4 files changed, 62 insertions, 39 deletions

diff --git a/loader/client/client_windows.cpp b/loader/client/client_windows.cpp
index 1753088..9795e17 100644
--- a/loader/client/client_windows.cpp
+++ b/loader/client/client_windows.cpp
@@ -1,6 +1,6 @@
-//moneybot client

-//written with love by

-//im friendly and boris

+// moneybot client

+// written with love by

+// im friendly and boris

 

 #include <Windows.h>

 #include <stdio.h>

@@ -44,21 +44,21 @@ int main( ) {
 	std::string ip = "127.0.0.1";

 	// std::cin >> ip;

 

-	//okay now this is epic

-	auto syscaller = std::make_shared<syscall::c_syscall_mgr>();

+	// okay now this is epic

+	auto syscaller = std::make_unique<syscall::c_syscall_mgr>();

 

 	if (!syscaller->start())

 		return 3;

 

 	// START.

-	client::c_connect c( ip.c_str( ) );

-	if( !c.setup( ) )

-		return 1;

-

-	if( !c.connect( ) )

-		return 2;

-

-	c.handle( );

+	//client::c_connect c( ip.c_str( ) );

+	//if( !c.setup( ) )

+	//	return 1;

+	//

+	//if( !c.connect( ) )

+	//	return 2;

+	//

+	//c.handle( );

 

 	system( "pause" );

 

diff --git a/loader/client/syscall.cpp b/loader/client/syscall.cpp
index 7257456..880eabf 100644
--- a/loader/client/syscall.cpp
+++ b/loader/client/syscall.cpp
@@ -2,10 +2,10 @@
 #include <vector>

 #include <fstream>

 

-//fuck balloon head

+// fuck balloon head

 namespace syscall {

-	uint8_t *c_syscall_mgr::load_ntdll() {
-		//load ntdll from disk
+	file_t c_syscall_mgr::load_ntdll() {
+		// load ntdll from disk
 		char path[MAX_PATH];
 		GetSystemDirectoryA(path, MAX_PATH);
 
@@ -14,7 +14,7 @@ namespace syscall {
 
 		FILE* file;
 		if (fopen_s(&file, ntdll_path.c_str(), "rb") != 0)
-			return nullptr;
+			return file_t{ nullptr, 0 };
 
 		fseek(file, 0, SEEK_END);
 		size_t ntdll_size = ftell(file);
@@ -24,16 +24,23 @@ namespace syscall {
 		fread(ntdll, ntdll_size, 1, file);
 		fclose(file);
 
-		return ntdll;

+		return file_t{ ntdll, ntdll_size };

 	}

 

 	bool c_syscall_mgr::start() {

-		uint8_t* ntdll = load_ntdll();
+		// thing
+		const auto ntdll_file = load_ntdll();
+
+		// other thing
+		const auto ntdll = ntdll_file.first;
+		const auto ntdll_size = ntdll_file.second;
+
 		if (!ntdll)
 			return false;
 
-		IMAGE_DOS_HEADER*     dos_header = (IMAGE_DOS_HEADER*)(&ntdll[0]);
-		IMAGE_NT_HEADERS*     nt_header = (IMAGE_NT_HEADERS*)(&ntdll[dos_header->e_lfanew]);
+		// read pe
+		IMAGE_DOS_HEADER* dos_header = (IMAGE_DOS_HEADER*)(&ntdll[0]);
+		IMAGE_NT_HEADERS* nt_header = (IMAGE_NT_HEADERS*)(&ntdll[dos_header->e_lfanew]);
 
 		if (dos_header->e_magic != IMAGE_DOS_SIGNATURE) {
 			delete[] ntdll;
@@ -45,6 +52,7 @@ namespace syscall {
 			return false;
 		}
 
+		// find section
 		IMAGE_SECTION_HEADER* section_header = (IMAGE_SECTION_HEADER*)(&ntdll[dos_header->e_lfanew + sizeof(IMAGE_NT_HEADERS)]);
 		uintptr_t export_rva = nt_header->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
 
@@ -54,15 +62,15 @@ namespace syscall {
 				delta = section_header[i].VirtualAddress - section_header[i].PointerToRawData;
 		}
 
-		//exports
+		// aaa exports
 		IMAGE_EXPORT_DIRECTORY* export_directory = (IMAGE_EXPORT_DIRECTORY*)(&ntdll[export_rva - delta]);
 
-		size_t number_of_functions = export_directory->NumberOfFunctions;
+		int number_of_functions = export_directory->NumberOfFunctions;
 		uintptr_t names = export_directory->AddressOfNames - delta;
 		uintptr_t funcs = export_directory->AddressOfFunctions - delta;
 		uintptr_t ords = export_directory->AddressOfNameOrdinals - delta;
-
-		for (size_t i = 0; i < number_of_functions; i++) {
+		int i = 0;
+		for (; i < number_of_functions; i++) {
 			uint32_t name_rva = *(uint32_t*)(&ntdll[names + i * sizeof(uint32_t)]) - delta;
 			char* name = (char*)(&ntdll[name_rva]);
 
@@ -70,27 +78,40 @@ namespace syscall {
 			uint32_t func_rva = *(uint32_t*)(&ntdll[funcs + ordinal * sizeof(uint32_t)]);
 
 			uint32_t func_delta = 0;
-			for (size_t j = 0; j < nt_header->FileHeader.NumberOfSections; j++) {
+			for (int j = 0; j < nt_header->FileHeader.NumberOfSections; j++) {
 				if (func_rva > section_header[j].VirtualAddress)
 					func_delta = section_header[j].VirtualAddress - section_header[j].PointerToRawData;
 			}
 
 			func_rva -= func_delta;
 
-			uint32_t code = *(uint32_t*)(&ntdll[func_rva + 0]);//crashes here?
+			// hAHAHAHAHAHAHAHAHHAHA
+			// okay this isn't code genius
+			//if (m_syscalls.size() >= 865)
+			//	break;
+
+			// okay now this is epic
+			const auto offset = (uintptr_t)ntdll + func_rva;
+			const auto ntdll_bound = (uintptr_t)ntdll + ntdll_size;
+
+			if (offset >= ntdll_bound)
+				break;
+
+			uint32_t code = *(uint32_t*)(&ntdll[func_rva + 0]);
 			uint32_t index = *(uint32_t*)(&ntdll[func_rva + 4]);
 
-			//syscall
-			if (code == 0xB8D18B4C)
-			{
+			// syscall
+			if (code == 0xB8D18B4C) {
 				m_syscalls[hash::fnv1a(name)].set_index(index);
+				printf("n:%s h:%08x i:%08x\n", name, hash::fnv1a(name), index);
 			}
 		}
 
 		delete[] ntdll;
 
-		// check if we succesfully got the syscalls
+		// check if we successfully got the syscalls
 		hash_t hash = fnv("ZwWriteVirtualMemory");
+
 		if (m_syscalls.find(hash) != m_syscalls.end())
 			return m_syscalls[hash].validate();
 
diff --git a/loader/client/syscall.hpp b/loader/client/syscall.hpp
index 55135ca..64121f2 100644
--- a/loader/client/syscall.hpp
+++ b/loader/client/syscall.hpp
@@ -8,7 +8,7 @@
 #include "strings.hpp"

 

 namespace syscall {

-	//stub for calling the syscalls

+	// stub for calling the syscalls

 	class c_syscall_stub {

 		uint8_t m_stub[11] = {

 			0x4c, 0x8b, 0xd1,				// mov r10, rcx

@@ -21,7 +21,7 @@ namespace syscall {
 		void set_index(uint32_t index) {

 			unsigned long old;

 			if (VirtualProtect(m_stub, sizeof m_stub, PAGE_EXECUTE_READWRITE, &old)) {

-				//okay now this is epic

+				// okay now this is epic

 				*(uint32_t*)(&m_stub[4]) = index;

 			}

 		}

@@ -35,11 +35,13 @@ namespace syscall {
 		}

 	};

 

-	//syscaller

+	// syscaller

+	using file_t = std::pair< uint8_t *, size_t >;

+

 	class c_syscall_mgr {

 		std::map< hash_t, c_syscall_stub > m_syscalls;

-	

-		uint8_t *load_ntdll();

+

+		file_t load_ntdll();

 	public:

 		bool start();

 

diff --git a/loader/server/server_windows.cpp b/loader/server/server_windows.cpp
index fe6b572..78ac748 100644
--- a/loader/server/server_windows.cpp
+++ b/loader/server/server_windows.cpp
@@ -1,6 +1,6 @@
-//moneybot server

-//written with love by

-//im friendly and boris

+// moneybot server

+// written with love by

+// im friendly and boris

 

 #ifdef WIN64

 #include <Windows.h>