INT32 __stdcall start( ) { HANDLE sectionHandle, *hMutex; HANDLE eventHandle; HANDLE threadHandle; DWORD sectionSize; MSG messages; OBJECT_ATTRIBUTES objAttrib = {0}; PTEB threadEnvironmentBlock; UNICODE_STRING eventSource; LDR_DATA_TABLE_ENTRY *module; SECTION_BASIC_INFORMATION sectionInfo; LARGE_INTEGER newSectionSize; InitializeCRT(); threadEnvironmentBlock = NtCurrentTeb(); PushProcessId = threadEnvironmentBlock->ClientId.UniqueProcess; PushHeapHandle = threadEnvironmentBlock->ProcessEnvironmentBlock->ProcessHeap; PushSessionId = threadEnvironmentBlock->ProcessEnvironmentBlock->SessionId; // Check if already running hMutex = CreateMutexW(0, FALSE, L"PushOneInstance"); if (threadEnvironmentBlock->LastErrorValue == ERROR_ALREADY_EXISTS || threadEnvironmentBlock->LastErrorValue == ERROR_ACCESS_DENIED) { MessageBoxW(0, L"Only one instance!", 0,0); ExitProcess(0); } //create image event eventHandle = NULL; UnicodeString_Init(&eventSource, L"Global\\" PUSH_IMAGE_EVENT_NAME); objAttrib.Length = sizeof(OBJECT_ATTRIBUTES); objAttrib.RootDirectory = BaseGetNamedObjectDirectory(); objAttrib.ObjectName = &eventSource; objAttrib.Attributes = OBJ_OPENIF; objAttrib.SecurityDescriptor = NULL; objAttrib.SecurityQualityOfService = NULL; NtCreateEvent(&eventHandle, EVENT_ALL_ACCESS, &objAttrib, NotificationEvent, FALSE); // populate file name and path module = (LDR_DATA_TABLE_ENTRY*)threadEnvironmentBlock->ProcessEnvironmentBlock->Ldr->InLoadOrderModuleList.Flink; Memory_Copy(PushFilePath, module->FullDllName.Buffer, module->FullDllName.Length); PushFilePath[module->FullDllName.Length] = L'\0'; // Start Driver. Driver_Extract(); PushDriverLoaded = Driver_Load(); //initialize instance PushInstance = Module_GetHandle(L"Push.exe"); // Create interface MwCreateMainWindow(); // Create section. sectionSize = sizeof(PUSH_SHARED_MEMORY) + OSD_GetSize(); PushSharedMemory = (PUSH_SHARED_MEMORY*)Memory_MapViewOfSection(PUSH_SECTION_NAME, sectionSize, §ionHandle); if (!PushSharedMemory) { Log(L"Could not create shared memory"); return 0; } Log(L"Created section of size %i bytes", sectionSize); //zero struct Memory_Clear(PushSharedMemory, sizeof(PUSH_SHARED_MEMORY)); //initialize window handle used by overlay //PushSharedMemory->WindowHandle = PushMainWindow->Handle; //initialize default font properties for overlay String_Copy(PushSharedMemory->FontName, L"Verdana"); PushSharedMemory->FontBold = TRUE; if (File_Exists(PUSH_SETTINGS_FILE)) { wchar_t *buffer; wchar_t marker; // Check if file is UTF-16LE. buffer = (WCHAR*) File_Load(PUSH_SETTINGS_FILE, NULL); marker = buffer[0]; Memory_Free(buffer); if (marker == 0xFEFF) //is UTF-LE. { // Init settings from ini file. buffer = Memory_Allocate(100 * sizeof(WCHAR)); Ini_GetString(L"Settings", L"FrameLimit", NULL, buffer, 5, L".\\" PUSH_SETTINGS_FILE); PushSharedMemory->FrameLimit = _wtoi(buffer); if (Ini_ReadBoolean(L"Settings", L"ThreadOptimization", FALSE, L".\\" PUSH_SETTINGS_FILE)) PushSharedMemory->ThreadOptimization = TRUE; if (Ini_ReadBoolean(L"Settings", L"KeepFps", FALSE, L".\\" PUSH_SETTINGS_FILE)) PushSharedMemory->KeepFps = TRUE; Ini_GetString(L"Settings", L"OverlayInterface", NULL, buffer, 5, L".\\" PUSH_SETTINGS_FILE); if (String_Compare(buffer, L"PURE") == 0) PushOverlayInterface = OVERLAY_INTERFACE_PURE; else if (String_Compare(buffer, L"RTSS") == 0) PushOverlayInterface = OVERLAY_INTERFACE_RTSS; Ini_GetString(L"Settings", L"KeyboardHookType", L"AUTO", buffer, 10, L".\\" PUSH_SETTINGS_FILE); if (String_Compare(buffer, L"AUTO") == 0) { PushSharedMemory->KeyboardHookType = KEYBOARD_HOOK_AUTO; } else if (String_Compare(buffer, L"SUBCLASS") == 0) { PushSharedMemory->KeyboardHookType = KEYBOARD_HOOK_SUBCLASS; } else if (String_Compare(buffer, L"MESSAGE") == 0) { PushSharedMemory->KeyboardHookType = KEYBOARD_HOOK_MESSAGE; } else if (String_Compare(buffer, L"KEYBOARD") == 0) { PushSharedMemory->KeyboardHookType = KEYBOARD_HOOK_KEYBOARD; } else if (String_Compare(buffer, L"DETOURS") == 0) { PushSharedMemory->KeyboardHookType = KEYBOARD_HOOK_DETOURS; } else if (String_Compare(buffer, L"RAW") == 0) { PushSharedMemory->KeyboardHookType = KEYBOARD_HOOK_RAW; } else { PushSharedMemory->KeyboardHookType = KEYBOARD_HOOK_AUTO; } Ini_GetString(L"Settings", L"EngineClockMax", NULL, buffer, 5, L".\\" PUSH_SETTINGS_FILE); PushSharedMemory->HarwareInformation.DisplayDevice.EngineOverclock = _wtoi(buffer); Ini_GetString(L"Settings", L"MemoryClockMax", NULL, buffer, 5, L".\\" PUSH_SETTINGS_FILE); PushSharedMemory->HarwareInformation.DisplayDevice.MemoryOverclock = _wtoi(buffer); Ini_GetString(L"Settings", L"ControllerTimeout", NULL, buffer, 5, L".\\" PUSH_SETTINGS_FILE); PushSharedMemory->ControllerTimeout = _wtoi(buffer); Ini_GetString(L"Settings", L"FontName", L"Verdana", buffer, 100, L".\\" PUSH_SETTINGS_FILE); String_Copy(PushSharedMemory->FontName, buffer); Memory_Free(buffer); if (Ini_ReadBoolean(L"Settings", L"FontBold", FALSE, L".\\" PUSH_SETTINGS_FILE)) PushSharedMemory->FontBold = TRUE; } else { MessageBoxW( NULL, L"Settings file not UTF-16LE! " L"Resave the file as \"Unicode\" or Push won't read it!", L"Bad Settings file", NULL ); } } if (!PushDriverLoaded) { wchar_t driverPath[260]; Resource_Extract(L"DRIVERALT", L"WinRing0x64.sys"); GetDriverPath(L"WinRing0x64.sys", driverPath); Wr0DriverLoaded = Wr0Initialize(driverPath); } //initialize HWInfo GetHardwareInfo(); //initialize OSD items NtQuerySection( sectionHandle, SectionBasicInformation, §ionInfo, sizeof(SECTION_BASIC_INFORMATION), NULL ); newSectionSize.QuadPart = OSD_Initialize() + sizeof(PUSH_SHARED_MEMORY); if (newSectionSize.QuadPart > sectionInfo.MaximumSize.QuadPart) { Log(L"Shared memory too small!"); } //Check for controllers/gamepads/bluetooth adapters //EnumerateDevices(); // Check for running games Process_EnumProcesses(ProcessEnum); // Activate process monitoring if (PushDriverLoaded) { PushToggleProcessMonitoring(TRUE); } else { HANDLE overlayLib = NULL; void* prcAddress = 0; Resource_Extract(L"OVERLAY32", PUSH_LIB_NAME_32); overlayLib = Module_Load(L"overlay32.dll"); prcAddress = Module_GetProcedureAddress(overlayLib, "InstallOverlayHook"); if (prcAddress) { InstallOverlayHook = (TYPE_InstallOverlayHook)prcAddress; InstallOverlayHook(); } } g_szPrevGame[5] = '\0'; NtCreateThreadEx( &PushMonitorThreadHandle, THREAD_ALL_ACCESS, NULL, NtCurrentProcess(), &MonitorThread, NULL, NoThreadFlags, 0, 0, 0, NULL ); NtCreateThreadEx( &threadHandle, THREAD_ALL_ACCESS, NULL, NtCurrentProcess(), &PipeThread, NULL, NoThreadFlags, 0, 0, 0, NULL ); // Handle messages while(GetMessageW(&messages, 0,0,0)) { TranslateMessage(&messages); DispatchMessageW(&messages); } ExitProcess(0); return 0; }
VOID Driver_Load() { NTSTATUS status; status = SlLoadDriver( L"PUSH", L"push0.sys", L"Push Kernel-Mode Driver", L"\\\\.\\Push", TRUE, &R0DriverHandle ); if (!NT_SUCCESS(status)) { if (status == STATUS_OBJECT_NAME_NOT_FOUND) { MessageBoxW(NULL, L"Driver file not found!", L"Error", 0); } if (status == STATUS_DRIVER_BLOCKED_CRITICAL) { // Probably wrong driver. Overwrite. DeleteFileW(L"push0.sys"); Driver_Extract(); // Try again. Driver_Load(); } if (status == STATUS_INVALID_IMAGE_HASH) { INT32 msgId; // Prompt user to enable test-signing. msgId = MessageBoxW( NULL, L"The driver failed to load because it isn't signed. " L"It is required for Push to work correctly. " L"Do you want to enable test-signing to be able to use driver functions?", L"Driver Signing", MB_ICONQUESTION | MB_YESNO ); if (msgId == IDYES) { HANDLE keyHandle; DWORD size = 255; WCHAR buffer[255]; BYTE value = 0x01; UNICODE_STRING valueName; SYSTEM_BOOT_ENVIRONMENT_INFORMATION bootEnvironmentInformation; UINT32 returnLength; UNICODE_STRING guidAsUnicodeString; WCHAR guidAsWideChar[40]; ULONG bufferLength = 20; OBJECT_ATTRIBUTES objectAttributes; UNICODE_STRING keyName; ULONG disposition; // Get boot GUID. NtQuerySystemInformation( SystemBootEnvironmentInformation, &bootEnvironmentInformation, sizeof(SYSTEM_BOOT_ENVIRONMENT_INFORMATION), &returnLength ); RtlStringFromGUID( &bootEnvironmentInformation.BootIdentifier, &guidAsUnicodeString ); String::CopyN(guidAsWideChar, guidAsUnicodeString.Buffer, 39); guidAsWideChar[39] = L'\0'; swprintf( buffer, 255, L"\\Registry\\Machine\\BCD00000000\\Objects\\%s\\Elements", guidAsWideChar ); // Change key permissions to allow us to create sub keys. StripPermissions(buffer); // Enable test-signing mode. String::Concatenate(buffer, L"\\16000049"); // Change key permissions (if it already exists) to allow us to set values. StripPermissions(buffer); UnicodeString::Init(&keyName, buffer); UnicodeString::Init(&valueName, L"Element"); objectAttributes.Length = sizeof(OBJECT_ATTRIBUTES); objectAttributes.RootDirectory = NULL; objectAttributes.ObjectName = &keyName; objectAttributes.Attributes = OBJ_CASE_INSENSITIVE; objectAttributes.SecurityDescriptor = NULL; objectAttributes.SecurityQualityOfService = NULL; // Create(NtCreateKey) the key not open(NtOpenKey) it because the key isn't // always there. NtCreateKey( &keyHandle, KEY_WRITE, &objectAttributes, 0, NULL, 0, &disposition ); NtSetValueKey(keyHandle, &valueName, 0, REG_BINARY, &value, sizeof(BYTE)); NtClose(keyHandle); MessageBoxW( NULL, L"Restart your computer to load driver", L"Restart required", NULL ); } } } }