neku
Codeur roumain
Bon voila, vu que j'ai trop de mal à continuer ce projet, j'ai décidé de mettre les codes source de ce que j'ai déjà fait afin d'avoir de l'aide ou inspirer d'autres personnes.
SecureApi.c
SecureApi.h
PeInfos.c
PeInfos.h
DetoursDetection.c
OpenGL.c
OpenGL.h
AC.c
Si quelqu'un a une idée car pour le moment sa ne couvre pas tout les hook OpenGL possible.
SecureApi.c
Code:
[size=2]#include "SecureApi.h"
#pragma warning( disable :4311 )
#pragma warning( disable :4312 )
//Kernel32.dll
FARPROC pOrig_GetModuleHandleA;
FARPROC pOrig_GetProcAddress;
FARPROC pOrig_OpenProcess;
FARPROC pOrig_Sleep;
FARPROC pOrig_CreateThread;
FARPROC pOrig_GetCurrentProcessId;
//User32.dll
FARPROC pOrig_MessageBoxA;
FARPROC pOrig_FindWindowA;
FARPROC pOrig_GetWindowThreadProcessId;
//Psapi.dll
FARPROC pOrig_GetModuleInformation;
//Vars
DWORD dwReturnValue;
CSecure SecureApi;
//Functions
FARPROC ExportGet(const HMODULE Image, const char* Function);
void CSecure::s_Initialize (void) {
//Chargement du kernel32.dll
HINSTANCE hTemp = ::LoadLibrary("Kernel32.dll");
HINSTANCE hTemp2 = ::LoadLibrary("Psapi.dll");
pOrig_GetModuleHandleA = ::GetProcAddress(hTemp,"GetModuleHandleA");
pOrig_GetModuleInformation = ::GetProcAddress(hTemp2,"GetModuleInformation");
HINSTANCE hUser32 = SecureApi.s_GetModuleHandle("USER32.dll");
HINSTANCE hKernel32 = SecureApi.s_GetModuleHandle("KERNEL32.dll");
//User32.dll
pOrig_MessageBoxA = ExportGet(hUser32,"MessageBoxA");
pOrig_FindWindowA = ExportGet(hUser32,"FindWindowA");
pOrig_GetWindowThreadProcessId = ExportGet(hUser32,"GetWindowThreadProcessId");
//Kernel32.dll
pOrig_Sleep = ExportGet(hKernel32,"Sleep");
pOrig_CreateThread = ExportGet(hKernel32,"CreateThread");
pOrig_OpenProcess = ExportGet(hKernel32,"OpenProcess");
pOrig_GetProcAddress = ExportGet(hKernel32,"GetProcAddress");
pOrig_GetCurrentProcessId = ExportGet(hKernel32,"GetCurrentProcessId");
}
DWORD CSecure::s_GetCurrentProcessId () {
__asm {
call dword ptr [pOrig_GetCurrentProcessId]
mov dwReturnValue, eax
}
return (DWORD)dwReturnValue;
}
FARPROC CSecure::s_GetProcAddress (HMODULE hModule, LPCSTR lpProcName) {
_asm {
push lpProcName
push hModule
call dword ptr [pOrig_GetProcAddress]
mov dwReturnValue, eax
}
return (FARPROC)dwReturnValue;
}
BOOL CSecure::s_GetModuleInformation (HANDLE hProcess, HMODULE hModule, LPMODULEINFO lpmodinfo, DWORD cb) {
_asm {
push cb
push lpmodinfo
push hModule
push hProcess
call dword ptr [pOrig_GetModuleInformation]
mov dwReturnValue, eax
}
return (BOOL)dwReturnValue;
}
HANDLE CSecure::s_OpenProcess (DWORD dwDesireAccess, BOOL bInheritHandle, DWORD dwProcessId) {
_asm {
push dwProcessId
push bInheritHandle
push dwDesireAccess
call dword ptr [pOrig_OpenProcess]
mov dwReturnValue, eax
}
return (HANDLE)dwReturnValue;
}
VOID CSecure::s_Sleep (DWORD dwMilliseconds) {
_asm {
push dwMilliseconds
call dword ptr [pOrig_Sleep]
}
}
DWORD CSecure::s_GetWindowThreadProcessId (HWND hWnd, LPDWORD lpdwProcessId) {
_asm {
push lpdwProcessId
push hWnd
call dword ptr [pOrig_GetWindowThreadProcessId]
mov dwReturnValue, eax
}
return dwReturnValue;
}
HMODULE CSecure::s_GetModuleHandle (LPCSTR lpModuleName) {
_asm {
push lpModuleName
call dword ptr [pOrig_GetModuleHandleA]
mov dwReturnValue, eax
}
return (HMODULE)dwReturnValue;
}
int CSecure::s_MessageBox (HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType) {
_asm {
push uType
push lpCaption
push lpText
push hWnd
call dword ptr [pOrig_MessageBoxA]
mov dwReturnValue, eax
}
return (int)dwReturnValue;
}
HWND CSecure::s_FindWindow (LPCSTR lpClassName, LPCSTR lpWindowName) {
_asm {
push lpWindowName
push lpClassName
call dword ptr [pOrig_FindWindowA]
mov dwReturnValue, eax;
}
return (HWND)dwReturnValue;
}
HANDLE CSecure::s_CreateThread (LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId) {
_asm {
push lpThreadId;
push dwCreationFlags
push lpParameter
push lpStartAddress
push dwStackSize
push lpThreadAttributes
call dword ptr [pOrig_CreateThread]
mov dwReturnValue, eax
}
return (HANDLE)dwReturnValue;
}
FARPROC ExportGet(const HMODULE Image, const char* Function) {
IMAGE_DOS_HEADER* DosHeader;
IMAGE_NT_HEADERS* PeHeader;
IMAGE_EXPORT_DIRECTORY* ExportDirectory;
FARPROC* ExportAddressTable;
char** ExportNameTable;
WORD* ExportOrdinalTable;
char* Name;
int i, max;
if (!Image)
return NULL;
DosHeader = (IMAGE_DOS_HEADER*)Image;
if (DosHeader->e_magic != IMAGE_DOS_SIGNATURE)
return NULL;
if (!DosHeader->e_lfanew)
return NULL;
PeHeader = (IMAGE_NT_HEADERS*)((DWORD)Image + DosHeader->e_lfanew);
if (PeHeader->Signature != IMAGE_NT_SIGNATURE)
return NULL;
if (PeHeader->FileHeader.Machine != IMAGE_FILE_MACHINE_I386)
return NULL;
ExportDirectory = (IMAGE_EXPORT_DIRECTORY*)((DWORD)Image + PeHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
ExportAddressTable = (FARPROC*)((DWORD)Image + ExportDirectory->AddressOfFunctions);
ExportNameTable = (char**)((DWORD)Image + ExportDirectory->AddressOfNames);
ExportOrdinalTable = (WORD*)((DWORD)Image + ExportDirectory->AddressOfNameOrdinals);
max = ExportDirectory->NumberOfNames;
for (i = 0; i < max; i++) {
Name = (char*)((DWORD)Image + ExportNameTable[i]);
if (!strcmp(Name,Function)) {
return (FARPROC)((DWORD)Image + (DWORD)ExportAddressTable[ExportOrdinalTable[i]]);
}
}
return NULL;
}[/size]
Code:
#ifndef _H_SecureApi_
#define _H_SecureApi_
#include <windows.h>
#include <Psapi.h>
class CSecure {
public:
//API's
HMODULE s_GetModuleHandle (LPCSTR lpModuleName);
FARPROC s_GetProcAddress (HMODULE hModule, LPCSTR lpProcName);
HWND s_FindWindow (LPCSTR lpClassName, LPCSTR lpWindowName);
DWORD s_GetWindowThreadProcessId (HWND hWnd, LPDWORD lpdwProcessId);
HANDLE s_OpenProcess (DWORD dwDesireAccess, BOOL bInheritHandle, DWORD dwProcessId);
BOOL s_GetModuleInformation (HANDLE hProcess, HMODULE hModule, LPMODULEINFO lpmodinfo, DWORD cb);
int s_MessageBox (HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType);
HANDLE s_CreateThread (LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId);
VOID s_Sleep (DWORD dwMilliseconds);
DWORD s_GetCurrentProcessId ();
//Class functions
void s_Initialize (void);
};
extern CSecure SecureApi;
#endif
Code:
#include "PeInfos.h"
#include "SecureApi.h"
#include <windows.h>
#pragma warning( disable :4311 )
PE_INFOS PeInfos;
bool PEInitialize(void) {
//Recup l'Handle de Cs
//HWND HL = SecureApi.s_FindWindow("Valve001", NULL);
MODULEINFO lpmodinfo;
DWORD ProcessID;
ProcessID = SecureApi.s_GetCurrentProcessId();
//SecureApi.s_GetWindowThreadProcessId(HL, &ProcessID);
HANDLE hWnd = SecureApi.s_OpenProcess(PROCESS_ALL_ACCESS, false, ProcessID);
//Anti-Cheat Module Informations
SecureApi.s_GetModuleInformation(hWnd, SecureApi.s_GetModuleHandle("AC.dll"), &lpmodinfo, sizeof(lpmodinfo));
PeInfos.dwACStartAddress = (DWORD)lpmodinfo.lpBaseOfDll;
PeInfos.dwACSize = lpmodinfo.SizeOfImage;
PeInfos.dwACEndAddress = PeInfos.dwACStartAddress + PeInfos.dwACSize;
//OpenGL32.dll Informations
SecureApi.s_GetModuleInformation(hWnd, SecureApi.s_GetModuleHandle("opengl32.dll"), &lpmodinfo, sizeof(lpmodinfo));
PeInfos.dwOGLStartAddress = (DWORD)lpmodinfo.lpBaseOfDll;
PeInfos.dwOGLSize = lpmodinfo.SizeOfImage;
PeInfos.dwOGLEndAddress = PeInfos.dwOGLStartAddress + PeInfos.dwOGLSize;
PeInfos.dwHWStartAddress = 0x01D00000;
PeInfos.dwHWSize = 0x0000FFFF;
PeInfos.dwHWEndAddress = PeInfos.dwACStartAddress + PeInfos.dwHWSize;
return true;
}
Code:
#ifndef _H_PeInfos_
#define _H_PeInfos_
#include <windows.h>
typedef struct {
DWORD dwACStartAddress;
DWORD dwACEndAddress;
DWORD dwACSize;
DWORD dwOGLStartAddress;
DWORD dwOGLEndAddress;
DWORD dwOGLSize;
DWORD dwHWStartAddress;
DWORD dwHWEndAddress;
DWORD dwHWSize;
DWORD dwHLStartAddress;
} PE_INFOS;
bool PEInitialize (void);
extern PE_INFOS PeInfos;
#endif
Code:
#include "DetoursDetection.h"
#include "SecureApi.h"
bool CheckForDetour( DWORD dwAddress )
{
PBYTE pbLocation = (PBYTE)dwAddress;
//Simple detour.
//Call, Jmp, Jmp Short
if( pbLocation[0] == 0xE8 || pbLocation[0] == 0xE9 || pbLocation[0] == 0xEB )
{
//Detours Detected !
return true;
}
//'Non-visible' detour.
//Push Eax, Push Edx -> retn, retn X
if( pbLocation[0] == 0x50 || pbLocation[0] == 0x52 )
{
if( pbLocation[1] == 0xC3 || pbLocation[1] == 0xC2 )
{
//Detours Detected !
return true;
}
}
//Push Address detour.
//Push 00000000h -> retn, retn X
if( pbLocation[0] == 0x68 )
{
if( pbLocation[5] == 0xC3 || pbLocation[5] == 0xC2 )
{
//Detours Detected !
return true;
}
}
//Nop action detour.
//Nop -> Jmp, Call ou autres actions ...
if( pbLocation[0] == 0x90 )
{
//Detours Detected !
return true;
}
return false;
}
Code:
#include "OpenGL.h"
#include "SecureApi.h"
#include "DetoursDetection.h"
#include "EngineHook.h"
#include <windows.h>
#pragma warning( disable :4311 )
PE_OPENGL PeOGL;
bool OpenGLInitialize (void) {
PeOGL.dwAddr_glBegin = (DWORD)SecureApi.s_GetProcAddress(SecureApi.s_GetModuleHandle("opengl32.dll"),"glBegin");
PeOGL.dwAddr_glBlendFunc = (DWORD)SecureApi.s_GetProcAddress(SecureApi.s_GetModuleHandle("opengl32.dll"),"glBlendFunc");
PeOGL.dwAddr_glClear = (DWORD)SecureApi.s_GetProcAddress(SecureApi.s_GetModuleHandle("opengl32.dll"),"glClear");
PeOGL.dwAddr_glClearColor = (DWORD)SecureApi.s_GetProcAddress(SecureApi.s_GetModuleHandle("opengl32.dll"),"glClearColor");
PeOGL.dwAddr_glColor3f = (DWORD)SecureApi.s_GetProcAddress(SecureApi.s_GetModuleHandle("opengl32.dll"),"glColor3f");
PeOGL.dwAddr_glEnable = (DWORD)SecureApi.s_GetProcAddress(SecureApi.s_GetModuleHandle("opengl32.dll"),"glEnable");
PeOGL.dwAddr_glEnd = (DWORD)SecureApi.s_GetProcAddress(SecureApi.s_GetModuleHandle("opengl32.dll"),"glEnd");
PeOGL.dwAddr_glFrustum = (DWORD)SecureApi.s_GetProcAddress(SecureApi.s_GetModuleHandle("opengl32.dll"),"glFrustum");
PeOGL.dwAddr_glPopMatrix = (DWORD)SecureApi.s_GetProcAddress(SecureApi.s_GetModuleHandle("opengl32.dll"),"glPopMatrix");
PeOGL.dwAddr_glPushMatrix = (DWORD)SecureApi.s_GetProcAddress(SecureApi.s_GetModuleHandle("opengl32.dll"),"glPushMatrix");
PeOGL.dwAddr_glTranslatef = (DWORD)SecureApi.s_GetProcAddress(SecureApi.s_GetModuleHandle("opengl32.dll"),"glTranslatef");
PeOGL.dwAddr_glVertex2f = (DWORD)SecureApi.s_GetProcAddress(SecureApi.s_GetModuleHandle("opengl32.dll"),"glVertex2f");
PeOGL.dwAddr_glVertex3f = (DWORD)SecureApi.s_GetProcAddress(SecureApi.s_GetModuleHandle("opengl32.dll"),"glVertex3f");
PeOGL.dwAddr_glVertex3fv = (DWORD)SecureApi.s_GetProcAddress(SecureApi.s_GetModuleHandle("opengl32.dll"),"glVertex3fv");
PeOGL.dwAddr_glViewport = (DWORD)SecureApi.s_GetProcAddress(SecureApi.s_GetModuleHandle("opengl32.dll"),"glViewport");
PeOGL.dwAddr_wglSwapBuffers = (DWORD)SecureApi.s_GetProcAddress(SecureApi.s_GetModuleHandle("opengl32.dll"),"wglSwapBuffers");
return true;
}
bool OpenGLCheck (void) {
bool Detected = false;
Detected |= CheckForDetour(PeOGL.dwAddr_glBegin);
Detected |= CheckForDetour(PeOGL.dwAddr_glBlendFunc);
Detected |= CheckForDetour(PeOGL.dwAddr_glClear);
Detected |= CheckForDetour(PeOGL.dwAddr_glClearColor);
Detected |= CheckForDetour(PeOGL.dwAddr_glColor3f);
Detected |= CheckForDetour(PeOGL.dwAddr_glEnable);
Detected |= CheckForDetour(PeOGL.dwAddr_glEnd);
Detected |= CheckForDetour(PeOGL.dwAddr_glFrustum);
Detected |= CheckForDetour(PeOGL.dwAddr_glPopMatrix);
Detected |= CheckForDetour(PeOGL.dwAddr_glPushMatrix);
Detected |= CheckForDetour(PeOGL.dwAddr_glTranslatef);
Detected |= CheckForDetour(PeOGL.dwAddr_glVertex2f);
Detected |= CheckForDetour(PeOGL.dwAddr_glVertex3f);
Detected |= CheckForDetour(PeOGL.dwAddr_glVertex3fv);
Detected |= CheckForDetour(PeOGL.dwAddr_glViewport);
Detected |= CheckForDetour(PeOGL.dwAddr_wglSwapBuffers);
return Detected;
}
Code:
#ifndef _H_OpenGL_
#define _H_OpenGL_
#include <windows.h>
typedef struct {
DWORD dwAddr_glBegin;
DWORD dwAddr_glEnd;
DWORD dwAddr_glBlendFunc;
DWORD dwAddr_glClear;
DWORD dwAddr_glClearColor;
DWORD dwAddr_glColor3f;
DWORD dwAddr_glPopMatrix;
DWORD dwAddr_glPushMatrix;
DWORD dwAddr_glVertex3fv;
DWORD dwAddr_glVertex3f;
DWORD dwAddr_glVertex2f;
DWORD dwAddr_wglSwapBuffers;
DWORD dwAddr_glEnable;
DWORD dwAddr_glTranslatef;
DWORD dwAddr_glViewport;
DWORD dwAddr_glFrustum;
} PE_OPENGL;
bool OpenGLInitialize (void);
bool OpenGLCheck (void);
extern PE_OPENGL PeOGL;
#endif
Code:
#include <windows.h>
#include "detours.h"
#pragma comment (lib,"Psapi.lib")
#include "SecureApi.h"
#include "PeInfos.h"
#include "OpenGL.h"
#include "DetoursDetection.h"
//#include "EngineHookDetection.h"
#include "EngineHook.h"
DWORD Init (LPVOID lpArgs) {
PEInitialize();
//SecureApi.s_Sleep(4000); //Laisser le temps au moteur de se charger ;)
if (OpenGLInitialize()){
if (OpenGLCheck()) {
SecureApi.s_MessageBox(0,"OpenGL Detours Detected","Warning",MB_OK);
}
}
if (ActiveEngine()) {
pEngfuncs->pfnClientCmd("toggleconsole");
pEngfuncs->Con_Printf("Cerbere 0.1 Beta as been loaded\n");
pEngfuncs->Con_Printf("Develloper Team:\n");
pEngfuncs->Con_Printf("\tLeandre 'Neku' Gohy : [url="http://www.nekuz0r.net/n"]www.nekuz0r.net\n[/url]");
pEngfuncs->Con_Printf("Sponsors & Partners:\n");
pEngfuncs->Con_Printf("\tEasy Portail : [url="http://www.easyportail.be/n"]www.easyportail.be\n[/url]");
pEngfuncs->Con_Printf("\tNox-Design : [url="http://www.nox-design.net/n"]www.nox-design.net\n[/url]");
pEngfuncs->Con_Printf("\t#EBL - Electronic Belgian League - Belgium has futur too : [url="http://www.distinct-gaming.be/ebl//n"]www.distinct-gaming.be/ebl/\n[/url]");
}
return 0;
}
bool WINAPI DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
if(ul_reason_for_call == DLL_PROCESS_ATTACH) {
SecureApi.s_Initialize();
//SecureApi.s_CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE) Init, NULL, 0, new DWORD);
Init(0);
}
else if (ul_reason_for_call == DLL_PROCESS_DETACH) {
}
return true;
}
)
![[Clad]](/data/avatars/s/0/257.jpg?1648905584){kind=avatar}
