From ace9ae2117175dfe5e14b259db2e0536f8ec7a8a Mon Sep 17 00:00:00 2001 From: boris Date: Mon, 24 Dec 2018 20:39:09 +1300 Subject: fffffffff --- .../csgo-client/RemoteCode/RemoteCodeClient.cpp | 42 +++++++++++++++++++ .../csgo-client/RemoteCode/RemoteCodeClient.hpp | 28 ++++++++++++- .../RemoteCode/RemoteInjectionClient.cpp | 47 ++++++++++++++++++++++ .../RemoteCode/RemoteInjectionClient.hpp | 26 +++++++++++- .../csgo-client/RemoteCode/RemoteProcess.hpp | 3 ++ 5 files changed, 144 insertions(+), 2 deletions(-) (limited to 'csgo-loader/csgo-client/RemoteCode') diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp b/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp index 7e6575b..c62812b 100644 --- a/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp +++ b/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.cpp @@ -1 +1,43 @@ #include + +// i kinda stopped caring at this point + +namespace RemoteCode +{ + RemoteCodeParameters RemoteCodeClient::Start(RemoteProcess &Process) + { + // Copy over process. + m_Process = Process; + + // PSA: If the loader crashes CS:GO, this is most definitely the reason. + HANDLE ShaderApi = Process.FindModule("shaderapidx9.dll"); + void *D3D_DevicePtr = (void *)((uintptr_t)ShaderApi + 0xA3FC0); + + // Read the VTable. + // TODO: Check if process is 32-bit or 64-bit.... nah fuck that lol + void *D3D_VtablePtr = Process.Read(D3D_DevicePtr); + m_DirectX = Process.Read((void *)((uintptr_t)D3D_VtablePtr + 42 * 4)); + + RemoteCodeParameters Parameters{ + (uintptr_t)D3D_VtablePtr, + m_DirectX, + 0x00000000, + 0x00000000, + (uintptr_t)VirtualProtect + }; + + m_DirectX = (uintptr_t)D3D_VtablePtr; + + return Parameters; + } + + void RemoteCodeClient::Dispatch(ByteArray &Shellcode) + { + // Allocate and set-up shellcode. + void *AllocationBase = m_Process.Allocate(Shellcode.size()); + m_Process.Write(AllocationBase, Shellcode.data(), Shellcode.size()); + + // Hijack D3D thread. + m_Process.Write((void *)(m_DirectX + 42 * 4), (uintptr_t)AllocationBase); + } +} \ No newline at end of file diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp b/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp index 57f1499..6794403 100644 --- a/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp +++ b/csgo-loader/csgo-client/RemoteCode/RemoteCodeClient.hpp @@ -1,6 +1,32 @@ #pragma once +#include + namespace RemoteCode { - + struct RemoteCodeParameters + { + uintptr_t m_EndSceneVmt; // client + uintptr_t m_OriginalEndScene; // client + uintptr_t m_EntryPoint; // server + uintptr_t m_CheatHeader; // server (this can also be constant but hey..) + uintptr_t m_VirtualProtect; // client + }; + + class RemoteCodeClient + { + ByteArray m_Code; + RemoteProcess m_Process; + uintptr_t m_DirectX; + + public: + RemoteCodeClient() = default; + + // Send server the allocation address. + // This will also send the original and vmt address of endscene. + RemoteCodeParameters Start(RemoteProcess &Process); + + // Allocate, write and then dispatch the shellcode. + void Dispatch(ByteArray &Shellcode); + }; } \ No newline at end of file diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp b/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp index d142264..b8ff03d 100644 --- a/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp +++ b/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.cpp @@ -1 +1,48 @@ #include + +namespace RemoteCode +{ + // Select a game to inject the cheat for + bool RemoteInjectionClient::Start(UserExperience::SelectedGame Game) + { + if(Game >= UserExperience::SelectedGame::GAME_MAX) + return false; + + // TODO: Add any other games :-) + switch(Game) + { + case UserExperience::SelectedGame::GAME_CSGO: + case UserExperience::SelectedGame::GAME_CSGO_BETA: + strcpy_s(m_ProcessName, "csgo.exe"); + break; + } + + return true; + } + + // Allocates a page in the game memory, which will be used to + // write and execute the DLL. + uintptr_t RemoteInjectionClient::AllocateImagePage(size_t SizeOfImage) + { + if(!m_Process) + return uintptr_t{}; + + // Allocate enough space to map the image + m_AllocationBase = m_Process.Allocate(SizeOfImage); + + return (uintptr_t)m_AllocationBase; + } + + // Initializes m_Process with the game process. + bool RemoteInjectionClient::OpenGameHandle() + { + return m_Process.Start(m_ProcessName); + } + + // Writes the cheat binary to the allocated page. + void RemoteInjectionClient::WriteToMap(ByteArray &CheatBin) + { + // is this loss? + m_Process.Write(m_AllocationBase, CheatBin.data(), CheatBin.size()); + } +} \ No newline at end of file diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp b/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp index 57f1499..5880174 100644 --- a/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp +++ b/csgo-loader/csgo-client/RemoteCode/RemoteInjectionClient.hpp @@ -1,6 +1,30 @@ #pragma once +#include +#include + namespace RemoteCode { - + class RemoteInjectionClient + { + ByteArray m_Data; + RemoteProcess m_Process; + char m_ProcessName[64]; + void *m_AllocationBase; + + public: + RemoteInjectionClient() = default; + + // Select a game to inject the cheat for + bool Start(UserExperience::SelectedGame Game); + + // Allocates a page in the game memory, which will be used to + // write and execute the DLL. + uintptr_t AllocateImagePage(size_t SizeOfImage); + + // Initializes m_Process with the game process. + bool OpenGameHandle(); + + void WriteToMap(ByteArray &CheatBin); + }; } \ No newline at end of file diff --git a/csgo-loader/csgo-client/RemoteCode/RemoteProcess.hpp b/csgo-loader/csgo-client/RemoteCode/RemoteProcess.hpp index d86ecfa..a58320f 100644 --- a/csgo-loader/csgo-client/RemoteCode/RemoteProcess.hpp +++ b/csgo-loader/csgo-client/RemoteCode/RemoteProcess.hpp @@ -19,6 +19,9 @@ namespace RemoteCode RemoteModule() = default; RemoteModule(HANDLE Module); ~RemoteModule() { CloseHandle(m_Module); } + + // Fuck This , #Lol + //uintptr_t FindOccurence(const char *Pattern); // Allow us to access the module by just passing the // handle as a parameter. -- cgit v1.2.3