From a5acd4c9a3b24c9d5af3a8f504e5af053fa7fa09 Mon Sep 17 00:00:00 2001
From: boris <wzn@moneybot.cc>
Date: Thu, 20 Dec 2018 21:38:04 +1300
Subject: yo is this loss

---
 .../csgo-client/RemoteCode/RemoteCodeClient.cpp    |   1 +
 .../csgo-client/RemoteCode/RemoteCodeClient.hpp    |   6 ++
 .../RemoteCode/RemoteInjectionClient.cpp           |   1 +
 .../RemoteCode/RemoteInjectionClient.hpp           |   6 ++
 .../csgo-client/RemoteCode/RemoteProcess.cpp       | 118 +++++++++++++++------
 .../csgo-client/RemoteCode/RemoteProcess.hpp       |  49 +++++----
 6 files changed, 125 insertions(+), 56 deletions(-)
 create mode 100644 csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp
 create mode 100644 csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp
 create mode 100644 csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp
 create mode 100644 csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp

(limited to 'csgo-loader/csgo-client/RemoteCode')

diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp b/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp
new file mode 100644
index 0000000..7e6575b
--- /dev/null
+++ b/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp
@@ -0,0 +1 @@
+#include <RemoteCode/RemoteCodeClient.hpp> 
diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp b/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp
new file mode 100644
index 0000000..57f1499
--- /dev/null
+++ b/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp
@@ -0,0 +1,6 @@
+#pragma once
+
+namespace RemoteCode
+{
+	
+}
\ No newline at end of file
diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp b/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp
new file mode 100644
index 0000000..d142264
--- /dev/null
+++ b/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp
@@ -0,0 +1 @@
+#include <RemoteCode/RemoteInjectionClient.hpp> 
diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp b/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp
new file mode 100644
index 0000000..57f1499
--- /dev/null
+++ b/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp
@@ -0,0 +1,6 @@
+#pragma once
+
+namespace RemoteCode
+{
+	
+}
\ No newline at end of file
diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp b/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp
index 7397c7d..969f907 100644
--- a/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp
+++ b/csgo-loader/csgo-client/RemoteCode/RemoteProcess.cpp
@@ -1,47 +1,99 @@
 #include <RemoteCode/RemoteProcess.hpp>
 
-namespace RemoteCode {
+namespace RemoteCode
+{
 	// RemoteModule implementation
-	RemoteModule::RemoteModule(HANDLE Module, RemoteProcess &Process) :
-		m_Module(Module) {
-		// Read information about module.
-		MODULEINFO ModuleInfo{};
-		if(!K32GetModuleInformation(Process, (HMODULE)Module, &ModuleInfo, sizeof ModuleInfo))
-			return;
-
-		// Read module data.
-		m_ModuleData.reserve(ModuleInfo.SizeOfImage);
-		Process.Read(ModuleInfo.lpBaseOfDll, m_ModuleData.data(), m_ModuleData.size());
-	}
+	RemoteModule::RemoteModule(HANDLE Module) :
+		m_Module(Module) {}
 
-	uintptr_t RemoteModule::Scan(ByteArray &Data) {
-		if(m_ModuleData.empty())
-			return uintptr_t{};
+	// RemoteProcess implementation
+	bool RemoteProcess::Start(const char *ProcessName)
+	{
+		void *Toolhelp = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
 
-		// We have a valid file (?)
-		uint8_t *Buffer = m_ModuleData.data();
+		if(!Toolhelp)
+			return false;
 
-		if(!Buffer || *(uint16_t *)Buffer != IMAGE_DOS_SIGNATURE)
-			return uintptr_t{};
+		PROCESSENTRY32 ProcessEntry{};
+		ProcessEntry.dwSize = sizeof PROCESSENTRY32;
 
-		// Read PE information.
-		IMAGE_DOS_HEADER *DosHeader = (IMAGE_DOS_HEADER *)Buffer;
-		IMAGE_NT_HEADERS *NtHeaders = (IMAGE_NT_HEADERS *)(Buffer + DosHeader->e_lfanew);
+		if(!Process32First(Toolhelp, &ProcessEntry))
+			return false;
 
-		if(NtHeaders->Signature != IMAGE_NT_SIGNATURE)
-			return uintptr_t{};
+		while(Process32Next(Toolhelp, &ProcessEntry))
+		{
+			if(strstr(ProcessName, ProcessEntry.szExeFile))
+			{
+				CloseHandle(Toolhelp);
 
-		// Find signature.
-		ByteArray::iterator Iterator = std::search(
-			m_ModuleData.begin(),
-			m_ModuleData.end(),
-			Data.begin(),
-			Data.end()
-		);
+				// swoo
+				m_ProcessId = ProcessEntry.th32ProcessID;
+				m_Process = OpenProcess(PROCESS_ALL_ACCESS, false, ProcessEntry.th32ProcessID);
+				return true;
+			}
+		}
 
-		return (uintptr_t)std::distance(m_ModuleData.begin(), Iterator);
+		CloseHandle(Toolhelp);
+		return false;
 	}
 
-	// RemoteProcess implementation
+	void RemoteProcess::ReadMemoryWrapper_Internal(void *Address, void *Data, size_t SizeOfData)
+	{
+		static auto ZwReadVirtualMemory = Syscalls->Find<long(__stdcall *)(void *, void *, void *, size_t, void *)>(FNV("ZwReadVirtualMemory"));
+		ZwReadVirtualMemory(m_Process, Address, Data, SizeOfData, nullptr);
+	}
+
+	void RemoteProcess::WriteMemoryWrapper_Internal(void *Address, void *Data, size_t SizeOfData)
+	{
+		static auto ZwWriteVirtualMemory = Syscalls->Find<long(__stdcall *)(void *, void *, void *, size_t, void *)>(FNV("ZwWriteVirtualMemory"));
+		ZwWriteVirtualMemory(m_Process, Address, Data, SizeOfData, nullptr);
+	}
 
+	void *RemoteProcess::Allocate(size_t AllocationSize)
+	{
+		void *AllocationAddress = nullptr;
+		static auto ZwAllocateVirtualMemory = Syscalls->Find<long(__stdcall *)(void *, void *, uint32_t, size_t *, uint32_t, uint32_t)>(FNV("ZwAllocateVirtualMemory"));
+		
+		// :b:invoke the :b:unction :b:oi
+		NTSTATUS Status = ZwAllocateVirtualMemory(
+			m_Process,
+			&AllocationAddress,
+			0,
+			&AllocationSize,
+			MEM_COMMIT | MEM_RESERVE,
+			PAGE_EXECUTE_READWRITE
+		);
+
+		if(!NT_SUCCESS(Status))
+			return nullptr;
+
+		return AllocationAddress;
+	}
+
+	RemoteModule RemoteProcess::FindModule(const char *ModuleName)
+	{
+		void *Toolhelp = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, m_ProcessId);
+		
+		if(!Toolhelp)
+			return RemoteModule{};
+		
+		MODULEENTRY32 ModuleEntry{};
+		ModuleEntry.dwSize = sizeof MODULEENTRY32;
+		
+		if(!Module32First(Toolhelp, &ModuleEntry))
+			return RemoteModule{};
+		
+		while(Module32Next(Toolhelp, &ModuleEntry))
+		{
+			printf("%s\n", ModuleEntry.szModule);
+			if(strstr(ModuleEntry.szModule, ModuleName))
+			{
+				CloseHandle(Toolhelp);
+				return RemoteModule(ModuleEntry.hModule);
+			}
+		}
+		
+		CloseHandle(Toolhelp);
+		return RemoteModule{};
+	}
 }
\ No newline at end of file
diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteProcess.hpp b/csgo-loader/csgo-client/RemoteCode/RemoteProcess.hpp
index b1c716b..d86ecfa 100644
--- a/csgo-loader/csgo-client/RemoteCode/RemoteProcess.hpp
+++ b/csgo-loader/csgo-client/RemoteCode/RemoteProcess.hpp
@@ -2,35 +2,32 @@
 
 #include <windows.h>
 #include <psapi.h>
+#include <tlhelp32.h>
 
 #include <Security/FnvHash.hpp>
 #include <Security/SyscallManager.hpp>
 
-namespace RemoteCode {
+namespace RemoteCode
+{
 	// The module wrapper.
 	class RemoteProcess;
-	class RemoteModule {
+	class RemoteModule
+	{
 		HANDLE  m_Module;
-		int32_t m_SizeOfModule;
-		
-		// All the module data will be read upon class initialisation.
-		ByteArray m_ModuleData;
 
 	public:
-		// The constructor (reads all module data into m_ModuleData).
-		RemoteModule(HANDLE Module, RemoteProcess &Process);
-
-		// TODO: Add support for wild-cards (not currently implemented)
-		uintptr_t Scan(ByteArray &Pattern);
+		RemoteModule() = default;
+		RemoteModule(HANDLE Module);
+		~RemoteModule() { CloseHandle(m_Module); }
 
 		// Allow us to access the module by just passing the
 		// handle as a parameter.
 		operator HANDLE() { return m_Module; }
-		operator HINSTANCE() { return (HINSTANCE)m_Module; }
 	};
 
 	// The process wrapper.
-	class RemoteProcess {
+	class RemoteProcess
+	{
 		HANDLE	m_Process;
 		int32_t	m_ProcessId;
 
@@ -42,12 +39,14 @@ namespace RemoteCode {
 		RemoteProcess() = default;
 
 		// For portability, will ignore exceptions.
-		RemoteProcess(const char *ProcessName) {
+		RemoteProcess(const char *ProcessName)
+		{
 			Start(ProcessName);
 		}
 
 		// Release the handle when the process goes out of scope.
-		~RemoteProcess() {
+		~RemoteProcess()
+		{
 			if(m_Process)
 				CloseHandle(m_Process);
 		}
@@ -57,25 +56,29 @@ namespace RemoteCode {
 
 		// Writes to the process memory.
 		template <typename T>
-		void Write(void *Address, T Data) {
+		void Write(void *Address, T Data)
+		{
 			WriteMemoryWrapper_Internal(Address, (void *)&Data, sizeof T);
 		}
 
-		void Write(void *Address, uint8_t *Data, size_t SizeOfData) {
-			WriteMemoryWrapper_Internal(Address, (void *)Data, SizeOfData);
+		void Write(void *Address, uint8_t *Data, size_t SizeOfData)
+		{
+			WriteMemoryWrapper_Internal(Address, (void *)&Data, SizeOfData);
 		}
-	
+
 		// Reads from the process memory.
 		template <typename T>
-		T Read(void *Address) {
+		T Read(void *Address)
+		{
 			T Buffer{};
 			ReadMemoryWrapper_Internal(Address, (void *)&Buffer, sizeof T);
-		
+
 			return Buffer;
 		}
 
-		void Read(void *Address, uint8_t *Data, size_t SizeOfData) {
-			ReadMemoryWrapper_Internal(Address, (void *)Data, SizeOfData);
+		void Read(void *Address, uint8_t *Data, size_t SizeOfData)
+		{
+			ReadMemoryWrapper_Internal(Address, &Data, SizeOfData);
 		}
 
 		// Allocates a memory region in the process.
-- 
cgit v1.2.3