void main()
{
signal(SIGINT, SignalHandler);
if (!SetDebugPrivilege(true))
{
std::cout << "Failed to set debug privileges" << std::endl;
return;
}
pd = new ProcessDebugger(L"program.exe");
std::thread* th = ProcessDebugger::Run(pd);
if (!pd->WaitForComeUp(500))
{
std::cout << "Failed to start thread" << std::endl;
return;
}
IncBreakPoint* bp = new IncBreakPoint(0x4012B0 - 0x400000, 1, HardwareBreakpoint::Condition::Code);
if (!pd->AddBreakPoint(L"program.exe", bp))
{
std::cout << "Failed to add breakpoint" << std::endl;
return;
}
th->join();
}
int main()
{
HWND hWindow = 0,hWindowOld = 0;
DWORD dwWritten, dwPid;
HANDLE hProcess;
LPMODULEENTRY32 lpsModule;
SetConsoleTitle("Steam");
SetDebugPrivilege();
while(1)
{
printf("Zhdem nachala igri\n");
while( (hWindow = FindWindow(NULL, "League of Legends (TM) Client")) == 0 || hWindow == hWindowOld )
Sleep(1000);
hWindowOld = hWindow;
GetWindowThreadProcessId(hWindow, &dwPid);
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);
if( hProcess == NULL )
{
printf("Couldn't get client handle!\n\n");
continue;
}
printf("Nashel!\n");
lpsModule = GetModuleInfo(dwPid);
for( int i = 0; i < sizeof(g_sPatchList)/sizeof(OffsetInfo); ++i )
{
if( g_sPatchList[i].dwOffset == 0)
{
if( lpsModule )
FindOffset(hProcess, lpsModule, i);
}
if( g_sPatchList[i].dwOffset )
{
WriteProcessMemory(hProcess,(void*)g_sPatchList[i].dwOffset,(void*)g_sPatchList[i].lpbyData,g_sPatchList[i].dwLen,&dwWritten);
printf("GOTOVO! Polozhil Podorozhnik na adres: %X\n",g_sPatchList[i].dwOffset);
}else
printf("NOT Patched: %s\n",g_sPatchList[i].lpszName);
}
CloseHandle(hProcess);
printf("\n");
}
return 0;
}
CODebugger::CODebugger()
{
m_chFileName[0] = 0;
m_uiProcessID = 0; // 当前被调试进程的ID
m_uiThreadID = 0; // 主线程ID
m_hProcess = NULL; // 进程句柄
m_hThread = NULL; // 主线程句柄
m_bActive = false; // 活动状态
m_ulCurBreakPointAddr = 0;
fbpfunc=NULL;
bpfunc=NULL;
exitfunc=NULL;
unhfunc=NULL;
SetDebugPrivilege(GetCurrentProcess());
InitBlackmagic();
}
//------------------------------------------------------------------------------
//init start configuration
//------------------------------------------------------------------------------
void InitGlobalConfig(unsigned int params, BOOL debug, BOOL acl, BOOL ads, BOOL sha, BOOL recovery, BOOL local_scan, BOOL utc)
{
//in wine or not ?
WINE_OS = isWine();
//default language
if (CONSOL_ONLY)current_lang_id = 1;
else//get langue_id from RtCA.ini
{
//get current path
char path[MAX_PATH]="";
GetLocalPath(path, MAX_PATH);
strcat(path,DEFAULT_INI_FILE);
//get value
char default_lang_id[DEFAULT_TMP_SIZE];
GetPrivateProfileString("CONF","DEFAULT_LANG_ID","1",default_lang_id,DEFAULT_TMP_SIZE,path);
current_lang_id = atoi(default_lang_id);
if (IsDlgButtonChecked(h_proxy,PROXY_CHK_SAVE)==BST_CHECKED)
{
//if login and mdp
char tmp[DEFAULT_TMP_SIZE]="";
GetPrivateProfileString("PROXY","PROXY_URL","",tmp,DEFAULT_TMP_SIZE,path);
if (tmp[0] != 0)SetWindowText(GetDlgItem((HWND)h_proxy,PROXY_ED_PROXY),tmp);
tmp[0] = 0;
GetPrivateProfileString("PROXY","PROXY_LOGIN","",tmp,DEFAULT_TMP_SIZE,path);
if (tmp[0] != 0)SetWindowText(GetDlgItem((HWND)h_proxy,PROXY_ED_USER),tmp);
tmp[0] = 0;
GetPrivateProfileString("PROXY","PROXY_PASSWORD","",tmp,DEFAULT_TMP_SIZE,path);
if (tmp[0] != 0)
{
//simple XOR function
SetWindowText(GetDlgItem((HWND)h_proxy,PROXY_ED_PASSWORD),dechr(tmp,strlen(tmp),MDP_TEST));
}
}
SendMessage(hCombo_lang, CB_SETCURSEL,current_lang_id-1,0);
}
//init globals var
current_item_selected = -1;
STAY_ON_TOP = FALSE;
enable_LNK = FALSE;
FILE_ACL = acl;
FILE_ADS = ads;
FILE_SHA = sha;
UTC_TIME = utc;
LOCAL_SCAN = local_scan;
start_scan = FALSE;
stop_scan = FALSE;
disable_m_context = FALSE;
disable_p_context = FALSE;
update_thread_start = FALSE;
export_type = 0;
_SYSKEY[0] = 0; //global syskey for decrypt hash of users
//load data for db
InitSQLStrings();
InitGlobalLangueString(current_lang_id);
current_session_id = session[0];
if (!CONSOL_ONLY)LoadRootKitDB(hlstv_db);
WSADATA WSAData;
WSAStartup(0x02, &WSAData );
SetDebugPrivilege(TRUE);
//check if admin right ok
if(!HaveAdminRight())
{
if (!CONSOL_ONLY)
{
if (current_session_id != 0)MessageBox(h_main,cps[TXT_MSG_RIGHT_ADMIN].c,cps[TXT_MSG_RIGHT_ADMIN_ATTENTION].c,MB_OK|MB_TOPMOST|MB_ICONWARNING);
}else printf("[%s] %s\n",cps[TXT_MSG_RIGHT_ADMIN_ATTENTION].c,cps[TXT_MSG_RIGHT_ADMIN].c);
}
//init if 64b
#ifndef _WIN64_VERSION_
OldValue_W64b = FALSE;
ReviewWOW64Redirect(OldValue_W64b);
#endif
}
int main(int argc, char *argv[])
{
DWORD dw;
exit_th =0;
if(argc > 1)
{
if(strcmp(argv[1],"-i")==0 )
Install();
else
if(strcmp(argv[1],"-d")==0)
Suppression();
else
{
printf("Mauvaise option\n");
printf("-i : installe le driver qui sera charge au demarrage\n");
printf("-d : desinstalle le driver \n");
}
return 1;
}
//debut du programme
printf("Appuyez sur une touche pour initialiser la connexion\n");
system("pause 1 >Nul");
Initialize();
if(connection())
{
printf("connexion echouee, appuyez sur une touche pour sortir du programme\n");
system("pause 1>null");
return 1;
}
SetDebugPrivilege();
printf("Connexion etablie");
pipehandle = CreateNamedPipe("\\\\.\\\\pipe\\framework", PIPE_ACCESS_DUPLEX, PIPE_TYPE_MESSAGE,2, 2024, 2024, 0, 0);
if(pipehandle == INVALID_HANDLE_VALUE)
{
printf("Error pipehandle\n");
closeconnection();
system("pause");
return 1;
}
pipehandle_net = CreateNamedPipe("\\\\.\\\\pipe\\frameworkNet", PIPE_ACCESS_DUPLEX, PIPE_TYPE_MESSAGE,2, 2024, 2024, 0, 0);
if(pipehandle == INVALID_HANDLE_VALUE)
{
printf("Error pipehandle\n");
closeconnection();
system("pause");
return 1;
}
//Envoie IOCTL pour que le driver place les hooks ainsi que les callback
driverhandle = CreateFile("\\\\.\\dkf",GENERIC_READ|GENERIC_WRITE,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_SYSTEM,0);
if(driverhandle == INVALID_HANDLE_VALUE)
{
suppression();
printf("Error CreateFile failed \n");
system("pause");
return 2;
}
else
{
DeviceIoControl(driverhandle,IOCTL_DKF_START,NULL,0,NULL,0,&dw,0);
}
printf("Hook et callback ok\n");
// lancement du Threaad
th_handle = CreateThread(0,0,(LPTHREAD_START_ROUTINE) ListenDriver,0,0,&dw);
th_handle_net = CreateThread(0,0,(LPTHREAD_START_ROUTINE) ListenDriverNet,0,0,&dw);
printf("Pressez une touche pour arrêter le programme\n");
system("pause 1>Nul");
exit_th = 1;
TerminateThread(th_handle_net,0);
TerminateThread(th_handle,0);
if(pipehandle)
CloseHandle(pipehandle);
printf("de-hook \n");
DeviceIoControl(driverhandle,IOCTL_DKF_STOP,NULL,0,NULL,0,&dw,0);
printf("Fermeture de la connexion \n");
system("pause 1>Nul");
closeconnection();
return 0;
}
//Called after StarCraft is completely loaded
extern "C" __declspec(dllexport) bool ApplyPatch(HANDLE hProcess, DWORD dwProcessID)
{
wchar_t msgtemp[255];
wchar_t dll[MAX_PATH];
GetFullPathNameW(WDETECTOR, MAX_PATH, dll, NULL);
wLog(LOG_INFO, L"~Logging started~");
//Get SeDebugPrivilege
if (SetDebugPrivilege(TRUE) == true)
{
wLog(LOG_INFO, L"Obtained SeDebugPrivilege");
}
else
{
wLog(LOG_ERROR, L"Unable to obtain SeDebugPrivilege");
return false;
}
//Inject wDetector.w
if (CreateRemoteThreadInject(dwProcessID, dll) == true)
{
swprintf_s(msgtemp, sizeof(msgtemp), L"Injected %ls into %d", dll, dwProcessID);
wLog(LOG_INFO, msgtemp);
}
else
{
swprintf_s(msgtemp, sizeof(msgtemp), L"Could not inject %ls into %d", dll, dwProcessID);
wLog(LOG_ERROR, msgtemp);
return false;
}
//Kill wLauncher.exe
std::thread wLauncher(KillProc, processInfo.hProcess);
//Wait for wDetector.w
std::this_thread::sleep_for(std::chrono::milliseconds(250));
//Get base address of wDetector.w module
uint32_t wDetectorBaseAddress = 0;
if (FindModuleBaseAddress(WDETECTOR, wDetectorBaseAddress) == true)
{
swprintf_s(msgtemp, sizeof(msgtemp), L"wDetector's base address is %d", wDetectorBaseAddress);
wLog(LOG_INFO, msgtemp);
}
else
{
wLog(LOG_ERROR, L"Could not get wDetector's base address!");
return false;
}
//Wait for wLauncher to be killed
wLauncher.join();
//Patch wDetector
int8_t activate = { 0x12 };
WriteProcessMemory(hProcess, (LPVOID)(wDetectorBaseAddress + (uint32_t)0x5AD94), &activate, sizeof(activate), NULL);
wLog(LOG_INFO, L"wDetector activated!");
std::array<uint32_t, 17> offset = {
0x429E4, //Refresh game message
0x43CB4, //toggle automatic refresh - enable
0x43CAC, //toggle automatic refresh - disable
0x41B8C, //ago
0x41B84, //min
0x41B88, //sec
0x41AB0,
0x418D3, //mission briefing
0x43DB3, //time off
0x43DA3, //time on
0x43CBD, //toggle automatic refresh
0x4297D, //Automatic game refresh disable -msg after 3 mins
0x4299F, //3 minutes passed) -msg after 3 mins
0x429C7, //F5 - seconds until refreshing.
0x41C0B, //English
0x42755, //"Conflict" (no null terminator)
0x444CC //"has banned you. (Host hack)"
};
std::array<std::string, 17> vals = {
"Refreshing", //<wDetector 3.35 - Refreshing>
"enabled", //toggle automatic refresh
"disable", //toggle automatic refresh
"ago",
"min",
"sec",
" min %u sec",
"Players Ready", //mission briefing
"Time off",
"Time on",
"Automatic refresh %s", //toggle automatic refresh
"Automatic game refresh disable", //msg after 3 mins
"3 minutes passed)", //msg after 3 mins
" seconds until refreshing.", //F5
"English",
/*16*/ "Conflict",
"has banned you. (Host hack)"
};
std::array<char, 17> terminator = {
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
/*16*/ 0x20,
0x00
};
{
char buff[50] = "";
int a = 0;
for (std::size_t i{ 0 }; i < offset.size(); ++i)
{
if (terminator.at(i) == 0x00)
{
a = 1;
}
else
{
vals.at(i) += terminator.at(i); //append to end of C++ string
a = 0; //don't leave room for null terminator
}
strcpy_s(buff, sizeof(buff), vals.at(i).c_str());
//vals.size() does not have a null terminator
WriteProcessMemory(hProcess, (LPVOID)(wDetectorBaseAddress + offset.at(i)), buff, vals.at(i).size() + a, NULL);
}
}
wLog(LOG_INFO, L"wDetector translated");
return true;
}