You last visited: Today at 22:40
Advertisement
[Release] 4Botters Key Dumper (New Protection)
Discussion on [Release] 4Botters Key Dumper (New Protection) within the CO2 Exploits, Hacks & Tools forum part of the Conquer Online 2 category.
08/05/2011, 18:47
#1
elite*gold: 0
Join Date: Mar 2005
Posts: 1,430
Received Thanks: 1,586
[Release] 4Botters Key Dumper (New Protection)
here u go, this will give you the blowfish/Crypt key for any binary server protected with the new 4botters protection.
with the key you can create a unprotected version of the conquer.exe to use with any binary server.
Source code available upon request.
Regards
Ulti.
PS. This was coded in Visual Studio (C#) and i have not obfuscated the code, so u can take a look, please note if you using the ManagedMemoryManipulation code in any of your programs to include my name in the credits.
Attached Files
4BottersKeyDumper.rar
(71.9 KB, 868 views)
08/08/2011, 22:09
#2
elite*gold: 0
Join Date: Oct 2009
Posts: 49
Received Thanks: 4
This is sick
08/09/2011, 19:00
#3
elite*gold: 0
Join Date: Jun 2010
Posts: 75
Received Thanks: 8
does it work on the latest patchs too? xD
08/25/2011, 10:28
#4
elite*gold: 0
Join Date: May 2011
Posts: 1,769
Received Thanks: 756
*****.
08/25/2011, 12:21
#5
elite*gold: 0
Join Date: Aug 2009
Posts: 560
Received Thanks: 774
trollololzz jacob
08/25/2011, 12:29
#6
elite*gold: 0
Join Date: May 2011
Posts: 1,769
Received Thanks: 756
Quote:
Originally Posted by
zhalyn
trollololzz jacob
09/02/2011, 10:27
#7
elite*gold: 0
Join Date: Apr 2009
Posts: 71
Received Thanks: 16
Well, after getting the blowfish code, how to use it for new conquer.exe to get the unprotected version ? thanks.
09/30/2011, 23:51
#8
elite*gold: 0
Join Date: Oct 2009
Posts: 49
Received Thanks: 4
this aint workin wid the new anti bot protection sservers got now its called NeZaMy or sumtin like dat
10/01/2011, 21:01
#9
elite*gold: 0
Join Date: May 2011
Posts: 1,769
Received Thanks: 756
Quote:
Originally Posted by
adam1212
this aint workin wid the new anti bot protection sservers got now its called NeZaMy or sumtin like dat
Too bad.
10/02/2011, 14:58
#10
elite*gold: 0
Join Date: Nov 2010
Posts: 371
Received Thanks: 120
If someone wants his source code:
Hooking:
Code:
using ManagedMemoryManipulation;
using System;
using System.Diagnostics;
using System.IO;
using System.Threading;
namespace KeyDumper
{
public class Hooking
{
private IntPtr processid = new IntPtr(0);
private uint ReadAddy = 0U;
private MemoryManipulation mem;
private Process proc;
public bool ReadKey(out string message)
{
try
{
if ((int) this.ReadAddy != 0)
{
string str = this.mem.Process.ReadASCIIString(this.mem.Process.ReadUInt(this.ReadAddy), 16);
if (str != "")
{
message = "Found Key: " + str;
return true;
}
else
{
message = "Waiting for you to login";
return false;
}
}
else
{
message = "Waiting for you to login";
return false;
}
}
catch (Exception ex)
{
message = "Target process not running";
return false;
}
}
public void KillProcess()
{
try
{
this.mem.Process.CloseProcess();
this.proc.Kill();
}
catch (Exception ex)
{
}
}
public void RemoveChecks()
{
this.mem.InjectCode(new string[7]
{
"nop",
"nop",
"nop",
"nop",
"nop",
"nop",
"nop"
}, 9507327U);
}
public void LoadTarget(string filename)
{
this.proc = new Process();
this.proc.StartInfo = new ProcessStartInfo()
{
FileName = filename,
Arguments = "blacknull",
WorkingDirectory = Path.GetDirectoryName(filename)
};
this.proc.Start();
this.proc.WaitForInputIdle();
Thread.Sleep(2000);
this.processid = this.proc.MainWindowHandle;
this.mem = new MemoryManipulation(this.processid);
}
public void Hook()
{
try
{
if (!this.mem.Process.IsProcessOpen)
return;
this.ReadAddy = this.mem.Process.AllocateMemory(50);
this.mem.InjectCode(new string[1]
{
"jmp " + (object) this.mem.InjectCode(new string[3]
{
"mov [" + (object) this.ReadAddy + "] , eax",
"call 0x0050ADB6",
"jmp 0x4FE129"
})
}, 5234980U);
}
catch (Exception ex)
{
}
}
}
}
Then the DLL. (FASMDLL_Managed)
Code:
using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Text;
namespace Fasm
{
public class ManagedFasm : IDisposable
{
private StringBuilder m_AssemblyString;
private List<IntPtr> m_ThreadHandles;
private IntPtr m_hProcess;
private int m_MemorySize;
private int m_PassLimit;
public ManagedFasm(IntPtr hProcess)
{
this.m_hProcess = hProcess;
this.m_AssemblyString = new StringBuilder("use32\n");
this.m_ThreadHandles = new List<IntPtr>();
this.m_MemorySize = 4096;
this.m_PassLimit = 100;
}
public ManagedFasm()
{
this.m_AssemblyString = new StringBuilder("use32\n");
this.m_ThreadHandles = new List<IntPtr>();
this.m_MemorySize = 4096;
this.m_PassLimit = 100;
}
private unsafe void \u007EManagedFasm()
{
for (int index = 0; index < this.m_ThreadHandles.Count; ++index)
\u003CModule\u003E.CloseHandle((void*) this.m_ThreadHandles[index].ToInt32());
this.m_ThreadHandles.Clear();
}
public void AddLine(string szFormatString, params object[] args)
{
this.m_AssemblyString.AppendFormat(szFormatString + "\n", args);
}
public void AddLine(string szLine)
{
this.m_AssemblyString.Append(szLine + "\n");
}
public void Add(string szFormatString, params object[] args)
{
this.m_AssemblyString.AppendFormat(szFormatString, args);
}
public void Add(string szLine)
{
this.m_AssemblyString.Append(szLine);
}
public void InsertLine(string szLine, int nIndex)
{
this.m_AssemblyString.Insert(nIndex, szLine + "\n");
}
public void Insert(string szLine, int nIndex)
{
this.m_AssemblyString.Insert(nIndex, szLine);
}
public void Clear()
{
this.m_AssemblyString = new StringBuilder("use32\n");
}
public static unsafe byte[] Assemble(string szSource, int nMemorySize, int nPassLimit)
{
IntPtr num = new IntPtr();
IntPtr hglobal = Marshal.StringToHGlobalAnsi(szSource);
\u003CModule\u003E._c_FasmAssemble((sbyte*) hglobal.ToPointer(), (uint) nMemorySize, (uint) nPassLimit);
_c_FasmState* cFasmStatePtr = (_c_FasmState*) \u003CModule\u003E._c_fasm_memorybuf;
Marshal.FreeHGlobal(hglobal);
if (*(int*) cFasmStatePtr != 0)
throw new Exception(string.Format("Assembly failed! Error code: {0}; Error Line: {1}", (object) *(int*) ((IntPtr) cFasmStatePtr + 4), (object) (uint) *(int*) (*(int*) ((IntPtr) cFasmStatePtr + 8) + 4)));
byte[] destination = new byte[*(int*) ((IntPtr) cFasmStatePtr + 4)];
Marshal.Copy((IntPtr) ((void*) *(int*) ((IntPtr) cFasmStatePtr + 8)), destination, 0, *(int*) ((IntPtr) cFasmStatePtr + 4));
return destination;
}
public static byte[] Assemble(string szSource, int nMemorySize)
{
return ManagedFasm.Assemble(szSource, nMemorySize, 100);
}
public static byte[] Assemble(string szSource)
{
return ManagedFasm.Assemble(szSource, 4096, 100);
}
public byte[] Assemble()
{
return ManagedFasm.Assemble(this.m_AssemblyString.ToString(), this.m_MemorySize, this.m_PassLimit);
}
[return: MarshalAs(UnmanagedType.U1)]
public bool Inject(uint dwAddress)
{
ManagedFasm managedFasm = this;
IntPtr hProcess = managedFasm.m_hProcess;
int num = (int) dwAddress;
return managedFasm.Inject(hProcess, (uint) num);
}
[return: MarshalAs(UnmanagedType.U1)]
public unsafe bool Inject(IntPtr hProcess, uint dwAddress)
{
bool flag1;
if (hProcess == IntPtr.Zero)
{
flag1 = false;
}
else
{
if (this.m_AssemblyString.ToString().Contains("use64") || this.m_AssemblyString.ToString().Contains("use16"))
this.m_AssemblyString.Replace("use32\n", "");
if (!this.m_AssemblyString.ToString().Contains("org "))
this.m_AssemblyString.Insert(0, string.Format("org 0x{0:X08}\n", (object) dwAddress));
IntPtr hglobal = IntPtr.Zero;
try
{
bool flag2;
try
{
hglobal = Marshal.StringToHGlobalAnsi(this.m_AssemblyString.ToString());
int num = (int) \u003CModule\u003E._c_FasmAssemble((sbyte*) hglobal.ToPointer(), (uint) this.m_MemorySize, (uint) this.m_PassLimit);
goto label_13;
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
flag2 = false;
}
flag1 = flag2;
goto label_16;
}
finally
{
if (hglobal != IntPtr.Zero)
Marshal.FreeHGlobal(hglobal);
}
label_13:
_c_FasmState* cFasmStatePtr = (_c_FasmState*) \u003CModule\u003E._c_fasm_memorybuf;
if (*(int*) cFasmStatePtr != 0)
throw new Exception(string.Format("Assembly failed! Error code: {0}; Error Line: {1}", (object) *(int*) ((IntPtr) cFasmStatePtr + 4), (object) (uint) *(int*) (*(int*) ((IntPtr) cFasmStatePtr + 8) + 4)));
flag1 = \u003CModule\u003E.WriteProcessMemory((void*) hProcess, (void*) dwAddress, (void*) *(int*) ((IntPtr) cFasmStatePtr + 8), (uint) *(int*) ((IntPtr) cFasmStatePtr + 4), (uint*) 0) != 0 || false;
}
label_16:
return flag1;
}
public uint InjectAndExecute(uint dwAddress)
{
ManagedFasm managedFasm = this;
IntPtr hProcess = managedFasm.m_hProcess;
int num1 = (int) dwAddress;
int num2 = 0;
return managedFasm.InjectAndExecute(hProcess, (uint) num1, (uint) num2);
}
public uint InjectAndExecute(IntPtr hProcess, uint dwAddress)
{
return this.InjectAndExecute(hProcess, dwAddress, 0U);
}
public unsafe uint InjectAndExecute(IntPtr hProcess, uint dwAddress, uint dwParameter)
{
if (hProcess == IntPtr.Zero)
throw new ArgumentNullException("hProcess");
if ((int) dwAddress == 0)
throw new ArgumentNullException("dwAddress");
uint num = 0U;
if (!this.Inject(hProcess, dwAddress))
throw new Exception("Injection failed for some reason.");
// ISSUE: cast to a function pointer type
void* remoteThread = \u003CModule\u003E.CreateRemoteThread((void*) hProcess.ToInt32(), (_SECURITY_ATTRIBUTES*) 0, 0U, (__FnPtr<uint (void*)>) (int) dwAddress, (void*) dwParameter, 0U, (uint*) 0);
if ((IntPtr) remoteThread == IntPtr.Zero)
throw new Exception("Remote thread failed.");
try
{
if ((int) \u003CModule\u003E.WaitForSingleObject(remoteThread, 10000U) == 0)
{
if (\u003CModule\u003E.GetExitCodeThread(remoteThread, &num) == 0)
throw new Exception("Could not get thread exit code.");
}
}
finally
{
\u003CModule\u003E.CloseHandle(remoteThread);
}
return num;
}
public IntPtr InjectAndExecuteEx(uint dwAddress)
{
ManagedFasm managedFasm = this;
IntPtr hProcess = managedFasm.m_hProcess;
int num1 = (int) dwAddress;
int num2 = 0;
return managedFasm.InjectAndExecuteEx(hProcess, (uint) num1, (uint) num2);
}
public IntPtr InjectAndExecuteEx(IntPtr hProcess, uint dwAddress)
{
return this.InjectAndExecuteEx(hProcess, dwAddress, 0U);
}
public unsafe IntPtr InjectAndExecuteEx(IntPtr hProcess, uint dwAddress, uint dwParameter)
{
this.Inject(hProcess, dwAddress);
// ISSUE: cast to a function pointer type
void* remoteThread = \u003CModule\u003E.CreateRemoteThread((void*) hProcess.ToInt32(), (_SECURITY_ATTRIBUTES*) 0, 0U, (__FnPtr<uint (void*)>) (int) dwAddress, (void*) dwParameter, 0U, (uint*) 0);
this.m_ThreadHandles.Add((IntPtr) remoteThread);
return (IntPtr) remoteThread;
}
public IntPtr GetProcessHandle()
{
return this.m_hProcess;
}
public void SetProcessHandle(IntPtr Value)
{
this.m_hProcess = Value;
}
public int GetMemorySize()
{
return this.m_MemorySize;
}
public void SetMemorySize(int Value)
{
this.m_MemorySize = Value;
}
public int GetPassLimit()
{
return this.m_PassLimit;
}
public void SetPassLimit(int Value)
{
this.m_PassLimit = Value;
}
protected virtual void Dispose([MarshalAs(UnmanagedType.U1)] bool _param1)
{
if (param0)
{
this.\u007EManagedFasm();
}
else
{
// ISSUE: explicit finalizer call
this.Finalize();
}
}
public virtual void Dispose()
{
this.Dispose(true);
GC.SuppressFinalize((object) this);
}
}
}
ManagedMemoryManipulation:
AccessRights:
namespace Magic
BlackMagic:
Code:
using Fasm;
using System;
using System.Collections;
using System.Collections.Generic;
using System.Diagnostics;
namespace Magic
{
public sealed class BlackMagic
{
public bool SetDebugPrivileges = true;
private IntPtr m_hProcess = IntPtr.Zero;
private IntPtr m_hWnd = IntPtr.Zero;
private IntPtr m_hThread = IntPtr.Zero;
private const uint RETURN_ERROR = 0U;
private bool m_bProcessOpen;
private bool m_bThreadOpen;
private int m_ProcessId;
private int m_ThreadId;
private ProcessModule m_MainModule;
private ProcessModuleCollection m_Modules;
private List<BlackMagic.PatternDataEntry> m_Data;
public bool IsProcessOpen
{
get
{
return this.m_bProcessOpen;
}
}
public bool IsThreadOpen
{
get
{
return this.m_bThreadOpen;
}
}
public IntPtr ProcessHandle
{
get
{
return this.m_hProcess;
}
}
public int ProcessId
{
get
{
return this.m_ProcessId;
}
}
public IntPtr WindowHandle
{
get
{
return this.m_hWnd;
}
}
public int ThreadId
{
get
{
return this.m_ThreadId;
}
}
public IntPtr ThreadHandle
{
get
{
return this.m_hThread;
}
}
public ProcessModule MainModule
{
get
{
return this.m_MainModule;
}
}
public ProcessModuleCollection Modules
{
get
{
return this.m_Modules;
}
}
public ManagedFasm Asm { get; set; }
public BlackMagic()
{
this.Asm = new ManagedFasm();
this.m_Data = new List<BlackMagic.PatternDataEntry>();
if (!this.m_bProcessOpen || !(this.m_hProcess != IntPtr.Zero))
return;
this.Asm.SetProcessHandle(this.m_hProcess);
}
public BlackMagic(int ProcessId)
: this()
{
this.m_bProcessOpen = this.Open(ProcessId);
}
public BlackMagic(IntPtr WindowHandle)
: this(SProcess.GetProcessFromWindow(WindowHandle))
{
}
~BlackMagic()
{
this.Close();
}
public uint Execute(uint dwStartAddress, uint dwParameter)
{
UIntPtr lpExitCode = UIntPtr.Zero;
IntPtr remoteThread = this.CreateRemoteThread(dwStartAddress, dwParameter);
if (remoteThread == IntPtr.Zero)
throw new Exception("Thread could not be remotely created.");
bool flag = (int) SThread.WaitForSingleObject(remoteThread, 10000U) == 0;
if (flag)
flag = Imports.GetExitCodeThread(remoteThread, out lpExitCode);
Imports.CloseHandle(remoteThread);
if (!flag)
throw new Exception("Error waiting for thread to exit or getting exit code.");
else
return (uint) lpExitCode;
}
public uint Execute(uint dwStartAddress)
{
return this.Execute(dwStartAddress, 0U);
}
public IntPtr CreateRemoteThread(uint dwStartAddress, uint dwParameter, uint dwCreationFlags, out uint dwThreadId)
{
if (this.m_bProcessOpen)
return SThread.CreateRemoteThread(this.m_hProcess, dwStartAddress, dwParameter, dwCreationFlags, out dwThreadId);
dwThreadId = 0U;
return IntPtr.Zero;
}
public IntPtr CreateRemoteThread(uint dwStartAddress, uint dwParameter, out uint dwThreadId)
{
return this.CreateRemoteThread(dwStartAddress, dwParameter, 0U, out dwThreadId);
}
public IntPtr CreateRemoteThread(uint dwStartAddress, uint dwParameter)
{
uint dwThreadId;
return this.CreateRemoteThread(dwStartAddress, dwParameter, 0U, out dwThreadId);
}
public bool SuspendThread(IntPtr hThread)
{
if ((int) SThread.SuspendThread(hThread) != -1)
return true;
else
return false;
}
public bool SuspendThread()
{
if (!this.m_bThreadOpen)
return false;
else
return this.SuspendThread(this.m_hThread);
}
public bool ResumeThread(IntPtr hThread)
{
if ((int) SThread.ResumeThread(hThread) != -1)
return true;
else
return false;
}
public bool ResumeThread()
{
if (!this.m_bThreadOpen)
return false;
else
return this.ResumeThread(this.m_hThread);
}
public bool WriteBytes(uint dwAddress, byte[] Value, int nSize)
{
return SMemory.WriteBytes(this.m_hProcess, dwAddress, Value, nSize);
}
public bool WriteBytes(uint dwAddress, byte[] Value)
{
return this.WriteBytes(dwAddress, Value, Value.Length);
}
public bool WriteByte(uint dwAddress, byte Value)
{
return SMemory.WriteByte(this.m_hProcess, dwAddress, Value);
}
public bool WriteSByte(uint dwAddress, sbyte Value)
{
return SMemory.WriteSByte(this.m_hProcess, dwAddress, Value);
}
public bool WriteUShort(uint dwAddress, ushort Value)
{
return SMemory.WriteUShort(this.m_hProcess, dwAddress, Value);
}
public bool WriteShort(uint dwAddress, short Value)
{
return SMemory.WriteShort(this.m_hProcess, dwAddress, Value);
}
public bool WriteUInt(uint dwAddress, uint Value)
{
return SMemory.WriteUInt(this.m_hProcess, dwAddress, Value);
}
public bool WriteInt(uint dwAddress, int Value)
{
return SMemory.WriteInt(this.m_hProcess, dwAddress, Value);
}
public bool WriteUInt64(uint dwAddress, ulong Value)
{
return SMemory.WriteUInt64(this.m_hProcess, dwAddress, Value);
}
public bool WriteInt64(uint dwAddress, long Value)
{
return SMemory.WriteInt64(this.m_hProcess, dwAddress, Value);
}
public bool WriteFloat(uint dwAddress, float Value)
{
return SMemory.WriteFloat(this.m_hProcess, dwAddress, Value);
}
public bool WriteDouble(uint dwAddress, double Value)
{
return SMemory.WriteDouble(this.m_hProcess, dwAddress, Value);
}
public bool WriteObject(uint dwAddress, object Value, Type objType)
{
return SMemory.WriteObject(this.m_hProcess, dwAddress, Value, objType);
}
public bool WriteObject(uint dwAddress, object Value)
{
return SMemory.WriteObject(this.m_hProcess, dwAddress, Value, Value.GetType());
}
public bool WriteASCIIString(uint dwAddress, string Value)
{
return SMemory.WriteASCIIString(this.m_hProcess, dwAddress, Value);
}
public bool WriteUnicodeString(uint dwAddress, string Value)
{
return SMemory.WriteUnicodeString(this.m_hProcess, dwAddress, Value);
}
public byte[] ReadBytes(uint dwAddress, int nSize)
{
if (!this.m_bProcessOpen || this.m_hProcess == IntPtr.Zero)
throw new Exception("Process is not open for read/write.");
else
return SMemory.ReadBytes(this.m_hProcess, dwAddress, nSize);
}
public byte ReadByte(uint dwAddress)
{
if (!this.m_bProcessOpen || this.m_hProcess == IntPtr.Zero)
throw new Exception("Process is not open for read/write.");
else
return SMemory.ReadByte(this.m_hProcess, dwAddress);
}
public sbyte ReadSByte(uint dwAddress)
{
if (!this.m_bProcessOpen || this.m_hProcess == IntPtr.Zero)
throw new Exception("Process is not open for read/write.");
else
return SMemory.ReadSByte(this.m_hProcess, dwAddress);
}
public ushort ReadUShort(uint dwAddress)
{
return this.ReadUShort(dwAddress, false);
}
public ushort ReadUShort(uint dwAddress, bool bReverse)
{
if (!this.m_bProcessOpen || this.m_hProcess == IntPtr.Zero)
throw new Exception("Process is not open for read/write.");
else
return SMemory.ReadUShort(this.m_hProcess, dwAddress, bReverse);
}
public short ReadShort(uint dwAddress)
{
return this.ReadShort(dwAddress, false);
}
public short ReadShort(uint dwAddress, bool bReverse)
{
if (!this.m_bProcessOpen || this.m_hProcess == IntPtr.Zero)
throw new Exception("Process is not open for read/write.");
else
return SMemory.ReadShort(this.m_hProcess, dwAddress, bReverse);
}
public uint ReadUInt(uint dwAddress)
{
return this.ReadUInt(dwAddress, false);
}
public uint ReadUInt(uint dwAddress, bool bReverse)
{
if (!this.m_bProcessOpen || this.m_hProcess == IntPtr.Zero)
throw new Exception("Process is not open for read/write.");
else
return SMemory.ReadUInt(this.m_hProcess, dwAddress, bReverse);
}
public int ReadInt(uint dwAddress)
{
return this.ReadInt(dwAddress, false);
}
public int ReadInt(uint dwAddress, bool bReverse)
{
if (!this.m_bProcessOpen || this.m_hProcess == IntPtr.Zero)
throw new Exception("Process is not open for read/write.");
else
return SMemory.ReadInt(this.m_hProcess, dwAddress, bReverse);
}
public ulong ReadUInt64(uint dwAddress)
{
return this.ReadUInt64(dwAddress, false);
}
public ulong ReadUInt64(uint dwAddress, bool bReverse)
{
if (!this.m_bProcessOpen || this.m_hProcess == IntPtr.Zero)
throw new Exception("Process is not open for read/write.");
else
return SMemory.ReadUInt64(this.m_hProcess, dwAddress, bReverse);
}
public long ReadInt64(uint dwAddress)
{
return this.ReadInt64(dwAddress, false);
}
public long ReadInt64(uint dwAddress, bool bReverse)
{
if (!this.m_bProcessOpen || this.m_hProcess == IntPtr.Zero)
throw new Exception("Process is not open for read/write.");
else
return SMemory.ReadInt64(this.m_hProcess, dwAddress, bReverse);
}
public float ReadFloat(uint dwAddress)
{
return this.ReadFloat(dwAddress, false);
}
public float ReadFloat(uint dwAddress, bool bReverse)
{
if (!this.m_bProcessOpen || this.m_hProcess == IntPtr.Zero)
throw new Exception("Process is not open for read/write.");
else
return SMemory.ReadFloat(this.m_hProcess, dwAddress, bReverse);
}
public double ReadDouble(uint dwAddress)
{
return this.ReadDouble(dwAddress, false);
}
public double ReadDouble(uint dwAddress, bool bReverse)
{
if (!this.m_bProcessOpen || this.m_hProcess == IntPtr.Zero)
throw new Exception("Process is not open for read/write.");
else
return SMemory.ReadDouble(this.m_hProcess, dwAddress, bReverse);
}
public object ReadObject(uint dwAddress, Type objType)
{
if (!this.m_bProcessOpen || this.m_hProcess == IntPtr.Zero)
throw new Exception("Process is not open for read/write.");
else
return SMemory.ReadObject(this.m_hProcess, dwAddress, objType);
}
public string ReadASCIIString(uint dwAddress, int nLength)
{
return SMemory.ReadASCIIString(this.m_hProcess, dwAddress, nLength);
}
public string ReadUnicodeString(uint dwAddress, int nLength)
{
return SMemory.ReadUnicodeString(this.m_hProcess, dwAddress, nLength);
}
public uint AllocateMemory(int nSize, uint dwAllocationType, uint dwProtect)
{
return SMemory.AllocateMemory(this.m_hProcess, nSize, dwAllocationType, dwProtect);
}
public uint AllocateMemory(int nSize)
{
return this.AllocateMemory(nSize, 4096U, 64U);
}
public uint AllocateMemory()
{
return this.AllocateMemory(4096);
}
public bool FreeMemory(uint dwAddress, int nSize, uint dwFreeType)
{
return SMemory.FreeMemory(this.m_hProcess, dwAddress, nSize, dwFreeType);
}
public bool FreeMemory(uint dwAddress)
{
return this.FreeMemory(dwAddress, 0, 32768U);
}
public bool Open(int ProcessId)
{
if (ProcessId == 0)
return false;
if (ProcessId == this.m_ProcessId)
return true;
if (this.m_bProcessOpen)
this.CloseProcess();
if (this.SetDebugPrivileges)
Process.EnterDebugMode();
this.m_bProcessOpen = (this.m_hProcess = SProcess.OpenProcess(ProcessId)) != IntPtr.Zero;
if (this.m_bProcessOpen)
{
this.m_ProcessId = ProcessId;
this.m_hWnd = SWindow.FindWindowByProcessId(ProcessId);
this.m_Modules = Process.GetProcessById(this.m_ProcessId).Modules;
this.m_MainModule = this.m_Modules[0];
if (this.Asm == null)
this.Asm = new ManagedFasm(this.m_hProcess);
else
this.Asm.SetProcessHandle(this.m_hProcess);
}
return this.m_bProcessOpen;
}
public bool Open(IntPtr WindowHandle)
{
if (WindowHandle == IntPtr.Zero)
return false;
else
return this.Open(SProcess.GetProcessFromWindow(WindowHandle));
}
public bool OpenThread(int dwThreadId)
{
if (dwThreadId == 0)
return false;
if (dwThreadId == this.m_ThreadId)
return true;
if (this.m_bThreadOpen)
this.CloseThread();
this.m_bThreadOpen = (this.m_hThread = SThread.OpenThread(dwThreadId)) != IntPtr.Zero;
if (this.m_bThreadOpen)
this.m_ThreadId = dwThreadId;
return this.m_bThreadOpen;
}
public bool OpenThread()
{
if (this.m_bProcessOpen)
return this.OpenThread(SThread.GetMainThreadId(this.m_ProcessId));
else
return false;
}
public bool OpenProcessAndThread(int dwProcessId)
{
if (this.Open(dwProcessId) && this.OpenThread())
return true;
this.Close();
return false;
}
public bool OpenProcessAndThread(IntPtr WindowHandle)
{
if (this.Open(WindowHandle) && this.OpenThread())
return true;
this.Close();
return false;
}
public void Close()
{
this.Asm.Dispose();
this.CloseProcess();
this.CloseThread();
}
public void CloseProcess()
{
if (this.m_hProcess != IntPtr.Zero)
Imports.CloseHandle(this.m_hProcess);
this.m_hProcess = IntPtr.Zero;
this.m_hWnd = IntPtr.Zero;
this.m_ProcessId = 0;
this.m_MainModule = (ProcessModule) null;
this.m_Modules = (ProcessModuleCollection) null;
this.m_bProcessOpen = false;
this.Asm.SetProcessHandle(IntPtr.Zero);
}
public void CloseThread()
{
if (this.m_hThread != IntPtr.Zero)
Imports.CloseHandle(this.m_hThread);
this.m_hThread = IntPtr.Zero;
this.m_ThreadId = 0;
this.m_bThreadOpen = false;
}
public string GetModuleFilePath()
{
return this.m_MainModule.FileName;
}
public string GetModuleFilePath(int index)
{
return this.m_Modules[index].FileName;
}
public string GetModuleFilePath(string sModuleName)
{
foreach (ProcessModule processModule in (ReadOnlyCollectionBase) this.m_Modules)
{
if (processModule.ModuleName.ToLower().Equals(sModuleName.ToLower()))
return processModule.FileName;
}
return string.Empty;
}
public ProcessModule GetModule(string sModuleName)
{
foreach (ProcessModule processModule in (ReadOnlyCollectionBase) this.m_Modules)
{
if (processModule.ModuleName.ToLower().Equals(sModuleName.ToLower()))
return processModule;
}
return (ProcessModule) null;
}
public ProcessModule GetModule(uint dwAddress)
{
foreach (ProcessModule processModule in (ReadOnlyCollectionBase) this.m_Modules)
{
if ((uint) (int) processModule.BaseAddress <= dwAddress && (long) (uint) (int) processModule.BaseAddress + (long) processModule.ModuleMemorySize >= (long) dwAddress)
return processModule;
}
return (ProcessModule) null;
}
public uint FindPattern(byte[] bPattern, string szMask)
{
return this.FindPattern((uint) (int) this.MainModule.BaseAddress, this.MainModule.ModuleMemorySize, bPattern, szMask);
}
public uint FindPattern(string szPattern, string szMask, char Delimiter)
{
string[] strArray = szPattern.Split(new char[1]
{
Delimiter
});
byte[] bPattern = new byte[strArray.Length];
for (int index = 0; index < bPattern.Length; ++index)
bPattern[index] = Convert.ToByte(strArray[index], 16);
return this.FindPattern(bPattern, szMask);
}
public uint FindPattern(string szPattern, string szMask)
{
return this.FindPattern(szPattern, szMask, ' ');
}
public uint FindPattern(ProcessModule pModule, byte[] bPattern, string szMask)
{
return this.FindPattern((uint) (int) pModule.BaseAddress, pModule.ModuleMemorySize, bPattern, szMask);
}
public uint FindPattern(ProcessModule pModule, string szPattern, string szMask, char Delimiter)
{
string[] strArray = szPattern.Split(new char[1]
{
Delimiter
});
byte[] bPattern = new byte[strArray.Length];
for (int index = 0; index < bPattern.Length; ++index)
bPattern[index] = Convert.ToByte(strArray[index], 16);
return this.FindPattern(pModule, bPattern, szMask);
}
public uint FindPattern(ProcessModule pModule, string szPattern, string szMask)
{
return this.FindPattern(pModule, szPattern, szMask, ' ');
}
public uint FindPattern(ProcessModuleCollection pModules, byte[] bPattern, string szMask)
{
uint num = 0U;
foreach (ProcessModule pModule in (ReadOnlyCollectionBase) pModules)
{
num = this.FindPattern(pModule, bPattern, szMask);
if ((int) num != 0)
break;
}
return num;
}
public uint FindPattern(ProcessModuleCollection pModules, string szPattern, string szMask, char Delimiter)
{
string[] strArray = szPattern.Split(new char[1]
{
Delimiter
});
byte[] bPattern = new byte[strArray.Length];
for (int index = 0; index < bPattern.Length; ++index)
bPattern[index] = Convert.ToByte(strArray[index], 16);
return this.FindPattern(pModules, bPattern, szMask);
}
public uint FindPattern(ProcessModuleCollection pModules, string szPattern, string szMask)
{
return this.FindPattern(pModules, szPattern, szMask, ' ');
}
public uint FindPattern(ProcessModule[] pModules, byte[] bPattern, string szMask)
{
return this.FindPattern(new ProcessModuleCollection(pModules), bPattern, szMask);
}
public uint FindPattern(ProcessModule[] pModules, string szPattern, string szMask, char Delimiter)
{
return this.FindPattern(new ProcessModuleCollection(pModules), szPattern, szMask, Delimiter);
}
public uint FindPattern(ProcessModule[] pModules, string szPattern, string szMask)
{
return this.FindPattern(new ProcessModuleCollection(pModules), szPattern, szMask, ' ');
}
public uint FindPattern(uint dwStart, int nSize, byte[] bPattern, string szMask)
{
BlackMagic.PatternDataEntry patternDataEntry1 = (BlackMagic.PatternDataEntry) null;
foreach (BlackMagic.PatternDataEntry patternDataEntry2 in this.m_Data)
{
if ((int) dwStart == (int) patternDataEntry2.Start && nSize == patternDataEntry2.Size)
{
patternDataEntry1 = patternDataEntry2;
break;
}
}
if (patternDataEntry1 == null)
{
patternDataEntry1 = new BlackMagic.PatternDataEntry(dwStart, nSize, this.ReadBytes(dwStart, nSize));
this.m_Data.Add(patternDataEntry1);
}
return dwStart + SPattern.FindPattern(patternDataEntry1.bData, bPattern, szMask);
}
public uint FindPattern(uint dwStart, int nSize, string szPattern, string szMask, char Delimiter)
{
string[] strArray = szPattern.Split(new char[1]
{
Delimiter
});
byte[] bPattern = new byte[strArray.Length];
for (int index = 0; index < bPattern.Length; ++index)
bPattern[index] = Convert.ToByte(strArray[index], 16);
return this.FindPattern(dwStart, nSize, bPattern, szMask);
}
public uint FindPattern(uint dwStart, int nSize, string szPattern, string szMask)
{
return this.FindPattern(dwStart, nSize, szPattern, szMask, ' ');
}
private class PatternDataEntry
{
public byte[] bData;
public uint Start;
public int Size;
public PatternDataEntry()
{
}
public PatternDataEntry(uint Start, int Size, byte[] bData)
{
this.Start = Start;
this.Size = Size;
this.bData = bData;
}
}
}
}
CONTEXT:
Code:
using System.Runtime.InteropServices;
namespace Magic
{
public struct CONTEXT
{
public uint ContextFlags;
public uint Dr0;
public uint Dr1;
public uint Dr2;
public uint Dr3;
public uint Dr6;
public uint Dr7;
[MarshalAs(UnmanagedType.Struct)]
public FLOATING_SAVE_AREA FloatSave;
public uint SegGs;
public uint SegFs;
public uint SegEs;
public uint SegDs;
public uint Edi;
public uint Esi;
public uint Ebx;
public uint Edx;
public uint Ecx;
public uint Eax;
public uint Ebp;
public uint Eip;
public uint SegCs;
public uint EFlags;
public uint Esp;
public uint SegSs;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
public byte[] ExtendedRegisters;
}
}
CONTEXT_FLAGS:
Code:
namespace Magic
{
public static class CONTEXT_FLAGS
{
private const uint CONTEXT_i386 = 65536U;
private const uint CONTEXT_i486 = 65536U;
public const uint CONTEXT_CONTROL = 65537U;
public const uint CONTEXT_INTEGER = 65538U;
public const uint CONTEXT_SEGMENTS = 65540U;
public const uint CONTEXT_FLOATING_POINT = 65544U;
public const uint CONTEXT_DEBUG_REGISTERS = 65552U;
public const uint CONTEXT_EXTENDED_REGISTERS = 65568U;
public const uint CONTEXT_FULL = 65543U;
public const uint CONTEXT_ALL = 65599U;
}
}
FLOATING_SAVE_AREA:
Code:
using System.Runtime.InteropServices;
namespace Magic
{
public struct FLOATING_SAVE_AREA
{
public uint ControlWord;
public uint StatusWord;
public uint TagWord;
public uint ErrorOffset;
public uint ErrorSelector;
public uint DataOffset;
public uint DataSelector;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
public byte[] RegisterArea;
public uint Cr0NpxState;
}
}
Imports:
Code:
using System;
using System.Runtime.InteropServices;
using System.Text;
namespace Magic
{
public static class Imports
{
[DllImport("user32")]
public static bool EnumWindows(Imports.EnumWindowsProc lpEnumFunc, IntPtr lParam);
[DllImport("user32", EntryPoint = "GetWindowText")]
private static int _GetWindowText(IntPtr hWnd, StringBuilder lpString, int nMaxCount);
public static string GetWindowTitle(IntPtr hWnd, int nMaxCount)
{
StringBuilder lpString = new StringBuilder(nMaxCount);
int windowText;
if ((windowText = Imports._GetWindowText(hWnd, lpString, nMaxCount)) > 0)
return lpString.ToString(0, windowText);
else
return (string) null;
}
public static string GetWindowTitle(IntPtr hWnd)
{
return Imports.GetWindowTitle(hWnd, 256);
}
[DllImport("user32", EntryPoint = "GetClassName")]
private static int _GetClassName(IntPtr hWnd, StringBuilder lpString, int nMaxCount);
public static string GetClassName(IntPtr hWnd, int nMaxCount)
{
StringBuilder lpString = new StringBuilder(nMaxCount);
int className;
if ((className = Imports._GetClassName(hWnd, lpString, nMaxCount)) > 0)
return lpString.ToString(0, className);
else
return (string) null;
}
public static string GetClassName(IntPtr hWnd)
{
return Imports.GetClassName(hWnd, 256);
}
[DllImport("user32")]
public static bool IsWindowVisible(IntPtr hWnd);
[DllImport("user32")]
public static int GetWindowThreadProcessId(IntPtr hWnd, out int dwProcessId);
[DllImport("kernel32")]
public static IntPtr OpenProcess(uint dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("kernel32")]
public static bool CloseHandle(IntPtr hObject);
[DllImport("kernel32", EntryPoint = "GetModuleHandleW")]
public static UIntPtr GetModuleHandle([MarshalAs(UnmanagedType.LPWStr)] string lpModuleName);
[DllImport("kernel32")]
public static UIntPtr GetProcAddress(UIntPtr hModule, [MarshalAs(UnmanagedType.LPStr)] string lpProcName);
[DllImport("kernel32")]
public static bool ReadProcessMemory(IntPtr hProcess, uint dwAddress, IntPtr lpBuffer, int nSize, out int lpBytesRead);
[DllImport("kernel32")]
public static bool WriteProcessMemory(IntPtr hProcess, uint dwAddress, IntPtr lpBuffer, int nSize, out IntPtr iBytesWritten);
[DllImport("kernel32")]
public static uint VirtualAllocEx(IntPtr hProcess, uint dwAddress, int nSize, uint dwAllocationType, uint dwProtect);
[DllImport("kernel32")]
public static bool VirtualFreeEx(IntPtr hProcess, uint dwAddress, int nSize, uint dwFreeType);
[DllImport("kernel32")]
public static IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, out IntPtr dwThreadId);
[DllImport("kernel32")]
public static uint WaitForSingleObject(IntPtr hObject, uint dwMilliseconds);
[DllImport("kernel32")]
public static bool GetExitCodeThread(IntPtr hThread, out UIntPtr lpExitCode);
[DllImport("kernel32")]
public static IntPtr OpenThread(uint dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
[DllImport("kernel32")]
public static uint SuspendThread(IntPtr hThread);
[DllImport("kernel32")]
public static uint ResumeThread(IntPtr hThread);
[DllImport("kernel32")]
public static uint TerminateThread(IntPtr hThread, uint dwExitCode);
[DllImport("kernel32")]
public static bool GetThreadContext(IntPtr hThread, ref CONTEXT lpContext);
[DllImport("kernel32")]
public static bool SetThreadContext(IntPtr hThread, ref CONTEXT lpContext);
public delegate bool EnumWindowsProc(IntPtr hWnd, IntPtr lParam);
}
}
MemoryAllocType:
Code:
namespace Magic
{
public static class MemoryAllocType
{
public const uint MEM_COMMIT = 4096U;
public const uint MEM_RESERVE = 8192U;
public const uint MEM_RESET = 524288U;
public const uint MEM_PHYSICAL = 4194304U;
public const uint MEM_TOP_DOWN = 1048576U;
}
}
MemoryFreeType:
Code:
namespace Magic
{
public static class MemoryFreeType
{
public const uint MEM_DECOMMIT = 16384U;
public const uint MEM_RELEASE = 32768U;
}
}
MemoryProtectType:
Code:
namespace Magic
{
public static class MemoryProtectType
{
public const uint PAGE_EXECUTE = 16U;
public const uint PAGE_EXECUTE_READ = 32U;
public const uint PAGE_EXECUTE_READWRITE = 64U;
public const uint PAGE_EXECUTE_WRITECOPY = 128U;
public const uint PAGE_NOACCESS = 1U;
public const uint PAGE_READONLY = 2U;
public const uint PAGE_READWRITE = 4U;
public const uint PAGE_WRITECOPY = 8U;
public const uint PAGE_GUARD = 256U;
public const uint PAGE_NOCACHE = 512U;
public const uint PAGE_WRITECOMBINE = 1024U;
}
}
SInject:
Code:
using Fasm;
using System;
using System.IO;
using System.Text;
using System.Threading;
namespace Magic
{
public static class SInject
{
private const uint RETURN_ERROR = 0U;
public static uint InjectDllCreateThread(IntPtr hProcess, string szDllPath)
{
if (hProcess == IntPtr.Zero)
throw new ArgumentNullException("hProcess");
if (szDllPath.Length == 0)
throw new ArgumentNullException("szDllPath");
if (!szDllPath.Contains("\\"))
szDllPath = Path.GetFullPath(szDllPath);
if (!File.Exists(szDllPath))
throw new ArgumentException("DLL not found.", "szDllPath");
uint num1 = 0U;
uint dwStartAddress = (uint) Imports.GetProcAddress(Imports.GetModuleHandle("kernel32.dll"), "LoadLibraryA");
if (dwStartAddress > 0U)
{
uint num2 = SMemory.AllocateMemory(hProcess);
if (num2 > 0U)
{
if (SMemory.WriteASCIIString(hProcess, num2, szDllPath))
{
IntPtr remoteThread = SThread.CreateRemoteThread(hProcess, dwStartAddress, num2);
if ((int) SThread.WaitForSingleObject(remoteThread, 5000U) == 0)
num1 = SThread.GetExitCodeThread(remoteThread);
Imports.CloseHandle(remoteThread);
}
SMemory.FreeMemory(hProcess, num2);
}
}
return num1;
}
public static uint InjectDllRedirectThread(IntPtr hProcess, IntPtr hThread, string szDllPath)
{
if (hProcess == IntPtr.Zero)
throw new ArgumentNullException("hProcess");
if (hThread == IntPtr.Zero)
throw new ArgumentNullException("hThread");
if (szDllPath.Length == 0)
throw new ArgumentNullException("szDllPath");
if (!szDllPath.Contains("\\"))
szDllPath = Path.GetFullPath(szDllPath);
if (!File.Exists(szDllPath))
throw new ArgumentException("DLL not found.", "szDllPath");
uint num1 = 0U;
StringBuilder stringBuilder = new StringBuilder();
ManagedFasm managedFasm = new ManagedFasm(hProcess);
uint num2 = (uint) Imports.GetProcAddress(Imports.GetModuleHandle("kernel32.dll"), "LoadLibraryA");
if ((int) num2 == 0)
return 0U;
uint dwAddress = SMemory.AllocateMemory(hProcess);
if ((int) dwAddress == 0)
return 0U;
if ((int) SThread.SuspendThread(hThread) != -1)
{
CONTEXT threadContext = SThread.GetThreadContext(hThread, 65537U);
if (threadContext.Eip > 0U)
{
try
{
managedFasm.AddLine("lpExitCode dd 0x{0:X}", new object[1]
{
(object) uint.MaxValue
});
managedFasm.AddLine("push 0x{0:X}", new object[1]
{
(object) threadContext.Eip
});
managedFasm.AddLine("pushad");
managedFasm.AddLine("push szDllPath");
managedFasm.AddLine("call 0x{0:X}", new object[1]
{
(object) num2
});
managedFasm.AddLine("mov [lpExitCode], eax");
managedFasm.AddLine("popad");
managedFasm.AddLine("retn");
managedFasm.AddLine("szDllPath db '{0}',0", new object[1]
{
(object) szDllPath
});
managedFasm.Inject(dwAddress);
}
catch
{
SMemory.FreeMemory(hProcess, dwAddress);
int num3 = (int) SThread.ResumeThread(hThread);
return 0U;
}
threadContext.ContextFlags = 65537U;
threadContext.Eip = dwAddress + 4U;
if (SThread.SetThreadContext(hThread, threadContext) && (int) SThread.ResumeThread(hThread) != -1)
{
for (int index = 0; index < 400; ++index)
{
Thread.Sleep(5);
if ((int) (num1 = SMemory.ReadUInt(hProcess, dwAddress)) != -1)
break;
}
}
}
}
if (managedFasm != null)
managedFasm.Dispose();
SMemory.FreeMemory(hProcess, dwAddress);
return num1;
}
public static uint InjectDllRedirectThread(IntPtr hProcess, int dwProcessId, string szDllPath)
{
IntPtr num1 = SThread.OpenThread(SThread.GetMainThreadId(dwProcessId));
if (num1 == IntPtr.Zero)
return 0U;
uint num2 = SInject.InjectDllRedirectThread(hProcess, num1, szDllPath);
Imports.CloseHandle(num1);
return num2;
}
public static bool InjectCode(IntPtr hProcess, uint dwAddress, string szAssembly)
{
if (!(hProcess == IntPtr.Zero) && szAssembly.Length != 0)
{
if ((int) dwAddress != 0)
{
byte[] lpBytes;
try
{
lpBytes = ManagedFasm.Assemble(szAssembly);
}
catch (Exception ex)
{
return false;
}
return SMemory.WriteBytes(hProcess, dwAddress, lpBytes, lpBytes.Length);
}
}
return false;
}
public static bool InjectCode(IntPtr hProcess, uint dwAddress, string szFormat, params object[] args)
{
return SInject.InjectCode(hProcess, dwAddress, string.Format(szFormat, args));
}
public static uint InjectCode(IntPtr hProcess, string szAssembly)
{
uint dwAddress = SMemory.AllocateMemory(hProcess);
if (!SInject.InjectCode(hProcess, dwAddress, szAssembly))
return 0U;
else
return dwAddress;
}
public static uint InjectCode(IntPtr hProcess, string szFormatString, params object[] args)
{
return SInject.InjectCode(hProcess, string.Format(szFormatString, args));
}
}
}
SMemory:
Code:
using System;
using System.Runtime.InteropServices;
namespace Magic
{
public static class SMemory
{
public const byte ASCII_CHAR_LENGTH = (byte) 1;
public const byte UNICODE_CHAR_LENGTH = (byte) 2;
public const int DEFAULT_MEMORY_SIZE = 4096;
public static int ReadRawMemory(IntPtr hProcess, uint dwAddress, IntPtr lpBuffer, int nSize)
{
int lpBytesRead = 0;
try
{
if (!Imports.ReadProcessMemory(hProcess, dwAddress, lpBuffer, nSize, out lpBytesRead))
throw new Exception("ReadProcessMemory failed");
else
return lpBytesRead;
}
catch
{
return 0;
}
}
public static byte[] ReadBytes(IntPtr hProcess, uint dwAddress, int nSize)
{
IntPtr num = IntPtr.Zero;
byte[] destination;
try
{
num = Marshal.AllocHGlobal(nSize);
int length = SMemory.ReadRawMemory(hProcess, dwAddress, num, nSize);
if (length != nSize)
throw new Exception("ReadProcessMemory error in ReadBytes");
destination = new byte[length];
Marshal.Copy(num, destination, 0, length);
}
catch
{
return (byte[]) null;
}
finally
{
if (num != IntPtr.Zero)
Marshal.FreeHGlobal(num);
}
return destination;
}
public static object ReadObject(IntPtr hProcess, uint dwAddress, Type objType)
{
IntPtr num1 = IntPtr.Zero;
try
{
int num2 = Marshal.SizeOf(objType);
num1 = Marshal.AllocHGlobal(num2);
if (SMemory.ReadRawMemory(hProcess, dwAddress, num1, num2) != num2)
throw new Exception("ReadProcessMemory error in ReadObject.");
else
return Marshal.PtrToStructure(num1, objType);
}
catch
{
return (object) null;
}
finally
{
if (num1 != IntPtr.Zero)
Marshal.FreeHGlobal(num1);
}
}
public static byte ReadByte(IntPtr hProcess, uint dwAddress)
{
byte[] numArray = SMemory.ReadBytes(hProcess, dwAddress, 1);
if (numArray == null)
throw new Exception("ReadByte failed.");
else
return numArray[0];
}
public static sbyte ReadSByte(IntPtr hProcess, uint dwAddress)
{
byte[] numArray = SMemory.ReadBytes(hProcess, dwAddress, 1);
if (numArray == null)
throw new Exception("ReadSByte failed.");
else
return (sbyte) numArray[0];
}
public static ushort ReadUShort(IntPtr hProcess, uint dwAddress, bool bReverse)
{
byte[] numArray = SMemory.ReadBytes(hProcess, dwAddress, 2);
if (numArray == null)
throw new Exception("ReadUShort failed.");
if (bReverse)
Array.Reverse((Array) numArray);
return BitConverter.ToUInt16(numArray, 0);
}
public static ushort ReadUShort(IntPtr hProcess, uint dwAddress)
{
return SMemory.ReadUShort(hProcess, dwAddress, false);
}
public static short ReadShort(IntPtr hProcess, uint dwAddress, bool bReverse)
{
byte[] numArray = SMemory.ReadBytes(hProcess, dwAddress, 2);
if (numArray == null)
throw new Exception("ReadShort failed.");
if (bReverse)
Array.Reverse((Array) numArray);
return BitConverter.ToInt16(numArray, 0);
}
public static short ReadShort(IntPtr hProcess, uint dwAddress)
{
return SMemory.ReadShort(hProcess, dwAddress, false);
}
public static uint ReadUInt(IntPtr hProcess, uint dwAddress, bool bReverse)
{
byte[] numArray = SMemory.ReadBytes(hProcess, dwAddress, 4);
if (numArray == null)
throw new Exception("ReadUInt failed.");
if (bReverse)
Array.Reverse((Array) numArray);
return BitConverter.ToUInt32(numArray, 0);
}
public static uint ReadUInt(IntPtr hProcess, uint dwAddress)
{
return SMemory.ReadUInt(hProcess, dwAddress, false);
}
public static int ReadInt(IntPtr hProcess, uint dwAddress, bool bReverse)
{
byte[] numArray = SMemory.ReadBytes(hProcess, dwAddress, 4);
if (numArray == null)
throw new Exception("ReadInt failed.");
if (bReverse)
Array.Reverse((Array) numArray);
return BitConverter.ToInt32(numArray, 0);
}
public static int ReadInt(IntPtr hProcess, uint dwAddress)
{
return SMemory.ReadInt(hProcess, dwAddress, false);
}
public static ulong ReadUInt64(IntPtr hProcess, uint dwAddress, bool bReverse)
{
byte[] numArray = SMemory.ReadBytes(hProcess, dwAddress, 8);
if (numArray == null)
throw new Exception("ReadUInt64 failed.");
if (bReverse)
Array.Reverse((Array) numArray);
return BitConverter.ToUInt64(numArray, 0);
}
public static ulong ReadUInt64(IntPtr hProcess, uint dwAddress)
{
return SMemory.ReadUInt64(hProcess, dwAddress, false);
}
public static long ReadInt64(IntPtr hProcess, uint dwAddress, bool bReverse)
{
byte[] numArray = SMemory.ReadBytes(hProcess, dwAddress, 8);
if (numArray == null)
throw new Exception("ReadInt64 failed.");
if (bReverse)
Array.Reverse((Array) numArray);
return BitConverter.ToInt64(numArray, 0);
}
public static long ReadInt64(IntPtr hProcess, uint dwAddress)
{
return SMemory.ReadInt64(hProcess, dwAddress, false);
}
public static float ReadFloat(IntPtr hProcess, uint dwAddress, bool bReverse)
{
byte[] numArray = SMemory.ReadBytes(hProcess, dwAddress, 4);
if (numArray == null)
throw new Exception("ReadFloat failed.");
if (bReverse)
Array.Reverse((Array) numArray);
return BitConverter.ToSingle(numArray, 0);
}
public static float ReadFloat(IntPtr hProcess, uint dwAddress)
{
return SMemory.ReadFloat(hProcess, dwAddress, false);
}
public static double ReadDouble(IntPtr hProcess, uint dwAddress, bool bReverse)
{
byte[] numArray = SMemory.ReadBytes(hProcess, dwAddress, 8);
if (numArray == null)
throw new Exception("ReadDouble failed.");
if (bReverse)
Array.Reverse((Array) numArray);
return BitConverter.ToDouble(numArray, 0);
}
public static double ReadDouble(IntPtr hProcess, uint dwAddress)
{
return SMemory.ReadDouble(hProcess, dwAddress, false);
}
public static string ReadASCIIString(IntPtr hProcess, uint dwAddress, int nLength)
{
IntPtr num = IntPtr.Zero;
try
{
int nSize = nLength;
num = Marshal.AllocHGlobal(nSize + 1);
Marshal.WriteByte(num, nLength, (byte) 0);
if (SMemory.ReadRawMemory(hProcess, dwAddress, num, nSize) != nSize)
throw new Exception();
else
return Marshal.PtrToStringAnsi(num);
}
catch
{
return string.Empty;
}
finally
{
if (num != IntPtr.Zero)
Marshal.FreeHGlobal(num);
}
}
public static string ReadUnicodeString(IntPtr hProcess, uint dwAddress, int nLength)
{
IntPtr num = IntPtr.Zero;
try
{
int nSize = nLength * 2;
num = Marshal.AllocHGlobal(nSize + 2);
Marshal.WriteInt16(num, nLength * 2, (short) 0);
if (SMemory.ReadRawMemory(hProcess, dwAddress, num, nSize) != nSize)
throw new Exception();
else
return Marshal.PtrToStringUni(num);
}
catch
{
return string.Empty;
}
finally
{
if (num != IntPtr.Zero)
Marshal.FreeHGlobal(num);
}
}
private static int WriteRawMemory(IntPtr hProcess, uint dwAddress, IntPtr lpBuffer, int nSize)
{
IntPtr iBytesWritten = IntPtr.Zero;
if (!Imports.WriteProcessMemory(hProcess, dwAddress, lpBuffer, nSize, out iBytesWritten))
return 0;
else
return (int) iBytesWritten;
}
public static bool WriteBytes(IntPtr hProcess, uint dwAddress, byte[] lpBytes, int nSize)
{
IntPtr num1 = IntPtr.Zero;
try
{
num1 = Marshal.AllocHGlobal(Marshal.SizeOf((object) lpBytes[0]) * nSize);
Marshal.Copy(lpBytes, 0, num1, nSize);
int num2 = SMemory.WriteRawMemory(hProcess, dwAddress, num1, nSize);
if (nSize != num2)
throw new Exception("WriteBytes failed! Number of bytes actually written differed from request.");
}
catch
{
return false;
}
finally
{
if (num1 != IntPtr.Zero)
Marshal.FreeHGlobal(num1);
}
return true;
}
public static bool WriteBytes(IntPtr hProcess, uint dwAddress, byte[] lpBytes)
{
return SMemory.WriteBytes(hProcess, dwAddress, lpBytes, lpBytes.Length);
}
public static bool WriteObject(IntPtr hProcess, uint dwAddress, object objBuffer, Type objType)
{
IntPtr num1 = IntPtr.Zero;
try
{
int num2 = Marshal.SizeOf(objType);
num1 = Marshal.AllocHGlobal(num2);
Marshal.StructureToPtr(objBuffer, num1, false);
int num3 = SMemory.WriteRawMemory(hProcess, dwAddress, num1, num2);
if (num2 != num3)
throw new Exception("WriteObject failed! Number of bytes actually written differed from request.");
}
catch
{
return false;
}
finally
{
if (num1 != IntPtr.Zero)
{
Marshal.DestroyStructure(num1, objType);
Marshal.FreeHGlobal(num1);
}
}
return true;
}
public static bool WriteObject(IntPtr hProcess, uint dwAddress, object objBuffer)
{
return SMemory.WriteObject(hProcess, dwAddress, objBuffer, objBuffer.GetType());
}
public static bool WriteByte(IntPtr hProcess, uint dwAddress, byte Value)
{
byte[] lpBytes = new byte[1]
{
Value
};
return SMemory.WriteBytes(hProcess, dwAddress, lpBytes, 1);
}
public static bool WriteSByte(IntPtr hProcess, uint dwAddress, sbyte Value)
{
byte[] lpBytes = new byte[1]
{
(byte) Value
};
return SMemory.WriteBytes(hProcess, dwAddress, lpBytes, 1);
}
public static bool WriteUShort(IntPtr hProcess, uint dwAddress, ushort Value)
{
byte[] bytes = BitConverter.GetBytes(Value);
return SMemory.WriteBytes(hProcess, dwAddress, bytes, 2);
}
public static bool WriteShort(IntPtr hProcess, uint dwAddress, short Value)
{
byte[] bytes = BitConverter.GetBytes(Value);
return SMemory.WriteBytes(hProcess, dwAddress, bytes, 2);
}
public static bool WriteUInt(IntPtr hProcess, uint dwAddress, uint Value)
{
byte[] bytes = BitConverter.GetBytes(Value);
return SMemory.WriteBytes(hProcess, dwAddress, bytes, 4);
}
public static bool WriteInt(IntPtr hProcess, uint dwAddress, int Value)
{
byte[] bytes = BitConverter.GetBytes(Value);
return SMemory.WriteBytes(hProcess, dwAddress, bytes, 4);
}
public static bool WriteUInt64(IntPtr hProcess, uint dwAddress, ulong Value)
{
byte[] bytes = BitConverter.GetBytes(Value);
return SMemory.WriteBytes(hProcess, dwAddress, bytes, 8);
}
public static bool WriteInt64(IntPtr hProcess, uint dwAddress, long Value)
{
byte[] bytes = BitConverter.GetBytes(Value);
return SMemory.WriteBytes(hProcess, dwAddress, bytes, 8);
}
public static bool WriteFloat(IntPtr hProcess, uint dwAddress, float Value)
{
byte[] bytes = BitConverter.GetBytes(Value);
return SMemory.WriteBytes(hProcess, dwAddress, bytes, 4);
}
public static bool WriteDouble(IntPtr hProcess, uint dwAddress, double Value)
{
byte[] bytes = BitConverter.GetBytes(Value);
return SMemory.WriteBytes(hProcess, dwAddress, bytes, 8);
}
public static bool WriteASCIIString(IntPtr hProcess, uint dwAddress, string Value)
{
IntPtr num1 = IntPtr.Zero;
try
{
int length = Value.Length;
num1 = Marshal.StringToHGlobalAnsi(Value);
int num2 = SMemory.WriteRawMemory(hProcess, dwAddress, num1, length);
if (length != num2)
throw new Exception();
}
catch
{
return false;
}
finally
{
if (num1 != IntPtr.Zero)
Marshal.FreeHGlobal(num1);
}
return true;
}
public static bool WriteUnicodeString(IntPtr hProcess, uint dwAddress, string Value)
{
IntPtr num1 = IntPtr.Zero;
try
{
int nSize = Value.Length * 2;
num1 = Marshal.StringToHGlobalUni(Value);
int num2 = SMemory.WriteRawMemory(hProcess, dwAddress, num1, nSize);
if (nSize != num2)
throw new Exception();
}
catch
{
return false;
}
finally
{
if (num1 != IntPtr.Zero)
Marshal.FreeHGlobal(num1);
}
return true;
}
public static uint AllocateMemory(IntPtr hProcess, int nSize, uint dwAllocationType, uint dwProtect)
{
return Imports.VirtualAllocEx(hProcess, 0U, nSize, dwAllocationType, dwProtect);
}
public static uint AllocateMemory(IntPtr hProcess, int nSize)
{
return SMemory.AllocateMemory(hProcess, nSize, 4096U, 64U);
}
public static uint AllocateMemory(IntPtr hProcess)
{
return SMemory.AllocateMemory(hProcess, 4096);
}
public static bool FreeMemory(IntPtr hProcess, uint dwAddress, int nSize, uint dwFreeType)
{
if ((int) dwFreeType == 32768)
nSize = 0;
return Imports.VirtualFreeEx(hProcess, dwAddress, nSize, dwFreeType);
}
public static bool FreeMemory(IntPtr hProcess, uint dwAddress)
{
return SMemory.FreeMemory(hProcess, dwAddress, 0, 32768U);
}
}
}
SPattern:
Code:
using System;
using System.Collections;
using System.Diagnostics;
namespace Magic
{
public static class SPattern
{
public static uint FindPattern(IntPtr hProcess, ProcessModule pMod, string szPattern, string szMask, params char[] Delimiter)
{
return SPattern.FindPattern(hProcess, (uint) (int) pMod.BaseAddress, pMod.ModuleMemorySize, szPattern, szMask, Delimiter);
}
public static uint FindPattern(IntPtr hProcess, ProcessModule[] pMods, string szPattern, string szMask, params char[] Delimiter)
{
return SPattern.FindPattern(hProcess, new ProcessModuleCollection(pMods), szPattern, szMask, Delimiter);
}
public static uint FindPattern(IntPtr hProcess, ProcessModuleCollection pMods, string szPattern, string szMask, params char[] Delimiter)
{
uint num = 0U;
foreach (ProcessModule pMod in (ReadOnlyCollectionBase) pMods)
{
if ((int) (num = SPattern.FindPattern(hProcess, pMod, szPattern, szMask, Delimiter)) != 0)
break;
}
return num;
}
public static uint FindPattern(IntPtr hProcess, uint dwStart, int nSize, string szPattern, string szMask, params char[] Delimiter)
{
if (Delimiter == null)
Delimiter = new char[1]
{
' '
};
string[] strArray = szPattern.Split(Delimiter);
byte[] bPattern = new byte[strArray.Length];
for (int index = 0; index < strArray.Length; ++index)
bPattern[index] = Convert.ToByte(strArray[index], 16);
return SPattern.FindPattern(hProcess, dwStart, nSize, bPattern, szMask);
}
public static uint FindPattern(IntPtr hProcess, ProcessModule pMod, byte[] bPattern, string szMask)
{
return SPattern.FindPattern(hProcess, (uint) (int) pMod.BaseAddress, pMod.ModuleMemorySize, bPattern, szMask);
}
public static uint FindPattern(IntPtr hProcess, ProcessModule[] pMods, byte[] bPattern, string szMask)
{
return SPattern.FindPattern(hProcess, new ProcessModuleCollection(pMods), bPattern, szMask);
}
public static uint FindPattern(IntPtr hProcess, ProcessModuleCollection pMods, byte[] bPattern, string szMask)
{
uint num = 0U;
foreach (ProcessModule pMod in (ReadOnlyCollectionBase) pMods)
{
if ((int) (num = SPattern.FindPattern(hProcess, pMod, bPattern, szMask)) != 0)
break;
}
return num;
}
public static uint FindPattern(IntPtr hProcess, uint dwStart, int nSize, byte[] bPattern, string szMask)
{
if (bPattern == null || bPattern.Length == 0)
throw new ArgumentNullException("bData");
if (bPattern.Length != szMask.Length)
throw new ArgumentException("bData and szMask must be of the same size");
byte[] bData = SMemory.ReadBytes(hProcess, dwStart, nSize);
if (bData == null)
throw new Exception("Could not read memory in FindPattern.");
else
return dwStart + SPattern.FindPattern(bData, bPattern, szMask);
}
public static uint FindPattern(byte[] bData, byte[] bPattern, string szMask)
{
if (bData == null || bData.Length == 0)
throw new ArgumentNullException("bData");
if (bPattern == null || bPattern.Length == 0)
throw new ArgumentNullException("bPattern");
if (szMask == string.Empty)
throw new ArgumentNullException("szMask");
if (bPattern.Length != szMask.Length)
throw new ArgumentException("Pattern and Mask lengths must be the same.");
int length = bPattern.Length;
int num = bData.Length - length;
for (int index1 = 0; index1 < num; ++index1)
{
bool flag = true;
for (int index2 = 0; index2 < length; ++index2)
{
if ((int) szMask[index2] == 120 && (int) bPattern[index2] != (int) bData[index1 + index2] || (int) szMask[index2] == 33 && (int) bPattern[index2] == (int) bData[index1 + index2])
{
flag = false;
break;
}
}
if (flag)
return (uint) index1;
}
return 0U;
}
}
}
SProcess:
Code:
using System;
using System.Diagnostics;
namespace Magic
{
public static class SProcess
{
public static IntPtr OpenProcess(int dwProcessId, uint dwAccessRights)
{
return Imports.OpenProcess(dwAccessRights, false, dwProcessId);
}
public static IntPtr OpenProcess(int dwProcessId)
{
return SProcess.OpenProcess(dwProcessId, 2035711U);
}
public static IntPtr OpenProcess(IntPtr hWnd, uint dwAccessRights)
{
return SProcess.OpenProcess(SProcess.GetProcessFromWindow(hWnd), dwAccessRights);
}
public static IntPtr OpenProcess(IntPtr hWnd)
{
return SProcess.OpenProcess(SProcess.GetProcessFromWindow(hWnd), 2035711U);
}
public static int GetProcessFromWindow(IntPtr hWnd)
{
int dwProcessId = 0;
Imports.GetWindowThreadProcessId(hWnd, out dwProcessId);
return dwProcessId;
}
public static int GetProcessFromWindowTitle(string WindowTitle)
{
IntPtr window = SWindow.FindWindow((string) null, WindowTitle);
if (window == IntPtr.Zero)
return 0;
else
return SProcess.GetProcessFromWindow(window);
}
public static int[] GetProcessesFromWindowTitle(string WindowTitle)
{
IntPtr[] windows = SWindow.FindWindows((string) null, WindowTitle);
if (windows == null || windows.Length == 0)
return (int[]) null;
int[] numArray = new int[windows.Length];
for (int index = 0; index < numArray.Length; ++index)
numArray[index] = SProcess.GetProcessFromWindow(windows[index]);
return numArray;
}
public static int GetProcessFromClassname(string Classname)
{
IntPtr window = SWindow.FindWindow(Classname, (string) null);
if (window == IntPtr.Zero)
return 0;
else
return SProcess.GetProcessFromWindow(window);
}
public static int[] GetProcessesFromClassname(string Classname)
{
IntPtr[] windows = SWindow.FindWindows(Classname, (string) null);
if (windows == null || windows.Length == 0)
return (int[]) null;
int[] numArray = new int[windows.Length];
for (int index = 0; index < numArray.Length; ++index)
numArray[index] = SProcess.GetProcessFromWindow(windows[index]);
return numArray;
}
public static int GetProcessFromProcessName(string ProcessName)
{
if (ProcessName.EndsWith(".exe"))
ProcessName = ProcessName.Remove(ProcessName.Length - 4, 4);
Process[] processesByName = Process.GetProcessesByName(ProcessName);
if (processesByName == null || processesByName.Length == 0)
return 0;
else
return processesByName[0].Id;
}
}
}
SThread:
Code:
using System;
using System.Diagnostics;
namespace Magic
{
public static class SThread
{
public static IntPtr OpenThread(uint dwDesiredAccess, int dwThreadId)
{
return Imports.OpenThread(dwDesiredAccess, false, (uint) dwThreadId);
}
public static IntPtr OpenThread(int dwThreadId)
{
return Imports.OpenThread(2032639U, false, (uint) dwThreadId);
}
public static int GetMainThreadId(int dwProcessId)
{
if (dwProcessId == 0)
return 0;
else
return Process.GetProcessById(dwProcessId).Threads[0].Id;
}
public static int GetMainThreadId(IntPtr hWindowHandle)
{
if (hWindowHandle == IntPtr.Zero)
return 0;
else
return SThread.GetMainThreadId(SProcess.GetProcessFromWindow(hWindowHandle));
}
public static ProcessThread GetMainThread(int dwProcessId)
{
if (dwProcessId == 0)
return (ProcessThread) null;
else
return Process.GetProcessById(dwProcessId).Threads[0];
}
public static ProcessThread GetMainThread(IntPtr hWindowHandle)
{
if (hWindowHandle == IntPtr.Zero)
return (ProcessThread) null;
else
return SThread.GetMainThread(SProcess.GetProcessFromWindow(hWindowHandle));
}
public static CONTEXT GetThreadContext(IntPtr hThread, uint ContextFlags)
{
CONTEXT lpContext = new CONTEXT();
lpContext.ContextFlags = ContextFlags;
if (!Imports.GetThreadContext(hThread, ref lpContext))
lpContext.ContextFlags = 0U;
return lpContext;
}
public static bool SetThreadContext(IntPtr hThread, CONTEXT ctx)
{
return Imports.SetThreadContext(hThread, ref ctx);
}
public static uint SuspendThread(IntPtr hThread)
{
return Imports.SuspendThread(hThread);
}
public static uint ResumeThread(IntPtr hThread)
{
return Imports.ResumeThread(hThread);
}
public static uint TerminateThread(IntPtr hThread, uint dwExitCode)
{
return Imports.TerminateThread(hThread, dwExitCode);
}
public static IntPtr CreateRemoteThread(IntPtr hProcess, uint dwStartAddress, uint dwParameter)
{
uint dwThreadId;
return SThread.CreateRemoteThread(hProcess, dwStartAddress, dwParameter, 0U, out dwThreadId);
}
public static IntPtr CreateRemoteThread(IntPtr hProcess, uint dwStartAddress, uint dwParameter, out uint dwThreadId)
{
return SThread.CreateRemoteThread(hProcess, dwStartAddress, dwParameter, 0U, out dwThreadId);
}
public static IntPtr CreateRemoteThread(IntPtr hProcess, uint dwStartAddress, uint dwParameter, uint dwCreationFlags, out uint dwThreadId)
{
IntPtr dwThreadId1;
IntPtr remoteThread = Imports.CreateRemoteThread(hProcess, IntPtr.Zero, 0U, (IntPtr) ((long) dwStartAddress), (IntPtr) ((long) dwParameter), dwCreationFlags, out dwThreadId1);
dwThreadId = (uint) (int) dwThreadId1;
return remoteThread;
}
public static uint GetExitCodeThread(IntPtr hThread)
{
UIntPtr lpExitCode;
if (!Imports.GetExitCodeThread(hThread, out lpExitCode))
throw new Exception("GetExitCodeThread failed.");
else
return (uint) lpExitCode;
}
public static uint WaitForSingleObject(IntPtr hObject)
{
return Imports.WaitForSingleObject(hObject, uint.MaxValue);
}
public static uint WaitForSingleObject(IntPtr hObject, uint dwMilliseconds)
{
return Imports.WaitForSingleObject(hObject, dwMilliseconds);
}
}
}
SWindow:
Code:
using System;
using System.Collections.Generic;
using System.Diagnostics;
namespace Magic
{
public static class SWindow
{
private static object lWindowsLock = new object();
private static List<IntPtr> lWindows;
static SWindow()
{
}
private static bool EnumWindowsCallback(IntPtr hWnd, IntPtr lParam)
{
SWindow.lWindows.Add(hWnd);
return true;
}
private static bool _EnumWindows()
{
SWindow.lWindows = new List<IntPtr>();
return Imports.EnumWindows(new Imports.EnumWindowsProc(SWindow.EnumWindowsCallback), IntPtr.Zero);
}
public static IntPtr[] EnumWindows()
{
lock (SWindow.lWindowsLock)
{
if (!SWindow._EnumWindows())
return (IntPtr[]) null;
else
return SWindow.lWindows.ToArray();
}
}
public static IntPtr[] EnumMainWindows()
{
List<IntPtr> list = new List<IntPtr>();
foreach (Process process in Process.GetProcesses())
list.Add(process.MainWindowHandle);
return list.ToArray();
}
public static IntPtr[] FindWindows(string Classname, string WindowTitle)
{
if (Classname == null)
Classname = string.Empty;
if (WindowTitle == null)
WindowTitle = string.Empty;
List<IntPtr> list = new List<IntPtr>();
lock (SWindow.lWindowsLock)
{
if (!SWindow._EnumWindows())
return (IntPtr[]) null;
foreach (IntPtr item_0 in SWindow.lWindows)
{
if (WindowTitle.Length > 0 && Imports.GetWindowTitle(item_0) == WindowTitle || Classname.Length > 0 && Imports.GetClassName(item_0) == Classname)
list.Add(item_0);
}
}
return list.ToArray();
}
public static IntPtr FindWindow(string Classname, string WindowTitle)
{
if (Classname == null)
Classname = string.Empty;
if (WindowTitle == null)
WindowTitle = string.Empty;
lock (SWindow.lWindowsLock)
{
if (!SWindow._EnumWindows())
return IntPtr.Zero;
foreach (IntPtr item_0 in SWindow.lWindows)
{
if (WindowTitle.Length > 0 && Imports.GetWindowTitle(item_0) == WindowTitle || Classname.Length > 0 && Imports.GetClassName(item_0) == Classname)
return item_0;
}
}
return IntPtr.Zero;
}
public static IntPtr[] FindMainWindows(string Classname, string WindowTitle)
{
if (Classname == null)
Classname = string.Empty;
if (WindowTitle == null)
WindowTitle = string.Empty;
List<IntPtr> list = new List<IntPtr>();
foreach (Process process in Process.GetProcesses())
{
if (process.MainWindowHandle != IntPtr.Zero && (WindowTitle.Length > 0 && process.MainWindowTitle == WindowTitle || Classname.Length > 0 && Imports.GetClassName(process.MainWindowHandle) == Classname))
list.Add(process.MainWindowHandle);
}
return list.ToArray();
}
public static IntPtr FindMainWindow(string Classname, string WindowTitle)
{
if (Classname == null)
Classname = string.Empty;
if (WindowTitle == null)
WindowTitle = string.Empty;
foreach (Process process in Process.GetProcesses())
{
if (process.MainWindowHandle != IntPtr.Zero && (WindowTitle.Length > 0 && process.MainWindowTitle == WindowTitle || Classname.Length > 0 && Imports.GetClassName(process.MainWindowHandle) == Classname))
return process.MainWindowHandle;
}
return IntPtr.Zero;
}
public static IntPtr[] FindWindowsContains(string Classname, string WindowTitle)
{
if (Classname == null)
Classname = string.Empty;
if (WindowTitle == null)
WindowTitle = string.Empty;
List<IntPtr> list = new List<IntPtr>();
lock (SWindow.lWindowsLock)
{
if (!SWindow._EnumWindows())
return (IntPtr[]) null;
foreach (IntPtr item_0 in SWindow.lWindows)
{
if (WindowTitle.Length > 0 && Imports.GetWindowTitle(item_0).Contains(WindowTitle) || Classname.Length > 0 && Imports.GetClassName(item_0).Contains(Classname))
list.Add(item_0);
}
}
return list.ToArray();
}
public static IntPtr FindWindowContains(string Classname, string WindowTitle)
{
if (Classname == null)
Classname = string.Empty;
if (WindowTitle == null)
WindowTitle = string.Empty;
lock (SWindow.lWindowsLock)
{
if (!SWindow._EnumWindows())
return IntPtr.Zero;
foreach (IntPtr item_0 in SWindow.lWindows)
{
if (WindowTitle.Length > 0 && Imports.GetWindowTitle(item_0).Contains(WindowTitle) || Classname.Length > 0 && Imports.GetClassName(item_0).Contains(Classname))
return item_0;
}
}
return IntPtr.Zero;
}
public static IntPtr[] FindMainWindowsContains(string Classname, string WindowTitle)
{
if (Classname == null)
Classname = string.Empty;
if (WindowTitle == null)
WindowTitle = string.Empty;
List<IntPtr> list = new List<IntPtr>();
foreach (Process process in Process.GetProcesses())
{
if (process.MainWindowHandle != IntPtr.Zero && (WindowTitle.Length > 0 && process.MainWindowTitle.Contains(WindowTitle) || Classname.Length > 0 && Imports.GetClassName(process.MainWindowHandle).Contains(Classname)))
list.Add(process.MainWindowHandle);
}
return list.ToArray();
}
public static IntPtr FindMainWindowContains(string Classname, string WindowTitle)
{
if (Classname == null)
Classname = string.Empty;
if (WindowTitle == null)
WindowTitle = string.Empty;
foreach (Process process in Process.GetProcesses())
{
if (process.MainWindowHandle != IntPtr.Zero && (WindowTitle.Length > 0 && process.MainWindowTitle.Contains(WindowTitle) || Classname.Length > 0 && Imports.GetClassName(process.MainWindowHandle).Contains(Classname)))
return process.MainWindowHandle;
}
return IntPtr.Zero;
}
public static IntPtr FindWindowByProcessName(string ProcessName)
{
if (ProcessName.EndsWith(".exe"))
ProcessName = ProcessName.Remove(ProcessName.Length - 4, 4);
Process[] processesByName = Process.GetProcessesByName(ProcessName);
if (processesByName == null || processesByName.Length == 0)
return IntPtr.Zero;
else
return processesByName[0].MainWindowHandle;
}
public static IntPtr[] FindWindowsByProcessName(string ProcessName)
{
List<IntPtr> list = new List<IntPtr>();
if (ProcessName.EndsWith(".exe"))
ProcessName = ProcessName.Remove(ProcessName.Length - 4, 4);
Process[] processesByName = Process.GetProcessesByName(ProcessName);
if (processesByName == null || processesByName.Length == 0)
return (IntPtr[]) null;
foreach (Process process in processesByName)
list.Add(process.MainWindowHandle);
return list.ToArray();
}
public static IntPtr FindWindowByProcessId(int dwProcessId)
{
return Process.GetProcessById(dwProcessId).MainWindowHandle;
}
}
}
ThreadFlags:
Code:
namespace Magic
{
public static class ThreadFlags
{
public const uint THREAD_EXECUTE_IMMEDIATELY = 0U;
public const uint CREATE_SUSPENDED = 4U;
public const uint STACK_SIZE_PARAM_IS_A_RESERVATION = 65536U;
public const uint STILL_ACTIVE = 259U;
}
}
WaitValues:
Code:
namespace Magic
{
public static class WaitValues
{
public const uint WAIT_OBJECT_0 = 0U;
public const uint WAIT_ABANDONED = 128U;
public const uint WAIT_TIMEOUT = 258U;
public const uint WAIT_FAILED = 4294967295U;
public const uint INFINITE = 4294967295U;
}
}
ManagedMemoryManipulation:
Code:
using Fasm;
using Magic;
using System;
using System.IO;
namespace ManagedMemoryManipulation
{
public class MemoryManipulation
{
public BlackMagic Process;
private ManagedFasm fasm;
private uint AllocAddress;
public MemoryManipulation(string TargetWindowName)
{
this.Process = new BlackMagic(SProcess.GetProcessFromWindowTitle(TargetWindowName));
this.fasm = new ManagedFasm(this.Process.ProcessHandle);
}
public MemoryManipulation(IntPtr WindowHandle)
{
this.Process = new BlackMagic(SProcess.GetProcessFromWindow(WindowHandle));
this.fasm = new ManagedFasm(this.Process.ProcessHandle);
}
public MemoryManipulation(string Exename, bool fullpath)
{
string str = Exename;
if (fullpath)
str = Path.GetFileName(str);
this.Process = new BlackMagic(SProcess.GetProcessFromProcessName(str));
this.fasm = new ManagedFasm(this.Process.ProcessHandle);
}
public void InjectDLL(string DLLName)
{
int num = (int) SInject.InjectDllCreateThread(this.Process.ProcessHandle, DLLName);
}
public void InjectCodeAndExecute(string[] AssemblyCommands, uint Address)
{
foreach (string szLine in AssemblyCommands)
this.fasm.AddLine(szLine);
this.fasm.Inject(Address);
int num = (int) this.Process.Execute(Address);
}
public uint InjectCodeAndExecute(string[] AssemblyCommands)
{
foreach (string szLine in AssemblyCommands)
this.fasm.AddLine(szLine);
if ((int) this.AllocAddress == 0)
this.AllocAddress = this.Process.AllocateMemory(2048);
else
this.Process.WriteBytes(this.AllocAddress, new byte[2048]);
this.fasm.Inject(this.AllocAddress);
int num = (int) this.Process.Execute(this.AllocAddress);
return this.AllocAddress;
}
public void InjectCode(string[] AssemblyCommands, uint Address)
{
ManagedFasm managedFasm = new ManagedFasm(this.Process.ProcessHandle);
foreach (string szLine in AssemblyCommands)
managedFasm.AddLine(szLine);
managedFasm.Inject(Address);
}
public uint InjectCode(string[] AssemblyCommands)
{
ManagedFasm managedFasm = new ManagedFasm(this.Process.ProcessHandle);
foreach (string szLine in AssemblyCommands)
managedFasm.AddLine(szLine);
if ((int) this.AllocAddress == 0)
this.AllocAddress = this.Process.AllocateMemory(2048);
else
this.Process.WriteBytes(this.AllocAddress, new byte[2048]);
managedFasm.Inject(this.AllocAddress);
return this.AllocAddress;
}
public byte[] GetBytes(string[] AssemblyCommands)
{
ManagedFasm managedFasm = new ManagedFasm(this.Process.ProcessHandle);
managedFasm.SetProcessHandle(this.Process.ProcessHandle);
foreach (string szLine in AssemblyCommands)
managedFasm.AddLine(szLine);
return managedFasm.Assemble();
}
}
}
Goodluck with it!
10/14/2011, 00:54
#11
elite*gold: 0
Join Date: Oct 2011
Posts: 93
Received Thanks: 72
thank
10/23/2011, 19:26
#12
elite*gold: 0
Join Date: Feb 2009
Posts: 937
Received Thanks: 393
idk it doesnt work for me i use it i press launch target i log in but it wont get me the keydumper (shadowco)
11/13/2011, 07:27
#13
elite*gold: 0
Join Date: Sep 2011
Posts: 3
Received Thanks: 0
can i use this bot in real conquer?
11/14/2011, 21:10
#14
elite*gold: 0
Join Date: Feb 2006
Posts: 1,281
Received Thanks: 1,169
Ultimation rulez
@JobvdH
where did you got that ? thanks..
11/25/2011, 05:30
#15
elite*gold: 0
Join Date: Aug 2007
Posts: 38
Received Thanks: 5
is this thing legit...? Bauss and Zhalyn are giving me doubts.... i got no clue what is so funny to them.
[Release] How to extract blowfish keys from 4Botters new Protection System!
02/06/2018 - CO2 Guides & Templates - 8 Replies
http://img84.imageshack.us/img84/7725/step1y.jpg
http://img23.imageshack.us/img23/8564/step2wv.jpg
here u go, this will give you the blowfish/Crypt key for any binary server protected with the new 4botters protection.
with the key you can create a unprotected version of the conquer.exe to use with any binary server.
Source code available upon request.
[Release]GameMap creator/dumper
05/06/2012 - CO2 PServer Guides & Releases - 23 Replies
Well this is the first application I ever made and I decided to share it here and the source is included.
When executed you'll see 2 buttons, Create GameMap.dat and Dump GameMap.dat.
Create GameMap.dat will add a new map to the GameMap.dat (specified in the config.ini)
Dump GameMap.dat will dump a list of map names/IDs/sizes in a text file.
The config file:
[Release] CQ_Database Dumper
06/23/2009 - CO2 PServer Guides & Releases - 24 Replies
Someone asked for it, so I said I'd release it.
Basically just dumps one of the .sql files into an ini format.
This will only be useful to you, if your writing a source to use a flat-filed system (i.e. like the source I released
Drag the ".sql" file onto the program and then hit enter to start the batch, in the same folder as the ".sql" file you should see a new folder appear called CQ_DUMP, inside of that should be another folder with the table name you dumped.
The format of the ini...
[Release] ItemType.dat Dumper
04/22/2009 - CO2 PServer Guides & Releases - 5 Replies
Dumps ItemType into ini's that would be required for a flat-file based server.
Resource intended for:
http://www.elitepvpers.com/forum/co2-pserver-discu ssions-questions/203219-release-extremely-basic-bu t-working-bugless-c-source.html
Usuage:
Drop an *encrypted* (so straight from your "\pserver_client\ini\") itemtype.dat onto the exe and then hit enter.
Version 2
[Release] Qrfls Na elite dumper v2
12/16/2006 - GunZ - 3 Replies
Hello, this is a dumper made by Qrfl, all credits for this go to him.
Instructions are in the readme.
Picture of it:
http://i6.photobucket.com/albums/y220/kodaman/Qrf l.jpg
Download:
http://www.sendspace.com/file/daojhn
All times are GMT +1. The time now is 22:41 .
![[Release] 4Botters Key Dumper (New Protection)](https://www.elitepvpers.com/forum/iconimages/co2-exploits-hacks-tools/release-4botters-key-dumper-new-protection_ltr.gif){kind=small}
