private void CallDllMatchListView(int pid, ProcessModule module) { ListViewItem item = new ListViewItem(); item.Name = pid.ToString() + " " + module.BaseAddress.ToString(); item.Text = Program.ProcessProvider.Dictionary[pid].Name + " (" + pid.ToString() + ")"; item.Tag = pid; item.SubItems.Add(new ListViewItem.ListViewSubItem(item, "DLL")); item.SubItems.Add(new ListViewItem.ListViewSubItem(item, module.FileName)); item.SubItems.Add(new ListViewItem.ListViewSubItem(item, Utils.FormatAddress(module.BaseAddress))); OnMatchListView(item); }
public void TestModuleCollectionBehavior() { ProcessModule[] mArray = Process.GetCurrentProcess().Modules.Cast<ProcessModule>().ToArray(); // Constructor ProcessModuleCollection moduleCollection = new ProcessModuleCollection(mArray); // Count Assert.Equal(mArray.Count(), moduleCollection.Count); // get_item, Contains, IndexOf for (int i = 0; i < mArray.Count(); i++) { Assert.Equal(mArray[i], moduleCollection[i]); Assert.True(moduleCollection.Contains(mArray[i])); Assert.Equal(i, moduleCollection.IndexOf(mArray[i])); } // CopyTo ProcessModule[] moduleArray = new ProcessModule[moduleCollection.Count + 1]; moduleCollection.CopyTo(moduleArray, 1); for (int i = 0; i < mArray.Count(); i++) { Assert.Equal(mArray[i], moduleArray[i + 1]); } Assert.Throws<ArgumentOutOfRangeException>(() => moduleCollection.CopyTo(moduleArray, -1)); // Explicit interface implementations Assert.False(((ICollection)moduleCollection).IsSynchronized); Assert.NotNull(((ICollection)moduleCollection).SyncRoot); moduleArray = new ProcessModule[moduleCollection.Count]; ((ICollection)moduleCollection).CopyTo(moduleArray, 0); Assert.Equal(moduleCollection.Cast<ProcessModule>().ToArray(), moduleArray); // GetEnumerator IEnumerator enumerator = moduleCollection.GetEnumerator(); Assert.Throws<InvalidOperationException>(() => enumerator.Current); for (int i = 0; i < moduleCollection.Count; i++) { enumerator.MoveNext(); Assert.Equal(moduleCollection[i], enumerator.Current); } }
public IntPtr FindPattern(string module, byte[] pattern, int offset = 0) { ProcessModule moduleInfo = m_Process.GetModule(module); return(FindPattern(moduleInfo, pattern, offset)); }
public ProcessModuleCollection(ProcessModule[] processModules);
private void SetVariables() { _baseAddress = IntPtr.Zero; _processModule = _mainProcess[0].MainModule; _baseAddress = _processModule.BaseAddress; }
/// <summary> /// Registers hook with Windows API /// </summary> /// <param name="proc">Callback function</param> /// <returns>Hook ID</returns> private IntPtr SetHook(KeyboardHookHandler proc) { using (ProcessModule module = Process.GetCurrentProcess().MainModule) return(SetWindowsHookEx(13, proc, GetModuleHandle(module.ModuleName), 0)); }
/// <summary> /// Injects a library into this Injector's process. <paramref name="libPath"/> can be /// relative or absolute; either way, the injected module will be referred to by module name only. /// I.e. "c:\some\directory\library.dll", "library.dll" and "..\library.dll" will all be referred to /// as "library.dll" /// </summary> /// <param name="libPath">Relative or absolute path to the dll to be injected</param> public void InjectLibrary(string libPath) { // (in?)sanity check, pretty sure this is never possible as the constructor will error - left over from how it previously was developed if (_process == null) { throw new InvalidOperationException("This injector has no associated process and thus cannot inject a library"); } if (_handle == IntPtr.Zero) { throw new InvalidOperationException("This injector does not have a valid handle to the associated process and thus cannot inject a library"); } if (!File.Exists(libPath)) { throw new FileNotFoundException(string.Format("Unable to find library {0} to inject into process {1}", libPath, _process.ProcessName), libPath); } // convenience variables string fullPath = Path.GetFullPath(libPath); string libName = Path.GetFileName(fullPath); // declare resources that need to be freed in finally IntPtr pLibRemote = IntPtr.Zero; // pointer to allocated memory of lib path string IntPtr hThread = IntPtr.Zero; // handle to thread from CreateRemoteThread IntPtr pLibFullPathUnmanaged = Marshal.StringToHGlobalUni(fullPath); // unmanaged C-String pointer try { uint sizeUni = (uint)Encoding.Unicode.GetByteCount(fullPath); // Get Handle to Kernel32.dll and pointer to LoadLibraryW IntPtr hKernel32 = Imports.GetModuleHandle("Kernel32"); if (hKernel32 == IntPtr.Zero) { throw new Win32Exception(Marshal.GetLastWin32Error()); } IntPtr hLoadLib = Imports.GetProcAddress(hKernel32, "LoadLibraryW"); if (hLoadLib == IntPtr.Zero) { throw new Win32Exception(Marshal.GetLastWin32Error()); } // allocate memory to the local process for libFullPath pLibRemote = Imports.VirtualAllocEx(_handle, IntPtr.Zero, sizeUni, AllocationType.Commit, MemoryProtection.ReadWrite); if (pLibRemote == IntPtr.Zero) { throw new Win32Exception(Marshal.GetLastWin32Error()); } // write libFullPath to pLibPath int bytesWritten; if (!Imports.WriteProcessMemory(_handle, pLibRemote, pLibFullPathUnmanaged, sizeUni, out bytesWritten) || bytesWritten != (int)sizeUni) { throw new Win32Exception(Marshal.GetLastWin32Error()); } // load dll via call to LoadLibrary using CreateRemoteThread hThread = Imports.CreateRemoteThread(_handle, IntPtr.Zero, 0, hLoadLib, pLibRemote, 0, IntPtr.Zero); if (hThread == IntPtr.Zero) { throw new Win32Exception(Marshal.GetLastWin32Error()); } if (Imports.WaitForSingleObject(hThread, (uint)ThreadWaitValue.Infinite) != (uint)ThreadWaitValue.Object0) { throw new Win32Exception(Marshal.GetLastWin32Error()); } // get address of loaded module - this doesn't work in x64, so just iterate module list to find injected module IntPtr hLibModule;// = IntPtr.Zero; if (!Imports.GetExitCodeThread(hThread, out hLibModule)) { throw new Win32Exception(Marshal.GetLastWin32Error()); } //if(hLibModule == IntPtr.Zero) // throw new Exception("Code executed properly, but unable to get an appropriate module handle, possible Win32Exception", new Win32Exception(Marshal.GetLastWin32Error())); // iterate modules in target process to find our newly injected module ProcessModule modFound = null; foreach (ProcessModule mod in _process.Modules) { if (mod.ModuleName == libName) { modFound = mod; break; } } if (modFound == null) { throw new Exception("Injected module could not be found within the target process!"); } injectedModules.Add(libName, new InjectedModule(modFound)); } finally { Marshal.FreeHGlobal(pLibFullPathUnmanaged); // free unmanaged string Imports.CloseHandle(hThread); // close thread from CreateRemoteThread Imports.VirtualFreeEx(_process.Handle, pLibRemote, 0, AllocationType.Release); // Free memory allocated } }
public MyModule(ProcessModule r) { Name = r.ModuleName; Path = Directory.GetParent(r.FileName).FullName; }
public int ImageAddress(int pOffset) { this.BaseAddress = 0; this.myProcessModule = this.MyProcess[0].MainModule; this.BaseAddress = (int)this.myProcessModule.BaseAddress; return (pOffset + this.BaseAddress); }
public void AdjustAddresses(ProcessModule module) { this.GlobalNameArrayAddress = AdjustAddress(module, this.GlobalNameArrayAddress); this.GlobalObjectArrayAddress = AdjustAddress(module, this.GlobalObjectArrayAddress); }
/// <summary> /// Frees the loaded dynamic-link library (DLL) module and, if necessary, decrements its reference count. /// </summary> /// <param name="module">The <see cref="ProcessModule" /> object corresponding to the library to free.</param> public static void FreeLibrary(ProcessModule module) { FreeLibrary(module.ModuleName); }
/// <summary> /// Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). /// </summary> /// <param name="module">The <see cref="ProcessModule" /> object corresponding to the module.</param> /// <param name="functionName">The function or variable name, or the function's ordinal value.</param> /// <returns>If the function succeeds, the return value is the address of the exported function.</returns> public static IntPtr GetProcAddress(ProcessModule module, string functionName) { return(GetProcAddress(module.ModuleName, functionName)); }
internal UiModule([NotNull] ProcessModule module) { this._module = module; }
/// <summary> /// Initializes a new instance of the <see cref="InjectedModule" /> class. /// </summary> /// <param name="processPlus">The reference of the <see cref="IProcess" /> object.</param> /// <param name="module">The native <see cref="ProcessModule" /> object corresponding to the injected module.</param> /// <param name="mustBeDisposed">The module will be ejected when the finalizer collects the object.</param> public InjectedModule(IProcess processPlus, ProcessModule module, bool mustBeDisposed = true) : base(processPlus, module) { // Save the parameter MustBeDisposed = mustBeDisposed; }
private void Screen_Load(object sender, EventArgs e) { // Create new black fullscreen window on every additional screen foreach (Screen s in Screen.AllScreens) { if (s.Primary) { continue; } Form black = new Form() { BackColor = System.Drawing.Color.Black, ShowIcon = false, ShowInTaskbar = false, WindowState = FormWindowState.Maximized, MaximizeBox = false, MinimizeBox = false, FormBorderStyle = FormBorderStyle.None, ControlBox = false, StartPosition = FormStartPosition.Manual, Location = new Point(s.WorkingArea.Left, s.WorkingArea.Top) }; // Prevent black screen from being closed black.FormClosing += delegate(object fSender, FormClosingEventArgs fe) { fe.Cancel = true; }; // Show black screen black.Show(); } // Set username if (!string.IsNullOrEmpty(DisplayName)) { lblUsername.Text = DisplayName; } else if (!string.IsNullOrEmpty(Username)) { lblUsername.Text = Username; } else { lblUsername.Text = "User"; } // Set focus on password box ActiveControl = mtbPassword; // Disable WinKey, Alt+Tab, Ctrl+Esc // Source: https://stackoverflow.com/a/3227562 ProcessModule objCurrentModule = Process.GetCurrentProcess().MainModule; objKeyboardProcess = new LowLevelKeyboardProc(captureKey); ptrHook = SetWindowsHookEx(13, objKeyboardProcess, GetModuleHandle(objCurrentModule.ModuleName), 0); // Minimize all other windows // Source: https://stackoverflow.com/a/785110 IntPtr lHwnd = FindWindow("Shell_TrayWnd", null); SendMessage(lHwnd, WM_COMMAND, (IntPtr)MIN_ALL, IntPtr.Zero); // Make this the active window WindowState = FormWindowState.Minimized; Show(); WindowState = FormWindowState.Maximized; }
public void CopyTo(ProcessModule[] array, int index);
public uint FindPattern(ProcessModule pModule, byte[] bPattern, string szMask) { return(FindPattern((uint)pModule.BaseAddress, pModule.ModuleMemorySize, bPattern, szMask)); }
public void Run(RemoteHooking.IContext context) { try { var args = Environment.GetCommandLineArgs(); bool enableDebug = false; foreach (var arg in args) { if (arg == "--launch-debugger") { Debugger.Launch(); } if (arg == "-d" || arg == "--enable-debug") { Debugger.Launch(); } } var kernel = GetKernelModule().BaseAddress; var loadLibraryAFunc = Kernel32.GetProcAddress(kernel, "LoadLibraryA"); var hook = LocalHook.Create(loadLibraryAFunc, new LoadLibraryADelegate(LoadLibraryHook), null); hook.ThreadACL.SetExclusiveACL(Array.Empty <int>()); Hooks.Add("LoadLibraryA", hook); if (Is64Bit) { Kernel32.LoadLibrary("EngineWin64s.dll"); } else { Kernel32.LoadLibrary("EngineWin32s.dll"); } foreach (ProcessModule module in Process.GetCurrentProcess().Modules) { Console.WriteLine($"Module: {module.ModuleName}"); } module = GetEngineModule(); resolver = new DiaSymbolResolver(module); #if DEBUG LogEngineSymbols(resolver); #endif PdbSymbolImporter.ImportSymbols(resolver); LuaHelper.InitHelper(resolver); Hook <InitLuaDelegate>("?InitLua@ScriptManager@sgg@@SAXXZ", InitLua); Hook <ScriptManagerUpdateDelegate>("?Update@ScriptManager@sgg@@SAXAEBM@Z", ScriptManagerUpdate); scriptManager = new ScriptManager(resolver, enableDebug); Console.WriteLine($"Created ScriptManager"); RemoteHooking.WakeUpProcess(); while (true) { var code = Console.ReadLine(); Console.WriteLine("> {0}", code); scriptManager.Eval(code); Thread.Sleep(500); } } catch (Exception ex) { Console.Error.WriteLine(ex); throw; } }
/// <summary> /// Initialize the ProcessPropertyPageProjectFlavorCfg instance. /// </summary> public void Initialize(ProcessModule project, IVsCfg baseConfiguration, IVsProjectFlavorCfg innerConfiguration) { this.project = project; this.baseConfiguration = baseConfiguration; this.innerConfiguration = innerConfiguration; mapIVsCfgToProcessPropertyPageProjectFlavorCfg.Add(baseConfiguration, this); }
/// <summary> /// Sets hook and assigns its ID for tracking /// </summary> /// <param name="proc">Internal callback function</param> /// <returns>Hook ID</returns> private static IntPtr SetHook(MouseHookHandler proc) { using ProcessModule module = Process.GetCurrentProcess().MainModule; return(SetWindowsHookEx(WH_MOUSE_LL, proc, GetModuleHandle(module?.ModuleName), 0)); }
private static long ScanForSignature(Process proc, ProcessModule m, SearchSignature s) { return(ScanForSignature(proc, s, m.BaseAddress, m.ModuleMemorySize)); }
public uint FindPattern(ProcessModule pModule, string szPattern, string szMask) { return(FindPattern(pModule, szPattern, szMask, ' ')); }
/// <summary> /// Writes a debug log to the given directory. /// </summary> /// <param name="screenshotPath">The path to store the screenshot into.</param> /// <param name="exception">The exception to log about.</param> private void WriteDebugLog(string dumpFolder, Exception exception) { using (FileStream file = new FileStream(Path.Combine(dumpFolder, DebugLogFileName), FileMode.OpenOrCreate, FileAccess.Write, FileShare.None)) using (StreamWriter stream = new StreamWriter(file)) { //Application information string separator = new string('-', 100); const string lineFormat = "{0,20}: {1}"; stream.WriteLine("Application Information"); stream.WriteLine(separator); stream.WriteLine(string.Format(CultureInfo.InvariantCulture, lineFormat, "Version", Assembly.GetEntryAssembly().GetFileVersion())); StringBuilder commandLine = new StringBuilder(); foreach (string param in Environment.GetCommandLineArgs()) { commandLine.Append(param); commandLine.Append(' '); } stream.WriteLine(string.Format(CultureInfo.InvariantCulture, lineFormat, "Command Line", commandLine.ToString().Trim())); stream.WriteLine(string.Format(CultureInfo.InvariantCulture, lineFormat, "Current Directory", Environment.CurrentDirectory)); //System Information ComputerInfo info = new ComputerInfo(); stream.WriteLine(); stream.WriteLine("System Information"); stream.WriteLine(separator); stream.WriteLine(string.Format(CultureInfo.InvariantCulture, lineFormat, "Operating System", string.Format(CultureInfo.InvariantCulture, "{0} {1}{2} {4}", info.OSFullName.Trim(), info.OSVersion.Trim(), string.IsNullOrEmpty(Environment.OSVersion.ServicePack) ? string.Empty : string.Format(CultureInfo.InvariantCulture, "({0})", Environment.OSVersion.ServicePack), SystemInfo.WindowsEdition == WindowsEditions.Undefined ? string.Empty : SystemInfo.WindowsEdition.ToString(), SystemInfo.ProcessorArchitecture))); stream.WriteLine(string.Format(CultureInfo.InvariantCulture, lineFormat, ".NET Runtime version", Environment.Version)); stream.WriteLine(string.Format(CultureInfo.InvariantCulture, lineFormat, "Processor Count", Environment.ProcessorCount)); stream.WriteLine(string.Format(CultureInfo.InvariantCulture, lineFormat, "Physical Memory", string.Format(CultureInfo.InvariantCulture, "{0}/{1}", info.AvailablePhysicalMemory, info.TotalPhysicalMemory))); stream.WriteLine(string.Format(CultureInfo.InvariantCulture, lineFormat, "Virtual Memory", string.Format(CultureInfo.InvariantCulture, "{0}/{1}", info.AvailableVirtualMemory, info.TotalVirtualMemory))); //Disk Drives stream.WriteLine(); stream.WriteLine("Logical Drives"); stream.WriteLine(separator); foreach (DriveInfo drive in DriveInfo.GetDrives()) { stream.WriteLine(string.Format(CultureInfo.InvariantCulture, lineFormat, "Drive", drive.Name)); stream.WriteLine(string.Format(CultureInfo.InvariantCulture, lineFormat, "Label", drive.VolumeLabel)); stream.WriteLine(string.Format(CultureInfo.InvariantCulture, lineFormat, "Type", drive.DriveType)); stream.WriteLine(string.Format(CultureInfo.InvariantCulture, lineFormat, "Format", drive.DriveFormat)); stream.WriteLine(string.Format(CultureInfo.InvariantCulture, lineFormat, "Total Size", drive.TotalSize)); stream.WriteLine(string.Format(CultureInfo.InvariantCulture, lineFormat, "Available Space", drive.AvailableFreeSpace)); } stream.WriteLine(string.Format(CultureInfo.InvariantCulture, lineFormat, "Pagefile size", Environment.SystemPageSize)); //Running processes stream.WriteLine(); stream.WriteLine("Running Processes"); stream.WriteLine(separator); { int i = 0; foreach (Process process in Process.GetProcesses()) { try { ProcessModule mainModule = process.MainModule; stream.WriteLine(string.Format(CultureInfo.InvariantCulture, lineFormat, string.Format(CultureInfo.InvariantCulture, "Process[{0}]", ++i), string.Format(CultureInfo.InvariantCulture, "{0} [{1}.{2}.{3}.{4}{5}]", mainModule.FileName, mainModule.FileVersionInfo.FileMajorPart, mainModule.FileVersionInfo.FileMinorPart, mainModule.FileVersionInfo.FileBuildPart, mainModule.FileVersionInfo.FilePrivatePart, string.IsNullOrEmpty(mainModule.FileVersionInfo.FileVersion) ? string.Empty : string.Format(CultureInfo.InvariantCulture, " <{0}>", mainModule.FileVersionInfo.FileVersion)))); } catch (Win32Exception) { } catch (InvalidOperationException) { } } } //Exception Information stream.WriteLine(); stream.WriteLine("Exception Information (Outermost to innermost)"); stream.WriteLine(separator); //Open a stream to the Stack Trace Log file. We want to separate the stack //trace do we can check against the server to see if the crash is a new one using (StreamWriter stackTraceLog = new StreamWriter( Path.Combine(dumpFolder, BlackBoxReport.StackTraceFileName))) { Exception currentException = exception; for (uint i = 1; currentException != null; ++i) { stream.WriteLine(string.Format(CultureInfo.InvariantCulture, "Exception {0}:", i)); stream.WriteLine(string.Format(CultureInfo.InvariantCulture, lineFormat, "Message", currentException.Message)); stream.WriteLine(string.Format(CultureInfo.InvariantCulture, lineFormat, "Exception Type", currentException.GetType().FullName)); stackTraceLog.WriteLine(string.Format(CultureInfo.InvariantCulture, "Exception {0}: {1}", i, currentException.GetType().FullName)); //Parse the stack trace string[] stackTrace = currentException.StackTrace.Split(new char[] { '\n' }); for (uint j = 0; j < stackTrace.Length; ++j) { stream.WriteLine(string.Format(CultureInfo.InvariantCulture, lineFormat, string.Format(CultureInfo.InvariantCulture, "Stack Trace [{0}]", j), stackTrace[j].Trim())); stackTraceLog.WriteLine(string.Format(CultureInfo.InvariantCulture, "{0}", stackTrace[j].Trim())); } uint k = 0; foreach (System.Collections.DictionaryEntry value in currentException.Data) { stream.WriteLine( string.Format(CultureInfo.InvariantCulture, lineFormat, string.Format(CultureInfo.InvariantCulture, "Data[{0}]", ++k), string.Format(CultureInfo.InvariantCulture, "{0} {1}", value.Key.ToString(), value.Value.ToString()))); } //End the exception and get the inner exception. stream.WriteLine(); currentException = currentException.InnerException; } } } }
public InjectedModule(ProcessModule module) { Module = module; exports = new Dictionary <string, IntPtr>(); }
internal SingleModule(ProcessModule module) { _module = module; }
public Background() { // Initialise low level keyboard hook ProcessModule objCurrentModule = Process.GetCurrentProcess().MainModule; objKeyboardProcess = new LowLevelKeyboardProc(captureKey); ptrHook = SetWindowsHookEx(13, objKeyboardProcess, GetModuleHandle(objCurrentModule.ModuleName), 0); // Open the file taskmgr.exe to disable the task manager // http://stackoverflow.com/questions/1660106/block-controlaltdelete fs = new FileStream(System.IO.Path.Combine(Environment.SystemDirectory, "taskmgr.exe"), FileMode.Open, FileAccess.ReadWrite, FileShare.None); // Hide the taskbar // http://www.codeproject.com/Articles/7392/Lock-Windows-Desktop ShowWindow(FindWindow("Shell_TrayWnd", null), (int)SHOWWINDOW.SW_HIDE); ShowWindow(GetDlgItem(FindWindow("Shell_TrayWnd", null), 0x130), (int)SHOWWINDOW.SW_HIDE); // Disable the maximise and minise buttons. Also set the form to full screen // http://http://stackoverflow.com/questions/3025923/disabling-minimize-maximize-on-winform this.MaximizeBox = false; this.MinimizeBox = false; this.WindowState = FormWindowState.Maximized; // Remove the title bar // http://stackoverflow.com/questions/3594086/how-to-create-a-form-with-a-border-but-no-title-bar-like-volume-control-on-wi this.Text = string.Empty; this.ControlBox = false; this.FormBorderStyle = FormBorderStyle.SizableToolWindow; if (!File.Exists(ConfigFileName)) { // The config file does not exist. Use the default values exitTimed = DefaultExitTimed; exitTime = DefaultExitTime; program = DefaultProgram; programDir = DefaultProgramDir; return; } // Read the config file string line; string[] arrayVar; using (StreamReader reader = new StreamReader(ConfigFileName, true)) { for (; !string.IsNullOrEmpty(line = reader.ReadLine());) { arrayVar = line.Split('='); switch (arrayVar[0].Trim()) { case "Timed": if (string.IsNullOrEmpty(arrayVar[1].Trim())) { exitTimed = DefaultExitTimed; } else { exitTimed = Convert.ToBoolean(arrayVar[1]); } break; case "Time": if (string.IsNullOrEmpty(arrayVar[1].Trim())) { exitTime = DefaultExitTime; } else { exitTime = Convert.ToUInt16(arrayVar[1]); } break; case "Program": if (string.IsNullOrEmpty(arrayVar[1].Trim())) { program = DefaultProgram; } else { program = arrayVar[1].Trim(); } break; case "ProgramDir": if (string.IsNullOrEmpty(arrayVar[1].Trim())) { programDir = DefaultProgramDir; } else { programDir = arrayVar[1].Trim(); } break; default: throw new NotImplementedException(); } } } InitializeComponent(); // Set up for the timed mode - No exit before the time expires if (exitTimed) { timerExit.Enabled = true; timerExit.Interval = exitTime * 60000; timerExit.Start(); } }
/// <summary /> public Module(Process process, ProcessModule processModule) { Process = process; ProcessModule = processModule; }
//因为可能无法随时找到正确的地址,因此在程序开始时自动不断地寻找地址,找到可能正确的就保存下来以备后用。 private void SearchAddressThread() { while (true) { Process[] process_search = Process.GetProcessesByName("FarmTogether"); if (process_search.Length != 0) { ProcessModuleCollection modules = process_search[0].Modules; ProcessModule dll = null; foreach (ProcessModule i in modules) { if (i.ModuleName == "UnityPlayer.dll") { dll = i; break; } } try { long DllAddrPlus = dll.BaseAddress.ToInt64() + ((IntPtr)0x151f010).ToInt64(); long nextaddr = MRead(DllAddrPlus); nextaddr = MRead(nextaddr + 0x60); nextaddr = MRead(nextaddr + 0x48); nextaddr = MRead(nextaddr + 0x1c8); nextaddr = MRead(nextaddr + 0x10); nextaddr = MRead(nextaddr + 0x180); nextaddr = MRead(nextaddr + 0x28); nextaddr += 0x208;//此地址保存当前季节1,2,4,8 int NowSeason = (int)MRead(nextaddr, false); if (NowSeason == 1 || NowSeason == 2 || NowSeason == 4 || NowSeason == 8) { if (MRead(nextaddr + 0x8, false) - MRead(nextaddr + 0xc, false) <= (long)1020 && MRead(nextaddr + 0x8, false) - MRead(nextaddr + 0xc, false) >= (long)0) { TickBaseAddress = nextaddr; } } else//从另外一个dll处出发寻找,另一种途径 { dll = null; foreach (ProcessModule i in modules) { if (i.ModuleName == "mono.dll") { dll = i; break; } } try { DllAddrPlus = dll.BaseAddress.ToInt64() + ((IntPtr)0x265a20).ToInt64(); nextaddr = MRead(DllAddrPlus); if (nextaddr == (long)0)//这些是因为CE找到的指针有时会变动,导致有可能找不到要找的地址 { continue; } nextaddr = MRead(nextaddr + 0xa0);//后续的偏移 if (nextaddr == (long)0) { continue; } nextaddr = MRead(nextaddr + 0xc8); if (nextaddr == (long)0) { continue; } nextaddr = MRead(nextaddr + 0x20); if (nextaddr == (long)0) { continue; } nextaddr = MRead(nextaddr + 0xe0); if (nextaddr == (long)0) { continue; } nextaddr = MRead(nextaddr + 0x68); if (nextaddr == (long)0) { continue; } nextaddr = MRead(nextaddr + 0x28); if (nextaddr == (long)0) { continue; } nextaddr += 0x208;//此地址保存当前季节1,2,4,8 NowSeason = (int)MRead(nextaddr, false); if (NowSeason == 1 || NowSeason == 2 || NowSeason == 4 || NowSeason == 8) { if (MRead(nextaddr + 0x8, false) - MRead(nextaddr + 0xc, false) <= (long)1020 && MRead(nextaddr + 0x8, false) - MRead(nextaddr + 0xc, false) >= (long)0) { TickBaseAddress = nextaddr; } } } catch { } } } catch { continue; } } Thread.Sleep(500); } }
public AddressList_244_32(MemManager manager) { FoundAddresses = false; ProcessModule exe = manager.HookedProcess.MainModule; InjectLocation = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 5, "E8 ????????", // call Talos.exe + 63C640 // jmp 017F0000 "??????????", // OR // mov ecx,[esi+08] // test ecx, ecx "0F84 ????????", // je Talos.exe + 641B8E "E8 ????????", // call Talos.exe + 867970 "85 C0", // test eax, eax "0F84 ????????", // je Talos.exe + 641AEC "83 3D ???????? 00" // cmp dword ptr[Talos.exe + 118860C], 00 ); if (InjectLocation == IntPtr.Zero) { return; } InjectInstructionLength = 5; IntPtr tmp = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 6, "F3 0F11 45 CC", // movss[ebp - 34], xmm0 "E8 ????????", // call Talos.exe + 83A330 "83 C4 14" // add esp, 14 ); if (tmp == IntPtr.Zero) { return; } DrawText = manager.ReadDisplacement(tmp, false); tmp = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 1, "E8 ????????", // call Talos.exe + 82FE20 "8B 4D FC", // mov ecx,[ebp - 04] "8B 15 ????????", // mov edx,[Talos.exe + 11E8A20] "0F57 C0", // xorps xmm0, xmm0 "83 C4 18" // add esp, 18 ); if (tmp == IntPtr.Zero) { return; } DrawBox = manager.ReadDisplacement(tmp, false); Viewport = manager.Read <IntPtr>(IntPtr.Add(tmp, 9)); tmp = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 8, "83 C4 1C", // add esp,1C "85 C0", // test eax, eax "74 ??", // je Talos.exe + 641B7E "68 ????????", // push Talos.exe + 11D6B60 "E8 ????????" // call Talos.exe + 81F230 ); if (tmp == IntPtr.Zero) { return; } Font = manager.Read <IntPtr>(tmp); SetFont = manager.ReadDisplacement(IntPtr.Add(tmp, 5), false); FoundAddresses = true; }
static private void ThreadListen(object ob) { Process[] procList = new Process[200]; while (g_thListenStop) { //清楚无效的pid记录 FlushProcessLib(); //特定时间段检测 bool spcTime = IsSpcTime(); //Process curProcess; procList = Process.GetProcesses(); if (spcTime && dic_Game_Process.Count > g_SpcTimeLimitNum) { //MessageBox.Show("IsSpcTime"); CloseAllGame(ob); } else { //MessageBox.Show("not IsSpcTime"); } foreach (var curProcess in procList) { try { if (curProcess.ProcessName.ToString().Contains("按键精灵") && g_bLimitKeyPress && spcTime) { //MessageBox.Show("使用受禁止的辅助工具将影响游戏的正常运行,请您遵守游戏规则!"); //如果找到,干掉所有的temp.tmp进程兵器杀出temp.tmp文件 CloseAllGame(ob); } if (FindWindow(null, "按键精灵") != 0 && g_bLimitKeyPress && spcTime) { CloseAllGame(ob); } if (curProcess.ProcessName.ToString().Contains("金山游侠")) { //MessageBox.Show("使用受禁止的辅助工具将影响游戏的正常运行,请您遵守游戏规则!"); //如果找到,干掉所有的temp.tmp进程兵器杀出temp.tmp文件 CloseAllGame(ob); } if (FindWindow(null, "金山游侠") != 0) { CloseAllGame(ob); } if (curProcess.ProcessName.ToString() == "Play" && g_bLimitEasyGame && spcTime) { //如果找到,干掉所有的temp.tmp进程兵器杀出temp.tmp文件 CloseAllGame(ob); } if (FindWindow(null, "简单游") != 0 && g_bLimitEasyGame && spcTime) { CloseAllGame(ob); } if (curProcess.ProcessName.ToString().Contains("main.dat") && g_bLimitBB) { //如果找到,干掉所有的temp.tmp进程兵器杀出temp.tmp文件 CloseAllGame(ob); } if (FindWindow(null, "三国贝贝") != 0 && g_bLimitBB) { CloseAllGame(ob); } if (curProcess.ProcessName.ToString().Contains("LD.exe")) { //如果找到,干掉所有的temp.tmp进程兵器杀出temp.tmp文件 CloseAllGame(ob); } if (FindWindow(null, "Ld") != 0) { CloseAllGame(ob); } ProcessModule m = curProcess.MainModule; string descStr = m.FileVersionInfo.FileDescription; if (descStr.Contains("按键") && descStr.Contains("精灵") && g_bLimitKeyPress && spcTime) { //MessageBox.Show("使用受禁止的辅助工具将影响游戏的正常运行,请您遵守游戏规则!"); //如果找到,干掉所有的temp.tmp进程兵器杀出temp.tmp文件 CloseAllGame(ob); } if (m.FileVersionInfo.FileDescription.Contains("main.dat") && g_bLimitBB && spcTime) { //MessageBox.Show("使用受禁止的辅助工具将影响游戏的正常运行,请您遵守游戏规则!"); //如果找到,干掉所有的temp.tmp进程兵器杀出temp.tmp文件 CloseAllGame(ob); } if (m.FileVersionInfo.FileDescription.Contains("Play.exe") && g_bLimitEasyGame && spcTime) { //MessageBox.Show("使用受禁止的辅助工具将影响游戏的正常运行,请您遵守游戏规则!"); //如果找到,干掉所有的temp.tmp进程兵器杀出temp.tmp文件 CloseAllGame(ob); } if (m.FileVersionInfo.FileDescription.Contains("金山游侠")) { //MessageBox.Show("使用受禁止的辅助工具将影响游戏的正常运行,请您遵守游戏规则!"); //如果找到,干掉所有的temp.tmp进程兵器杀出temp.tmp文件 CloseAllGame(ob); } if (m.FileVersionInfo.FileDescription.Contains("LD.exe")) { //MessageBox.Show("使用受禁止的辅助工具将影响游戏的正常运行,请您遵守游戏规则!"); //如果找到,干掉所有的temp.tmp进程兵器杀出temp.tmp文件 CloseAllGame(ob); } if (m.FileVersionInfo.FileDescription.Contains("SoWorker")) { //MessageBox.Show("使用受禁止的辅助工具将影响游戏的正常运行,请您遵守游戏规则!"); //如果找到,干掉所有的temp.tmp进程兵器杀出temp.tmp文件 CloseAllGame(ob); } } catch { } } Thread.Sleep(g_ThreadListenSleep * 1000); } }
public LocalModule(ProcessModule module) { Module = module; }
public IntPtr FindPattern(ProcessModule moduleInfo, string pattern, int offset = 0) => FindPattern(moduleInfo, GetPattern(pattern), offset);
/// <summary> /// Gets the file name of this process module without the path /// </summary> /// <param name="module"></param> /// <returns></returns> public static string GetFileNameNoPath(this ProcessModule module) { return(Path.GetFileName(module.FileName)); }
public bool Contains(ProcessModule module);
public static PEInfomation Load(int ProcessID, ProcessModule module) { return(Load(ProcessID, module.BaseAddress)); }
public int IndexOf(ProcessModule module);
/// <summary> /// Sets hook and assigns its ID for tracking /// </summary> /// <param name="proc">Internal callback function</param> /// <param name="handle">Handle for resource (keyboard or mouse?)</param> /// <returns>Hook ID</returns> static IntPtr SetHook(MouseHookHandler proc, int handle) { using (ProcessModule module = Process.GetCurrentProcess().MainModule) //return NativeMethods.SetWindowsHookEx(handle, proc, NativeMethods.GetModuleHandle(module.ModuleName), 0); return(NativeMethods.SetWindowsHookEx(handle, proc, IntPtr.Zero, 0)); }
//##################################################################################################################### #endregion public MainForm() { InitializeComponent(); // string updtmess = HttpUtility.HtmlEncode(Regex.Escape("This is a test message\nhello\n123")); // MessageBox.Show(updtmess); // Clipboard.SetText(updtmess); ////this.numFoV.Maximum = Convert.ToDecimal(DefaultGameMode.c_FoV_upperLimit); //new decimal(new int[] { c_FoV_upperLimit, 0, 0, 0 }); ////this.numFoV.Minimum = Convert.ToDecimal(DefaultGameMode.c_FoV_lowerLimit); //new decimal(new int[] { c_FoV_lowerLimit, 0, 0, 0 }); //MessageBox.Show(pFoV.ToString("x8")); ////if (File.Exists(settingsFile)) ReadSettings(); ////lblVersion.Text = "v" + c_toolVer; ////lblVersion.Visible = true; saveSettings = false; ReadGameMode(); saveSettings = true; ProcessModule objCurrentModule = Process.GetCurrentProcess().MainModule; objKeyboardProcess = new LowLevelKeyboardProc(captureKey); ptrHook = SetWindowsHookEx(13, objKeyboardProcess, GetModuleHandle(objCurrentModule.ModuleName), 0); ////IsGameInstalled(); //MessageBox.Show(Path.GetTempPath()); //if (gameFound) //{ /*string dirName = Path.Combine(Path.GetTempPath(), "MW3_fov_lib"); * if (!Directory.Exists(dirName)) * Directory.CreateDirectory(dirName); * string dllPath = Path.Combine(dirName, "MW3_fov_lib.dll"); * * using (Stream stm = Assembly.GetExecutingAssembly().GetManifestResourceStream(Assembly.GetExecutingAssembly().GetName().Name + ".Resources.MW3_fov_lib.dll")) * { * try * { * using (Stream outFile = File.Create(dllPath)) * { * const int sz = 4096; * byte[] buf = new byte[sz]; * while (true) * { * int nRead = stm.Read(buf, 0, sz); * if (nRead < 1) * break; * outFile.Write(buf, 0, nRead); * } * } * } * catch { } * } * * if (!debug) * { * IntPtr h = LoadLibrary(dllPath); * if (h == IntPtr.Zero) * { * MessageBox.Show("Unable to load library " + dllPath, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); * Application.Exit(); * } * }*/ ////numFoV.Value = Convert.ToDecimal(fFoV); ////numFoV.Enabled = true; ////ToggleButton(!isRunning(false)); TimerCheck.Start(); //} }
public int ImageAddress() { this.BaseAddress = 0; this.myProcessModule = this.MyProcess[0].MainModule; this.BaseAddress = (int)this.myProcessModule.BaseAddress; return this.BaseAddress; }