ceclient.pas

这是一段游戏修改工具的源代码.ring3功能由dephi开发,驱动是C开发.希望对大家有帮助

unit CEClient;

interface

uses
  Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
  StdCtrls, ScktComp, ExtCtrls,SyncObjs,registry,winsock, IdBaseComponent,
  IdComponent, IdTCPConnection, IdTCPClient;


const
  //Client to server communication
  CS_GetProcessList=0; //no param
  CS_GetWindowList=1; //no param
  CS_OpenProcess=2; //procid: dword
  CS_AddAddress=3; // Address:dword;valtype:byte;bitnr:byte;length:byte
  CS_RefreshList=4; //Start:word;stop:word
  CS_SetConfig=5; //ShowAsSigned:byte BinariesAsDecimal:byte max:word; buffersize:dword;skip_page_no_cache: byte;UseDebugRegs:byte;stealthusermode:byte;stealthkernelmode:byte
  CS_ClearRecordList=6; //no param
  CS_ChangeValueOfAddress=7; //recnr: word; length:byte; newvalue:string
  CS_FreezeAddress=8; //recnr: word
  CS_ReadProcessMemory=9; //address:dword; length:word;
  CS_WriteProcessMemory=10; //address:dword; length:word; bytes:array of byte
  CS_FirstScan=11; //start,stop:dword;Scantype:byte;vartype:byte;scanvaluelength:byte;scanvalue:string;scanoptions:byte
  CS_NextScan=12;
  CS_NewScan=13;
  CS_CancelScan=14;
  CS_DeleteAddress=15; //recnr:word
  CS_SetTimerSpeed=16; //Updateinterval:word; freezeinterval:word
  CS_UnfreezeAddress=17; //recnr:word
  CS_ProcessItemAck=18;
  CS_SetHyperScanState=19; //(state:byte); //0=off 1=on
  CS_EnableSpeedhack=20; //(speed:single;sleeptime:dword)
  CS_DisableSpeedhack=21; //
  CS_EnableDebugger=22; //
  CS_FindWhatWrites=23;  //(address:dword;size:word)
  CS_FindWhatReads=24;   //(address:dword;size:word)
  CS_FindWhatAccesses=25;//(address:dword;size:word)
  CS_StopCodefinder=26;
  CS_VirtualProtectEx=27; //(Address: dword; dwSize:dword; NewProtect: DWORD);
  CS_SuspenProcess=28;
  CS_ResumeProcess=29;


  //server to client communication
  SC_TellUpdateSpeed=0; //updatespeed:word
  SC_TellFreezeSpeed=1; //freezespeed:word
  SC_ProcessListItem=2; //processid:dword; stringlength:byte;processname:array of char
  SC_StopProcessList=3; // noparam
  SC_OpenProcessSuccess=4; //'
  SC_OpenProcessFailed=5;
  SC_RecordReceived=6; //Indicated that the record has been received  (not really necesary)
  SC_ValueUpdated=7; //recnr:word; length:byte; value:string
  SC_ValueListDone=8; //All values have been sent to the client
  SC_DebugRegsPresent=9;
  SC_ValueChanged=10; //0=success 1=Incorrect value 2=unwritable 3=record doesn't exist

  SC_ReadProcessMemoryResult=11;
  SC_WriteProcessMemoryResult=12;

  SC_ScanResultCount=13; //count:int64
  SC_ScanResult=14; //stringlength:byte; result:string
  SC_AddressUnfrozen=15; //recnr: word;
  SC_UpdateProgressbar=16; //max:word; position:word
  SC_ScanFailed=17;
  SC_Disconnect=18;

  SC_Hyperscanstatus=19; //status:byte //0=off 1=on
  SC_SpeedhackStatus=20; //status:byte
  SC_DebuggerStatus=21; //status: byte 0=off 1=on

  SC_FoundCode=22; //(Address: dword;eax:dword; ebx:dword; ecx:dword; edx:dword;esi:dword;edi:dword;ebp:dword;esp:dword;eip:dword;)
  SC_VirtualProtectExResult=23; //(status:byte; oldprotecT:dword); //status 0=failed 1=success

const
  Exact_value = 0;
  Increased_value = 1;
  Increased_value_by = 2;
  Decreased_value = 3;
  Decreased_value_by = 4;
  Changed_value = 5;
  Unchanged_value = 6;
  Advanced_Scan = 7;
  String_Scan = 8;
  SmallerThan = 9;
  BiggerThan = 10;

type
  MemoryRecord = record
        Description : string[50];
        Address : dword;
        VarType : byte;
        Bit     : Byte;
        BitLength: byte;
        Frozen : boolean;
        FrozenValue : Int64;
        FrozenDirection: integer;
        ShowAsHex: Boolean;
        Group:  Byte;
  end;

type
  MemoryRecordOld = record
        Description : string[50];
        Address : dword;
        VarType : byte;
        Frozen : boolean;
        FrozenValue : Dword;
  end;


type THandlecommandThread=class(TThreaD)
  private
    currentcommand: integer;

  public
    go: boolean;
    procedure Execute; override;
    procedure HCommand;
end;

type
  TConnectForm = class(TForm)
    Button1: TButton;
    EditPort: TEdit;
    TimeOutTimer: TTimer;
    Label1: TLabel;
    Label2: TLabel;
    editAddress: TComboBox;
    IdTCPClient1: TIdTCPClient;
    Timer1: TTimer;
    procedure Button1Click(Sender: TObject);
    procedure FormCreate(Sender: TObject);
    procedure TimeOutTimerTimer(Sender: TObject);
    procedure FormShow(Sender: TObject);
    procedure Timer1Timer(Sender: TObject);
    procedure FormClose(Sender: TObject; var Action: TCloseAction);
  private
    { Private declarations }
    imalive: boolean;
    a,b,c,d,e: string;

    procedure ThreadMessage(var message:TMessage); message wm_user+1;
  public
    { Public declarations }
    recbuf: TMemorystream;
    hct: THandlecommandThread;
    procedure waitforCommand(command:byte);
    procedure handleCommand(command: byte);
    procedure ReceiveBuf(var Buf; Count: Integer);
  end;

type rec = record
  Command: Byte;
  {
    0=request process list (no items)
     +PROCESS:process+chr(0)
     +PROCESSLIST:0
     -PROCESSLIST:1
    1=request window list (no items)
    2=open processid; (processid)
    3=add record (address,valtype,bit)
    4=delete address (index)
    5=change freeze timer (freezetimer)
    6=change update timer (updatetimer)
    7=get memoryranges (start,stop,scanreadonly)
    8=next scan(value,fvalue,scantype,valtype,maximum)
    9=getmemoryrangesandscanmemory(start,stop,scanreadonly,value,fvalue,valtype,maximum);
    10=Change value at address... (index,scanvalue,fvalue,valtype)
    11=request update of list(no item)
    12=Freeze address (index)
    13=Unfreeze address (index)
    14=Change type of address X (integer,valtype)
    15=Change record X (address,valtype,bit)
  }
  processid: DWORD; //some of the items aren't being used!
  address: Dword;
  bit:     byte;
  valtype: Byte;
  value:   int64;
  Fvalue:  Double;
  Frozen:  Boolean;
  FreezeTimer: Integer;
  UpdateTimer: Integer;
  start: Dword;
  Stop: Dword;
  Scanreadonly: boolean;
  maximum: Integer;
  scantype: byte;
  scanvalue: string[30];
end;


type tdata=record
  dw1,dw2,dw3: dword;
  st: pchar;
end;

var
  ConnectForm: TConnectForm;
  output: array [0..2049] of byte;
  send: rec; //deprecated

  readevents: integer;

  ReadProcessMemoryEvent: TEvent;
  ReadProcessMemoryEventDone: TEvent;
  WriteProcessMemoryEvent: TEvent;
  WriteProcessMemoryEventDone: TEvent;
  Debuggerstatusevent: TEvent;
  Debuggerstatuseventdone: tevent;
  VirtualProtectExevent: TEvent;
  VirtualProtectExeventdone: tevent;

  ig: boolean;

procedure SendBuf(count: integer);
function ReadProcessMemoryNet(hProcess: THandle; const lpBaseAddress: Pointer; lpBuffer: Pointer;
  nSize: DWORD; var lpNumberOfBytesRead: DWORD): BOOL;

function WriteProcessMemoryNet(hProcess: THandle; const lpBaseAddress: Pointer; lpBuffer: Pointer;
  nSize: DWORD; var lpNumberOfBytesWritten: DWORD): BOOL;

function VirtualProtectExNet(hProcess: THandle; lpAddress: Pointer; dwSize, flNewProtect: DWORD; var OldProtect: DWORD): BOOL;

implementation

uses Unit2, processwindow, Unit1, Unit3, changetimerunit, formsettingsunit,
  MemoryBrowserFormUnit, formScanningUnit, FoundCodeUnit,disassembler;

{$R *.DFM}


procedure THandlecommandThread.Execute;
begin
  freeonterminate:=true;
  go:=true;
  while not terminated do
  begin
    try
      connectform.IdTCPClient1.ReadBuffer(currentcommand,1);
      case currentcommand of

        SC_ReadProcessMemoryResult:
        begin
          outputdebugstring('readprocessmemory result');
          readprocessmemoryevent.SetEvent;
          readprocessmemoryeventdone.waitfor(infinite);
          readprocessmemoryeventdone.ResetEvent;
          continue;
        end;

        SC_WriteProcessMemoryResult:
        begin
          outputdebugstring('Writeprocessmemory result');
          Writeprocessmemoryevent.SetEvent;
          Writeprocessmemoryeventdone.waitfor(infinite);
          Writeprocessmemoryeventdone.ResetEvent;
          continue;
        end;

        SC_DebuggerStatus:
        begin
          outputdebugstring('Debuggerstatus result');
          Debuggerstatusevent.SetEvent;
          Debuggerstatuseventdone.waitfor(infinite);
          Debuggerstatuseventdone.ResetEvent;
          continue;
        end;

        SC_VirtualProtectExResult:
        begin
          outputdebugstring('VirtualProtectExEx result');
          VirtualProtectExevent.SetEvent;
          VirtualProtectExeventdone.waitfor(infinite);
          VirtualProtectExeventdone.ResetEvent;
          continue;
        end;



        else
        begin
          hcommand;
         // synchronize(hcommand); //all other commands that need to be thread safe
        end;
      end;
    except
      outputdebugstring('crash while reading the buffer');
    end;
  end;
end;

procedure THandlecommandThread.HCommand;
begin
  connectform.handleCommand(currentcommand);
end;

procedure TConnectform.ThreadMessage(var message:TMessage);
var st:pchar;
    data: ^tdata;
    data2b: array of byte;
    data2: pointer absolute data2b;
    address,addressfound:dword;
    opcode,desc:string;
begin
  case message.wParam of
    SC_TELLUPDATESPEED:  mainform.StatusBar1.Panels[1].Text:='Update timer speed';
    SC_TellFreezeSpeed:  mainform.StatusBar1.Panels[1].Text:='Freeze timer speed';
    SC_ProcessListItem:
    begin
      mainform.StatusBar1.Panels[1].Text:='Receiving process list';

      st:=pointer(message.LParam);
      if proceswindow<>nil then
      begin
        proceswindow.SetProcessWindowState(false);
        proceswindow.ListBox1.Items.Add(st);
      end;
      freemem(st);
    end;

    SC_StopProcessList:
    begin
      mainform.StatusBar1.Panels[1].Text:='End of list';
      if proceswindow<>nil then
        proceswindow.SetProcessWindowState(true);
    end;

    SC_OpenProcessSuccess:
    begin
      mainform.StatusBar1.Panels[1].Text:='Opened process';
      mainform.processlabel.caption:=mainform.opening;
      mainform.ProcessOpened:=true;
    end;

    SC_OpenProcessFailed:  Messagedlg('Error opening the process',mtError,[mbok],0);
    SC_RecordReceived:  mainform.StatusBar1.Panels[1].Text:='Server received address';
    SC_ValueUpdated:
    begin
      data:=pointer(message.LParam);
      mainform.values[data.dw1]:=data.st;
      freemem(data.st);
      freemem(data);
    end;

    SC_ValueListDone: mainform.ShowValues;
    SC_DebugRegsPresent:
    begin
      with formsettings do
      begin
        rbDebugRegisters.Enabled:=true;
        label6.Enabled:=true;
        label7.Enabled:=true;
      end;
    end;

    SC_ScanResultCount:
    begin
      st:=pointer(message.LParam);
      mainform.FoundLabel.Caption:=st;

      if formscanning<>nil then
      begin
        formscanning.closeme:=true;
        formscanning.ModalResult:=mrOK;
      end;

      freemem(st);
    end;

    SC_ScanResult:
    begin
      st:=pointer(message.LParam);
      mainform.FoundList.Items.Add(st);
      freemem(st);
    end;

    sc_addressunfrozen:
    begin
      data:=pointer(message.LParam);
      if data.dw1<mainform.numberofrecords then
        mainform.memrec[data.dw1].frozen:=false;
      mainform.updatescreen;

      freemem(data);
    end;

    SC_UpdateProgressbar:
    begin
      data:=pointeR(message.LParam);
      if data.dw1<>mainform.progressbar1.Max then mainform.progressbar1.Max:=data.dw1;
      mainform.ProgressBar1.Position:=data.dw2;

      freemem(data);
    end;

    SC_ScanFailed:
    begin
      if formscanning<>nil then
      begin
        formscanning.closeme:=true;
        formscanning.ModalResult:=mrOK;
      end;
      Messagedlg('The scan has failed!',mtError,[mbok],0);
    end;

    SC_Disconnect: messagedlg('The server has been shut down.',mtInformation,[mbok],0);


    SC_Hyperscanstatus:
    begin
      data:=pointeR(message.LParam);
      if data.dw1=0 then mainform.CheckBox8.Checked:=false;
      freemem(data);
    end;

    sc_speedhackstatus:
    begin
      data:=pointeR(message.LParam);
      if data.dw1=0 then
      begin
        with mainform do
        begin
          cbspeedhack.Checked:=false;
          cbspeedhack.Enabled:=true;
          cbSpeedhack.Cursor:=crdefault;
          btnSetSpeedhack.Enabled:=true;

          edit1.visible:=false;
          edit2.visible:=false;
          label51.visible:=false;
          label52.visible:=false;
          btnSetSpeedhack.visible:=false;
        end;
      end
      else
      begin
        with mainform do
        begin
          edit1.visible:=true;
          edit2.visible:=true;
          label51.visible:=true;
          label52.visible:=true;
          btnSetSpeedhack.visible:=true;

          cbspeedhack.Enabled:=true;
          cbspeedhack.Cursor:=crdefault;

          label51.Enabled:=true;
          label52.Enabled:=true;
          edit1.Enabled:=true;
          edit2.Enabled:=true;
          btnSetSpeedhack.Enabled:=true;
        end;

      end;

      freemem(data);
    end;

    sc_foundcode:
    begin
      data2:=pointer(message.LParam);

    {
      pdword(@output[1])^:=addressfound;
      pdword(@output[5])^:=context.Eax;
      pdword(@output[9])^:=context.Ebx;
      pdword(@output[13])^:=context.Ecx;
      pdword(@output[17])^:=context.Edx;
      pdword(@output[21])^:=context.Esi;
      pdword(@output[25])^:=context.Edi;
      pdword(@output[29])^:=context.Ebp;
      pdword(@output[33])^:=context.Esp;
      pdword(@output[37])^:=context.Eip;  }

      if foundcodedialog<>nil then
      with foundcodedialog do
      begin
        addressfound:=pdword(@data2b[0])^;
        address:=addressfound;
        opcode:=disassemble(address,desc);

        setlength(coderecords,length(coderecords)+1);
        coderecords[length(coderecords)-1].address:=addressfound;
        coderecords[length(coderecords)-1].size:=address-addressfound;
        coderecords[length(coderecords)-1].opcode:=opcode;
        coderecords[length(coderecords)-1].desciption:=desc;

        coderecords[length(coderecords)-1].eax:=pdword(@data2b[4])^;
        coderecords[length(coderecords)-1].ebx:=pdword(@data2b[8])^;
        coderecords[length(coderecords)-1].ecx:=pdword(@data2b[12])^;
        coderecords[length(coderecords)-1].edx:=pdword(@data2b[16])^;
        coderecords[length(coderecords)-1].esi:=pdword(@data2b[20])^;
        coderecords[length(coderecords)-1].edi:=pdword(@data2b[24])^;
        coderecords[length(coderecords)-1].ebp:=pdword(@data2b[28])^;
        coderecords[length(coderecords)-1].esp:=pdword(@data2b[32])^;
        coderecords[length(coderecords)-1].eip:=pdword(@data2b[36])^;
        Foundcodelist.Items.Add(opcode);
      end;

      freemem(data2);
    end;

  end;

  data2:=nil;
end;



procedure TConnectForm.Button1Click(Sender: TObject);
var found:boolean;
    f:string;
    g,h,i,j,k:string;
    reg:TRegistry;
begin
  //add the ip to the reg (if it isn't in already)
  found:=false;
  f:=editaddress.text;

  if (f=a) or (f=b) or (f=c) or (f=d) or (f=e) then found:=true;

  if not found then
  begin
    //add to top and move the rest one down
    g:=a;
    h:=b;