mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
359 lines
9.7 KiB
C#
359 lines
9.7 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
|
// Type: LFSTweak.Memory
|
|||
|
|
// Assembly: LFSTweak, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
|
// MVID: C77C2A36-D42F-41E0-A8F4-0FAB7DAB4ECE
|
|||
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.Win32.Sality.sil-52c1c08a641f4eea7c4c4adfe074b30e92d254f958aa67f4b0ded38b7db3a24d.exe
|
|||
|
|
|
|||
|
|
using Microsoft.VisualBasic;
|
|||
|
|
using Microsoft.VisualBasic.CompilerServices;
|
|||
|
|
using System;
|
|||
|
|
using System.Diagnostics;
|
|||
|
|
using System.Runtime.InteropServices;
|
|||
|
|
|
|||
|
|
namespace LFSTweak
|
|||
|
|
{
|
|||
|
|
[StandardModule]
|
|||
|
|
internal sealed class Memory
|
|||
|
|
{
|
|||
|
|
public const int PROCESS_VM_READ = 16;
|
|||
|
|
public const int PROCESS_VM_WRITE = 32;
|
|||
|
|
public const int PROCESS_VM_OPERATION = 8;
|
|||
|
|
public const int PROCESS_QUERY_INFORMATION = 1024;
|
|||
|
|
public const int PROCESS_READ_WRITE_QUERY = 1080;
|
|||
|
|
public const int PROCESS_ALL_ACCESS = 2035711;
|
|||
|
|
|
|||
|
|
[DebuggerNonUserCode]
|
|||
|
|
static Memory()
|
|||
|
|
{
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
|
public static extern long ReadProcessMemory(
|
|||
|
|
IntPtr hProcess,
|
|||
|
|
int lpBaseAddress,
|
|||
|
|
ref int lpBuffer,
|
|||
|
|
int nSize,
|
|||
|
|
int lpNumberOfBytesWritten);
|
|||
|
|
|
|||
|
|
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
|
public static extern long ReadProcessMemory(
|
|||
|
|
IntPtr hProcess,
|
|||
|
|
int lpBaseAddress,
|
|||
|
|
ref byte[] lpBuffer,
|
|||
|
|
int nSize,
|
|||
|
|
int lpNumberOfBytesWritten);
|
|||
|
|
|
|||
|
|
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
|
public static extern long WriteProcessMemory(
|
|||
|
|
IntPtr hProcess,
|
|||
|
|
int lpBaseAddress,
|
|||
|
|
byte[] lpBuffer,
|
|||
|
|
int nSize,
|
|||
|
|
int lpNumberOfBytesWritten);
|
|||
|
|
|
|||
|
|
[DllImport("KERNEL32", EntryPoint = "WriteProcessMemory", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
|
public static extern float WriteMemorySingle(
|
|||
|
|
int Handle,
|
|||
|
|
int Address,
|
|||
|
|
ref float Value,
|
|||
|
|
int Size = 4,
|
|||
|
|
ref int BytesWritten = 0);
|
|||
|
|
|
|||
|
|
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
|
public static extern IntPtr OpenProcess(
|
|||
|
|
uint dwDesiredAccess,
|
|||
|
|
int bInheritHandle,
|
|||
|
|
uint dwProcessId);
|
|||
|
|
|
|||
|
|
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
|
public static extern bool CloseHandle(IntPtr hHandle);
|
|||
|
|
|
|||
|
|
public static int Game_Hwnd()
|
|||
|
|
{
|
|||
|
|
bool flag = false;
|
|||
|
|
Process[] processesByName = Process.GetProcessesByName("LFS");
|
|||
|
|
int index = 0;
|
|||
|
|
int id;
|
|||
|
|
if (index < processesByName.Length)
|
|||
|
|
{
|
|||
|
|
id = processesByName[index].Id;
|
|||
|
|
flag = true;
|
|||
|
|
}
|
|||
|
|
int num1;
|
|||
|
|
if (flag)
|
|||
|
|
{
|
|||
|
|
num1 = id;
|
|||
|
|
}
|
|||
|
|
else
|
|||
|
|
{
|
|||
|
|
int num2 = (int) Interaction.MsgBox((object) "Couldn't find Game");
|
|||
|
|
ProjectData.EndApp();
|
|||
|
|
}
|
|||
|
|
return num1;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static void WriteMemory(int Address, int Value, int Size)
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
int num = (int) Memory.OpenProcess(1080U, 0, checked ((uint) Memory.Game_Hwnd()));
|
|||
|
|
byte[] bytes = BitConverter.GetBytes(Value);
|
|||
|
|
Memory.WriteProcessMemory((IntPtr) num, Address, bytes, Size, 0);
|
|||
|
|
Memory.CloseHandle((IntPtr) num);
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static void WriteMemory(int Address, byte[] Value)
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
int num = (int) Memory.OpenProcess(1080U, 0, checked ((uint) Memory.Game_Hwnd()));
|
|||
|
|
Memory.WriteProcessMemory((IntPtr) num, Address, Value, Value.Length, 0);
|
|||
|
|
Memory.CloseHandle((IntPtr) num);
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static void WriteMemory(int Address, byte[] Value, int Offset, int Length)
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
int num1 = checked (Length - 1);
|
|||
|
|
int num2 = 0;
|
|||
|
|
while (num2 <= num1)
|
|||
|
|
{
|
|||
|
|
Memory.WriteMemory(checked (Address + num2), (int) Value[checked (num2 + Offset)], 1);
|
|||
|
|
checked { ++num2; }
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static void WriteMemory(int Address, string Value)
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
int length = Value.Length;
|
|||
|
|
int num = checked (length - 1);
|
|||
|
|
int index = 0;
|
|||
|
|
while (index <= num)
|
|||
|
|
{
|
|||
|
|
Memory.WriteMemory(checked (Address + index), Strings.Asc(Value[index]), 1);
|
|||
|
|
checked { ++index; }
|
|||
|
|
}
|
|||
|
|
Memory.WriteMemory(checked (Address + length), 0, 1);
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static void WriteMemory(int Address, double Value)
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
byte[] numArray = new byte[8];
|
|||
|
|
byte[] bytes = BitConverter.GetBytes(Value);
|
|||
|
|
int index = 0;
|
|||
|
|
do
|
|||
|
|
{
|
|||
|
|
Memory.WriteMemory(checked (Address + index), (int) bytes[index], 1);
|
|||
|
|
checked { ++index; }
|
|||
|
|
}
|
|||
|
|
while (index <= 7);
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static void WriteMemorySingle(int Address, float Value)
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
int hHandle = (int) Memory.OpenProcess(1080U, 0, checked ((uint) Memory.Game_Hwnd()));
|
|||
|
|
int Handle = hHandle;
|
|||
|
|
int Address1 = Address;
|
|||
|
|
ref float local1 = ref Value;
|
|||
|
|
int num1 = 0;
|
|||
|
|
ref int local2 = ref num1;
|
|||
|
|
double num2 = (double) Memory.WriteMemorySingle(Handle, Address1, ref local1, BytesWritten: (ref local2));
|
|||
|
|
Memory.CloseHandle((IntPtr) hHandle);
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static void ReadMemory(int Address, ref double Value)
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
byte[] numArray = new byte[8];
|
|||
|
|
int index = 0;
|
|||
|
|
do
|
|||
|
|
{
|
|||
|
|
int num;
|
|||
|
|
Memory.ReadMemory(checked (Address + index), ref num, 1);
|
|||
|
|
numArray[index] = checked ((byte) num);
|
|||
|
|
checked { ++index; }
|
|||
|
|
}
|
|||
|
|
while (index <= 7);
|
|||
|
|
Value = BitConverter.ToDouble(numArray, 0);
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static void ReadMemory(int Address, ref int Value, int Size)
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
int num = (int) Memory.OpenProcess(1080U, 0, checked ((uint) Memory.Game_Hwnd()));
|
|||
|
|
int lpBuffer;
|
|||
|
|
Memory.ReadProcessMemory((IntPtr) num, Address, ref lpBuffer, Size, 0);
|
|||
|
|
Value = lpBuffer;
|
|||
|
|
Memory.CloseHandle((IntPtr) num);
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static void ReadMemory(int Address, ref byte[] Value, int Length)
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
byte[] numArray = new byte[checked (Length - 1 + 1)];
|
|||
|
|
int num1 = checked (Length - 1);
|
|||
|
|
int index = 0;
|
|||
|
|
while (index <= num1)
|
|||
|
|
{
|
|||
|
|
int num2;
|
|||
|
|
Memory.ReadMemory(checked (Address + index), ref num2, 1);
|
|||
|
|
numArray[index] = checked ((byte) num2);
|
|||
|
|
checked { ++index; }
|
|||
|
|
}
|
|||
|
|
Value = numArray;
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static void ReadMemory(int Address, ref string Value)
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
string empty = string.Empty;
|
|||
|
|
int num = 0;
|
|||
|
|
int CharCode;
|
|||
|
|
do
|
|||
|
|
{
|
|||
|
|
Memory.ReadMemory(checked (Address + num), ref CharCode, 1);
|
|||
|
|
if (CharCode != 0)
|
|||
|
|
empty += Conversions.ToString(Strings.Chr(CharCode));
|
|||
|
|
checked { ++num; }
|
|||
|
|
}
|
|||
|
|
while (CharCode != 0);
|
|||
|
|
Value = empty;
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static void ReadMemory(int Address, ref string Value, int Length)
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
string empty = string.Empty;
|
|||
|
|
int num1 = checked (Length - 1);
|
|||
|
|
int num2 = 0;
|
|||
|
|
while (num2 <= num1)
|
|||
|
|
{
|
|||
|
|
int CharCode;
|
|||
|
|
Memory.ReadMemory(checked (Address + num2), ref CharCode, 1);
|
|||
|
|
empty += Conversions.ToString(Strings.Chr(CharCode));
|
|||
|
|
checked { ++num2; }
|
|||
|
|
}
|
|||
|
|
Value = empty;
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static object ReadByte(int Address)
|
|||
|
|
{
|
|||
|
|
int num;
|
|||
|
|
Memory.ReadMemory(Address, ref num, 4);
|
|||
|
|
return (object) num;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static object ReadByte2(int Address)
|
|||
|
|
{
|
|||
|
|
int num;
|
|||
|
|
Memory.ReadMemory(Address, ref num, 1);
|
|||
|
|
return (object) num;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static void WriteByte(int Address, int Value) => Memory.WriteMemory(Address, Value, 4);
|
|||
|
|
|
|||
|
|
public static void WriteByte2(int Address, int Value) => Memory.WriteMemory(Address, Value, 1);
|
|||
|
|
|
|||
|
|
public static void ReadSingle(int Address, ref float Value)
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
byte[] numArray = new byte[8];
|
|||
|
|
int index = 0;
|
|||
|
|
do
|
|||
|
|
{
|
|||
|
|
int num;
|
|||
|
|
Memory.ReadMemory(checked (Address + index), ref num, 1);
|
|||
|
|
numArray[index] = checked ((byte) num);
|
|||
|
|
checked { ++index; }
|
|||
|
|
}
|
|||
|
|
while (index <= 7);
|
|||
|
|
Value = BitConverter.ToSingle(numArray, 0);
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|