From 4db29589a61f2e7cb663c5734f911c02206c7997 Mon Sep 17 00:00:00 2001
From: boris <wzn@moneybot.cc>
Date: Wed, 9 Jan 2019 20:51:16 +1300
Subject: whole buncha shit

FIXME: loader currently corrupts heap on injection because i am retarded
---
 .../csgo-module/Security/SyscallManager.hpp        | 77 ++++++++++++++++++++++
 1 file changed, 77 insertions(+)
 create mode 100644 csgo-loader/csgo-module/Security/SyscallManager.hpp

(limited to 'csgo-loader/csgo-module/Security/SyscallManager.hpp')

diff --git a/csgo-loader/csgo-module/Security/SyscallManager.hpp b/csgo-loader/csgo-module/Security/SyscallManager.hpp
new file mode 100644
index 0000000..d8981e9
--- /dev/null
+++ b/csgo-loader/csgo-module/Security/SyscallManager.hpp
@@ -0,0 +1,77 @@
+#pragma once
+
+#include <windows.h>
+#include <winternl.h>
+#include <cstdint>
+#include <algorithm>
+#include <map>
+#include <fstream>
+#include <vector>
+#include <iterator>
+
+#include <Security/FnvHash.hpp>
+
+using ByteArray = std::vector<uint8_t>;
+
+namespace Wrapper
+{
+	// A stub used for our syscalls.
+	class SyscallStub
+	{
+		// The shellcode which executes a low latency system call.
+		uint8_t m_Shellcode[11] = {
+			0x4C, 0x8B, 0xD1,				// mov r10, rcx
+			0xB8, 0x00, 0x00, 0x00, 0x00,	// mov eax, [syscall index]
+			0x0F, 0x05,						// syscall
+			0xC3
+		};
+	public:
+		// Constructors.
+		SyscallStub() = default;
+
+		// Sets the syscall index.
+		void SetIndex(uint32_t Index);
+
+		__forceinline uintptr_t Get()
+		{
+			return (uintptr_t)m_Shellcode;
+		}
+	};
+
+	// Manager for system calls. Used to iterate NTDLL for all syscall indices.
+	// Read: https://www.evilsocket.net/2014/02/11/on-windows-syscall-mechanism-and-syscall-numbers-extraction-methods/
+	class SyscallManager
+	{
+		// Reading NTDLL from disk because it cannot be modified
+		// due to restrictions put in place by PatchGuard.
+		ByteArray GetNtdllFromDisk();
+
+		// Container for all syscall stubs.
+		std::map<uint64_t, SyscallStub> m_Syscalls;
+
+		// Helper functions.
+		uintptr_t GetRawOffsetByRva(IMAGE_SECTION_HEADER *SectionHeader, uintptr_t Sections, uintptr_t FileSize, uintptr_t Rva);
+		IMAGE_SECTION_HEADER *GetSectionByRva(IMAGE_SECTION_HEADER *SectionHeader, uintptr_t Sections, uintptr_t Rva);
+
+	public:
+		// Initialises the syscall manager, dumping all the
+		// syscall indices.
+		bool Start();
+
+		// Finds a syscall by hash.
+		template < typename T >
+		T Find(uint64_t Hash)
+		{
+			uint64_t Syscall = m_Syscalls[Hash].Get();
+
+			if(!Syscall)
+				return T{};
+
+			return (T)m_Syscalls[Hash].Get();
+		}
+	};
+
+	using SyscallManagerPtr = std::unique_ptr<SyscallManager>;
+}
+
+extern Wrapper::SyscallManagerPtr Syscalls;
\ No newline at end of file
-- 
cgit v1.2.3