diff options
Diffstat (limited to 'csgo-loader/csgo-client/Client.cpp')
| -rw-r--r-- | csgo-loader/csgo-client/Client.cpp | 55 |
1 files changed, 31 insertions, 24 deletions
diff --git a/csgo-loader/csgo-client/Client.cpp b/csgo-loader/csgo-client/Client.cpp index 05ceb0b..d7b266f 100644 --- a/csgo-loader/csgo-client/Client.cpp +++ b/csgo-loader/csgo-client/Client.cpp @@ -1,23 +1,11 @@ #include <Client.hpp>
/*
- TODO:
- - Finish off shellcode execution wrapper:
- - The shellcode can be executed via two ways
- - Either the code is mapped and called via CreateRemoteThread (allows custom param)
- - or the code is mapped and called via DX9 (does not allow custom param)
- - This will probably be the easiest thing to do.
-
--nave note:
you don't need any custom params
it's entirely pointless, we can use a wiped PE header to pass all the data we need
plus passing shit via dllmain is too obvious anyway, dumb idea
- - Finish off injection wrapper:
- - Allocate every memory page as a bunch of consecutive 4kb sections (in order to fuck with people trying to dump)
-
- - Have the loader inject a .DLL :^)
-
--nave note 2:
what you haven't done and what will completely fuck us up if anyone competent gets the loader:
loading the binary directly via the loader itself is completely stupid and unreasonable
@@ -46,11 +34,7 @@ int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow) Utils::OpenConsole();
);
- ///////////////////////////////////////////////////////////////
-
- //VMProtectBeginMutation("EntryPoint");
-
- ///////////////////////////////////////////////////////////////
+ //////////////////////////////////////////////////////////////////////////////////////////
// Create a thread to handle UI.
std::thread WindowThread([]
@@ -64,6 +48,8 @@ int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow) while(!UserInterface->m_Data.m_Ready) { Sleep(1); }
+ //////////////////////////////////////////////////////////////////////////////////////////
+
// Initialize the syscall manager.
if(!Syscalls->Start())
ERROR_ASSERT(STR("[000F:00001B00] Failed to initialize. Please contact an administrator."));
@@ -80,11 +66,20 @@ int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow) printf("[DEBUG] Server IP: %08x\n", inet_addr("35.165.60.229"));
);
+ //////////////////////////////////////////////////////////////////////////////////////////
+
+ // Connect to server.
Networking::TCPClientPtr Client = std::make_unique<Networking::TCPClient>();
if(!Client->Start(LOCAL_IP, SERVER_PORT))
ERROR_ASSERT(STR("[000F:0002A000] Server closed the connection unexpectedly."));
+ // Header for Client.
+ ByteArray Header{ 0x0A, 0x31, 0x42, 0x4D };
+ Client->SendRawBytes(Header);
+
+ //////////////////////////////////////////////////////////////////////////////////////////
+
// Allow the user to input their log-in data.
UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_LOG_IN;
@@ -100,17 +95,29 @@ int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow) if(!LoginTransaction.TranslateResponse(LoginResponse))
ExitProcess(0);
- // Allow the user to choose a cheat to inject.
- UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_CHOOSE;
+ // Echo back to server.
+ Client->SendBytes(LoginResponse);
+
+ //////////////////////////////////////////////////////////////////////////////////////////
+
+ // Receive loader module.
+ ByteArray LdrModule = Client->ReceiveBytes();
+
+ // Map loader module.
+ RemoteCode::RemoteProcess Process;
- // TODO: Add game selection.
- while(1) { if(GetAsyncKeyState(VK_END) & 0x8000) break; Sleep(1); }
+ if(!Process.Start(STR("explorer.exe")))
+ ExitProcess(0);
- ///////////////////////////////////////////////////////////////
+ RemoteCode::RemoteMapper Mapper;
- //VMProtectEnd();
+ if(!Mapper.Start(Process))
+ ExitProcess(0);
- ///////////////////////////////////////////////////////////////
+ if(!Mapper.WriteCodeToMap(LdrModule))
+ ExitProcess(0);
+
+ Mapper.ExecuteCodeFromMap();
}
#pragma optimize("", on)
\ No newline at end of file |