From 4db29589a61f2e7cb663c5734f911c02206c7997 Mon Sep 17 00:00:00 2001 From: boris Date: Wed, 9 Jan 2019 20:51:16 +1300 Subject: whole buncha shit FIXME: loader currently corrupts heap on injection because i am retarded --- csgo-loader/csgo-client/Client.cpp | 55 +++++++++++++++++++++----------------- 1 file changed, 31 insertions(+), 24 deletions(-) (limited to 'csgo-loader/csgo-client/Client.cpp') diff --git a/csgo-loader/csgo-client/Client.cpp b/csgo-loader/csgo-client/Client.cpp index 05ceb0b..d7b266f 100644 --- a/csgo-loader/csgo-client/Client.cpp +++ b/csgo-loader/csgo-client/Client.cpp @@ -1,23 +1,11 @@ #include /* - TODO: - - Finish off shellcode execution wrapper: - - The shellcode can be executed via two ways - - Either the code is mapped and called via CreateRemoteThread (allows custom param) - - or the code is mapped and called via DX9 (does not allow custom param) - - This will probably be the easiest thing to do. - --nave note: you don't need any custom params it's entirely pointless, we can use a wiped PE header to pass all the data we need plus passing shit via dllmain is too obvious anyway, dumb idea - - Finish off injection wrapper: - - Allocate every memory page as a bunch of consecutive 4kb sections (in order to fuck with people trying to dump) - - - Have the loader inject a .DLL :^) - --nave note 2: what you haven't done and what will completely fuck us up if anyone competent gets the loader: loading the binary directly via the loader itself is completely stupid and unreasonable @@ -46,11 +34,7 @@ int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow) Utils::OpenConsole(); ); - /////////////////////////////////////////////////////////////// - - //VMProtectBeginMutation("EntryPoint"); - - /////////////////////////////////////////////////////////////// + ////////////////////////////////////////////////////////////////////////////////////////// // Create a thread to handle UI. std::thread WindowThread([] @@ -64,6 +48,8 @@ int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow) while(!UserInterface->m_Data.m_Ready) { Sleep(1); } + ////////////////////////////////////////////////////////////////////////////////////////// + // Initialize the syscall manager. if(!Syscalls->Start()) ERROR_ASSERT(STR("[000F:00001B00] Failed to initialize. Please contact an administrator.")); @@ -80,11 +66,20 @@ int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow) printf("[DEBUG] Server IP: %08x\n", inet_addr("35.165.60.229")); ); + ////////////////////////////////////////////////////////////////////////////////////////// + + // Connect to server. Networking::TCPClientPtr Client = std::make_unique(); if(!Client->Start(LOCAL_IP, SERVER_PORT)) ERROR_ASSERT(STR("[000F:0002A000] Server closed the connection unexpectedly.")); + // Header for Client. + ByteArray Header{ 0x0A, 0x31, 0x42, 0x4D }; + Client->SendRawBytes(Header); + + ////////////////////////////////////////////////////////////////////////////////////////// + // Allow the user to input their log-in data. UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_LOG_IN; @@ -100,17 +95,29 @@ int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow) if(!LoginTransaction.TranslateResponse(LoginResponse)) ExitProcess(0); - // Allow the user to choose a cheat to inject. - UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_CHOOSE; + // Echo back to server. + Client->SendBytes(LoginResponse); + + ////////////////////////////////////////////////////////////////////////////////////////// + + // Receive loader module. + ByteArray LdrModule = Client->ReceiveBytes(); + + // Map loader module. + RemoteCode::RemoteProcess Process; - // TODO: Add game selection. - while(1) { if(GetAsyncKeyState(VK_END) & 0x8000) break; Sleep(1); } + if(!Process.Start(STR("explorer.exe"))) + ExitProcess(0); - /////////////////////////////////////////////////////////////// + RemoteCode::RemoteMapper Mapper; - //VMProtectEnd(); + if(!Mapper.Start(Process)) + ExitProcess(0); - /////////////////////////////////////////////////////////////// + if(!Mapper.WriteCodeToMap(LdrModule)) + ExitProcess(0); + + Mapper.ExecuteCodeFromMap(); } #pragma optimize("", on) \ No newline at end of file -- cgit v1.2.3