diff options
Diffstat (limited to 'csgo-loader/csgo-client')
| -rw-r--r-- | csgo-loader/csgo-client/Client.cpp | 55 | ||||
| -rw-r--r-- | csgo-loader/csgo-client/Client.hpp | 5 | ||||
| -rw-r--r-- | csgo-loader/csgo-client/Login/RemoteLogin.cpp | 3 | ||||
| -rw-r--r-- | csgo-loader/csgo-client/Networking/TCPClient.cpp | 4 | ||||
| -rw-r--r-- | csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp | 69 | ||||
| -rw-r--r-- | csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp | 33 | ||||
| -rw-r--r-- | csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp | 6 | ||||
| -rw-r--r-- | csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp | 69 | ||||
| -rw-r--r-- | csgo-loader/csgo-client/RemoteCode/RemoteMapper.cpp | 139 | ||||
| -rw-r--r-- | csgo-loader/csgo-client/RemoteCode/RemoteMapper.hpp | 26 | ||||
| -rw-r--r-- | csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp | 2 | ||||
| -rw-r--r-- | csgo-loader/csgo-client/RemoteCode/RemoteProcess.hpp | 10 | ||||
| -rw-r--r-- | csgo-loader/csgo-client/Security/RuntimeSecurity.cpp | 113 | ||||
| -rw-r--r-- | csgo-loader/csgo-client/csgo-client.vcxproj | 6 | ||||
| -rw-r--r-- | csgo-loader/csgo-client/csgo-client.vcxproj.filters | 18 |
15 files changed, 268 insertions, 290 deletions
diff --git a/csgo-loader/csgo-client/Client.cpp b/csgo-loader/csgo-client/Client.cpp index 05ceb0b..d7b266f 100644 --- a/csgo-loader/csgo-client/Client.cpp +++ b/csgo-loader/csgo-client/Client.cpp @@ -1,23 +1,11 @@ #include <Client.hpp>
/*
- TODO:
- - Finish off shellcode execution wrapper:
- - The shellcode can be executed via two ways
- - Either the code is mapped and called via CreateRemoteThread (allows custom param)
- - or the code is mapped and called via DX9 (does not allow custom param)
- - This will probably be the easiest thing to do.
-
--nave note:
you don't need any custom params
it's entirely pointless, we can use a wiped PE header to pass all the data we need
plus passing shit via dllmain is too obvious anyway, dumb idea
- - Finish off injection wrapper:
- - Allocate every memory page as a bunch of consecutive 4kb sections (in order to fuck with people trying to dump)
-
- - Have the loader inject a .DLL :^)
-
--nave note 2:
what you haven't done and what will completely fuck us up if anyone competent gets the loader:
loading the binary directly via the loader itself is completely stupid and unreasonable
@@ -46,11 +34,7 @@ int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow) Utils::OpenConsole();
);
- ///////////////////////////////////////////////////////////////
-
- //VMProtectBeginMutation("EntryPoint");
-
- ///////////////////////////////////////////////////////////////
+ //////////////////////////////////////////////////////////////////////////////////////////
// Create a thread to handle UI.
std::thread WindowThread([]
@@ -64,6 +48,8 @@ int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow) while(!UserInterface->m_Data.m_Ready) { Sleep(1); }
+ //////////////////////////////////////////////////////////////////////////////////////////
+
// Initialize the syscall manager.
if(!Syscalls->Start())
ERROR_ASSERT(STR("[000F:00001B00] Failed to initialize. Please contact an administrator."));
@@ -80,11 +66,20 @@ int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow) printf("[DEBUG] Server IP: %08x\n", inet_addr("35.165.60.229"));
);
+ //////////////////////////////////////////////////////////////////////////////////////////
+
+ // Connect to server.
Networking::TCPClientPtr Client = std::make_unique<Networking::TCPClient>();
if(!Client->Start(LOCAL_IP, SERVER_PORT))
ERROR_ASSERT(STR("[000F:0002A000] Server closed the connection unexpectedly."));
+ // Header for Client.
+ ByteArray Header{ 0x0A, 0x31, 0x42, 0x4D };
+ Client->SendRawBytes(Header);
+
+ //////////////////////////////////////////////////////////////////////////////////////////
+
// Allow the user to input their log-in data.
UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_LOG_IN;
@@ -100,17 +95,29 @@ int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow) if(!LoginTransaction.TranslateResponse(LoginResponse))
ExitProcess(0);
- // Allow the user to choose a cheat to inject.
- UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_CHOOSE;
+ // Echo back to server.
+ Client->SendBytes(LoginResponse);
+
+ //////////////////////////////////////////////////////////////////////////////////////////
+
+ // Receive loader module.
+ ByteArray LdrModule = Client->ReceiveBytes();
+
+ // Map loader module.
+ RemoteCode::RemoteProcess Process;
- // TODO: Add game selection.
- while(1) { if(GetAsyncKeyState(VK_END) & 0x8000) break; Sleep(1); }
+ if(!Process.Start(STR("explorer.exe")))
+ ExitProcess(0);
- ///////////////////////////////////////////////////////////////
+ RemoteCode::RemoteMapper Mapper;
- //VMProtectEnd();
+ if(!Mapper.Start(Process))
+ ExitProcess(0);
- ///////////////////////////////////////////////////////////////
+ if(!Mapper.WriteCodeToMap(LdrModule))
+ ExitProcess(0);
+
+ Mapper.ExecuteCodeFromMap();
}
#pragma optimize("", on)
\ No newline at end of file diff --git a/csgo-loader/csgo-client/Client.hpp b/csgo-loader/csgo-client/Client.hpp index 0f05a34..79f0a17 100644 --- a/csgo-loader/csgo-client/Client.hpp +++ b/csgo-loader/csgo-client/Client.hpp @@ -7,6 +7,8 @@ #define SERVER_IP 0xE53CA523 // Hexadecimal representation of the server IP, obtained by inet_addr()
#define SERVER_PORT 0xF2C // Hexadecimal representation of the server port.
+#define CLIENT_HEADER 0x4D42310A
+
// Security features (these will be initialised and ran
// first, failure will terminate loader execution).
#include <Security/RuntimeSecurity.hpp>
@@ -20,8 +22,7 @@ #include <Login/RemoteLogin.hpp>
#include <RemoteCode/RemoteProcess.hpp>
-#include <RemoteCode/RemoteInjectionClient.hpp>
-#include <RemoteCode/RemoteCodeClient.hpp>
+#include <RemoteCode/RemoteMapper.hpp>
// It looked nasty in Client.cpp, so I'm putting it here.
namespace Utils
diff --git a/csgo-loader/csgo-client/Login/RemoteLogin.cpp b/csgo-loader/csgo-client/Login/RemoteLogin.cpp index 4a46da3..2385ab5 100644 --- a/csgo-loader/csgo-client/Login/RemoteLogin.cpp +++ b/csgo-loader/csgo-client/Login/RemoteLogin.cpp @@ -55,6 +55,9 @@ namespace Login bool RemoteLoginTransaction::TranslateResponse(ByteArray &RawResponse)
{
+ if(RawResponse.empty())
+ return false;
+
RemoteLoginResponse ServerResponse = *(RemoteLoginResponse *)&RawResponse[0];
WRAP_IF_DEBUG(
diff --git a/csgo-loader/csgo-client/Networking/TCPClient.cpp b/csgo-loader/csgo-client/Networking/TCPClient.cpp index c974f88..2ff5095 100644 --- a/csgo-loader/csgo-client/Networking/TCPClient.cpp +++ b/csgo-loader/csgo-client/Networking/TCPClient.cpp @@ -144,12 +144,12 @@ namespace Networking if(EncryptionKey.empty())
return false;
+ std::memcpy(m_EncryptionKey, EncryptionKey.data(), EncryptionKey.size());
+
WRAP_IF_DEBUG(
printf("[DEBUG] Server handshake successful!\n");
)
- std::memcpy(m_EncryptionKey, EncryptionKey.data(), EncryptionKey.size());
-
return true;
}
diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp b/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp deleted file mode 100644 index 21d7851..0000000 --- a/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp +++ /dev/null @@ -1,69 +0,0 @@ -#include <RemoteCode/RemoteCodeClient.hpp>
-
-namespace RemoteCode
-{
- uint8_t ShellcodeStub[] = {
- 0x55,
- 0x8B, 0xEC,
- 0x56,
- 0x8B, 0x75, 0x08,
- 0x57,
- 0x80, 0x3E, 0x00,
- 0x74, 0x2F,
- 0x8B, 0x7E, 0x14,
- 0x8D, 0x45, 0x08,
- 0x50,
- 0x8B, 0x46, 0x18,
- 0x81, 0xC7, 0xA8, 0x00, 0x00, 0x00,
- 0x6A, 0x40,
- 0x6A, 0x04,
- 0x57,
- 0xFF, 0xD0,
- 0x84, 0xC0,
- 0x74, 0x4D,
- 0x8B, 0x46, 0x10,
- 0x89, 0x07,
- 0x8D, 0x45, 0x08,
- 0x50,
- 0xFF, 0x75, 0x08,
- 0x8B, 0x46, 0x18,
- 0x6A, 0x04,
- 0x57,
- 0xFF, 0xD0,
-
- 0x8B, 0x46, 0x08,
- 0x85, 0xC0,
- 0x74, 0x09,
- 0x6A, 0x00,
- 0x6A, 0x01,
- 0xFF, 0x76, 0x04,
- 0xFF, 0xD0,
-
- 0x53,
- 0x8B, 0x5E, 0x0C,
- 0x85, 0xDB,
- 0x74, 0x20,
- 0x8B, 0x5B, 0x0C,
- 0x33, 0xFF,
- 0x8B, 0x03,
- 0x85, 0xC0,
- 0x74, 0x15,
- 0x90,
-
- 0x6A, 0x00,
- 0x6A, 0x01,
- 0xFF, 0x76, 0x04,
- 0xFF, 0xD0,
- 0x8B, 0x44, 0xBB, 0x04,
- 0x8D, 0x7F, 0x01,
- 0x85, 0xC0,
- 0x75, 0xEC,
-
- 0x5B,
-
- 0x5F,
- 0x5E,
- 0x5D,
- 0xC2, 0x04, 0x00
- };
-}
\ No newline at end of file diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp b/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp deleted file mode 100644 index 84021c6..0000000 --- a/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp +++ /dev/null @@ -1,33 +0,0 @@ -#pragma once
-
-#include <RemoteCode/RemoteProcess.hpp>
-
-namespace RemoteCode
-{
- class RemoteCodeClient
- {
- using MemProtect = bool(__stdcall *)(void *, size_t, uint32_t, uint32_t *);
-
- struct ShellcodeParameters
- {
- // Specifies whether or not the thread hijacking
- // exploit will be used for code execution.
- uint8_t m_ThreadExploit;
-
- // Address of the module allocation base
- uintptr_t m_AllocationBase;
-
- // Specifies the entry-point / optional TLS directory
- // to invoke.
- uintptr_t m_EntryPoint;
- uintptr_t m_TlsDirectory;
-
- // Thread hijacking (original address & VMT)
- uintptr_t m_ThreadOriginal;
- uintptr_t m_ThreadVirtual;
-
- // Function parameters that will be passed
- MemProtect m_ProtectMemory;
- };
- };
-}
\ No newline at end of file diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp b/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp deleted file mode 100644 index 01f52be..0000000 --- a/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp +++ /dev/null @@ -1,6 +0,0 @@ -#include <RemoteCode/RemoteInjectionClient.hpp>
-
-namespace RemoteCode
-{
-
-}
\ No newline at end of file diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp b/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp deleted file mode 100644 index 2e5d216..0000000 --- a/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp +++ /dev/null @@ -1,69 +0,0 @@ -#pragma once
-
-#include <RemoteCode/RemoteProcess.hpp>
-#include <UserExperience/UserInterface.hpp>
-
-namespace RemoteCode
-{
- // Used for TransactionStart
- using ImportedModule = char[64];
- using ImportList = std::vector<ImportedModule>;
-
- // Used for TransactionContinue
- struct ExportedFunction
- {
- // I've never seen modules / functions with names
- // that were larger than 64 characters.
- char m_Module[64];
- char m_Function[64];
-
- // Address of exported module / function
- uintptr_t m_ModuleAddress;
- uintptr_t m_FunctionAddress;
- };
-
- using ExportList = std::vector<ExportedFunction>;
-
- // Used for TransactionCommit
- struct RemoteInjectionHeader
- {
- // Used to decrypt the cheat header (first 1000 bytes of image sent back).
- uint8_t m_HeaderKey;
-
- // Used to call entrypoint/TLS callbacks.
- uintptr_t m_EntryPoint;
- uintptr_t m_TlsDirectory;
- };
-
- struct RemoteInjectionCode
- {
- RemoteInjectionHeader m_Header;
-
- // Actual injection code.
- ByteArray m_Code;
- };
-
- // Implementation of client mapping code
- class RemoteInjectionClient
- {
- RemoteInjectionHeader m_Header;
- RemoteProcess m_Process;
-
- public:
- // Receive hash of selected cheat.
- // Reply with size of image to allocate.
- ByteArray Start(ByteArray &Response);
-
- // Receive client header, send over list of imported functions
- ByteArray TransactionStart(ByteArray &Response);
-
- // Receive list of modules & export addresses
- ByteArray TransactionContinue(ByteArray &Response);
-
- // Write the file to the
- void TransactionCommit(ByteArray &Response);
-
- RemoteProcess GetProcess() { return m_Process; }
- RemoteInjectionHeader GetHeader() { return m_Header; }
- };
-}
\ No newline at end of file diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteMapper.cpp b/csgo-loader/csgo-client/RemoteCode/RemoteMapper.cpp new file mode 100644 index 0000000..7b72550 --- /dev/null +++ b/csgo-loader/csgo-client/RemoteCode/RemoteMapper.cpp @@ -0,0 +1,139 @@ +#include <RemoteCode/RemoteMapper.hpp>
+
+namespace RemoteCode
+{
+ bool RemoteMapper::Start(RemoteProcess Process)
+ {
+ m_Process = Process;
+ return true;
+ }
+
+ bool RemoteMapper::WriteCodeToMap(ByteArray Code)
+ {
+ // Check if the PE file is valid.
+ /*uint8_t *Buffer = Code.data();
+ IMAGE_DOS_HEADER *DosHeader = (IMAGE_DOS_HEADER *)Buffer;
+
+ if(!DosHeader || DosHeader->e_magic != IMAGE_DOS_SIGNATURE)
+ return false;
+
+ IMAGE_NT_HEADERS *NtHeaders = (IMAGE_NT_HEADERS *)(Buffer + DosHeader->e_lfanew);
+
+ if(!NtHeaders || NtHeaders->Signature != IMAGE_NT_SIGNATURE)
+ return false;
+
+ WRAP_IF_DEBUG(
+ printf("[DEBUG] PE file validated!\n");
+ );
+
+ IMAGE_SECTION_HEADER *Sections = (IMAGE_SECTION_HEADER *)((uintptr_t)&NtHeaders->OptionalHeader + NtHeaders->FileHeader.SizeOfOptionalHeader);
+
+ if(!Sections)
+ return false;
+
+ // Allocate map in process.
+ m_Map = m_Process.Allocate(Code.size());
+
+ if(!m_Map)
+ return false;
+
+ // Ghetto workaround so heap doesn't get corrupted (i'm lazy)
+ size_t SizeOfCode = Code.size();
+ m_Mapped = new uint8_t[SizeOfCode];
+
+ uint16_t SectionCount = NtHeaders->FileHeader.NumberOfSections;
+
+ // Write each section to the process.
+ for(uint16_t n{}; n < SectionCount; n++)
+ {
+ uint32_t VirtualAddress = Sections[n].VirtualAddress;
+ uint32_t PointerToData = Sections[n].PointerToRawData;
+ uint32_t SizeOfData = Sections[n].SizeOfRawData;
+
+ WRAP_IF_DEBUG(
+ printf("[DEBUG] Writing PE section #%d!\n", n);
+ printf("[DEBUG] Virtual address: 0x%x\n", VirtualAddress);
+ printf("[DEBUG] Pointer to data: 0x%x\n", PointerToData);
+ printf("[DEBUG] Size of data : %d bytes\n", SizeOfData);
+ );
+
+ // Write the data to map.
+ uint8_t *Data = (uint8_t *)((uintptr_t)Buffer + PointerToData);
+ void *ImageRva = (void *)((uintptr_t)&m_Mapped[0] + VirtualAddress);
+
+ std::memcpy(ImageRva, Data, SizeOfData);
+ }
+
+ // Copy over the PE header (temporarily).
+ uint32_t SizeOfHeaders = NtHeaders->OptionalHeader.SizeOfHeaders;
+ std::memcpy(&m_Mapped[0], Buffer, SizeOfHeaders);
+
+ WRAP_IF_DEBUG(
+ printf("[DEBUG] Successfully copied over PE header!\n");
+ printf("[DEBUG] Relocating image...\n");
+ );
+
+ // Relocate the image.
+ IMAGE_BASE_RELOCATION *Reloc = (IMAGE_BASE_RELOCATION *)(&m_Mapped[0] + NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress);
+
+ uintptr_t ImageDelta = (uintptr_t)m_Map - NtHeaders->OptionalHeader.ImageBase;
+
+ while(Reloc->SizeOfBlock > 0)
+ {
+ // address in binary where we need to relocate an address used by code
+ uintptr_t RelocationAddress = (uintptr_t)&m_Mapped[Reloc->VirtualAddress];
+ uintptr_t RelocationDataAddress = (uintptr_t)Reloc + sizeof IMAGE_BASE_RELOCATION;
+ size_t RelocationCount = (Reloc->SizeOfBlock - sizeof IMAGE_BASE_RELOCATION) / sizeof uint16_t;
+
+ for(size_t i = 0; i < RelocationCount; i++)
+ {
+ uint16_t RelocationData = *(uint16_t *)(RelocationDataAddress + sizeof uint16_t * i);
+ uint16_t RelocationType = RelocationData >> 12;
+ uint16_t RelocationOffset = RelocationData & 0x0FFF;
+
+ WRAP_IF_DEBUG(
+ printf("[DEBUG] Processing relocation at %llx!\n", RelocationAddress + RelocationOffset);
+ );
+
+ switch(RelocationType)
+ {
+ case IMAGE_REL_BASED_MIPS_JMPADDR:
+ case IMAGE_REL_BASED_HIGH:
+ case IMAGE_REL_BASED_LOW:
+ case IMAGE_REL_BASED_HIGHLOW:
+ {
+ *(uint32_t*)(RelocationAddress + RelocationOffset) += ImageDelta;
+ break;
+ }
+
+ case IMAGE_REL_BASED_ABSOLUTE:
+ default:
+ break;
+ };
+ }
+
+ Reloc = (IMAGE_BASE_RELOCATION*)((uintptr_t)Reloc + Reloc->SizeOfBlock);
+ }
+
+ // Cripple the entire PE header.
+ std::memset(&m_Mapped[0], 0, SizeOfHeaders);
+
+ WRAP_IF_DEBUG(
+ printf("[DEBUG] Successfully crippled PE header!\n");
+ );
+
+ // Write the mapped image to the process.
+ m_Process.Write(m_Map, &m_Mapped[0], Code.size());*/
+
+ return true;
+ }
+
+ bool RemoteMapper::ExecuteCodeFromMap()
+ {
+ WRAP_IF_DEBUG(
+ printf("[DEBUG] Executing payload!\n");
+ )
+
+ return true;
+ }
+}
\ No newline at end of file diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteMapper.hpp b/csgo-loader/csgo-client/RemoteCode/RemoteMapper.hpp new file mode 100644 index 0000000..21eb569 --- /dev/null +++ b/csgo-loader/csgo-client/RemoteCode/RemoteMapper.hpp @@ -0,0 +1,26 @@ +#pragma once
+
+#include <RemoteCode/RemoteProcess.hpp>
+
+namespace RemoteCode
+{
+ class RemoteMapper
+ {
+ RemoteProcess m_Process;
+ uint8_t *m_Mapped;
+
+ void *m_Map;
+
+ public:
+ RemoteMapper() = default;
+
+ // Copy process & shellcode to class.
+ bool Start(RemoteProcess Process);
+
+ // Writes code to process in allocated page.
+ bool WriteCodeToMap(ByteArray Code);
+
+ // Calls shellcode to call the library ;D
+ bool ExecuteCodeFromMap();
+ };
+}
\ No newline at end of file diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp b/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp index 1bbfed0..a6b90d4 100644 --- a/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp +++ b/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp @@ -30,7 +30,7 @@ namespace RemoteCode m_Process = OpenProcess(PROCESS_ALL_ACCESS, false, ProcessEntry.th32ProcessID);
WRAP_IF_DEBUG(
- printf("[DEBUG] Found process \"%s\" -> %p", ProcessEntry.szExeFile, m_Process);
+ printf("[DEBUG] Found process \"%s\" -> %p\n", ProcessEntry.szExeFile, m_Process);
);
if(!m_Process)
diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteProcess.hpp b/csgo-loader/csgo-client/RemoteCode/RemoteProcess.hpp index a58320f..5fb3c75 100644 --- a/csgo-loader/csgo-client/RemoteCode/RemoteProcess.hpp +++ b/csgo-loader/csgo-client/RemoteCode/RemoteProcess.hpp @@ -48,11 +48,11 @@ namespace RemoteCode }
// Release the handle when the process goes out of scope.
- ~RemoteProcess()
- {
- if(m_Process)
- CloseHandle(m_Process);
- }
+ //~RemoteProcess()
+ //{
+ // if(m_Process)
+ // CloseHandle(m_Process);
+ //}
// Find the process ID and initialise the process.
bool Start(const char *ProcessName);
diff --git a/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp b/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp index 6054790..bfe45c5 100644 --- a/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp +++ b/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp @@ -92,9 +92,7 @@ namespace Security // Let's meme anyone who tries to reverse this.
if(ReturnModule != LoaderModule)
- {
return []() { Protection->SecurityCallback(STR("Malicious activity [Tampering].")); return -1; }();
- }
// Call original function
return oWSARecv(Socket, Buffer, Length, Flags);
@@ -115,9 +113,7 @@ namespace Security // Let's meme anyone who tries to reverse this.
if(ReturnModule != LoaderModule)
- {
return []() { Protection->SecurityCallback(STR("Malicious activity [Tampering].")); return -1; }();
- }
// Call original function
return oWSASend(Socket, Buffer, Length, Flags);
@@ -129,9 +125,9 @@ namespace Security ///////////////////////////////////////////////////////////
// Sick macros, retard.
-#define CreateMinHook() MH_STATUS Status; Status = MH_Initialize();
-#define CheckStatus() if(Status != MH_OK) { return false; }
-#define SafeCallTo(Function) Status = Function; CheckStatus();
+ #define CreateMinHook() MH_STATUS Status; Status = MH_Initialize();
+ #define CheckStatus() if(Status != MH_OK) { return false; }
+ #define SafeCallTo(Function) Status = Function; CheckStatus();
#pragma optimize("", off)
@@ -266,8 +262,6 @@ namespace Security for(auto &It : BlackListedWindows)
{
- // size_t Index = std::distance(...);
-
if(FindWindowA(It.first, It.second))
SecurityCallback(STR("Malicious activity [Debugging attempt]."));
}
@@ -291,7 +285,8 @@ namespace Security STR("NPF"), // WireShark / WinPCAP
STR("acker"), // Process Hacker
STR("CEDRI"), // Cheat Engine
- //STR("VBox") // VirtualBox
+ STR("nHide"), // TitanHide
+ //STR("VBox") // VirtualBox
};
static const char *BlackListReasons[] = {
@@ -299,7 +294,8 @@ namespace Security STR("Please uninstall WireShark."),
STR("Please close Process Hacker."),
STR("Please close Cheat Engine."),
- STR("Please uninstall VirtualBox.")
+ STR("Please uninstall TitanHide."),
+ //STR("Please uninstall VirtualBox.")
};
uint16_t Length = sizeof BlackListedDrivers / sizeof(BlackListedDrivers[0]);
@@ -357,14 +353,6 @@ namespace Security if(m_Identifier.m_SpecialMode[TEST_BUILD_MODE])
SecurityCallback(STR("Malicious activity [Plausible]."));
- // Check if the file was unpacked.
- //if(!VMProtectIsProtected())
- // SecurityCallback(STR("Malicious activity [Tampering]."));
-
- // Check if the image in memory was partially unpacked or patched.
- //if(!VMProtectIsValidImageCRC())
- // SecurityCallback(STR("Malicious activity [Tampering]."));
-
// Don't put too much stress on the CPU.
Sleep(1);
}
@@ -380,50 +368,49 @@ namespace Security constexpr uintptr_t KUSER_SHARED_DATA = 0x7FFE0000;
- __forceinline uint64_t get_hdd_hash() { - STORAGE_PROPERTY_QUERY query{ }; - STORAGE_DESCRIPTOR_HEADER desc_header{ }; - STORAGE_DEVICE_DESCRIPTOR* device_descriptor{ }; - HANDLE device; - DWORD bytes_returned; - uint8_t* out_buffer; - - const wchar_t* device_path = L"\\??\\PhysicalDrive0"; - device = CreateFileA("\\\\.\\PhysicalDrive0", 0, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0); - if(!device) return uint64_t{ }; - - query.PropertyId = StorageDeviceProperty; - query.QueryType = PropertyStandardQuery; - - if(!DeviceIoControl(device, IOCTL_STORAGE_QUERY_PROPERTY, - &query, sizeof(STORAGE_PROPERTY_QUERY), - &desc_header, sizeof(STORAGE_DESCRIPTOR_HEADER), - &bytes_returned, 0)) { - return uint64_t{ }; - } - - out_buffer = new uint8_t[desc_header.Size]; - memset(out_buffer, 0, desc_header.Size); - - if(!DeviceIoControl(device, IOCTL_STORAGE_QUERY_PROPERTY, - &query, sizeof(STORAGE_PROPERTY_QUERY), - out_buffer, desc_header.Size, - &bytes_returned, 0)) { - delete[] out_buffer; - return uint64_t{ }; - } - - device_descriptor = (STORAGE_DEVICE_DESCRIPTOR*)out_buffer; - if(device_descriptor->SerialNumberOffset) { - std::string serial_num = reinterpret_cast<const char*>( - out_buffer + device_descriptor->SerialNumberOffset); - - delete[] out_buffer; - CloseHandle(device); - return fnv::hash_runtime(serial_num.c_str()); - } - - return 0; + __forceinline uint64_t get_hdd_hash() {
+ STORAGE_PROPERTY_QUERY query{ };
+ STORAGE_DESCRIPTOR_HEADER desc_header{ };
+ STORAGE_DEVICE_DESCRIPTOR* device_descriptor{ };
+ HANDLE device;
+ DWORD bytes_returned;
+ uint8_t* out_buffer;
+
+ device = CreateFileA(STR("\\\\.\\PhysicalDrive0"), 0, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0);
+ if(!device) return uint64_t{ };
+
+ query.PropertyId = StorageDeviceProperty;
+ query.QueryType = PropertyStandardQuery;
+
+ if(!DeviceIoControl(device, IOCTL_STORAGE_QUERY_PROPERTY,
+ &query, sizeof(STORAGE_PROPERTY_QUERY),
+ &desc_header, sizeof(STORAGE_DESCRIPTOR_HEADER),
+ &bytes_returned, 0)) {
+ return uint64_t{ };
+ }
+
+ out_buffer = new uint8_t[desc_header.Size];
+ memset(out_buffer, 0, desc_header.Size);
+
+ if(!DeviceIoControl(device, IOCTL_STORAGE_QUERY_PROPERTY,
+ &query, sizeof(STORAGE_PROPERTY_QUERY),
+ out_buffer, desc_header.Size,
+ &bytes_returned, 0)) {
+ delete[] out_buffer;
+ return uint64_t{ };
+ }
+
+ device_descriptor = (STORAGE_DEVICE_DESCRIPTOR*)out_buffer;
+ if(device_descriptor->SerialNumberOffset) {
+ std::string serial_num = reinterpret_cast<const char*>(
+ out_buffer + device_descriptor->SerialNumberOffset);
+
+ delete[] out_buffer;
+ CloseHandle(device);
+ return fnv::hash_runtime(serial_num.c_str());
+ }
+
+ return 0;
}
void RuntimeSecurity::SetupSystemIdentifier()
diff --git a/csgo-loader/csgo-client/csgo-client.vcxproj b/csgo-loader/csgo-client/csgo-client.vcxproj index 40af0a8..d29454f 100644 --- a/csgo-loader/csgo-client/csgo-client.vcxproj +++ b/csgo-loader/csgo-client/csgo-client.vcxproj @@ -30,8 +30,7 @@ <ClCompile Include="Client.cpp" />
<ClCompile Include="Login\RemoteLogin.cpp" />
<ClCompile Include="Networking\TCPClient.cpp" />
- <ClCompile Include="RemoteCode\RemoteCodeClient.cpp" />
- <ClCompile Include="RemoteCode\RemoteInjectionClient.cpp" />
+ <ClCompile Include="RemoteCode\RemoteMapper.cpp" />
<ClCompile Include="RemoteCode\RemoteProcess.cpp" />
<ClCompile Include="Security\Encryption.cpp" />
<ClCompile Include="Security\RuntimeSecurity.cpp" />
@@ -47,8 +46,7 @@ <ClInclude Include="Client.hpp" />
<ClInclude Include="Login\RemoteLogin.hpp" />
<ClInclude Include="Networking\TCPClient.hpp" />
- <ClInclude Include="RemoteCode\RemoteCodeClient.hpp" />
- <ClInclude Include="RemoteCode\RemoteInjectionClient.hpp" />
+ <ClInclude Include="RemoteCode\RemoteMapper.hpp" />
<ClInclude Include="RemoteCode\RemoteProcess.hpp" />
<ClInclude Include="resource.h" />
<ClInclude Include="Security\Encryption.hpp" />
diff --git a/csgo-loader/csgo-client/csgo-client.vcxproj.filters b/csgo-loader/csgo-client/csgo-client.vcxproj.filters index 0957ab9..e4b42c3 100644 --- a/csgo-loader/csgo-client/csgo-client.vcxproj.filters +++ b/csgo-loader/csgo-client/csgo-client.vcxproj.filters @@ -55,15 +55,12 @@ <ClCompile Include="RemoteCode\RemoteProcess.cpp">
<Filter>RemoteCode</Filter>
</ClCompile>
- <ClCompile Include="RemoteCode\RemoteCodeClient.cpp">
- <Filter>RemoteCode</Filter>
- </ClCompile>
- <ClCompile Include="RemoteCode\RemoteInjectionClient.cpp">
- <Filter>RemoteCode</Filter>
- </ClCompile>
<ClCompile Include="Security\RuntimeSecurity.cpp">
<Filter>Security</Filter>
</ClCompile>
+ <ClCompile Include="RemoteCode\RemoteMapper.cpp">
+ <Filter>RemoteCode</Filter>
+ </ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="Security\Encryption.hpp">
@@ -159,17 +156,14 @@ <ClInclude Include="RemoteCode\RemoteProcess.hpp">
<Filter>RemoteCode</Filter>
</ClInclude>
- <ClInclude Include="RemoteCode\RemoteCodeClient.hpp">
- <Filter>RemoteCode</Filter>
- </ClInclude>
- <ClInclude Include="RemoteCode\RemoteInjectionClient.hpp">
- <Filter>RemoteCode</Filter>
- </ClInclude>
<ClInclude Include="Client.hpp" />
<ClInclude Include="Security\RuntimeSecurity.hpp">
<Filter>Security</Filter>
</ClInclude>
<ClInclude Include="resource.h" />
+ <ClInclude Include="RemoteCode\RemoteMapper.hpp">
+ <Filter>RemoteCode</Filter>
+ </ClInclude>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="csgo-client.rc" />
|