/// <summary>
/// Finds a game process with a known engine.dll.
/// </summary>
Process GetGameProcess(out IntPtr curMapPtr, out IntPtr curTimePtr, out IntPtr signOnStatePtr)
{
string[] procs = GameProcesses.Select(x => x.ToLower().Replace(".exe", String.Empty)).ToArray();
Process p = Process.GetProcesses().FirstOrDefault(x => procs.Contains(x.ProcessName.ToLower()));
if (p != null && !p.HasExited && !IsVACProtectedProcess(p))
{
ProcessModuleEx engine = GetProcessModules(p).FirstOrDefault(x => x.ModuleName.ToLower() == "engine.dll");
if (engine != null)
{
var scanner = new SignatureScanner(p, engine.BaseAddress, engine.ModuleMemorySize);
curMapPtr = scanner.Scan(_curMapTarget);
curTimePtr = scanner.Scan(_curTimeTarget);
signOnStatePtr = scanner.Scan(_signOnStateTarget1);
if (signOnStatePtr == IntPtr.Zero)
{
signOnStatePtr = scanner.Scan(_signOnStateTarget2);
}
if (curMapPtr != IntPtr.Zero && curTimePtr != IntPtr.Zero && signOnStatePtr != IntPtr.Zero)
{
return(p);
}
}
Debug.WriteLine("Invalid process or unknown engine.dll");
}
curMapPtr = curTimePtr = signOnStatePtr = IntPtr.Zero;
return(null);
}
/// <summary>
/// Get the modules that have been loaded by the associated process.
/// This will get an x86 process' modules when running from x64 code,
/// unlike Process.Modules.
/// </summary>
static ProcessModuleEx[] GetProcessModules(Process p)
{
if (p.HasExited)
{
throw new ArgumentException("Process should be alive.");
}
if (!Environment.Is64BitProcess)
{
return(ModuleToModuleEx(p));
}
var ret = new List <ProcessModuleEx>();
IntPtr[] hMods = new IntPtr[1024];
uint uiSize = (uint)(IntPtr.Size * hMods.Length);
uint cbNeeded;
try
{
const int LIST_MODULES_ALL = 3;
if (!SafeNativeMethods.EnumProcessModulesEx(p.Handle, hMods, uiSize, out cbNeeded, LIST_MODULES_ALL))
{
throw new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error());
}
}
catch (EntryPointNotFoundException) // this function is only on vista and higher. this is likely only to happen on XP x64
{
return(ModuleToModuleEx(p)); // fall back
}
uint count = (uint)(cbNeeded / IntPtr.Size);
for (int i = 0; i < count; i++)
{
var info = new SafeNativeMethods.MODULEINFO();
var path = new StringBuilder(260);
var module = new ProcessModuleEx();
if (SafeNativeMethods.GetModuleFileNameEx(p.Handle, hMods[i], path, path.Capacity) > 0)
{
module.FileName = path.ToString();
module.ModuleName = Path.GetFileName(module.FileName);
}
if (SafeNativeMethods.GetModuleInformation(p.Handle, hMods[i], out info, (uint)Marshal.SizeOf(info)))
{
module.BaseAddress = info.lpBaseOfDll;
module.EntryPointAddress = info.EntryPoint;
module.ModuleMemorySize = (int)info.SizeOfImage;
ret.Add(module);
}
}
return(ret.ToArray());
}
static ProcessModuleEx[] ModuleToModuleEx(Process p)
{
var ret = new List <ProcessModuleEx>();
foreach (ProcessModule module in p.Modules)
{
var ex = new ProcessModuleEx {
BaseAddress = module.BaseAddress,
EntryPointAddress = module.EntryPointAddress,
FileName = module.FileName,
ModuleMemorySize = module.ModuleMemorySize,
ModuleName = module.ModuleName
};
ret.Add(ex);
}
return(ret.ToArray());
}
/// <summary>
/// Get the modules that have been loaded by the associated process.
/// This will get an x86 process' modules when running from x64 code,
/// unlike Process.Modules.
/// </summary>
static ProcessModuleEx[] GetProcessModules(Process p)
{
if (p.HasExited)
throw new ArgumentException("Process should be alive.");
if (!Environment.Is64BitProcess)
return ModuleToModuleEx(p);
var ret = new List<ProcessModuleEx>();
IntPtr[] hMods = new IntPtr[1024];
uint uiSize = (uint)(IntPtr.Size * hMods.Length);
uint cbNeeded;
try
{
const int LIST_MODULES_ALL = 3;
if (!SafeNativeMethods.EnumProcessModulesEx(p.Handle, hMods, uiSize, out cbNeeded, LIST_MODULES_ALL))
throw new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error());
}
catch (EntryPointNotFoundException) // this function is only on vista and higher. this is likely only to happen on XP x64
{
return ModuleToModuleEx(p); // fall back
}
uint count = (uint)(cbNeeded / IntPtr.Size);
for (int i = 0; i < count; i++)
{
var info = new SafeNativeMethods.MODULEINFO();
var path = new StringBuilder(260);
var module = new ProcessModuleEx();
if (SafeNativeMethods.GetModuleFileNameEx(p.Handle, hMods[i], path, path.Capacity) > 0)
{
module.FileName = path.ToString();
module.ModuleName = Path.GetFileName(module.FileName);
}
if (SafeNativeMethods.GetModuleInformation(p.Handle, hMods[i], out info, (uint)Marshal.SizeOf(info)))
{
module.BaseAddress = info.lpBaseOfDll;
module.EntryPointAddress = info.EntryPoint;
module.ModuleMemorySize = (int)info.SizeOfImage;
ret.Add(module);
}
}
return ret.ToArray();
}
static ProcessModuleEx[] ModuleToModuleEx(Process p)
{
var ret = new List<ProcessModuleEx>();
foreach (ProcessModule module in p.Modules)
{
var ex = new ProcessModuleEx {
BaseAddress = module.BaseAddress,
EntryPointAddress = module.EntryPointAddress,
FileName = module.FileName,
ModuleMemorySize = module.ModuleMemorySize,
ModuleName = module.ModuleName
};
ret.Add(ex);
}
return ret.ToArray();
}