public static int WriteProcessMemory(int memoryaddress, byte[] buffer, uint bytesToWrite) { IntPtr ptr; ProcessMemoryAPI.WriteProcessMemory(FMProcess.Pointer, (IntPtr)memoryaddress, buffer, bytesToWrite, out ptr); return(ptr.ToInt32()); }
public static byte[] ReadProcessMemory(int memoryAddress, uint bytesToRead, out int bytesRead) { IntPtr ptr; byte[] buffer = new byte[bytesToRead]; ProcessMemoryAPI.ReadProcessMemory(FMProcess.Pointer, (IntPtr)memoryAddress, buffer, bytesToRead, out ptr); bytesRead = ptr.ToInt32(); return(buffer); }
private static byte[] ReadProcessMemory(IntPtr process, int memoryAddress, uint bytesToRead, out int bytesRead) { IntPtr ptr; byte[] buffer = new byte[bytesToRead]; ProcessMemoryAPI.ReadProcessMemory(process, (IntPtr)memoryAddress, buffer, bytesToRead, out ptr); bytesRead = ptr.ToInt32(); return(buffer); }
public static byte[] ReadProcessMemory(int address, int length) { byte[] buffer = new byte[length]; if (address > fmProcess.BaseAddress) { ProcessMemoryAPI.ReadProcessMemory(FMProcess.Process.Id, (ulong)address, (ulong)length, buffer); } return(buffer); }
public static byte[] ReadProcessMemory(int address, int length) { byte[] buffer = new byte[length]; if (ProcessMemoryAPI.ReadProcessMemory(FMProcess.Process.Id, (ulong)address, (ulong)length, buffer) == 0) { ; // TODO: When things are mature enough, we should add an exception here } return(buffer); }
public static byte[] ReadProcessMemory(int address, int length) { byte[] buffer = new byte[length]; if (address > fmProcess.BaseAddress) { IntPtr result = ProcessMemoryAPI.ReadProcessBytes(FMProcess.Process.Id, (UInt64)address, length); Marshal.Copy(result, buffer, 0, length); } return(buffer); }
public static int GetProcessEndPoint(int pid) { int memoryAddress = 0x7FFFFFFF; int num3 = 0x1000000; bool readable = false; for (int i = 1; i <= 7; i++) { readable = ProcessMemoryAPI.CanReadAtAddress(pid, (UInt64)memoryAddress, 1); while (!readable) { memoryAddress -= num3; readable = ProcessMemoryAPI.CanReadAtAddress(pid, (UInt64)memoryAddress, 1); } memoryAddress += num3; num3 /= 0x10; } return(memoryAddress); }
// Finds the process and loads it in memory public bool findFMProcess() { FMProcess fmProcess = new FMProcess(); Process[] fmProcesses = Process.GetProcessesByName("fm"); uint pid = fmProcesses.Length > 1 ? (uint)fmProcesses[0].Id : (uint)fmProcesses[0].Id; if (fmProcesses.Length > 0) { uint buffer; uint bufferend; uint heap; uint endaddress; if (ProcessMemoryAPI.GetBaseAddress(pid, out buffer, out bufferend, out heap, out endaddress)) { fmProcess.Process = fmProcesses [0]; fmProcess.BaseAddress = (int)buffer; fmProcess.HeapAddress = (int)heap; fmProcess.EndPoint = (int)endaddress; ProcessManager.fmProcess = fmProcess; // Search for the current version foreach (var versionType in Assembly.GetCallingAssembly().GetTypes().Where(t => typeof(IIVersion).IsAssignableFrom(t))) { if (versionType.IsInterface) { continue; } var instance = (IIVersion)Activator.CreateInstance(versionType); if (instance.SupportsProcess(fmProcess, null)) { Version = instance; break; } } } fmLoaded = (Version != null); } if (!fmLoaded) { // Try to find info about the version // Lookup the objects in the memory for (int i = fmProcess.BaseAddress; i < fmProcess.EndPoint - 4; i += 4) { try { int continents = TryGetPointerObjects(i, 0x1c, fmProcess); if (continents == 7) { Debug.WriteLine("Found a candidate @ 0x{0:X}", i); Debug.WriteLine("Persons: {0}", TryGetPointerObjects(i, 0x3c, fmProcess)); } } catch { } } } return(fmLoaded); }
public bool findFMProcess() { FMProcess fmProcess = new FMProcess(); Process[] fmProcesses = Process.GetProcessesByName("fm"); if (fmProcesses.Length > 0) { Process activeProcess = fmProcesses [0]; fmProcess.Pointer = ProcessMemoryAPI.OpenProcess(0x001F0FFF, 1, (uint)activeProcess.Id); fmProcess.EndPoint = ProcessManager.GetProcessEndPoint(fmProcess.Pointer); fmProcess.Process = activeProcess; fmProcess.BaseAddress = activeProcess.MainModule.BaseAddress.ToInt32(); ProcessManager.fmProcess = fmProcess; fmProcess.VersionDescription = fmProcess.Process.MainModule.FileVersionInfo.ProductVersion; // Search for the current version foreach (var versionType in Assembly.GetCallingAssembly().GetTypes().Where(t => typeof(IIVersion).IsAssignableFrom(t))) { if (versionType.IsInterface) { continue; } var instance = (IIVersion)Activator.CreateInstance(versionType); if (instance.SupportsProcess(fmProcess, null)) { Version = instance; break; } } fmLoaded = (Version != null); if (!fmLoaded) { int i; // Try to find info about the version // Lookup the objects in the memory for (i = (fmProcess.BaseAddress + 0x1A8484E); i < fmProcess.EndPoint; i += 4) { int cities, clubs, leagues, stadiums, teams, continents, countries, persons; string[] splitVersion = fmProcess.VersionDescription.Split('.'); if (splitVersion[0] == "14") { cities = TryGetPointerObjects(i, 0x14, fmProcess); clubs = TryGetPointerObjects(i, 0x1C, fmProcess); leagues = TryGetPointerObjects(i, 0x24, fmProcess); stadiums = TryGetPointerObjects(i, 0x8C, fmProcess); teams = TryGetPointerObjects(i, 0xA4, fmProcess); continents = TryGetPointerObjects(i, 0x2C, fmProcess); countries = TryGetPointerObjects(i, 0x64, fmProcess); persons = TryGetPointerObjects(i, 0x6C, fmProcess); } else { cities = TryGetPointerObjects(i, 0x10, fmProcess); clubs = TryGetPointerObjects(i, 0x14, fmProcess); leagues = TryGetPointerObjects(i, 0x18, fmProcess); stadiums = TryGetPointerObjects(i, 0x4C, fmProcess); teams = TryGetPointerObjects(i, 0x58, fmProcess); continents = TryGetPointerObjects(i, 0x1C, fmProcess); countries = TryGetPointerObjects(i, 0x38, fmProcess); persons = TryGetPointerObjects(i, 0x3C, fmProcess); } if (continents == 7 && countries > 230 && countries < 250 && ( cities > 0 && clubs > 0 && leagues > 0 && stadiums > 0 && teams > 0 && persons > 0 )) { Debug.WriteLine("Found a candidate @ 0x{0:X}", i); } } } } return(fmLoaded); }
// Finds the process and loads it in memory public bool findFMProcess() { FMProcess fmProcess = new FMProcess(); Process[] fmProcesses = Process.GetProcessesByName("fm"); uint pid = fmProcesses.Length > 1 ? (uint)fmProcesses[0].Id : (uint)fmProcesses[0].Id; if (fmProcesses.Length > 0) { uint buffer; uint heap; uint endaddress; if (ProcessMemoryAPI.GetBaseAddress(pid, out buffer, out heap, out endaddress)) { fmProcess.Process = fmProcesses [0]; fmProcess.BaseAddress = (int)buffer; fmProcess.HeapAddress = (int)heap; fmProcess.EndPoint = (int)endaddress; ProcessManager.fmProcess = fmProcess; // Search for the current version foreach (var versionType in Assembly.GetCallingAssembly().GetTypes().Where(t => typeof(IIVersion).IsAssignableFrom(t))) { if (versionType.IsInterface) { continue; } var instance = (IIVersion)Activator.CreateInstance(versionType); if (instance.SupportsProcess(fmProcess, null)) { Version = instance; break; } } } fmLoaded = (Version != null); } if (!fmLoaded) { int i; // Try to find info about the version // Lookup the objects in the memory for (i = fmProcess.BaseAddress; i < fmProcess.HeapAddress; i += 4) { int memoryAddress = ProcessManager.ReadInt32(i); if (memoryAddress > fmProcess.BaseAddress && memoryAddress < fmProcess.EndPoint) { memoryAddress = ProcessManager.ReadInt32(memoryAddress + 0x1C); if (memoryAddress < fmProcess.BaseAddress || memoryAddress > fmProcess.EndPoint) { continue; } int xorValueOne = ProcessManager.ReadInt32(memoryAddress + 0x2C + 0x4); int xorValueTwo = ProcessManager.ReadInt32(memoryAddress + 0x2C); memoryAddress = xorValueTwo ^ xorValueOne; if (memoryAddress < fmProcess.BaseAddress || memoryAddress > fmProcess.EndPoint) { continue; } memoryAddress = ProcessManager.ReadInt32(memoryAddress + 0x54); if (memoryAddress < fmProcess.BaseAddress || memoryAddress > fmProcess.EndPoint) { continue; } int numberOfObjects = ProcessManager.ReadArrayLength(memoryAddress); if (numberOfObjects != 7) { continue; } else { Debug.WriteLine("Found a candidate @ 0x{0:X}", i); } } else { continue; } } } return(fmLoaded); }