Created
June 24, 2018 07:00
-
-
Save stevefan1999-personal/31623529fd5a1941ff1fd310e5c84a64 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Diagnostics; | |
using System.IO; | |
using System.Linq; | |
using System.Security.Principal; | |
using System.Threading.Tasks; | |
public class SigScanSharp | |
{ | |
public byte[] Target { get; set; } | |
private bool PatternCheck(int nOffset, byte[] arrPattern) | |
{ | |
for (int i = 0; i < arrPattern.Length; i++) { | |
if (arrPattern[i] == 0x0) | |
continue; | |
if (arrPattern[i] != this.Target[nOffset + i]) | |
return false; | |
} | |
return true; | |
} | |
public ulong FindPattern(string szPattern, out long lTime) | |
{ | |
Stopwatch stopwatch = Stopwatch.StartNew(); | |
byte[] arrPattern = ParsePatternString(szPattern); | |
for (int nModuleIndex = 0; nModuleIndex < Target.Length; nModuleIndex++) { | |
if (this.Target[nModuleIndex] != arrPattern[0]) | |
continue; | |
if (PatternCheck(nModuleIndex, arrPattern)) { | |
lTime = stopwatch.ElapsedMilliseconds; | |
return (ulong)nModuleIndex; | |
} | |
} | |
lTime = stopwatch.ElapsedMilliseconds; | |
return 0; | |
} | |
private byte[] ParsePatternString(string szPattern) | |
{ | |
List<byte> patternbytes = new List<byte>(); | |
foreach (var szByte in szPattern.Split(' ')) | |
patternbytes.Add(szByte == "?" ? (byte)0x0 : Convert.ToByte(szByte, 16)); | |
return patternbytes.ToArray(); | |
} | |
} | |
class Program { | |
static bool IsElevated => WindowsIdentity.GetCurrent().Owner.IsWellKnown(WellKnownSidType.BuiltinAdministratorsSid); | |
static void Main(string[] args) { | |
if (!IsElevated) { | |
Console.WriteLine("Error: this program requires administrator permission"); | |
goto exit; | |
} | |
var streamServer = Path.Combine( | |
Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles), | |
"NVIDIA Corporation", | |
"NvStreamSrv" | |
); | |
var streamBackup = Path.Combine(streamServer, "nvstreamer.bak.exe"); | |
if (File.Exists(streamBackup)) { | |
Console.WriteLine("Error: nvstreamer is already patched"); | |
goto exit; | |
} | |
var streamer = Path.Combine(streamServer, "nvstreamer.exe"); | |
Console.WriteLine("Backing up nvstreamer.exe to nvstreamer.bak.exe"); | |
try { | |
File.Copy(streamer, streamBackup); | |
Console.WriteLine("Backing up nvstreamer.exe success"); | |
} catch { | |
Console.WriteLine("Unable to back up nvstreamer.exe"); | |
goto exit; | |
} | |
Console.WriteLine("Patching nvstreamer.exe"); | |
try { | |
Console.WriteLine("Loading nvstreamer.exe"); | |
var streamerBytes = File.ReadAllBytes(streamer); | |
Console.WriteLine($"File size: {streamerBytes.Length}"); | |
var scanner = new SigScanSharp() { | |
Target = streamerBytes | |
}; | |
var pat = scanner.FindPattern("FF 15 ? ? ? ? EB 22 4C 8B 45 F0", out var time); | |
if (pat != 0) { | |
Console.WriteLine($"ScreenMonitor::Impl::IsFrameSkipped->ClipCursor found at {pat:X}, time taken {time} ms"); | |
Console.WriteLine("Writing nops"); | |
Parallel.For(0, 6, i => streamerBytes[pat + (uint)i] = 0x90); | |
var check = streamerBytes.Skip((int)pat).Take(10).ToArray(); | |
Console.WriteLine($"Final bytes: {BitConverter.ToString(check).Replace("-", " ")}"); | |
Console.WriteLine("Writing back to file"); | |
try { | |
File.WriteAllBytes(streamer, streamerBytes); | |
Console.WriteLine("Success!"); | |
} catch { | |
Console.WriteLine("File failed to write"); | |
} | |
} else { | |
Console.WriteLine("ScreenMonitor::Impl::IsFrameSkipped->ClipCursor not found"); | |
} | |
} catch { | |
Console.WriteLine("Unable to load nvstreamer.exe"); | |
goto exit; | |
} | |
exit: | |
Console.WriteLine("Press enter to exit..."); | |
Console.ReadLine(); | |
} | |
} |
RL-shuyi
commented
May 22, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment