def patch_origin_client(self):
origin = Client('Origin', 'Origin.exe', 'libeay32.dll', 'EVP_DigestVerifyFinal')
eadesktop = Client('EA Desktop', 'EADesktop.exe', 'libcrypto-1_1-x64.dll', 'EVP_DigestVerifyFinal')
client = origin
try:
client_process = Pymem(client.PROCESS_NAME)
except ProcessNotFound:
client = eadesktop
try:
client_process = Pymem(client.PROCESS_NAME)
except ProcessNotFound:
log.warning('Origin/EA Desktop process not found. Patching aborted')
return
if client_process.process_id == self.last_client_pid:
log.debug(f'{client.NAME} client is already patched')
return
log.info(f'Patching {client.NAME} client')
try:
dll_module = next(m for m in client_process.list_modules() if m.name.lower() == client.DLL_NAME)
except StopIteration:
log.error(f'{client.DLL_NAME} is not loaded. Patching aborted')
return
# The rest should complete without issues in most cases.
# Get the Export Address Table symbols
# noinspection PyUnresolvedReferences
dll_symbols = PE(dll_module.filename).DIRECTORY_ENTRY_EXPORT.symbols
# Get the symbol of the EVP_DigestVerifyFinal function
verify_func_symbol = next(s for s in dll_symbols if s.name.decode('ascii') == client.FUNCTION_NAME)
# Calculate the final address in memory
verify_func_addr = dll_module.lpBaseOfDll + verify_func_symbol.address
# Instructions to patch. We return 1 to force successful response validation.
patch_instructions = bytes([
0x66, 0xB8, 0x01, 0, # mov ax, 0x1
0xC3 # ret
])
client_process.write_bytes(verify_func_addr, patch_instructions, len(patch_instructions))
# Validate the written memory
read_instructions = client_process.read_bytes(verify_func_addr, len(patch_instructions))
if read_instructions != patch_instructions:
log.error('Failed to patch the instruction memory')
return
# At this point we know that patching was successful
self.last_client_pid = client_process.process_id
log.info(f'Patching {client.NAME} was successful')
class Darknet(Thread):
def __init__(self, path, executable, args):
Thread.__init__(self)
self.path = path
self.executable = executable
self.args = args
self.addresses = {}
self.isDarknetRunning = False
self.darknetProc = None
self.mw = Pymem()
self.objects = b'{}'
def start_darknet(self):
self.addresses = {}
os.chdir(DARKNET_PATH)
self.darknetProc = subprocess.Popen([self.executable] + self.args,
stdout=subprocess.PIPE)
while 1:
try:
self.mw.open_process_from_id(int(self.darknetProc.pid))
break
except (pymem.exception.CouldNotOpenProcess, TypeError):
time.sleep(0.5)
self.load_addresses()
os.chdir(LOCAL_PATH)
self.isDarknetRunning = True
def stop_darknet(self):
self.isDarknetRunning = False
self.addresses = {}
self.darknetProc.kill()
def get_darknet_output(self):
return darknetProc.communicate()[0]
def run(self):
try:
while self.isDarknetRunning:
length = self.mw.read_uint(
int(self.addresses['detectedObjectsLength'][0], 0))
pointer = self.mw.read_bytes(
int(self.addresses['detectedObjects'][0], 0), 8)
try: #sometimes memory reads error here
self.objects = self.mw.read_bytes(
int.from_bytes(pointer, 'little'), length)
except:
pass
time.sleep(0.01)
except:
print("Darknet has stopped running!")
self.isDarknetRunning = False
self.addresses = {}
def load_addresses(self):
os.chdir(DARKNET_PATH)
fName = self.executable + "-" + str(
self.darknetProc.pid) + "-streamedFile.data"
while not os.path.exists(fName):
time.sleep(0.5)
if os.path.isfile(fName):
with open(fName, 'r') as f:
self.addresses = json.load(f)
os.remove(fName)
os.chdir(LOCAL_PATH)
def get_objects(self):
#print(self.objects.decode())
try:
return json.loads(self.objects.decode())
except:
return None
mem = Pymem("csgo.exe")
Offsets = parse_dump_offsets()
Offsets.game_module = module_from_name(mem.process_handle,
"client_panorama.dll").lpBaseOfDll
Offsets.game_engine = module_from_name(mem.process_handle,
"engine.dll").lpBaseOfDll
game_window = get_game_window()
overlay = create_overlay(game_window)
settings = Settings()
game_menu = IGMenu(settings)
weapon_ids = json.load(open("data/weapons.json"))
view_matrix = lambda: unpack(
"16f",
mem.read_bytes(Offsets.game_module + Offsets.dwViewMatrix, 16 * 4))
font = pygame.font.SysFont("Courier", 11)
gun_font = pygame.font.Font("data/guns.ttf", 18)
except ProcessNotFound:
sys.exit("please start csgo first")
class Entity:
def __init__(self, address):
self.address = address
self.team = mem.read_int(self.address + Offsets.m_iTeamNum) == 2
self.health = mem.read_int(self.address + Offsets.m_iHealth)
self.dormant = mem.read_int(self.address + Offsets.m_bDormant)
self.alive = self.health > 0
from pymem import Pymem
from re import search
from pymem.process import module_from_name
from pymem.exception import ProcessNotFound
try:
processName='csgo.exe'
pm = Pymem(processName)
client = module_from_name(pm.process_handle,'client.dll')
clientLpBaseOfDll=client.lpBaseOfDll
clientModule = pm.read_bytes(clientLpBaseOfDll, client.SizeOfImage)
address = clientLpBaseOfDll + search(rb'\x83\xF8.\x8B\x45\x08\x0F',
clientModule).start() + 2
pm.write_uchar(address, 2 if pm.read_uchar(address) == 1 else 1)
pm.close_process()
print("hack completed")
except ProcessNotFound:
print("error: couldn't find process",processName)