├── README.md ├── CSGO ├── dll │ ├── dll.vcxproj.user │ ├── dll.vcxproj.filters │ ├── main.h │ ├── main.cpp │ └── dll.vcxproj ├── client │ ├── client.vcxproj.filters │ ├── client.vcxproj.user │ ├── client.vcxproj │ └── main.cpp └── anti-cheat.sln └── CS2 ├── honeypot ├── dll │ ├── dll.vcxproj.user │ ├── dll.vcxproj.filters │ ├── main.h │ ├── dll.vcxproj │ └── main.cpp ├── client │ ├── client.vcxproj.user │ ├── client.vcxproj.filters │ ├── client.vcxproj │ └── main.cpp └── anti-cheat.sln └── mouse_input ├── dll ├── dll.vcxproj.user ├── dll.vcxproj.filters ├── main.h ├── dll.vcxproj └── main.cpp ├── client ├── client.vcxproj.user ├── client.vcxproj.filters ├── client.vcxproj └── main.cpp └── anti-cheat.sln /README.md: -------------------------------------------------------------------------------- 1 | # ec-guard 2 | Proof of concept Anti-Cheat plugin. 3 | -------------------------------------------------------------------------------- /CSGO/dll/dll.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | true 5 | 6 | -------------------------------------------------------------------------------- /CS2/honeypot/dll/dll.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | true 5 | 6 | -------------------------------------------------------------------------------- /CS2/mouse_input/dll/dll.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | true 5 | 6 | -------------------------------------------------------------------------------- /CS2/honeypot/client/client.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | true 5 | 6 | 7 | $(OutDir) 8 | WindowsLocalDebugger 9 | 10 | 11 | $(OutDir) 12 | WindowsLocalDebugger 13 | 14 | -------------------------------------------------------------------------------- /CS2/mouse_input/client/client.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | true 5 | 6 | 7 | $(OutDir) 8 | WindowsLocalDebugger 9 | 10 | 11 | $(OutDir) 12 | WindowsLocalDebugger 13 | 14 | -------------------------------------------------------------------------------- /CSGO/client/client.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /CS2/honeypot/client/client.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /CS2/mouse_input/client/client.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /CSGO/dll/dll.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | 23 | 24 | Header Files 25 | 26 | 27 | -------------------------------------------------------------------------------- /CS2/honeypot/dll/dll.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | 23 | 24 | Header Files 25 | 26 | 27 | -------------------------------------------------------------------------------- /CS2/mouse_input/dll/dll.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | 23 | 24 | Header Files 25 | 26 | 27 | -------------------------------------------------------------------------------- /CSGO/client/client.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | true 5 | 6 | 7 | $(OutDir) 8 | WindowsLocalDebugger 9 | 10 | 11 | $(OutDir) 12 | WindowsLocalDebugger 13 | 14 | 15 | $(OutDir) 16 | WindowsLocalDebugger 17 | 18 | 19 | $(OutDir) 20 | WindowsLocalDebugger 21 | 22 | -------------------------------------------------------------------------------- /CSGO/dll/main.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #define _CRT_SECURE_NO_WARNINGS 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | typedef const UNICODE_STRING * PCUNICODE_STRING; 10 | typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA { 11 | ULONG Flags; //Reserved. 12 | PCUNICODE_STRING FullDllName; //The full path name of the DLL module. 13 | PCUNICODE_STRING BaseDllName; //The base file name of the DLL module. 14 | PVOID DllBase; //A pointer to the base address for the DLL in memory. 15 | ULONG SizeOfImage; //The size of the DLL image, in bytes. 16 | } LDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_LOADED_NOTIFICATION_DATA; 17 | 18 | typedef union _LDR_DLL_NOTIFICATION_DATA { 19 | LDR_DLL_LOADED_NOTIFICATION_DATA Loaded; 20 | LDR_DLL_LOADED_NOTIFICATION_DATA Unloaded; 21 | } LDR_DLL_NOTIFICATION_DATA, *PLDR_DLL_NOTIFICATION_DATA; 22 | 23 | typedef const _LDR_DLL_NOTIFICATION_DATA * PCLDR_DLL_NOTIFICATION_DATA; 24 | 25 | typedef VOID (CALLBACK * PLDR_DLL_NOTIFICATION_FUNCTION)( 26 | _In_ ULONG NotificationReason, 27 | _In_ PCLDR_DLL_NOTIFICATION_DATA NotificationData, 28 | _In_opt_ PVOID Context 29 | ); 30 | 31 | typedef struct { 32 | HANDLE handle; 33 | UINT64 total_calls; 34 | } DEVICE_INFO ; 35 | 36 | #define LDR_DLL_NOTIFICATION_REASON_LOADED 1 37 | #define LDR_DLL_NOTIFICATION_REASON_UNLOADED 2 38 | 39 | #define DEBUG 40 | #define LOG(...) printf("[ec-guard.dll] " __VA_ARGS__) 41 | 42 | -------------------------------------------------------------------------------- /CS2/honeypot/dll/main.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #define _CRT_SECURE_NO_WARNINGS 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | typedef const UNICODE_STRING * PCUNICODE_STRING; 10 | typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA { 11 | ULONG Flags; //Reserved. 12 | PCUNICODE_STRING FullDllName; //The full path name of the DLL module. 13 | PCUNICODE_STRING BaseDllName; //The base file name of the DLL module. 14 | PVOID DllBase; //A pointer to the base address for the DLL in memory. 15 | ULONG SizeOfImage; //The size of the DLL image, in bytes. 16 | } LDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_LOADED_NOTIFICATION_DATA; 17 | 18 | typedef union _LDR_DLL_NOTIFICATION_DATA { 19 | LDR_DLL_LOADED_NOTIFICATION_DATA Loaded; 20 | LDR_DLL_LOADED_NOTIFICATION_DATA Unloaded; 21 | } LDR_DLL_NOTIFICATION_DATA, *PLDR_DLL_NOTIFICATION_DATA; 22 | 23 | typedef const _LDR_DLL_NOTIFICATION_DATA * PCLDR_DLL_NOTIFICATION_DATA; 24 | 25 | typedef VOID (CALLBACK * PLDR_DLL_NOTIFICATION_FUNCTION)( 26 | _In_ ULONG NotificationReason, 27 | _In_ PCLDR_DLL_NOTIFICATION_DATA NotificationData, 28 | _In_opt_ PVOID Context 29 | ); 30 | 31 | typedef struct { 32 | HANDLE handle; 33 | UINT64 total_calls; 34 | UINT64 timestamp; 35 | } DEVICE_INFO ; 36 | 37 | #define LDR_DLL_NOTIFICATION_REASON_LOADED 1 38 | #define LDR_DLL_NOTIFICATION_REASON_UNLOADED 2 39 | 40 | 41 | inline void FontColor(int color=0x07) { SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), color); } 42 | 43 | 44 | #define DEBUG 45 | 46 | #define LOG(...) \ 47 | FontColor(3); \ 48 | printf("[ec-guard.dll] "); \ 49 | FontColor(7); \ 50 | printf(__VA_ARGS__); \ 51 | 52 | 53 | typedef ULONG_PTR QWORD; 54 | 55 | -------------------------------------------------------------------------------- /CS2/mouse_input/dll/main.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #define _CRT_SECURE_NO_WARNINGS 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | typedef const UNICODE_STRING * PCUNICODE_STRING; 11 | typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA { 12 | ULONG Flags; //Reserved. 13 | PCUNICODE_STRING FullDllName; //The full path name of the DLL module. 14 | PCUNICODE_STRING BaseDllName; //The base file name of the DLL module. 15 | PVOID DllBase; //A pointer to the base address for the DLL in memory. 16 | ULONG SizeOfImage; //The size of the DLL image, in bytes. 17 | } LDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_LOADED_NOTIFICATION_DATA; 18 | 19 | typedef union _LDR_DLL_NOTIFICATION_DATA { 20 | LDR_DLL_LOADED_NOTIFICATION_DATA Loaded; 21 | LDR_DLL_LOADED_NOTIFICATION_DATA Unloaded; 22 | } LDR_DLL_NOTIFICATION_DATA, *PLDR_DLL_NOTIFICATION_DATA; 23 | 24 | typedef const _LDR_DLL_NOTIFICATION_DATA * PCLDR_DLL_NOTIFICATION_DATA; 25 | 26 | typedef VOID (CALLBACK * PLDR_DLL_NOTIFICATION_FUNCTION)( 27 | _In_ ULONG NotificationReason, 28 | _In_ PCLDR_DLL_NOTIFICATION_DATA NotificationData, 29 | _In_opt_ PVOID Context 30 | ); 31 | 32 | typedef struct { 33 | HANDLE handle; 34 | UINT64 total_calls; 35 | UINT64 timestamp; 36 | } DEVICE_INFO ; 37 | 38 | #define LDR_DLL_NOTIFICATION_REASON_LOADED 1 39 | #define LDR_DLL_NOTIFICATION_REASON_UNLOADED 2 40 | 41 | 42 | inline void FontColor(int color=0x07) { SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), color); } 43 | 44 | 45 | #define DEBUG 46 | 47 | #define LOG(...) \ 48 | FontColor(3); \ 49 | printf("[ec-guard.dll] "); \ 50 | FontColor(7); \ 51 | printf(__VA_ARGS__); \ 52 | 53 | 54 | typedef ULONG_PTR QWORD; 55 | 56 | -------------------------------------------------------------------------------- /CSGO/anti-cheat.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 17 4 | VisualStudioVersion = 17.7.34031.279 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "client", "client\client.vcxproj", "{1962B56A-16F7-4B69-BFF8-517B06A5BE7E}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dll", "dll\dll.vcxproj", "{D0D9D557-7160-4CCB-87CD-D306E3E7CC57}" 9 | EndProject 10 | Global 11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 12 | Debug|x64 = Debug|x64 13 | Debug|x86 = Debug|x86 14 | Release|x64 = Release|x64 15 | Release|x86 = Release|x86 16 | EndGlobalSection 17 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 18 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Debug|x64.ActiveCfg = Debug|x64 19 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Debug|x64.Build.0 = Debug|x64 20 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Debug|x86.ActiveCfg = Debug|Win32 21 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Debug|x86.Build.0 = Debug|Win32 22 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Release|x64.ActiveCfg = Release|x64 23 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Release|x64.Build.0 = Release|x64 24 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Release|x86.ActiveCfg = Release|Win32 25 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Release|x86.Build.0 = Release|Win32 26 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Debug|x64.ActiveCfg = Debug|x64 27 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Debug|x64.Build.0 = Debug|x64 28 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Debug|x86.ActiveCfg = Debug|Win32 29 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Debug|x86.Build.0 = Debug|Win32 30 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Release|x64.ActiveCfg = Release|x64 31 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Release|x64.Build.0 = Release|x64 32 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Release|x86.ActiveCfg = Release|Win32 33 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Release|x86.Build.0 = Release|Win32 34 | EndGlobalSection 35 | GlobalSection(SolutionProperties) = preSolution 36 | HideSolutionNode = FALSE 37 | EndGlobalSection 38 | GlobalSection(ExtensibilityGlobals) = postSolution 39 | SolutionGuid = {1AB74244-596C-45FF-B87B-C04E93886684} 40 | EndGlobalSection 41 | EndGlobal 42 | -------------------------------------------------------------------------------- /CS2/honeypot/anti-cheat.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 17 4 | VisualStudioVersion = 17.7.34031.279 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "client", "client\client.vcxproj", "{1962B56A-16F7-4B69-BFF8-517B06A5BE7E}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dll", "dll\dll.vcxproj", "{D0D9D557-7160-4CCB-87CD-D306E3E7CC57}" 9 | EndProject 10 | Global 11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 12 | Debug|x64 = Debug|x64 13 | Debug|x86 = Debug|x86 14 | Release|x64 = Release|x64 15 | Release|x86 = Release|x86 16 | EndGlobalSection 17 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 18 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Debug|x64.ActiveCfg = Debug|x64 19 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Debug|x64.Build.0 = Debug|x64 20 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Debug|x86.ActiveCfg = Debug|Win32 21 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Debug|x86.Build.0 = Debug|Win32 22 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Release|x64.ActiveCfg = Release|x64 23 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Release|x64.Build.0 = Release|x64 24 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Release|x86.ActiveCfg = Release|Win32 25 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Release|x86.Build.0 = Release|Win32 26 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Debug|x64.ActiveCfg = Debug|x64 27 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Debug|x64.Build.0 = Debug|x64 28 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Debug|x86.ActiveCfg = Debug|Win32 29 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Debug|x86.Build.0 = Debug|Win32 30 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Release|x64.ActiveCfg = Release|x64 31 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Release|x64.Build.0 = Release|x64 32 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Release|x86.ActiveCfg = Release|Win32 33 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Release|x86.Build.0 = Release|Win32 34 | EndGlobalSection 35 | GlobalSection(SolutionProperties) = preSolution 36 | HideSolutionNode = FALSE 37 | EndGlobalSection 38 | GlobalSection(ExtensibilityGlobals) = postSolution 39 | SolutionGuid = {1AB74244-596C-45FF-B87B-C04E93886684} 40 | EndGlobalSection 41 | EndGlobal 42 | -------------------------------------------------------------------------------- /CS2/mouse_input/anti-cheat.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 17 4 | VisualStudioVersion = 17.7.34031.279 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "client", "client\client.vcxproj", "{1962B56A-16F7-4B69-BFF8-517B06A5BE7E}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dll", "dll\dll.vcxproj", "{D0D9D557-7160-4CCB-87CD-D306E3E7CC57}" 9 | EndProject 10 | Global 11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 12 | Debug|x64 = Debug|x64 13 | Debug|x86 = Debug|x86 14 | Release|x64 = Release|x64 15 | Release|x86 = Release|x86 16 | EndGlobalSection 17 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 18 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Debug|x64.ActiveCfg = Debug|x64 19 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Debug|x64.Build.0 = Debug|x64 20 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Debug|x86.ActiveCfg = Debug|Win32 21 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Debug|x86.Build.0 = Debug|Win32 22 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Release|x64.ActiveCfg = Release|x64 23 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Release|x64.Build.0 = Release|x64 24 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Release|x86.ActiveCfg = Release|Win32 25 | {1962B56A-16F7-4B69-BFF8-517B06A5BE7E}.Release|x86.Build.0 = Release|Win32 26 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Debug|x64.ActiveCfg = Debug|x64 27 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Debug|x64.Build.0 = Debug|x64 28 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Debug|x86.ActiveCfg = Debug|Win32 29 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Debug|x86.Build.0 = Debug|Win32 30 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Release|x64.ActiveCfg = Release|x64 31 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Release|x64.Build.0 = Release|x64 32 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Release|x86.ActiveCfg = Release|Win32 33 | {D0D9D557-7160-4CCB-87CD-D306E3E7CC57}.Release|x86.Build.0 = Release|Win32 34 | EndGlobalSection 35 | GlobalSection(SolutionProperties) = preSolution 36 | HideSolutionNode = FALSE 37 | EndGlobalSection 38 | GlobalSection(ExtensibilityGlobals) = postSolution 39 | SolutionGuid = {1AB74244-596C-45FF-B87B-C04E93886684} 40 | EndGlobalSection 41 | EndGlobal 42 | -------------------------------------------------------------------------------- /CSGO/dll/main.cpp: -------------------------------------------------------------------------------- 1 | #include "main.h" 2 | 3 | // 4 | // current components: 5 | // - usermode input inject detection 6 | // 7 | // missing components: 8 | // - validating mouse packets to game camera (this would cause harm for internal cheats) 9 | // - .data encryption/decryption (block external/DMA cheats) 10 | // 11 | 12 | std::vector get_input_devices(void); 13 | 14 | namespace globals 15 | { 16 | std::vector device_list; 17 | WNDPROC game_window_proc = 0; 18 | } 19 | 20 | // 21 | // missing component: validating incoming input to game camera 22 | // 23 | static LRESULT CALLBACK WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) 24 | { 25 | static DWORD invalid_cnt = 0; 26 | 27 | 28 | // 29 | // block all non used devices 30 | // 31 | if (globals::device_list.size() > 1) 32 | { 33 | DEVICE_INFO primary_dev{}; 34 | UINT64 max_calls = 0; 35 | 36 | for (DEVICE_INFO &dev : globals::device_list) 37 | { 38 | if (dev.total_calls > max_calls) 39 | { 40 | max_calls = dev.total_calls; 41 | primary_dev = dev; 42 | } 43 | } 44 | 45 | if (max_calls > 50) 46 | { 47 | globals::device_list.clear(); 48 | globals::device_list.push_back(primary_dev); 49 | LOG("primary input device has been now selected\n"); 50 | } 51 | } 52 | 53 | 54 | // 55 | // validate incoming rawinput device 56 | // 57 | if (uMsg == WM_INPUT) 58 | { 59 | RAWINPUT data{}; 60 | UINT size = sizeof(RAWINPUT); 61 | GetRawInputData((HRAWINPUT)lParam, RID_INPUT, &data, &size, sizeof(RAWINPUTHEADER)); 62 | 63 | 64 | if (data.header.dwType != RIM_TYPEMOUSE) 65 | { 66 | return CallWindowProc(globals::game_window_proc, hwnd, uMsg, wParam, lParam ); 67 | } 68 | 69 | 70 | BOOLEAN found = 0; 71 | for (DEVICE_INFO &dev : globals::device_list) 72 | { 73 | if (dev.handle == data.header.hDevice) 74 | { 75 | found = 1; 76 | dev.total_calls++; 77 | break; 78 | } 79 | } 80 | 81 | 82 | if (found == 0) 83 | { 84 | LOG("invalid mouse input detected %d\n", ++invalid_cnt); 85 | uMsg = WM_NULL; 86 | } 87 | } 88 | 89 | 90 | // 91 | // detect injected messages 92 | // https://stackoverflow.com/questions/69193249/how-to-distinguish-mouse-and-touchpad-events-using-getcurrentinputmessagesource 93 | // 94 | if ((uMsg >= WM_MOUSEFIRST && uMsg <= WM_MOUSELAST) || (uMsg >= WM_KEYFIRST && uMsg <= WM_KEYLAST) || (uMsg >= WM_TOUCH && uMsg <= WM_POINTERWHEEL)) 95 | { 96 | INPUT_MESSAGE_SOURCE src; 97 | if (GetCurrentInputMessageSource(&src)) 98 | { 99 | if (src.originId == IMO_INJECTED) 100 | { 101 | LOG("invalid mouse input detected %d\n", ++invalid_cnt); 102 | uMsg = WM_NULL; 103 | } 104 | } 105 | } 106 | return CallWindowProc(globals::game_window_proc, hwnd, uMsg, wParam, lParam ); 107 | } 108 | 109 | static void MainThread(void) 110 | { 111 | HWND window = 0; 112 | while (1) 113 | { 114 | window = FindWindowA("Valve001", 0); 115 | 116 | if (window != 0) 117 | { 118 | break; 119 | } 120 | 121 | Sleep(100); 122 | } 123 | globals::device_list = get_input_devices(); 124 | globals::game_window_proc = (WNDPROC)SetWindowLongPtrW(window, GWL_WNDPROC, (LONG)WindowProc); 125 | LOG("plugin is installed\n"); 126 | } 127 | 128 | VOID CALLBACK DllCallback( 129 | _In_ ULONG NotificationReason, 130 | _In_ PCLDR_DLL_NOTIFICATION_DATA NotificationData, 131 | _In_opt_ PVOID Context 132 | ) 133 | { 134 | UNREFERENCED_PARAMETER(Context); 135 | if (NotificationReason == LDR_DLL_NOTIFICATION_REASON_LOADED) 136 | { 137 | LOG("%ws\n", NotificationData->Loaded.BaseDllName->Buffer); 138 | } 139 | else if (NotificationReason == LDR_DLL_NOTIFICATION_REASON_UNLOADED) 140 | { 141 | } 142 | } 143 | 144 | BOOL WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID Reserved) 145 | { 146 | if (dwReason == DLL_PROCESS_ATTACH) 147 | { 148 | AllocConsole(); 149 | freopen("CONOUT$", "w", stdout); 150 | CloseHandle(CreateThread(0, 0, (LPTHREAD_START_ROUTINE)MainThread, 0, 0, 0)); 151 | 152 | NTSTATUS (NTAPI *LdrRegisterDllNotification)( 153 | _In_ ULONG Flags, 154 | _In_ PLDR_DLL_NOTIFICATION_FUNCTION NotificationFunction, 155 | _In_opt_ PVOID Context, 156 | _Out_ PVOID *Cookie 157 | ); 158 | VOID *dll_callback_handle = 0; 159 | *(void**)&LdrRegisterDllNotification = (void*)GetProcAddress(LoadLibraryA("ntdll.dll"), "LdrRegisterDllNotification"); 160 | LdrRegisterDllNotification(0, DllCallback, 0, &dll_callback_handle); 161 | 162 | } 163 | return 1; 164 | } 165 | 166 | std::vector get_input_devices(void) 167 | { 168 | std::vector devices; 169 | 170 | 171 | // 172 | // get number of devices 173 | // 174 | UINT device_count = 0; 175 | GetRawInputDeviceList(0, &device_count, sizeof(RAWINPUTDEVICELIST)); 176 | 177 | 178 | // 179 | // allocate space for device list 180 | // 181 | RAWINPUTDEVICELIST *device_list = (RAWINPUTDEVICELIST *)malloc(sizeof(RAWINPUTDEVICELIST) * device_count); 182 | 183 | 184 | // 185 | // get list of input devices 186 | // 187 | GetRawInputDeviceList(device_list, &device_count, sizeof(RAWINPUTDEVICELIST)); 188 | 189 | 190 | for (UINT i = 0; i < device_count; i++) 191 | { 192 | // 193 | // skip non mouse devices ; we can adjust this in future 194 | // 195 | if (device_list[i].dwType != RIM_TYPEMOUSE) 196 | { 197 | continue; 198 | } 199 | 200 | 201 | // 202 | // add new device to our dynamic list 203 | // 204 | DEVICE_INFO info{}; 205 | info.handle = device_list[i].hDevice; 206 | devices.push_back(info); 207 | } 208 | 209 | 210 | // 211 | // free resources 212 | // 213 | free(device_list); 214 | 215 | 216 | return devices; 217 | } 218 | 219 | -------------------------------------------------------------------------------- /CS2/honeypot/client/client.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | 17.0 23 | Win32Proj 24 | {1962b56a-16f7-4b69-bff8-517b06a5be7e} 25 | client 26 | 10.0 27 | 28 | 29 | 30 | Application 31 | true 32 | v143 33 | Unicode 34 | 35 | 36 | Application 37 | false 38 | v143 39 | true 40 | Unicode 41 | 42 | 43 | Application 44 | true 45 | v143 46 | Unicode 47 | 48 | 49 | Application 50 | false 51 | v143 52 | true 53 | Unicode 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | ec-guard 75 | 76 | 77 | ec-guard 78 | 79 | 80 | 81 | Level3 82 | true 83 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 84 | true 85 | 86 | 87 | Console 88 | true 89 | 90 | 91 | 92 | 93 | Level3 94 | true 95 | true 96 | true 97 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 98 | true 99 | 100 | 101 | Console 102 | true 103 | true 104 | true 105 | 106 | 107 | 108 | 109 | Level3 110 | true 111 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 112 | true 113 | stdcpp17 114 | 115 | 116 | Console 117 | true 118 | 119 | 120 | 121 | 122 | Level3 123 | true 124 | true 125 | true 126 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 127 | true 128 | MultiThreaded 129 | stdcpp17 130 | 131 | 132 | Console 133 | true 134 | true 135 | false 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | -------------------------------------------------------------------------------- /CS2/mouse_input/client/client.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | 17.0 23 | Win32Proj 24 | {1962b56a-16f7-4b69-bff8-517b06a5be7e} 25 | client 26 | 10.0 27 | 28 | 29 | 30 | Application 31 | true 32 | v143 33 | Unicode 34 | 35 | 36 | Application 37 | false 38 | v143 39 | true 40 | Unicode 41 | 42 | 43 | Application 44 | true 45 | v143 46 | Unicode 47 | 48 | 49 | Application 50 | false 51 | v143 52 | true 53 | Unicode 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | ec-guard 75 | 76 | 77 | ec-guard 78 | 79 | 80 | 81 | Level3 82 | true 83 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 84 | true 85 | 86 | 87 | Console 88 | true 89 | 90 | 91 | 92 | 93 | Level3 94 | true 95 | true 96 | true 97 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 98 | true 99 | 100 | 101 | Console 102 | true 103 | true 104 | true 105 | 106 | 107 | 108 | 109 | Level3 110 | true 111 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 112 | true 113 | stdcpp17 114 | 115 | 116 | Console 117 | true 118 | 119 | 120 | 121 | 122 | Level3 123 | true 124 | true 125 | true 126 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 127 | true 128 | MultiThreaded 129 | stdcpp17 130 | 131 | 132 | Console 133 | true 134 | true 135 | false 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | -------------------------------------------------------------------------------- /CSGO/client/client.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | 17.0 23 | Win32Proj 24 | {1962b56a-16f7-4b69-bff8-517b06a5be7e} 25 | client 26 | 10.0 27 | 28 | 29 | 30 | Application 31 | true 32 | v143 33 | Unicode 34 | 35 | 36 | Application 37 | false 38 | v143 39 | true 40 | Unicode 41 | 42 | 43 | Application 44 | true 45 | v143 46 | Unicode 47 | 48 | 49 | Application 50 | false 51 | v143 52 | true 53 | Unicode 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | ec-guard 75 | 76 | 77 | ec-guard 78 | 79 | 80 | 81 | Level3 82 | true 83 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 84 | true 85 | stdcpp17 86 | 87 | 88 | Console 89 | true 90 | 91 | 92 | 93 | 94 | Level3 95 | true 96 | true 97 | true 98 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 99 | true 100 | stdcpp17 101 | 102 | 103 | Console 104 | true 105 | true 106 | true 107 | 108 | 109 | 110 | 111 | Level3 112 | true 113 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 114 | true 115 | stdcpp17 116 | 117 | 118 | Console 119 | true 120 | 121 | 122 | 123 | 124 | Level3 125 | true 126 | true 127 | true 128 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 129 | true 130 | MultiThreaded 131 | stdcpp17 132 | 133 | 134 | Console 135 | true 136 | true 137 | false 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | -------------------------------------------------------------------------------- /CS2/mouse_input/dll/dll.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | 17.0 23 | Win32Proj 24 | {d0d9d557-7160-4ccb-87cd-d306e3e7cc57} 25 | dll 26 | 10.0 27 | 28 | 29 | 30 | DynamicLibrary 31 | true 32 | v143 33 | Unicode 34 | 35 | 36 | DynamicLibrary 37 | false 38 | v143 39 | true 40 | Unicode 41 | 42 | 43 | DynamicLibrary 44 | true 45 | v143 46 | Unicode 47 | 48 | 49 | DynamicLibrary 50 | false 51 | v143 52 | true 53 | Unicode 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | ec-guard 74 | 75 | 76 | ec-guard 77 | 78 | 79 | 80 | Level3 81 | true 82 | WIN32;_DEBUG;DLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 83 | true 84 | 85 | 86 | Windows 87 | true 88 | false 89 | 90 | 91 | 92 | 93 | Level3 94 | true 95 | true 96 | true 97 | WIN32;NDEBUG;DLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 98 | true 99 | 100 | 101 | Windows 102 | true 103 | true 104 | true 105 | false 106 | 107 | 108 | 109 | 110 | Level3 111 | true 112 | _DEBUG;DLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 113 | true 114 | 115 | 116 | Windows 117 | true 118 | false 119 | 120 | 121 | 122 | 123 | Level3 124 | true 125 | true 126 | true 127 | NDEBUG;DLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 128 | true 129 | MultiThreaded 130 | 131 | 132 | Windows 133 | true 134 | true 135 | false 136 | false 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | -------------------------------------------------------------------------------- /CS2/honeypot/dll/dll.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | 17.0 23 | Win32Proj 24 | {d0d9d557-7160-4ccb-87cd-d306e3e7cc57} 25 | dll 26 | 10.0 27 | 28 | 29 | 30 | DynamicLibrary 31 | true 32 | v143 33 | Unicode 34 | 35 | 36 | DynamicLibrary 37 | false 38 | v143 39 | true 40 | Unicode 41 | 42 | 43 | DynamicLibrary 44 | true 45 | v143 46 | Unicode 47 | 48 | 49 | DynamicLibrary 50 | false 51 | v143 52 | true 53 | Unicode 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | ec-guard 76 | 77 | 78 | ec-guard 79 | 80 | 81 | 82 | Level3 83 | true 84 | WIN32;_DEBUG;DLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 85 | true 86 | 87 | 88 | Windows 89 | true 90 | false 91 | 92 | 93 | 94 | 95 | Level3 96 | true 97 | true 98 | true 99 | WIN32;NDEBUG;DLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 100 | true 101 | 102 | 103 | Windows 104 | true 105 | true 106 | true 107 | false 108 | 109 | 110 | 111 | 112 | Level3 113 | true 114 | _DEBUG;DLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 115 | true 116 | 117 | 118 | Windows 119 | true 120 | false 121 | 122 | 123 | 124 | 125 | Level3 126 | true 127 | true 128 | true 129 | NDEBUG;DLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 130 | true 131 | MultiThreaded 132 | 133 | 134 | Windows 135 | true 136 | true 137 | false 138 | false 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | -------------------------------------------------------------------------------- /CSGO/dll/dll.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | 17.0 23 | Win32Proj 24 | {d0d9d557-7160-4ccb-87cd-d306e3e7cc57} 25 | dll 26 | 10.0 27 | 28 | 29 | 30 | DynamicLibrary 31 | true 32 | v143 33 | Unicode 34 | 35 | 36 | DynamicLibrary 37 | false 38 | v143 39 | true 40 | Unicode 41 | 42 | 43 | DynamicLibrary 44 | true 45 | v143 46 | Unicode 47 | 48 | 49 | DynamicLibrary 50 | false 51 | v143 52 | true 53 | Unicode 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | ec-guard 74 | 75 | 76 | ec-guard 77 | 78 | 79 | ec-guard 80 | 81 | 82 | ec-guard 83 | 84 | 85 | 86 | Level3 87 | true 88 | WIN32;_DEBUG;DLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 89 | true 90 | 91 | 92 | Windows 93 | true 94 | false 95 | 96 | 97 | 98 | 99 | Level3 100 | true 101 | true 102 | true 103 | WIN32;NDEBUG;DLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 104 | true 105 | MultiThreaded 106 | stdcpp17 107 | 108 | 109 | Windows 110 | true 111 | true 112 | false 113 | false 114 | 115 | 116 | 117 | 118 | Level3 119 | true 120 | _DEBUG;DLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 121 | true 122 | 123 | 124 | Windows 125 | true 126 | false 127 | 128 | 129 | 130 | 131 | Level3 132 | true 133 | true 134 | true 135 | NDEBUG;DLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 136 | true 137 | MultiThreaded 138 | 139 | 140 | Windows 141 | true 142 | true 143 | false 144 | false 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | -------------------------------------------------------------------------------- /CS2/honeypot/client/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | #define DEBUG 8 | #define LOG(...) printf("[ec-guard.exe] " __VA_ARGS__) 9 | #define TARGET_GAME "cs2.exe" 10 | #define TARGET_DLL "ec-guard.dll" 11 | 12 | 13 | 14 | 15 | 16 | 17 | typedef enum 18 | { 19 | NotRunning = 0, 20 | RunningWithoutAC = 1, 21 | Running = 2 22 | } GameState ; 23 | 24 | typedef struct 25 | { 26 | DWORD pid; 27 | std::string path; 28 | } PROCESS_INFO ; 29 | 30 | BOOL load_library(HANDLE process, std::string dll_path); 31 | BOOL get_process_info(PCSTR process_name, PROCESS_INFO *info); 32 | DWORD get_process_id(PCSTR process_name); 33 | GameState get_game_state(PCSTR process_name, PCSTR dll_name); 34 | BOOL terminate_process(PCSTR process_name); 35 | std::string get_process_cmd(HANDLE process_handle, std::string path); 36 | 37 | int main(void) 38 | { 39 | char buffer[260]{}; 40 | GetCurrentDirectoryA(260, buffer); 41 | std::string dll_path = buffer + std::string("\\") + std::string(TARGET_DLL); 42 | if (!std::filesystem::exists(dll_path)) 43 | { 44 | LOG("Anti-Cheat file is missing: %s\n", dll_path.c_str()); 45 | return 0; 46 | } 47 | 48 | GameState state = get_game_state(TARGET_GAME, TARGET_DLL); 49 | 50 | if (state == GameState::Running) 51 | { 52 | LOG("is already running\n"); 53 | return getchar(); 54 | } 55 | 56 | else if (state == GameState::RunningWithoutAC) 57 | { 58 | LOG("please close the game before starting Anti-Cheat\n"); 59 | while (get_process_id(TARGET_GAME)) 60 | Sleep(100); 61 | } 62 | 63 | LOG("Anti-Cheat is started\n"); 64 | 65 | LOG("Waiting for the game...\n"); 66 | 67 | PROCESS_INFO info{}; 68 | 69 | while (!get_process_info(TARGET_GAME, &info)) 70 | { 71 | Sleep(100); 72 | } 73 | 74 | HANDLE process_handle = OpenProcess(PROCESS_ALL_ACCESS, 0, info.pid); 75 | 76 | // 77 | // get command line 78 | // 79 | std::string command_line = get_process_cmd(process_handle, info.path) + " -insecure +sv_lan 1"; 80 | 81 | 82 | while (!TerminateProcess(process_handle, EXIT_SUCCESS)) 83 | break; 84 | CloseHandle(process_handle); 85 | 86 | 87 | PROCESS_INFORMATION pi = {}; 88 | STARTUPINFOA si = {}; 89 | 90 | si.cb = sizeof(STARTUPINFO); 91 | si.dwFlags = STARTF_USESHOWWINDOW; 92 | si.wShowWindow = SW_NORMAL; 93 | 94 | if (!CreateProcessA( 95 | 0, 96 | (LPSTR)command_line.c_str(), 97 | 0, 98 | 0, 99 | 0, 100 | CREATE_SUSPENDED, 101 | 0, 102 | 0, 103 | &si, 104 | &pi 105 | )) 106 | { 107 | LOG("unknown error 404\n"); 108 | return getchar(); 109 | } 110 | 111 | 112 | BOOL status = 0; 113 | if (!load_library(pi.hProcess, dll_path)) 114 | { 115 | TerminateProcess(pi.hProcess, 0); 116 | } 117 | else 118 | { 119 | ResumeThread(pi.hThread); 120 | status = 1; 121 | } 122 | 123 | CloseHandle(pi.hProcess); 124 | CloseHandle(pi.hThread); 125 | 126 | if (status) 127 | LOG("Anti-Cheat is successfully launched\n"); 128 | else 129 | LOG("Anti-Cheat failed to launch\n"); 130 | 131 | return 0; 132 | } 133 | 134 | #pragma comment(lib, "ntdll.lib") 135 | 136 | extern "C" __kernel_entry NTSTATUS NtQueryInformationProcess( 137 | HANDLE ProcessHandle, 138 | ULONG ProcessInformationClass, 139 | PVOID ProcessInformation, 140 | ULONG ProcessInformationLength, 141 | PULONG ReturnLength 142 | ); 143 | 144 | ULONG_PTR get_peb(HANDLE process) 145 | { 146 | ULONG_PTR peb[6]{}; 147 | 148 | if (NtQueryInformationProcess(process, 0, &peb, 48, 0) != 0) 149 | { 150 | return 0; 151 | } 152 | 153 | return peb[1]; 154 | } 155 | 156 | ULONG_PTR get_wow64_process(HANDLE process) 157 | { 158 | ULONG_PTR wow64_process = 0; 159 | 160 | if (process == 0) 161 | return wow64_process; 162 | 163 | if (NtQueryInformationProcess(process, 26, &wow64_process, 8, 0) != 0) 164 | { 165 | return 0; 166 | } 167 | 168 | return wow64_process; 169 | } 170 | 171 | inline void wcs2str(short *buffer, ULONG_PTR length) 172 | { 173 | for (ULONG_PTR i = 0; i < length; i++) 174 | { 175 | ((char*)buffer)[i] = (char)buffer[i]; 176 | } 177 | } 178 | 179 | std::string get_process_cmd(HANDLE process_handle, std::string path) 180 | { 181 | ULONG_PTR peb = get_wow64_process(process_handle); 182 | 183 | ULONG_PTR off_0 = 0, off_1 = 0, rsize = 0; 184 | 185 | if (peb == 0) 186 | { 187 | off_0 = 0x20; 188 | off_1 = 0x70; 189 | rsize = 8; 190 | peb = get_peb(process_handle); 191 | } 192 | else 193 | { 194 | off_0 = 0x10; 195 | off_1 = 0x40; 196 | rsize = 4; 197 | } 198 | 199 | if (peb == 0) 200 | { 201 | return path + " -steam -insecure"; 202 | } 203 | 204 | ULONG_PTR a0 = 0; 205 | ReadProcessMemory(process_handle, (LPCVOID)(peb + off_0), &a0, rsize, 0); 206 | 207 | a0 = a0 + off_1; 208 | 209 | USHORT len = 0; 210 | ReadProcessMemory(process_handle, (LPCVOID)(a0 + 0x02), &len, sizeof(USHORT), 0); 211 | ReadProcessMemory(process_handle, (LPCVOID)(a0 + rsize), &a0, rsize, 0); 212 | 213 | char parameters[512]{}; 214 | ReadProcessMemory(process_handle, (LPCVOID)a0, parameters, len, 0); 215 | 216 | wcs2str((short*)parameters, len); 217 | 218 | return std::string(parameters); 219 | } 220 | 221 | BOOL load_library(HANDLE process, std::string dll_path) 222 | { 223 | BOOL status = 0; 224 | HANDLE thread_handle = 0; 225 | 226 | 227 | 228 | PVOID dll_name_address = VirtualAllocEx(process, 0, 0x1000, MEM_COMMIT, PAGE_READWRITE); 229 | 230 | if (dll_name_address == 0) 231 | return 0; 232 | 233 | if (!WriteProcessMemory(process, dll_name_address, dll_path.c_str(), dll_path.size(), 0)) 234 | { 235 | goto E0; 236 | } 237 | 238 | thread_handle = CreateRemoteThread(process, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibraryA, (LPVOID)dll_name_address, 0, NULL); 239 | if (thread_handle == 0) 240 | { 241 | goto E0; 242 | } 243 | 244 | if (WaitForSingleObject(thread_handle, INFINITE) == WAIT_FAILED) 245 | { 246 | goto E2; 247 | } 248 | status = 1; 249 | E2: 250 | CloseHandle(thread_handle); 251 | E0: 252 | VirtualFreeEx(process, dll_name_address, MAX_PATH, MEM_RELEASE); 253 | 254 | return status; 255 | } 256 | 257 | DWORD get_process_id(PCSTR process_name) 258 | { 259 | DWORD pid = 0; 260 | HANDLE snp = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 261 | PROCESSENTRY32 entry{}; 262 | entry.dwSize = sizeof(PROCESSENTRY32); 263 | 264 | while (Process32Next(snp, &entry)) 265 | { 266 | CHAR uc_name[260]{}; 267 | for (int i = 0; i < 260; i++) 268 | { 269 | uc_name[i] = (char)entry.szExeFile[i]; 270 | } 271 | if (!_strcmpi(uc_name, process_name)) 272 | { 273 | pid = entry.th32ProcessID; 274 | break; 275 | } 276 | } 277 | CloseHandle(snp); 278 | 279 | return pid; 280 | } 281 | 282 | ULONG_PTR get_process_dll(DWORD process_id, PCSTR dll_name) 283 | { 284 | ULONG_PTR dll = 0; 285 | HANDLE snp = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, process_id); 286 | 287 | if (snp == 0) 288 | return 0; 289 | 290 | MODULEENTRY32 entry{}; 291 | entry.dwSize = sizeof(MODULEENTRY32); 292 | 293 | while (Module32Next(snp, &entry)) 294 | { 295 | CHAR uc_name[256]{}; 296 | for (int i = 0; i < 256; i++) 297 | { 298 | uc_name[i] = (char)entry.szModule[i]; 299 | } 300 | 301 | if (!_strcmpi(uc_name, dll_name)) 302 | { 303 | dll = (ULONG_PTR)entry.hModule; 304 | break; 305 | } 306 | } 307 | 308 | CloseHandle(snp); 309 | return dll; 310 | } 311 | 312 | BOOL get_process_info(PCSTR process_name, PROCESS_INFO *info) 313 | { 314 | BOOL status = 0; 315 | 316 | DWORD pid = get_process_id(process_name); 317 | if (pid == 0) 318 | return 0; 319 | 320 | HANDLE snp = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, pid); 321 | if (snp == 0) 322 | return 0; 323 | 324 | MODULEENTRY32 entry{}; 325 | entry.dwSize = sizeof(MODULEENTRY32); 326 | if (Module32First(snp, &entry)) 327 | { 328 | CHAR uc_name[260]{}; 329 | for (int i = 0; i < 260; i++) 330 | { 331 | uc_name[i] = (char)entry.szExePath[i]; 332 | } 333 | 334 | info->pid = pid; 335 | info->path = std::string(uc_name); 336 | 337 | status = 1; 338 | } 339 | CloseHandle(snp); 340 | 341 | return status; 342 | } 343 | 344 | GameState get_game_state(PCSTR process_name, PCSTR dll_name) 345 | { 346 | DWORD process_id = get_process_id(process_name); 347 | if (process_id == 0) 348 | return GameState::NotRunning; 349 | 350 | if (get_process_dll(process_id, dll_name) == 0) 351 | return GameState::RunningWithoutAC; 352 | 353 | return GameState::Running; 354 | } 355 | 356 | BOOL terminate_process(PCSTR process_name) 357 | { 358 | DWORD process_id = get_process_id(process_name); 359 | HANDLE process_handle = OpenProcess(PROCESS_ALL_ACCESS, 0, process_id); 360 | 361 | if (process_handle == 0) 362 | return 0; 363 | 364 | BOOL status = TerminateProcess(process_handle, EXIT_SUCCESS); 365 | 366 | CloseHandle(process_handle); 367 | 368 | return status; 369 | } 370 | 371 | -------------------------------------------------------------------------------- /CS2/mouse_input/client/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | #define DEBUG 8 | #define LOG(...) printf("[ec-guard.exe] " __VA_ARGS__) 9 | #define TARGET_GAME "cs2.exe" 10 | #define TARGET_DLL "ec-guard.dll" 11 | 12 | 13 | 14 | 15 | 16 | 17 | typedef enum 18 | { 19 | NotRunning = 0, 20 | RunningWithoutAC = 1, 21 | Running = 2 22 | } GameState ; 23 | 24 | typedef struct 25 | { 26 | DWORD pid; 27 | std::string path; 28 | } PROCESS_INFO ; 29 | 30 | BOOL load_library(HANDLE process, std::string dll_path); 31 | BOOL get_process_info(PCSTR process_name, PROCESS_INFO *info); 32 | DWORD get_process_id(PCSTR process_name); 33 | GameState get_game_state(PCSTR process_name, PCSTR dll_name); 34 | BOOL terminate_process(PCSTR process_name); 35 | std::string get_process_cmd(HANDLE process_handle, std::string path); 36 | 37 | int main(void) 38 | { 39 | char buffer[260]{}; 40 | GetCurrentDirectoryA(260, buffer); 41 | std::string dll_path = buffer + std::string("\\") + std::string(TARGET_DLL); 42 | if (!std::filesystem::exists(dll_path)) 43 | { 44 | LOG("Anti-Cheat file is missing: %s\n", dll_path.c_str()); 45 | return 0; 46 | } 47 | 48 | GameState state = get_game_state(TARGET_GAME, TARGET_DLL); 49 | 50 | if (state == GameState::Running) 51 | { 52 | LOG("is already running\n"); 53 | return getchar(); 54 | } 55 | 56 | else if (state == GameState::RunningWithoutAC) 57 | { 58 | LOG("please close the game before starting Anti-Cheat\n"); 59 | while (get_process_id(TARGET_GAME)) 60 | Sleep(100); 61 | } 62 | 63 | LOG("Anti-Cheat is started\n"); 64 | 65 | LOG("Waiting for the game...\n"); 66 | 67 | PROCESS_INFO info{}; 68 | 69 | while (!get_process_info(TARGET_GAME, &info)) 70 | { 71 | Sleep(100); 72 | } 73 | 74 | HANDLE process_handle = OpenProcess(PROCESS_ALL_ACCESS, 0, info.pid); 75 | 76 | // 77 | // get command line 78 | // 79 | std::string command_line = get_process_cmd(process_handle, info.path) + " -insecure +sv_lan 1"; 80 | 81 | 82 | while (!TerminateProcess(process_handle, EXIT_SUCCESS)) 83 | break; 84 | CloseHandle(process_handle); 85 | 86 | 87 | PROCESS_INFORMATION pi = {}; 88 | STARTUPINFOA si = {}; 89 | 90 | si.cb = sizeof(STARTUPINFO); 91 | si.dwFlags = STARTF_USESHOWWINDOW; 92 | si.wShowWindow = SW_NORMAL; 93 | 94 | if (!CreateProcessA( 95 | 0, 96 | (LPSTR)command_line.c_str(), 97 | 0, 98 | 0, 99 | 0, 100 | CREATE_SUSPENDED, 101 | 0, 102 | 0, 103 | &si, 104 | &pi 105 | )) 106 | { 107 | LOG("unknown error 404\n"); 108 | return getchar(); 109 | } 110 | 111 | 112 | BOOL status = 0; 113 | if (!load_library(pi.hProcess, dll_path)) 114 | { 115 | TerminateProcess(pi.hProcess, 0); 116 | } 117 | else 118 | { 119 | ResumeThread(pi.hThread); 120 | status = 1; 121 | } 122 | 123 | CloseHandle(pi.hProcess); 124 | CloseHandle(pi.hThread); 125 | 126 | if (status) 127 | LOG("Anti-Cheat is successfully launched\n"); 128 | else 129 | LOG("Anti-Cheat failed to launch\n"); 130 | 131 | return 0; 132 | } 133 | 134 | #pragma comment(lib, "ntdll.lib") 135 | 136 | extern "C" __kernel_entry NTSTATUS NtQueryInformationProcess( 137 | HANDLE ProcessHandle, 138 | ULONG ProcessInformationClass, 139 | PVOID ProcessInformation, 140 | ULONG ProcessInformationLength, 141 | PULONG ReturnLength 142 | ); 143 | 144 | ULONG_PTR get_peb(HANDLE process) 145 | { 146 | ULONG_PTR peb[6]{}; 147 | 148 | if (NtQueryInformationProcess(process, 0, &peb, 48, 0) != 0) 149 | { 150 | return 0; 151 | } 152 | 153 | return peb[1]; 154 | } 155 | 156 | ULONG_PTR get_wow64_process(HANDLE process) 157 | { 158 | ULONG_PTR wow64_process = 0; 159 | 160 | if (process == 0) 161 | return wow64_process; 162 | 163 | if (NtQueryInformationProcess(process, 26, &wow64_process, 8, 0) != 0) 164 | { 165 | return 0; 166 | } 167 | 168 | return wow64_process; 169 | } 170 | 171 | inline void wcs2str(short *buffer, ULONG_PTR length) 172 | { 173 | for (ULONG_PTR i = 0; i < length; i++) 174 | { 175 | ((char*)buffer)[i] = (char)buffer[i]; 176 | } 177 | } 178 | 179 | std::string get_process_cmd(HANDLE process_handle, std::string path) 180 | { 181 | ULONG_PTR peb = get_wow64_process(process_handle); 182 | 183 | ULONG_PTR off_0 = 0, off_1 = 0, rsize = 0; 184 | 185 | if (peb == 0) 186 | { 187 | off_0 = 0x20; 188 | off_1 = 0x70; 189 | rsize = 8; 190 | peb = get_peb(process_handle); 191 | } 192 | else 193 | { 194 | off_0 = 0x10; 195 | off_1 = 0x40; 196 | rsize = 4; 197 | } 198 | 199 | if (peb == 0) 200 | { 201 | return path + " -steam -insecure"; 202 | } 203 | 204 | ULONG_PTR a0 = 0; 205 | ReadProcessMemory(process_handle, (LPCVOID)(peb + off_0), &a0, rsize, 0); 206 | 207 | a0 = a0 + off_1; 208 | 209 | USHORT len = 0; 210 | ReadProcessMemory(process_handle, (LPCVOID)(a0 + 0x02), &len, sizeof(USHORT), 0); 211 | ReadProcessMemory(process_handle, (LPCVOID)(a0 + rsize), &a0, rsize, 0); 212 | 213 | char parameters[512]{}; 214 | ReadProcessMemory(process_handle, (LPCVOID)a0, parameters, len, 0); 215 | 216 | wcs2str((short*)parameters, len); 217 | 218 | return std::string(parameters); 219 | } 220 | 221 | BOOL load_library(HANDLE process, std::string dll_path) 222 | { 223 | BOOL status = 0; 224 | HANDLE thread_handle = 0; 225 | 226 | 227 | 228 | PVOID dll_name_address = VirtualAllocEx(process, 0, 0x1000, MEM_COMMIT, PAGE_READWRITE); 229 | 230 | if (dll_name_address == 0) 231 | return 0; 232 | 233 | if (!WriteProcessMemory(process, dll_name_address, dll_path.c_str(), dll_path.size(), 0)) 234 | { 235 | goto E0; 236 | } 237 | 238 | thread_handle = CreateRemoteThread(process, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibraryA, (LPVOID)dll_name_address, 0, NULL); 239 | if (thread_handle == 0) 240 | { 241 | goto E0; 242 | } 243 | 244 | if (WaitForSingleObject(thread_handle, INFINITE) == WAIT_FAILED) 245 | { 246 | goto E2; 247 | } 248 | status = 1; 249 | E2: 250 | CloseHandle(thread_handle); 251 | E0: 252 | VirtualFreeEx(process, dll_name_address, MAX_PATH, MEM_RELEASE); 253 | 254 | return status; 255 | } 256 | 257 | DWORD get_process_id(PCSTR process_name) 258 | { 259 | DWORD pid = 0; 260 | HANDLE snp = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 261 | PROCESSENTRY32 entry{}; 262 | entry.dwSize = sizeof(PROCESSENTRY32); 263 | 264 | while (Process32Next(snp, &entry)) 265 | { 266 | CHAR uc_name[260]{}; 267 | for (int i = 0; i < 260; i++) 268 | { 269 | uc_name[i] = (char)entry.szExeFile[i]; 270 | } 271 | if (!_strcmpi(uc_name, process_name)) 272 | { 273 | pid = entry.th32ProcessID; 274 | break; 275 | } 276 | } 277 | CloseHandle(snp); 278 | 279 | return pid; 280 | } 281 | 282 | ULONG_PTR get_process_dll(DWORD process_id, PCSTR dll_name) 283 | { 284 | ULONG_PTR dll = 0; 285 | HANDLE snp = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, process_id); 286 | 287 | if (snp == 0) 288 | return 0; 289 | 290 | MODULEENTRY32 entry{}; 291 | entry.dwSize = sizeof(MODULEENTRY32); 292 | 293 | while (Module32Next(snp, &entry)) 294 | { 295 | CHAR uc_name[256]{}; 296 | for (int i = 0; i < 256; i++) 297 | { 298 | uc_name[i] = (char)entry.szModule[i]; 299 | } 300 | 301 | if (!_strcmpi(uc_name, dll_name)) 302 | { 303 | dll = (ULONG_PTR)entry.hModule; 304 | break; 305 | } 306 | } 307 | 308 | CloseHandle(snp); 309 | return dll; 310 | } 311 | 312 | BOOL get_process_info(PCSTR process_name, PROCESS_INFO *info) 313 | { 314 | BOOL status = 0; 315 | 316 | DWORD pid = get_process_id(process_name); 317 | if (pid == 0) 318 | return 0; 319 | 320 | HANDLE snp = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, pid); 321 | if (snp == 0) 322 | return 0; 323 | 324 | MODULEENTRY32 entry{}; 325 | entry.dwSize = sizeof(MODULEENTRY32); 326 | if (Module32First(snp, &entry)) 327 | { 328 | CHAR uc_name[260]{}; 329 | for (int i = 0; i < 260; i++) 330 | { 331 | uc_name[i] = (char)entry.szExePath[i]; 332 | } 333 | 334 | info->pid = pid; 335 | info->path = std::string(uc_name); 336 | 337 | status = 1; 338 | } 339 | CloseHandle(snp); 340 | 341 | return status; 342 | } 343 | 344 | GameState get_game_state(PCSTR process_name, PCSTR dll_name) 345 | { 346 | DWORD process_id = get_process_id(process_name); 347 | if (process_id == 0) 348 | return GameState::NotRunning; 349 | 350 | if (get_process_dll(process_id, dll_name) == 0) 351 | return GameState::RunningWithoutAC; 352 | 353 | return GameState::Running; 354 | } 355 | 356 | BOOL terminate_process(PCSTR process_name) 357 | { 358 | DWORD process_id = get_process_id(process_name); 359 | HANDLE process_handle = OpenProcess(PROCESS_ALL_ACCESS, 0, process_id); 360 | 361 | if (process_handle == 0) 362 | return 0; 363 | 364 | BOOL status = TerminateProcess(process_handle, EXIT_SUCCESS); 365 | 366 | CloseHandle(process_handle); 367 | 368 | return status; 369 | } 370 | 371 | -------------------------------------------------------------------------------- /CS2/honeypot/dll/main.cpp: -------------------------------------------------------------------------------- 1 | #include "main.h" 2 | #include 3 | 4 | QWORD FindPattern(QWORD base, unsigned char* pattern, unsigned char* mask); 5 | 6 | namespace globals 7 | { 8 | QWORD local_player; 9 | } 10 | 11 | static void MainThread(void) 12 | { 13 | LOG("plugin is installed\n"); 14 | } 15 | 16 | namespace resourcesystem 17 | { 18 | QWORD get_access_time(unsigned int* junk) 19 | { 20 | _mm_lfence(); 21 | QWORD ret = __rdtscp(junk); 22 | _mm_lfence(); 23 | return ret; 24 | } 25 | 26 | 27 | char *resourcesystem_table_original; 28 | QWORD resource_system_original; 29 | QWORD resourcesystem_address; 30 | char *resource_system; 31 | 32 | 33 | 34 | #pragma section("PAGE",read,write,nopage) 35 | __declspec(allocate("PAGE")) 36 | char entitylist_cached[0x2000]{}; 37 | 38 | BOOLEAN trap_set = 0; 39 | 40 | PVOID assemble_func(QWORD original_func) 41 | { 42 | unsigned char payload[] = 43 | { 44 | 0x48, 0xB9, 0x00, 0x00, 0x95, 0xB9, 0xF7, 0x7F, 0x00, 0x00, 0xFF, 0x25, 0x00, 0x00, 0x00, 0x00, 45 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 46 | }; 47 | 48 | // movabs rcx, clone_vtable ; we redirect vtable .data to somewhere else 49 | // jmp QWORD PTR [rip+0x0] ; jmp to original vtable_func 50 | 51 | *(QWORD*)(payload + 0x02) = (QWORD)resourcesystem_table_original; 52 | *(QWORD*)(payload + 0x0A + 0x06) = original_func; 53 | 54 | PVOID mem = VirtualAlloc(0, sizeof(payload), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); 55 | memcpy(mem, payload, sizeof(payload)); 56 | return mem; 57 | } 58 | 59 | void __fastcall initialize_entitylist(QWORD rcx, QWORD rdx) 60 | { 61 | // entitylist_cached = (QWORD)VirtualAlloc(0, 0x2000, MEM_COMMIT, PAGE_READWRITE); //(QWORD)malloc(0x1570); 62 | memcpy((void*)entitylist_cached, (const void*)rdx, 0x1570); 63 | *(QWORD*)(resourcesystem_table_original + 0x58) = rdx; 64 | *(QWORD*)(rcx + 0x58) = (QWORD)entitylist_cached; 65 | trap_set = 1; 66 | 67 | // 68 | // unhook 69 | // 70 | *(QWORD*)(resource_system + 0x110) = (QWORD)assemble_func(*(QWORD*)(resource_system_original + 0x110)); 71 | } 72 | 73 | BOOL update_entitylist(void) 74 | { 75 | static UINT64 earlier_ms = 0; 76 | 77 | 78 | UINT64 ms = std::chrono::duration_cast( 79 | std::chrono::system_clock::now().time_since_epoch() 80 | ).count(); 81 | 82 | 83 | if (ms - earlier_ms > 5000) 84 | { 85 | // 86 | // updating entitylist 87 | // 88 | memcpy((void*)entitylist_cached, (const void*)*(QWORD*)(resourcesystem_table_original + 0x58), 0x1570); 89 | earlier_ms = ms; 90 | 91 | _mm_clflush((const void *)(entitylist_cached + 0x10)); 92 | 93 | return 1; 94 | } 95 | 96 | return 0; 97 | } 98 | 99 | BOOL is_alive(void) 100 | { 101 | if (!globals::local_player) 102 | return 0; 103 | 104 | QWORD controller = *(QWORD*)(globals::local_player); 105 | if (!controller) 106 | return 0; 107 | 108 | return *(BYTE*)(controller + 0x7F4) == 1; 109 | } 110 | 111 | void trap_thread(void) 112 | { 113 | BOOL task = 0; 114 | unsigned int junk = 0; 115 | 116 | int access_counter=0; 117 | 118 | 119 | while (1) 120 | { 121 | if (!trap_set) 122 | { 123 | Sleep(1); 124 | continue; 125 | } 126 | 127 | if (update_entitylist()) 128 | { 129 | if (is_alive()) 130 | { 131 | LOG("past 5 seconds, total of %ld memory accesses\n", access_counter); 132 | } 133 | access_counter = 0; 134 | continue; 135 | } 136 | 137 | _mm_clflush((const void *)(entitylist_cached + 0x10)); 138 | 139 | Sleep(1); 140 | 141 | QWORD t1 = get_access_time(&junk); 142 | volatile DWORD not_used = *(DWORD*)(entitylist_cached + 0x10); 143 | QWORD t2 = get_access_time(&junk) - t1; 144 | 145 | if (t2 < 315) 146 | { 147 | access_counter++; 148 | } 149 | } 150 | } 151 | 152 | void initialize(QWORD engine2) 153 | { 154 | resource_system = (char *)malloc(0x168); 155 | 156 | 157 | resourcesystem_address = 158 | FindPattern(engine2, 159 | (PBYTE)"\x48\x89\x43\x40\x48\x8B\x05\x00\x00\x00\x00", 160 | (PBYTE)"xxxxxxx????" 161 | ); 162 | 163 | if (!resourcesystem_address) 164 | { 165 | ExitProcess(0); 166 | return; 167 | } 168 | 169 | resourcesystem_address = resourcesystem_address + 0x04; 170 | resourcesystem_address = (resourcesystem_address + 7) + *(int*)(resourcesystem_address + 3); 171 | 172 | 173 | resource_system_original = *(QWORD*)resourcesystem_address; 174 | 175 | memcpy(resource_system, (const void *)resource_system_original, 0x168); 176 | 177 | // 178 | // hook pointer set 179 | // 180 | *(QWORD*)resourcesystem_address = (QWORD)resource_system; 181 | 182 | resourcesystem_table_original = (char *)malloc(0x60); 183 | memcpy(resourcesystem_table_original, (void*)resourcesystem_address, 0x60); 184 | 185 | for (QWORD i = 0; i < 0x160; i+= 8) 186 | { 187 | *(QWORD*)(resource_system + i) = (QWORD)assemble_func(*(QWORD*)(resource_system_original + i)); 188 | } 189 | 190 | *(QWORD*)(resource_system + 0x110) = (QWORD)initialize_entitylist; 191 | 192 | 193 | CreateThread(0, 0, (LPTHREAD_START_ROUTINE)trap_thread, 0, 0, 0); 194 | 195 | LOG("memory monitor is ready\n"); 196 | 197 | LOG("anti-cheat is running\n"); 198 | } 199 | } 200 | 201 | VOID CALLBACK DllCallback( 202 | _In_ ULONG NotificationReason, 203 | _In_ PCLDR_DLL_NOTIFICATION_DATA NotificationData, 204 | _In_opt_ PVOID Context 205 | ) 206 | { 207 | UNREFERENCED_PARAMETER(Context); 208 | if (NotificationReason == LDR_DLL_NOTIFICATION_REASON_LOADED) 209 | { 210 | if (!wcscmp(NotificationData->Loaded.BaseDllName->Buffer, L"client.dll")) 211 | { 212 | globals::local_player = 213 | FindPattern((QWORD)NotificationData->Loaded.DllBase, 214 | (PBYTE)"\x48\x83\x3D\x00\x00\x00\x00\x00\x0F\x95\xC0\xC3", (PBYTE)"xxx????xxxxx"); 215 | 216 | if (globals::local_player) 217 | globals::local_player = (globals::local_player + 8) + *(int*)(globals::local_player + 3); 218 | } 219 | 220 | if (!wcscmp(NotificationData->Loaded.BaseDllName->Buffer, L"engine2.dll")) 221 | { 222 | resourcesystem::initialize((QWORD)NotificationData->Loaded.DllBase); 223 | 224 | /* 225 | LOG("Press F10 key to continue . . .\n"); 226 | while (!GetAsyncKeyState(VK_F10)) 227 | { 228 | Sleep(1); 229 | } 230 | */ 231 | } 232 | } 233 | else if (NotificationReason == LDR_DLL_NOTIFICATION_REASON_UNLOADED) 234 | { 235 | } 236 | } 237 | 238 | BOOL WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID Reserved) 239 | { 240 | if (dwReason == DLL_PROCESS_ATTACH) 241 | { 242 | AllocConsole(); 243 | freopen("CONOUT$", "w", stdout); 244 | CloseHandle(CreateThread(0, 0, (LPTHREAD_START_ROUTINE)MainThread, 0, 0, 0)); 245 | NTSTATUS (NTAPI *LdrRegisterDllNotification)( 246 | _In_ ULONG Flags, 247 | _In_ PLDR_DLL_NOTIFICATION_FUNCTION NotificationFunction, 248 | _In_opt_ PVOID Context, 249 | _Out_ PVOID *Cookie 250 | ); 251 | VOID *dll_callback_handle = 0; 252 | *(void**)&LdrRegisterDllNotification = (void*)GetProcAddress(LoadLibraryA("ntdll.dll"), "LdrRegisterDllNotification"); 253 | LdrRegisterDllNotification(0, DllCallback, 0, &dll_callback_handle); 254 | } 255 | return 1; 256 | } 257 | 258 | static int CheckMask(unsigned char* base, unsigned char* pattern, unsigned char* mask) 259 | { 260 | for (; *mask; ++base, ++pattern, ++mask) 261 | if (*mask == 'x' && *base != *pattern) 262 | return 0; 263 | return 1; 264 | } 265 | 266 | void *FindPatternEx(unsigned char* base, QWORD size, unsigned char* pattern, unsigned char* mask) 267 | { 268 | size -= strlen((const char *)mask); 269 | for (QWORD i = 0; i <= size; ++i) { 270 | void* addr = &base[i]; 271 | if (CheckMask((unsigned char *)addr, pattern, mask)) 272 | return addr; 273 | } 274 | return 0; 275 | } 276 | 277 | QWORD FindPattern(QWORD base, unsigned char* pattern, unsigned char* mask) 278 | { 279 | if (base == 0) 280 | { 281 | return 0; 282 | } 283 | 284 | QWORD nt_header = (QWORD)*(DWORD*)(base + 0x03C) + base; 285 | if (nt_header == base) 286 | { 287 | return 0; 288 | } 289 | 290 | WORD machine = *(WORD*)(nt_header + 0x4); 291 | QWORD section_header = machine == 0x8664 ? 292 | nt_header + 0x0108 : 293 | nt_header + 0x00F8; 294 | 295 | for (WORD i = 0; i < *(WORD*)(nt_header + 0x06); i++) { 296 | QWORD section = section_header + ((QWORD)i * 40); 297 | 298 | DWORD section_characteristics = *(DWORD*)(section + 0x24); 299 | 300 | if (section_characteristics & 0x00000020 && !(section_characteristics & 0x02000000)) 301 | { 302 | QWORD virtual_address = base + (QWORD)*(DWORD*)(section + 0x0C); 303 | DWORD virtual_size = *(DWORD*)(section + 0x08); 304 | 305 | void *found_pattern = FindPatternEx( (unsigned char*)virtual_address, virtual_size, pattern, mask); 306 | if (found_pattern) 307 | { 308 | return (QWORD)found_pattern; 309 | } 310 | } 311 | } 312 | return 0; 313 | } 314 | 315 | -------------------------------------------------------------------------------- /CSGO/client/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | #define DEBUG 8 | #define LOG(...) printf("[ec-guard.exe] " __VA_ARGS__) 9 | #define TARGET_GAME "csgo.exe" 10 | #define TARGET_DLL "ec-guard.dll" 11 | 12 | 13 | 14 | 15 | 16 | 17 | typedef enum 18 | { 19 | NotRunning = 0, 20 | RunningWithoutAC = 1, 21 | Running = 2 22 | } GameState ; 23 | 24 | typedef struct 25 | { 26 | DWORD pid; 27 | std::string path; 28 | } PROCESS_INFO ; 29 | 30 | BOOL load_library(HANDLE process, std::string dll_path); 31 | BOOL get_process_info(PCSTR process_name, PROCESS_INFO *info); 32 | DWORD get_process_id(PCSTR process_name); 33 | GameState get_game_state(PCSTR process_name, PCSTR dll_name); 34 | BOOL terminate_process(PCSTR process_name); 35 | std::string get_process_cmd(HANDLE process_handle, std::string path); 36 | 37 | int main(void) 38 | { 39 | char buffer[260]{}; 40 | GetCurrentDirectoryA(260, buffer); 41 | std::string dll_path = buffer + std::string("\\") + std::string(TARGET_DLL); 42 | if (!std::filesystem::exists(dll_path)) 43 | { 44 | LOG("Anti-Cheat file is missing: %s\n", dll_path.c_str()); 45 | return 0; 46 | } 47 | 48 | GameState state = get_game_state(TARGET_GAME, TARGET_DLL); 49 | 50 | if (state == GameState::Running) 51 | { 52 | LOG("is already running\n"); 53 | return getchar(); 54 | } 55 | 56 | else if (state == GameState::RunningWithoutAC) 57 | { 58 | LOG("please close the game before starting Anti-Cheat\n"); 59 | while (get_process_id(TARGET_GAME)) 60 | Sleep(100); 61 | } 62 | 63 | LOG("Anti-Cheat is started\n"); 64 | 65 | LOG("Waiting for the game...\n"); 66 | 67 | PROCESS_INFO info{}; 68 | 69 | while (!get_process_info(TARGET_GAME, &info)) 70 | { 71 | Sleep(100); 72 | } 73 | 74 | HANDLE process_handle = OpenProcess(PROCESS_ALL_ACCESS, 0, info.pid); 75 | 76 | // 77 | // get command line 78 | // 79 | std::string command_line = get_process_cmd(process_handle, info.path); 80 | 81 | 82 | while (!TerminateProcess(process_handle, EXIT_SUCCESS)) 83 | break; 84 | CloseHandle(process_handle); 85 | 86 | 87 | PROCESS_INFORMATION pi = {}; 88 | STARTUPINFOA si = {}; 89 | 90 | si.cb = sizeof(STARTUPINFO); 91 | si.dwFlags = STARTF_USESHOWWINDOW; 92 | si.wShowWindow = SW_NORMAL; 93 | 94 | if (!CreateProcessA( 95 | 0, 96 | (LPSTR)command_line.c_str(), 97 | 0, 98 | 0, 99 | 0, 100 | CREATE_SUSPENDED, 101 | 0, 102 | 0, 103 | &si, 104 | &pi 105 | )) 106 | { 107 | LOG("unknown error 404\n"); 108 | return getchar(); 109 | } 110 | 111 | 112 | BOOL status = 0; 113 | if (!load_library(pi.hProcess, dll_path)) 114 | { 115 | TerminateProcess(pi.hProcess, 0); 116 | } 117 | else 118 | { 119 | ResumeThread(pi.hThread); 120 | status = 1; 121 | } 122 | 123 | CloseHandle(pi.hProcess); 124 | CloseHandle(pi.hThread); 125 | 126 | if (status) 127 | LOG("Anti-Cheat is successfully launched\n"); 128 | else 129 | LOG("Anti-Cheat failed to launch\n"); 130 | 131 | return 0; 132 | } 133 | 134 | #pragma comment(lib, "ntdll.lib") 135 | 136 | NTSTATUS (__stdcall *NtQueryInformationProcess)( 137 | HANDLE ProcessHandle, 138 | ULONG ProcessInformationClass, 139 | PVOID ProcessInformation, 140 | ULONG ProcessInformationLength, 141 | PULONG ReturnLength 142 | ); 143 | 144 | ULONG_PTR get_peb(HANDLE process) 145 | { 146 | ULONG_PTR peb[6]{}; 147 | 148 | if ( NtQueryInformationProcess == 0 ) 149 | *(FARPROC*)&NtQueryInformationProcess = 150 | GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtQueryInformationProcess"); 151 | 152 | return NtQueryInformationProcess(process, 0, &peb, 48, 0) == 0 ? peb[1] : 0; 153 | } 154 | 155 | ULONG_PTR get_wow64_process(HANDLE process) 156 | { 157 | ULONG_PTR wow64_process = 0; 158 | 159 | if (process == 0) 160 | return wow64_process; 161 | 162 | if ( NtQueryInformationProcess == 0 ) 163 | *(FARPROC*)&NtQueryInformationProcess = 164 | GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtQueryInformationProcess"); 165 | 166 | return NtQueryInformationProcess(process, 26, &wow64_process, sizeof(wow64_process), 0) == 0 ? wow64_process : 0; 167 | } 168 | 169 | inline void wcs2str(short *buffer, ULONG_PTR length) 170 | { 171 | for (ULONG_PTR i = 0; i < length; i++) 172 | { 173 | ((char*)buffer)[i] = (char)buffer[i]; 174 | } 175 | } 176 | 177 | std::string get_process_cmd(HANDLE process_handle, std::string path) 178 | { 179 | ULONG_PTR peb = get_wow64_process(process_handle); 180 | 181 | ULONG_PTR off_0 = 0, off_1 = 0, rsize = 0; 182 | 183 | if (peb == 0) 184 | { 185 | off_0 = 0x20; 186 | off_1 = 0x70; 187 | rsize = 8; 188 | peb = get_peb(process_handle); 189 | } 190 | else 191 | { 192 | off_0 = 0x10; 193 | off_1 = 0x40; 194 | rsize = 4; 195 | } 196 | 197 | if (peb == 0) 198 | { 199 | return path + " -steam -insecure"; 200 | } 201 | 202 | ULONG_PTR a0 = 0; 203 | ReadProcessMemory(process_handle, (LPCVOID)(peb + off_0), &a0, rsize, 0); 204 | 205 | a0 = a0 + off_1; 206 | 207 | USHORT len = 0; 208 | ReadProcessMemory(process_handle, (LPCVOID)(a0 + 0x02), &len, sizeof(USHORT), 0); 209 | ReadProcessMemory(process_handle, (LPCVOID)(a0 + rsize), &a0, rsize, 0); 210 | 211 | char parameters[512]{}; 212 | ReadProcessMemory(process_handle, (LPCVOID)a0, parameters, len, 0); 213 | 214 | wcs2str((short*)parameters, len); 215 | 216 | return std::string(parameters); 217 | } 218 | 219 | BOOL load_library(HANDLE process, std::string dll_path) 220 | { 221 | BOOL status = 0; 222 | HANDLE thread_handle = 0; 223 | 224 | 225 | 226 | PVOID dll_name_address = VirtualAllocEx(process, 0, 0x1000, MEM_COMMIT, PAGE_READWRITE); 227 | 228 | if (dll_name_address == 0) 229 | return 0; 230 | 231 | if (!WriteProcessMemory(process, dll_name_address, dll_path.c_str(), dll_path.size(), 0)) 232 | { 233 | goto E0; 234 | } 235 | 236 | thread_handle = CreateRemoteThread(process, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibraryA, (LPVOID)dll_name_address, 0, NULL); 237 | if (thread_handle == 0) 238 | { 239 | goto E0; 240 | } 241 | 242 | if (WaitForSingleObject(thread_handle, INFINITE) == WAIT_FAILED) 243 | { 244 | goto E2; 245 | } 246 | status = 1; 247 | E2: 248 | CloseHandle(thread_handle); 249 | E0: 250 | VirtualFreeEx(process, dll_name_address, MAX_PATH, MEM_RELEASE); 251 | 252 | return status; 253 | } 254 | 255 | DWORD get_process_id(PCSTR process_name) 256 | { 257 | DWORD pid = 0; 258 | HANDLE snp = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 259 | PROCESSENTRY32 entry{}; 260 | entry.dwSize = sizeof(PROCESSENTRY32); 261 | 262 | while (Process32Next(snp, &entry)) 263 | { 264 | CHAR uc_name[260]{}; 265 | for (int i = 0; i < 260; i++) 266 | { 267 | uc_name[i] = (char)entry.szExeFile[i]; 268 | } 269 | if (!_strcmpi(uc_name, process_name)) 270 | { 271 | pid = entry.th32ProcessID; 272 | break; 273 | } 274 | } 275 | CloseHandle(snp); 276 | 277 | return pid; 278 | } 279 | 280 | ULONG_PTR get_process_dll(DWORD process_id, PCSTR dll_name) 281 | { 282 | ULONG_PTR dll = 0; 283 | HANDLE snp = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, process_id); 284 | 285 | if (snp == 0) 286 | return 0; 287 | 288 | MODULEENTRY32 entry{}; 289 | entry.dwSize = sizeof(MODULEENTRY32); 290 | 291 | while (Module32Next(snp, &entry)) 292 | { 293 | CHAR uc_name[256]{}; 294 | for (int i = 0; i < 256; i++) 295 | { 296 | uc_name[i] = (char)entry.szModule[i]; 297 | } 298 | 299 | if (!_strcmpi(uc_name, dll_name)) 300 | { 301 | dll = (ULONG_PTR)entry.hModule; 302 | break; 303 | } 304 | } 305 | 306 | CloseHandle(snp); 307 | return dll; 308 | } 309 | 310 | BOOL get_process_info(PCSTR process_name, PROCESS_INFO *info) 311 | { 312 | BOOL status = 0; 313 | 314 | DWORD pid = get_process_id(process_name); 315 | if (pid == 0) 316 | return 0; 317 | 318 | HANDLE snp = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, pid); 319 | if (snp == 0) 320 | return 0; 321 | 322 | MODULEENTRY32 entry{}; 323 | entry.dwSize = sizeof(MODULEENTRY32); 324 | if (Module32First(snp, &entry)) 325 | { 326 | CHAR uc_name[260]{}; 327 | for (int i = 0; i < 260; i++) 328 | { 329 | uc_name[i] = (char)entry.szExePath[i]; 330 | } 331 | 332 | info->pid = pid; 333 | info->path = std::string(uc_name); 334 | 335 | status = 1; 336 | } 337 | CloseHandle(snp); 338 | 339 | return status; 340 | } 341 | 342 | GameState get_game_state(PCSTR process_name, PCSTR dll_name) 343 | { 344 | DWORD process_id = get_process_id(process_name); 345 | if (process_id == 0) 346 | return GameState::NotRunning; 347 | 348 | if (get_process_dll(process_id, dll_name) == 0) 349 | return GameState::RunningWithoutAC; 350 | 351 | return GameState::Running; 352 | } 353 | 354 | BOOL terminate_process(PCSTR process_name) 355 | { 356 | DWORD process_id = get_process_id(process_name); 357 | HANDLE process_handle = OpenProcess(PROCESS_ALL_ACCESS, 0, process_id); 358 | 359 | if (process_handle == 0) 360 | return 0; 361 | 362 | BOOL status = TerminateProcess(process_handle, EXIT_SUCCESS); 363 | 364 | CloseHandle(process_handle); 365 | 366 | return status; 367 | } 368 | 369 | -------------------------------------------------------------------------------- /CS2/mouse_input/dll/main.cpp: -------------------------------------------------------------------------------- 1 | #include "main.h" 2 | 3 | // 4 | // current components: 5 | // - usermode input inject detection 6 | // 7 | // missing components: 8 | // - validating mouse packets to game camera (this would cause harm for internal cheats) 9 | // 10 | 11 | std::vector get_input_devices(void); 12 | QWORD FindPattern(QWORD base, unsigned char* pattern, unsigned char* mask); 13 | 14 | namespace globals 15 | { 16 | std::vector device_list; 17 | WNDPROC game_window_proc = 0; 18 | DWORD invalid_cnt = 0; 19 | } 20 | 21 | // 22 | // missing component: validating incoming input to game camera 23 | // 24 | static LRESULT CALLBACK WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) 25 | { 26 | // 27 | // detect injected messages 28 | // https://stackoverflow.com/questions/69193249/how-to-distinguish-mouse-and-touchpad-events-using-getcurrentinputmessagesource 29 | // 30 | if ((uMsg >= WM_MOUSEFIRST && uMsg <= WM_MOUSELAST) || (uMsg >= WM_KEYFIRST && uMsg <= WM_KEYLAST) || (uMsg >= WM_TOUCH && uMsg <= WM_POINTERWHEEL)) 31 | { 32 | INPUT_MESSAGE_SOURCE src; 33 | if (GetCurrentInputMessageSource(&src)) 34 | { 35 | if (src.originId == IMO_INJECTED) 36 | { 37 | LOG("invalid mouse input detected %d\n", ++globals::invalid_cnt); 38 | uMsg = WM_NULL; 39 | } 40 | } 41 | } 42 | return CallWindowProc(globals::game_window_proc, hwnd, uMsg, wParam, lParam ); 43 | } 44 | 45 | __int64 (__fastcall *oWIN_HandleRawMouseInput)(QWORD timestamp, QWORD param1, HANDLE hDevice, RAWMOUSE *rawmouse); 46 | __int64 __fastcall WIN_HandleRawMouseInput(QWORD timestamp, QWORD param1, HANDLE hDevice, RAWMOUSE *rawmouse) 47 | { 48 | static DEVICE_INFO new_device{}; 49 | 50 | // 51 | // block all non used devices 52 | // 53 | if (globals::device_list.size() > 1) 54 | { 55 | DEVICE_INFO primary_dev{}; 56 | UINT64 max_calls = 0; 57 | 58 | for (DEVICE_INFO &dev : globals::device_list) 59 | { 60 | if (dev.total_calls > max_calls) 61 | { 62 | max_calls = dev.total_calls; 63 | primary_dev = dev; 64 | } 65 | } 66 | 67 | if (max_calls > 50) 68 | { 69 | primary_dev.timestamp = timestamp; 70 | globals::device_list.clear(); 71 | globals::device_list.push_back(primary_dev); 72 | LOG("primary input device has been now selected\n"); 73 | } 74 | } 75 | 76 | 77 | // 78 | // validate incoming rawinput device 79 | // 80 | BOOLEAN found = 0; 81 | for (DEVICE_INFO& dev : globals::device_list) 82 | { 83 | if (dev.handle == hDevice) 84 | { 85 | found = 1; 86 | dev.total_calls++; 87 | /* 88 | https://github.com/ekknod/acdrv.git this feature can be found from acdrv project 89 | if (timestamp - dev.timestamp < 500000) // if latency is less than 500000 ns (2000 Hz). tested with 1000hz mice. 90 | { 91 | // 92 | // https://www.unitjuggler.com/convert-frequency-from-Hz-to-ns(p).html?val=1550 93 | // 94 | LOG("Device: 0x%llx, timestamp: %lld, delta: [%lld]\n", (QWORD)hDevice, timestamp, timestamp - dev.timestamp); 95 | } 96 | */ 97 | dev.timestamp = timestamp; 98 | break; 99 | } 100 | } 101 | 102 | if (found) 103 | { 104 | // 105 | // did someone send empty mouse packet? 106 | // 107 | BOOL empty = 1; 108 | for (int i = sizeof(RAWMOUSE); i--;) 109 | { 110 | if (((BYTE*)rawmouse)[i] != 0) 111 | { 112 | empty = 0; 113 | break; 114 | } 115 | } 116 | 117 | 118 | if (empty) 119 | { 120 | LOG("Device: 0x%llx, timestamp: %lld, empty mouse packet\n", (QWORD)hDevice, timestamp); 121 | } 122 | } 123 | 124 | if (found == 0) 125 | { 126 | LOG("Device: 0x%llx, timestamp: %lld, multiple inputs\n", (QWORD)hDevice, timestamp); 127 | 128 | memset(rawmouse, 0, sizeof(RAWMOUSE)); 129 | 130 | if (new_device.handle == hDevice) 131 | { 132 | new_device.total_calls++; 133 | } 134 | else 135 | { 136 | if (new_device.handle) 137 | { 138 | new_device.total_calls = 0; 139 | } 140 | } 141 | 142 | // 143 | // initialize new device if invalid cnt reaches 150 144 | // - in case player decide to change mouse mid game 145 | // - this function is going to change the primary device 146 | // 147 | if (new_device.total_calls > 150) 148 | { 149 | std::vector devices = get_input_devices(); 150 | for (DEVICE_INFO &device : devices) 151 | { 152 | if (device.handle == hDevice) 153 | { 154 | // 155 | // select new primary device 156 | // 157 | device.timestamp = timestamp; 158 | globals::device_list.clear(); 159 | globals::device_list.push_back(device); 160 | new_device.total_calls = 0; 161 | LOG("primary input device has been now selected\n"); 162 | } 163 | } 164 | } 165 | new_device.handle = hDevice; 166 | } 167 | else 168 | { 169 | new_device.total_calls = 0; 170 | } 171 | return oWIN_HandleRawMouseInput(timestamp, param1, hDevice, rawmouse); 172 | } 173 | 174 | static void MainThread(void) 175 | { 176 | HWND window = 0; 177 | while (1) 178 | { 179 | window = FindWindowA("SDL_app", "Counter-Strike 2"); 180 | 181 | if (window != 0) 182 | { 183 | break; 184 | } 185 | 186 | Sleep(100); 187 | } 188 | globals::device_list = get_input_devices(); 189 | 190 | QWORD sdl = 0; 191 | while (!(sdl = (QWORD)GetModuleHandleA("SDL3.dll"))) Sleep(100); 192 | 193 | // sdl + 0xE5B40; 194 | QWORD sdl_rawinput = FindPattern(sdl, (PBYTE)"\x48\x89\x4C\x24\x08\x53\x55\x56\x41\x56\x48\x83\xEC\x68\x83\xBA", (PBYTE)"xxxxxxxxxxxxxxxx"); 195 | if (sdl_rawinput == 0) 196 | { 197 | LOG("plugin is outdated\n"); 198 | return; 199 | } 200 | 201 | MH_Initialize(); 202 | MH_CreateHook((LPVOID)sdl_rawinput, &WIN_HandleRawMouseInput, (LPVOID*)&oWIN_HandleRawMouseInput); 203 | MH_EnableHook((LPVOID)sdl_rawinput); 204 | 205 | globals::game_window_proc = (WNDPROC)SetWindowLongPtrW(window, (-4), (LONG_PTR)WindowProc); 206 | 207 | LOG("plugin is installed\n"); 208 | } 209 | 210 | VOID CALLBACK DllCallback( 211 | _In_ ULONG NotificationReason, 212 | _In_ PCLDR_DLL_NOTIFICATION_DATA NotificationData, 213 | _In_opt_ PVOID Context 214 | ) 215 | { 216 | UNREFERENCED_PARAMETER(Context); 217 | if (NotificationReason == LDR_DLL_NOTIFICATION_REASON_LOADED) 218 | { 219 | // LOG("%ws\n", NotificationData->Loaded.BaseDllName->Buffer); 220 | } 221 | else if (NotificationReason == LDR_DLL_NOTIFICATION_REASON_UNLOADED) 222 | { 223 | } 224 | } 225 | 226 | BOOL WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID Reserved) 227 | { 228 | if (dwReason == DLL_PROCESS_ATTACH) 229 | { 230 | AllocConsole(); 231 | freopen("CONOUT$", "w", stdout); 232 | CloseHandle(CreateThread(0, 0, (LPTHREAD_START_ROUTINE)MainThread, 0, 0, 0)); 233 | NTSTATUS (NTAPI *LdrRegisterDllNotification)( 234 | _In_ ULONG Flags, 235 | _In_ PLDR_DLL_NOTIFICATION_FUNCTION NotificationFunction, 236 | _In_opt_ PVOID Context, 237 | _Out_ PVOID *Cookie 238 | ); 239 | VOID *dll_callback_handle = 0; 240 | *(void**)&LdrRegisterDllNotification = (void*)GetProcAddress(LoadLibraryA("ntdll.dll"), "LdrRegisterDllNotification"); 241 | LdrRegisterDllNotification(0, DllCallback, 0, &dll_callback_handle); 242 | 243 | } 244 | return 1; 245 | } 246 | 247 | std::vector get_input_devices(void) 248 | { 249 | std::vector devices; 250 | 251 | 252 | // 253 | // get number of devices 254 | // 255 | UINT device_count = 0; 256 | GetRawInputDeviceList(0, &device_count, sizeof(RAWINPUTDEVICELIST)); 257 | 258 | 259 | // 260 | // allocate space for device list 261 | // 262 | RAWINPUTDEVICELIST *device_list = (RAWINPUTDEVICELIST *)malloc(sizeof(RAWINPUTDEVICELIST) * device_count); 263 | 264 | 265 | // 266 | // get list of input devices 267 | // 268 | GetRawInputDeviceList(device_list, &device_count, sizeof(RAWINPUTDEVICELIST)); 269 | 270 | 271 | for (UINT i = 0; i < device_count; i++) 272 | { 273 | // 274 | // skip non mouse devices ; we can adjust this in future 275 | // 276 | if (device_list[i].dwType != RIM_TYPEMOUSE) 277 | { 278 | continue; 279 | } 280 | 281 | 282 | // 283 | // add new device to our dynamic list 284 | // 285 | DEVICE_INFO info{}; 286 | info.handle = device_list[i].hDevice; 287 | devices.push_back(info); 288 | } 289 | 290 | 291 | // 292 | // touchpad / mouse_event 293 | // 294 | DEVICE_INFO touchpad{}; 295 | touchpad.handle = 0; 296 | devices.push_back(touchpad); 297 | 298 | 299 | // 300 | // free resources 301 | // 302 | free(device_list); 303 | 304 | 305 | return devices; 306 | } 307 | 308 | static int CheckMask(unsigned char* base, unsigned char* pattern, unsigned char* mask) 309 | { 310 | for (; *mask; ++base, ++pattern, ++mask) 311 | if (*mask == 'x' && *base != *pattern) 312 | return 0; 313 | return 1; 314 | } 315 | 316 | void *FindPatternEx(unsigned char* base, QWORD size, unsigned char* pattern, unsigned char* mask) 317 | { 318 | size -= strlen((const char *)mask); 319 | for (QWORD i = 0; i <= size; ++i) { 320 | void* addr = &base[i]; 321 | if (CheckMask((unsigned char *)addr, pattern, mask)) 322 | return addr; 323 | } 324 | return 0; 325 | } 326 | 327 | QWORD FindPattern(QWORD base, unsigned char* pattern, unsigned char* mask) 328 | { 329 | if (base == 0) 330 | { 331 | return 0; 332 | } 333 | 334 | QWORD nt_header = (QWORD)*(DWORD*)(base + 0x03C) + base; 335 | if (nt_header == base) 336 | { 337 | return 0; 338 | } 339 | 340 | WORD machine = *(WORD*)(nt_header + 0x4); 341 | QWORD section_header = machine == 0x8664 ? 342 | nt_header + 0x0108 : 343 | nt_header + 0x00F8; 344 | 345 | for (WORD i = 0; i < *(WORD*)(nt_header + 0x06); i++) { 346 | QWORD section = section_header + ((QWORD)i * 40); 347 | 348 | DWORD section_characteristics = *(DWORD*)(section + 0x24); 349 | 350 | if (section_characteristics & 0x00000020 && !(section_characteristics & 0x02000000)) 351 | { 352 | QWORD virtual_address = base + (QWORD)*(DWORD*)(section + 0x0C); 353 | DWORD virtual_size = *(DWORD*)(section + 0x08); 354 | 355 | void *found_pattern = FindPatternEx( (unsigned char*)virtual_address, virtual_size, pattern, mask); 356 | if (found_pattern) 357 | { 358 | return (QWORD)found_pattern; 359 | } 360 | } 361 | } 362 | return 0; 363 | } 364 | 365 | --------------------------------------------------------------------------------