gokaybiz · February 8, 2023 07:58
diff --git a/main.py b/main.py
 import pymem
 import windows

 PROCESS_NAME = 'Diablo III64.exe'
 THREADSTACK0 = 0x000007D8
 OFFSETS  = [0xC10, 0xAD8, 0x48, 0x18]

 def get_thread_local_storage(process_name: str):
    target_process = None
    pointer_size = 4 * 2
    stack_size = 4096 * 2
    base_thread_init_thunk_address = None
    thread_stack = None
    process_list = windows.system.enumerate_processes()
    for process in process_list:
        if process.name == process_name:
            target_process = process
            break

    thread0 = target_process.threads[0]

    teb = thread0.teb_base
    stack_base_address = teb + pointer_size
    stack_base = target_process.read_ptr(stack_base_address)
    thread0_stack_top = stack_base

    modules_list = target_process.peb.modules

    for module in modules_list:
        try:
            module.pe.export_name
        except Exception:
            continue
        if module.pe.export_name == "KERNEL32.dll":
            base_thread_init_thunk_address = module.pe.exports['BaseThreadInitThunk']
            break

    buffer = target_process.read_memory(thread0_stack_top - stack_size, stack_size)
    index = 0
    byte_counter = 0
    temp_pointer = 0
    for byte in buffer:
        temp_pointer = temp_pointer ^ (byte << 8 * byte_counter)
        byte_counter = byte_counter + 1
        if byte_counter == pointer_size:
            if base_thread_init_thunk_address <= temp_pointer <= base_thread_init_thunk_address + 0x100:
                thread_stack = thread0_stack_top - stack_size + pointer_size * index
                break
            index = index + 1
            byte_counter = 0
            temp_pointer = 0
    return thread_stack

 def get_address_pointer(pymem, start, pointer):
    addr = start
    addr = pymem.read_longlong(addr)
    for i, p in enumerate(pointer):
        if len(pointer)-1 == i:
            addr = addr + p
        else:
            addr = pymem.read_longlong(addr + p)
    return addr

 THREADSTACK0 = get_thread_local_storage(PROCESS_NAME) - THREADSTACK0

 pym = pymem.Pymem()
 pym.open_process_from_name(PROCESS_NAME)

 THREADSTACK0 = get_address_pointer(pym, THREADSTACK0, OFFSETS)

 pym.write_float(THREADSTACK0, -1.5)
diff --git a/requirements.txt b/requirements.txt
 pythonforwindows
 pymem
	import pymem
	import windows

	PROCESS_NAME = 'Diablo III64.exe'
	THREADSTACK0 = 0x000007D8
	OFFSETS = [0xC10, 0xAD8, 0x48, 0x18]

	def get_thread_local_storage(process_name: str):
	target_process = None
	pointer_size = 4 * 2
	stack_size = 4096 * 2
	base_thread_init_thunk_address = None
	thread_stack = None
	process_list = windows.system.enumerate_processes()
	for process in process_list:
	if process.name == process_name:
	target_process = process
	break

	thread0 = target_process.threads[0]

	teb = thread0.teb_base
	stack_base_address = teb + pointer_size
	stack_base = target_process.read_ptr(stack_base_address)
	thread0_stack_top = stack_base

	modules_list = target_process.peb.modules

	for module in modules_list:
	try:
	module.pe.export_name
	except Exception:
	continue
	if module.pe.export_name == "KERNEL32.dll":
	base_thread_init_thunk_address = module.pe.exports['BaseThreadInitThunk']
	break

	buffer = target_process.read_memory(thread0_stack_top - stack_size, stack_size)
	index = 0
	byte_counter = 0
	temp_pointer = 0
	for byte in buffer:
	temp_pointer = temp_pointer ^ (byte << 8 * byte_counter)
	byte_counter = byte_counter + 1
	if byte_counter == pointer_size:
	if base_thread_init_thunk_address <= temp_pointer <= base_thread_init_thunk_address + 0x100:
	thread_stack = thread0_stack_top - stack_size + pointer_size * index
	break
	index = index + 1
	byte_counter = 0
	temp_pointer = 0
	return thread_stack

	def get_address_pointer(pymem, start, pointer):
	addr = start
	addr = pymem.read_longlong(addr)
	for i, p in enumerate(pointer):
	if len(pointer)-1 == i:
	addr = addr + p
	else:
	addr = pymem.read_longlong(addr + p)
	return addr

	THREADSTACK0 = get_thread_local_storage(PROCESS_NAME) - THREADSTACK0

	pym = pymem.Pymem()
	pym.open_process_from_name(PROCESS_NAME)

	THREADSTACK0 = get_address_pointer(pym, THREADSTACK0, OFFSETS)

	pym.write_float(THREADSTACK0, -1.5)