📄 main.cpp
字号:
SECFUNC_INTERCEPT(00);SECFUNC_INTERCEPT(01);SECFUNC_INTERCEPT(02);SECFUNC_INTERCEPT(03);SECFUNC_INTERCEPT(04);SECFUNC_INTERCEPT(05);SECFUNC_INTERCEPT(06);SECFUNC_INTERCEPT(07);SECFUNC_INTERCEPT(08);SECFUNC_INTERCEPT(09);SECFUNC_INTERCEPT(0A);SECFUNC_INTERCEPT(0B);SECFUNC_INTERCEPT(0C);SECFUNC_INTERCEPT(0E);SECFUNC_INTERCEPT(0F);__declspec(naked) void Empty() { _asm { ret } }bool bKnownSecurity = false;//===============================================================================void handleNewSecModule(DWORD* df){ // remove sec module:
int i;
for (i = 0; i < 0x11; i++) { df[i] = (DWORD)&Empty; }
for (i = 0x11; i <= 0x1A; i++) { df[i] = 0; }
df[0xD] = 0;
df[0x10] = 0x43210003;
gEngfuncs.pfnClientCmd("disconnect");
gEngfuncs.pfnClientCmd("disconnect");
gEngfuncs.pfnClientCmd("speak \"_comma message from system _comma _comma invallid security located\"");
gEngfuncs.pfnConsolePrint(
"////////////////////////////////////////////////////////////////////////////////\n"
"// OGC Hook has aborted connection to this server\n"
"// because new anti-cheat software was uploaded to your PC.\n"
"// if you can read this message, the anti-cheat sofware has\n"
"// been successfully disabled by OGC Hook.\n"
"// \n"
"// Please restart Half-Life without this cheat, or wait for\n"
"// an updated version. Type \"quit\" now to close Half-life.\n"
"// bunny771\n"
"//\n"
);
}//===============================================================================// Remove security moduleDWORD SecurityHooker(DWORD * df){ bDontRerouteGlBegin = true; if(!bKnownSecurity) { handleNewSecModule(df); return 0; } // call original security (nothing modified yet assert(OriginalSecurity); DWORD res = OriginalSecurity(df); // setup security hook memcpy(secfuncs_org,df,SECFUNCS_NUM*4); memcpy(secfuncs_hooked,df,SECFUNCS_NUM*4); secfuncs_loc = df; #define HOOK_SEC_FUNC( hexnr ) secfuncs_hooked[0x##hexnr] = (DWORD)&SecHook_##hexnr; HOOK_SEC_FUNC(00); HOOK_SEC_FUNC(01); HOOK_SEC_FUNC(02); HOOK_SEC_FUNC(03); HOOK_SEC_FUNC(04); HOOK_SEC_FUNC(05); HOOK_SEC_FUNC(06); HOOK_SEC_FUNC(07); HOOK_SEC_FUNC(08); HOOK_SEC_FUNC(09); HOOK_SEC_FUNC(0A); HOOK_SEC_FUNC(0B); HOOK_SEC_FUNC(0C); HOOK_SEC_FUNC(0E); HOOK_SEC_FUNC(0F); // hook post_sec_call(); Con_Echo("&gsecurity module hooked."); return res;}//-------------------------------------------------------typedef struct { DWORD unknown1; DWORD numsegments; DWORD initexpfunc; DWORD iatadd; DWORD dllmain; DWORD iathdr; DWORD imgbase; DWORD imgsize;} header_t;//========================================================================================void Security_LoadEncryptedDll(DWORD len, DWORD b, DWORD c, byte * base){ bool validate_sec_module(char* base, int len); if(cvar.sec_dump) { ofstream ofs(getOgcDirFile("secdump_enc.bin").c_str(),ios::binary); ofs.write((char*)base,len); ofs.close(); } header_t * hdr = (header_t*)(base + 0x44); Decrypt(base, len); if (len > 550000) { // Client.dll Original = (pClientHooker)(hdr->initexpfunc ^ PROCKEY); hdr->initexpfunc = (DWORD)&ClientHooker ^ PROCKEY; } else { // !moduleC.dll bKnownSecurity = validate_sec_module((char*)base,len); Con_Echo("&gsecurity module found.");
OriginalSecurity = (pSecurityHooker)(hdr->initexpfunc ^ PROCKEY); hdr->initexpfunc = (DWORD)&SecurityHooker ^ PROCKEY; } Encrypt(base, len);}//=====================================================================================================void patch(){ static bool done = false; if(done) return; done = true; assert(stackret); BYTE* loc = ((BYTE*)stackret)-0x74C68; BYTE* sig = (BYTE*)"\x51\x55\x8B\x6C?"; char* mask = "xxxx?"; if(loaderPatch.find_location(loc,sig,mask)) { // setup patch _LoadEncryptedDll = (DWORD)loc + 6; loaderPatch.patchdata[0] = 0xE9; DWORD addr = (DWORD)&EngineLoadEncryptedDll - (DWORD)loc - 5; *(DWORD*)(loaderPatch.patchdata+1) = addr; // apply loaderPatch.apply(); } else { MessageBox(0,"Software mode is not supported\nUse OpenGL or Direct3D.", "not supported",MB_ICONEXCLAMATION); ExitProcess(0); } detour_S_DynamicSound(); patch_CommandParser();}//=====================================================================================================HANDLE WINAPI XnewCreateFileA(LPCTSTR a,DWORD b,DWORD c,LPSECURITY_ATTRIBUTES d,DWORD e,DWORD f,HANDLE g){ if( badfile(a) ) return INVALID_HANDLE_VALUE; else return (*CreateFilePtr)(a,b,c,d,e,f,g);} __declspec(naked) HANDLE WINAPI newCreateFileA(LPCTSTR a,DWORD b,DWORD c,LPSECURITY_ATTRIBUTES d,DWORD e,DWORD f,HANDLE g){ if(strstr(a,"client.dll")) { __asm pop stackret; __asm push stackret; patch(); } __asm jmp XnewCreateFileA}// getmessage hook in bind.cpptypedef BOOL (WINAPI *GetMessageFunc )(LPMSG,HWND,UINT,UINT);BOOL WINAPI newGetMessage(LPMSG,HWND,UINT,UINT);GetMessageFunc origGetMessage;////=====================================================================================================//BOOL (WINAPI *Module32NextPtr) ( HANDLE hSnapshot, LPMODULEENTRY32 lpme );//BOOL WINAPI newModule32Next ( HANDLE hSnapshot, LPMODULEENTRY32 lpme )//{// BOOL res = (*Module32NextPtr)(hSnapshot,lpme);// if (lpme->hModule == xModule ) res = (*Module32NextPtr)(hSnapshot,lpme);// return res;//}//void CheckForClientHook(FARPROC* pProc,LPCTSTR lpProcName);
FARPROC check_hook_queue(char* procname, FARPROC original);FARPROC WINAPI newGetProcAddress ( HMODULE hModule, LPCSTR lpProcName );DWORD gpoffset;DWORD gppt=(DWORD)&newGetProcAddress;typedef FARPROC (WINAPI *GetProcAddressFunc)(HMODULE,LPCTSTR);FARPROC WINAPI newGetProcAddress ( HMODULE hModule, LPCSTR lpProcName ){ if(HIWORD(lpProcName)) { //logfile<<(char*)lpProcName<<endl; if(!strcmp(lpProcName,"glBegin") && bDontRerouteGlBegin) { return GetProcAddress(hModule,lpProcName); } if(!strcmp(lpProcName,"CreateFileA")) { CreateFilePtr = (CreateFileFunc)GetProcAddress(hModule,lpProcName); return (FARPROC)newCreateFileA; } else if(!strcmp(lpProcName,"QueryPerformanceCounter")) { QueryPerformanceCounterPtr = (QueryPerformanceCounterFunc)GetProcAddress(hModule,lpProcName); return (FARPROC)newQueryPerformanceCounter; } else if(!strcmp(lpProcName,"GetProcAddress")) { return (FARPROC)newGetProcAddress; } else if(!strcmp(lpProcName,"GetMessageA")) { origGetMessage = (GetMessageFunc)GetProcAddress(hModule,lpProcName); return (FARPROC)newGetMessage; } //else if(!strcmp(lpProcName,"IsDebuggerPresent")) { return NULL; }
else { static bool done = false; if(!done) { void init_hook_queue(); init_hook_queue(); done = true; } FARPROC original = GetProcAddress(hModule,lpProcName); FARPROC res = check_hook_queue((char*)lpProcName,original); CheckForClientHook( &res, lpProcName);
return res; } } //if( !HIWORD(lpProcName) ) { // name = lookup_export_name((char*)hModule,(DWORD)lpProcName); //} return GetProcAddress(hModule,lpProcName);}//=====================================================================================================void ReRoute(HMODULE res,PIMAGE_NT_HEADERS pNTHeader,DWORD* new_addr,char*modulename, char* funcname, DWORD* out_offset){ //generic call to old_add patcher bool success = importoffset((char*)res,modulename,funcname,out_offset)!=0; if(!success) { MessageBox(0,funcname,"REROUTE FAILED",0); return; } BYTE *pos; BYTE* codestart=(BYTE*)res+pNTHeader->OptionalHeader.BaseOfCode; DWORD length=pNTHeader->OptionalHeader.SizeOfCode; while (ScanPattern_FF15calladr(codestart,*out_offset,length,&pos)) { length-=pos+6-codestart; codestart=pos+6; Protect(pos+2,sizeof(DWORD)); DWORD* blub0r=(DWORD*)(pos+2); *blub0r = (DWORD)new_addr; Protect(pos+2); //MessageBox(0,"FF15Calladr found",funcname,0); } codestart=(BYTE*)res+pNTHeader->OptionalHeader.BaseOfCode; length=pNTHeader->OptionalHeader.SizeOfCode; while (ScanPattern_8B2Dcalladr(codestart,*out_offset,length,&pos)) { length-=pos+6-codestart; codestart=pos+6; Protect(pos+2,sizeof(DWORD)); DWORD* blub0r=(DWORD*)(pos+2); *blub0r = (DWORD)new_addr; Protect(pos+2); //MessageBox(0,"8B2DCalladr found",funcname,0); } codestart=(BYTE*)res+pNTHeader->OptionalHeader.BaseOfCode; length=pNTHeader->OptionalHeader.SizeOfCode; while (ScanPattern_8B35calladr(codestart,*out_offset,length,&pos)) { length-=pos+6-codestart; codestart=pos+6; Protect(pos+2,sizeof(DWORD)); DWORD* blub0r=(DWORD*)(pos+2); *blub0r = (DWORD)new_addr; Protect(pos+2); //MessageBox(0,"8B35Calladr found",funcname,0); }}//===========================================================static void removeFileName(char* path){ char* pos = path+strlen(path); while(pos>=path && *pos!='\\') --pos; pos[1]=0; }//===========================================================BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ){ if (ul_reason_for_call != DLL_PROCESS_ATTACH) return TRUE; // randomize timer srand(time(0)); //no thread notification DisableThreadLibraryCalls(static_cast<HMODULE>(hModule)); //clear our headers so paladin wont find us srand( (unsigned)time( NULL ) ); PIMAGE_DOS_HEADER pDOSHeader = MakePtr<PIMAGE_DOS_HEADER>(hModule); PIMAGE_NT_HEADERS pNTHeader = MakePtr<PIMAGE_NT_HEADERS>(pDOSHeader,pDOSHeader->e_lfanew); RandomOverwrite(pDOSHeader); RandomOverwrite(pNTHeader); //get main module and create fake code copy HMODULE MainModule = GetModuleHandle(NULL); pDOSHeader = MakePtr<PIMAGE_DOS_HEADER>(MainModule); pNTHeader = MakePtr<PIMAGE_NT_HEADERS>(pDOSHeader,pDOSHeader->e_lfanew); /*char* hl_fake_code = new char[pNTHeader->OptionalHeader.SizeOfCode]; memcpy(hl_fake_code,(char*)MainModule +pNTHeader->OptionalHeader.BaseOfCode,pNTHeader->OptionalHeader.SizeOfCode);*/ //generic call ds:LoadLibraryA patcher //importoffset((char*)MainModule,"Kernel32.dll","LoadLibraryA",&lloffset); //BYTE *pos; //BYTE* codestart=(BYTE*)MainModule+pNTHeader->OptionalHeader.BaseOfCode; //DWORD length=pNTHeader->OptionalHeader.SizeOfCode; //while (ScanPattern_FF15calladr(codestart,lloffset,length,&pos)) //{ // length-=pos+6-codestart; // codestart=pos+6; // Protect(pos+2,sizeof(DWORD)); // DWORD* blub0r=(DWORD*)(pos+2); // *blub0r = (DWORD)&llpt; // Protect(pos+2); //} init_hook_queue(); // setup ogc path GetModuleFileName((HMODULE)hModule,ogcdir,254); removeFileName(ogcdir); // setup hl path GetModuleFileName(GetModuleHandle(NULL), hldir, 254); removeFileName(hldir); xModule=(HMODULE)hModule; ReRoute(MainModule, pNTHeader,&gppt,"Kernel32.dll","GetProcAddress",&gpoffset); //InterceptDllCall(MainModule, "Kernel32.dll","CreateFileA",(PVOID)&pCreateFile,(PVOID*)&CreateFilePtr,NULL); void Client_Init(); // client.cpp init Client_Init(); // client.cpp init return TRUE;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -