Code:
[DllImport("kernel32.dll")]
private static extern IntPtr OpenProcess(uint dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll", SetLastError=true, ExactSpelling=true)]
private static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
[DllImport("kernel32.dll", SetLastError=true, ExactSpelling=true)]
private static extern bool VirtualFreeEx(IntPtr hProcess, IntPtr lpAddress, UIntPtr dwSize, uint dwFreeType);
[DllImport("kernel32.dll")]
private static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, [Out] int lpNumberOfBytesWritten);
Code:
public void Send(string cmd)
{
try
{
Process[] processesByName = Process.GetProcessesByName("t6zm");
if (Process.GetProcessesByName("t6mp").Length != 0)
{
this.callBytes = BitConverter.GetBytes(0x5c6f10);
}
else if (processesByName.Length != 0)
{
this.callBytes = BitConverter.GetBytes(0x6b9d20);//Change this to the call address you found
}
if (cmd == null)
{
MessageBox.Show("Please type in a cmd before pressing <Send>.", "Error", MessageBoxButtons.OK);
}
if (_cBuf_addTextFuncAddress == IntPtr.Zero)
{
IntPtr ptr;
_cBuf_addTextFuncAddress = VirtualAllocEx(ProcessHandle, IntPtr.Zero, (uint) Stubs.WrapperTocBuf_AddText.Length, 0x3000, 0x40);
this.cmdBytes = Encoding.ASCII.GetBytes(cmd + '\0');
cmdAddress = VirtualAllocEx(ProcessHandle, IntPtr.Zero, (uint) this.cmdBytes.Length, 0x3000, 0x40);
int lpNumberOfBytesWritten = 0;
WriteProcessMemory(ProcessHandle, cmdAddress, this.cmdBytes, (uint) this.cmdBytes.Length, lpNumberOfBytesWritten);
Array.Copy(BitConverter.GetBytes(cmdAddress.ToInt32()), 0, Stubs.WrapperTocBuf_AddText, 9, 4);
Array.Copy(this.callBytes, 0, Stubs.WrapperTocBuf_AddText, 0x10, 4);
WriteProcessMemory(ProcessHandle, _cBuf_addTextFuncAddress, Stubs.WrapperTocBuf_AddText, (uint) Stubs.WrapperTocBuf_AddText.Length, lpNumberOfBytesWritten);
CreateRemoteThread(ProcessHandle, IntPtr.Zero, 0, _cBuf_addTextFuncAddress, IntPtr.Zero, 0, out ptr);
if ((_cBuf_addTextFuncAddress != IntPtr.Zero) && (cmdAddress != IntPtr.Zero))
{
VirtualFreeEx(ProcessHandle, _cBuf_addTextFuncAddress, (UIntPtr) Stubs.WrapperTocBuf_AddText.Length, 0x8000);
VirtualFreeEx(ProcessHandle, cmdAddress, (UIntPtr) this.cmdBytes.Length, 0x8000);
}
_cBuf_addTextFuncAddress = IntPtr.Zero;
}
}
catch (ArgumentNullException)
{
}
}
Code:
private void button1_Click(object sender, EventArgs e)
{
Process[] processesByName = Process.GetProcessesByName("t6zm");
Process[] processArray2 = Process.GetProcessesByName("t6mp");
byte[] NOPBuffer = new byte[] { 0x90, 0x90 };
if (processArray2.Length != 0)
{
if (ProcessID != processArray2[0].Id)
{
ProcessID = processArray2[0].Id;
ProcessHandle = OpenProcess(0x1f0fff, false, ProcessID);
WriteProcessMemory(ProcessHandle, 0x8c923a, NOPBuffer, (uint) NOPBuffer.Length, 0);
}
Send(textBox1.Text);
}
else if (processesByName.Length != 0)
{
if (ProcessID != processesByName[0].Id)
{
ProcessID = processesByName[0].Id;
ProcessHandle = OpenProcess(0x1f0fff, false, ProcessID);
WriteProcessMemory(ProcessHandle, 0x8c7e7a, NOPBuffer, (uint) NOPBuffer.Length, 0);
}
Send(textBox1.Text);
}
}
MP addresses are up to date, but ZM aren't, so yea, you'll have to replace them.