From 4db29589a61f2e7cb663c5734f911c02206c7997 Mon Sep 17 00:00:00 2001 From: boris Date: Wed, 9 Jan 2019 20:51:16 +1300 Subject: whole buncha shit FIXME: loader currently corrupts heap on injection because i am retarded --- .../csgo-client/Security/RuntimeSecurity.cpp | 113 +++++++++------------ 1 file changed, 50 insertions(+), 63 deletions(-) (limited to 'csgo-loader/csgo-client/Security/RuntimeSecurity.cpp') diff --git a/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp b/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp index 6054790..bfe45c5 100644 --- a/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp +++ b/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp @@ -92,9 +92,7 @@ namespace Security // Let's meme anyone who tries to reverse this. if(ReturnModule != LoaderModule) - { return []() { Protection->SecurityCallback(STR("Malicious activity [Tampering].")); return -1; }(); - } // Call original function return oWSARecv(Socket, Buffer, Length, Flags); @@ -115,9 +113,7 @@ namespace Security // Let's meme anyone who tries to reverse this. if(ReturnModule != LoaderModule) - { return []() { Protection->SecurityCallback(STR("Malicious activity [Tampering].")); return -1; }(); - } // Call original function return oWSASend(Socket, Buffer, Length, Flags); @@ -129,9 +125,9 @@ namespace Security /////////////////////////////////////////////////////////// // Sick macros, retard. -#define CreateMinHook() MH_STATUS Status; Status = MH_Initialize(); -#define CheckStatus() if(Status != MH_OK) { return false; } -#define SafeCallTo(Function) Status = Function; CheckStatus(); + #define CreateMinHook() MH_STATUS Status; Status = MH_Initialize(); + #define CheckStatus() if(Status != MH_OK) { return false; } + #define SafeCallTo(Function) Status = Function; CheckStatus(); #pragma optimize("", off) @@ -266,8 +262,6 @@ namespace Security for(auto &It : BlackListedWindows) { - // size_t Index = std::distance(...); - if(FindWindowA(It.first, It.second)) SecurityCallback(STR("Malicious activity [Debugging attempt].")); } @@ -291,7 +285,8 @@ namespace Security STR("NPF"), // WireShark / WinPCAP STR("acker"), // Process Hacker STR("CEDRI"), // Cheat Engine - //STR("VBox") // VirtualBox + STR("nHide"), // TitanHide + //STR("VBox") // VirtualBox }; static const char *BlackListReasons[] = { @@ -299,7 +294,8 @@ namespace Security STR("Please uninstall WireShark."), STR("Please close Process Hacker."), STR("Please close Cheat Engine."), - STR("Please uninstall VirtualBox.") + STR("Please uninstall TitanHide."), + //STR("Please uninstall VirtualBox.") }; uint16_t Length = sizeof BlackListedDrivers / sizeof(BlackListedDrivers[0]); @@ -357,14 +353,6 @@ namespace Security if(m_Identifier.m_SpecialMode[TEST_BUILD_MODE]) SecurityCallback(STR("Malicious activity [Plausible].")); - // Check if the file was unpacked. - //if(!VMProtectIsProtected()) - // SecurityCallback(STR("Malicious activity [Tampering].")); - - // Check if the image in memory was partially unpacked or patched. - //if(!VMProtectIsValidImageCRC()) - // SecurityCallback(STR("Malicious activity [Tampering].")); - // Don't put too much stress on the CPU. Sleep(1); } @@ -380,50 +368,49 @@ namespace Security constexpr uintptr_t KUSER_SHARED_DATA = 0x7FFE0000; - __forceinline uint64_t get_hdd_hash() { - STORAGE_PROPERTY_QUERY query{ }; - STORAGE_DESCRIPTOR_HEADER desc_header{ }; - STORAGE_DEVICE_DESCRIPTOR* device_descriptor{ }; - HANDLE device; - DWORD bytes_returned; - uint8_t* out_buffer; - - const wchar_t* device_path = L"\\??\\PhysicalDrive0"; - device = CreateFileA("\\\\.\\PhysicalDrive0", 0, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0); - if(!device) return uint64_t{ }; - - query.PropertyId = StorageDeviceProperty; - query.QueryType = PropertyStandardQuery; - - if(!DeviceIoControl(device, IOCTL_STORAGE_QUERY_PROPERTY, - &query, sizeof(STORAGE_PROPERTY_QUERY), - &desc_header, sizeof(STORAGE_DESCRIPTOR_HEADER), - &bytes_returned, 0)) { - return uint64_t{ }; - } - - out_buffer = new uint8_t[desc_header.Size]; - memset(out_buffer, 0, desc_header.Size); - - if(!DeviceIoControl(device, IOCTL_STORAGE_QUERY_PROPERTY, - &query, sizeof(STORAGE_PROPERTY_QUERY), - out_buffer, desc_header.Size, - &bytes_returned, 0)) { - delete[] out_buffer; - return uint64_t{ }; - } - - device_descriptor = (STORAGE_DEVICE_DESCRIPTOR*)out_buffer; - if(device_descriptor->SerialNumberOffset) { - std::string serial_num = reinterpret_cast( - out_buffer + device_descriptor->SerialNumberOffset); - - delete[] out_buffer; - CloseHandle(device); - return fnv::hash_runtime(serial_num.c_str()); - } - - return 0; + __forceinline uint64_t get_hdd_hash() { + STORAGE_PROPERTY_QUERY query{ }; + STORAGE_DESCRIPTOR_HEADER desc_header{ }; + STORAGE_DEVICE_DESCRIPTOR* device_descriptor{ }; + HANDLE device; + DWORD bytes_returned; + uint8_t* out_buffer; + + device = CreateFileA(STR("\\\\.\\PhysicalDrive0"), 0, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0); + if(!device) return uint64_t{ }; + + query.PropertyId = StorageDeviceProperty; + query.QueryType = PropertyStandardQuery; + + if(!DeviceIoControl(device, IOCTL_STORAGE_QUERY_PROPERTY, + &query, sizeof(STORAGE_PROPERTY_QUERY), + &desc_header, sizeof(STORAGE_DESCRIPTOR_HEADER), + &bytes_returned, 0)) { + return uint64_t{ }; + } + + out_buffer = new uint8_t[desc_header.Size]; + memset(out_buffer, 0, desc_header.Size); + + if(!DeviceIoControl(device, IOCTL_STORAGE_QUERY_PROPERTY, + &query, sizeof(STORAGE_PROPERTY_QUERY), + out_buffer, desc_header.Size, + &bytes_returned, 0)) { + delete[] out_buffer; + return uint64_t{ }; + } + + device_descriptor = (STORAGE_DEVICE_DESCRIPTOR*)out_buffer; + if(device_descriptor->SerialNumberOffset) { + std::string serial_num = reinterpret_cast( + out_buffer + device_descriptor->SerialNumberOffset); + + delete[] out_buffer; + CloseHandle(device); + return fnv::hash_runtime(serial_num.c_str()); + } + + return 0; } void RuntimeSecurity::SetupSystemIdentifier() -- cgit v1.2.3