) && !File.Exists(g_szLogFilePath + "123")) {
if(Cryptology.DecryptFile(g_szLogFilePath, g_szLogFilePath + "123", "password removed for public src release")) {
if(File.Exists(g_szLogFilePath)) {
File.Delete(g_szLogFilePath);
}
}
}
} catch(Exception) { }
#endif
string file = "";
// Remove samp.exe from our path, so we can get the GTA directory, might cause problems if for some reason players have "samp.exe" in the path
file = gamePath.Replace("samp.exe", "");
g_szWireGamePath = file;
string path = "";
// check what the registry says about the GTA Directory.
var path2 = Registry.GetValue("HKEY_CURRENT_USER\\Software\\SAMP", "gta_sa_exe", "");
// NOTE: if path2 is null, then there are 3 things that could be true, either sa-mp isn't installed, the Registry is disabled, or a firewall blocked it
if(path2 != null) {
path = path2.ToString();
// check if the path is valid.
if(path.Length > 3) {
// Remove "gta_sa.exe" from our file path.
if(path.LastIndexOf("\\") > 0) {
int index = path.LastIndexOf("\\");
path = path.Substring(0, index + 1);
}
// the sa-mp.exe launch path doesn't match the one found in registry, the one in registry is the one actually used by the SA-MP browser, so ignore ESL Wire path.
if(!path.Equals(file)) {
file = path;
Log.WriteLog(" -> Warning: game path from ESL Wire doesn't match SA-MP GTA Path from registry, checking registry path and ignoring ESL Wire path");
Log.WriteLog(" ESL Wire Path: " + gamePath);
Log.WriteLog(" Path in registry: " + file);
Log.WriteLog(" ");
}
}
}
int bAddr = -1;
do {
Process[] p = Process.GetProcessesByName("gta_sa");
int idx = 0;
// hopefully there is only 1 gta_sa.exe started!
foreach(Process proc in p) {
idx++;
if(proc != null) {
// weird restart loop incase getting process filename fails below.
// if it fails it will usually work the 2nd time, and if not the 2nd time, the 3rd.
// if not the 3rd, then the 4th, if not the 4th, then etc..
bool restart = false;
do {
restart = false;
try {
string s = Misc.getProcessPath(proc);
if(File.Exists(s)) {
path = s;
}
} catch(Exception e) {
Log.WriteLog(e.ToString());
try {
if(File.Exists(proc.MainModule.FileName)) {
path = proc.MainModule.FileName;
}
} catch(Exception ee) {
// really now?
Log.WriteLog(ee.ToString());
restart = true;
Thread.Sleep(500);
}
}
} while(restart);
// Get the directory path, remove gta_sa.exe.
if(path.Length > 3) {
if(path.LastIndexOf("\\") > 0) {
int index = path.LastIndexOf("\\");
path = path.Substring(0, index + 1);
}
}
g_bGTASAStarted = true;
Log.WriteLog("gta_sa.exe launched from: " + path2);
Log.WriteLog(" ");
g_szGTASaPath = path;
do {
restart = false;
try {
// get base address for samp.dll
bAddr = Modules.GetModuleBaseAddress(proc, "samp.dll");
} catch(Exception e) {
restart = true;
Log.WriteLog("Getting samp.dll offset error:");
Log.WriteLog(e.ToString());
Thread.Sleep(500);
}
}
while(restart);
}
// it's ok, we've prepared for more than 1 gta.
if(idx > 1) {
proc.Kill();
g_bGTASAStarted = false;
}
}
Thread.Sleep(500);
} while(!g_bGTASAStarted);
g_bGTASAStarted = true;
g_iCleanGame = 0;
// samp.dll +
/*
* 0x20D77D - ip
* 0x20D87E - port
* 0x20D97F - name
*
* (it'd be better to just read command line, and would be compatable with all sa-mp versions then, these are 0.3e addresses.)
* */
if(Mem.StartProcess()) {
// get connected server IP and player name.
string ip = Mem.ReadStringAscii(bAddr + 0x020D77D, 30);
string port = Mem.ReadStringAscii(bAddr + 0x020D87E, 10);
string name = Mem.ReadStringAscii(bAddr + 0x020D97F, 24);
Log.WriteLog("Connected Server: " + ip + ":" + port + " as " + name);
Log.WriteLog("Attempting to Query server...");
// get time stamp to calculate our ping.
DateTime p = DateTime.Now;
bool restart = false;
do {
restart = false;
try {
// use sa-mp server query mechanism
Query sQuery = new Query(ip, int.Parse(port));
sQuery.Send('i');
int count = sQuery.Recieve();
string[] info = sQuery.Store(count);
DateTime pp = DateTime.Now;
TimeSpan ts = pp - p;
Log.WriteLog("Successfully contacted server. (ping: " + ts.Milliseconds + ")");
Log.WriteLog("Hostname: " + info[3]);
Log.WriteLog("Gamemode: " + info[4]);
Log.WriteLog("Players: " + info[1]);
Log.WriteLog(" ");
sQuery.Send('d');
count = sQuery.Recieve();
info = sQuery.Store(count);
int i = 0;
for(int j = 0; j < info.Length-2; ++j) {
// still don't understand how this works, but it does!
if(i == 0) {
Log.WriteLog("PlayerID: " + info[j] + " || PlayerName: " + info[j+1]);
}
i++;
if(i == 4) i = 0;
}
Log.WriteLog(" ");
} catch(System.IndexOutOfRangeException) {
Log.WriteLog("** Failed to get player list.");
} catch(System.FormatException) {
Log.WriteLog("Failed to contact SA-MP server");
Log.WriteLog("** Game not initialized, retrying...");
restart = true;
Thread.Sleep(1000);
} catch(Exception e) {
Log.WriteLog("Failed to contact SA-MP server - " + ip + ":" + port + " as " + name);
Log.WriteLog(e.ToString());
}
} while(restart);
}
// Check game integrity
checkGameFiles( g_szGTASaPath );
// check some memory addresses to make sure the file path for the data files hasn't been changed.
Memory.VerifySomeMemoryStuff();
// Show results.
Log.WriteLog("Strange files in GTA SA Path: ");
Log.WriteLog(" ");
// paste all files in GTA SA path that aren't part of the original game.
gtadir(g_szGTASaPath);
Log.WriteLog(" ");
if(g_iCleanGame == 0) {
Log.WriteLog("VERDICT: Game is clean!");
} else {
if(g_iCleanGame > 1) {
Log.WriteLog("VERDICT: Detected " + g_iCleanGame + " inconsistencies");
} else {
Log.WriteLog("VERDICT: Detected " + g_iCleanGame + " inconsistency");
}
}
Log.WriteLog(" ");
// check again in 15 minutes
aTimer.Enabled = true;
//#if !debug
// encrypt our log file and delete the original .txt we where writing plain text too.
if(File.Exists(g_szLogFilePath + "123") && !File.Exists(g_szLogFilePath)) {
g_szLogFileMD5 = MD5file(g_szLogFilePath + "123");
if(Cryptology.EncryptFile(g_szLogFilePath + "123", g_szLogFilePath, "password removed for public src release")) {
if(File.Exists(g_szLogFilePath + "123")) {
File.Delete(g_szLogFilePath + "123");
}
}
}
//#endif
return;
} catch(Exception e) { Log.WriteLog(e.ToString()); }
}
public override void init()
{
setIcon("gtasa.gif");
setTooltip("SA-MP Anti-Cheat Extension plugin.");
Wire.GameInterface gi = Wire.InterfaceFactory.gameInterface();
gi.GameStarted += new Wire.GameInterface.GameStartedHandler(checkGame);
gi.GameStopped += new Wire.GameInterface.GameStoppedHandler(whenGameStopped);
gi.MatchStarted += new Wire.GameInterface.MatchStartedHandler(onMatchStarted);
gi.MatchEnded += new Wire.GameInterface.MatchEndedHandler(onMatchEnded);
// Set our repeating timer to re-check files after 10 minutes.
aTimer.Elapsed +=new ElapsedEventHandler(checkGameRepeat);
aTimer.Interval = 600000;
// Get our random file path name.
g_szLogFilePath = System.IO.Path.GetTempPath() + Guid.NewGuid().ToString() + ".txt";
try {
// Add the wire-plugin.exe to the Windows Firewall allowed list
Process p = Process.GetCurrentProcess();
if(p != null) {
if(Misc.GetOSName().Contains("Windows XP")) {
Misc.runCmdLine("netsh firewall delete allowedprogram \"" + p.MainModule.FileName + "\"");
Misc.runCmdLine("netsh firewall add allowedprogram program=\"" + p.MainModule.FileName + "\" name=\"ESL Wire Plugin\" mode=ENABLE scope=ALL profile=ALL");
} else {
Misc.runCmdLine("netsh advfirewall firewall delete rule name=\"ESL Wire Plugin\"");
Misc.runCmdLine("netsh advfirewall firewall add rule name=\"ESL Wire Plugin\" dir=in action=allow program=\"" + p.MainModule.FileName + "\" enable=yes remoteip=any profile=public,private");
}
}
} catch(Exception e) { Log.WriteLog(e.ToString()); }
try {
checkForUpdate();
} catch(Exception e) { Log.WriteLog(e.ToString()); }
try {
if(!UacHelper.IsProcessElevated) {
Misc.EndProcessAdmin();
}
} catch(Exception e) { Log.WriteLog(e.ToString()); }
// Check if SA-MP is open already
ProcessMemory Mem = new ProcessMemory("samp");
if(Mem.CheckProcess()) {
Log.WriteLog("Warning: SA-MP Was already started when ESL Wire was launched.");
Process[] p = Process.GetProcessesByName("samp");
foreach(Process proc in p) {
if(proc != null) {
checkGame(4039, proc.MainModule.FileName);
}
}
}
}
public static void VerifySomeMemoryStuff()
{
try {
ProcessMemory Mem = new ProcessMemory("gta_sa");
if(!g_bGTASAStarted) return;
while(!Mem.CheckProcess() && g_bGTASAStarted) {
ProcessMemory Mem2 = new ProcessMemory("samp");
if(!Mem.CheckProcess()) {
// SA-MP browser is closed.
whenGameStopped(4039);
}
Thread.Sleep(5000);
// Wait for GTA SA to be launched. (only sa-mp server browser is open at this time.)
}
// Wait a second just in case the game isn't initialized yet.
Thread.Sleep(1000);
// YAY!
// now we need to read some memory addresses!
if(Mem.StartProcess()) {
// public static void checkMemoryAddr(ProcessMemory Mem, int addr, string tomatch)
checkMemoryAddr(Mem, 0x085C718, @"ANIM\PED.IFP");
checkMemoryAddr(Mem, 0x086AA28, @"DATA\WEAPON.DAT");
checkMemoryAddr(Mem, 0x0869668, @"DATA\CARMODS.DAT");
checkMemoryAddr(Mem, 0x086A7F4, @"DATA\ANIMGRP.DAT");
checkMemoryAddr(Mem, 0x086AAB4, @"DATA\melee.dat");
checkMemoryAddr(Mem, 0x08671F8, @"DATA\CLOTHES.DAT");
checkMemoryAddr(Mem, 0x0869B20, @"DATA\OBJECT.DAT");
checkMemoryAddr(Mem, 0x0863A90, @"DATA\DEFAULT.DAT");
checkMemoryAddr(Mem, 0x0864318, @"data\surface.dat");
checkMemoryAddr(Mem, 0x0863B10, @"DATA\GTA.DAT");
checkMemoryAddr(Mem, 0x0872148, @"DATA\water.dat");
checkMemoryAddr(Mem, 0x0872158, @"DATA\water1.dat");
checkMemoryAddr(Mem, 0x086AF80, @"data\furnitur.dat");
checkMemoryAddr(Mem, 0x0867014, @"data\procobj.dat");
checkMemoryAddr(Mem, 0x086A964, @"HANDLING.CFG");
checkMemoryAddr(Mem, 0x086A778, @"TIMECYC.DAT");
checkMemoryAddr(Mem, 0x086A698, @"DATA\PEDSTATS.DAT");
checkMemoryAddr(Mem, 0x086A648, @"MODELS\FONTS.TXD");
checkMemoryAddr(Mem, 0x086A51C, @"models\coll\peds.col");
checkMemoryAddr(Mem, 0x0863F80, @"DATA\STATDISP.DAT");
checkMemoryAddr(Mem, 0x0863FA0, @"DATA\AR_STATS.DAT");
checkMemoryAddr(Mem, 0x0864DB4, @"data\surfinfo.dat");
// added v1.4
checkMemoryAddr(Mem, 0x08E4318, @"SAMP\CUSTOM.IMG");
checkMemoryAddr(Mem, 0x08E4398, @"MODELS\GTA3.IMG");
checkMemoryAddr(Mem, 0x08E43D8, @"MODELS\GTA_INT.IMG");
checkMemoryAddr(Mem, 0x08E44D8, @"MODELS\PLAYER.IMG");
checkMemoryAddr(Mem, 0x08E40D8, @"AUDIO\SFX\FEET");
checkMemoryAddr(Mem, 0x08E4118, @"AUDIO\SFX\GENRL");
checkMemoryAddr(Mem, 0x08E4158, @"AUDIO\SFX\PAIN_A");
checkMemoryAddr(Mem, 0x08E4198, @"AUDIO\SFX\SCRIPT");
checkMemoryAddr(Mem, 0x08E41D8, @"AUDIO\SFX\SPC_EA");
checkMemoryAddr(Mem, 0x08E4218, @"AUDIO\SFX\SPC_FA");
checkMemoryAddr(Mem, 0x08E4258, @"AUDIO\SFX\SPC_GA");
checkMemoryAddr(Mem, 0x08E4298, @"AUDIO\SFX\SPC_NA");
checkMemoryAddr(Mem, 0x08E42D8, @"AUDIO\SFX\SPC_PA");
checkMemoryAddr(Mem, 0x08E4358, @"SAMP\SAMP.IMG");
checkMemoryAddr(Mem, 0x08E4418, @"SAMP\SAMPCOL.IMG");
checkMemoryAddr(Mem, 0x08E4458, @"DATA\SCRIPT\SCRIPT.IMG");
checkMemoryAddr(Mem, 0x08E4498, @"MODELS\CUTSCENE.IMG");
checkMemoryAddr(Mem, 0x08E48D8, @"SAMP\CUSTOM.IMG");
checkMemoryAddr(Mem, 0x08E4908, @"SAMP\SAMP.IMG");
checkMemoryAddr(Mem, 0x08E4938, @"MODELS\GTA3.IMG");
checkMemoryAddr(Mem, 0x08E4968, @"MODELS\GTA_INT.IMG");
checkMemoryAddr(Mem, 0x08E4998, @"SAMP\SAMPCOL.IMG");
checkMemoryAddr(Mem, 0x08E49C8, @"DATA\SCRIPT\SCRIPT.IMG");
checkMemoryAddr(Mem, 0x08E49F8, @"MODELS\CUTSCENE.IMG");
checkMemoryAddr(Mem, 0x08E4A28, @"MODELS\PLAYER.IMG");
}
} catch(Exception e) {
Log.WriteLog(e.ToString());
}
}
private static void checkMemoryAddr(ProcessMemory Mem, int addr, string tomatch)
{
int size = tomatch.Length;
if(!Mem.CheckProcess()) {
Log.WriteLog("ERROR: Failed to read memory. addr=0x0" + String.Format("{0:X}", addr) + " size=" + size + " tomatch=" + tomatch);
}
string memoryval = Mem.ReadStringAscii(addr, size);
if(!memoryval.Equals(tomatch)) {
Log.WriteLog("Memory modification detected!");
Log.WriteLog("Address: 0x0" + String.Format("{0:X}", addr) + ", Size: " + size + ", Should contain: " + tomatch);
Log.WriteLog("Contains: " + memoryval);
Log.WriteLog(" ");
g_iCleanGame++;
}
}