Silkroad - basic multiclient

1. // Written by DevSome - all credits to him!
2. // http://forum.cp-g.de/user/50580-awesome/
3. // http://www.elitepvpers.com/forum/members/1199443-devsome.html
4. // Mail: [email protected]
5. // Instructions: put the exe in your SRO directory!
6.  
7. using System;
8. using System.Collections.Generic;
9. using System.ComponentModel;
10. using System.Data;
11. using System.Linq;
12. using System.Text;
13. using System.Runtime.InteropServices;
14. using System.Diagnostics;
15. using System.IO;
16. //using Microsoft.Win32;
17. //using System.Xml.Serialization;
18. namespace MulticlientProject
19. {
20.     class Program
21.     {
22.         [DllImport("kernel32.dll")]
23.         static extern IntPtr LoadLibrary(string dllToLoad);
24.         [DllImport("kernel32.dll")]
25.         static extern IntPtr OpenProcess(uint dwDesiredAccess, int bInheritHandle, int dwProcessId);
26.         [DllImport("kernel32.dll")]
27.         static extern uint ReadProcessMemory(IntPtr hProcess, uint lpBaseAddress, uint lpbuffer, uint nSize, uint lpNumberOfBytesRead);
28.         [DllImport("kernel32.dll")]
29.         static extern uint WriteProcessMemory(IntPtr hProcess, uint lpBaseAddress, byte[] lpBuffer, int nSize, uint lpNumberOfBytesWritten);
30.         [DllImport("kernel32.dll")]
31.         static extern uint VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, int dwSize, uint flAllocationType, uint flProtect);
32.         [DllImport("kernel32.dll")]
33.         static extern IntPtr CreateMutex(IntPtr lpMutexAttributes, bool bInitialOwner, string lpName);
34.         [DllImport("kernel32.dll")]
35.         static extern IntPtr GetModuleHandle(string lpModuleName);
36.         [DllImport("kernel32")]
37.         static extern uint GetProcAddress(IntPtr hModule, string procName);
38.         [DllImport("kernel32.dll")]
39.         static extern uint WritePrivateProfileString(string section, string key, string val, string filePath);
40.         [DllImport("kernel32.dll")]
41.         static extern uint GetPrivateProfileString(string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, int nSize, string lpFileName);
42.        
43.        
44.        
45.         #region Addresses
46.         uint ByteArray = 0;
47.         uint SeedPatchAdress = 0;
48.         uint AlreadyProgramExe = 0;
49.         uint MultiClientAddress = 0;
50.         uint CallForwardAddress = 0;
51.         uint MultiClientError = 0;
52.         uint StartingMSG = 0;
53.         uint ChangeVersion = 0;
54.         #endregion
55.  
56.         #region BytePattern
57.  
58.         //byte[] RedirectIPAddressPattern = { 0x89, 0x86, 0x2C, 0x01, 0x00, 0x00, 0x8B, 0x17, 0x89, 0x56, 0x50, 0x8B, 0x47, 0x04, 0x89, 0x46, 0x54, 0x8B, 0x4F, 0x08, 0x89, 0x4E, 0x58, 0x8B, 0x57, 0x0C, 0x89, 0x56, 0x5C, 0x5E, 0xB8, 0x01, 0x00, 0x00, 0x00, 0x5D, 0xC3 };
59.         byte[] SeedPatchPattern = { 0x8B, 0x4C, 0x24, 0x04, 0x81, 0xE1, 0xFF, 0xFF, 0xFF, 0x7F };
60.         byte[] SeedPatch = { 0xB9, 0x33, 0x00, 0x00, 0x00, 0x90, 0x90, 0x90, 0x90, 0x90 };
61.         //byte[] NudePatchPattern = { 0x8B, 0x84, 0xEE, 0x1C, 0x01, 0x00, 0x00, 0x3B, 0x44, 0x24, 0x14 };
62.         //byte[] ZoomhackPattern = { 0xDF, 0xE0, 0xF6, 0xC4, 0x41, 0x7A, 0x08, 0xD9, 0x9E };
63.         byte[] MulticlientPattern = { 0x6A, 0x06, 0x8D, 0x44, 0x24, 0x48, 0x50, 0x8B, 0xCF };
64.         byte[] CallForwardPattern = { 0x56, 0x8B, 0xF1, 0x0F, 0xB7, 0x86, 0x3E, 0x10, 0x00, 0x00, 0x57, 0x66, 0x8B, 0x7C, 0x24, 0x10, 0x0F, 0xB7, 0xCF, 0x8D, 0x14, 0x01, 0x3B, 0x96, 0x4C, 0x10, 0x00, 0x00 };
65.         byte[] MultiClientErrorStringPattern = Encoding.Default.GetBytes("½ÇÅ©·Îµå°¡ ÀÌ¹Ì ½ÇÇà Áß ÀÔ´Ï´Ù.");
66.         byte[] ChangeVersionStringPattern = Encoding.Unicode.GetBytes("Ver %d.%03d");
67.         byte[] StartingMSGStringPattern = Encoding.Unicode.GetBytes("UIIT_STT_STARTING_MSG");
68.         byte[] AlreadyProgramExeStringPattern = Encoding.ASCII.GetBytes("//////////////////////////////////////////////////////////////////");
69.  
70.         #endregion
71.  
72.         static void Main()
73.         {
74.             Console.WriteLine("Programm got stared.");
75.             Program pr = new Program();
76.             string StartingMessageText = "Visit devsome.com\r\nOpensource on elitepverps.com published by Devsome(dot)com";
77.             byte[] HexColorArray = { 0xff, 0xa5, 0x00, 0x00 };
78.             // pink             0xee, 0x82, 0xee, 0x00
79.             // hell blau        0xff, 0xa5, 0x00, 0x00
80.             uint BaseAddress = 0x400000;
81.            
82.             byte PUSH = 0x68;
83.             byte[] JMP = { 0xEB };
84.             uint ByteArray = 0;
85.  
86.             string currentDir = Environment.CurrentDirectory;
87.             Console.WriteLine("Your current Directory: " + currentDir);
88.  
89.             byte[] FileArray = File.ReadAllBytes(currentDir + @"\sro_client.exe");
90.             //AlreadyProgramExeSearch
91.             pr.AlreadyProgramExe = pr.FindStringPattern(pr.AlreadyProgramExeStringPattern, FileArray, BaseAddress, PUSH, 1) - 2;
92.             //SeedPatchSearch
93.             pr.SeedPatchAdress = BaseAddress + pr.FindPattern(pr.SeedPatchPattern, FileArray, 1);
94.             //ReplaceText
95.             pr.StartingMSG = pr.FindStringPattern(pr.StartingMSGStringPattern, FileArray, BaseAddress, PUSH, 1) + 24;
96.             pr.ChangeVersion = pr.FindStringPattern(pr.ChangeVersionStringPattern, FileArray, BaseAddress, PUSH, 1);
97.  
98.             //MulticlientSearch
99.             pr.MultiClientAddress = BaseAddress + pr.FindPattern(pr.MulticlientPattern, FileArray, 1) + 9;
100.             //CallForwardSearch
101.             pr.CallForwardAddress = BaseAddress + pr.FindPattern(pr.CallForwardPattern, FileArray, 1);
102.             //MultiClientErrorSearch
103.             pr.MultiClientError = pr.FindStringPattern(pr.MultiClientErrorStringPattern, FileArray, BaseAddress, PUSH, 1) - 8;
104.  
105.  
106.             CreateMutex(IntPtr.Zero, false, "Silkroad Online Launcher");
107.             CreateMutex(IntPtr.Zero, false, "Ready");
108.             Console.WriteLine("Silkroad Launcher started in background.");
109.             Process SilkProcess;
110.             SilkProcess = new Process();
111.             SilkProcess.StartInfo.FileName = currentDir + @"\sro_client.exe";
112.             SilkProcess.StartInfo.Arguments = "0 /22 0 0";
113.             SilkProcess.Start();
114.             Console.WriteLine("Process started with 0 /22 0 0");
115.             IntPtr SroProcessHandle = OpenProcess((uint)(0x000F0000L | 0x00100000L | 0xFFF), 0, SilkProcess.Id);
116.  
117.             //Already Program Exe
118.             WriteProcessMemory(SroProcessHandle, pr.AlreadyProgramExe, JMP, JMP.Length, ByteArray);
119.             Console.WriteLine("Already opend (write in Memory)");
120.             //Multiclient Error MessageBox
121.             WriteProcessMemory(SroProcessHandle, pr.MultiClientError, JMP, JMP.Length, ByteArray);
122.             WriteProcessMemory(SroProcessHandle, pr.SeedPatchAdress, pr.SeedPatch, pr.SeedPatch.Length, ByteArray);
123.             Console.WriteLine("Multiclient Error MessageBox (write in Memory)");
124.             pr.MultiClient(SroProcessHandle);
125.             pr.StartingTextMSG(SroProcessHandle, StartingMessageText, HexColorArray);
126.             Console.WriteLine("Writing the Version & Startmessage");
127.         }
128.  
129.         private void MultiClient(IntPtr SroProcessHandle)
130.         {
131.             uint MultiClientCodeCave = VirtualAllocEx(SroProcessHandle, IntPtr.Zero, 45, 0x1000, 0x4);
132.             uint MACCodeCave = VirtualAllocEx(SroProcessHandle, IntPtr.Zero, 4, 0x1000, 0x4);
133.             uint GTC = GetProcAddress(GetModuleHandle("kernel32.dll"), "GetTickCount");
134.  
135.             byte[] CallBack = BitConverter.GetBytes(MultiClientCodeCave + 41);
136.             byte[] CALLForward = BitConverter.GetBytes(CallForwardAddress - MultiClientCodeCave - 34);
137.             byte[] MACAddress = BitConverter.GetBytes(MACCodeCave);
138.             byte[] GTCAddress = BitConverter.GetBytes(GTC - MultiClientCodeCave - 18);
139.  
140.             byte[] MultiClientArray = BitConverter.GetBytes(MultiClientCodeCave - MultiClientAddress - 5);
141.             byte[] MultiClientCodeArray = { 0xE8, MultiClientArray[0], MultiClientArray[1], MultiClientArray[2], MultiClientArray[3] };
142.  
143.             byte[] MultiClientCode = {   0x8F, 0x05, CallBack[0], CallBack[1], CallBack[2], CallBack[3], //POP DWORD PTR DS:[xxxxxxxx]
144.                                          0xA3, MACAddress[0], MACAddress[1], MACAddress[2], MACAddress[3], //MOV DWORD PTR DS:[xxxxxxxx],EAX
145.                                          0x60, //PUSHAD
146.                                          0x9C, //PUSHFD
147.                                          0xE8, GTCAddress[0], GTCAddress[1], GTCAddress[2], GTCAddress[3], // Call KERNEL32.gettickcount
148.                                          0x8B, 0x0D, MACAddress[0], MACAddress[1], MACAddress[2], MACAddress[3], //MOV ECX,DWORD PTR DS:[xxxxxxxx]
149.                                          0x89, 0x41, 0x02, // MOV DWORD PTR DS:[ECX+2],EAX
150.                                          0x9D, //POPFD
151.                                          0x61, //POPAD
152.                                          0xE8, CALLForward[0], CALLForward[1], CALLForward[2], CALLForward[3], //CALL xxxxxxxx
153.                                          0xFF, 0x35, CallBack[0], CallBack[1], CallBack[2], CallBack[3], // PUSH DWORD PTR DS:[xxxxxxxx]
154.                                          0xC3 //RETN
155.                                        };
156.  
157.             WriteProcessMemory(SroProcessHandle, MultiClientCodeCave, MultiClientCode, MultiClientCode.Length, ByteArray);
158.             WriteProcessMemory(SroProcessHandle, MultiClientAddress, MultiClientCodeArray, MultiClientCodeArray.Length, ByteArray);
159.         }
160.  
161.         private void StartingTextMSG(IntPtr SroProcessHandle, string StartingText, byte[] HexColor)
162.         {
163.             string ChangeVersionString = "Dev";
164.             uint StartingMSGStringCodeCave = VirtualAllocEx(SroProcessHandle, IntPtr.Zero, StartingText.Length, 0x1000, 0x4);
165.             uint ChangeVersionStringCodeCave = VirtualAllocEx(SroProcessHandle, IntPtr.Zero, StartingText.Length, 0x1000, 0x4);
166.             byte[] StartingMSGByteArray = Encoding.Unicode.GetBytes(StartingText);
167.             byte[] ChangeVersionByteArray = Encoding.Unicode.GetBytes(ChangeVersionString);
168.             byte[] CallStartingMSG = BitConverter.GetBytes(StartingMSGStringCodeCave);
169.             byte[] CallChangeVersion = BitConverter.GetBytes(ChangeVersionStringCodeCave);
170.             byte[] StartingMSGCodeArray = { 0xB8, CallStartingMSG[0], CallStartingMSG[1], CallStartingMSG[2], CallStartingMSG[3] };
171.             byte[] ChangeVersionCodeArray = { 0x68, CallChangeVersion[0], CallChangeVersion[1], CallChangeVersion[2], CallChangeVersion[3] };
172.             WriteProcessMemory(SroProcessHandle, ChangeVersionStringCodeCave, ChangeVersionByteArray, ChangeVersionByteArray.Length, ByteArray);
173.             WriteProcessMemory(SroProcessHandle, ChangeVersion, ChangeVersionCodeArray, ChangeVersionCodeArray.Length, ByteArray);
174.             WriteProcessMemory(SroProcessHandle, ChangeVersion - 59, HexColor, HexColor.Length, ByteArray);
175.             WriteProcessMemory(SroProcessHandle, StartingMSGStringCodeCave, StartingMSGByteArray, StartingMSGByteArray.Length, ByteArray);
176.             WriteProcessMemory(SroProcessHandle, StartingMSG, StartingMSGCodeArray, StartingMSGCodeArray.Length, ByteArray);
177.             WriteProcessMemory(SroProcessHandle, StartingMSG + 9, HexColor, HexColor.Length, ByteArray);
178.             System.Environment.Exit(0);
179.         }
180.         private uint FindPattern(byte[] Pattern, byte[] FileByteArray, uint Result)
181.         {
182.             uint MyPosition = 0;
183.             uint ResultCounter = 0;
184.             for (uint PositionFileByteArray = 0; PositionFileByteArray < FileByteArray.Length - Pattern.Length; PositionFileByteArray++)
185.             {
186.                 bool found = true;
187.                 for (uint PositionPattern = 0; PositionPattern < Pattern.Length; PositionPattern++)
188.                 {
189.                     if (FileByteArray[PositionFileByteArray + PositionPattern] != Pattern[PositionPattern])
190.                     {
191.                         found = false;
192.                         break;
193.                     }
194.                 }
195.                 if (found)
196.                 {
197.                     ResultCounter += 1;
198.                     if (Result == ResultCounter)
199.                     {
200.                         MyPosition = PositionFileByteArray;
201.                         break;
202.                     }
203.                 }
204.             }
205.             return MyPosition;
206.         }
207.         private uint FindStringPattern(byte[] StringByteArray, byte[] FileArray, uint BaseAddress, byte StringWorker, uint Result)
208.         {
209.             uint MyPosition = 0;
210.             byte[] StringWorkerAddress = { StringWorker, 0x00, 0x00, 0x00, 0x00 };
211.             byte[] StringAddress = new byte[4];
212.             StringAddress = BitConverter.GetBytes(BaseAddress + FindPattern(StringByteArray, FileArray, 1));
213.             StringWorkerAddress[1] = StringAddress[0];
214.             StringWorkerAddress[2] = StringAddress[1];
215.             StringWorkerAddress[3] = StringAddress[2];
216.             StringWorkerAddress[4] = StringAddress[3];
217.  
218.             MyPosition = BaseAddress + FindPattern(StringWorkerAddress, FileArray, Result);
219.             return MyPosition;
220.         }
221.     }
222. }