From 0c194bc8046cb3ecb4e4d0577f36a1d3bde58d11 Mon Sep 17 00:00:00 2001 From: boris Date: Thu, 27 Dec 2018 22:42:05 +1300 Subject: bap --- .../csgo-client/RemoteCode/RemoteCodeClient.cpp | 37 ------------------- .../csgo-client/RemoteCode/RemoteCodeClient.hpp | 21 ----------- .../RemoteCode/RemoteInjectionClient.cpp | 42 ---------------------- .../RemoteCode/RemoteInjectionClient.hpp | 18 ---------- .../csgo-client/RemoteCode/RemoteProcess.cpp | 22 +++++++++--- 5 files changed, 17 insertions(+), 123 deletions(-) (limited to 'csgo-loader/csgo-client/RemoteCode') diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp b/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp index c62812b..5a42b6c 100644 --- a/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp +++ b/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp @@ -1,43 +1,6 @@ #include -// i kinda stopped caring at this point - namespace RemoteCode { - RemoteCodeParameters RemoteCodeClient::Start(RemoteProcess &Process) - { - // Copy over process. - m_Process = Process; - - // PSA: If the loader crashes CS:GO, this is most definitely the reason. - HANDLE ShaderApi = Process.FindModule("shaderapidx9.dll"); - void *D3D_DevicePtr = (void *)((uintptr_t)ShaderApi + 0xA3FC0); - - // Read the VTable. - // TODO: Check if process is 32-bit or 64-bit.... nah fuck that lol - void *D3D_VtablePtr = Process.Read(D3D_DevicePtr); - m_DirectX = Process.Read((void *)((uintptr_t)D3D_VtablePtr + 42 * 4)); - - RemoteCodeParameters Parameters{ - (uintptr_t)D3D_VtablePtr, - m_DirectX, - 0x00000000, - 0x00000000, - (uintptr_t)VirtualProtect - }; - - m_DirectX = (uintptr_t)D3D_VtablePtr; - - return Parameters; - } - - void RemoteCodeClient::Dispatch(ByteArray &Shellcode) - { - // Allocate and set-up shellcode. - void *AllocationBase = m_Process.Allocate(Shellcode.size()); - m_Process.Write(AllocationBase, Shellcode.data(), Shellcode.size()); - // Hijack D3D thread. - m_Process.Write((void *)(m_DirectX + 42 * 4), (uintptr_t)AllocationBase); - } } \ No newline at end of file diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp b/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp index 6794403..964d055 100644 --- a/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp +++ b/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp @@ -4,29 +4,8 @@ namespace RemoteCode { - struct RemoteCodeParameters - { - uintptr_t m_EndSceneVmt; // client - uintptr_t m_OriginalEndScene; // client - uintptr_t m_EntryPoint; // server - uintptr_t m_CheatHeader; // server (this can also be constant but hey..) - uintptr_t m_VirtualProtect; // client - }; - class RemoteCodeClient { - ByteArray m_Code; - RemoteProcess m_Process; - uintptr_t m_DirectX; - - public: - RemoteCodeClient() = default; - - // Send server the allocation address. - // This will also send the original and vmt address of endscene. - RemoteCodeParameters Start(RemoteProcess &Process); - // Allocate, write and then dispatch the shellcode. - void Dispatch(ByteArray &Shellcode); }; } \ No newline at end of file diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp b/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp index b8ff03d..01f52be 100644 --- a/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp +++ b/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp @@ -2,47 +2,5 @@ namespace RemoteCode { - // Select a game to inject the cheat for - bool RemoteInjectionClient::Start(UserExperience::SelectedGame Game) - { - if(Game >= UserExperience::SelectedGame::GAME_MAX) - return false; - // TODO: Add any other games :-) - switch(Game) - { - case UserExperience::SelectedGame::GAME_CSGO: - case UserExperience::SelectedGame::GAME_CSGO_BETA: - strcpy_s(m_ProcessName, "csgo.exe"); - break; - } - - return true; - } - - // Allocates a page in the game memory, which will be used to - // write and execute the DLL. - uintptr_t RemoteInjectionClient::AllocateImagePage(size_t SizeOfImage) - { - if(!m_Process) - return uintptr_t{}; - - // Allocate enough space to map the image - m_AllocationBase = m_Process.Allocate(SizeOfImage); - - return (uintptr_t)m_AllocationBase; - } - - // Initializes m_Process with the game process. - bool RemoteInjectionClient::OpenGameHandle() - { - return m_Process.Start(m_ProcessName); - } - - // Writes the cheat binary to the allocated page. - void RemoteInjectionClient::WriteToMap(ByteArray &CheatBin) - { - // is this loss? - m_Process.Write(m_AllocationBase, CheatBin.data(), CheatBin.size()); - } } \ No newline at end of file diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp b/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp index 5880174..6699a9e 100644 --- a/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp +++ b/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp @@ -7,24 +7,6 @@ namespace RemoteCode { class RemoteInjectionClient { - ByteArray m_Data; - RemoteProcess m_Process; - char m_ProcessName[64]; - void *m_AllocationBase; - public: - RemoteInjectionClient() = default; - - // Select a game to inject the cheat for - bool Start(UserExperience::SelectedGame Game); - - // Allocates a page in the game memory, which will be used to - // write and execute the DLL. - uintptr_t AllocateImagePage(size_t SizeOfImage); - - // Initializes m_Process with the game process. - bool OpenGameHandle(); - - void WriteToMap(ByteArray &CheatBin); }; } \ No newline at end of file diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp b/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp index 8d2509f..6893498 100644 --- a/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp +++ b/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp @@ -29,6 +29,10 @@ namespace RemoteCode // swoo m_ProcessId = ProcessEntry.th32ProcessID; m_Process = OpenProcess(PROCESS_ALL_ACCESS, false, ProcessEntry.th32ProcessID); + + if(!m_Process) + ERROR_ASSERT("[000G:%08x] There was an error with accessing a process.", GetLastError()); + return true; } } @@ -40,13 +44,19 @@ namespace RemoteCode void RemoteProcess::ReadMemoryWrapper_Internal(void *Address, void *Data, size_t SizeOfData) { static auto ZwReadVirtualMemory = Syscalls->Find(FNV("ZwReadVirtualMemory")); - ZwReadVirtualMemory(m_Process, Address, Data, SizeOfData, nullptr); + NTSTATUS Status = ZwReadVirtualMemory(m_Process, Address, Data, SizeOfData, nullptr); + + if(NT_ERROR(Status)) + ERROR_ASSERT("[00DF:%08x] There was an error with accessing a process.", Status); } void RemoteProcess::WriteMemoryWrapper_Internal(void *Address, void *Data, size_t SizeOfData) { static auto ZwWriteVirtualMemory = Syscalls->Find(FNV("ZwWriteVirtualMemory")); - ZwWriteVirtualMemory(m_Process, Address, Data, SizeOfData, nullptr); + NTSTATUS Status = ZwWriteVirtualMemory(m_Process, Address, Data, SizeOfData, nullptr); + + if(NT_ERROR(Status)) + ERROR_ASSERT("[00DF:%08x] There was an error with accessing a process.", Status); } void *RemoteProcess::Allocate(size_t AllocationSize) @@ -64,8 +74,8 @@ namespace RemoteCode PAGE_EXECUTE_READWRITE ); - if(!NT_SUCCESS(Status)) - return nullptr; + if(NT_ERROR(Status)) + ERROR_ASSERT("[00DF:%08x] There was an error with accessing a process.", Status); return AllocationAddress; } @@ -85,9 +95,11 @@ namespace RemoteCode while(Module32Next(Toolhelp, &ModuleEntry)) { - //printf("%s\n", ModuleEntry.szModule); if(strstr(ModuleEntry.szModule, ModuleName)) { + if(!ModuleEntry.hModule) + ERROR_ASSERT("[00DF:00001C00] An integrity check failed."); + CloseHandle(Toolhelp); return RemoteModule(ModuleEntry.hModule); } -- cgit v1.2.3