API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 1st, 2013
198
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.35 KB | None | 0 0
raw download clone embed print report
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Text;
  5. using System.Diagnostics;
  6. using System.Runtime.InteropServices;
  7. using System.Threading;
  8.  
  9. namespace KmsExpTest
  10. {
  11. class Program
  12. {
  13. static void Main(string[] args)
  14. {
  15. long[] expTable = new long[255];
  16. int[] firstLevels = { 15, 34, 57, 92, 135, 372, 560, 840, 1242, 1242 };
  17. string firstLevelsIntAob = null;
  18. string firstLevelsLongAob = null;
  19.  
  20. for (int i = 0; i < firstLevels.Length; i++)
  21. {
  22. firstLevelsIntAob += System.Net.IPAddress.NetworkToHostOrder(firstLevels[i]).ToString("X8");
  23. firstLevelsLongAob += System.Net.IPAddress.NetworkToHostOrder((long)firstLevels[i]).ToString("X16");
  24. }
  25.  
  26. Console.Write("Waiting for MapleStory...");
  27.  
  28. Process process = null;
  29. while ((process = Process.GetProcessesByName("MapleStory").Length > 0 ? Process.GetProcessesByName("MapleStory")[0] : null) == null)
  30. Thread.Sleep(2000);
  31.  
  32. Thread.Sleep(4000);// Give it time to unpack itself
  33.  
  34. Console.WriteLine("found");
  35. Console.Write("Dumping memory...");
  36.  
  37. Scanner scanner = new Scanner(process);
  38. scanner.DumpMemory();
  39.  
  40. Console.WriteLine("done");
  41. Console.Write("Searching for Int32 exp table...");
  42.  
  43. int address = scanner.FindPattern(firstLevelsIntAob).ToInt32();
  44. if (address > 0)
  45. {
  46. for (int i = 0; i < expTable.Length; i++)
  47. expTable[i] = scanner.ReadInt(address + i * 4);
  48. Console.WriteLine("done");
  49. }
  50. else
  51. {
  52. Console.WriteLine("failed");
  53. Console.Write("Searching for Int64 exp table...");
  54.  
  55. address = scanner.FindPattern(firstLevelsLongAob).ToInt32();
  56. if (address <= 0)
  57. {
  58. Console.WriteLine("failed (press any key to quit)");
  59. Console.ReadKey();
  60. return;
  61. }
  62.  
  63. for (int i = 0; i < expTable.Length; i++)
  64. expTable[i] = scanner.ReadLong(address + i * 8);
  65. Console.WriteLine("done");
  66. }
  67.  
  68. for (int i = 0; i < expTable.Length; i++)
  69. Console.WriteLine("Level {0}: {1:n0}", i + 1, expTable[i]);
  70. Console.ReadKey();
  71. }
  72. }
  73.  
  74. class Scanner
  75. {
  76. public Dictionary<int, byte[]> Memory { get; private set; }
  77. public IntPtr Handle { get; private set; }
  78. public Process Process { get; private set; }
  79.  
  80. public Scanner(Process process)
  81. {
  82. Memory = new Dictionary<int, byte[]>();
  83. Handle = process.Handle;
  84. Process = process;
  85. }
  86.  
  87. private bool MaskCheck(byte[] buffer, int offset, string pattern)
  88. {
  89. for (int i = 0; i < pattern.Length / 2; i++)
  90. {
  91. string val = pattern.Substring(i * 2, 2);
  92.  
  93. if (val == "??")
  94. continue;
  95.  
  96. int value = Convert.ToInt32(val, 16);
  97. if (value != buffer[offset + i])
  98. {
  99. return false;
  100. }
  101. }
  102. return true;
  103. }
  104.  
  105. public IntPtr FindPattern(string pattern)
  106. {
  107. try
  108. {
  109. pattern = pattern.Replace("-", "");
  110. pattern = pattern.Replace(" ", "");
  111.  
  112. if (Memory.Count == 0)
  113. DumpMemory();
  114.  
  115. if (pattern.Length % 2 != 0)
  116. {
  117. return (IntPtr)(-1);
  118. }
  119.  
  120. foreach (KeyValuePair<int, byte[]> memoryRegion in Memory)
  121. {
  122. for (int i = 0; i < memoryRegion.Value.Length - pattern.Length / 2; i++)
  123. {
  124. if (MaskCheck(memoryRegion.Value, i, pattern))
  125. {
  126. return (IntPtr)(memoryRegion.Key + i);
  127. }
  128. }
  129. }
  130. return (IntPtr)(-2);
  131. }
  132. catch
  133. {
  134. return (IntPtr)(-3);
  135. }
  136. }
  137.  
  138. public void DumpMemory()
  139. {
  140. Memory = new Dictionary<int, byte[]>();
  141. MEMORY_BASIC_INFORMATION meminfo;
  142. uint addr = 0;
  143.  
  144. Handle = OpenProcess(ProcessAccessFlags.All, false, Process.Id);
  145.  
  146. if (Handle != IntPtr.Zero)
  147. {
  148. while (true)
  149. {
  150. if (!VirtualQueryEx(Handle, addr, out meminfo, (uint)Marshal.SizeOf(new MEMORY_BASIC_INFORMATION())))
  151. break;
  152.  
  153. if ((meminfo.State & 0x1000) > 0 && (meminfo.Protect & (0x04 | 0x08 | 0x40 | 0x80)) > 0)
  154. Memory.Add((int)addr, new byte[meminfo.RegionSize.ToInt32()]);
  155.  
  156. addr = (uint)(meminfo.BaseAddress.ToInt32() + meminfo.RegionSize.ToInt32());
  157. }
  158. }
  159.  
  160. foreach (KeyValuePair<int, byte[]> block in Memory)
  161. {
  162. byte[] tempbuf = new byte[128 * 1024];
  163. uint bytes_left = (uint)block.Value.Length;
  164. uint total_read = 0;
  165. uint bytes_to_read = 0;
  166. uint bytes_read = 0;
  167.  
  168. while (bytes_left > 0)
  169. {
  170. bytes_to_read = (bytes_left > tempbuf.Length) ? (uint)tempbuf.Length : bytes_left;
  171. ReadProcessMemory(Handle, (IntPtr)(block.Key + total_read), tempbuf, bytes_to_read, ref bytes_read);
  172. if (bytes_read != bytes_to_read) break;
  173.  
  174. Buffer.BlockCopy(tempbuf, 0, block.Value, (int)total_read, (int)bytes_read);
  175.  
  176. bytes_left -= bytes_read;
  177. total_read += bytes_read;
  178. }
  179. }
  180. }
  181.  
  182. public int ReadInt(int address)
  183. {
  184. byte[] buffer = Read(address, 4);
  185. return buffer == null ? 0 : BitConverter.ToInt32(buffer, 0);
  186. }
  187.  
  188. public long ReadLong(int address)
  189. {
  190. byte[] buffer = Read(address, 8);
  191. return buffer == null ? 0 : BitConverter.ToInt64(buffer, 0);
  192. }
  193.  
  194. public byte[] Read(int address, int length)
  195. {
  196. foreach (KeyValuePair<int, byte[]> block in Memory)
  197. {
  198. if (block.Key <= address && block.Key + block.Value.Length >= address + length)
  199. {
  200. byte[] buffer = new byte[length];
  201. Buffer.BlockCopy(block.Value, address - block.Key, buffer, 0, length);
  202. return buffer;
  203. }
  204. }
  205. return null;
  206. }
  207.  
  208. [DllImport("kernel32.dll")]
  209. static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, int dwProcessId);
  210.  
  211. [DllImport("kernel32.dll", SetLastError = true)]
  212. public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, UInt32 dwSize, ref UInt32 lpNumberOfBytesRead);
  213.  
  214. [DllImport("kernel32.dll")]
  215. public static extern bool VirtualQueryEx(IntPtr hProcess, uint lpAddress, out MEMORY_BASIC_INFORMATION lpBuffer, uint dwLength);
  216.  
  217. [StructLayout(LayoutKind.Sequential)]
  218. public struct MEMORY_BASIC_INFORMATION
  219. {
  220. public IntPtr BaseAddress;
  221. public IntPtr AllocationBase;
  222. public uint AllocationProtect;
  223. public IntPtr RegionSize;
  224. public uint State;
  225. public uint Protect;
  226. public uint Type;
  227. }
  228.  
  229. [Flags]
  230. enum ProcessAccessFlags : uint
  231. {
  232. All = 0x001F0FFF,
  233. Terminate = 0x00000001,
  234. CreateThread = 0x00000002,
  235. VMOperation = 0x00000008,
  236. VMRead = 0x00000010,
  237. VMWrite = 0x00000020,
  238. DupHandle = 0x00000040,
  239. SetInformation = 0x00000200,
  240. QueryInformation = 0x00000400,
  241. Synchronize = 0x00100000
  242. }
  243. }
  244. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!