Code:
/*
* Created by SharpDevelop.
* User: loui
* Date: 01/01/2010
* Time: 00:48
*
* To change this template use Tools | Options | Coding | Edit Standard Headers.
*/
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace consoleWoWlauncher
{
class Program
{
//C# Signature for the FindWindow() API
[DllImport("USER32.DLL")]
public static extern IntPtr FindWindow(
string lpClassName,
string lpWindowName);
[DllImport("Kernel32.DLL")]
public static extern double ResumeThread(IntPtr hThread);
//C# Signature for the WriteProcessMemory() API
[DllImport("kernel32.dll")]
static extern bool WriteProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
byte[] lpBuffer,
uint nSize,
out int lpNumberOfBytesWritten
);
//C# Signature for the OpenProcess() API
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(
UInt32 dwDesiredAccess,
Int32 bInheritHandle,
UInt32 dwProcessId
);
//C# Signature for the GetWindowThreadProcessId() API
[DllImport("user32.dll", SetLastError = true)]
static extern uint GetWindowThreadProcessId(
IntPtr hWnd,
out uint lpdwProcessId
);
//C# Signature for the CloseHandle() API
[DllImport("kernel32.dll")]
public static extern Int32 CloseHandle(
IntPtr hObject
);
[DllImport("kernel32.dll")]
static extern bool CreateProcess(
string lpApplicationName,
string lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
string lpCurrentDirectory,
ref STARTUPINFO lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("advapi32.dll", SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool AdjustTokenPrivileges(
IntPtr TokenHandle,
[MarshalAs(UnmanagedType.Bool)]bool DisableAllPrivileges,
ref TOKEN_PRIVILEGES NewState,
UInt32 Zero,
IntPtr Null1,
IntPtr Null2);
[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
public static extern bool LookupPrivilegeValue(
[MarshalAs(UnmanagedType.LPTStr)] string lpSystemName,
[MarshalAs(UnmanagedType.LPTStr)] string lpName,
ref LUID lpLuid);
[DllImport("advapi32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
internal static extern bool OpenProcessToken(
IntPtr ProcessToken,
uint DesiredAccess,
ref IntPtr TokenHandle);
[StructLayout(LayoutKind.Sequential)]
public struct TOKEN_PRIVILEGES
{
public UInt32 PrivilegeCount;
public LUID Luid;
public UInt32 Attributes;
}
[StructLayout(LayoutKind.Sequential)]
public struct LUID {
public uint LowPart;
public int HighPart;
}
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public uint dwProcessId;
public uint dwThreadId;
}
public struct STARTUPINFO
{
public uint cb;
public string lpReserved;
public string lpDesktop;
public string lpTitle;
public uint dwX;
public uint dwY;
public uint dwXSize;
public uint dwYSize;
public uint dwXCountChars;
public uint dwYCountChars;
public uint dwFillAttribute;
public uint dwFlags;
public short wShowWindow;
public short cbReserved2;
public IntPtr lpReserved2;
public IntPtr hStdInput;
public IntPtr hStdOutput;
public IntPtr hStdError;
}
public static void Main(string[] args)
{
STARTUPINFO WoWSi = new STARTUPINFO();
WoWSi.Equals(0x0);
WoWSi.cb = (uint)0x0;
PROCESS_INFORMATION WoWPi = new PROCESS_INFORMATION();
int TWO = 2;
Console.WriteLine("Opening WoW...");
if(CreateProcess("WoW.exe",null,IntPtr.Zero,IntPtr.Zero,false,0x00000004,IntPtr.Zero,null,ref WoWSi,out WoWPi))
{
TOKEN_PRIVILEGES Privileges = new TOKEN_PRIVILEGES();
LUID Luid = new LUID();
Process curProcess = Process.GetCurrentProcess();
IntPtr hToken = IntPtr.Zero;
if(OpenProcessToken(curProcess.Handle, 0x00000020 | 0x00000008, ref hToken))
{
Console.WriteLine("process token opened...");
if(LookupPrivilegeValue(null,"SeDebugPrivilege",ref Luid))
{
if((Luid.LowPart != 0x0) || (Luid.HighPart != 0))
{
Console.WriteLine("privileges looked up...");
Privileges.PrivilegeCount = 1;
Privileges.Luid = Luid;
Privileges.Attributes = 0x00000002; //SE_PRIVILEGES_ENABLED
if(AdjustTokenPrivileges(hToken, false, ref Privileges, 0, IntPtr.Zero, IntPtr.Zero))
{
Console.WriteLine("writing process memory...");
WriteProcessMemory(WoWPi.hProcess,(IntPtr)0x00435F89,new byte[]{0xEB,0x5B},(uint)2,out TWO);
WriteProcessMemory(WoWPi.hProcess,(IntPtr)0x005E5F5F,new byte[]{0x90,0x90},(uint)2,out TWO);
}
else
{
Console.WriteLine("Could not modify privileges hmm...");
}
}
else
{
Console.WriteLine("Luid Lowpart:"+Luid.LowPart.ToString()+" Luid Highpart:"+Luid.HighPart.ToString());
}
}
}
ResumeThread(WoWPi.hThread);
CloseHandle(WoWPi.hThread);
CloseHandle(WoWPi.hProcess);
}
else{Console.WriteLine("failed!");}
// TODO: Implement Functionality Here
Console.Write("Press any key to continue . . . ");
Console.ReadKey(true);
}
}
}
thanks in advance and hope someone else can use this (it does memory read without throwing exceptions)