public async Task Tick(string DllPath) { await Task.Delay(3000); await Task.Run(() => threadi(DllPath)); while (true) { var context = new CONTEXT(); try { if (!Win32Apis.GetThreadContext(this.thread, ref context)) { mutex.Close(); return; } await Task.Delay(5000); } catch (Exception) { try { mutex.Close(); throw; } catch (Exception) { throw; } } } }
private void threadi(string dllpath) { var si = new STARTUPINFO(); var pi = new PROCESS_INFORMATION(); byte[] array = File.ReadAllBytes(ExecutableName); var peptr = new byte[4]; Array.Copy(array, 0x3C, peptr, 0, 2); var temparray = new byte[4]; int peLocation = BytesToInt(peptr); int virtualSize = peLocation + 0x128; int virtualAddress = peLocation + 0x12C; int rawSize = peLocation + 0x130; int rawLocation = peLocation + 0x134; Array.Copy(array, rawSize, temparray, 0, 4); rawSize = BytesToInt(temparray); Array.Copy(array, rawLocation, temparray, 0, 4); rawLocation = BytesToInt(temparray); Array.Copy(array, virtualAddress, temparray, 0, 4); virtualAddress = BytesToInt(temparray) + 0x400000; Array.Copy(array, virtualSize, temparray, 0, 4); virtualSize = Round1000(BytesToInt(temparray)); int steamapi = IndexOf(array, Encoding.ASCII.GetBytes("steam_api.dll")); if (steamapi < rawLocation && steamapi > rawLocation + rawSize) { throw new Exception("未找到steam_api.dll!请确认你的游戏根目录是否存在此文件!"); } int location = steamapi - rawLocation; if ( !Win32Apis.CreateProcess( ExecutableName, Commandargs, IntPtr.Zero, IntPtr.Zero, false, 0x4 | 0x200, IntPtr.Zero, null, ref si, out pi)) { throw new Exception("创建进程失败!"); } thread = pi.hThread; uint oldprot; Win32Apis.VirtualProtectEx( pi.hProcess, new IntPtr(virtualAddress), new UIntPtr((uint)virtualSize), 0x40, out oldprot); UIntPtr ptr; Win32Apis.WriteProcessMemory( pi.hProcess, new IntPtr(virtualAddress + location), Encoding.ASCII.GetBytes(dllpath), (uint)dllpath.Length + 1, out ptr); uint newprot; Win32Apis.VirtualProtectEx( pi.hProcess, new IntPtr(virtualAddress), new UIntPtr((uint)virtualSize), oldprot, out newprot); if (ptr == (UIntPtr)0) { Win32Apis.TerminateProcess(pi.hProcess, 0); Win32Apis.TerminateThread(pi.hThread, 0); throw new Exception("无法修改进程内存!"); } mutex = new Mutex(false, "TeknoMW3" + (pi.dwProcessId ^ 0x57).ToString("X8")); Win32Apis.ResumeThread(pi.hThread); }