API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 17th, 2019
124
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.55 KB | None | 0 0
raw download clone embed print report
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Diagnostics;
  4. using System.IO;
  5. using System.IO.Pipes;
  6. using System.Linq;
  7. using System.Net;
  8. using System.Runtime.InteropServices;
  9. using System.Text;
  10. using System.Threading;
  11. using System.Threading.Tasks;
  12. using System.Windows.Forms;
  13.  
  14. namespace DeepAPI
  15. {
  16. class ExploitAPI
  17. {
  18. public enum DllInjectionResult
  19. {
  20. DllNotFound,
  21. GameProcessNotFound,
  22. InjectionFailed,
  23. Success
  24. }
  25. public static string exploitdllname = "Rozu.dll";
  26. public static string luapipename = "DeepAPI";
  27.  
  28. [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
  29. [return: MarshalAs(UnmanagedType.Bool)]
  30. public static extern bool WaitNamedPipe(string name, int timeout);
  31.  
  32. public static bool NamedPipeExist(string pipeName)
  33. {
  34. try
  35. {
  36. if (!WaitNamedPipe($"\\\\.\\pipe\\{pipeName}", 0))
  37. {
  38. int lastWin32Error = Marshal.GetLastWin32Error();
  39. if (lastWin32Error == 0)
  40. {
  41. return false;
  42. }
  43. if (lastWin32Error == 2)
  44. {
  45. return false;
  46. }
  47. }
  48. return true;
  49. }
  50. catch (Exception)
  51. {
  52. return false;
  53. }
  54. }
  55. public void LuaPipe(string script)
  56. {
  57. if (NamedPipeExist(luapipename))
  58. {
  59. new Thread(() =>
  60. {
  61. try
  62. {
  63. using (NamedPipeClientStream namedPipeClientStream = new NamedPipeClientStream(".", luapipename, PipeDirection.Out))
  64. {
  65. namedPipeClientStream.Connect();
  66. using (StreamWriter streamWriter = new StreamWriter(namedPipeClientStream, System.Text.Encoding.Default, 999999))
  67. {
  68. streamWriter.Write(script);
  69. streamWriter.Dispose();
  70. }
  71. namedPipeClientStream.Dispose();
  72. }
  73. }
  74. catch (IOException)
  75. {
  76. MessageBox.Show("Error occured connecting to the pipe.", "Connection Failed!", MessageBoxButtons.OK, MessageBoxIcon.Hand);
  77. }
  78. catch (Exception ex)
  79. {
  80. MessageBox.Show(ex.Message.ToString());
  81. }
  82. }).Start();
  83. }
  84. else
  85. {
  86. MessageBox.Show("Inject " + exploitdllname + " before Using this!", "Error", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
  87. return;
  88. }
  89. }
  90.  
  91.  
  92.  
  93. public sealed class DllInjector
  94. {
  95. static readonly IntPtr INTPTR_ZERO = (IntPtr)0;
  96.  
  97. [DllImport("kernel32.dll", SetLastError = true)]
  98. static extern IntPtr OpenProcess(uint dwDesiredAccess, int bInheritHandle, uint dwProcessId);
  99.  
  100. [DllImport("kernel32.dll", SetLastError = true)]
  101. static extern int CloseHandle(IntPtr hObject);
  102.  
  103. [DllImport("kernel32.dll", SetLastError = true)]
  104. static extern IntPtr GetProcAddress(IntPtr hModule, string lpProcName);
  105.  
  106. [DllImport("kernel32.dll", SetLastError = true)]
  107. static extern IntPtr GetModuleHandle(string lpModuleName);
  108.  
  109. [DllImport("kernel32.dll", SetLastError = true)]
  110. static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, IntPtr dwSize, uint flAllocationType, uint flProtect);
  111.  
  112. [DllImport("kernel32.dll", SetLastError = true)]
  113. static extern int WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] buffer, uint size, int lpNumberOfBytesWritten);
  114.  
  115. [DllImport("kernel32.dll", SetLastError = true)]
  116. static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttribute, IntPtr dwStackSize, IntPtr lpStartAddress,
  117. IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
  118.  
  119. static DllInjector _instance;
  120.  
  121. public static DllInjector GetInstance
  122. {
  123. get
  124. {
  125. if (_instance == null)
  126. {
  127. _instance = new DllInjector();
  128. }
  129. return _instance;
  130. }
  131. }
  132.  
  133. DllInjector() { }
  134.  
  135. public DllInjectionResult Inject(string sProcName, string sDllPath)
  136. {
  137. if (!File.Exists(sDllPath))
  138. {
  139. return DllInjectionResult.DllNotFound;
  140. }
  141.  
  142. uint _procId = 0;
  143.  
  144. Process[] _procs = Process.GetProcesses();
  145. for (int i = 0; i < _procs.Length; i++)
  146. {
  147. if (_procs[i].ProcessName == sProcName)
  148. {
  149. _procId = (uint)_procs[i].Id;
  150. break;
  151. }
  152. }
  153.  
  154. if (_procId == 0)
  155. {
  156. return DllInjectionResult.GameProcessNotFound;
  157. }
  158.  
  159. if (!bInject(_procId, sDllPath))
  160. {
  161. return DllInjectionResult.InjectionFailed;
  162. }
  163.  
  164. return DllInjectionResult.Success;
  165. }
  166.  
  167. bool bInject(uint pToBeInjected, string sDllPath)
  168. {
  169. IntPtr hndProc = OpenProcess((0x2 | 0x8 | 0x10 | 0x20 | 0x400), 1, pToBeInjected);
  170.  
  171. if (hndProc == INTPTR_ZERO)
  172. {
  173. return false;
  174. }
  175.  
  176. IntPtr lpLLAddress = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
  177.  
  178. if (lpLLAddress == INTPTR_ZERO)
  179. {
  180. return false;
  181. }
  182.  
  183. IntPtr lpAddress = VirtualAllocEx(hndProc, (IntPtr)null, (IntPtr)sDllPath.Length, (0x1000 | 0x2000), 0X40);
  184.  
  185. if (lpAddress == INTPTR_ZERO)
  186. {
  187. return false;
  188. }
  189.  
  190. byte[] bytes = Encoding.ASCII.GetBytes(sDllPath);
  191.  
  192. if (WriteProcessMemory(hndProc, lpAddress, bytes, (uint)bytes.Length, 0) == 0)
  193. {
  194. return false;
  195. }
  196.  
  197. if (CreateRemoteThread(hndProc, (IntPtr)null, INTPTR_ZERO, lpLLAddress, lpAddress, 0, (IntPtr)null) == INTPTR_ZERO)
  198. {
  199. return false;
  200. }
  201.  
  202. CloseHandle(hndProc);
  203.  
  204. return true;
  205. }
  206. }
  207.  
  208.  
  209. // Token: 0x06000035 RID: 53
  210. [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
  211. internal static extern IntPtr LoadLibraryA(string lpFileName);
  212.  
  213. // Token: 0x06000036 RID: 54
  214. [DllImport("kernel32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
  215. internal static extern UIntPtr GetProcAddress(IntPtr hModule, string procName);
  216.  
  217. // Token: 0x06000037 RID: 55
  218. [DllImport("kernel32.dll", SetLastError = true)]
  219. [return: MarshalAs(UnmanagedType.Bool)]
  220. internal static extern bool FreeLibrary(IntPtr hModule);
  221.  
  222. // Token: 0x06000038 RID: 56
  223. [DllImport("kernel32.dll")]
  224. internal static extern IntPtr OpenProcess(ExploitAPI.ProcessAccess dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
  225.  
  226. // Token: 0x06000039 RID: 57
  227. [DllImport("kernel32.dll", ExactSpelling = true, SetLastError = true)]
  228. internal static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
  229.  
  230. // Token: 0x0600003A RID: 58
  231. [DllImport("kernel32.dll", SetLastError = true)]
  232. internal static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, out UIntPtr lpNumberOfBytesWritten);
  233.  
  234. // Token: 0x0600003B RID: 59
  235. [DllImport("kernel32.dll")]
  236. internal static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttributes, uint dwStackSize, UIntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, out IntPtr lpThreadId);
  237.  
  238. // Token: 0x0600003C RID: 60
  239. [DllImport("kernel32.dll", SetLastError = true)]
  240. internal static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out int lpNumberOfBytesRead);
  241.  
  242. // Token: 0x0600003D RID: 61 RVA: 0x00002708 File Offset: 0x00000908
  243. public bool InjectDLL(string yes)
  244. {
  245. if (Process.GetProcessesByName("RobloxPlayerBeta").Length == 0)
  246. {
  247. return false;
  248. }
  249. Process process = Process.GetProcessesByName("RobloxPlayerBeta")[0];
  250. byte[] bytes = new ASCIIEncoding().GetBytes(AppDomain.CurrentDomain.BaseDirectory + yes);
  251. IntPtr hModule = ExploitAPI.LoadLibraryA("kernel32.dll");
  252. UIntPtr procAddress = ExploitAPI.GetProcAddress(hModule, "LoadLibraryA");
  253. ExploitAPI.FreeLibrary(hModule);
  254. if (procAddress == UIntPtr.Zero)
  255. {
  256. return false;
  257. }
  258. IntPtr intPtr = ExploitAPI.OpenProcess(ProcessAccess.AllAccess, false, process.Id);
  259. if (intPtr == IntPtr.Zero)
  260. {
  261. return false;
  262. }
  263. IntPtr intPtr2 = ExploitAPI.VirtualAllocEx(intPtr, (IntPtr)0, (uint)bytes.Length, 12288u, 4u);
  264. UIntPtr uintPtr;
  265. IntPtr intPtr3;
  266. return !(intPtr2 == IntPtr.Zero) && ExploitAPI.WriteProcessMemory(intPtr, intPtr2, bytes, (uint)bytes.Length, out uintPtr) && !(ExploitAPI.CreateRemoteThread(intPtr, (IntPtr)0, 0u, procAddress, intPtr2, 0u, out intPtr3) == IntPtr.Zero);
  267. }
  268.  
  269. // Token: 0x02000004 RID: 4
  270. [Flags]
  271. public enum ProcessAccess
  272. {
  273. // Token: 0x04000007 RID: 7
  274. AllAccess = 1050235,
  275. // Token: 0x04000008 RID: 8
  276. CreateThread = 2,
  277. // Token: 0x04000009 RID: 9
  278. DuplicateHandle = 64,
  279. // Token: 0x0400000A RID: 10
  280. QueryInformation = 1024,
  281. // Token: 0x0400000B RID: 11
  282. SetInformation = 512,
  283. // Token: 0x0400000C RID: 12
  284. Terminate = 1,
  285. // Token: 0x0400000D RID: 13
  286. VMOperation = 8,
  287. // Token: 0x0400000E RID: 14
  288. VMRead = 16,
  289. // Token: 0x0400000F RID: 15
  290. VMWrite = 32,
  291. // Token: 0x04000010 RID: 16
  292. Synchronize = 1048576
  293. }
  294.  
  295.  
  296.  
  297.  
  298.  
  299.  
  300.  
  301. public bool LaunchExploit()
  302. {
  303. if (ExploitAPI.NamedPipeExist(luapipename))
  304. {
  305. MessageBox.Show("Dll already injected", "No problems");
  306. }
  307.  
  308.  
  309. if (InjectDLL("Rozu.dll"))
  310. {
  311. return true;
  312. }
  313. MessageBox.Show("DLL failed to inject", "Error");
  314.  
  315.  
  316. return false;
  317. }
  318. }
  319.  
  320. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!