def get_module_offset(module: str, pm: Pymem): """Return module offset """ module_offset = None for i in list(pm.list_modules()): if (i.name == module): module_offset = i.lpBaseOfDll return module_offset
def patch_origin_client(self): origin = Client('Origin', 'Origin.exe', 'libeay32.dll', 'EVP_DigestVerifyFinal') eadesktop = Client('EA Desktop', 'EADesktop.exe', 'libcrypto-1_1-x64.dll', 'EVP_DigestVerifyFinal') client = origin try: client_process = Pymem(client.PROCESS_NAME) except ProcessNotFound: client = eadesktop try: client_process = Pymem(client.PROCESS_NAME) except ProcessNotFound: log.warning('Origin/EA Desktop process not found. Patching aborted') return if client_process.process_id == self.last_client_pid: log.debug(f'{client.NAME} client is already patched') return log.info(f'Patching {client.NAME} client') try: dll_module = next(m for m in client_process.list_modules() if m.name.lower() == client.DLL_NAME) except StopIteration: log.error(f'{client.DLL_NAME} is not loaded. Patching aborted') return # The rest should complete without issues in most cases. # Get the Export Address Table symbols # noinspection PyUnresolvedReferences dll_symbols = PE(dll_module.filename).DIRECTORY_ENTRY_EXPORT.symbols # Get the symbol of the EVP_DigestVerifyFinal function verify_func_symbol = next(s for s in dll_symbols if s.name.decode('ascii') == client.FUNCTION_NAME) # Calculate the final address in memory verify_func_addr = dll_module.lpBaseOfDll + verify_func_symbol.address # Instructions to patch. We return 1 to force successful response validation. patch_instructions = bytes([ 0x66, 0xB8, 0x01, 0, # mov ax, 0x1 0xC3 # ret ]) client_process.write_bytes(verify_func_addr, patch_instructions, len(patch_instructions)) # Validate the written memory read_instructions = client_process.read_bytes(verify_func_addr, len(patch_instructions)) if read_instructions != patch_instructions: log.error('Failed to patch the instruction memory') return # At this point we know that patching was successful self.last_client_pid = client_process.process_id log.info(f'Patching {client.NAME} was successful')
Запускаю бота и смотрю что произойдет """ from pymem import Pymem import time import keyboard import mouse import json for i in range(5): print(i) time.sleep(1) if "__main__" == __name__: pm = Pymem('XR_3DA.exe') module_offset = None for i in list(pm.list_modules()): if (i.name == "xrGame.dll"): module_offset = i.lpBaseOfDll holder = [] plashka = False print("started") for i in range(0, 25): z = pm.read_float(pm.base_address + 0x104944) x = pm.read_float(pm.base_address + 0x10493C) j = keyboard.is_pressed('space') r = mouse.is_pressed('right') plashka = pm.read_bool(module_offset + 0x54C2F9) holder.append([x, z, j, r]) time.sleep(0.5) with open("dataclean", mode="w") as file: json.dump(holder, file)