1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
#include <Client.hpp>
/*
TODO:
- Finish off security on client:
- Hook OpenProcess, ExitProcess, WSARecv, WSASend and check if function is OOB.
- Use VM check that Nave gave me.
- Run a thread to check for blacklisted drivers periodically (also blacklist VBox)
- Run a thread to check if there is more than X threads running in the loader.
- Add dump protection (closes csgo.exe if a handle is detected, probably explorer shellcode)
- Add HWID generation
- Hook DbgBreakPoint and DbgUiRemoteBreakin (instead of bytepatching, some debuggers will check that)
- If the hook is triggered, ban the user.
- Don't forget about the security callback; leave implementation up to Nave.
- Apply Themida macros inside important functions:
- Apply mutation on Security hooks and main function.
- Apply fast VM on syscall manager, process functions
- Apply robust VM on TCP, login
- Apply heavy VM on Encryption, recv/send wrappers.
- Finish off shellcode execution wrapper:
- The shellcode can be executed via two ways
- Either the code is mapped and called via CreateRemoteThread (allows custom param)
- or the code is mapped and called via DX9 (does not allow custom param)
- This will probably be the easiest thing to do.
- Finish off injection wrapper:
- Everything is already laid out, tbh.
- Have the loader inject a .DLL :^)
TODO (Nave):
- Make the UI look nice.
- Adapt the server to work with your backend.
*/
int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow)
{
WRAP_IF_DEBUG(Utils::OpenConsole());
// Autistic workaround for Hooked_OpenProcess crashing
// when Device->CreateDevice is invoked...
std::atomic<bool> UserInterfaceReady = false;
// Create a thread to handle UI.
std::thread WindowThread([&UserInterfaceReady]
{
// Create a window, initialise DirectX context.
if(!UserInterface->Start())
ERROR_ASSERT("[000F:00001C00] Failed to initialize. Please contact an administrator.");
// Signal initialization.
UserInterfaceReady = true;
UserInterface->RunUiFrame();
}); WindowThread.detach();
while(!UserInterfaceReady) { Sleep(1); }
// Initialize the runtime protection system.
WRAP_IF_RELEASE(
if(!Protection->Start())
ERROR_ASSERT("[000F:00001A00] Failed to initialize. Please contact an administrator.");
);
// Initialize the syscall manager.
if(!Syscalls->Start())
ERROR_ASSERT("[000F:00001B00] Failed to initialize. Please contact an administrator.");
// Wait for connection.
UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_WAITING;
// Attempt to connect to the remote server.
Networking::TCPClient Client;
if(!Client.Start(LOCAL_IP, SERVER_PORT))
ERROR_ASSERT("[000F:0002A000] Server did not accept the connection.");
// Allow the user to input their log-in data.
UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_LOG_IN;
while(UserInterface->m_Data.m_ExecutionState != UserExperience::EXECUTION_WAITING) { Sleep(1); }
// TODO: Add game selection.
while(1) { if(GetAsyncKeyState(VK_END) & 0x8000) break; Sleep(1); }
}
|
