diff options
Diffstat (limited to 'csgo-loader')
38 files changed, 806 insertions, 388 deletions
diff --git a/csgo-loader/csgo-client/Client.cpp b/csgo-loader/csgo-client/Client.cpp index dc08da2..0f29f29 100644 --- a/csgo-loader/csgo-client/Client.cpp +++ b/csgo-loader/csgo-client/Client.cpp @@ -1,95 +1,58 @@ -#include <Networking/TCPClient.hpp>
-#include <Login/RemoteLogin.hpp>
-#include <Security/SyscallManager.hpp>
-#include <Security/FnvHash.hpp>
-#include <UserExperience/UserInterface.hpp>
-#include <RemoteCode/RemoteProcess.hpp>
-
-#define LOCAL_IP 0x0100007F // '127.0.0.1'
-#define SERVER_IP 0xE53CA523 // Hexadecimal representation of the server IP, obtained by inet_addr()
-#define SERVER_PORT 0xF2C // Hexadecimal representation of the server port.
-
-// hey nave just wanna let u know u r epic
-// yea
-#if 0
-void hhahahaha()
-{
- std::thread WindowThread([]
- {
- if(!UserInterface->Start())
- ERROR_ASSERT("[000F:00001B00] Failed to initialize. Please contact an administrator.");
-
- UserInterface->RunUiFrame();
- }); WindowThread.detach();
-
- UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_LOG_IN;
-
- while(UserInterface->m_Data.m_ExecutionState != UserExperience::EXECUTION_WAITING)
- Sleep(1);
-
- Login::RemoteLoginTransaction Transaction;
- Transaction.Start(UserInterface->m_Data.m_Username, UserInterface->m_Data.m_Password);
-
- ByteArray RawLoginHeader = Transaction.GetHeader();
- Client.SendBytes(RawLoginHeader);
-
- ByteArray RawServerResponse = Client.ReceiveBytes();
- if(!Transaction.TranslateResponse(RawServerResponse))
- {
- UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_ERROR;
- }
- else
- {
- UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_CHOOSE;
- }
-}
-#endif
-
-// is this loss/
-__forceinline void OpenConsole()
-{
-#ifdef DEBUG
- // ;ddDDDDdDDDd
- AllocConsole();
-
- // yo dude
- // get this handles
- FILE *file;
- freopen_s(&file, "CONOUT$", "w", stdout);
-#endif // DEBUG
-}
+#include <Client.hpp>
int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow)
{
- OpenConsole();
+ WRAP_IF_DEBUG(Utils::OpenConsole());
- Networking::TCPClient Client;
+ WRAP_IF_RELEASE(VM_DOLPHIN_BLACK_START);
+ WRAP_IF_RELEASE(STR_ENCRYPT_START);
+
+ // Initialize the runtime protection system.
+ if(!Protection->Start())
+ ERROR_ASSERT("[000F:00001A00] Failed to initialize. Please contact an administrator.");
// Initialize the syscall manager.
if(!Syscalls->Start())
ERROR_ASSERT("[000F:00001A00] Failed to initialize. Please contact an administrator.");
-
+
+ WRAP_IF_RELEASE(STR_ENCRYPT_END);
+ WRAP_IF_RELEASE(VM_DOLPHIN_BLACK_END);
+
// Wait for connection.
UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_WAITING;
// Create a thread to handle UI.
std::thread WindowThread([]
{
+ WRAP_IF_RELEASE(VM_SHARK_BLACK_START);
+ WRAP_IF_RELEASE(STR_ENCRYPT_START);
+
// Create a window, initialise DirectX context.
if(!UserInterface->Start())
ERROR_ASSERT("[000F:00001B00] Failed to initialize. Please contact an administrator.");
+ WRAP_IF_RELEASE(STR_ENCRYPT_END);
+ WRAP_IF_RELEASE(VM_SHARK_BLACK_END);
+
// Create a loop to draw our UI.
UserInterface->RunUiFrame();
}); WindowThread.detach();
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_START);
+
// Attempt to connect to the remote server.
+ Networking::TCPClient Client;
if(!Client.Start(LOCAL_IP, SERVER_PORT))
ERROR_ASSERT("[000F:0002A000] Server did not accept the connection.");
+
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_END);
+
// Allow the user to input their log-in data.
UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_LOG_IN;
- // TODO: Add game selection.
+ while(UserInterface->m_Data.m_ExecutionState != UserExperience::EXECUTION_WAITING)
+ Sleep(1);
+ // TODO: Add game selection.
while(1) { if(GetAsyncKeyState(VK_END) & 0x8000) break; Sleep(1); }
}
\ No newline at end of file diff --git a/csgo-loader/csgo-client/Client.hpp b/csgo-loader/csgo-client/Client.hpp new file mode 100644 index 0000000..fb1f623 --- /dev/null +++ b/csgo-loader/csgo-client/Client.hpp @@ -0,0 +1,41 @@ +#pragma once
+
+// NOTE:
+// THE FOLLOWING MACROS ARE USED ONLY IN CLIENT.CPP
+// PLEASE UPDATE THEM ACCORDINGLY.
+#define LOCAL_IP 0x0100007F // '127.0.0.1'
+#define SERVER_IP 0xE53CA523 // Hexadecimal representation of the server IP, obtained by inet_addr()
+#define SERVER_PORT 0xF2C // Hexadecimal representation of the server port.
+
+// Security features (these will be initialised and ran
+// first, failure will terminate loader execution).
+#include <Security/RuntimeSecurity.hpp>
+#include <Security/SyscallManager.hpp>
+
+// Core functionality
+#include <Networking/TCPClient.hpp>
+#include <UserExperience/UserInterface.hpp>
+
+// Loader functionality
+#include <Login/RemoteLogin.hpp>
+
+#include <RemoteCode/RemoteProcess.hpp>
+#include <RemoteCode/RemoteInjectionClient.hpp>
+#include <RemoteCode/RemoteCodeClient.hpp>
+
+// It looked nasty in Client.cpp, so I'm putting it here.
+namespace Utils
+{
+ inline void OpenConsole()
+ {
+ // Create instance of console.
+ AllocConsole();
+
+ // Allow console to access output stream.
+ FILE *file;
+ freopen_s(&file, "CONOUT$", "w", stdout);
+
+ // :^)
+ SetConsoleTitleA("moneyclient $");
+ }
+}
\ No newline at end of file diff --git a/csgo-loader/csgo-client/Login/RemoteLogin.cpp b/csgo-loader/csgo-client/Login/RemoteLogin.cpp index b6912d8..a725a6b 100644 --- a/csgo-loader/csgo-client/Login/RemoteLogin.cpp +++ b/csgo-loader/csgo-client/Login/RemoteLogin.cpp @@ -3,7 +3,7 @@ // Change this whenever a major client update is made.
// NOTE: You must change this on the server as well.
-#define CURRENT_CLIENT_HEADER 0xDEADBEEF
+#define CURRENT_CLIENT_HEADER 0x62746324
namespace Login
{
@@ -17,10 +17,11 @@ namespace Login strcpy_s< 128 >(m_Header.m_Password, Password);
// Initialise the header with the Hardware ID.
- m_Header.m_HardwareId = GetHardwareId();
+ m_Header.m_HardwareId = 0xFFFFFFFF;
// TODO: Verify integrity of system.
- m_Header.m_IntegrityBit1 = 0; // 0 for integrity passed, random bit for failure
+ // 0 for integrity passed, random bit for failure
+ m_Header.m_IntegrityBit1 = 0;
m_Header.m_IntegrityBit2 = 0;
m_Header.m_IntegrityBit3 = 0;
@@ -31,21 +32,10 @@ namespace Login }
// TODO: Hardware ID check.
- ByteArray RemoteLoginTransaction::DoWmiQuery(const char *Query)
- {
- ByteArray Response{};
-
- return Response;
- }
-
- uint32_t RemoteLoginTransaction::GetHardwareId()
- {
- return 123456789;
- }
bool RemoteLoginTransaction::TranslateResponse(ByteArray &RawResponse)
{
- RemoteLoginResponse ServerResponse = *reinterpret_cast<RemoteLoginResponse *>(&RawResponse[0]);
+ RemoteLoginResponse ServerResponse = *(RemoteLoginResponse *)&RawResponse[0];
switch(ServerResponse)
{
@@ -55,20 +45,20 @@ namespace Login case RemoteLoginResponse::ACCESS_AUTHORISED:
return true;
case RemoteLoginResponse::OUTDATED_CLIENT:
- INFO_ASSERT("[000A:%08x] Your client is outdated.\nPlease download the latest client at 'moneybot.cc'.", m_Header.m_HardwareId);
+ INFO_ASSERT("[000A:%08x] Your client is outdated.\nPlease download the latest client at 'moneybot.cc'.", m_Header.m_HardwareId ^ ServerResponse);
break;
case RemoteLoginResponse::USER_BANNED:
- INFO_ASSERT("[000D:%08x] Your account is banned.\nPlease contact 'admin@moneybot.cc' for additional information.", m_Header.m_HardwareId);
+ INFO_ASSERT("[000D:%08x] Your account is banned.\nPlease contact 'admin@moneybot.cc' for additional information.", m_Header.m_HardwareId ^ ServerResponse);
break;
case RemoteLoginResponse::INVALID_HARDWARE:
UserInterface->m_Data.m_Error = UserExperience::ERROR_INVALID_HWID;
break;
case RemoteLoginResponse::INVALID_CREDENTIALS:
- INFO_ASSERT("[000C:%08x] Your credentials are invalid. Please check your spelling and try again.", m_Header.m_HardwareId);
+ INFO_ASSERT("[000C:%08x] Your credentials are invalid. Please check your spelling and try again.", m_Header.m_HardwareId ^ ServerResponse);
break;
case RemoteLoginResponse::INTEGRITY_FAILURE:
case RemoteLoginResponse::NO_SUBSCRIPTION:
- INFO_ASSERT("[000G:%08x] No active subscription found.", m_Header.m_HardwareId);
+ INFO_ASSERT("[0005:%08x] No active subscription found.", m_Header.m_HardwareId ^ ServerResponse);
break;
}
diff --git a/csgo-loader/csgo-client/Login/RemoteLogin.hpp b/csgo-loader/csgo-client/Login/RemoteLogin.hpp index 31649c6..8e819fe 100644 --- a/csgo-loader/csgo-client/Login/RemoteLogin.hpp +++ b/csgo-loader/csgo-client/Login/RemoteLogin.hpp @@ -56,10 +56,7 @@ namespace Login void Start(const char *Username, const char *Password);
// Obtains the hardware ID of the current machine in use.
- uint32_t GetHardwareId();
-
- // Queries the WMI for data.
- ByteArray DoWmiQuery(const char *Query);
+ // TODO: HWID
// Translates server response, determines whether or not the
// user can access the client. NOTE: Server will drop the client if
diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp b/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp index c62812b..5a42b6c 100644 --- a/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp +++ b/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp @@ -1,43 +1,6 @@ #include <RemoteCode/RemoteCodeClient.hpp>
-// i kinda stopped caring at this point
-
namespace RemoteCode
{
- RemoteCodeParameters RemoteCodeClient::Start(RemoteProcess &Process)
- {
- // Copy over process.
- m_Process = Process;
-
- // PSA: If the loader crashes CS:GO, this is most definitely the reason.
- HANDLE ShaderApi = Process.FindModule("shaderapidx9.dll");
- void *D3D_DevicePtr = (void *)((uintptr_t)ShaderApi + 0xA3FC0);
-
- // Read the VTable.
- // TODO: Check if process is 32-bit or 64-bit.... nah fuck that lol
- void *D3D_VtablePtr = Process.Read<void *>(D3D_DevicePtr);
- m_DirectX = Process.Read<uintptr_t>((void *)((uintptr_t)D3D_VtablePtr + 42 * 4));
-
- RemoteCodeParameters Parameters{
- (uintptr_t)D3D_VtablePtr,
- m_DirectX,
- 0x00000000,
- 0x00000000,
- (uintptr_t)VirtualProtect
- };
-
- m_DirectX = (uintptr_t)D3D_VtablePtr;
-
- return Parameters;
- }
-
- void RemoteCodeClient::Dispatch(ByteArray &Shellcode)
- {
- // Allocate and set-up shellcode.
- void *AllocationBase = m_Process.Allocate(Shellcode.size());
- m_Process.Write(AllocationBase, Shellcode.data(), Shellcode.size());
- // Hijack D3D thread.
- m_Process.Write<uintptr_t>((void *)(m_DirectX + 42 * 4), (uintptr_t)AllocationBase);
- }
}
\ No newline at end of file diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp b/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp index 6794403..964d055 100644 --- a/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp +++ b/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp @@ -4,29 +4,8 @@ namespace RemoteCode
{
- struct RemoteCodeParameters
- {
- uintptr_t m_EndSceneVmt; // client
- uintptr_t m_OriginalEndScene; // client
- uintptr_t m_EntryPoint; // server
- uintptr_t m_CheatHeader; // server (this can also be constant but hey..)
- uintptr_t m_VirtualProtect; // client
- };
-
class RemoteCodeClient
{
- ByteArray m_Code;
- RemoteProcess m_Process;
- uintptr_t m_DirectX;
-
- public:
- RemoteCodeClient() = default;
-
- // Send server the allocation address.
- // This will also send the original and vmt address of endscene.
- RemoteCodeParameters Start(RemoteProcess &Process);
- // Allocate, write and then dispatch the shellcode.
- void Dispatch(ByteArray &Shellcode);
};
}
\ No newline at end of file diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp b/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp index b8ff03d..01f52be 100644 --- a/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp +++ b/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp @@ -2,47 +2,5 @@ namespace RemoteCode
{
- // Select a game to inject the cheat for
- bool RemoteInjectionClient::Start(UserExperience::SelectedGame Game)
- {
- if(Game >= UserExperience::SelectedGame::GAME_MAX)
- return false;
- // TODO: Add any other games :-)
- switch(Game)
- {
- case UserExperience::SelectedGame::GAME_CSGO:
- case UserExperience::SelectedGame::GAME_CSGO_BETA:
- strcpy_s(m_ProcessName, "csgo.exe");
- break;
- }
-
- return true;
- }
-
- // Allocates a page in the game memory, which will be used to
- // write and execute the DLL.
- uintptr_t RemoteInjectionClient::AllocateImagePage(size_t SizeOfImage)
- {
- if(!m_Process)
- return uintptr_t{};
-
- // Allocate enough space to map the image
- m_AllocationBase = m_Process.Allocate(SizeOfImage);
-
- return (uintptr_t)m_AllocationBase;
- }
-
- // Initializes m_Process with the game process.
- bool RemoteInjectionClient::OpenGameHandle()
- {
- return m_Process.Start(m_ProcessName);
- }
-
- // Writes the cheat binary to the allocated page.
- void RemoteInjectionClient::WriteToMap(ByteArray &CheatBin)
- {
- // is this loss?
- m_Process.Write(m_AllocationBase, CheatBin.data(), CheatBin.size());
- }
}
\ No newline at end of file diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp b/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp index 5880174..6699a9e 100644 --- a/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp +++ b/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp @@ -7,24 +7,6 @@ namespace RemoteCode {
class RemoteInjectionClient
{
- ByteArray m_Data;
- RemoteProcess m_Process;
- char m_ProcessName[64];
- void *m_AllocationBase;
- public:
- RemoteInjectionClient() = default;
-
- // Select a game to inject the cheat for
- bool Start(UserExperience::SelectedGame Game);
-
- // Allocates a page in the game memory, which will be used to
- // write and execute the DLL.
- uintptr_t AllocateImagePage(size_t SizeOfImage);
-
- // Initializes m_Process with the game process.
- bool OpenGameHandle();
-
- void WriteToMap(ByteArray &CheatBin);
};
}
\ No newline at end of file diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp b/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp index 8d2509f..6893498 100644 --- a/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp +++ b/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp @@ -29,6 +29,10 @@ namespace RemoteCode // swoo
m_ProcessId = ProcessEntry.th32ProcessID;
m_Process = OpenProcess(PROCESS_ALL_ACCESS, false, ProcessEntry.th32ProcessID);
+
+ if(!m_Process)
+ ERROR_ASSERT("[000G:%08x] There was an error with accessing a process.", GetLastError());
+
return true;
}
}
@@ -40,13 +44,19 @@ namespace RemoteCode void RemoteProcess::ReadMemoryWrapper_Internal(void *Address, void *Data, size_t SizeOfData)
{
static auto ZwReadVirtualMemory = Syscalls->Find<long(__stdcall *)(void *, void *, void *, size_t, void *)>(FNV("ZwReadVirtualMemory"));
- ZwReadVirtualMemory(m_Process, Address, Data, SizeOfData, nullptr);
+ NTSTATUS Status = ZwReadVirtualMemory(m_Process, Address, Data, SizeOfData, nullptr);
+
+ if(NT_ERROR(Status))
+ ERROR_ASSERT("[00DF:%08x] There was an error with accessing a process.", Status);
}
void RemoteProcess::WriteMemoryWrapper_Internal(void *Address, void *Data, size_t SizeOfData)
{
static auto ZwWriteVirtualMemory = Syscalls->Find<long(__stdcall *)(void *, void *, void *, size_t, void *)>(FNV("ZwWriteVirtualMemory"));
- ZwWriteVirtualMemory(m_Process, Address, Data, SizeOfData, nullptr);
+ NTSTATUS Status = ZwWriteVirtualMemory(m_Process, Address, Data, SizeOfData, nullptr);
+
+ if(NT_ERROR(Status))
+ ERROR_ASSERT("[00DF:%08x] There was an error with accessing a process.", Status);
}
void *RemoteProcess::Allocate(size_t AllocationSize)
@@ -64,8 +74,8 @@ namespace RemoteCode PAGE_EXECUTE_READWRITE
);
- if(!NT_SUCCESS(Status))
- return nullptr;
+ if(NT_ERROR(Status))
+ ERROR_ASSERT("[00DF:%08x] There was an error with accessing a process.", Status);
return AllocationAddress;
}
@@ -85,9 +95,11 @@ namespace RemoteCode while(Module32Next(Toolhelp, &ModuleEntry))
{
- //printf("%s\n", ModuleEntry.szModule);
if(strstr(ModuleEntry.szModule, ModuleName))
{
+ if(!ModuleEntry.hModule)
+ ERROR_ASSERT("[00DF:00001C00] An integrity check failed.");
+
CloseHandle(Toolhelp);
return RemoteModule(ModuleEntry.hModule);
}
diff --git a/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp b/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp new file mode 100644 index 0000000..305a44f --- /dev/null +++ b/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp @@ -0,0 +1,29 @@ +#include <Security/RuntimeSecurity.hpp>
+#include <UserExperience/UserInterface.hpp>
+
+// Global accessor to security instance.
+Security::RuntimeSecurityPtr Protection = std::make_unique<Security::RuntimeSecurity>();
+
+namespace Security
+{
+ decltype(&MessageBoxA) oMessageBox;
+ int __stdcall Hooked_MessageBox(HWND Window, char *Message, char *Caption, uint32_t Type)
+ {
+ MEMORY_BASIC_INFORMATION Query;
+ if(!VirtualQuery(_ReturnAddress(), &Query, sizeof MEMORY_BASIC_INFORMATION))
+ ERROR_ASSERT("[00DF:00002C00] An integrity check failed.");
+
+ return oMessageBox(Window, Message, Caption, Type);
+ }
+
+ bool RuntimeSecurity::Start()
+ {
+ if(MH_Initialize() != MH_OK)
+ return false;
+
+ MH_CreateHook(&MessageBoxA, Hooked_MessageBox, (void **)&oMessageBox);
+ MH_EnableHook(&MessageBoxA);
+
+ return true;
+ }
+}
\ No newline at end of file diff --git a/csgo-loader/csgo-client/Security/RuntimeSecurity.hpp b/csgo-loader/csgo-client/Security/RuntimeSecurity.hpp new file mode 100644 index 0000000..77ec94c --- /dev/null +++ b/csgo-loader/csgo-client/Security/RuntimeSecurity.hpp @@ -0,0 +1,88 @@ +#pragma once
+
+// std::unique_ptr
+#include <memory>
+
+// Intrinsics (_ReturnAddress)
+#include <intrin.h>
+
+// Required for the SDK from Themida which offers multiple
+// virtual machines and string encryption, as well as debug/VM checks.
+#include <ThemidaSDK.h>
+
+// Required for MinHook.
+#include <MinHook.h>
+#pragma comment(lib, "MinHook.lib")
+
+// Used for wrapping Themida's macros along with some other things.
+// e.g: WRAP_IF_RELEASE( VM_SHARK_BLACK_START ) will only trigger in Release mode.
+// Likewise, WRAP_IF_DEBUG( printf( "Error: %08x", GetLastError() ) ) will only
+// trigger in Debug mode.
+// Just a neat little feature that I decided to implement :-)
+#ifdef DEBUG
+ #define WRAP_IF_RELEASE( s )
+ #define WRAP_IF_DEBUG( s ) { s; }
+#else
+ #define WRAP_IF_RELEASE( s ) { s; }
+ #define WRAP_IF_DEBUG( s )
+
+ // Link against Themida's SecureEngine.
+ #pragma comment(lib, "SecureEngine.lib")
+#endif
+
+namespace Security
+{
+ // Hardware ID structure (this is hashed and sent to server, but it's easier to use it
+ // this way internally)
+ struct HardwareIdentifier
+ {
+ // Generic CPU information.
+ uint16_t m_CpuArchitecture;
+ uint32_t m_CpuCount;
+
+ // String-literal - contains list of CPU features.
+ char m_CpuFeatures[64];
+
+ // Hash of the hard disk serial identifier.
+ uint32_t m_HardDiskSerialHash;
+ };
+
+ // This class implements the runtime security system.
+ // In short, upon initialization, the system applies detours to numerous API functions
+ // which will be checked for integrity every time they are called.
+ // Also, a few threads are dispatched in the process in order to ensure that there are no
+ // forbidden programs/conditions being triggered.
+ // The class has an (inlined) security callback which can be used to phone home and infract/ban
+ // any potentially malicious actions from users.
+ class RuntimeSecurity
+ {
+ protected:
+ // Applies necessary API hooks.
+ void ApplyApiHooks_Internal();
+
+ // Patches common debugging functions to crash the program.
+ void PatchDebugFunctions_Internal();
+
+ // Dispatches security threads.
+ void DispatchSecurityThreads_Internal();
+
+ // The following functions are used in security threads to run checks.
+ bool CheckForVirtualMachine_Internal();
+
+ bool CheckForDebugger_Internal();
+
+ bool CheckForApiHooks_Internal();
+
+ public:
+ // Initializes the runtime security system.
+ bool Start();
+
+ // Retrieves the current Hardware ID for the system.
+
+ };
+
+ // Readability
+ using RuntimeSecurityPtr = std::unique_ptr<RuntimeSecurity>;
+}
+
+extern Security::RuntimeSecurityPtr Protection;
\ No newline at end of file diff --git a/csgo-loader/csgo-client/UserExperience/MoneybotShared/ui.h b/csgo-loader/csgo-client/UserExperience/MoneybotShared/ui.h index b061cd5..4d89936 100644 --- a/csgo-loader/csgo-client/UserExperience/MoneybotShared/ui.h +++ b/csgo-loader/csgo-client/UserExperience/MoneybotShared/ui.h @@ -42,9 +42,6 @@ namespace ui { auto error_form = menu->add_item(std::make_shared<ui::c_form>(120, 20, 190, 115, "error"));
{
- error_form->add_item(std::make_shared<ui::c_label>(25, 15, "contact an administrator."))->set_cond([] {
- return UserInterface->m_Data.m_Error == UserExperience::ERROR_SHADOW_BAN;
- });
error_form->add_item(std::make_shared<ui::c_label>(30, 15, "hardware id mismatch."))->set_cond([] {
return UserInterface->m_Data.m_Error == UserExperience::ERROR_INVALID_HWID;
});
diff --git a/csgo-loader/csgo-client/UserExperience/UserInterface.cpp b/csgo-loader/csgo-client/UserExperience/UserInterface.cpp index af1b384..75b79b2 100644 --- a/csgo-loader/csgo-client/UserExperience/UserInterface.cpp +++ b/csgo-loader/csgo-client/UserExperience/UserInterface.cpp @@ -11,65 +11,65 @@ namespace UserExperience {
void OnDirectXFrame()
{
- if(g_d3d.run_frame(g_window.m_d3d_device)) - { - g_d3d.begin(); - for(auto& it : d3d::sprites) - { - it->begin(g_window.m_d3d_device); - } - - static auto last_time = GetTickCount() * 0.001f; - auto cur_time = GetTickCount() * 0.001f; - - auto deltatime = cur_time - last_time; - - last_time = cur_time; - - constexpr float anim_step = 1.0f / 15.f; - static float anim_time = 0.f; - static bool flip = false; - if(anim_time == 1.0f) - { - flip = true; - } - if(anim_time == 0.f) - { - flip = false; - } - - if(flip) anim_time = std::clamp(anim_time - anim_step * deltatime, 0.f, 1.0f); - else anim_time = std::clamp(anim_time + anim_step * deltatime, 0.f, 1.0f); - - ui::set_animtime(anim_time); - ui::render(); - - RECT cur_rect{ }; - GetWindowRect(g_window.get_hwnd(), &cur_rect); - - g_d3d.end(); - for(auto& it : d3d::sprites) - { - it->end(); - } + if(g_d3d.run_frame(g_window.m_d3d_device))
+ {
+ g_d3d.begin();
+ for(auto& it : d3d::sprites)
+ {
+ it->begin(g_window.m_d3d_device);
+ }
+
+ static auto last_time = GetTickCount() * 0.001f;
+ auto cur_time = GetTickCount() * 0.001f;
+
+ auto deltatime = cur_time - last_time;
+
+ last_time = cur_time;
+
+ constexpr float anim_step = 1.0f / 15.f;
+ static float anim_time = 0.f;
+ static bool flip = false;
+ if(anim_time == 1.0f)
+ {
+ flip = true;
+ }
+ if(anim_time == 0.f)
+ {
+ flip = false;
+ }
+
+ if(flip) anim_time = std::clamp(anim_time - anim_step * deltatime, 0.f, 1.0f);
+ else anim_time = std::clamp(anim_time + anim_step * deltatime, 0.f, 1.0f);
+
+ ui::set_animtime(anim_time);
+ ui::render();
+
+ RECT cur_rect{ };
+ GetWindowRect(g_window.get_hwnd(), &cur_rect);
+
+ g_d3d.end();
+ for(auto& it : d3d::sprites)
+ {
+ it->end();
+ }
}
}
bool UserInterface::Start()
{
- bool result = g_window.create(); - - if(result) - { - std::this_thread::sleep_for(std::chrono::milliseconds(100)); - g_window.add_on_frame(&OnDirectXFrame); + bool result = g_window.create();
+
+ if(result)
+ {
+ std::this_thread::sleep_for(std::chrono::milliseconds(100));
+ g_window.add_on_frame(&OnDirectXFrame);
}
return result;
}
- void UserInterface::RunUiFrame() - { + void UserInterface::RunUiFrame()
+ {
g_window.on_frame();
}
}
\ No newline at end of file diff --git a/csgo-loader/csgo-client/csgo-client.vcxproj b/csgo-loader/csgo-client/csgo-client.vcxproj index 5c839dc..f3fa98f 100644 --- a/csgo-loader/csgo-client/csgo-client.vcxproj +++ b/csgo-loader/csgo-client/csgo-client.vcxproj @@ -26,6 +26,7 @@ <ClCompile Include="RemoteCode\RemoteInjectionClient.cpp" />
<ClCompile Include="RemoteCode\RemoteProcess.cpp" />
<ClCompile Include="Security\Encryption.cpp" />
+ <ClCompile Include="Security\RuntimeSecurity.cpp" />
<ClCompile Include="Security\SyscallManager.cpp" />
<ClCompile Include="UserExperience\MoneybotShared\d3d.cpp" />
<ClCompile Include="UserExperience\MoneybotShared\d3d_sprite.cpp" />
@@ -35,6 +36,7 @@ <ClCompile Include="UserExperience\UserInterface.cpp" />
</ItemGroup>
<ItemGroup>
+ <ClInclude Include="Client.hpp" />
<ClInclude Include="Login\RemoteLogin.hpp" />
<ClInclude Include="Networking\TCPClient.hpp" />
<ClInclude Include="RemoteCode\RemoteCodeClient.hpp" />
@@ -42,6 +44,7 @@ <ClInclude Include="RemoteCode\RemoteProcess.hpp" />
<ClInclude Include="Security\Encryption.hpp" />
<ClInclude Include="Security\FnvHash.hpp" />
+ <ClInclude Include="Security\RuntimeSecurity.hpp" />
<ClInclude Include="Security\SyscallManager.hpp" />
<ClInclude Include="UserExperience\MoneybotShared\color.hpp" />
<ClInclude Include="UserExperience\MoneybotShared\d3d.hpp" />
@@ -124,15 +127,15 @@ <OutDir>$(SolutionDir)bin\$(Configuration)\</OutDir>
<IntDir>$(SolutionDir)build\$(Configuration)\Client\</IntDir>
<ExecutablePath>$(ExecutablePath)</ExecutablePath>
- <IncludePath>$(SolutionDir)themida-sdk\include;$(DXSDK_DIR)\Include;$(ProjectDir);$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
- <LibraryPath>$(SolutionDir)themida-sdk\lib;$(DXSDK_DIR)\Lib\x64;$(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64);$(NETFXKitsDir)Lib\um\x64</LibraryPath>
+ <IncludePath>$(SolutionDir)shared\include;$(DXSDK_DIR)\Include;$(ProjectDir);$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
+ <LibraryPath>$(SolutionDir)shared\lib;$(DXSDK_DIR)\Lib\x64;$(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64);$(NETFXKitsDir)Lib\um\x64</LibraryPath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<OutDir>$(SolutionDir)bin\$(Configuration)\</OutDir>
<IntDir>$(SolutionDir)build\$(Configuration)\Client\</IntDir>
<ExecutablePath>$(ExecutablePath)</ExecutablePath>
- <IncludePath>$(SolutionDir)themida-sdk\include;$(DXSDK_DIR)\Include;$(ProjectDir);$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
- <LibraryPath>$(SolutionDir)themida-sdk\lib;$(DXSDK_DIR)\Lib\x64;$(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64);$(NETFXKitsDir)Lib\um\x64</LibraryPath>
+ <IncludePath>$(SolutionDir)shared\include;$(DXSDK_DIR)\Include;$(ProjectDir);$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
+ <LibraryPath>$(SolutionDir)shared\lib;$(DXSDK_DIR)\Lib\x64;$(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64);$(NETFXKitsDir)Lib\um\x64</LibraryPath>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
@@ -151,7 +154,8 @@ <PreprocessorDefinitions>_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32_LEAN_AND_MEAN;NOMINMAX;DEBUG;_MBCS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeTypeInfo>true</RuntimeTypeInfo>
<LanguageStandard>stdcpp17</LanguageStandard>
- <DisableSpecificWarnings>4100;4189;4244;4267;4522;4714;4838;</DisableSpecificWarnings>
+ <DisableSpecificWarnings>4100;4189;4244;4267;4522;4714;4838;4307;4706;4702</DisableSpecificWarnings>
+ <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
</ClCompile>
<Link>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
@@ -184,7 +188,7 @@ <PreprocessorDefinitions>_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32_LEAN_AND_MEAN;NOMINMAX;_MBCS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeTypeInfo>true</RuntimeTypeInfo>
<LanguageStandard>stdcpp17</LanguageStandard>
- <DisableSpecificWarnings>4100;4189;4244;4267;4522;4714;4838;</DisableSpecificWarnings>
+ <DisableSpecificWarnings>4100;4189;4244;4267;4522;4714;4838;4307;4706;4702</DisableSpecificWarnings>
</ClCompile>
<Link>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
diff --git a/csgo-loader/csgo-client/csgo-client.vcxproj.filters b/csgo-loader/csgo-client/csgo-client.vcxproj.filters index 049be28..d6bb0c4 100644 --- a/csgo-loader/csgo-client/csgo-client.vcxproj.filters +++ b/csgo-loader/csgo-client/csgo-client.vcxproj.filters @@ -61,6 +61,9 @@ <ClCompile Include="RemoteCode\RemoteInjectionClient.cpp">
<Filter>RemoteCode</Filter>
</ClCompile>
+ <ClCompile Include="Security\RuntimeSecurity.cpp">
+ <Filter>Security</Filter>
+ </ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="Security\Encryption.hpp">
@@ -162,5 +165,9 @@ <ClInclude Include="RemoteCode\RemoteInjectionClient.hpp">
<Filter>RemoteCode</Filter>
</ClInclude>
+ <ClInclude Include="Client.hpp" />
+ <ClInclude Include="Security\RuntimeSecurity.hpp">
+ <Filter>Security</Filter>
+ </ClInclude>
</ItemGroup>
</Project>
\ No newline at end of file diff --git a/csgo-loader/csgo-server/Login/RemoteLogin.cpp b/csgo-loader/csgo-server/Login/RemoteLogin.cpp index b9ee44b..83ab4a7 100644 --- a/csgo-loader/csgo-server/Login/RemoteLogin.cpp +++ b/csgo-loader/csgo-server/Login/RemoteLogin.cpp @@ -1,6 +1,8 @@ #include <Login/RemoteLogin.hpp>
-#define EXPECTED_CLIENT_HEADER 0xDEADBEEF
+// Change this whenever a major server update is made.
+// NOTE: You must change this on the client as well.
+#define EXPECTED_CLIENT_HEADER 0x62746324
namespace Login
{
@@ -10,7 +12,7 @@ namespace Login return false;
// Epic direct casts :---DDDD
- m_Header = *reinterpret_cast<RemoteLoginHeader *>(&RawLoginHeader[0]);
+ m_Header = *(RemoteLoginHeader *)(&RawLoginHeader[0]);
return true;
}
@@ -35,7 +37,7 @@ namespace Login {
// TODO: Shadow ban the user.
- return RemoteLoginResponse::INVALID_HARDWARE;
+ return RemoteLoginResponse::INTEGRITY_FAILURE;
}
// TODO: Check if the HWID is present in DB.
diff --git a/csgo-loader/csgo-server/Login/RemoteLogin.hpp b/csgo-loader/csgo-server/Login/RemoteLogin.hpp index 5b31db1..f69e588 100644 --- a/csgo-loader/csgo-server/Login/RemoteLogin.hpp +++ b/csgo-loader/csgo-server/Login/RemoteLogin.hpp @@ -60,6 +60,9 @@ namespace Login ByteArray GetResponse();
+ // Expose the header for use with other classes.
+ RemoteLoginHeader GetHeader() { return m_Header; }
+
// TODO: Implement shadow banning based on IP and HWID.
};
}
\ No newline at end of file diff --git a/csgo-loader/csgo-server/Networking/TCPServer.cpp b/csgo-loader/csgo-server/Networking/TCPServer.cpp index b6bc3bd..dbd109d 100644 --- a/csgo-loader/csgo-server/Networking/TCPServer.cpp +++ b/csgo-loader/csgo-server/Networking/TCPServer.cpp @@ -127,7 +127,10 @@ namespace Networking // Detach a thread to handle the connection.
std::thread thread([&]
{
- m_ConnectionHandler(Connection);
+ // smol fix :^)
+ if(m_ConnectionHandler)
+ m_ConnectionHandler(Connection);
+
Connection.Close();
});
thread.detach();
diff --git a/csgo-loader/csgo-server/RemoteCode/RemoteCodeServer.cpp b/csgo-loader/csgo-server/RemoteCode/RemoteCodeServer.cpp index daa42ae..65a4306 100644 --- a/csgo-loader/csgo-server/RemoteCode/RemoteCodeServer.cpp +++ b/csgo-loader/csgo-server/RemoteCode/RemoteCodeServer.cpp @@ -2,52 +2,5 @@ namespace RemoteCode
{
- ByteArray Shellcode = {
- // TODO: Add shellcode.
- };
- bool RemoteCodeServer::Start(ByteArray &Parameters)
- {
- RemoteCodeParameters CodeParams = *(RemoteCodeParameters *)&Parameters[0];
-
- // Check if the header is valid.
- if((!CodeParams.m_EndSceneVmt || !CodeParams.m_OriginalEndScene) ||
- (CodeParams.m_EntryPoint || CodeParams.m_CheatHeader))
- {
- // TODO: Ban user (probably using fake client)
- return false;
- }
-
- // Set up shellcode.
- m_CustomCode.insert(
- m_CustomCode.begin(),
- Shellcode.begin(),
- Shellcode.end()
- );
-
- // TODO: Set up pointers in shellcode.
-
- return true;
- }
-
- uintptr_t RemoteCodeServer::GetOffsetByPattern(ByteArray &Data, ByteArray Pattern)
- {
- if(Data.empty())
- return uintptr_t{};
-
- ByteArray::iterator Position = std::search(
- Data.begin(),
- Data.end(),
- Pattern.begin(),
- Pattern.end()
- );
-
- if(Position != Data.end())
- return (uintptr_t)std::distance(Data.begin(), Position);
-
- return uintptr_t{};
- }
-
- // is this loss?
- ByteArray RemoteCodeServer::GetShellcode() { return m_CustomCode; }
}
\ No newline at end of file diff --git a/csgo-loader/csgo-server/RemoteCode/RemoteCodeServer.hpp b/csgo-loader/csgo-server/RemoteCode/RemoteCodeServer.hpp index dde8b7d..3a31cb4 100644 --- a/csgo-loader/csgo-server/RemoteCode/RemoteCodeServer.hpp +++ b/csgo-loader/csgo-server/RemoteCode/RemoteCodeServer.hpp @@ -8,30 +8,8 @@ using ByteArray = std::vector<uint8_t>; namespace RemoteCode
{
- struct RemoteCodeParameters
- {
- uintptr_t m_EndSceneVmt;
- uintptr_t m_OriginalEndScene;
- uintptr_t m_EntryPoint;
- uintptr_t m_CheatHeader;
- uintptr_t m_VirtualProtect;
- };
-
class RemoteCodeServer
{
- ByteArray m_CustomCode;
-
- // swoo
- uintptr_t GetOffsetByPattern(ByteArray &Data, ByteArray Pattern);
-
- public:
- RemoteCodeServer() = default;
-
- // Send client the prepared shellcode.
- // This will also send the original and vmt address of endscene.
- bool Start(ByteArray &Parameters);
- // Get the response for the client
- ByteArray GetShellcode();
};
}
\ No newline at end of file diff --git a/csgo-loader/csgo-server/RemoteCode/RemoteInjectionServer.hpp b/csgo-loader/csgo-server/RemoteCode/RemoteInjectionServer.hpp index f8f7274..3a975f7 100644 --- a/csgo-loader/csgo-server/RemoteCode/RemoteInjectionServer.hpp +++ b/csgo-loader/csgo-server/RemoteCode/RemoteInjectionServer.hpp @@ -1,11 +1,63 @@ #pragma once
#include <windows.h>
+#include <cstdint>
+#include <vector>
+
+using ByteArray = std::vector<uint8_t>;
namespace RemoteCode
{
- class RemoteInjectionServer
+ // What the server sends to the client upon transaction start.
+ struct RemoteServerHeader
{
+ // Does the cheat support the DirectX thread execution exploit?
+ bool m_ThreadExploitSupported;
+
+ // This will be used for allocating the remote memory.
+ uintptr_t m_SizeOfImage;
+
+ // OPTIONAL: The cheat might be using the DllMain function
+ // to do injection. Make sure to call that.
+ uintptr_t m_EntryPoint;
+
+ // OPTIONAL: The cheat might be using TLS callbacks to
+ // do injection. Make sure to call that.
+ uintptr_t m_TlsCallbackDirectory;
+ };
+
+ // Requests supported by the server.
+ // These are stored in a vector and later looked up.
+ struct RemoteServerRequest
+ {
+ // Hash to look up requests by.
+ uint64_t m_LookupHash;
+
+ // Name printed on the console when a user injects.
+ char m_DebugName[128];
+
+ // File name that's used to load the DLL server-side.
+ char m_FileName[260];
+ // Does the cheat support the DirectX exploit for creating threads?
+ bool m_ThreadExploitSupported;
};
+
+ // The initial header we receive from the client.
+ struct RemoteClientRequest
+ {
+ uint64_t m_LookupHash;
+ };
+
+ // The response we receive from the client upon transaction start.
+ struct RemoteClientHeader
+ {
+ // Address of remote allocation.
+ uintptr_t m_RemoteAddress;
+
+ // Up to six remote modules.
+ // NOTE: Stop iterating once a module is NULL.
+ uintptr_t m_RemoteModules[6];
+ };
+
}
\ No newline at end of file diff --git a/csgo-loader/csgo-server/Security/FnvHash.hpp b/csgo-loader/csgo-server/Security/FnvHash.hpp new file mode 100644 index 0000000..35c9ad0 --- /dev/null +++ b/csgo-loader/csgo-server/Security/FnvHash.hpp @@ -0,0 +1,100 @@ +#pragma once
+#include <cstdint>
+#include <type_traits>
+
+// Credits: namazso
+// Implements FNV-1a hash algorithm
+namespace detail
+{
+ template <typename Type, Type OffsetBasis, Type Prime>
+ struct SizeDependantData
+ {
+ using type = Type;
+
+ constexpr static auto k_offset_basis = OffsetBasis;
+ constexpr static auto k_prime = Prime;
+ };
+
+ template <std::size_t Bits>
+ struct SizeSelector : std::false_type {};
+
+ template <>
+ struct SizeSelector<32> : SizeDependantData<std::uint32_t, 0x811c9dc5ul, 16777619ul> {};
+
+ template <>
+ struct SizeSelector<64> : SizeDependantData<std::uint64_t, 0xcbf29ce484222325ull, 1099511628211ull> {};
+
+ template <std::size_t Size>
+ class FnvHash
+ {
+ private:
+ using data_t = SizeSelector<Size>;
+
+ public:
+ using hash = typename data_t::type;
+
+ private:
+ constexpr static auto k_offset_basis = data_t::k_offset_basis;
+ constexpr static auto k_prime = data_t::k_prime;
+
+ public:
+ static __forceinline constexpr auto hash_init(
+ ) -> hash
+ {
+ return k_offset_basis;
+ }
+
+ static __forceinline constexpr auto hash_byte(
+ hash current,
+ std::uint8_t byte
+ ) -> hash
+ {
+ return (current ^ byte) * k_prime;
+ }
+
+ template <std::size_t N>
+ static __forceinline constexpr auto hash_constexpr(
+ const char(&str)[N],
+ const std::size_t size = N - 1 /* do not hash the null */
+ ) -> hash
+ {
+ const auto prev_hash = size == 1 ? hash_init() : hash_constexpr(str, size - 1);
+ const auto cur_hash = hash_byte(prev_hash, str[size - 1]);
+ return cur_hash;
+ }
+
+ static auto __forceinline hash_runtime_data(
+ const void* data,
+ const std::size_t sz
+ ) -> hash
+ {
+ const auto bytes = static_cast<const uint8_t*>(data);
+ const auto end = bytes + sz;
+ auto result = hash_init();
+ for(auto it = bytes; it < end; ++it)
+ result = hash_byte(result, *it);
+
+ return result;
+ }
+
+ static auto __forceinline hash_runtime(
+ const char* str
+ ) -> hash
+ {
+ auto result = hash_init();
+ do
+ result = hash_byte(result, *str++);
+ while(*str != '\0');
+
+ return result;
+ }
+ };
+}
+
+using fnv32 = ::detail::FnvHash<32>;
+using fnv64 = ::detail::FnvHash<64>;
+using fnv = ::detail::FnvHash<sizeof(void*) * 8>;
+
+#define FNV(str) (std::integral_constant<fnv::hash, fnv::hash_constexpr(str)>::value)
+#define FNV32(str) (std::integral_constant<fnv32::hash, fnv32::hash_constexpr(str)>::value)
+#define FNV64(str) (std::integral_constant<fnv64::hash, fnv64::hash_constexpr(str)>::value)
\ No newline at end of file diff --git a/csgo-loader/csgo-server/Server.cpp b/csgo-loader/csgo-server/Server.cpp index ada748b..d71a758 100644 --- a/csgo-loader/csgo-server/Server.cpp +++ b/csgo-loader/csgo-server/Server.cpp @@ -1,41 +1,24 @@ -#include <Networking/TCPServer.hpp>
-#include <Login/RemoteLogin.hpp>
+#include <Server.hpp>
-// ik inda like penigs tbh
-void ConnectionHandler(Networking::TCPConnection &Connection)
+int __stdcall WinMain(HINSTANCE, HINSTANCE, char*, int)
{
- Login::RemoteLoginServer LoginServer;
+ // Open a debugging console.
+ Utils::OpenConsole();
- ByteArray RawLoginHeader = Connection.ReceiveBytes();
- LoginServer.Start(RawLoginHeader);
-
- ByteArray RawServerResponse = LoginServer.GetResponse();
- Connection.SendBytes(RawServerResponse);
-}
-
-
-// cIUT <Y :LIFE INOT MAPIECES
-// THJIS IS MYLEAST REAPSPONTRE
-int main()
-{
- Networking::TCPServer Server;
// Create an instance of the TCP server.
- if(!Server.Start(3884))
- {
- printf("[FAIL] Failed to initialise server. (%08lx)\n", WSAGetLastError());
- system("pause");
- return 1;
- }
+ Networking::TCPServer Server;
- // Add a connection handler to the server.
- Server += ConnectionHandler;
+ bool Result = Server.Start(SERVER_PORT);
- // Accept incoming connections.
- while(true)
+ if(Result)
{
- Server.AcceptConnection();
+ for(;;)
+ Server.AcceptConnection();
}
- return 0;
+ if(!Result)
+ printf("[FAIL] Failed to initialise server. (%08lx)\n", WSAGetLastError());
+
+ system("pause");
}
\ No newline at end of file diff --git a/csgo-loader/csgo-server/Server.hpp b/csgo-loader/csgo-server/Server.hpp new file mode 100644 index 0000000..5a5b3f6 --- /dev/null +++ b/csgo-loader/csgo-server/Server.hpp @@ -0,0 +1,34 @@ +#pragma once
+
+// NOTE:
+// THE FOLLOWING MACROS ARE USED ONLY IN SERVER.CPP
+// PLEASE UPDATE THEM ACCORDINGLY.
+#define SERVER_PORT 0xF2C // Hexadecimal representation of the server port.
+
+// Core functionality
+#include <Networking/TCPServer.hpp>
+#include <Networking/WebSocket.hpp>
+
+// Loader functionality
+#include <Login/RemoteLogin.hpp>
+
+#include <RemoteCode/FileReader.hpp>
+#include <RemoteCode/RemoteInjectionServer.hpp>
+#include <RemoteCode/RemoteCodeServer.hpp>
+
+// It looked nasty in Server.cpp, so I'm putting it here.
+namespace Utils
+{
+ inline void OpenConsole()
+ {
+ // Create instance of console.
+ AllocConsole();
+
+ // Allow console to access output stream.
+ FILE *file;
+ freopen_s(&file, "CONOUT$", "w", stdout);
+
+ // :^)
+ SetConsoleTitleA("moneyserver $");
+ }
+}
\ No newline at end of file diff --git a/csgo-loader/csgo-server/csgo-server.vcxproj b/csgo-loader/csgo-server/csgo-server.vcxproj index 71fe624..268a409 100644 --- a/csgo-loader/csgo-server/csgo-server.vcxproj +++ b/csgo-loader/csgo-server/csgo-server.vcxproj @@ -36,6 +36,8 @@ <ClInclude Include="RemoteCode\RemoteCodeServer.hpp" />
<ClInclude Include="RemoteCode\RemoteInjectionServer.hpp" />
<ClInclude Include="Security\Encryption.hpp" />
+ <ClInclude Include="Security\FnvHash.hpp" />
+ <ClInclude Include="Server.hpp" />
</ItemGroup>
<PropertyGroup Label="Globals">
<VCProjectVersion>15.0</VCProjectVersion>
@@ -118,6 +120,7 @@ </ClCompile>
<Link>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
+ <SubSystem>Windows</SubSystem>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -148,6 +151,7 @@ <EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
+ <SubSystem>Windows</SubSystem>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
diff --git a/csgo-loader/csgo-server/csgo-server.vcxproj.filters b/csgo-loader/csgo-server/csgo-server.vcxproj.filters index 0d915d3..0adf29a 100644 --- a/csgo-loader/csgo-server/csgo-server.vcxproj.filters +++ b/csgo-loader/csgo-server/csgo-server.vcxproj.filters @@ -32,10 +32,10 @@ <Filter>RemoteCode</Filter>
</ClCompile>
<ClCompile Include="RemoteCode\RemoteCodeServer.cpp">
- <Filter>Networking</Filter>
+ <Filter>RemoteCode</Filter>
</ClCompile>
<ClCompile Include="RemoteCode\RemoteInjectionServer.cpp">
- <Filter>Networking</Filter>
+ <Filter>RemoteCode</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
@@ -55,10 +55,14 @@ <Filter>RemoteCode</Filter>
</ClInclude>
<ClInclude Include="RemoteCode\RemoteCodeServer.hpp">
- <Filter>Networking</Filter>
+ <Filter>RemoteCode</Filter>
</ClInclude>
<ClInclude Include="RemoteCode\RemoteInjectionServer.hpp">
- <Filter>Networking</Filter>
+ <Filter>RemoteCode</Filter>
+ </ClInclude>
+ <ClInclude Include="Security\FnvHash.hpp">
+ <Filter>Security</Filter>
</ClInclude>
+ <ClInclude Include="Server.hpp" />
</ItemGroup>
</Project>
\ No newline at end of file diff --git a/csgo-loader/shared/include/MinHook.h b/csgo-loader/shared/include/MinHook.h new file mode 100644 index 0000000..15c0a87 --- /dev/null +++ b/csgo-loader/shared/include/MinHook.h @@ -0,0 +1,186 @@ +/* + * MinHook - The Minimalistic API Hooking Library for x64/x86 + * Copyright (C) 2009-2017 Tsuda Kageyu. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER + * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#pragma once + +#if !(defined _M_IX86) && !(defined _M_X64) && !(defined __i386__) && !(defined __x86_64__) + #error MinHook supports only x86 and x64 systems. +#endif + +#include <windows.h> + +// MinHook Error Codes. +typedef enum MH_STATUS +{ + // Unknown error. Should not be returned. + MH_UNKNOWN = -1, + + // Successful. + MH_OK = 0, + + // MinHook is already initialized. + MH_ERROR_ALREADY_INITIALIZED, + + // MinHook is not initialized yet, or already uninitialized. + MH_ERROR_NOT_INITIALIZED, + + // The hook for the specified target function is already created. + MH_ERROR_ALREADY_CREATED, + + // The hook for the specified target function is not created yet. + MH_ERROR_NOT_CREATED, + + // The hook for the specified target function is already enabled. + MH_ERROR_ENABLED, + + // The hook for the specified target function is not enabled yet, or already + // disabled. + MH_ERROR_DISABLED, + + // The specified pointer is invalid. It points the address of non-allocated + // and/or non-executable region. + MH_ERROR_NOT_EXECUTABLE, + + // The specified target function cannot be hooked. + MH_ERROR_UNSUPPORTED_FUNCTION, + + // Failed to allocate memory. + MH_ERROR_MEMORY_ALLOC, + + // Failed to change the memory protection. + MH_ERROR_MEMORY_PROTECT, + + // The specified module is not loaded. + MH_ERROR_MODULE_NOT_FOUND, + + // The specified function is not found. + MH_ERROR_FUNCTION_NOT_FOUND +} +MH_STATUS; + +// Can be passed as a parameter to MH_EnableHook, MH_DisableHook, +// MH_QueueEnableHook or MH_QueueDisableHook. +#define MH_ALL_HOOKS NULL + +#ifdef __cplusplus +extern "C" { +#endif + + // Initialize the MinHook library. You must call this function EXACTLY ONCE + // at the beginning of your program. + MH_STATUS WINAPI MH_Initialize(VOID); + + // Uninitialize the MinHook library. You must call this function EXACTLY + // ONCE at the end of your program. + MH_STATUS WINAPI MH_Uninitialize(VOID); + + // Creates a Hook for the specified target function, in disabled state. + // Parameters: + // pTarget [in] A pointer to the target function, which will be + // overridden by the detour function. + // pDetour [in] A pointer to the detour function, which will override + // the target function. + // ppOriginal [out] A pointer to the trampoline function, which will be + // used to call the original target function. + // This parameter can be NULL. + MH_STATUS WINAPI MH_CreateHook(LPVOID pTarget, LPVOID pDetour, LPVOID *ppOriginal); + + // Creates a Hook for the specified API function, in disabled state. + // Parameters: + // pszModule [in] A pointer to the loaded module name which contains the + // target function. + // pszTarget [in] A pointer to the target function name, which will be + // overridden by the detour function. + // pDetour [in] A pointer to the detour function, which will override + // the target function. + // ppOriginal [out] A pointer to the trampoline function, which will be + // used to call the original target function. + // This parameter can be NULL. + MH_STATUS WINAPI MH_CreateHookApi( + LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal); + + // Creates a Hook for the specified API function, in disabled state. + // Parameters: + // pszModule [in] A pointer to the loaded module name which contains the + // target function. + // pszTarget [in] A pointer to the target function name, which will be + // overridden by the detour function. + // pDetour [in] A pointer to the detour function, which will override + // the target function. + // ppOriginal [out] A pointer to the trampoline function, which will be + // used to call the original target function. + // This parameter can be NULL. + // ppTarget [out] A pointer to the target function, which will be used + // with other functions. + // This parameter can be NULL. + MH_STATUS WINAPI MH_CreateHookApiEx( + LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal, LPVOID *ppTarget); + + // Removes an already created hook. + // Parameters: + // pTarget [in] A pointer to the target function. + MH_STATUS WINAPI MH_RemoveHook(LPVOID pTarget); + + // Enables an already created hook. + // Parameters: + // pTarget [in] A pointer to the target function. + // If this parameter is MH_ALL_HOOKS, all created hooks are + // enabled in one go. + MH_STATUS WINAPI MH_EnableHook(LPVOID pTarget); + + // Disables an already created hook. + // Parameters: + // pTarget [in] A pointer to the target function. + // If this parameter is MH_ALL_HOOKS, all created hooks are + // disabled in one go. + MH_STATUS WINAPI MH_DisableHook(LPVOID pTarget); + + // Queues to enable an already created hook. + // Parameters: + // pTarget [in] A pointer to the target function. + // If this parameter is MH_ALL_HOOKS, all created hooks are + // queued to be enabled. + MH_STATUS WINAPI MH_QueueEnableHook(LPVOID pTarget); + + // Queues to disable an already created hook. + // Parameters: + // pTarget [in] A pointer to the target function. + // If this parameter is MH_ALL_HOOKS, all created hooks are + // queued to be disabled. + MH_STATUS WINAPI MH_QueueDisableHook(LPVOID pTarget); + + // Applies all queued changes in one go. + MH_STATUS WINAPI MH_ApplyQueued(VOID); + + // Translates the MH_STATUS to its name as a string. + const char * WINAPI MH_StatusToString(MH_STATUS status); + +#ifdef __cplusplus +} +#endif + diff --git a/csgo-loader/themida-sdk/include/SecureEngineCustomVMs.h b/csgo-loader/shared/include/SecureEngineCustomVMs.h index fd35011..fd35011 100644 --- a/csgo-loader/themida-sdk/include/SecureEngineCustomVMs.h +++ b/csgo-loader/shared/include/SecureEngineCustomVMs.h diff --git a/csgo-loader/themida-sdk/include/SecureEngineCustomVMs_BorlandC_inline.h b/csgo-loader/shared/include/SecureEngineCustomVMs_BorlandC_inline.h index 9ba7f5a..9ba7f5a 100644 --- a/csgo-loader/themida-sdk/include/SecureEngineCustomVMs_BorlandC_inline.h +++ b/csgo-loader/shared/include/SecureEngineCustomVMs_BorlandC_inline.h diff --git a/csgo-loader/themida-sdk/include/SecureEngineCustomVMs_GNU_inline.h b/csgo-loader/shared/include/SecureEngineCustomVMs_GNU_inline.h index 68fb50e..68fb50e 100644 --- a/csgo-loader/themida-sdk/include/SecureEngineCustomVMs_GNU_inline.h +++ b/csgo-loader/shared/include/SecureEngineCustomVMs_GNU_inline.h diff --git a/csgo-loader/themida-sdk/include/SecureEngineCustomVMs_ICL_inline.h b/csgo-loader/shared/include/SecureEngineCustomVMs_ICL_inline.h index b0cda46..b0cda46 100644 --- a/csgo-loader/themida-sdk/include/SecureEngineCustomVMs_ICL_inline.h +++ b/csgo-loader/shared/include/SecureEngineCustomVMs_ICL_inline.h diff --git a/csgo-loader/themida-sdk/include/SecureEngineCustomVMs_LCC_inline.h b/csgo-loader/shared/include/SecureEngineCustomVMs_LCC_inline.h index 1aca4d9..1aca4d9 100644 --- a/csgo-loader/themida-sdk/include/SecureEngineCustomVMs_LCC_inline.h +++ b/csgo-loader/shared/include/SecureEngineCustomVMs_LCC_inline.h diff --git a/csgo-loader/themida-sdk/include/SecureEngineCustomVMs_VC_inline.h b/csgo-loader/shared/include/SecureEngineCustomVMs_VC_inline.h index c604bcc..c604bcc 100644 --- a/csgo-loader/themida-sdk/include/SecureEngineCustomVMs_VC_inline.h +++ b/csgo-loader/shared/include/SecureEngineCustomVMs_VC_inline.h diff --git a/csgo-loader/themida-sdk/include/ThemidaSDK.h b/csgo-loader/shared/include/ThemidaSDK.h index 01aaa92..14bd9d9 100644 --- a/csgo-loader/themida-sdk/include/ThemidaSDK.h +++ b/csgo-loader/shared/include/ThemidaSDK.h @@ -68,18 +68,6 @@ #include "SecureEngineCustomVMs.h"
-
-// ***********************************************
-// Link with correct platform library
-// ***********************************************
-
-#ifdef PLATFORM_X64
- #pragma comment(lib, "SecureEngineSDK64.lib")
-#else
- #pragma comment(lib, "SecureEngineSDK32.lib")
-#endif
-
-
// ***********************************************
// Definition of macros as function names
// ***********************************************
diff --git a/csgo-loader/shared/lib/MinHook.lib b/csgo-loader/shared/lib/MinHook.lib Binary files differnew file mode 100644 index 0000000..1eb2f85 --- /dev/null +++ b/csgo-loader/shared/lib/MinHook.lib diff --git a/csgo-loader/themida-sdk/lib/SecureEngineSDK64.lib b/csgo-loader/shared/lib/SecureEngine.lib Binary files differindex 6adc57c..6adc57c 100644 --- a/csgo-loader/themida-sdk/lib/SecureEngineSDK64.lib +++ b/csgo-loader/shared/lib/SecureEngine.lib diff --git a/csgo-loader/themida-sdk/lib/SecureEngineSDK32.lib b/csgo-loader/themida-sdk/lib/SecureEngineSDK32.lib Binary files differdeleted file mode 100644 index 07bdef1..0000000 --- a/csgo-loader/themida-sdk/lib/SecureEngineSDK32.lib +++ /dev/null diff --git a/csgo-loader/to-do list.txt b/csgo-loader/to-do list.txt new file mode 100644 index 0000000..00f05ef --- /dev/null +++ b/csgo-loader/to-do list.txt @@ -0,0 +1,118 @@ +// todo:
+// add .text hash checking, DbgUiRemoteBreakIn, DbgBreakPoint hooks
+// hook recv/send on server, check if return address is valid
+// (also check commonly abused functions for hooks)
+// make release mode use themida macros :^)
+SecurityWrapper
+{
+ Start( ) // Dispatch security thread to periodically check for blacklisted processes.
+ Patch( ) // Bytepatch often abused functions to call ExitProcess directly.
+ Check( ) // Check if dummy functions have been bytepatched (OpenProcess, WriteProcessMemory, VirtualQuery)
+}
+
+// todo:
+// make shellcode jump out to custom address (pass cheat header to it)
+// cheat itself will be invoked via TLS callback
+RemoteCodeClient { }
+RemoteCodeServer { }
+
+
+// todo:
+// get this finished off tomorrow along with HWID
+RemoteInjectionServer
+{
+ // Receive hash of selected cheat.
+ // Reply with size of image to allocate.
+ ByteArray Start( ByteArray &Response )
+
+ // Receive client header, send over list of imported functions
+ ByteArray TransactionStart( ByteArray &Response )
+
+ // Receive list of modules & export addresses
+ ByteArray TransactionContinue
+}
+
+RemoteInjectionClient
+{
+ // Select process name, prepare list of modules to load
+ // Send the hash of the cheat we want to load to server.
+ ByteArray Start( )
+
+ // Wait for the process to be ready, with optional timeout.
+ bool WaitForTransactionStart( uint32_t Timeout = UINT_MAX )
+
+ // Receive size of image to allocate, response is the client header.
+ ByteArray TransactionStart( ByteArray &Response )
+
+ // Receive list of imported functions to the requested DLL.
+ // Send over list of modules and their addresses to server
+ ByteArray TransactionContinue( ByteArray &Response )
+
+ // Receive final module to allocate.
+ // Write the file to the process.
+ bool TransactionCommit( ByteArray &Response )
+
+ RemoteServerHeader GetExecutionHeader()
+}
+
+// this section will be posted on forums:
+[000F:xxxxxxxx]
+The following error code indicates a critical loader failure.
+Please ensure that Windows Firewall is allowing the loader to communicate over the Internet,
+the Operating System you're using is supported and that no anti-virus software is blocking the loader.
+
+[000F:00001A00]
+[000F:00001B00]
+Your operating system is not supported.
+
+Only 64-bit versions of Windows 8, 8.1 and 10 are officially supported by the loader.
+
+[000F:00002A00]
+There was an issue connecting to the loader backend.
+
+This could be due to numerous reasons, most usually it would be Windows Firewall blocking the client.
+
+[000F:00002B00]
+The server decided to drop your connection.
+
+Please make sure you are not running any blacklisted programs.
+
+[00DF:xxxxxxxx]
+There was an error with accessing a process.
+
+Please make sure that anti-virus software is not blocking the loader.
+
+[00DF:00001C00]
+[00DF:00002C00]
+The integrity check on the process has failed.
+
+Please make sure that the copy of the game is up to date and that you are not running any software
+that could be tampering with the game's execution flow.
+
+[000A:xxxxxxxx]
+The following error indicated that your client is either corrupted or outdated.
+The error might appear if the loader is undergoing maintenance.
+
+If the problem persists, please download the latest version from here.
+
+[0005:xxxxxxxx]
+The server does not recognize your subscription as valid.
+
+This could be due to numerous factors including:
+ - You do not have a subscription.
+ - You have attempted to tamper with the loader.
+ - Your machine is infected with malware that triggered a loader integrity check.
+ - You have another account on the same IP address/hardware ID.
+
+To trouble-shoot this issue, try changing your password on the forums to force a database update.
+
+If the issue persists, contact an administator.
+
+[000C:xxxxxxxx]
+The server does not recognize your credentials as valid.
+
+To trouble-shoot this issue, please take note of the following:
+ - CAPS LOCK is not parsed as valid input by the loader.
+ - Pressing TAB will insert a character into the text input field.
+
+If the issue persists, contact an administrator.
\ No newline at end of file |