From c486baddbe064c0c78d9ea45361adf917f3c6842 Mon Sep 17 00:00:00 2001 From: boris Date: Fri, 28 Dec 2018 19:24:40 +1300 Subject: added basic hook detection yeah my vs was fucked up today ): --- csgo-loader/csgo-client/Security/RuntimeSecurity.cpp | 8 +++++++- csgo-loader/csgo-client/Security/SyscallManager.cpp | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'csgo-loader') diff --git a/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp b/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp index 305a44f..bff53f8 100644 --- a/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp +++ b/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp @@ -9,9 +9,15 @@ namespace Security decltype(&MessageBoxA) oMessageBox; int __stdcall Hooked_MessageBox(HWND Window, char *Message, char *Caption, uint32_t Type) { + // TODO: Replace this with a Syscall so we cannot get hooked. MEMORY_BASIC_INFORMATION Query; if(!VirtualQuery(_ReturnAddress(), &Query, sizeof MEMORY_BASIC_INFORMATION)) - ERROR_ASSERT("[00DF:00002C00] An integrity check failed."); + ExitProcess(0); + + HMODULE ReturnModule = (HMODULE)Query.AllocationBase; + + if (ReturnModule != GetModuleHandleA(0)) + ExitProcess(0); return oMessageBox(Window, Message, Caption, Type); } diff --git a/csgo-loader/csgo-client/Security/SyscallManager.cpp b/csgo-loader/csgo-client/Security/SyscallManager.cpp index bab2d5f..0104dae 100644 --- a/csgo-loader/csgo-client/Security/SyscallManager.cpp +++ b/csgo-loader/csgo-client/Security/SyscallManager.cpp @@ -81,7 +81,7 @@ namespace Wrapper } // Sick macros, retard. -#define GetRvaPointer(Rva) (Buffer + GetRawOffsetByRva(SectionHeader, SectionCount, FileSize, Rva)) + #define GetRvaPointer(Rva) (Buffer + GetRawOffsetByRva(SectionHeader, SectionCount, FileSize, Rva)) bool SyscallManager::Start() { -- cgit v1.2.3