From 3d412a4b30a9f7c7f51ea6562e694315948bd3da Mon Sep 17 00:00:00 2001 From: boris Date: Wed, 28 Nov 2018 16:00:02 +1300 Subject: cleaned up in short, the cheat and loader are now separate solutions. unused stuff was moved into the legacy solution in case anyone wants to compile it or whatever. i can change this back if you want to. also, i configured the loader to compile in x64, and have separate build types for linux and win64 --- cheat/internal_rewrite/wipe.hpp | 70 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 cheat/internal_rewrite/wipe.hpp (limited to 'cheat/internal_rewrite/wipe.hpp') diff --git a/cheat/internal_rewrite/wipe.hpp b/cheat/internal_rewrite/wipe.hpp new file mode 100644 index 0000000..dfb72a8 --- /dev/null +++ b/cheat/internal_rewrite/wipe.hpp @@ -0,0 +1,70 @@ +#pragma once + +#include "util.hpp" +#include + +#ifdef HEADER_MODULE + #define EXPAND( x,y )x##y + + #define BEGIN___( MARKER_BEGIN )MARKER_BEGIN: + + #define DEL_END___( MARKER_BEGIN, MARKER_END )__asm { __asm PUSH MARKER_END __asm PUSH MARKER_BEGIN __asm CALL antidebug::erase } \ + MARKER_END: + + #define BEGIN__( x, y ) BEGIN___( EXPAND2( MARKER_BEGIN_, x, y ) ) + #define END__( x, y ) DEL_END___( EXPAND2( MARKER_BEGIN_, x, y ), EXPAND2( MARKER_END_, x, y ) ) + + #define DELETE_START( x ) BEGIN___( EXPAND( MARKER_BEGIN_, x ) ) + #define DELETE_END( x ) DEL_END___( EXPAND( MARKER_BEGIN_, x ), EXPAND( MARKER_END_, x ) ) +#else + #define DELETE_START( x ) + #define DELETE_END( x ) +#endif + +namespace antidebug +{ + static void __stdcall erase( uintptr_t start, uintptr_t end ) { + uintptr_t size = end - start; + + DWORD protection_flag{ }; + VirtualProtect( ( void* )start, size, PAGE_EXECUTE_READWRITE, &protection_flag ); + + for( unsigned int i = 0; i < size; i++ ) { + int random = rand( ) % 0x90; + memset( ( void* )( start + i ), random, 1 ); + } + + VirtualProtect( ( void* )start, size, protection_flag, &protection_flag ); + } + + static void fuck_skids( ) { + DELETE_START( 0 ); + // stop most debuggers from working as breakpoint is patched to exit process call + + ulong_t old_protection = 0; + + uintptr_t exit_process = ( uintptr_t )GetProcAddress( GetModuleHandleA( xors( "kernel32.dll" ) ), xors( "ExitProcess" ) ); + uintptr_t dbg_ui_remote_breakin = ( uintptr_t )GetProcAddress( GetModuleHandleA( xors( "ntdll.dll" ) ), xors( "DbgUiRemoteBreakin" ) ); + uintptr_t dbg_break_point = ( uintptr_t )GetProcAddress( GetModuleHandleA( xors( "ntdll.dll" ) ), xors( "DbgBreakPoint" ) ); + + // fuck DbgUiRemoteBreakin + VirtualProtect( ( void* )dbg_ui_remote_breakin, 6, PAGE_EXECUTE_READWRITE, &old_protection ); + + *( uint8_t* )( dbg_ui_remote_breakin ) = 0x68; // push + *( uintptr_t* )( dbg_ui_remote_breakin + 1 ) = exit_process; + *( uint8_t* )( dbg_ui_remote_breakin + 5 ) = 0xC3; // ret + + VirtualProtect( ( void* )dbg_ui_remote_breakin, 6, old_protection, &old_protection ); + + // fuck DbgBreakPoint + VirtualProtect( ( void* )dbg_break_point, 6, PAGE_EXECUTE_READWRITE, &old_protection ); + + *( uint8_t* )( dbg_break_point ) = 0x68; // push + *( uintptr_t* )( dbg_break_point + 1 ) = exit_process; + *( uint8_t* )( dbg_break_point + 5 ) = 0xC3; // ret + + VirtualProtect( ( void* )dbg_break_point, 6, old_protection, &old_protection ); + + DELETE_END( 0 ); + } +} \ No newline at end of file -- cgit v1.2.3