From bdb6ac5f940008bcd836e3c5f0a708f4b8f04865 Mon Sep 17 00:00:00 2001
From: boris <wzn@moneybot.cc>
Date: Sat, 29 Dec 2018 20:59:57 +1300
Subject: protection shit

---
 .../csgo-client/Security/SyscallManager.cpp        | 35 +++++++++++-----------
 1 file changed, 18 insertions(+), 17 deletions(-)

(limited to 'csgo-loader/csgo-client/Security/SyscallManager.cpp')

diff --git a/csgo-loader/csgo-client/Security/SyscallManager.cpp b/csgo-loader/csgo-client/Security/SyscallManager.cpp
index bab2d5f..871b593 100644
--- a/csgo-loader/csgo-client/Security/SyscallManager.cpp
+++ b/csgo-loader/csgo-client/Security/SyscallManager.cpp
@@ -46,15 +46,15 @@ namespace Wrapper
 	}
 
 	// Stolen :-)
-	uint64_t SyscallManager::GetRawOffsetByRva(IMAGE_SECTION_HEADER *SectionHeader, uint64_t Sections, uint64_t FileSize, uint64_t Rva)
+	uintptr_t SyscallManager::GetRawOffsetByRva(IMAGE_SECTION_HEADER *SectionHeader, uintptr_t Sections, uintptr_t FileSize, uintptr_t Rva)
 	{
 		IMAGE_SECTION_HEADER *Header = GetSectionByRva(SectionHeader, Sections, Rva);
 
 		if(!Header)
 			return 0;
 
-		uint64_t Delta = Rva - Header->VirtualAddress;
-		uint64_t Offset = Header->PointerToRawData + Delta;
+		uintptr_t Delta  = Rva - Header->VirtualAddress;
+		uintptr_t Offset = Header->PointerToRawData + Delta;
 
 		// Sanity check, otherwise this would crash on versions below Windows 10...
 		// for whatever reason..
@@ -64,14 +64,14 @@ namespace Wrapper
 		return Offset;
 	}
 
-	IMAGE_SECTION_HEADER *SyscallManager::GetSectionByRva(IMAGE_SECTION_HEADER *SectionHeader, uint64_t Sections, uint64_t Rva)
+	IMAGE_SECTION_HEADER *SyscallManager::GetSectionByRva(IMAGE_SECTION_HEADER *SectionHeader, uintptr_t Sections, uintptr_t Rva)
 	{
 		IMAGE_SECTION_HEADER *Header = SectionHeader;
 
 		for(size_t i{}; i < Sections; ++i, ++Header)
 		{
-			uint64_t VirtualAddress = Header->VirtualAddress;
-			uint64_t AddressBounds = VirtualAddress + Header->SizeOfRawData;
+			uintptr_t VirtualAddress = Header->VirtualAddress;
+			uintptr_t AddressBounds  = VirtualAddress + Header->SizeOfRawData;
 
 			if(Rva >= VirtualAddress && Rva < AddressBounds)
 				return Header;
@@ -91,8 +91,8 @@ namespace Wrapper
 		if(Ntdll.empty())
 			return false;
 
-		uint8_t  *Buffer = Ntdll.data();
-		uint64_t  FileSize = Ntdll.size();
+		uint8_t  *Buffer   = Ntdll.data();
+		size_t    FileSize = Ntdll.size();
 
 		// Ghetto check to see if the file is a valid PE.
 		if(*(uint16_t*)Buffer != IMAGE_DOS_SIGNATURE)
@@ -110,9 +110,9 @@ namespace Wrapper
 		if(!SectionHeader)
 			return false;
 
-		uint64_t ExportRva = NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
-		uint64_t ExportSize = NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
-		uint64_t ExportRaw = GetRawOffsetByRva(SectionHeader, SectionCount, FileSize, ExportRva);
+		uintptr_t ExportRva  = NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
+		uintptr_t ExportSize = NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
+		uintptr_t ExportRaw  = GetRawOffsetByRva(SectionHeader, SectionCount, FileSize, ExportRva);
 
 		if(!ExportRva || !ExportSize || !ExportRaw)
 			return false;
@@ -121,8 +121,8 @@ namespace Wrapper
 		IMAGE_EXPORT_DIRECTORY *ExportDirectory = (IMAGE_EXPORT_DIRECTORY *)(Buffer + ExportRaw);
 
 		uint32_t *Functions = (uint32_t *)GetRvaPointer(ExportDirectory->AddressOfFunctions);
-		uint16_t *Ordinals = (uint16_t *)GetRvaPointer(ExportDirectory->AddressOfNameOrdinals);
-		uint32_t *Names = (uint32_t *)GetRvaPointer(ExportDirectory->AddressOfNames);
+		uint16_t *Ordinals  = (uint16_t *)GetRvaPointer(ExportDirectory->AddressOfNameOrdinals);
+		uint32_t *Names     = (uint32_t *)GetRvaPointer(ExportDirectory->AddressOfNames);
 
 		if(!Functions || !Ordinals || !Names)
 			return false;
@@ -130,11 +130,11 @@ namespace Wrapper
 		// Loop each exported symbol.
 		for(uint32_t n{}; n < ExportDirectory->NumberOfNames; ++n)
 		{
-			uint32_t NameRva = Names[n];
+			uint32_t NameRva     = Names[n];
 			uint32_t FunctionRva = Functions[Ordinals[n]];
 
-			uint64_t NameRawOffset = GetRawOffsetByRva(SectionHeader, SectionCount, FileSize, NameRva);
-			uint64_t FunctionRawOffset = GetRawOffsetByRva(SectionHeader, SectionCount, FileSize, FunctionRva);
+			uintptr_t NameRawOffset     = GetRawOffsetByRva(SectionHeader, SectionCount, FileSize, NameRva);
+			uintptr_t FunctionRawOffset = GetRawOffsetByRva(SectionHeader, SectionCount, FileSize, FunctionRva);
 
 			// We've found a syscall.
 			uint8_t *Opcodes = (uint8_t *)(Buffer + FunctionRawOffset);
@@ -143,7 +143,8 @@ namespace Wrapper
 			{
 				uint32_t SyscallIndex = *(uint32_t *)(Buffer + FunctionRawOffset + 4);
 
-				char *SyscallName = (char *)(Buffer + NameRawOffset);
+				// Get hash of syscall name.
+				char	*SyscallName     = (char *)(Buffer + NameRawOffset);
 				uint64_t SyscallNameHash = fnv::hash_runtime(SyscallName);
 
 				// Emplace the syscall in the syscall map.
-- 
cgit v1.2.3