diff options
| author | boris <wzn@moneybot.cc> | 2018-11-29 19:23:17 +1300 |
|---|---|---|
| committer | boris <wzn@moneybot.cc> | 2018-11-29 19:23:17 +1300 |
| commit | 9614edaa8ccab6be1980b6ef25a971c8874f80fa (patch) | |
| tree | aab577cf706059c0546b95fba3c85220d222b4da /loader/server | |
| parent | 5cfdfbf7d0436a54739d210e2acd097be58188de (diff) | |
yayo
Diffstat (limited to 'loader/server')
| -rw-r--r-- | loader/server/server_windows.cpp | 59 |
1 files changed, 52 insertions, 7 deletions
diff --git a/loader/server/server_windows.cpp b/loader/server/server_windows.cpp index 78ac748..34a4979 100644 --- a/loader/server/server_windows.cpp +++ b/loader/server/server_windows.cpp @@ -23,22 +23,67 @@ server::c_server g_server;
-int main( ) {
- std::thread listen_thread;
+// boris note:
+// i spent most of today working on getting the manual mapping code to work (i'll put it here once it does)
+// and i had to get this thing off my head, which is v epic
+// give it a read and see what i mean
+// we can abuse this for basically any other dx9 based game
+// hopefully this will be assembled on server and sent off to client to trigger as entrypoint
+// rather than the relocation code we would usually run on client with crappy manual mappers
+// also:
+// manual mapper will be written with a server/client approach in mind, it will be very easy to split the
+// two apart once it's ready for implementation. i'll tell u about it in pms if you really want to know
+uint8_t shellcode[] = {
+ 0x55, // push ebp
+ 0x8B, 0xEC, // mov ebp, esp
+ 0x51, // push ecx
+ 0x56, // push esi
+ 0x8D, 0x45, 0xFC, // lea eax, dword ptr[ ebp-4 ]
+ 0xC7, 0x45, 0xFC, 0x00, 0x00, 0x00, 0x00, // mov dword ptr[ ebp-4 ], 0
+ // ; remove memory protection so we can write
+ 0x50, // push eax
+ 0x6A, 0x40, // push 40h
+ 0x6A, 0x04, // push 4h
+ 0x68, 0x69, 0x69, 0x69, 0x69, // push dword ptr[ vmt_endscene ]
+ 0xBE, 0xEF, 0xBE, 0xAD, 0xDE, // mov esi, dword ptr[ virtual_protect ]
+ 0xFF, 0xD6, // call esi
+ 0x84, 0xC0, // test al, al
+ 0x74, 0x2A, // jz clean_up
+ 0x8D, 0x45, 0xFC, // lea eax, dword ptr[ ebp-4 ]
+ // ; restore endscene ptr
+ 0xC7, 0x05, 0x69, 0x69, 0x69, 0x69, 0x0F, 0xD0, 0x0F, 0xD0, // mov [ vmt_endscene ], [ vmt_endscene_o ]
+ // ; restore memory protection
+ 0x50, // push eax
+ 0xFF, 0x75, 0xFC, // push dword ptr[ ebp-4 ]
+ 0x6A, 0x04, // push 4h
+ 0x68, 0x69, 0x69, 0x69, 0x69, // push dword ptr[ vmt_endscene ]
+ 0xFF, 0xD6, // call esi
+ // ; call cheat entrypoint
+ 0x6A, 0x00, // push 0h
+ 0x6A, 0x01, // push 1h
+ 0x68, 0xDE, 0xC0, 0xAD, 0xDE, // push dword ptr[ cheat_header ]
+ 0xB8, 0x0D, 0xF0, 0xAD, 0xDE, // mov eax, dword ptr[ cheat_entry ]
+ 0xFF, 0xD0, // call eax
+ // clean_up:
+ 0x5E, // pop esi
+ 0x8B, 0xE5, // mov esp, ebp
+ 0x5D, // pop ebp
+ 0xC3 // retn
+};
+int main( ) {
int result = g_server.init( );
if( !result ) {
- //listen_thread = std::thread( [ ]( ) { while( 1 ) { g_server.listen( ); } } );
- //listen_thread.detach( );
-
while( true ) {
g_server.listen( );
//Sleep( 1 );
}
}
- else
+
+ // yas
+ if(result)
printf( "server init error (%d)\n", result );
-
+
system( "pause" );
return 0;
}
|