blob: c62812ba6f77efb1edb6443bd988ee45fadac537 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
#include <RemoteCode/RemoteCodeClient.hpp>
// i kinda stopped caring at this point
namespace RemoteCode
{
RemoteCodeParameters RemoteCodeClient::Start(RemoteProcess &Process)
{
// Copy over process.
m_Process = Process;
// PSA: If the loader crashes CS:GO, this is most definitely the reason.
HANDLE ShaderApi = Process.FindModule("shaderapidx9.dll");
void *D3D_DevicePtr = (void *)((uintptr_t)ShaderApi + 0xA3FC0);
// Read the VTable.
// TODO: Check if process is 32-bit or 64-bit.... nah fuck that lol
void *D3D_VtablePtr = Process.Read<void *>(D3D_DevicePtr);
m_DirectX = Process.Read<uintptr_t>((void *)((uintptr_t)D3D_VtablePtr + 42 * 4));
RemoteCodeParameters Parameters{
(uintptr_t)D3D_VtablePtr,
m_DirectX,
0x00000000,
0x00000000,
(uintptr_t)VirtualProtect
};
m_DirectX = (uintptr_t)D3D_VtablePtr;
return Parameters;
}
void RemoteCodeClient::Dispatch(ByteArray &Shellcode)
{
// Allocate and set-up shellcode.
void *AllocationBase = m_Process.Allocate(Shellcode.size());
m_Process.Write(AllocationBase, Shellcode.data(), Shellcode.size());
// Hijack D3D thread.
m_Process.Write<uintptr_t>((void *)(m_DirectX + 42 * 4), (uintptr_t)AllocationBase);
}
}
|
