JOBEJlИР
-
Постов
7 -
Зарегистрирован
-
Посещение
Тип контента
Профили
Форумы
Загрузки
Блоги
Сообщения, опубликованные JOBEJlИР
-
-
14 часа назад, temtriss сказал:
Как Вас понять, не работает инжект к....
Просто для CS GO эти функции работают, а вот для Warcraft'a 3 почему то не хотят
-
Не успел я решить старую проблему как появилась новая. Почему то не работает инжект к game.dll хоть раньше работал, надеюсь тут хоть защиты нет и это мой кривой код.
Вот мой код:
Скрытый текстusing System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Threading.Tasks; using System.Windows.Forms; using System.Diagnostics; using System.Runtime.InteropServices; using System.Threading; namespace MapHack_Warcraft_III { public partial class Form1 : Form { static VAMemory mem; static int GameDll; public int pID; public IntPtr handle; public Form1() { InitializeComponent(); } private void button1_Click(object sender, EventArgs e) { GetDll(); while (!GetDll()) { MessageBox.Show("Не работает"); } if (checkBox1.Checked) { mem.WriteByte((IntPtr)GameDll + 0x3A14F0, 0x87); mem.WriteByte((IntPtr)GameDll + 0x3A14F1, 0xDB); mem.WriteByte((IntPtr)GameDll + 0x3A159B, 0x87); mem.WriteByte((IntPtr)GameDll + 0x3A159C, 0xDB); } } static bool GetDll() { try { Process Warcraft = Process.GetProcessesByName("war3")[0]; mem = new VAMemory("war3"); foreach (ProcessModule module in Warcraft.Modules) { if (module.ModuleName == "game.dll") { GameDll = (int)module.BaseAddress; } } return true; } catch { return false; } } public void GetProcessId(string name) { var pList = Process.GetProcesses(); if (pList.Count() != 0) { foreach (var process in pList) { if (process.ProcessName == name) { pID = process.Id; handle = process.Handle; return; } } } } } }
А вот код на AutoIt по которому я пытаюсь сделать MH
Скрытый текст;~ Current script requires full administrator rights to run. #RequireAdmin #include <GUIConstantsEx.au3> ;~ Enables the $privilege on the current process. SetPrivilege("SeDebugPrivilege", 1) ;~ Declare our variables. Global $WarcraftHandle, $GameDLL ;~ GUI $GUI = GUICreate("Map Hack 1.26a", 243, 317) $Checkbox1 = GUICtrlCreateCheckbox("Reveal Units on Main Map", 10, 10, 147, 17) GUICtrlSetState(-1, $GUI_CHECKED) $Checkbox2 = GUICtrlCreateCheckbox("Remove FOG on Main Map", 10, 35, 152, 17) GUICtrlSetTip(-1, "Not Recommended") $Checkbox3 = GUICtrlCreateCheckbox("Reveal Units on Mini Map", 10, 60, 142, 17) GUICtrlSetState(-1, $GUI_CHECKED) $Checkbox4 = GUICtrlCreateCheckbox("Remove FOG on Mini Map", 10, 85, 147, 17) GUICtrlSetState(-1, $GUI_CHECKED) $Checkbox5 = GUICtrlCreateCheckbox("Enable Trade", 10, 110, 87, 17) GUICtrlSetState(-1, $GUI_CHECKED) $Checkbox6 = GUICtrlCreateCheckbox("Make Units Clickable", 10, 135, 122, 17) GUICtrlSetTip(-1, "Not Recommended") $Checkbox7 = GUICtrlCreateCheckbox("Reveal Illusions", 10, 160, 97, 17) GUICtrlSetState(-1, $GUI_CHECKED) $Checkbox8 = GUICtrlCreateCheckbox("Reveal Invisibles", 10, 185, 102, 17) GUICtrlSetState(-1, $GUI_CHECKED) $Checkbox9 = GUICtrlCreateCheckbox("Show Runes", 10, 210, 82, 17) GUICtrlSetState(-1, $GUI_CHECKED) $Checkbox10 = GUICtrlCreateCheckbox("Show Skills / Cooldowns", 10, 235, 137, 17) GUICtrlSetState(-1, $GUI_CHECKED) $Checkbox11 = GUICtrlCreateCheckbox("Bypass -ah in DotA Allstars", 10, 260, 147, 17) GUICtrlSetState(-1, $GUI_CHECKED) GUICtrlSetTip(-1, "Recommended") $Button_Patch = GUICtrlCreateButton("Patch", 70, 285, 100, 25) GUISetState(@SW_SHOW) ;~ Main Loop While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $Button_Patch _Patch() EndSwitch WEnd ;~ Main Function Func _Patch() $WarcraftPID = WinGetProcess("[CLASS:Warcraft III]") $WarcraftHandle = _MemoryOpen($WarcraftPID) $GameDLL = _MemoryModuleGetBaseAddress($WarcraftPID, "Game.dll") $WarcraftLocation = _ProcessGetLocation($WarcraftPID) $WarcraftVersion = FileGetVersion($WarcraftLocation) Select Case $WarcraftVersion = "1.26.0.6401" _Patch126a() Case Else MsgBox(48, "GoDLiKe.ON3", "Your Warcraft III's Patch is not Supported." & @CRLF & "Supported Patch: 1.26.0.6401") EndSelect _MemoryClose($WarcraftHandle) EndFunc ;==>_Patch ;~ Offsets and Memory Write (Patching) Func _Patch126a() ;~ Reveal Units on Main Map If GUICtrlRead($Checkbox1) = 1 Then _MemoryWrite($GameDLL + 0x3A14F0, $WarcraftHandle, 0x87, "BYTE") _MemoryWrite($GameDLL + 0x3A14F1, $WarcraftHandle, 0xDB, "BYTE") _MemoryWrite($GameDLL + 0x3A159B, $WarcraftHandle, 0x87, "BYTE") _MemoryWrite($GameDLL + 0x3A159C, $WarcraftHandle, 0xDB, "BYTE") EndIf ;~ Remove FOG on Main Map If GUICtrlRead($Checkbox2) = 1 Then _MemoryWrite($GameDLL + 0x74CA1A, $WarcraftHandle, 0x15, "BYTE") _MemoryWrite($GameDLL + 0x74CA1B, $WarcraftHandle, 0x50, "BYTE") EndIf ;~ Reveal Units on Mini Map If GUICtrlRead($Checkbox3) = 1 Then _MemoryWrite($GameDLL + 0x36143B, $WarcraftHandle, 0x33, "BYTE") _MemoryWrite($GameDLL + 0x36143C, $WarcraftHandle, 0xC0, "BYTE") _MemoryWrite($GameDLL + 0x36143D, $WarcraftHandle, 0x90, "BYTE") _MemoryWrite($GameDLL + 0x36143E, $WarcraftHandle, 0x90, "BYTE") _MemoryWrite($GameDLL + 0x36143F, $WarcraftHandle, 0x90, "BYTE") EndIf ;~ Remove FOG on Mini Map If GUICtrlRead($Checkbox4) = 1 Then _MemoryWrite($GameDLL + 0x356525, $WarcraftHandle, 0x87, "BYTE") _MemoryWrite($GameDLL + 0x356526, $WarcraftHandle, 0xDB, "BYTE") EndIf ;~ Enable Trade If GUICtrlRead($Checkbox5) = 1 Then _MemoryWrite($GameDLL + 0x34DDA2, $WarcraftHandle, 0xB8, "BYTE") _MemoryWrite($GameDLL + 0x34DDA3, $WarcraftHandle, 0xC8, "BYTE") _MemoryWrite($GameDLL + 0x34DDA4, $WarcraftHandle, 0x00, "BYTE") _MemoryWrite($GameDLL + 0x34DDA5, $WarcraftHandle, 0x00, "BYTE") _MemoryWrite($GameDLL + 0x34DDA7, $WarcraftHandle, 0x90, "BYTE") _MemoryWrite($GameDLL + 0x34DDAA, $WarcraftHandle, 0xB8, "BYTE") _MemoryWrite($GameDLL + 0x34DDAB, $WarcraftHandle, 0x64, "BYTE") _MemoryWrite($GameDLL + 0x34DDAC, $WarcraftHandle, 0x00, "BYTE") _MemoryWrite($GameDLL + 0x34DDAD, $WarcraftHandle, 0x00, "BYTE") _MemoryWrite($GameDLL + 0x34DDAF, $WarcraftHandle, 0x90, "BYTE") EndIf ;~ Make Units Clickable If GUICtrlRead($Checkbox6) = 1 Then _MemoryWrite($GameDLL + 0x28519C, $WarcraftHandle, 0x87, "BYTE") _MemoryWrite($GameDLL + 0x28519D, $WarcraftHandle, 0xDB, "BYTE") _MemoryWrite($GameDLL + 0x93645E, $WarcraftHandle, 0x1C, "BYTE") _MemoryWrite($GameDLL + 0x93645F, $WarcraftHandle, 0x45, "BYTE") EndIf ;~ Reveal Illusions If GUICtrlRead($Checkbox7) = 1 Then _MemoryWrite($GameDLL + 0x282A5C, $WarcraftHandle, 0x90, "BYTE") _MemoryWrite($GameDLL + 0x282A5D, $WarcraftHandle, 0x40, "BYTE") _MemoryWrite($GameDLL + 0x282A5E, $WarcraftHandle, 0xC3, "BYTE") EndIf ;~ Reveal Invisibles If GUICtrlRead($Checkbox8) = 1 Then _MemoryWrite($GameDLL + 0x399A98, $WarcraftHandle, 0x71, "BYTE") EndIf ;~ Show Runes If GUICtrlRead($Checkbox9) = 1 Then _MemoryWrite($GameDLL + 0x3A14DB, $WarcraftHandle, 0x71, "BYTE") EndIf ;~ Show Skills / Cooldowns If GUICtrlRead($Checkbox10) = 1 Then _MemoryWrite($GameDLL + 0x2026DC, $WarcraftHandle, 0x87, "BYTE") _MemoryWrite($GameDLL + 0x2026DD, $WarcraftHandle, 0xDB, "BYTE") _MemoryWrite($GameDLL + 0x2026DE, $WarcraftHandle, 0x87, "BYTE") _MemoryWrite($GameDLL + 0x2026DF, $WarcraftHandle, 0xDB, "BYTE") _MemoryWrite($GameDLL + 0x2026E0, $WarcraftHandle, 0x87, "BYTE") _MemoryWrite($GameDLL + 0x2026E1, $WarcraftHandle, 0xDB, "BYTE") _MemoryWrite($GameDLL + 0x28E1DE, $WarcraftHandle, 0x71, "BYTE") _MemoryWrite($GameDLL + 0x34F2A8, $WarcraftHandle, 0x87, "BYTE") _MemoryWrite($GameDLL + 0x34F2A9, $WarcraftHandle, 0xDB, "BYTE") _MemoryWrite($GameDLL + 0x34F2E9, $WarcraftHandle, 0x00, "BYTE") EndIf ;~ Bypass -ah in DotA Allstars If GUICtrlRead($Checkbox11) = 1 Then _MemoryWrite($GameDLL + 0x3C639C, $WarcraftHandle, 0xB8, "BYTE") _MemoryWrite($GameDLL + 0x3C63A1, $WarcraftHandle, 0xEB, "BYTE") _MemoryWrite($GameDLL + 0x3CB872, $WarcraftHandle, 0xEB, "BYTE") EndIf EndFunc ;==>_Patch126a ;~ Other Functions Func SetPrivilege($privilege, $bEnable) Const $MY_TOKEN_ADJUST_PRIVILEGES = 0x0020 Const $MY_TOKEN_QUERY = 0x0008 Const $MY_SE_PRIVILEGE_ENABLED = 0x0002 Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv $nTokens = 1 $LUID = DllStructCreate("dword;int") If IsArray($privilege) Then $nTokens = UBound($privilege) $TOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]") $NEWTOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]") $hCurrProcess = DllCall("kernel32.dll", "hwnd", "GetCurrentProcess") $SP_auxret = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", $hCurrProcess[0], _ "int", BitOR($MY_TOKEN_ADJUST_PRIVILEGES, $MY_TOKEN_QUERY), "int*", 0) If $SP_auxret[0] Then $hToken = $SP_auxret[3] DllStructSetData($TOKEN_PRIVILEGES, 1, 1) $nTokenIndex = 1 While $nTokenIndex <= $nTokens If IsArray($privilege) Then $priv = $privilege[$nTokenIndex - 1] Else $priv = $privilege EndIf $ret = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", $priv, _ "ptr", DllStructGetPtr($LUID)) If $ret[0] Then If $bEnable Then DllStructSetData($TOKEN_PRIVILEGES, 2, $MY_SE_PRIVILEGE_ENABLED, (3 * $nTokenIndex)) Else DllStructSetData($TOKEN_PRIVILEGES, 2, 0, (3 * $nTokenIndex)) EndIf DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 1), (3 * ($nTokenIndex - 1)) + 1) DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 2), (3 * ($nTokenIndex - 1)) + 2) DllStructSetData($LUID, 1, 0) DllStructSetData($LUID, 2, 0) EndIf $nTokenIndex += 1 WEnd $ret = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $hToken, "int", 0, _ "ptr", DllStructGetPtr($TOKEN_PRIVILEGES), "int", DllStructGetSize($NEWTOKEN_PRIVILEGES), _ "ptr", DllStructGetPtr($NEWTOKEN_PRIVILEGES), "int*", 0) $f = DllCall("kernel32.dll", "int", "GetLastError") EndIf $NEWTOKEN_PRIVILEGES = 0 $TOKEN_PRIVILEGES = 0 $LUID = 0 If $SP_auxret[0] = 0 Then Return 0 $SP_auxret = DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hToken) If Not $ret[0] And Not $SP_auxret[0] Then Return 0 Return $ret[0] EndFunc ;==>SetPrivilege Func _ProcessGetLocation($iPID) Local $aProc = DllCall('kernel32.dll', 'hwnd', 'OpenProcess', 'int', BitOR(0x0400, 0x0010), 'int', 0, 'int', $iPID) Local $vStruct = DllStructCreate('int[1024]') DllCall('psapi.dll', 'int', 'EnumProcessModules', 'hwnd', $aProc[0], 'ptr', DllStructGetPtr($vStruct), 'int', DllStructGetSize($vStruct), 'int_ptr', 0) Local $aReturn = DllCall('psapi.dll', 'int', 'GetModuleFileNameEx', 'hwnd', $aProc[0], 'int', DllStructGetData($vStruct, 1), 'str', '', 'int', 2048) Return $aReturn[3] EndFunc ;==>_ProcessGetLocation Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $iv_InheritHandle = 1) If Not ProcessExists($iv_Pid) Then SetError(1) Return 0 EndIf Local $ah_Handle[2] = [DllOpen('kernel32.dll')] If @error Then SetError(2) Return 0 EndIf Local $av_OpenProcess = DllCall($ah_Handle[0], 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $iv_InheritHandle, 'int', $iv_Pid) If @error Then DllClose($ah_Handle[0]) SetError(3) Return 0 EndIf $ah_Handle[1] = $av_OpenProcess[0] Return $ah_Handle EndFunc ;==>_MemoryOpen Func _MemoryModuleGetBaseAddress($iPID, $sModule) If Not ProcessExists($iPID) Then Return SetError(1, 0, 0) If Not IsString($sModule) Then Return SetError(2, 0, 0) Local $PSAPI = DllOpen("psapi.dll") ;Get Process Handle Local $hProcess Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE If $iPID > 0 Then Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID) If $hProcess[0] Then $hProcess = $hProcess[0] EndIf EndIf ;EnumProcessModules Local $Modules = DllStructCreate("ptr[1024]") Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0) If $aCall[4] > 0 Then Local $iModnum = $aCall[4] / 4 Local $aTemp For $i = 1 To $iModnum $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260) If $aTemp[3] = $sModule Then DllClose($PSAPI) Return Ptr(DllStructGetData($Modules, 1, $i)) EndIf Next EndIf DllClose($PSAPI) Return SetError(-1, 0, 0) EndFunc ;==>_MemoryModuleGetBaseAddress Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'dword') If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf Local $v_Buffer = DllStructCreate($sv_Type) If @error Then SetError(@error + 1) Return 0 Else DllStructSetData($v_Buffer, 1, $v_Data) If @error Then SetError(6) Return 0 EndIf EndIf DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If Not @error Then Return 1 Else SetError(7) Return 0 EndIf EndFunc ;==>_MemoryWrite Func _MemoryClose($ah_Handle) If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1]) If Not @error Then DllClose($ah_Handle[0]) Return 1 Else DllClose($ah_Handle[0]) SetError(2) Return 0 EndIf EndFunc ;==>_MemoryClose
-
Всем спасибо, попробую через VirtualProtectEx
-
-
Только что, partoftheworlD сказал:
Тебе же сообщение пишет, что память не может быть записана, покажи какая опция защиты памяти стоит в том регионе в который ты пишешь.
А как это узнать?
-
Решил сделать maphack на C# для wacraft'a 3 по этому примеру
_MemoryWrite($GameDLL + 0x3A14F0, $WarcraftHandle, 0x87, "BYTE") _MemoryWrite($GameDLL + 0x3A14F1, $WarcraftHandle, 0xDB, "BYTE") _MemoryWrite($GameDLL + 0x3A159B, $WarcraftHandle, 0x87, "BYTE") _MemoryWrite($GameDLL + 0x3A159C, $WarcraftHandle, 0xDB, "BYTE")
Вот такое я написал на С#
mem.WriteByte((IntPtr)GameDll + 0x3A14F0, 0x87); mem.WriteByte((IntPtr)GameDll + 0x3A14F1, 0xDB); mem.WriteByte((IntPtr)GameDll + 0x3A159B, 0x87); mem.WriteByte((IntPtr)GameDll + 0x3A159C, 0xDB);
И получается так что когда я активирую мапхак написанный на AutoIt(первый код) всё нормально работает, когда активирую свой на C# игру крашит с такой ошибкой
Скрытый текстТоже самое сделал на CE и в итоге крашит. Почему так происходит и что я делаю не так?
[ C#, CE ] Код крашит игру.
in Высокоуровневое программирование
Опубликовано
Да, так бы у меня тот скрипт не работал бы