1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
#include <Client.hpp>
/*
TODO:
- Finish off shellcode execution wrapper:
- The shellcode can be executed via two ways
- Either the code is mapped and called via CreateRemoteThread (allows custom param)
- or the code is mapped and called via DX9 (does not allow custom param)
- This will probably be the easiest thing to do.
--nave note:
you don't need any custom params
it's entirely pointless, we can use a wiped PE header to pass all the data we need
plus passing shit via dllmain is too obvious anyway, dumb idea
- Finish off injection wrapper:
- Allocate every memory page as a bunch of consecutive 4kb sections (in order to fuck with people trying to dump)
- Have the loader inject a .DLL :^)
--nave note 2:
what you haven't done and what will completely fuck us up if anyone competent gets the loader:
loading the binary directly via the loader itself is completely stupid and unreasonable
this is exactly what got rifk7 detected back in the day because all valve has to do is just get the loader and sig it
what you're supposed to do is have a dummy dll which gets downloaded after login/security checks, inject that into a random process (explorer.exe will do)
that later downloads the REAL dll from the server and then injects it
otherwise all it takes is 1 memer to send it to valve and we'll get fucked completely
TODO (Nave):
- Make the UI look nice.
- Adapt the server to work with your backend.
- Add dump protection (closes csgo.exe if a handle is detected, probably explorer shellcode)
--nave note 3:
dumps will happen anyway, i honestly don't even wanna focus on trying to protect shit against that other than basic exitprocess memes
people dump skeet regardless of kernel address mapping meme so what does it matter
*/
#pragma optimize("", off)
int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow)
{
WRAP_IF_DEBUG(
Utils::OpenConsole();
);
///////////////////////////////////////////////////////////////
//VMProtectBeginMutation("EntryPoint");
///////////////////////////////////////////////////////////////
// Create a thread to handle UI.
std::thread WindowThread([]
{
// Create a window, initialise DirectX context.
if(!UserInterface->Start())
ERROR_ASSERT(STR("[000F:00001C00] Failed to initialize. Please contact an administrator."));
UserInterface->RunUiFrame();
}); WindowThread.detach();
while(!UserInterface->m_Data.m_Ready) { Sleep(1); }
// Initialize the syscall manager.
if(!Syscalls->Start())
ERROR_ASSERT(STR("[000F:00001B00] Failed to initialize. Please contact an administrator."));
// Initialize the runtime protection system.
if(!Protection->Start())
ERROR_ASSERT(STR("[000F:00001A00] Failed to initialize. Please contact an administrator."));
// Wait for connection.
UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_WAITING;
// Attempt to connect to the remote server.
WRAP_IF_DEBUG(
printf("[DEBUG] Server IP: %08x\n", inet_addr("35.165.60.229"));
);
Networking::TCPClientPtr Client = std::make_unique<Networking::TCPClient>();
if(!Client->Start(LOCAL_IP, SERVER_PORT))
ERROR_ASSERT(STR("[000F:0002A000] Server closed the connection unexpectedly."));
// Allow the user to input their log-in data.
UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_LOG_IN;
while(UserInterface->m_Data.m_ExecutionState != UserExperience::EXECUTION_WAITING) { Sleep(1); }
Login::RemoteLoginTransaction LoginTransaction;
LoginTransaction.Start(UserInterface->m_Data.m_Username, UserInterface->m_Data.m_Password);
ByteArray Transaction = LoginTransaction.GetHeader();
Client->SendBytes(Transaction);
ByteArray LoginResponse = Client->ReceiveBytes();
if(!LoginTransaction.TranslateResponse(LoginResponse))
ExitProcess(0);
// Allow the user to choose a cheat to inject.
UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_CHOOSE;
// TODO: Add game selection.
while(1) { if(GetAsyncKeyState(VK_END) & 0x8000) break; Sleep(1); }
///////////////////////////////////////////////////////////////
//VMProtectEnd();
///////////////////////////////////////////////////////////////
}
#pragma optimize("", on)
|
