#include /* TODO: - Finish off security on client: - Hook OpenProcess, ExitProcess, WSARecv, WSASend and check if function is OOB. [DONE] - Use VM check that Nave gave me. - Run a thread to check for blacklisted drivers periodically (also blacklist VBox) - Run a thread to check if there is more than X threads running in the loader. - Add dump protection (closes csgo.exe if a handle is detected, probably explorer shellcode) - Add HWID generation - Hook DbgBreakPoint and DbgUiRemoteBreakin (instead of bytepatching, some debuggers will check that) [DONE] - Don't forget about the security callback; leave implementation up to Nave. [DONE] - Apply Themida macros inside important functions: - Apply mutation on Security hooks and main function. [DONE] - Apply fast VM on syscall manager, process functions - Apply robust VM on TCP, login - Apply heavy VM on Encryption, recv/send wrappers. - Finish off shellcode execution wrapper: - The shellcode can be executed via two ways - Either the code is mapped and called via CreateRemoteThread (allows custom param) - or the code is mapped and called via DX9 (does not allow custom param) - This will probably be the easiest thing to do. - Finish off injection wrapper: - Everything is already laid out, tbh. - Have the loader inject a .DLL :^) TODO (Nave): - Make the UI look nice. - Adapt the server to work with your backend. */ int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow) { /*WRAP_IF_DEBUG*/(Utils::OpenConsole()); // Autistic workaround for Hooked_OpenProcess crashing // when Device->CreateDevice is invoked... std::atomic UserInterfaceReady = false; // Create a thread to handle UI. std::thread WindowThread([&UserInterfaceReady] { // Create a window, initialise DirectX context. if(!UserInterface->Start()) ERROR_ASSERT("[000F:00001C00] Failed to initialize. Please contact an administrator."); // Signal initialization. UserInterfaceReady = true; UserInterface->RunUiFrame(); }); WindowThread.detach(); while(!UserInterfaceReady) { Sleep(1); } // Initialize the runtime protection system. WRAP_IF_RELEASE( if(!Protection->Start()) ERROR_ASSERT("[000F:00001A00] Failed to initialize. Please contact an administrator."); ); // Initialize the syscall manager. if(!Syscalls->Start()) ERROR_ASSERT("[000F:00001B00] Failed to initialize. Please contact an administrator."); // Wait for connection. UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_WAITING; // Attempt to connect to the remote server. Networking::TCPClient Client; if(!Client.Start(LOCAL_IP, SERVER_PORT)) ERROR_ASSERT("[000F:0002A000] Server did not accept the connection."); ByteArray Bytes{ 0, 1, 2, 3, 4, 5 }; Client.SendBytes(Bytes); ByteArray Bytes2 = Client.ReceiveBytes(); printf("%zd\n", Bytes2.size()); for(auto &It : Bytes2) printf("%02x ", It); printf("\n"); // Allow the user to input their log-in data. UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_LOG_IN; while(UserInterface->m_Data.m_ExecutionState != UserExperience::EXECUTION_WAITING) { Sleep(1); } // TODO: Add game selection. while(1) { if(GetAsyncKeyState(VK_END) & 0x8000) break; Sleep(1); } }