Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using System;
- using System.Collections.Generic;
- using System.Linq;
- using System.Text;
- using System.Diagnostics;
- using System.Runtime.InteropServices;
- using System.Threading;
- namespace KmsExpTest
- {
- class Program
- {
- static void Main(string[] args)
- {
- long[] expTable = new long[255];
- int[] firstLevels = { 15, 34, 57, 92, 135, 372, 560, 840, 1242, 1242 };
- string firstLevelsIntAob = null;
- string firstLevelsLongAob = null;
- for (int i = 0; i < firstLevels.Length; i++)
- {
- firstLevelsIntAob += System.Net.IPAddress.NetworkToHostOrder(firstLevels[i]).ToString("X8");
- firstLevelsLongAob += System.Net.IPAddress.NetworkToHostOrder((long)firstLevels[i]).ToString("X16");
- }
- Console.Write("Waiting for MapleStory...");
- Process process = null;
- while ((process = Process.GetProcessesByName("MapleStory").Length > 0 ? Process.GetProcessesByName("MapleStory")[0] : null) == null)
- Thread.Sleep(2000);
- Thread.Sleep(4000);// Give it time to unpack itself
- Console.WriteLine("found");
- Console.Write("Dumping memory...");
- Scanner scanner = new Scanner(process);
- scanner.DumpMemory();
- Console.WriteLine("done");
- Console.Write("Searching for Int32 exp table...");
- int address = scanner.FindPattern(firstLevelsIntAob).ToInt32();
- if (address > 0)
- {
- for (int i = 0; i < expTable.Length; i++)
- expTable[i] = scanner.ReadInt(address + i * 4);
- Console.WriteLine("done");
- }
- else
- {
- Console.WriteLine("failed");
- Console.Write("Searching for Int64 exp table...");
- address = scanner.FindPattern(firstLevelsLongAob).ToInt32();
- if (address <= 0)
- {
- Console.WriteLine("failed (press any key to quit)");
- Console.ReadKey();
- return;
- }
- for (int i = 0; i < expTable.Length; i++)
- expTable[i] = scanner.ReadLong(address + i * 8);
- Console.WriteLine("done");
- }
- for (int i = 0; i < expTable.Length; i++)
- Console.WriteLine("Level {0}: {1:n0}", i + 1, expTable[i]);
- Console.ReadKey();
- }
- }
- class Scanner
- {
- public Dictionary<int, byte[]> Memory { get; private set; }
- public IntPtr Handle { get; private set; }
- public Process Process { get; private set; }
- public Scanner(Process process)
- {
- Memory = new Dictionary<int, byte[]>();
- Handle = process.Handle;
- Process = process;
- }
- private bool MaskCheck(byte[] buffer, int offset, string pattern)
- {
- for (int i = 0; i < pattern.Length / 2; i++)
- {
- string val = pattern.Substring(i * 2, 2);
- if (val == "??")
- continue;
- int value = Convert.ToInt32(val, 16);
- if (value != buffer[offset + i])
- {
- return false;
- }
- }
- return true;
- }
- public IntPtr FindPattern(string pattern)
- {
- try
- {
- pattern = pattern.Replace("-", "");
- pattern = pattern.Replace(" ", "");
- if (Memory.Count == 0)
- DumpMemory();
- if (pattern.Length % 2 != 0)
- {
- return (IntPtr)(-1);
- }
- foreach (KeyValuePair<int, byte[]> memoryRegion in Memory)
- {
- for (int i = 0; i < memoryRegion.Value.Length - pattern.Length / 2; i++)
- {
- if (MaskCheck(memoryRegion.Value, i, pattern))
- {
- return (IntPtr)(memoryRegion.Key + i);
- }
- }
- }
- return (IntPtr)(-2);
- }
- catch
- {
- return (IntPtr)(-3);
- }
- }
- public void DumpMemory()
- {
- Memory = new Dictionary<int, byte[]>();
- MEMORY_BASIC_INFORMATION meminfo;
- uint addr = 0;
- Handle = OpenProcess(ProcessAccessFlags.All, false, Process.Id);
- if (Handle != IntPtr.Zero)
- {
- while (true)
- {
- if (!VirtualQueryEx(Handle, addr, out meminfo, (uint)Marshal.SizeOf(new MEMORY_BASIC_INFORMATION())))
- break;
- if ((meminfo.State & 0x1000) > 0 && (meminfo.Protect & (0x04 | 0x08 | 0x40 | 0x80)) > 0)
- Memory.Add((int)addr, new byte[meminfo.RegionSize.ToInt32()]);
- addr = (uint)(meminfo.BaseAddress.ToInt32() + meminfo.RegionSize.ToInt32());
- }
- }
- foreach (KeyValuePair<int, byte[]> block in Memory)
- {
- byte[] tempbuf = new byte[128 * 1024];
- uint bytes_left = (uint)block.Value.Length;
- uint total_read = 0;
- uint bytes_to_read = 0;
- uint bytes_read = 0;
- while (bytes_left > 0)
- {
- bytes_to_read = (bytes_left > tempbuf.Length) ? (uint)tempbuf.Length : bytes_left;
- ReadProcessMemory(Handle, (IntPtr)(block.Key + total_read), tempbuf, bytes_to_read, ref bytes_read);
- if (bytes_read != bytes_to_read) break;
- Buffer.BlockCopy(tempbuf, 0, block.Value, (int)total_read, (int)bytes_read);
- bytes_left -= bytes_read;
- total_read += bytes_read;
- }
- }
- }
- public int ReadInt(int address)
- {
- byte[] buffer = Read(address, 4);
- return buffer == null ? 0 : BitConverter.ToInt32(buffer, 0);
- }
- public long ReadLong(int address)
- {
- byte[] buffer = Read(address, 8);
- return buffer == null ? 0 : BitConverter.ToInt64(buffer, 0);
- }
- public byte[] Read(int address, int length)
- {
- foreach (KeyValuePair<int, byte[]> block in Memory)
- {
- if (block.Key <= address && block.Key + block.Value.Length >= address + length)
- {
- byte[] buffer = new byte[length];
- Buffer.BlockCopy(block.Value, address - block.Key, buffer, 0, length);
- return buffer;
- }
- }
- return null;
- }
- [DllImport("kernel32.dll")]
- static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, int dwProcessId);
- [DllImport("kernel32.dll", SetLastError = true)]
- public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, UInt32 dwSize, ref UInt32 lpNumberOfBytesRead);
- [DllImport("kernel32.dll")]
- public static extern bool VirtualQueryEx(IntPtr hProcess, uint lpAddress, out MEMORY_BASIC_INFORMATION lpBuffer, uint dwLength);
- [StructLayout(LayoutKind.Sequential)]
- public struct MEMORY_BASIC_INFORMATION
- {
- public IntPtr BaseAddress;
- public IntPtr AllocationBase;
- public uint AllocationProtect;
- public IntPtr RegionSize;
- public uint State;
- public uint Protect;
- public uint Type;
- }
- [Flags]
- enum ProcessAccessFlags : uint
- {
- All = 0x001F0FFF,
- Terminate = 0x00000001,
- CreateThread = 0x00000002,
- VMOperation = 0x00000008,
- VMRead = 0x00000010,
- VMWrite = 0x00000020,
- DupHandle = 0x00000040,
- SetInformation = 0x00000200,
- QueryInformation = 0x00000400,
- Synchronize = 0x00100000
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement