API tools faq
paste
Advertisement
test12333

Untitled

test12333
Nov 11th, 2023
584
0
Never
1
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 2.80 KB | None | 0 0
raw download clone embed print report
  1. import pymem
  2.  
  3. class SCMemory(pymem.Pymem):
  4.  
  5.     pClassLoader = 0
  6.     JavaClassArray = 0
  7.  
  8.     def GetClassLoaderAndArray(self):
  9.         mov_rax_qword_737FC700 = self.PatternScan("jvm.dll", "48 8B 05 ?? ?? ?? ?? 48 85 C0 74 ?? 48 8B 50 ?? 48 85 D2")
  10.         self.pClassLoader = self.GetAbsoluteAddress(mov_rax_qword_737FC700, 3, 7)
  11.         self.JavaClassArray = self.read_ulonglong(self.pClassLoader + 0x28)
  12.  
  13.     def GetAbsoluteAddress(self, ptr: int, offset: int, size: int) -> int:
  14.         return ptr + self.read_int(ptr + offset) + size
  15.  
  16.     def PatternScan(self, module_name, pattern) -> int:
  17.         module = pymem.process.module_from_name(self.process_handle, module_name)
  18.  
  19.         pattern_bytes_str = ""
  20.         for byte in pattern.split(" "):
  21.             if byte == "?" or byte == "??":
  22.                 pattern_bytes_str += "."
  23.             else:
  24.                 pattern_bytes_str += "\\x" + byte
  25.  
  26.         pattern_bytes = bytes(pattern_bytes_str, "utf-8")
  27.  
  28.         value = pymem.pattern.pattern_scan_module(self.process_handle, module, pattern_bytes)
  29.         if value is None:
  30.             value = 0
  31.  
  32.         return value
  33.  
  34.     def FindJavaClassInstance(self, query):
  35.         klass = sc.read_ulonglong(self.JavaClassArray + 0x30)  # first klass
  36.  
  37.         while klass:
  38.             klass_symbol = sc.read_ulonglong(klass + 0x58)
  39.             klass_name = sc.read_string(klass_symbol + 0x6, sc.read_short(klass_symbol))  # short - string len
  40.             if klass_name == query:
  41.                 return klass
  42.             klass = sc.read_ulonglong(klass + 0x78)  # next class
  43.  
  44.     def FindClassInstance(self, query):
  45.         klass = sc.read_ulonglong(sc.read_ulonglong(self.pClassLoader) + 0x30)  # first klass
  46.  
  47.         while klass:
  48.             klass_symbol = sc.read_ulonglong(klass + 0x58)
  49.             klass_name = sc.read_string(klass_symbol + 0x6, sc.read_short(klass_symbol))  # short - string len
  50.             if klass_name == query:
  51.                 return klass
  52.             klass = sc.read_ulonglong(klass + 0x78)  # next class
  53.  
  54.  
  55. sc = SCMemory("stalcraftw.exe")
  56. sc.GetClassLoaderAndArray()
  57.  
  58. fl = open("dmp.txt", "w")
  59.  
  60. #Java Classes
  61. klass = sc.read_ulonglong(sc.JavaClassArray + 0x30)  # first klass
  62.  
  63. while klass:
  64.     klass_symbol = sc.read_ulonglong(klass + 0x58)
  65.     klass_name = sc.read_string(klass_symbol + 0x6, sc.read_short(klass_symbol))  # short - string len
  66.     print(klass_name)
  67.     fl.write(klass_name + "\n")
  68.     klass = sc.read_ulonglong(klass + 0x78)
  69.  
  70. #Other classes
  71. klass = sc.read_ulonglong(sc.read_ulonglong(sc.pClassLoader) + 0x30)
  72.  
  73. while klass:
  74.     klass_symbol = sc.read_ulonglong(klass + 0x58)
  75.     klass_name = sc.read_string(klass_symbol + 0x6, sc.read_short(klass_symbol))
  76.     print(klass_name)
  77.     fl.write(klass_name + "\n")
  78.     klass = sc.read_ulonglong(klass + 0x78)
Advertisement
Comments
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!