diff options
| author | boris <wzn@moneybot.cc> | 2018-12-02 11:54:04 +1300 |
|---|---|---|
| committer | boris <wzn@moneybot.cc> | 2018-12-02 11:54:04 +1300 |
| commit | 35ad992665096e0313bc3d514da9cceacb25ba5d (patch) | |
| tree | 0bdb692363e956d19cee5469901206aeba8741b0 /loader/server/server_windows.cpp | |
| parent | 501b0aa1efdef5899094647f00ecc013fc74db62 (diff) | |
epic shellcode also made code less gay
Diffstat (limited to 'loader/server/server_windows.cpp')
| -rw-r--r-- | loader/server/server_windows.cpp | 57 |
1 files changed, 2 insertions, 55 deletions
diff --git a/loader/server/server_windows.cpp b/loader/server/server_windows.cpp index a098f35..548259b 100644 --- a/loader/server/server_windows.cpp +++ b/loader/server/server_windows.cpp @@ -21,65 +21,12 @@ #include <thread>
#include "server.hpp"
-//#include "manual_map.hpp"
+#include "manual_map.hpp"
server::c_server g_server;
-// boris note:
-// i spent most of today working on getting the manual mapping code to work (i'll put it here once it does)
-// and i had to get this thing off my head, which is v epic
-// give it a read and see what i mean
-// we can abuse this for basically any other dx9 based game
-// hopefully this will be assembled on server and sent off to client to trigger as entrypoint
-// rather than the relocation code we would usually run on client with crappy manual mappers
-// also:
-// manual mapper will be written with a server/client approach in mind, it will be very easy to split the
-// two apart once it's ready for implementation. i'll tell u about it in pms if you really want to know
-
-//i really hope you do this the turbochad way and sigscan your own shellcode for 69696969
-
-// u rite
-
-uint8_t shellcode[] = {
- 0x55, // push ebp
- 0x8B, 0xEC, // mov ebp, esp
- 0x51, // push ecx
- 0x56, // push esi
- 0x8D, 0x45, 0xFC, // lea eax, dword ptr[ ebp-4 ]
- 0xC7, 0x45, 0xFC, 0x00, 0x00, 0x00, 0x00, // mov dword ptr[ ebp-4 ], 0
- // ; remove memory protection so we can write
- 0x50, // push eax
- 0x6A, 0x40, // push 40h
- 0x6A, 0x04, // push 4h
- 0x68, 0x69, 0x69, 0x69, 0x69, // push dword ptr[ vmt_endscene ]
- 0xBE, 0xEF, 0xBE, 0xAD, 0xDE, // mov esi, dword ptr[ virtual_protect ]
- 0xFF, 0xD6, // call esi
- 0x84, 0xC0, // test al, al
- 0x74, 0x2A, // jz clean_up
- 0x8D, 0x45, 0xFC, // lea eax, dword ptr[ ebp-4 ]
- // ; restore endscene ptr
- 0xC7, 0x05, 0x69, 0x69, 0x69, 0x69, 0x0F, 0xD0, 0x0F, 0xD0, // mov [ vmt_endscene ], [ vmt_endscene_o ]
- // ; restore memory protection
- 0x50, // push eax
- 0xFF, 0x75, 0xFC, // push dword ptr[ ebp-4 ]
- 0x6A, 0x04, // push 4h
- 0x68, 0x69, 0x69, 0x69, 0x69, // push dword ptr[ vmt_endscene ]
- 0xFF, 0xD6, // call esi
- // ; call cheat entrypoint
- 0x6A, 0x00, // push 0h
- 0x6A, 0x01, // push 1h
- 0x68, 0xDE, 0xC0, 0xAD, 0xDE, // push dword ptr[ cheat_header ]
- 0xB8, 0x0D, 0xF0, 0xAD, 0xDE, // mov eax, dword ptr[ cheat_entry ]
- 0xFF, 0xD0, // call eax
- // clean_up:
- 0x5E, // pop esi
- 0x8B, 0xE5, // mov esp, ebp
- 0x5D, // pop ebp
- 0xC3 // retn
-};
-
int main( ) {
- //inject::c_pe_file file("test.bin");
+ inject::c_pe_file file("test.bin");
//file.test();
int result = g_server.init( );
|