From 0c194bc8046cb3ecb4e4d0577f36a1d3bde58d11 Mon Sep 17 00:00:00 2001 From: boris Date: Thu, 27 Dec 2018 22:42:05 +1300 Subject: bap --- .../csgo-server/RemoteCode/RemoteCodeServer.cpp | 47 ------------------- .../csgo-server/RemoteCode/RemoteCodeServer.hpp | 22 --------- .../RemoteCode/RemoteInjectionServer.hpp | 54 +++++++++++++++++++++- 3 files changed, 53 insertions(+), 70 deletions(-) (limited to 'csgo-loader/csgo-server/RemoteCode') diff --git a/csgo-loader/csgo-server/RemoteCode/RemoteCodeServer.cpp b/csgo-loader/csgo-server/RemoteCode/RemoteCodeServer.cpp index daa42ae..65a4306 100644 --- a/csgo-loader/csgo-server/RemoteCode/RemoteCodeServer.cpp +++ b/csgo-loader/csgo-server/RemoteCode/RemoteCodeServer.cpp @@ -2,52 +2,5 @@ namespace RemoteCode { - ByteArray Shellcode = { - // TODO: Add shellcode. - }; - bool RemoteCodeServer::Start(ByteArray &Parameters) - { - RemoteCodeParameters CodeParams = *(RemoteCodeParameters *)&Parameters[0]; - - // Check if the header is valid. - if((!CodeParams.m_EndSceneVmt || !CodeParams.m_OriginalEndScene) || - (CodeParams.m_EntryPoint || CodeParams.m_CheatHeader)) - { - // TODO: Ban user (probably using fake client) - return false; - } - - // Set up shellcode. - m_CustomCode.insert( - m_CustomCode.begin(), - Shellcode.begin(), - Shellcode.end() - ); - - // TODO: Set up pointers in shellcode. - - return true; - } - - uintptr_t RemoteCodeServer::GetOffsetByPattern(ByteArray &Data, ByteArray Pattern) - { - if(Data.empty()) - return uintptr_t{}; - - ByteArray::iterator Position = std::search( - Data.begin(), - Data.end(), - Pattern.begin(), - Pattern.end() - ); - - if(Position != Data.end()) - return (uintptr_t)std::distance(Data.begin(), Position); - - return uintptr_t{}; - } - - // is this loss? - ByteArray RemoteCodeServer::GetShellcode() { return m_CustomCode; } } \ No newline at end of file diff --git a/csgo-loader/csgo-server/RemoteCode/RemoteCodeServer.hpp b/csgo-loader/csgo-server/RemoteCode/RemoteCodeServer.hpp index dde8b7d..3a31cb4 100644 --- a/csgo-loader/csgo-server/RemoteCode/RemoteCodeServer.hpp +++ b/csgo-loader/csgo-server/RemoteCode/RemoteCodeServer.hpp @@ -8,30 +8,8 @@ using ByteArray = std::vector; namespace RemoteCode { - struct RemoteCodeParameters - { - uintptr_t m_EndSceneVmt; - uintptr_t m_OriginalEndScene; - uintptr_t m_EntryPoint; - uintptr_t m_CheatHeader; - uintptr_t m_VirtualProtect; - }; - class RemoteCodeServer { - ByteArray m_CustomCode; - - // swoo - uintptr_t GetOffsetByPattern(ByteArray &Data, ByteArray Pattern); - - public: - RemoteCodeServer() = default; - - // Send client the prepared shellcode. - // This will also send the original and vmt address of endscene. - bool Start(ByteArray &Parameters); - // Get the response for the client - ByteArray GetShellcode(); }; } \ No newline at end of file diff --git a/csgo-loader/csgo-server/RemoteCode/RemoteInjectionServer.hpp b/csgo-loader/csgo-server/RemoteCode/RemoteInjectionServer.hpp index f8f7274..3a975f7 100644 --- a/csgo-loader/csgo-server/RemoteCode/RemoteInjectionServer.hpp +++ b/csgo-loader/csgo-server/RemoteCode/RemoteInjectionServer.hpp @@ -1,11 +1,63 @@ #pragma once #include +#include +#include + +using ByteArray = std::vector; namespace RemoteCode { - class RemoteInjectionServer + // What the server sends to the client upon transaction start. + struct RemoteServerHeader { + // Does the cheat support the DirectX thread execution exploit? + bool m_ThreadExploitSupported; + + // This will be used for allocating the remote memory. + uintptr_t m_SizeOfImage; + + // OPTIONAL: The cheat might be using the DllMain function + // to do injection. Make sure to call that. + uintptr_t m_EntryPoint; + + // OPTIONAL: The cheat might be using TLS callbacks to + // do injection. Make sure to call that. + uintptr_t m_TlsCallbackDirectory; + }; + + // Requests supported by the server. + // These are stored in a vector and later looked up. + struct RemoteServerRequest + { + // Hash to look up requests by. + uint64_t m_LookupHash; + + // Name printed on the console when a user injects. + char m_DebugName[128]; + + // File name that's used to load the DLL server-side. + char m_FileName[260]; + // Does the cheat support the DirectX exploit for creating threads? + bool m_ThreadExploitSupported; }; + + // The initial header we receive from the client. + struct RemoteClientRequest + { + uint64_t m_LookupHash; + }; + + // The response we receive from the client upon transaction start. + struct RemoteClientHeader + { + // Address of remote allocation. + uintptr_t m_RemoteAddress; + + // Up to six remote modules. + // NOTE: Stop iterating once a module is NULL. + uintptr_t m_RemoteModules[6]; + }; + } \ No newline at end of file -- cgit v1.2.3