├── Loader ├── SteepCheat Loader.sln ├── ico.ico ├── lib and web.txt └── main │ ├── RSAkey.h │ ├── client │ ├── client.cpp │ └── client.hpp │ ├── debug utils │ ├── APIs.cpp │ ├── APIs.h │ ├── ApiTypeDefs.cpp │ ├── ApiTypeDefs.h │ ├── CMemPtr.h │ ├── DebugUtils.cpp │ ├── DebugUtils.h │ ├── Hash.h │ ├── Helpers.h │ ├── Helpers2.h │ ├── MurmurHash2A.cpp │ ├── MurmurHash2A.h │ ├── Native.h │ ├── PointerHashFunc.h │ ├── ScyllaHideDetector.cpp │ ├── ScyllaHideDetector.h │ ├── VersionHelpers.h │ ├── WinStructs.h │ ├── XorStr.h │ ├── crc32.cpp │ ├── crc32.h │ ├── export_work.cpp │ ├── export_work.h │ ├── gh_syscall.cpp │ ├── gh_syscall.h │ ├── hash_work.cpp │ ├── hash_work.h │ ├── internal.h │ ├── ldasm.cpp │ ├── ldasm.h │ ├── nt_defs.h │ ├── pch.h │ ├── syscall_defs.h │ └── winapifamily.h │ ├── drv_mapper │ ├── intel_driver.cpp │ ├── intel_driver.hpp │ ├── intel_driver_resource.hpp │ ├── mapper.cpp │ ├── mapper.hpp │ ├── nt.hpp │ ├── portable_executable.cpp │ ├── portable_executable.hpp │ ├── service.cpp │ ├── service.hpp │ ├── utils.cpp │ └── utils.hpp │ ├── encrypt-decrypt │ ├── encrypt-decrypt.cpp │ ├── encrypt-decrypt.hpp │ └── md5.hpp │ ├── globals.hpp │ ├── libcurl.lib │ ├── main.cpp │ ├── menu │ ├── ImGui │ │ ├── background.h │ │ ├── faprolight.hpp │ │ ├── font.cpp │ │ ├── font.h │ │ ├── hashes.h │ │ ├── images.hpp │ │ ├── imconfig.h │ │ ├── imgui.cpp │ │ ├── imgui.h │ │ ├── imgui_draw.cpp │ │ ├── imgui_impl_dx9.cpp │ │ ├── imgui_impl_dx9.h │ │ ├── imgui_impl_win32.cpp │ │ ├── imgui_impl_win32.h │ │ ├── imgui_internal.h │ │ ├── imgui_rotate.hpp │ │ ├── imgui_widgets.cpp │ │ ├── imstb_rectpack.h │ │ ├── imstb_textedit.h │ │ └── imstb_truetype.h │ └── registrywindow.hpp │ ├── rose-m.vcxproj │ ├── rose-m.vcxproj.filters │ ├── rose-m.vcxproj.user │ ├── syscalls │ ├── apiset.cpp │ ├── apiset.h │ ├── debugsecurity.cpp │ ├── debugsecurity.h │ ├── includes.h │ ├── native.h │ ├── pe.h │ ├── syscalls.cpp │ ├── syscalls.h │ ├── util.cpp │ └── util.h │ ├── utilities │ ├── anti-hook.h │ ├── lazy_importer.hpp │ ├── security.cpp │ ├── security.h │ ├── utilities.cpp │ ├── utilities.hpp │ └── xorstr.hpp │ └── xorstr2.h ├── README.md ├── Steepcheat_xenforo ├── AES │ ├── AES.h │ └── md5.h ├── ImGui │ ├── imconfig.h │ ├── imgui.cpp │ ├── imgui.h │ ├── imgui_draw.cpp │ ├── imgui_impl_dx9.cpp │ ├── imgui_impl_dx9.h │ ├── imgui_internal.h │ ├── stb_rect_pack.h │ ├── stb_textedit.h │ └── stb_truetype.h ├── Steepcheat_xenforo.vcxproj ├── Steepcheat_xenforo.vcxproj.filters ├── Steepcheat_xenforo.vcxproj.user ├── Utilities │ ├── Utilities.h │ └── skCrypt.h ├── WebRequest │ ├── WebRequest.cpp │ └── WebRequest.h ├── WndProc.h ├── global.h ├── main.cpp ├── rawCheat.h └── web │ ├── auth.php │ ├── check.php │ ├── config.php │ ├── download.php │ ├── load.php │ ├── load │ └── RuExCompact.php │ ├── load_full.php │ ├── loadlow.php │ └── session.php ├── cheat-callhook-driver.7z └── cheat-ioctl-driver.7z /Loader/SteepCheat Loader.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 16 4 | VisualStudioVersion = 16.0.30320.27 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rose-m", "main\rose-m.vcxproj", "{518E0636-BA8F-459D-ACAC-81BD33475E3E}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|x64 = Debug|x64 11 | Debug|x86 = Debug|x86 12 | Release|x64 = Release|x64 13 | Release|x86 = Release|x86 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {518E0636-BA8F-459D-ACAC-81BD33475E3E}.Debug|x64.ActiveCfg = Debug|x64 17 | {518E0636-BA8F-459D-ACAC-81BD33475E3E}.Debug|x64.Build.0 = Debug|x64 18 | {518E0636-BA8F-459D-ACAC-81BD33475E3E}.Debug|x86.ActiveCfg = Debug|Win32 19 | {518E0636-BA8F-459D-ACAC-81BD33475E3E}.Debug|x86.Build.0 = Debug|Win32 20 | {518E0636-BA8F-459D-ACAC-81BD33475E3E}.Release|x64.ActiveCfg = Release|x64 21 | {518E0636-BA8F-459D-ACAC-81BD33475E3E}.Release|x64.Build.0 = Release|x64 22 | {518E0636-BA8F-459D-ACAC-81BD33475E3E}.Release|x86.ActiveCfg = Release|Win32 23 | {518E0636-BA8F-459D-ACAC-81BD33475E3E}.Release|x86.Build.0 = Release|Win32 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | GlobalSection(ExtensibilityGlobals) = postSolution 29 | SolutionGuid = {83D5D338-2A6D-49D5-B1DF-BDD34FB5CC9F} 30 | EndGlobalSection 31 | EndGlobal 32 | -------------------------------------------------------------------------------- /Loader/ico.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idarlingid/rust-cheat-paste/25e2ae793d6a97b5158aa56a700e3418fd7ce284/Loader/ico.ico -------------------------------------------------------------------------------- /Loader/lib and web.txt: -------------------------------------------------------------------------------- 1 | https://disk.yandex.uz/d/2O6uCcp-jWiM3Q - web 2 | https://disk.yandex.uz/d/NH15mV4ceHon-g - libs 3 | -------------------------------------------------------------------------------- /Loader/main/RSAkey.h: -------------------------------------------------------------------------------- 1 | namespace Crypt 2 | { 3 | char Key[256] = 4 | { 5 | 'f','k','g','a','c','i','s','j', 6 | 'p','e','p','a','p','h','u','j', 7 | 'm','j','j','r','n','h','o','r', 8 | 'v','i','z','h','q','v','z','d', 9 | 'v','n','v','y','l','h','f','k', 10 | 'c','b','d','s','b','y','h','o', 11 | 'i','z','q','j','r','j','s','s', 12 | 'p','m','x','s','d','t','n','a', 13 | 'i','u','j','x','w','s','q','b', 14 | 'k','s','u','n','s','n','a','g', 15 | 'y','a','q','y','h','d','f','y', 16 | 'y','s','t','l','a','b','a','o', 17 | 'q','g','s','o','n','q','x','y', 18 | 's','n','v','w','c','i','g','e', 19 | 'v','b','f','x','o','u','j','v', 20 | 'y','f','x','o','y','o','x','c', 21 | 'w','p','w','x','h','q','t','q', 22 | 'q','t','s','b','y','l','j','h', 23 | 'i','f','p','b','p','w','x','o', 24 | 'x','l','h','o','m','k','e','z', 25 | 'z','n','c','o','z','w','q','w', 26 | 'v','i','f','r','k','m','d','s', 27 | 'p','w','t','i','q','p','t','j', 28 | 'y','p','d','a','r','l','j','z', 29 | 'j','i','s','u','d','w','u','z', 30 | 'v','t','q','u','r','d','c','f', 31 | 'k','s','f','f','n','d','l','l', 32 | 'i','v','n','g','m','l','r','i', 33 | 'b','y','u','i','q','l','e','e', 34 | 'j','z','o','r','n','o','n','h', 35 | 'z','d','l','u','v','p','s','v', 36 | 'n','w','e','e','f','n','o','m' 37 | }; 38 | } 39 | -------------------------------------------------------------------------------- /Loader/main/client/client.cpp: -------------------------------------------------------------------------------- 1 |  2 | #include "client.hpp" 3 | #include "../encrypt-decrypt/encrypt-decrypt.hpp" 4 | //#include "../aes.h" 5 | #include "../utilities/utilities.hpp" 6 | #include "../globals.hpp" 7 | #include 8 | #pragma comment(lib, "urlmon.lib") 9 | #include 10 | #include 11 | #include "../utilities/security.h" 12 | namespace client 13 | { 14 | __forceinline std::string authentication() 15 | { 16 | char request[512]; 17 | std::string tempory_cipher_key; 18 | std::string tempory_iv_key; 19 | 20 | std::vector vector_tempory_key; 21 | 22 | li(sprintf)(request, xorstr_("/api/session.php")); 23 | 24 | std::string unprotect_request = utilities::request_to_server(g_globals.server_side.ip, request); 25 | 26 | unprotect_request = aes::decrypt(unprotect_request, xorstr_("r92i5LrY0C5yqONI641qMQe3GA2mXqEt"), xorstr_("H7bbH9JfoFGLcu8z")); 27 | 28 | for (std::size_t pos = 0; pos < unprotect_request.size(); pos += 64) 29 | tempory_cipher_key = vector_tempory_key.emplace_back(unprotect_request.data() + pos, unprotect_request.data() + min(pos + 32, unprotect_request.size())); 30 | 31 | for (std::size_t pos = 0; pos < unprotect_request.size(); pos += 32) 32 | tempory_iv_key = vector_tempory_key.emplace_back(unprotect_request.data() + pos, unprotect_request.data() + min(pos + 32, unprotect_request.size())); 33 | 34 | std::string protect_request = aes::encrypt(unprotect_request.c_str(), tempory_cipher_key, tempory_iv_key); 35 | 36 | unprotect_request = aes::encrypt(unprotect_request.c_str(), xorstr_("r92i5LrY0C5yqONI641qMQe3GA2mXqEt"), xorstr_("H7bbH9JfoFGLcu8z")); // static keys 37 | 38 | li(sprintf)(request, xorstr_("/api/authentication.php?a=%s&b=%s"), unprotect_request.c_str(), protect_request.c_str()); 39 | std::string response = utilities::request_to_server(g_globals.server_side.ip, request); 40 | 41 | std::vector split_key = utilities::split_string(response.c_str(), xorstr_(";")); 42 | 43 | g_globals.server_side.key.cipher = aes::decrypt(split_key[0], tempory_cipher_key, tempory_iv_key); 44 | g_globals.server_side.key.iv = aes::decrypt(split_key[1], tempory_cipher_key, tempory_iv_key); 45 | 46 | if (g_globals.server_side.key.cipher.size() != 32 || g_globals.server_side.key.iv.size() != 16) 47 | return xorstr_("internal_error"); 48 | 49 | else if (response == aes::encrypt(xorstr_("data_error"), g_globals.server_side.key.cipher, g_globals.server_side.key.iv)) 50 | return xorstr_("internal_error"); 51 | 52 | return xorstr_("success"); 53 | } 54 | 55 | static void append_line2file(std::string filepath, std::string line) 56 | { 57 | std::ofstream file; 58 | file.open(filepath, std::ios::out | std::ios::app); 59 | if (file.fail()) 60 | { 61 | throw std::ios_base::failure(std::strerror(errno)); 62 | } 63 | file.exceptions(file.exceptions() | std::ios::failbit | std::ifstream::badbit); 64 | file << line << std::endl; 65 | } 66 | #define SELF_REMOVE_STRING TEXT(xorstr_("cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q \"%s\"")) 67 | __forceinline void RenameAndDestroy() 68 | { 69 | TCHAR szExeFileName[MAX_PATH]; 70 | GetModuleFileName(NULL, szExeFileName, MAX_PATH); 71 | std::string newname = utilities::get_random_string(8).c_str(); 72 | std::string extension = (xorstr_(".exe")); 73 | std::string newextension = newname + extension; 74 | rename(szExeFileName, newextension.c_str()); 75 | { 76 | TCHAR szCmd[2 * MAX_PATH]; 77 | STARTUPINFO si = { 0 }; 78 | PROCESS_INFORMATION pi = { 0 }; 79 | GetModuleFileName(NULL, szExeFileName, MAX_PATH); 80 | StringCbPrintf(szCmd, 2 * MAX_PATH, SELF_REMOVE_STRING, newextension.c_str()); 81 | CreateProcess(NULL, szCmd, NULL, NULL, FALSE, CREATE_NO_WINDOW, NULL, NULL, &si, &pi); 82 | CloseHandle(pi.hThread); 83 | CloseHandle(pi.hProcess); 84 | } 85 | raise(11); 86 | } 87 | __forceinline void Rename() 88 | { 89 | TCHAR szExeFileName[MAX_PATH]; 90 | GetModuleFileName(NULL, szExeFileName, MAX_PATH); 91 | std::string newname = utilities::get_random_string(16).c_str(); 92 | std::string extension = (xorstr_(".exe")); 93 | std::string newextension = newname + extension; 94 | rename(szExeFileName, newextension.c_str()); 95 | } 96 | __forceinline void Update() 97 | { 98 | TCHAR szExeFileName[MAX_PATH]; 99 | GetModuleFileName(NULL, szExeFileName, MAX_PATH); 100 | std::string newname = utilities::get_random_string(8).c_str(); 101 | std::string extension = (xorstr_(".exe")); 102 | std::string newextension = newname + extension; 103 | std::string URL = xorstr_("https://steepcheat.pw/download.php"); 104 | std::string Path = (xorstr_("./")) + newextension; 105 | URLDownloadToFileA(NULL, URL.c_str(), Path.c_str(), 0, NULL); 106 | char bytes[4]; 107 | memset(bytes, '0', sizeof(char) * 4); 108 | std::string apps(bytes); 109 | append_line2file(newextension, apps); 110 | } 111 | 112 | __forceinline std::string valid_version() 113 | { 114 | char request[512]; 115 | 116 | std::string version = aes::encrypt(g_globals.client_side.version, g_globals.server_side.key.cipher, g_globals.server_side.key.iv); 117 | 118 | li(sprintf)(request, xorstr_("/api/version.php?a=%s"), version.c_str()); 119 | 120 | std::string response = utilities::request_to_server(g_globals.server_side.ip, request); 121 | 122 | if (response != aes::encrypt(xorstr_("incorrect_version"), g_globals.server_side.key.cipher, g_globals.server_side.key.iv)) 123 | { 124 | std::vector split_response = utilities::split_string(response.c_str(), xorstr_(";")); 125 | g_globals.server_side.version = aes::decrypt(split_response[0], g_globals.server_side.key.cipher, g_globals.server_side.key.iv); 126 | g_globals.server_side.status = aes::decrypt(split_response[1], g_globals.server_side.key.cipher, g_globals.server_side.key.iv); 127 | } 128 | else if (response == aes::encrypt(xorstr_("incorrect_version"), g_globals.server_side.key.cipher, g_globals.server_side.key.iv)) 129 | { 130 | Update(); 131 | return NULL; 132 | } 133 | if (g_globals.server_side.version == g_globals.client_side.version && g_globals.server_side.status == xorstr_("Disabled")) 134 | { 135 | li(MessageBoxA)(NULL, xorstr_("Loader is currently disabled."), utilities::get_random_string(16).c_str(), MB_SYSTEMMODAL | MB_ICONERROR); 136 | return NULL; 137 | } 138 | if (g_globals.server_side.version == g_globals.client_side.version && g_globals.server_side.status == xorstr_("Technical work")) 139 | { 140 | li(MessageBoxA)(NULL, xorstr_("Loader is currently on technical work."), utilities::get_random_string(16).c_str(), MB_SYSTEMMODAL | MB_ICONERROR); 141 | return NULL; 142 | } 143 | return response; 144 | } 145 | __forceinline std::string activation() 146 | { 147 | char request[512]; 148 | 149 | std::string key = aes::encrypt(g_globals.client_side.data.key.c_str(), g_globals.server_side.key.cipher, g_globals.server_side.key.iv); 150 | std::string hwid = aes::encrypt(g_globals.client_side.data.hwid.c_str(), g_globals.server_side.key.cipher, g_globals.server_side.key.iv); 151 | 152 | li(sprintf)(request, xorstr_("/api/activation.php?a=%s&b=%s"), key.c_str(), hwid.c_str()); 153 | std::string response = utilities::request_to_server(g_globals.server_side.ip, request); 154 | 155 | return response; 156 | } 157 | __forceinline std::string banuser() 158 | { 159 | char request[512]; 160 | 161 | std::string key = aes::encrypt(g_globals.client_side.data.key.c_str(), g_globals.server_side.key.cipher, g_globals.server_side.key.iv); 162 | std::string hwid = aes::encrypt(g_globals.client_side.data.hwid.c_str(), g_globals.server_side.key.cipher, g_globals.server_side.key.iv); 163 | 164 | li(sprintf)(request, xorstr_("/api/banuser.php?a=%s&b=%s"), key.c_str(), hwid.c_str()); 165 | std::string response = utilities::request_to_server(g_globals.server_side.ip, request); 166 | 167 | return response; 168 | } 169 | __forceinline void BanThread() 170 | { 171 | while (true) 172 | { 173 | if (activation() == aes::encrypt(xorstr_("banned"), g_globals.server_side.key.cipher, g_globals.server_side.key.iv)) 174 | raise(11); 175 | 176 | Sleep(5000); 177 | } 178 | } 179 | } -------------------------------------------------------------------------------- /Loader/main/client/client.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | 5 | namespace client 6 | { 7 | extern __forceinline std::string authentication(); 8 | extern __forceinline void RenameAndDestroy(); 9 | extern __forceinline void Rename(); 10 | extern __forceinline void Update(); 11 | extern __forceinline std::string valid_version(); 12 | extern __forceinline std::string activation(); 13 | extern __forceinline std::string banuser(); 14 | extern __forceinline void BanThread(); 15 | } 16 | -------------------------------------------------------------------------------- /Loader/main/debug utils/APIs.cpp: -------------------------------------------------------------------------------- 1 | #include "pch.h" 2 | #include "APIs.h" 3 | 4 | #define API_COUNT (sizeof(ApiData)/sizeof(*ApiData)) 5 | 6 | API_DATA ApiData[] = { 7 | /* Identifier Library Export Name X86/X64/either Minimum OS Version Removed in OS Version */ 8 | { API_IDENTIFIER::API_CsrGetProcessId, "ntdll.dll", "CsrGetProcessId", API_OS_BITS::ANY, API_OS_VERSION::WIN_XP, API_OS_VERSION::NONE }, 9 | { API_IDENTIFIER::API_EnumSystemFirmwareTables, "kernel32.dll", "EnumSystemFirmwareTables", API_OS_BITS::ANY, API_OS_VERSION::WIN_VISTA, API_OS_VERSION::NONE }, 10 | { API_IDENTIFIER::API_GetNativeSystemInfo, "kernel32.dll", "GetNativeSystemInfo", API_OS_BITS::ANY, API_OS_VERSION::WIN_XP, API_OS_VERSION::NONE }, 11 | { API_IDENTIFIER::API_GetProductInfo, "kernel32.dll", "GetProductInfo", API_OS_BITS::ANY, API_OS_VERSION::WIN_XP, API_OS_VERSION::NONE }, 12 | { API_IDENTIFIER::API_GetSystemFirmwareTable, "kernel32.dll", "GetSystemFirmwareTable", API_OS_BITS::ANY, API_OS_VERSION::WIN_VISTA, API_OS_VERSION::NONE }, 13 | { API_IDENTIFIER::API_IsWow64Process, "kernel32.dll", "IsWow64Process", API_OS_BITS::ANY, API_OS_VERSION::WIN_XP_SP2, API_OS_VERSION::NONE }, 14 | { API_IDENTIFIER::API_LdrEnumerateLoadedModules, "ntdll.dll", "LdrEnumerateLoadedModules", API_OS_BITS::ANY, API_OS_VERSION::WIN_XP_SP1, API_OS_VERSION::NONE }, 15 | { API_IDENTIFIER::API_NtClose, "ntdll.dll", "NtClose", API_OS_BITS::ANY, API_OS_VERSION::WIN_XP, API_OS_VERSION::NONE }, 16 | { API_IDENTIFIER::API_NtCreateDebugObject, "ntdll.dll", "NtCreateDebugObject", API_OS_BITS::ANY, API_OS_VERSION::WIN_XP, API_OS_VERSION::NONE }, 17 | { API_IDENTIFIER::API_NtDelayExecution, "ntdll.dll", "NtDelayExecution", API_OS_BITS::ANY, API_OS_VERSION::WIN_XP, API_OS_VERSION::NONE }, 18 | { API_IDENTIFIER::API_NtQueryInformationThread, "ntdll.dll", "NtQueryInformationThread", API_OS_BITS::ANY, API_OS_VERSION::WIN_XP, API_OS_VERSION::NONE }, 19 | { API_IDENTIFIER::API_NtQueryInformationProcess, "ntdll.dll", "NtQueryInformationProcess", API_OS_BITS::ANY, API_OS_VERSION::WIN_XP, API_OS_VERSION::NONE }, 20 | { API_IDENTIFIER::API_NtQueryObject, "ntdll.dll", "NtQueryObject", API_OS_BITS::ANY, API_OS_VERSION::WIN_XP, API_OS_VERSION::NONE }, 21 | { API_IDENTIFIER::API_NtQuerySystemInformation, "ntdll.dll", "NtQuerySystemInformation", API_OS_BITS::ANY, API_OS_VERSION::WIN_XP, API_OS_VERSION::NONE }, 22 | { API_IDENTIFIER::API_NtSetInformationThread, "ntdll.dll", "NtSetInformationThread", API_OS_BITS::ANY, API_OS_VERSION::WIN_XP, API_OS_VERSION::NONE }, 23 | { API_IDENTIFIER::API_NtWow64QueryInformationProcess64, "ntdll.dll", "NtWow64QueryInformationProcess64", API_OS_BITS::X86_ONLY, API_OS_VERSION::WIN_XP_SP1, API_OS_VERSION::NONE }, 24 | { API_IDENTIFIER::API_NtWow64ReadVirtualMemory64, "ntdll.dll", "NtWow64ReadVirtualMemory64", API_OS_BITS::X86_ONLY, API_OS_VERSION::WIN_XP_SP1, API_OS_VERSION::NONE }, 25 | { API_IDENTIFIER::API_NtWow64QueryVirtualMemory64, "ntdll.dll", "NtWow64QueryVirtualMemory64", API_OS_BITS::ANY, API_OS_VERSION::WIN_XP_SP1, API_OS_VERSION::WIN_10 }, 26 | { API_IDENTIFIER::API_NtYieldExecution, "ntdll.dll", "NtYieldExecution", API_OS_BITS::ANY, API_OS_VERSION::WIN_XP, API_OS_VERSION::NONE }, 27 | { API_IDENTIFIER::API_RtlGetVersion, "ntdll.dll", "RtlGetVersion", API_OS_BITS::ANY, API_OS_VERSION::WIN_XP, API_OS_VERSION::NONE }, 28 | { API_IDENTIFIER::API_WudfIsAnyDebuggerPresent, "WUDFPlatform.dll", "WudfIsAnyDebuggerPresent", API_OS_BITS::X64_ONLY, API_OS_VERSION::WIN_VISTA, API_OS_VERSION::NONE }, 29 | { API_IDENTIFIER::API_WudfIsKernelDebuggerPresent, "WUDFPlatform.dll", "WudfIsKernelDebuggerPresent", API_OS_BITS::X64_ONLY, API_OS_VERSION::WIN_VISTA, API_OS_VERSION::NONE }, 30 | { API_IDENTIFIER::API_WudfIsUserDebuggerPresent, "WUDFPlatform.dll", "WudfIsUserDebuggerPresent", API_OS_BITS::X64_ONLY, API_OS_VERSION::WIN_VISTA, API_OS_VERSION::NONE }, 31 | { API_IDENTIFIER::API_NtQueryLicenseValue, "ntdll.dll", "NtQueryLicenseValue", API_OS_BITS::ANY, API_OS_VERSION::WIN_VISTA, API_OS_VERSION::NONE }, 32 | { API_IDENTIFIER::API_RtlInitUnicodeString, "ntdll.dll", "RtlInitUnicodeString", API_OS_BITS::ANY, API_OS_VERSION::WIN_XP, API_OS_VERSION::NONE } 33 | }; 34 | 35 | void API::Init() 36 | { 37 | for (int i = 0; i < API_COUNT; i++) 38 | { 39 | ApiData[i].ExpectedAvailable = ShouldFunctionExistOnCurrentPlatform(ApiData[i].PlatformBits, ApiData[i].MinVersion, ApiData[i].RemovedInVersion); 40 | 41 | HMODULE hLib = hash_LoadLibraryA(ApiData[i].Library); 42 | if (hLib == NULL) 43 | { 44 | ApiData[i].Available = false; 45 | continue; 46 | } 47 | ApiData[i].Pointer = hash_GetProcAddress(hLib, ApiData[i].EntryName); 48 | if (ApiData[i].Pointer == NULL) 49 | { 50 | ApiData[i].Available = false; 51 | continue; 52 | } 53 | else 54 | { 55 | ApiData[i].Available = true; 56 | } 57 | } 58 | } 59 | 60 | bool API::ShouldFunctionExistOnCurrentPlatform(API_OS_BITS bits, API_OS_VERSION minVersion, API_OS_VERSION removedInVersion) 61 | { 62 | // check if the API should exist on the OS 63 | 64 | // does it meet bitness requirements? 65 | if (bits != API_OS_BITS::ANY) 66 | { 67 | #ifdef ENV64BIT 68 | if (bits != API_OS_BITS::X64_ONLY) 69 | return false; 70 | #endif 71 | #ifdef ENV32BIT 72 | if (bits != API_OS_BITS::X86_ONLY) 73 | return false; 74 | #endif 75 | } 76 | 77 | // does it meet minimum version 78 | bool foundMinVer = false; 79 | bool metMinimumRequirement = false; 80 | 81 | for (int i = 0; i < API_OS_VERSION::VERSION_MAX; i++) 82 | { 83 | if (i == API_OS_VERSION::NONE) 84 | continue; 85 | 86 | if (VersionFunctionMap[i].Version == minVersion) 87 | { 88 | foundMinVer = true; 89 | metMinimumRequirement = VersionFunctionMap[i].Function(); 90 | } 91 | } 92 | if (!foundMinVer) 93 | { 94 | printf("ERROR: Minimum version value was invalid.\n"); 95 | assert(false); 96 | return false; 97 | } 98 | if (!metMinimumRequirement) 99 | return false; 100 | 101 | // if there's no maximum OS restriction, the API should exist 102 | if (removedInVersion == API_OS_VERSION::NONE) 103 | return true; 104 | 105 | // we have an upper restriction. was the API removed in this version? 106 | bool foundRemovedVer = false; 107 | bool metMaximumRequirement = false; 108 | for (int i = 0; i < API_OS_VERSION::VERSION_MAX; i++) 109 | { 110 | if (VersionFunctionMap[i].Version == removedInVersion) 111 | { 112 | foundRemovedVer = true; 113 | metMaximumRequirement = !VersionFunctionMap[i].Function(); 114 | } 115 | } 116 | if (!foundRemovedVer) 117 | { 118 | printf("ERROR: Removed version value was invalid.\n"); 119 | assert(false); 120 | return false; 121 | } 122 | 123 | return metMaximumRequirement; 124 | } 125 | 126 | void API::PrintAvailabilityReport() 127 | { 128 | int warningCount = 0; 129 | for (int i = 0; i < API_COUNT; i++) 130 | { 131 | if (ApiData[i].ExpectedAvailable && !ApiData[i].Available) 132 | { 133 | printf("[*] Warning: API %s!%s was expected to exist but was not found.\n", ApiData[i].Library, ApiData[i].EntryName); 134 | warningCount += 1; 135 | } 136 | } 137 | if (warningCount == 0) 138 | { 139 | printf("[*] All APIs present and accounted for.\n"); 140 | } 141 | } 142 | 143 | bool API::IsAvailable(API_IDENTIFIER api) 144 | { 145 | for (int i = 0; i < API_COUNT; i++) 146 | { 147 | if (ApiData[i].Identifier == api) 148 | { 149 | return ApiData[i].Available; 150 | } 151 | } 152 | assert(false); 153 | return false; 154 | } 155 | 156 | void* API::GetAPI(API_IDENTIFIER api) 157 | { 158 | for (int i = 0; i < API_COUNT; i++) 159 | { 160 | if (ApiData[i].Identifier == api) 161 | { 162 | if (ApiData[i].Available) 163 | { 164 | return ApiData[i].Pointer; 165 | } 166 | else 167 | { 168 | return nullptr; 169 | } 170 | } 171 | } 172 | assert(false); 173 | return nullptr; 174 | } 175 | -------------------------------------------------------------------------------- /Loader/main/debug utils/APIs.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | enum API_IDENTIFIER 4 | { 5 | API_CsrGetProcessId, 6 | API_EnumSystemFirmwareTables, 7 | API_GetSystemFirmwareTable, 8 | API_GetNativeSystemInfo, 9 | API_GetProductInfo, 10 | API_IsWow64Process, 11 | API_LdrEnumerateLoadedModules, 12 | API_NtClose, 13 | API_NtCreateDebugObject, 14 | API_NtDelayExecution, 15 | API_NtQueryInformationThread, 16 | API_NtQueryInformationProcess, 17 | API_NtQueryObject, 18 | API_NtQuerySystemInformation, 19 | API_NtSetInformationThread, 20 | API_NtWow64QueryInformationProcess64, 21 | API_NtWow64QueryVirtualMemory64, 22 | API_NtWow64ReadVirtualMemory64, 23 | API_NtYieldExecution, 24 | API_RtlGetVersion, 25 | API_WudfIsAnyDebuggerPresent, 26 | API_WudfIsKernelDebuggerPresent, 27 | API_WudfIsUserDebuggerPresent, 28 | API_NtQueryLicenseValue, 29 | API_RtlInitUnicodeString 30 | }; 31 | 32 | enum API_OS_VERSION 33 | { 34 | NONE, 35 | WIN_XP, 36 | WIN_XP_SP1, 37 | WIN_XP_SP2, 38 | WIN_XP_SP3, 39 | WIN_VISTA, 40 | WIN_VISTA_SP1, 41 | WIN_VISTA_SP2, 42 | WIN_7, 43 | WIN_7_SP1, 44 | WIN_80, 45 | WIN_81, 46 | WIN_10, 47 | VERSION_MAX 48 | }; 49 | 50 | enum API_OS_BITS 51 | { 52 | ANY, 53 | X86_ONLY, 54 | X64_ONLY, 55 | }; 56 | 57 | struct VERSION_FUNCTION_MAP 58 | { 59 | API_OS_VERSION Version; 60 | bool(*Function)(); 61 | 62 | VERSION_FUNCTION_MAP(API_OS_VERSION version, bool(*function)()) 63 | { 64 | Version = version; 65 | Function = function; 66 | } 67 | 68 | VERSION_FUNCTION_MAP() 69 | { 70 | } 71 | }; 72 | 73 | struct API_DATA 74 | { 75 | API_IDENTIFIER Identifier; 76 | const char* Library; 77 | const char* EntryName; 78 | API_OS_BITS PlatformBits; 79 | API_OS_VERSION MinVersion; 80 | API_OS_VERSION RemovedInVersion; 81 | bool Available; 82 | bool ExpectedAvailable; 83 | void* Pointer; 84 | 85 | API_DATA(API_IDENTIFIER identifier, const char* lib, const char* name, API_OS_BITS bits, API_OS_VERSION minVersion, API_OS_VERSION removedInVersion) 86 | { 87 | Identifier = identifier; 88 | Library = lib; 89 | EntryName = name; 90 | PlatformBits = bits; 91 | MinVersion = minVersion; 92 | RemovedInVersion = removedInVersion; 93 | Available = false; 94 | ExpectedAvailable = false; 95 | Pointer = nullptr; 96 | } 97 | }; 98 | 99 | const VERSION_FUNCTION_MAP VersionFunctionMap[] = { 100 | { API_OS_VERSION::NONE, nullptr }, 101 | { API_OS_VERSION::WIN_XP, IsWindowsXPOrGreater }, 102 | { API_OS_VERSION::WIN_XP_SP1, IsWindowsXPSP1OrGreater }, 103 | { API_OS_VERSION::WIN_XP_SP2, IsWindowsXPSP2OrGreater }, 104 | { API_OS_VERSION::WIN_XP_SP3, IsWindowsXPSP3OrGreater }, 105 | { API_OS_VERSION::WIN_VISTA, IsWindowsVistaOrGreater }, 106 | { API_OS_VERSION::WIN_VISTA_SP1, IsWindowsVistaSP1OrGreater }, 107 | { API_OS_VERSION::WIN_VISTA_SP2, IsWindowsVistaSP2OrGreater }, 108 | { API_OS_VERSION::WIN_7, IsWindows7OrGreater }, 109 | { API_OS_VERSION::WIN_7_SP1, IsWindows7SP1OrGreater }, 110 | { API_OS_VERSION::WIN_80, IsWindows8OrGreater }, 111 | { API_OS_VERSION::WIN_81, IsWindows8Point1OrGreater }, 112 | { API_OS_VERSION::WIN_10, IsWindows10OrGreater }, 113 | }; 114 | 115 | class API 116 | { 117 | private: 118 | static bool ShouldFunctionExistOnCurrentPlatform(API_OS_BITS bits, API_OS_VERSION minVersion, API_OS_VERSION removedInVersion); 119 | public: 120 | static void Init(); 121 | static void PrintAvailabilityReport(); 122 | static bool IsAvailable(API_IDENTIFIER api); 123 | static void* GetAPI(API_IDENTIFIER api); 124 | }; -------------------------------------------------------------------------------- /Loader/main/debug utils/ApiTypeDefs.cpp: -------------------------------------------------------------------------------- 1 | #include "pch.h" 2 | -------------------------------------------------------------------------------- /Loader/main/debug utils/ApiTypeDefs.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | typedef DWORD(NTAPI* pCsrGetId)(VOID); 4 | typedef UINT(WINAPI* pEnumSystemFirmwareTables)(DWORD, PVOID, DWORD); 5 | typedef UINT(WINAPI* pGetSystemFirmwareTable)(DWORD, DWORD, PVOID, DWORD); 6 | typedef void (WINAPI *pGetNativeSystemInfo)(LPSYSTEM_INFO); 7 | typedef BOOL(WINAPI *pGetProductInfo)(DWORD, DWORD, DWORD, DWORD, PDWORD); 8 | typedef BOOL(WINAPI *pIsWow64Process) (HANDLE, PBOOL); 9 | typedef DWORD(WINAPI * pRtlCreateUserThread)( 10 | IN HANDLE ProcessHandle, 11 | IN PSECURITY_DESCRIPTOR SecurityDescriptor, 12 | IN BOOL CreateSuspended, 13 | IN ULONG StackZeroBits, 14 | IN OUT PULONG StackReserved, 15 | IN OUT PULONG StackCommit, 16 | IN LPVOID StartAddress, 17 | IN LPVOID StartParameter, 18 | OUT HANDLE ThreadHandle, 19 | OUT LPVOID ClientID 20 | ); 21 | typedef NTSTATUS(WINAPI* pNtClose)(HANDLE); 22 | typedef NTSTATUS(WINAPI *pNtCreateDebugObject)(OUT PHANDLE, IN ACCESS_MASK, IN POBJECT_ATTRIBUTES, IN ULONG); 23 | typedef NTSTATUS(WINAPI *pNtCreateThreadEx)( 24 | OUT PHANDLE ThreadHandle, 25 | IN ACCESS_MASK DesiredAccess, 26 | IN OPTIONAL POBJECT_ATTRIBUTES ObjectAttributes, 27 | IN HANDLE ProcessHandle, 28 | IN PVOID StartRoutine, 29 | IN OPTIONAL PVOID Argument, 30 | IN ULONG CreateFlags, //THREAD_CREATE_FLAGS_* 31 | IN OPTIONAL ULONG_PTR ZeroBits, 32 | IN OPTIONAL SIZE_T StackSize, 33 | IN OPTIONAL SIZE_T MaximumStackSize, 34 | IN OPTIONAL PPS_ATTRIBUTE_LIST AttributeList 35 | ); 36 | typedef NTSTATUS(WINAPI *pNtDelayExecution)(IN BOOLEAN, IN PLARGE_INTEGER); 37 | typedef NTSTATUS(WINAPI *pNtQueryInformationProcess)(IN HANDLE, IN UINT, OUT PVOID, IN ULONG, OUT PULONG); 38 | typedef NTSTATUS(WINAPI *pNtQueryInformationThread)(HANDLE, UINT, PVOID, ULONG, PULONG); 39 | 40 | typedef NTSTATUS(NTAPI *pNtQueryLicenseValue)( 41 | IN PUNICODE_STRING ValueName, 42 | OUT OPTIONAL PULONG Type, 43 | OUT PVOID Data, 44 | IN ULONG DataSize, 45 | OUT PULONG ResultDataSize); 46 | 47 | typedef VOID (NTAPI *pRtlInitUnicodeString)( 48 | _Out_ PUNICODE_STRING DestinationString, 49 | _In_opt_ PCWSTR SourceString); 50 | 51 | typedef NTSTATUS(WINAPI *pNtQueryObject)(IN HANDLE, IN UINT, OUT PVOID, IN ULONG, OUT PULONG); 52 | typedef NTSTATUS(WINAPI *pNtQuerySystemInformation)(IN UINT, OUT PVOID, IN ULONG, OUT PULONG); 53 | typedef NTSTATUS(WINAPI *pNtSetInformationThread)(HANDLE, UINT, PVOID, ULONG); 54 | typedef NTSTATUS(WINAPI* pNtUnmapViewOfSection)(HANDLE ProcessHandle, PVOID BaseAddress); 55 | typedef NTSTATUS(WINAPI* pNtYieldExecution)(); 56 | typedef NTSTATUS(WINAPI* pRtlGetVersion)(RTL_OSVERSIONINFOEXW*); 57 | typedef ULONG (NTAPI* pRtlNtStatusToDosError)(IN NTSTATUS Status); 58 | typedef NTSTATUS(NTAPI * pNtWow64QueryInformationProcess64)( 59 | IN HANDLE ProcessHandle, 60 | ULONG ProcessInformationClass, 61 | OUT PVOID ProcessInformation, 62 | IN ULONG ProcessInformationLength, 63 | OUT PULONG ReturnLength OPTIONAL); 64 | typedef NTSTATUS(WINAPI *pNtWow64ReadVirtualMemory64)( 65 | HANDLE ProcessHandle, 66 | PVOID64 BaseAddress, 67 | PVOID Buffer, 68 | ULONGLONG BufferSize, 69 | PULONGLONG NumberOfBytesRead 70 | ); 71 | typedef NTSTATUS(NTAPI *pNtWow64QueryVirtualMemory64)( 72 | IN HANDLE ProcessHandle, 73 | IN PVOID64 BaseAddress, 74 | IN DWORD MemoryInformationClass, 75 | OUT PMEMORY_BASIC_INFORMATION64 MemoryInformation, 76 | IN ULONG64 Size, 77 | OUT PULONG64 ReturnLength OPTIONAL); 78 | typedef NTSTATUS(NTAPI *pLdrEnumerateLoadedModules)( 79 | IN BOOLEAN ReservedFlag, 80 | IN PLDR_ENUM_CALLBACK EnumProc, 81 | IN PVOID Context); 82 | typedef INT(NTAPI *pWudfIsAnyDebuggerPresent)(); 83 | typedef INT(NTAPI *pWudfIsKernelDebuggerPresent)(); 84 | typedef INT(NTAPI *pWudfIsUserDebuggerPresent)(); 85 | -------------------------------------------------------------------------------- /Loader/main/debug utils/CMemPtr.h: -------------------------------------------------------------------------------- 1 | /** 2 | * 3 | * WOW64Ext Library 4 | * 5 | * Copyright (c) 2014 ReWolf 6 | * http://blog.rewolf.pl/ 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published 10 | * by the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | * 21 | */ 22 | #pragma once 23 | 24 | class CMemPtr 25 | { 26 | private: 27 | void** m_ptr; 28 | bool watchActive; 29 | 30 | public: 31 | CMemPtr(void** ptr) : m_ptr(ptr), watchActive(true) {} 32 | 33 | ~CMemPtr() 34 | { 35 | if (*m_ptr && watchActive) 36 | { 37 | free(*m_ptr); 38 | *m_ptr = 0; 39 | } 40 | } 41 | 42 | void disableWatch() { watchActive = false; } 43 | }; 44 | 45 | #define WATCH(ptr) \ 46 | CMemPtr watch_##ptr((void**)&ptr) 47 | 48 | #define DISABLE_WATCH(ptr) \ 49 | watch_##ptr.disableWatch() 50 | -------------------------------------------------------------------------------- /Loader/main/debug utils/DebugUtils.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | BOOL IsWoW64(); 4 | PVOID64 GetPeb64(); 5 | BOOL Is_RegKeyValueExists(HKEY hKey, const TCHAR* lpSubKey, const TCHAR* lpValueName, const TCHAR* search_str); 6 | BOOL Is_RegKeyExists(HKEY hKey, const TCHAR* lpSubKey); 7 | BOOL check_mac_addr(const TCHAR* szMac); 8 | BOOL SetPrivilege(HANDLE, LPCTSTR, BOOL); 9 | BOOL SetDebugPrivileges(VOID); 10 | ULONG get_idt_base(); 11 | ULONG get_ldt_base(); 12 | ULONG get_gdt_base(); 13 | BOOL IsElevated(); 14 | BOOL find_str_in_data(PBYTE needle, size_t needleLen, PBYTE haystack, size_t haystackLen); 15 | UINT enum_system_firmware_tables(_In_ DWORD FirmwareTableProviderSignature, _Out_ PVOID pFirmwareTableBuffer, _In_ DWORD BufferSize); 16 | PBYTE get_system_firmware(_In_ DWORD signature, _In_ DWORD table, _Out_ PDWORD pBufferSize); 17 | bool attempt_to_read_memory(void* addr, void* buf, int size); 18 | bool attempt_to_read_memory_wow64(PVOID buffer, DWORD size, PVOID64 address); 19 | bool attempt_to_read_memory_wow64(PVOID buffer, DWORD size, ULONGLONG address); 20 | std::vector* enumerate_memory(); 21 | std::vector* enumerate_memory_wow64(); 22 | 23 | #define MALLOC(x) hash_HeapAlloc(hash_GetProcessHeap(), 0, x) 24 | #define FREE(x) hash_HeapFree(hash_GetProcessHeap(), 0, x) 25 | 26 | #if _WIN32 || _WIN64 27 | #if _WIN64 28 | #define ENV64BIT 29 | #else 30 | #define ENV32BIT 31 | #endif 32 | #endif -------------------------------------------------------------------------------- /Loader/main/debug utils/Hash.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 - 2018 Justas Masiulis 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #pragma once 18 | #define hashstr(name) khash(name) 19 | 20 | // hashing stuff 21 | struct hash_t 22 | { 23 | #define HASH_PRIME 16777619 24 | #define HASH_OFFSET 2166136261 25 | 26 | #define TOLOWER(c) (c >= 'A' && c <= 'Z' ? (c | (1 << 5)) : c) 27 | 28 | using value_type = unsigned long; 29 | constexpr static value_type offset = HASH_OFFSET; 30 | constexpr static value_type prime = HASH_PRIME; 31 | constexpr static unsigned long long prime64 = prime; 32 | 33 | FORCEINLINE constexpr static value_type single(value_type value, 34 | char c) noexcept 35 | { 36 | return static_cast( 37 | (value ^ TOLOWER(c)) * 38 | static_cast(prime)); 39 | } 40 | }; 41 | 42 | template 43 | FORCEINLINE constexpr hash_t::value_type khash(const CharT* str, hash_t::value_type value = hash_t::offset) noexcept 44 | { 45 | return (*str ? khash(str + 1, hash_t::single(value, *str)) : value); 46 | } 47 | 48 | template 49 | FORCEINLINE hash_t::value_type GetHash(const CharT* str) noexcept 50 | { 51 | hash_t::value_type value = hash_t::offset; 52 | 53 | for (;;) 54 | { 55 | auto c = *str++; 56 | if (!c) 57 | return value; 58 | value = hash_t::single(value, c); 59 | } 60 | } 61 | 62 | FORCEINLINE hash_t::value_type GetHash( 63 | const UNICODE_STRING& str) noexcept 64 | { 65 | auto first = str.Buffer; 66 | const auto last = first + (str.Length / sizeof(wchar_t)); 67 | auto value = hash_t::offset; 68 | for (; first != last; ++first) 69 | value = hash_t::single(value, static_cast(*first)); 70 | 71 | return value; 72 | } 73 | -------------------------------------------------------------------------------- /Loader/main/debug utils/Helpers.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include "gh_syscall.h" 4 | #include "Hash.h" 5 | 6 | inline void log() 7 | { 8 | } 9 | 10 | template 11 | void log(First&& message, Rest&& ...rest) 12 | { 13 | //std::cout << std::forward(message); 14 | log(std::forward(rest)...); 15 | } 16 | 17 | template 18 | 19 | inline PVOID _GetModuleHandle(void) noexcept 20 | { 21 | const auto pPeb = (nt::PPEB)__readgsqword(0x60); 22 | 23 | if (pPeb) 24 | { 25 | for (auto pListEntry = pPeb->Ldr->InLoadOrderModuleList.Flink; 26 | pListEntry != &pPeb->Ldr->InLoadOrderModuleList; 27 | pListEntry = pListEntry->Flink) 28 | { 29 | auto pEntry = CONTAINING_RECORD(pListEntry, nt::LDR_DATA_TABLE_ENTRY, InLoadOrderLinks); 30 | 31 | if (ModuleHash == NULL || GetHash(pEntry->BaseDllName) == ModuleHash) 32 | return pEntry->DllBase; 33 | } 34 | } 35 | 36 | return nullptr; 37 | } 38 | 39 | template 40 | inline PVOID _GetProcAddress(const PVOID ModuleBaseAddress) noexcept 41 | { 42 | PIMAGE_DOS_HEADER dos_header = reinterpret_cast(ModuleBaseAddress); 43 | PIMAGE_NT_HEADERS32 nt32 = nullptr; 44 | PIMAGE_NT_HEADERS64 nt64 = nullptr; 45 | PIMAGE_EXPORT_DIRECTORY export_directory = nullptr; 46 | 47 | LPWORD ordinal_table = nullptr; 48 | LPDWORD name_table = nullptr; 49 | LPDWORD function_table = nullptr; 50 | 51 | if (dos_header->e_magic != IMAGE_DOS_SIGNATURE) 52 | return nullptr; 53 | 54 | nt32 = reinterpret_cast(static_cast(ModuleBaseAddress) + dos_header->e_lfanew); 55 | nt64 = reinterpret_cast(static_cast(ModuleBaseAddress) + dos_header->e_lfanew); 56 | 57 | if (nt32->Signature != IMAGE_NT_SIGNATURE) 58 | return nullptr; 59 | 60 | if (nt32->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR64_MAGIC) 61 | { 62 | export_directory = reinterpret_cast(static_cast(ModuleBaseAddress) + 63 | nt32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress); 64 | } 65 | else 66 | { 67 | export_directory = reinterpret_cast(static_cast(ModuleBaseAddress) + 68 | nt64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress); 69 | } 70 | 71 | function_table = reinterpret_cast(static_cast(ModuleBaseAddress) + export_directory-> 72 | AddressOfFunctions); 73 | name_table = reinterpret_cast(static_cast(ModuleBaseAddress) + export_directory->AddressOfNames); 74 | ordinal_table = reinterpret_cast(static_cast(ModuleBaseAddress) + export_directory-> 75 | AddressOfNameOrdinals); 76 | 77 | for (SIZE_T i = 0; i < export_directory->NumberOfNames; ++i) 78 | { 79 | const auto function_name = reinterpret_cast(ModuleBaseAddress) + static_cast(name_table[i]); 80 | if (GetHash(function_name) == FunctionHash) 81 | return reinterpret_cast(static_cast(ModuleBaseAddress) + function_table[ordinal_table[i]]); 82 | } 83 | 84 | return nullptr; 85 | } 86 | 87 | template 88 | NTSTATUS RemapNtModule(PVOID* BaseAddress) noexcept 89 | { 90 | NTSTATUS status = STATUS_NOT_SUPPORTED; 91 | HANDLE sectionHandle = nullptr; 92 | SIZE_T viewSize = NULL; 93 | UNICODE_STRING usSectionName{}; 94 | OBJECT_ATTRIBUTES objAttrib{}; 95 | 96 | switch (ModuleHash) 97 | { 98 | case hashstr("kernel32.dll"): 99 | RtlInitUnicodeString(&usSectionName, xorstr_(L"\\KnownDlls\\kernel32.dll")); 100 | break; 101 | case hashstr("kernelbase.dll"): 102 | RtlInitUnicodeString(&usSectionName, xorstr_(L"\\KnownDlls\\kernelbase.dll")); 103 | break; 104 | case hashstr("ntdll.dll"): 105 | RtlInitUnicodeString(&usSectionName, xorstr_(L"\\KnownDlls\\ntdll.dll")); 106 | break; 107 | case hashstr("win32u.dll"): 108 | RtlInitUnicodeString(&usSectionName, xorstr_(L"\\KnownDlls\\win32u.dll")); 109 | break; 110 | default: 111 | return status; 112 | } 113 | 114 | InitializeObjectAttributes(&objAttrib, &usSectionName, OBJ_CASE_INSENSITIVE, NULL, NULL); 115 | 116 | status = NtFunctionCall(NtOpenSection)(§ionHandle, SECTION_MAP_READ, &objAttrib); 117 | if (!NT_SUCCESS(status)) 118 | { 119 | print("NtOpenSection failed: %llx", status); 120 | return status; 121 | } 122 | 123 | status = NtFunctionCall(NtMapViewOfSection)(sectionHandle, NtCurrentProcess(), BaseAddress, NULL, NULL, nullptr, 124 | &viewSize, nt::SECTION_INHERIT::ViewShare, NULL, PAGE_READONLY); 125 | if (!NT_SUCCESS(status)) 126 | { 127 | print("NtMapViewOfSection failed: %llx", status); 128 | return status; 129 | } 130 | 131 | if (sectionHandle) 132 | { 133 | status = ScClose(sectionHandle); 134 | if (!NT_SUCCESS(status)) 135 | { 136 | print("NtClose syscall failed: %llx", status); 137 | return status; 138 | } 139 | } 140 | 141 | return status; 142 | } 143 | 144 | using NtYieldExecution = NTSTATUS(NTAPI*)(); 145 | using NtSetInformationThread = NTSTATUS(NTAPI*)(); 146 | using NtSetInformationProcess = NTSTATUS(NTAPI*)(); 147 | using NtQuerySystemInformation_t = NTSTATUS(NTAPI*)(); 148 | using NtQueryInformationProcess_t = NTSTATUS(NTAPI*)(); 149 | using NtQueryObject_t = NTSTATUS(NTAPI*)(); 150 | using NtCreateThreadEx = NTSTATUS(NTAPI*)(); 151 | using NtSetDebugFilterState = NTSTATUS(NTAPI*)(); 152 | using NtClose_t = NTSTATUS(NTAPI*)(); 153 | using NtQueryPerformanceCounter_t = NTSTATUS(NTAPI*)(); 154 | using NtGetContextThread_t = NTSTATUS(NTAPI*)(); 155 | using NtSetContextThread_t = NTSTATUS(NTAPI*)(); 156 | using NtQuerySystemTime_t = NTSTATUS(NTAPI*)(OUT PLARGE_INTEGER SystemTime); 157 | using GetTickCount_t = DWORD(WINAPI*)(); 158 | using GetTickCount64_t = ULONGLONG(WINAPI*)(); 159 | using OutputDebugStringA_t = DWORD(WINAPI*)(LPCSTR lpOutputString); 160 | using GetSystemTime_t = void (WINAPI*)(LPSYSTEMTIME lpSystemTime); 161 | using GetLocalTime_t = void (WINAPI*)(LPSYSTEMTIME lpSystemTime); 162 | -------------------------------------------------------------------------------- /Loader/main/debug utils/Helpers2.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #define _WIN32_WINNT 0x0400 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | 9 | -------------------------------------------------------------------------------- /Loader/main/debug utils/MurmurHash2A.cpp: -------------------------------------------------------------------------------- 1 | #include "pch.h" 2 | #include "MurmurHash2A.h" 3 | 4 | #define mmix(h,k) { k *= m; k ^= k >> r; k *= m; h *= m; h ^= k; } 5 | 6 | unsigned int MurmurHash2A(const void* key, int len, unsigned int seed) 7 | { 8 | const unsigned int m = 0x5bd1e995; 9 | const auto r = 24; 10 | unsigned int l = len; 11 | auto data = static_cast(key); 12 | 13 | auto h = seed; 14 | unsigned int k; 15 | 16 | while (len >= 4) 17 | { 18 | k = *(unsigned int*)data; 19 | 20 | mmix(h, k); 21 | 22 | data += 4; 23 | len -= 4; 24 | } 25 | 26 | unsigned int t = 0; 27 | 28 | switch (len) 29 | { 30 | case 3: t ^= data[2] << 16; 31 | case 2: t ^= data[1] << 8; 32 | case 1: t ^= data[0]; 33 | }; 34 | 35 | mmix(h, t); 36 | mmix(h, l); 37 | 38 | h ^= h >> 13; 39 | h *= m; 40 | h ^= h >> 15; 41 | 42 | return h; 43 | } 44 | -------------------------------------------------------------------------------- /Loader/main/debug utils/MurmurHash2A.h: -------------------------------------------------------------------------------- 1 | #ifndef MURMURHASH_H 2 | #define MURMURHASH_H 3 | 4 | /* 5 | * MurmurHash2A - Процедура хеширования по алгоритму MurmurHash2A (https://ru.wikipedia.org/wiki/MurmurHash2) 6 | * Аргументы: 7 | * const void *key - Указатель на буфер, который будем хешировать. 8 | * int len - Длина буфера. 9 | * unsigned int seed - Начальное значения для инициализации 10 | */ 11 | 12 | unsigned int MurmurHash2A(const void* key, int len, unsigned int seed); 13 | 14 | #endif //MURMURHASH_H 15 | -------------------------------------------------------------------------------- /Loader/main/debug utils/ScyllaHideDetector.h: -------------------------------------------------------------------------------- 1 | #include "pch.h" 2 | 3 | extern __forceinline void ntdll_unhooking(); 4 | extern __forceinline void kernelbase_unhooking(); -------------------------------------------------------------------------------- /Loader/main/debug utils/VersionHelpers.h: -------------------------------------------------------------------------------- 1 | /****************************************************************** 2 | * * 3 | * VersionHelpers.h -- This module defines helper functions to * 4 | * promote version check with proper * 5 | * comparisons. * 6 | * * 7 | * Copyright (c) Microsoft Corp. All rights reserved. * 8 | * * 9 | ******************************************************************/ 10 | #pragma once 11 | 12 | #include "winapifamily.h" 13 | 14 | #ifdef _MSC_VER 15 | #pragma once 16 | #endif // _MSC_VER 17 | 18 | #pragma region Application Family 19 | #if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) 20 | 21 | #include // for _In_, etc. 22 | 23 | #if !defined(__midl) && !defined(SORTPP_PASS) 24 | 25 | #if (NTDDI_VERSION >= NTDDI_WINXP) 26 | 27 | #ifdef __cplusplus 28 | 29 | #define VERSIONHELPERAPI inline bool 30 | 31 | #else // __cplusplus 32 | 33 | #define VERSIONHELPERAPI FORCEINLINE BOOL 34 | 35 | #endif // __cplusplus 36 | 37 | VERSIONHELPERAPI 38 | IsWindowsVersionOrGreater(WORD wMajorVersion, WORD wMinorVersion, WORD wServicePackMajor) 39 | { 40 | OSVERSIONINFOEXW osvi = { sizeof(osvi), 0, 0, 0, 0, {0}, 0, 0 }; 41 | DWORDLONG const dwlConditionMask = VerSetConditionMask( 42 | VerSetConditionMask( 43 | VerSetConditionMask( 44 | 0, VER_MAJORVERSION, VER_GREATER_EQUAL), 45 | VER_MINORVERSION, VER_GREATER_EQUAL), 46 | VER_SERVICEPACKMAJOR, VER_GREATER_EQUAL); 47 | 48 | osvi.dwMajorVersion = wMajorVersion; 49 | osvi.dwMinorVersion = wMinorVersion; 50 | osvi.wServicePackMajor = wServicePackMajor; 51 | 52 | return VerifyVersionInfoW(&osvi, VER_MAJORVERSION | VER_MINORVERSION | VER_SERVICEPACKMAJOR, dwlConditionMask) != FALSE; 53 | } 54 | 55 | VERSIONHELPERAPI 56 | IsWindowsVersionOrLesser(WORD wMajorVersion, WORD wMinorVersion, WORD wServicePackMajor) 57 | { 58 | OSVERSIONINFOEXW osvi = { sizeof(osvi), 0, 0, 0, 0, { 0 }, 0, 0 }; 59 | DWORDLONG const dwlConditionMask = VerSetConditionMask( 60 | VerSetConditionMask( 61 | 0, VER_MAJORVERSION, VER_EQUAL), 62 | VER_MINORVERSION, VER_LESS_EQUAL); 63 | 64 | osvi.dwMajorVersion = wMajorVersion; 65 | osvi.dwMinorVersion = wMinorVersion; 66 | osvi.wServicePackMajor = wServicePackMajor; 67 | 68 | return VerifyVersionInfoW(&osvi, VER_MAJORVERSION | VER_MINORVERSION, dwlConditionMask) != FALSE; 69 | } 70 | 71 | VERSIONHELPERAPI 72 | IsWindowsXPOrGreater() 73 | { 74 | return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINXP), LOBYTE(_WIN32_WINNT_WINXP), 0); 75 | } 76 | 77 | VERSIONHELPERAPI 78 | IsWindowsXPSP1OrGreater() 79 | { 80 | return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINXP), LOBYTE(_WIN32_WINNT_WINXP), 1); 81 | } 82 | 83 | VERSIONHELPERAPI 84 | IsWindowsXPSP2OrGreater() 85 | { 86 | return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINXP), LOBYTE(_WIN32_WINNT_WINXP), 2); 87 | } 88 | 89 | VERSIONHELPERAPI 90 | IsWindowsXPSP3OrGreater() 91 | { 92 | return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINXP), LOBYTE(_WIN32_WINNT_WINXP), 3); 93 | } 94 | 95 | VERSIONHELPERAPI 96 | IsWindowsVistaOrGreater() 97 | { 98 | return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_VISTA), LOBYTE(_WIN32_WINNT_VISTA), 0); 99 | } 100 | 101 | VERSIONHELPERAPI 102 | IsWindowsVistaSP1OrGreater() 103 | { 104 | return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_VISTA), LOBYTE(_WIN32_WINNT_VISTA), 1); 105 | } 106 | 107 | VERSIONHELPERAPI 108 | IsWindowsVistaSP2OrGreater() 109 | { 110 | return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_VISTA), LOBYTE(_WIN32_WINNT_VISTA), 2); 111 | } 112 | 113 | VERSIONHELPERAPI 114 | IsWindows7OrGreater() 115 | { 116 | return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WIN7), LOBYTE(_WIN32_WINNT_WIN7), 0); 117 | } 118 | 119 | VERSIONHELPERAPI 120 | IsWindows7SP1OrGreater() 121 | { 122 | return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WIN7), LOBYTE(_WIN32_WINNT_WIN7), 1); 123 | } 124 | 125 | VERSIONHELPERAPI 126 | IsWindows8OrGreater() 127 | { 128 | return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WIN8), LOBYTE(_WIN32_WINNT_WIN8), 0); 129 | } 130 | 131 | VERSIONHELPERAPI 132 | IsWindows8Point1OrGreater() 133 | { 134 | return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINBLUE), LOBYTE(_WIN32_WINNT_WINBLUE), 0); 135 | } 136 | 137 | VERSIONHELPERAPI 138 | IsWindows10OrGreater() 139 | { 140 | return IsWindowsVersionOrGreater(10, 0, 0); 141 | } 142 | 143 | VERSIONHELPERAPI 144 | IsWindowsServer() 145 | { 146 | OSVERSIONINFOEXW osvi = { sizeof(osvi), 0, 0, 0, 0, {0}, 0, 0, 0, VER_NT_WORKSTATION }; 147 | DWORDLONG const dwlConditionMask = VerSetConditionMask( 0, VER_PRODUCT_TYPE, VER_EQUAL ); 148 | 149 | return !VerifyVersionInfoW(&osvi, VER_PRODUCT_TYPE, dwlConditionMask); 150 | } 151 | 152 | 153 | 154 | VERSIONHELPERAPI 155 | IsWindowsXPOr2k() 156 | { 157 | return IsWindowsVersionOrLesser(HIBYTE(_WIN32_WINNT_WINXP), LOBYTE(_WIN32_WINNT_WINXP), 0); 158 | } 159 | 160 | 161 | #endif // NTDDI_VERSION 162 | 163 | #endif // defined(__midl) 164 | 165 | #endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) */ 166 | #pragma endregion 167 | -------------------------------------------------------------------------------- /Loader/main/debug utils/WinStructs.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | typedef struct _LDR_MODULE { 4 | LIST_ENTRY InLoadOrderModuleList; 5 | LIST_ENTRY InMemoryOrderModuleList; 6 | LIST_ENTRY InInitializationOrderModuleList; 7 | PVOID BaseAddress; 8 | PVOID EntryPoint; 9 | ULONG SizeOfImage; 10 | UNICODE_STRING FullDllName; 11 | UNICODE_STRING BaseDllName; 12 | ULONG Flags; 13 | SHORT LoadCount; 14 | SHORT TlsIndex; 15 | LIST_ENTRY HashTableEntry; 16 | ULONG TimeDateStamp; 17 | } LDR_MODULE, *PLDR_MODULE; 18 | 19 | typedef LONG KPRIORITY; 20 | 21 | typedef struct _THREAD_BASIC_INFORMATION { 22 | NTSTATUS ExitStatus; 23 | PVOID TebBaseAddress; 24 | CLIENT_ID ClientId; 25 | KAFFINITY AffinityMask; 26 | KPRIORITY Priority; 27 | KPRIORITY BasePriority; 28 | } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION; 29 | 30 | typedef struct _PROCESS_BASIC_INFORMATION_WOW64 { 31 | PVOID Reserved1[2]; 32 | PVOID64 PebBaseAddress; 33 | PVOID Reserved2[4]; 34 | ULONG_PTR UniqueProcessId[2]; 35 | PVOID Reserved3[2]; 36 | } PROCESS_BASIC_INFORMATION_WOW64; 37 | 38 | typedef struct _PEB64 { 39 | BYTE Reserved1[2]; 40 | BYTE BeingDebugged; 41 | BYTE Reserved2[1]; 42 | PVOID64 Reserved3[2]; 43 | PVOID64 Ldr; 44 | PVOID64 ProcessParameters; 45 | BYTE Reserved4[104]; 46 | PVOID64 Reserved5[52]; 47 | PVOID64 PostProcessInitRoutine; 48 | BYTE Reserved6[128]; 49 | PVOID64 Reserved7[1]; 50 | ULONG SessionId; 51 | } PEB64, *PPEB64; 52 | 53 | typedef struct _PEB_LDR_DATA64 { 54 | BYTE Reserved1[8]; 55 | PVOID64 Reserved2[3]; 56 | LIST_ENTRY64 InMemoryOrderModuleList; 57 | } PEB_LDR_DATA64, *PPEB_LDR_DATA64; 58 | 59 | typedef struct _UNICODE_STRING64 { 60 | USHORT Length; 61 | USHORT MaximumLength; 62 | PVOID64 Buffer; 63 | } UNICODE_STRING64; 64 | 65 | typedef struct _LDR_DATA_TABLE_ENTRY64 { 66 | PVOID64 Reserved1[2]; 67 | LIST_ENTRY64 InMemoryOrderLinks; 68 | PVOID64 Reserved2[2]; 69 | PVOID64 DllBase; 70 | PVOID64 Reserved3[2]; 71 | UNICODE_STRING64 FullDllName; 72 | BYTE Reserved4[8]; 73 | PVOID64 Reserved5[3]; 74 | union { 75 | ULONG CheckSum; 76 | PVOID64 Reserved6; 77 | } DUMMYUNIONNAME; 78 | ULONG TimeDateStamp; 79 | } LDR_DATA_TABLE_ENTRY64, *PLDR_DATA_TABLE_ENTRY64; 80 | 81 | /*++ NtCreateThreadEx specific */ 82 | 83 | typedef struct _PS_ATTRIBUTE { 84 | ULONG Attribute; 85 | SIZE_T Size; 86 | union 87 | { 88 | ULONG Value; 89 | PVOID ValuePtr; 90 | } u1; 91 | PSIZE_T ReturnLength; 92 | } PS_ATTRIBUTE, *PPS_ATTRIBUTE; 93 | 94 | typedef struct _PS_ATTRIBUTE_LIST { 95 | SIZE_T TotalLength; 96 | PS_ATTRIBUTE Attributes[1]; 97 | } PS_ATTRIBUTE_LIST, *PPS_ATTRIBUTE_LIST; 98 | 99 | #define PS_ATTRIBUTE_NUMBER_MASK 0x0000ffff 100 | #define PS_ATTRIBUTE_THREAD 0x00010000 101 | #define PS_ATTRIBUTE_INPUT 0x00020000 102 | #define PS_ATTRIBUTE_ADDITIVE 0x00040000 103 | 104 | #define PsAttributeValue(Number, Thread, Input, Additive) \ 105 | (((Number) & PS_ATTRIBUTE_NUMBER_MASK) | \ 106 | ((Thread) ? PS_ATTRIBUTE_THREAD : 0) | \ 107 | ((Input) ? PS_ATTRIBUTE_INPUT : 0) | \ 108 | ((Additive) ? PS_ATTRIBUTE_ADDITIVE : 0)) 109 | 110 | typedef enum _PS_ATTRIBUTE_NUM { 111 | PsAttributeClientId = 3, 112 | } PS_ATTRIBUTE_NUM; 113 | 114 | #define PS_ATTRIBUTE_CLIENT_ID \ 115 | PsAttributeValue(PsAttributeClientId, TRUE, FALSE, FALSE) 116 | 117 | /* NtCreateThreadEx specific --*/ 118 | 119 | 120 | typedef VOID(NTAPI LDR_ENUM_CALLBACK)(_In_ PLDR_DATA_TABLE_ENTRY ModuleInformation, _In_ PVOID Parameter, _Out_ BOOLEAN *Stop); 121 | typedef LDR_ENUM_CALLBACK *PLDR_ENUM_CALLBACK; 122 | -------------------------------------------------------------------------------- /Loader/main/debug utils/XorStr.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 - 2018 Justas Masiulis 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef JM_XORSTR_HPP 18 | #define JM_XORSTR_HPP 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | 25 | #define xorstr(str) \ 26 | ::jm::make_xorstr( \ 27 | []() { \ 28 | struct { \ 29 | const std::decay_t* value = str; \ 30 | } a; \ 31 | return a; \ 32 | }(), \ 33 | std::make_index_sequence{}, \ 34 | std::make_index_sequence<::jm::detail::_buffer_size()>{}) 35 | 36 | #define xorstr_(str) xorstr(str).crypt_get() 37 | 38 | #ifdef _MSC_VER 39 | #define XORSTR_FORCEINLINE __forceinline 40 | #else 41 | #define XORSTR_FORCEINLINE __attribute__((always_inline)) 42 | #endif 43 | 44 | // you can define this macro to get possibly faster code on gcc/clang 45 | // at the expense of constants being put into data section. 46 | #if !defined(XORSTR_ALLOW_DATA) 47 | // MSVC - no volatile 48 | // GCC and clang - volatile everywhere 49 | #if defined(__clang__) || defined(__GNUC__) 50 | #define XORSTR_VOLATILE volatile 51 | #endif 52 | 53 | #endif 54 | #ifndef XORSTR_VOLATILE 55 | #define XORSTR_VOLATILE 56 | #endif 57 | 58 | namespace jm 59 | { 60 | namespace detail 61 | { 62 | template 63 | struct unsigned_; 64 | 65 | template <> 66 | struct unsigned_<1> 67 | { 68 | using type = std::uint8_t; 69 | }; 70 | 71 | template <> 72 | struct unsigned_<2> 73 | { 74 | using type = std::uint16_t; 75 | }; 76 | 77 | template <> 78 | struct unsigned_<4> 79 | { 80 | using type = std::uint32_t; 81 | }; 82 | 83 | template 84 | struct pack_value_type 85 | { 86 | using type = decltype(C); 87 | }; 88 | 89 | template 90 | constexpr std::size_t _buffer_size() 91 | { 92 | return ((Size / 16) + (Size % 16 != 0)) * 2; 93 | } 94 | 95 | template 96 | struct tstring_ 97 | { 98 | using value_type = typename pack_value_type::type; 99 | constexpr static std::size_t size = sizeof...(Cs); 100 | constexpr static value_type str[size] = {Cs...}; 101 | 102 | constexpr static std::size_t buffer_size = _buffer_size(); 103 | constexpr static std::size_t buffer_align = 104 | #ifndef JM_XORSTR_DISABLE_AVX_INTRINSICS 105 | ((sizeof(str) > 16) ? 32 : 16); 106 | #else 107 | 16; 108 | #endif 109 | }; 110 | 111 | template 112 | constexpr std::uint32_t key4() noexcept 113 | { 114 | std::uint32_t value = Seed; 115 | for (char c : __TIME__) 116 | value = static_cast((value ^ c) * 16777619ull); 117 | return value; 118 | } 119 | 120 | template 121 | constexpr std::uint64_t key8() 122 | { 123 | constexpr auto first_part = key4<2166136261 + S>(); 124 | constexpr auto second_part = key4(); 125 | return (static_cast(first_part) << 32) | second_part; 126 | } 127 | 128 | // clang and gcc try really hard to place the constants in data 129 | // sections. to counter that there was a need to create an intermediate 130 | // constexpr string and then copy it into a non constexpr container with 131 | // volatile storage so that the constants would be placed directly into 132 | // code. 133 | template 134 | struct string_storage 135 | { 136 | std::uint64_t storage[T::buffer_size]; 137 | 138 | XORSTR_FORCEINLINE constexpr string_storage() noexcept : storage{Keys...} 139 | { 140 | using cast_type = 141 | typename unsigned_::type; 142 | constexpr auto value_size = sizeof(typename T::value_type); 143 | // puts the string into 64 bit integer blocks in a constexpr 144 | // fashion 145 | for (std::size_t i = 0; i < T::size; ++i) 146 | storage[i / (8 / value_size)] ^= 147 | (std::uint64_t{static_cast(T::str[i])} 148 | << ((i % (8 / value_size)) * 8 * value_size)); 149 | } 150 | }; 151 | } // namespace detail 152 | 153 | template 154 | class xor_string 155 | { 156 | alignas(T::buffer_align) XORSTR_VOLATILE std::uint64_t _storage[T::buffer_size]; 157 | 158 | template 159 | XORSTR_FORCEINLINE void _crypt(XORSTR_VOLATILE std::uint64_t* keys) noexcept 160 | { 161 | if constexpr (T::buffer_size > N) 162 | { 163 | #ifndef JM_XORSTR_DISABLE_AVX_INTRINSICS 164 | if constexpr ((T::buffer_size - N) >= 4) { 165 | _mm256_store_si256( 166 | (__m256i*)(_storage + N), 167 | _mm256_xor_si256( 168 | _mm256_load_si256((const __m256i*)(_storage + N)), 169 | _mm256_load_si256((const __m256i*)(keys + N)))); 170 | _crypt(keys); 171 | } 172 | else 173 | #endif 174 | { 175 | _mm_store_si128( 176 | (__m128i*)(_storage + N), 177 | _mm_xor_si128(_mm_load_si128((const __m128i*)(_storage + N)), 178 | _mm_load_si128((const __m128i*)(keys + N)))); 179 | _crypt(keys); 180 | } 181 | } 182 | } 183 | 184 | XORSTR_FORCEINLINE constexpr void _copy_single(XORSTR_VOLATILE std::uint64_t& dst, 185 | std::uint64_t val) noexcept 186 | { 187 | dst = val; 188 | } 189 | 190 | // loop generates vectorized code which places constants in data dir 191 | template 192 | XORSTR_FORCEINLINE constexpr void _copy(std::index_sequence) noexcept 193 | { 194 | constexpr detail::string_storage storage; 195 | (_copy_single(_storage[Indices], storage.storage[Indices]), ...); 196 | } 197 | 198 | template 199 | XORSTR_FORCEINLINE constexpr void _copy_keys( 200 | XORSTR_VOLATILE std::uint64_t* keys, std::index_sequence) noexcept 201 | { 202 | (_copy_single(keys[Indices], Keys), ...); 203 | } 204 | 205 | public: 206 | using value_type = typename T::value_type; 207 | using size_type = std::size_t; 208 | using pointer = value_type *; 209 | using const_pointer = const pointer; 210 | 211 | XORSTR_FORCEINLINE xor_string() noexcept 212 | { 213 | _copy(std::make_index_sequence{}); 214 | } 215 | 216 | XORSTR_FORCEINLINE constexpr size_type size() const noexcept 217 | { 218 | return T::size - 1; 219 | } 220 | 221 | XORSTR_FORCEINLINE void crypt() noexcept 222 | { 223 | alignas(T::buffer_align) XORSTR_VOLATILE std::uint64_t keys[T::buffer_size]; 224 | _copy_keys(keys, std::make_index_sequence()); 225 | _crypt<0>(keys); 226 | } 227 | 228 | XORSTR_FORCEINLINE const_pointer get() const noexcept 229 | { 230 | // C casts are used because buffer may or may not be volatile 231 | return (const_pointer)(_storage); 232 | } 233 | 234 | XORSTR_FORCEINLINE const_pointer crypt_get() noexcept 235 | { 236 | crypt(); 237 | // C casts are used because buffer may or may not be volatile 238 | return (const_pointer)(_storage); 239 | } 240 | }; 241 | 242 | template 243 | XORSTR_FORCEINLINE constexpr auto make_xorstr(Tstr, 244 | std::index_sequence, 245 | std::index_sequence) noexcept 246 | { 247 | return xor_string< 248 | detail::tstring_, 249 | detail::key8()...>{}; 250 | } 251 | } // namespace jm 252 | 253 | #endif // include guard 254 | -------------------------------------------------------------------------------- /Loader/main/debug utils/crc32.cpp: -------------------------------------------------------------------------------- 1 | #include "pch.h" 2 | #include "crc32.h" 3 | 4 | #define CRC32C(c,d) (c=(c>>8)^crc_c[(c^(d))&0xFF]) 5 | 6 | static const unsigned int crc_c[256] = { 7 | 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 8 | 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, 9 | 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 10 | 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 11 | 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, 12 | 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 13 | 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 14 | 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, 15 | 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, 16 | 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 17 | 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 18 | 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, 19 | 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 20 | 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, 21 | 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, 22 | 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 23 | 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, 24 | 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, 25 | 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 26 | 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, 27 | 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 28 | 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 29 | 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, 30 | 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, 31 | 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 32 | 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 33 | 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, 34 | 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 35 | 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, 36 | 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, 37 | 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 38 | 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 39 | 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, 40 | 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 41 | 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, 42 | 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 43 | 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 44 | 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, 45 | 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, 46 | 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 47 | 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 48 | 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, 49 | 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 50 | 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, 51 | 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, 52 | 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 53 | 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 54 | 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, 55 | 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 56 | 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, 57 | 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 58 | 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 59 | 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, 60 | 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, 61 | 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 62 | 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 63 | 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, 64 | 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 65 | 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, 66 | 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, 67 | 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 68 | 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, 69 | 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, 70 | 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d, 71 | }; 72 | 73 | 74 | unsigned int crc32(const void *buffer, unsigned int len) { 75 | unsigned int i; 76 | unsigned int crc32 = ~0L; 77 | 78 | for (i = 0; i < len; i++){ 79 | CRC32C(crc32, ((const unsigned char *)buffer)[i]); 80 | } 81 | return ~crc32; 82 | } 83 | -------------------------------------------------------------------------------- /Loader/main/debug utils/crc32.h: -------------------------------------------------------------------------------- 1 | #if !defined(__crc32cr_table_h__) 2 | #define __crc32cr_table_h__ 3 | 4 | #if _MSC_VER > 1000 5 | #pragma once 6 | #endif // _MSC_VER > 1000 7 | 8 | 9 | unsigned int crc32(const void *buffer, unsigned int len); 10 | 11 | BOOL CRC32File(LPCTSTR lpszFileName, unsigned char digest[16]); 12 | 13 | #endif 14 | -------------------------------------------------------------------------------- /Loader/main/debug utils/export_work.cpp: -------------------------------------------------------------------------------- 1 | #include "pch.h" 2 | #include "MurmurHash2A.h" 3 | #include "hash_work.h" 4 | #include "export_work.h" 5 | #include "XorStr.h" 6 | #include 7 | 8 | /* 9 | Для запуска функции LoadLibraryA из хеша, её выносить в модуль hash_work нестал, т.к. это нужно в этом модуле 10 | */ 11 | 12 | static HMODULE (WINAPI* temp_LoadLibraryA_static)(__in LPCSTR file_name) = nullptr; 13 | 14 | static HMODULE hash_LoadLibraryA_static(__in LPCSTR file_name) 15 | { 16 | return temp_LoadLibraryA_static(file_name); 17 | } 18 | 19 | static LPVOID parse_export_table(HMODULE module, DWORD api_hash, int len, unsigned int seed) 20 | { 21 | PIMAGE_DOS_HEADER img_dos_header; 22 | PIMAGE_NT_HEADERS img_nt_header; 23 | PIMAGE_EXPORT_DIRECTORY in_export; 24 | 25 | img_dos_header = (PIMAGE_DOS_HEADER)module; 26 | img_nt_header = (PIMAGE_NT_HEADERS)((DWORD_PTR)img_dos_header + img_dos_header->e_lfanew); 27 | in_export = (PIMAGE_EXPORT_DIRECTORY)((DWORD_PTR)img_dos_header + img_nt_header->OptionalHeader.DataDirectory[ 28 | IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress); 29 | 30 | PDWORD rva_name; 31 | PWORD rva_ordinal; 32 | 33 | rva_name = (PDWORD)((DWORD_PTR)img_dos_header + in_export->AddressOfNames); 34 | rva_ordinal = (PWORD)((DWORD_PTR)img_dos_header + in_export->AddressOfNameOrdinals); 35 | 36 | UINT ord = -1; 37 | char* api_name; 38 | unsigned int i; 39 | 40 | for (i = 0; i < in_export->NumberOfNames - 1; i++) 41 | { 42 | api_name = (PCHAR)((DWORD_PTR)img_dos_header + rva_name[i]); 43 | 44 | const int get_hash = MurmurHash2A(api_name, len, seed); 45 | 46 | if (api_hash == get_hash) 47 | { 48 | ord = static_cast(rva_ordinal[i]); 49 | break; 50 | } 51 | } 52 | 53 | const auto func_addr = (PDWORD)((DWORD_PTR)img_dos_header + in_export->AddressOfFunctions); 54 | const auto func_find = (LPVOID)((DWORD_PTR)img_dos_header + func_addr[ord]); 55 | 56 | return func_find; 57 | } 58 | int STRCMP_(const char *p1, const char *p2) 59 | { 60 | const unsigned char *s1 = (const unsigned char *)p1; 61 | const unsigned char *s2 = (const unsigned char *)p2; 62 | unsigned char c1, c2; 63 | do 64 | { 65 | c1 = (unsigned char)*s1++; 66 | c2 = (unsigned char)*s2++; 67 | if (c1 == '\0') 68 | return c1 - c2; 69 | } while (c1 == c2); 70 | return c1 - c2; 71 | } 72 | LPVOID get_api(DWORD api_hash, LPCSTR module, int len, unsigned int seed) 73 | { 74 | HMODULE krnl32, hDll; 75 | LPVOID api_func; 76 | 77 | #ifdef _WIN64 78 | const auto ModuleList = 0x18; 79 | const auto ModuleListFlink = 0x18; 80 | const auto KernelBaseAddr = 0x10; 81 | const INT_PTR peb = __readgsqword(0x60); 82 | #else 83 | int ModuleList = 0x0C; 84 | int ModuleListFlink = 0x10; 85 | int KernelBaseAddr = 0x10; 86 | INT_PTR peb = __readfsdword(0x30); 87 | #endif 88 | 89 | // Теперь получим адрес kernel32.dll 90 | 91 | const auto mdllist = *(INT_PTR*)(peb + ModuleList); 92 | const auto mlink = *(INT_PTR*)(mdllist + ModuleListFlink); 93 | auto krnbase = *(INT_PTR*)(mlink + KernelBaseAddr); 94 | 95 | auto mdl = (LDR_MODULE_*)mlink; 96 | do 97 | { 98 | mdl = (LDR_MODULE_*)mdl->e[0].Flink; 99 | 100 | if (mdl->base != nullptr) 101 | { 102 | const WCHAR* wc = mdl->dllname.Buffer; 103 | _bstr_t b(wc); 104 | const char* c = b; 105 | //if (!strcmp(c, "kernel32.dll") == 0) 106 | /*if (!KernelFunctionCall(lstrcmpiW)(mdl->dllname.Buffer, L"kernel32.dll")) 107 | { 108 | int das = 231; 109 | }*/ 110 | if (!KernelFunctionCall(lstrcmpiW)(mdl->dllname.Buffer, L"kernel32.dll")) 111 | { 112 | break; 113 | } 114 | } 115 | } 116 | while (mlink != (INT_PTR)mdl); 117 | 118 | krnl32 = static_cast(mdl->base); 119 | 120 | //Получаем адрес функции LoadLibraryA 121 | const int api_hash_LoadLibraryA = MurmurHash2A("LoadLibraryA", 12, 10); 122 | temp_LoadLibraryA_static = static_cast(parse_export_table(krnl32, api_hash_LoadLibraryA, 12, 10)); 123 | hDll = hash_LoadLibraryA_static(module); 124 | 125 | api_func = static_cast(parse_export_table(hDll, api_hash, len, seed)); 126 | return api_func; 127 | } 128 | -------------------------------------------------------------------------------- /Loader/main/debug utils/export_work.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | /* 3 | Здесь размещаются основные функции мотора: 4 | LPVOID get_api(DWORD api_hash, LPCSTR module) - Функция ищет хеш функции в нужном модуле и возвращает адрес скрытой функции 5 | */ 6 | #include 7 | 8 | //typedef struct _UNICODE_STRING 9 | //{ 10 | // USHORT Length; 11 | // USHORT MaximumLength; 12 | // PWSTR Buffer; 13 | //} UNICODE_STRING; 14 | // 15 | struct LDR_MODULE_ 16 | { 17 | LIST_ENTRY e[3]; 18 | HMODULE base; 19 | void* entry; 20 | UINT size; 21 | UNICODE_STRING dllPath; 22 | UNICODE_STRING dllname; 23 | }; 24 | 25 | LPVOID get_api(DWORD api_hash, LPCSTR module, int len, unsigned int seed); 26 | -------------------------------------------------------------------------------- /Loader/main/debug utils/gh_syscall.cpp: -------------------------------------------------------------------------------- 1 | #include "pch.h" 2 | #include "gh_syscall.h" 3 | 4 | void* TSyscall::pCodeLoc = nullptr; 5 | -------------------------------------------------------------------------------- /Loader/main/debug utils/gh_syscall.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | #include "nt_defs.h" 6 | #include "inttypes.h" 7 | 8 | // so you create your all your defs and all that jazz 9 | // and then jump to the bottom of this file and create 10 | // "ezCall" (tm) defines to one line these bad boys 11 | class TSyscall 12 | { 13 | static void* pCodeLoc; 14 | public: 15 | template 16 | static std::function GetInvoke(const char* sFunction, T * pAddress = nullptr) 17 | { 18 | if (!pCodeLoc) 19 | { 20 | pCodeLoc = hash_VirtualAlloc(nullptr, 0x1000, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); // if you really want to be sneaky you can scan for a code cave 21 | #ifdef _WIN64 22 | BYTE cb[] = { 0x4C, 0x8B, 0xD1, 0xB8, 0x00, 0x00, 0x00, 0x00, 0x0F, 0x05, 0xC3 }; 23 | auto size = ARRAYSIZE(cb); 24 | memcpy(pCodeLoc, cb, size); 25 | #endif 26 | } 27 | 28 | auto pStub = (DWORD*)hash_GetProcAddress(hash_GetModuleHandleW(L"ntdll.dll"), sFunction); // sneakier ways to do this too 29 | 30 | #ifdef _WIN64 31 | memcpy((DWORD*)pCodeLoc + 1, pStub + 1, sizeof(DWORD)); 32 | //printf("pStub = 0x%" PRIx64 "\n", (DWORD*)pStub); 33 | #else 34 | memcpy(pCodeLoc, pStub, 15); 35 | #endif 36 | return std::function((T*)pCodeLoc); 37 | } 38 | 39 | }; 40 | 41 | #define _sc(t, s) TSyscall::GetInvoke(s, (t)nullptr) 42 | 43 | #include "syscall_defs.h" -------------------------------------------------------------------------------- /Loader/main/debug utils/internal.h: -------------------------------------------------------------------------------- 1 | /** 2 | * 3 | * WOW64Ext Library 4 | * 5 | * Copyright (c) 2014 ReWolf 6 | * http://blog.rewolf.pl/ 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published 10 | * by the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | * 21 | */ 22 | #pragma once 23 | 24 | #define EMIT(a) __asm __emit (a) 25 | 26 | #define X64_Start_with_CS(_cs) \ 27 | { \ 28 | EMIT(0x6A) EMIT(_cs) /* push _cs */ \ 29 | EMIT(0xE8) EMIT(0) EMIT(0) EMIT(0) EMIT(0) /* call $+5 */ \ 30 | EMIT(0x83) EMIT(4) EMIT(0x24) EMIT(5) /* add dword [esp], 5 */ \ 31 | EMIT(0xCB) /* retf */ \ 32 | } 33 | 34 | #define X64_End_with_CS(_cs) \ 35 | { \ 36 | EMIT(0xE8) EMIT(0) EMIT(0) EMIT(0) EMIT(0) /* call $+5 */ \ 37 | EMIT(0xC7) EMIT(0x44) EMIT(0x24) EMIT(4) EMIT(_cs) EMIT(0) EMIT(0) EMIT(0) /* mov dword [rsp + 4], _cs */ \ 38 | EMIT(0x83) EMIT(4) EMIT(0x24) EMIT(0xD) /* add dword [rsp], 0xD */ \ 39 | EMIT(0xCB) /* retf */ \ 40 | } 41 | 42 | #define X64_Start() X64_Start_with_CS(0x33) 43 | #define X64_End() X64_End_with_CS(0x23) 44 | 45 | #define _RAX 0 46 | #define _RCX 1 47 | #define _RDX 2 48 | #define _RBX 3 49 | #define _RSP 4 50 | #define _RBP 5 51 | #define _RSI 6 52 | #define _RDI 7 53 | #define _R8 8 54 | #define _R9 9 55 | #define _R10 10 56 | #define _R11 11 57 | #define _R12 12 58 | #define _R13 13 59 | #define _R14 14 60 | #define _R15 15 61 | 62 | #define X64_Push(r) EMIT(0x48 | ((r) >> 3)) EMIT(0x50 | ((r) & 7)) 63 | #define X64_Pop(r) EMIT(0x48 | ((r) >> 3)) EMIT(0x58 | ((r) & 7)) 64 | 65 | #define REX_W EMIT(0x48) __asm 66 | 67 | //to fool M$ inline asm compiler I'm using 2 DWORDs instead of DWORD64 68 | //use of DWORD64 will generate wrong 'pop word ptr[]' and it will break stack 69 | union reg64 70 | { 71 | DWORD64 v; 72 | DWORD dw[2]; 73 | }; 74 | -------------------------------------------------------------------------------- /Loader/main/debug utils/ldasm.h: -------------------------------------------------------------------------------- 1 | #ifndef _LDASM_ 2 | #define _LDASM_ 3 | 4 | #include 5 | #include 6 | 7 | #define F_INVALID 0x01 8 | #define F_PREFIX 0x02 9 | #define F_REX 0x04 10 | #define F_MODRM 0x08 11 | #define F_SIB 0x10 12 | #define F_DISP 0x20 13 | #define F_IMM 0x40 14 | #define F_RELATIVE 0x80 15 | 16 | 17 | typedef struct _ldasm_data{ 18 | uint8_t flags; 19 | uint8_t rex; 20 | uint8_t modrm; 21 | uint8_t sib; 22 | uint8_t opcd_offset; 23 | uint8_t opcd_size; 24 | uint8_t disp_offset; 25 | uint8_t disp_size; 26 | uint8_t imm_offset; 27 | uint8_t imm_size; 28 | } ldasm_data; 29 | 30 | unsigned int ldasm(void *code, ldasm_data *ld, uint32_t is64); 31 | 32 | #endif /* _LDASM_ */ 33 | -------------------------------------------------------------------------------- /Loader/main/debug utils/pch.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idarlingid/rust-cheat-paste/25e2ae793d6a97b5158aa56a700e3418fd7ce284/Loader/main/debug utils/pch.h -------------------------------------------------------------------------------- /Loader/main/debug utils/winapifamily.h: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) Microsoft Corporation. All rights reserved. 4 | 5 | Module Name: 6 | 7 | winapifamily.h 8 | 9 | Abstract: 10 | 11 | Master include file for API family partitioning. 12 | 13 | */ 14 | 15 | #define _WIN32_WINNT_WIN8 0x0602 16 | #define _WIN32_WINNT_WINBLUE 0x0603 17 | 18 | #ifndef _INC_WINAPIFAMILY 19 | #define _INC_WINAPIFAMILY 20 | 21 | #if defined(_MSC_VER) && !defined(MOFCOMP_PASS) 22 | #pragma once 23 | #endif // defined(_MSC_VER) && !defined(MOFCOMP_PASS) 24 | 25 | /* 26 | * When compiling C and C++ code using SDK header files, the development 27 | * environment can specify a target platform by #define-ing the 28 | * pre-processor symbol WINAPI_FAMILY to one of the following values. 29 | * Each FAMILY value denotes an application family for which a different 30 | * subset of the total set of header-file-defined APIs are available. 31 | * Setting the WINAPI_FAMILY value will effectively hide from the 32 | * editing and compilation environments the existence of APIs that 33 | * are not applicable to the family of applications targeting a 34 | * specific platform. 35 | */ 36 | 37 | /* 38 | * The WINAPI_FAMILY values of 0 and 1 are reserved to ensure that 39 | * an error will occur if WINAPI_FAMILY is set to any 40 | * WINAPI_PARTITION value (which must be 0 or 1, see below). 41 | */ 42 | #define WINAPI_FAMILY_PC_APP 2 /* Windows Store Applications */ 43 | #define WINAPI_FAMILY_PHONE_APP 3 /* Windows Phone Applications */ 44 | #define WINAPI_FAMILY_DESKTOP_APP 100 /* Windows Desktop Applications */ 45 | /* The value of WINAPI_FAMILY_DESKTOP_APP may change in future SDKs. */ 46 | /* Additional WINAPI_FAMILY values may be defined in future SDKs. */ 47 | 48 | /* 49 | * For compatibility with Windows 8 header files, the following 50 | * synonym for WINAPI_FAMILY_PC_APP is temporarily #define'd. 51 | * Use of this symbol should be considered deprecated. 52 | */ 53 | #define WINAPI_FAMILY_APP WINAPI_FAMILY_PC_APP 54 | 55 | /* 56 | * If no WINAPI_FAMILY value is specified, then all APIs available to 57 | * Windows desktop applications are exposed. 58 | */ 59 | #ifndef WINAPI_FAMILY 60 | #define WINAPI_FAMILY WINAPI_FAMILY_DESKTOP_APP 61 | #endif 62 | 63 | /* 64 | * API PARTITONs are part of an indirection mechanism for mapping between 65 | * individual APIs and the FAMILYs to which they apply. 66 | * Each PARTITION is a category or subset of named APIs. PARTITIONs 67 | * are permitted to have overlapping membership -- some single API 68 | * might be part of more than one PARTITION. In support of new 69 | * FAMILYs that might be added in future SDKs, any single current 70 | * PARTITION might in that future SDK be split into two or more new PARTITIONs. 71 | * Accordingly, application developers should avoid taking dependencies on 72 | * PARTITION names; developers' only dependency upon the symbols defined 73 | * in this file should be their reliance on the WINAPI_FAMILY names and values. 74 | */ 75 | 76 | /* 77 | * Current PARTITIONS are each #undef'ed below, and then will be #define-ed 78 | * to be either 1 or 0 or depending on the active WINAPI_FAMILY. 79 | */ 80 | 81 | #undef WINAPI_PARTITION_DESKTOP /* usable for PC desktop apps (but not store apps) */ 82 | #undef WINAPI_PARTITION_APP /* usable for most platforms' store apps */ 83 | #undef WINAPI_PARTITION_PC_APP /* specific to PC store apps */ 84 | #undef WINAPI_PARTITION_PHONE_APP /* specific to phone store apps */ 85 | 86 | 87 | /* 88 | * The mapping between families and partitions is summarized here. 89 | * An X indicates that the given partition is active for the given 90 | * platform/family. 91 | * 92 | * +---------------+ 93 | * | *Partition* | 94 | * +---+---+---+---+ 95 | * | | | | P | 96 | * | | | | H | 97 | * | D | | | O | 98 | * | E | | P | N | 99 | * | S | | C | E | 100 | * | K | | _ | _ | 101 | * | T | A | A | A | 102 | * +-------------------------+-+ O | P | P | P | 103 | * | *Platform/Family* \| P | P | P | P | 104 | * +---------------------------+---+---+---+---+ 105 | * | WINAPI_FAMILY_DESKTOP_APP | X | X | X | | 106 | * +---------------------------+---+---+---+---+ 107 | * | WINAPI_FAMILY_PC_APP | | X | X | | 108 | * +---------------------------+---+---+---+---+ 109 | * | WINAPI_FAMILY_PHONE_APP | | X | | X | 110 | * +---------------------------+---+---+---+---+ 111 | * 112 | * The table above is encoded in the following expressions, 113 | * each of which evaluates to 1 or 0. 114 | * 115 | * Whenever a new family is added, all of these expressions 116 | * need to be reconsidered. 117 | */ 118 | #if WINAPI_FAMILY != WINAPI_FAMILY_DESKTOP_APP && WINAPI_FAMILY != WINAPI_FAMILY_PC_APP && WINAPI_FAMILY != WINAPI_FAMILY_PHONE_APP 119 | # error Unknown WINAPI_FAMILY value. Was it defined in terms of a WINAPI_PARTITION_* value? 120 | #endif 121 | #define WINAPI_PARTITION_DESKTOP (WINAPI_FAMILY == WINAPI_FAMILY_DESKTOP_APP) 122 | #define WINAPI_PARTITION_APP 1 /* active for all current families */ 123 | #define WINAPI_PARTITION_PC_APP (WINAPI_FAMILY == WINAPI_FAMILY_DESKTOP_APP || WINAPI_FAMILY == WINAPI_FAMILY_PC_APP) 124 | #define WINAPI_PARTITION_PHONE_APP (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP) 125 | 126 | /* 127 | * For compatibility with Windows Phone 8 header files, the following 128 | * synonym for WINAPI_PARTITION_PHONE_APP is temporarily #define'd. 129 | * Use of this symbol should be regarded as deprecated. 130 | */ 131 | #define WINAPI_PARTITION_PHONE WINAPI_PARTITION_PHONE_APP 132 | 133 | /* 134 | * Header files use the WINAPI_FAMILY_PARTITION macro to assign one or 135 | * more declarations to some group of partitions. The macro chooses 136 | * whether the preprocessor will emit or omit a sequence of declarations 137 | * bracketed by an #if/#endif pair. All header file references to the 138 | * WINAPI_PARTITION_* values should be in the form of occurrences of 139 | * WINAPI_FAMILY_PARTITION(...). 140 | * 141 | * For example, the following usage of WINAPI_FAMILY_PARTITION identifies 142 | * a sequence of declarations that are part of both the Windows Desktop 143 | * Partition and the Windows-Phone-Specific Store Partition: 144 | * 145 | * #if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_PHONE_APP) 146 | * ... 147 | * #endif // WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_PHONE_APP) 148 | * 149 | * The comment on the closing #endif allow tools as well as people to find the 150 | * matching #ifdef properly. 151 | * 152 | * Usages of WINAPI_FAMILY_PARTITION may be combined, when the partitition definitions are 153 | * related. In particular one might use declarations like 154 | * 155 | * #if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) 156 | * 157 | * or 158 | * 159 | * #if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_PHONE_APP) 160 | * 161 | * Direct references to WINAPI_PARTITION_ values (eg #if !WINAPI_FAMILY_PARTITION_...) 162 | * should not be used. 163 | */ 164 | #define WINAPI_FAMILY_PARTITION(Partitions) (Partitions) 165 | 166 | /* 167 | * Macro used to #define or typedef a symbol used for selective deprecation 168 | * of individual methods of a COM interfaces that are otherwise available 169 | * for a given set of partitions. 170 | */ 171 | #define _WINAPI_DEPRECATED_DECLARATION __declspec(deprecated("This API cannot be used in the context of the caller's application type.")) 172 | 173 | /* 174 | * For compatibility with Windows 8 header files, the following 175 | * symbol is temporarily conditionally #define'd. Additional symbols 176 | * like this should be not defined in winapifamily.h, but rather should be 177 | * introduced locally to the header files of the component that needs them. 178 | */ 179 | #if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) 180 | # define APP_DEPRECATED_HRESULT HRESULT _WINAPI_DEPRECATED_DECLARATION 181 | #endif // WINAPIFAMILY_PARTITION(WINAPI_PARTITION_APP) && !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) 182 | 183 | #endif /* !_INC_WINAPIFAMILY */ 184 | -------------------------------------------------------------------------------- /Loader/main/drv_mapper/intel_driver.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idarlingid/rust-cheat-paste/25e2ae793d6a97b5158aa56a700e3418fd7ce284/Loader/main/drv_mapper/intel_driver.hpp -------------------------------------------------------------------------------- /Loader/main/drv_mapper/mapper.cpp: -------------------------------------------------------------------------------- 1 | #include "mapper.hpp" 2 | 3 | uint64_t mapper::Driver(HANDLE iqvw64e_device_handle, const uint8_t* driver_file, size_t size) 4 | { 5 | std::vector raw_image(driver_file, driver_file + size); 6 | 7 | const PIMAGE_NT_HEADERS64 nt_headers = portable_executable::GetNtHeaders(raw_image.data()); 8 | 9 | if (!nt_headers) 10 | { 11 | //[-] Invalid format of PE image 12 | return 0; 13 | } 14 | 15 | if (nt_headers->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR64_MAGIC) 16 | { 17 | //[-] Image is not 64 bit 18 | return 0; 19 | } 20 | 21 | const uint32_t image_size = nt_headers->OptionalHeader.SizeOfImage; 22 | 23 | void* local_image_base = VirtualAlloc(nullptr, image_size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); 24 | uint64_t kernel_image_base = intel_driver::AllocatePool(iqvw64e_device_handle, nt::NonPagedPool, image_size); 25 | 26 | do 27 | { 28 | if (!kernel_image_base) 29 | { 30 | break; 31 | } 32 | 33 | memcpy(local_image_base, raw_image.data(), nt_headers->OptionalHeader.SizeOfHeaders); 34 | 35 | const PIMAGE_SECTION_HEADER current_image_section = IMAGE_FIRST_SECTION(nt_headers); 36 | 37 | for (auto i = 0; i < nt_headers->FileHeader.NumberOfSections; ++i) 38 | { 39 | auto local_section = reinterpret_cast(reinterpret_cast(local_image_base) + current_image_section[i].VirtualAddress); 40 | memcpy(local_section, reinterpret_cast(reinterpret_cast(raw_image.data()) + current_image_section[i].PointerToRawData), current_image_section[i].SizeOfRawData); 41 | } 42 | if (nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress) 43 | { 44 | RelocateImageByDelta(portable_executable::GetRelocs(local_image_base), kernel_image_base - nt_headers->OptionalHeader.ImageBase); 45 | } 46 | 47 | if (nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size && !ResolveImports(iqvw64e_device_handle, portable_executable::GetImports(local_image_base))) 48 | { 49 | break; 50 | } 51 | 52 | if (!intel_driver::WriteMemory(iqvw64e_device_handle, kernel_image_base, local_image_base, image_size)) 53 | { 54 | break; 55 | } 56 | 57 | VirtualFree(local_image_base, 0, MEM_RELEASE); 58 | const uint64_t address_of_entry_point = kernel_image_base + nt_headers->OptionalHeader.AddressOfEntryPoint; 59 | NTSTATUS status = 0; 60 | 61 | if (!intel_driver::CallKernelFunction(iqvw64e_device_handle, &status, address_of_entry_point, utils::GetKernelModuleAddress("ntoskrnl.exe"))) 62 | { 63 | break; 64 | } 65 | 66 | intel_driver::SetMemory(iqvw64e_device_handle, kernel_image_base, 0, nt_headers->OptionalHeader.SizeOfHeaders); 67 | return kernel_image_base; 68 | 69 | } while (false); 70 | 71 | VirtualFree(local_image_base, 0, MEM_RELEASE); 72 | intel_driver::FreePool(iqvw64e_device_handle, kernel_image_base); 73 | 74 | return 0; 75 | } 76 | 77 | void mapper::RelocateImageByDelta(portable_executable::vec_relocs relocs, const uint64_t delta) 78 | { 79 | for (const auto& current_reloc : relocs) 80 | { 81 | for (auto i = 0u; i < current_reloc.count; ++i) 82 | { 83 | const uint16_t type = current_reloc.item[i] >> 12; 84 | const uint16_t offset = current_reloc.item[i] & 0xFFF; 85 | 86 | if (type == IMAGE_REL_BASED_DIR64) 87 | * reinterpret_cast(current_reloc.address + offset) += delta; 88 | } 89 | } 90 | } 91 | 92 | bool mapper::ResolveImports(HANDLE iqvw64e_device_handle, portable_executable::vec_imports imports) 93 | { 94 | for (const auto& current_import : imports) 95 | { 96 | if (!utils::GetKernelModuleAddress(current_import.module_name)) 97 | { 98 | return false; 99 | } 100 | 101 | for (auto& current_function_data : current_import.function_datas) 102 | { 103 | const uint64_t function_address = intel_driver::GetKernelModuleExport(iqvw64e_device_handle, utils::GetKernelModuleAddress(current_import.module_name), current_function_data.name); 104 | 105 | if (!function_address) 106 | { 107 | return false; 108 | } 109 | 110 | *current_function_data.address = function_address; 111 | } 112 | } 113 | 114 | return true; 115 | } -------------------------------------------------------------------------------- /Loader/main/drv_mapper/mapper.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | #include "portable_executable.hpp" 10 | #include "utils.hpp" 11 | #include "nt.hpp" 12 | #include "intel_driver.hpp" 13 | 14 | namespace mapper 15 | { 16 | uint64_t Driver(HANDLE iqvw64e_device_handle, const uint8_t* driver_file, size_t size); 17 | void RelocateImageByDelta(portable_executable::vec_relocs relocs, const uint64_t delta); 18 | bool ResolveImports(HANDLE iqvw64e_device_handle, portable_executable::vec_imports imports); 19 | } -------------------------------------------------------------------------------- /Loader/main/drv_mapper/nt.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #pragma comment(lib, "ntdll.lib") 5 | 6 | namespace nt 7 | { 8 | constexpr auto PAGE_SIZE = 0x1000; 9 | constexpr auto STATUS_INFO_LENGTH_MISMATCH = 0xC0000004; 10 | 11 | constexpr auto SystemModuleInformation = 11; 12 | constexpr auto SystemHandleInformation = 16; 13 | constexpr auto SystemExtendedHandleInformation = 64; 14 | 15 | typedef struct _SYSTEM_HANDLE 16 | { 17 | PVOID Object; 18 | HANDLE UniqueProcessId; 19 | HANDLE HandleValue; 20 | ULONG GrantedAccess; 21 | USHORT CreatorBackTraceIndex; 22 | USHORT ObjectTypeIndex; 23 | ULONG HandleAttributes; 24 | ULONG Reserved; 25 | } SYSTEM_HANDLE, *PSYSTEM_HANDLE; 26 | 27 | typedef struct _SYSTEM_HANDLE_INFORMATION_EX 28 | { 29 | ULONG_PTR HandleCount; 30 | ULONG_PTR Reserved; 31 | SYSTEM_HANDLE Handles[1]; 32 | } SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX; 33 | 34 | typedef enum _POOL_TYPE { 35 | NonPagedPool, 36 | NonPagedPoolExecute, 37 | PagedPool, 38 | NonPagedPoolMustSucceed, 39 | DontUseThisType, 40 | NonPagedPoolCacheAligned, 41 | PagedPoolCacheAligned, 42 | NonPagedPoolCacheAlignedMustS, 43 | MaxPoolType, 44 | NonPagedPoolBase, 45 | NonPagedPoolBaseMustSucceed, 46 | NonPagedPoolBaseCacheAligned, 47 | NonPagedPoolBaseCacheAlignedMustS, 48 | NonPagedPoolSession, 49 | PagedPoolSession, 50 | NonPagedPoolMustSucceedSession, 51 | DontUseThisTypeSession, 52 | NonPagedPoolCacheAlignedSession, 53 | PagedPoolCacheAlignedSession, 54 | NonPagedPoolCacheAlignedMustSSession, 55 | NonPagedPoolNx, 56 | NonPagedPoolNxCacheAligned, 57 | NonPagedPoolSessionNx 58 | } POOL_TYPE; 59 | 60 | typedef struct _RTL_PROCESS_MODULE_INFORMATION 61 | { 62 | HANDLE Section; 63 | PVOID MappedBase; 64 | PVOID ImageBase; 65 | ULONG ImageSize; 66 | ULONG Flags; 67 | USHORT LoadOrderIndex; 68 | USHORT InitOrderIndex; 69 | USHORT LoadCount; 70 | USHORT OffsetToFileName; 71 | UCHAR FullPathName[256]; 72 | } RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION; 73 | 74 | typedef struct _RTL_PROCESS_MODULES 75 | { 76 | ULONG NumberOfModules; 77 | RTL_PROCESS_MODULE_INFORMATION Modules[1]; 78 | } RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES; 79 | } -------------------------------------------------------------------------------- /Loader/main/drv_mapper/portable_executable.cpp: -------------------------------------------------------------------------------- 1 | #include "portable_executable.hpp" 2 | 3 | PIMAGE_NT_HEADERS64 portable_executable::GetNtHeaders(void* image_base) 4 | { 5 | const auto dos_header = reinterpret_cast(image_base); 6 | 7 | if (dos_header->e_magic != IMAGE_DOS_SIGNATURE) 8 | return nullptr; 9 | 10 | const auto nt_headers = reinterpret_cast(reinterpret_cast(image_base) + dos_header->e_lfanew); 11 | 12 | if (nt_headers->Signature != IMAGE_NT_SIGNATURE) 13 | return nullptr; 14 | 15 | return nt_headers; 16 | } 17 | 18 | portable_executable::vec_relocs portable_executable::GetRelocs(void* image_base) 19 | { 20 | const PIMAGE_NT_HEADERS64 nt_headers = GetNtHeaders(image_base); 21 | 22 | if (!nt_headers) 23 | return {}; 24 | 25 | vec_relocs relocs; 26 | 27 | auto current_base_relocation = reinterpret_cast(reinterpret_cast(image_base) + nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress); 28 | const auto reloc_end = reinterpret_cast(current_base_relocation) + nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size; 29 | 30 | while (current_base_relocation->VirtualAddress && current_base_relocation->VirtualAddress < reloc_end && current_base_relocation->SizeOfBlock) 31 | { 32 | RelocInfo reloc_info; 33 | 34 | reloc_info.address = reinterpret_cast(image_base) + current_base_relocation->VirtualAddress; 35 | reloc_info.item = reinterpret_cast(reinterpret_cast(current_base_relocation) + sizeof(IMAGE_BASE_RELOCATION)); 36 | reloc_info.count = (current_base_relocation->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(uint16_t); 37 | 38 | relocs.push_back(reloc_info); 39 | 40 | current_base_relocation = reinterpret_cast(reinterpret_cast(current_base_relocation) + current_base_relocation->SizeOfBlock); 41 | } 42 | 43 | return relocs; 44 | } 45 | 46 | portable_executable::vec_imports portable_executable::GetImports(void* image_base) 47 | { 48 | const PIMAGE_NT_HEADERS64 nt_headers = GetNtHeaders(image_base); 49 | 50 | if (!nt_headers) 51 | return {}; 52 | 53 | vec_imports imports; 54 | 55 | auto current_import_descriptor = reinterpret_cast(reinterpret_cast(image_base) + nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress); 56 | 57 | while (current_import_descriptor->FirstThunk) 58 | { 59 | ImportInfo import_info; 60 | 61 | import_info.module_name = std::string(reinterpret_cast(reinterpret_cast(image_base) + current_import_descriptor->Name)); 62 | 63 | auto current_first_thunk = reinterpret_cast(reinterpret_cast(image_base) + current_import_descriptor->FirstThunk); 64 | auto current_originalFirstThunk = reinterpret_cast(reinterpret_cast(image_base) + current_import_descriptor->OriginalFirstThunk); 65 | 66 | while (current_originalFirstThunk->u1.Function) 67 | { 68 | ImportFunctionInfo import_function_data; 69 | 70 | auto thunk_data = reinterpret_cast(reinterpret_cast(image_base) + current_originalFirstThunk->u1.AddressOfData); 71 | 72 | import_function_data.name = thunk_data->Name; 73 | import_function_data.address = ¤t_first_thunk->u1.Function; 74 | 75 | import_info.function_datas.push_back(import_function_data); 76 | 77 | ++current_originalFirstThunk; 78 | ++current_first_thunk; 79 | } 80 | 81 | imports.push_back(import_info); 82 | ++current_import_descriptor; 83 | } 84 | 85 | return imports; 86 | } -------------------------------------------------------------------------------- /Loader/main/drv_mapper/portable_executable.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | namespace portable_executable 8 | { 9 | struct RelocInfo 10 | { 11 | uint64_t address; 12 | uint16_t* item; 13 | uint32_t count; 14 | }; 15 | 16 | struct ImportFunctionInfo 17 | { 18 | std::string name; 19 | uint64_t* address; 20 | }; 21 | 22 | struct ImportInfo 23 | { 24 | std::string module_name; 25 | std::vector function_datas; 26 | }; 27 | 28 | using vec_sections = std::vector; 29 | using vec_relocs = std::vector; 30 | using vec_imports = std::vector; 31 | 32 | PIMAGE_NT_HEADERS64 GetNtHeaders(void* image_base); 33 | vec_relocs GetRelocs(void* image_base); 34 | vec_imports GetImports(void* image_base); 35 | } -------------------------------------------------------------------------------- /Loader/main/drv_mapper/service.cpp: -------------------------------------------------------------------------------- 1 | #include "service.hpp" 2 | 3 | 4 | bool ExistOtherService(SC_HANDLE service_manager) { 5 | DWORD spaceNeeded = 0; 6 | DWORD numServices = 0; 7 | if (!EnumServicesStatus(service_manager, SERVICE_DRIVER, SERVICE_STATE_ALL, NULL, 0, &spaceNeeded, &numServices, 0) && GetLastError() != ERROR_MORE_DATA) { 8 | printf("Can't enum service list error code: %d!!\n",GetLastError()); 9 | return true; 10 | } 11 | spaceNeeded += sizeof(ENUM_SERVICE_STATUSA); 12 | LPENUM_SERVICE_STATUSA buffer = (LPENUM_SERVICE_STATUSA)new BYTE[spaceNeeded]; 13 | 14 | if (EnumServicesStatus(service_manager, SERVICE_DRIVER, SERVICE_STATE_ALL, buffer, spaceNeeded, &spaceNeeded, &numServices, 0)) { 15 | for (DWORD i = 0; i < numServices; i++) { 16 | ENUM_SERVICE_STATUSA service = buffer[i]; 17 | SC_HANDLE service_handle = OpenService(service_manager, service.lpServiceName, SERVICE_QUERY_CONFIG); 18 | if (service_handle) { 19 | LPQUERY_SERVICE_CONFIGA config = (LPQUERY_SERVICE_CONFIGA)new BYTE[8096]; //8096 = max size of QUERY_SERVICE_CONFIGA 20 | DWORD needed = 0; 21 | if (QueryServiceConfig(service_handle, config, 8096, &needed)) { 22 | if (strstr(config->lpBinaryPathName, intel_driver::driver_name)) { 23 | delete[] buffer; 24 | printf("WARNING: Service called '%s' have same file name!!\n", config->lpDisplayName); 25 | CloseServiceHandle(service_handle); 26 | return false; 27 | } 28 | } 29 | else { 30 | printf("Note: Error query service %s error code: %d\n", service.lpServiceName, GetLastError()); 31 | } 32 | CloseServiceHandle(service_handle); 33 | } 34 | 35 | } 36 | delete[] buffer; 37 | return false; //no equal services we can continue 38 | } 39 | delete[] buffer; 40 | printf("Can't enum service list!!\n"); 41 | return true; 42 | 43 | } 44 | 45 | 46 | bool service::RegisterAndStart(const std::string& driver_path) 47 | { 48 | const std::string driver_name = std::filesystem::path(driver_path).filename().string(); 49 | const SC_HANDLE sc_manager_handle = OpenSCManager(nullptr, nullptr, SC_MANAGER_ALL_ACCESS); 50 | 51 | if (!sc_manager_handle) { 52 | printf("Can't open service manager\n"); 53 | return false; 54 | } 55 | if (ExistOtherService(sc_manager_handle)) { 56 | return false; 57 | } 58 | 59 | SC_HANDLE service_handle = CreateService(sc_manager_handle, driver_name.c_str(), driver_name.c_str(), SERVICE_START | SERVICE_STOP | DELETE, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_IGNORE, driver_path.c_str(), nullptr, nullptr, nullptr, nullptr, nullptr); 60 | 61 | if (!service_handle) 62 | { 63 | service_handle = OpenService(sc_manager_handle, driver_name.c_str(), SERVICE_START); 64 | 65 | if (!service_handle) 66 | { 67 | printf("Can't create the vulnerable service, check your AV!!\n"); 68 | CloseServiceHandle(sc_manager_handle); 69 | return false; 70 | } 71 | } 72 | 73 | const bool result = StartService(service_handle, 0, nullptr); 74 | 75 | CloseServiceHandle(service_handle); 76 | CloseServiceHandle(sc_manager_handle); 77 | if (!result) { 78 | printf("Can't start the vulnerable service, check your AV!!\n"); 79 | } 80 | return result; 81 | } 82 | 83 | bool service::StopAndRemove(const std::string& driver_name) 84 | { 85 | const SC_HANDLE sc_manager_handle = OpenSCManager(nullptr, nullptr, SC_MANAGER_CREATE_SERVICE); 86 | 87 | if (!sc_manager_handle) 88 | return false; 89 | 90 | const SC_HANDLE service_handle = OpenService(sc_manager_handle, driver_name.c_str(), SERVICE_STOP | DELETE); 91 | 92 | if (!service_handle) 93 | { 94 | CloseServiceHandle(sc_manager_handle); 95 | return false; 96 | } 97 | 98 | SERVICE_STATUS status = { 0 }; 99 | const bool result = ControlService(service_handle, SERVICE_CONTROL_STOP, &status) && DeleteService(service_handle); 100 | 101 | CloseServiceHandle(service_handle); 102 | CloseServiceHandle(sc_manager_handle); 103 | 104 | return result; 105 | } -------------------------------------------------------------------------------- /Loader/main/drv_mapper/service.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | #include "intel_driver.hpp" 6 | 7 | namespace service 8 | { 9 | bool RegisterAndStart(const std::string& driver_path); 10 | bool StopAndRemove(const std::string& driver_name); 11 | }; -------------------------------------------------------------------------------- /Loader/main/drv_mapper/utils.cpp: -------------------------------------------------------------------------------- 1 | #include "utils.hpp" 2 | 3 | bool utils::ReadFileToMemory(const std::string& file_path, std::vector* out_buffer) 4 | { 5 | std::ifstream file_ifstream(file_path, std::ios::binary); 6 | 7 | if (!file_ifstream) 8 | return false; 9 | 10 | out_buffer->assign((std::istreambuf_iterator(file_ifstream)), std::istreambuf_iterator()); 11 | file_ifstream.close(); 12 | 13 | return true; 14 | } 15 | 16 | bool utils::CreateFileFromMemory(const std::string& desired_file_path, const char* address, size_t size) 17 | { 18 | std::ofstream file_ofstream(desired_file_path.c_str(), std::ios_base::out | std::ios_base::binary); 19 | 20 | if (!file_ofstream.write(address, size)) 21 | { 22 | file_ofstream.close(); 23 | return false; 24 | } 25 | 26 | file_ofstream.close(); 27 | return true; 28 | } 29 | 30 | bool utils::dirExists(const std::string& dirName_in) 31 | { 32 | DWORD ftyp = GetFileAttributesA(dirName_in.c_str()); 33 | if (ftyp == INVALID_FILE_ATTRIBUTES) 34 | return false; //something is wrong with your path! 35 | 36 | if (ftyp & FILE_ATTRIBUTE_DIRECTORY) 37 | return true; // this is a directory! 38 | 39 | return false; // this is not a directory! 40 | } 41 | DWORD utils::EnumProcess(std::string name) 42 | { 43 | HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL); 44 | 45 | PROCESSENTRY32 ProcessEntry = { NULL }; 46 | ProcessEntry.dwSize = sizeof(PROCESSENTRY32); 47 | 48 | for (BOOL bSuccess = Process32First(hSnapshot, &ProcessEntry); bSuccess; bSuccess = Process32Next(hSnapshot, &ProcessEntry)) 49 | { 50 | if (!strcmp(ProcessEntry.szExeFile, name.c_str())) 51 | return ProcessEntry.th32ProcessID; 52 | } 53 | 54 | return NULL; 55 | } 56 | 57 | uint64_t utils::GetKernelModuleAddress(const std::string& module_name) 58 | { 59 | void* buffer = nullptr; 60 | DWORD buffer_size = 0; 61 | 62 | NTSTATUS status = NtQuerySystemInformation(static_cast(nt::SystemModuleInformation), buffer, buffer_size, &buffer_size); 63 | 64 | while (status == nt::STATUS_INFO_LENGTH_MISMATCH) 65 | { 66 | VirtualFree(buffer, 0, MEM_RELEASE); 67 | 68 | buffer = VirtualAlloc(nullptr, buffer_size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 69 | status = NtQuerySystemInformation(static_cast(nt::SystemModuleInformation), buffer, buffer_size, &buffer_size); 70 | } 71 | 72 | if (!NT_SUCCESS(status)) 73 | { 74 | VirtualFree(buffer, 0, MEM_RELEASE); 75 | return 0; 76 | } 77 | 78 | const auto modules = static_cast(buffer); 79 | 80 | for (auto i = 0u; i < modules->NumberOfModules; ++i) 81 | { 82 | const std::string current_module_name = std::string(reinterpret_cast(modules->Modules[i].FullPathName) + modules->Modules[i].OffsetToFileName); 83 | 84 | if (!_stricmp(current_module_name.c_str(), module_name.c_str())) 85 | { 86 | const uint64_t result = reinterpret_cast(modules->Modules[i].ImageBase); 87 | 88 | VirtualFree(buffer, 0, MEM_RELEASE); 89 | return result; 90 | } 91 | } 92 | 93 | VirtualFree(buffer, 0, MEM_RELEASE); 94 | return 0; 95 | } -------------------------------------------------------------------------------- /Loader/main/drv_mapper/utils.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | #include "nt.hpp" 11 | 12 | namespace utils 13 | { 14 | bool ReadFileToMemory(const std::string& file_path, std::vector* out_buffer); 15 | bool CreateFileFromMemory(const std::string& desired_file_path, const char* address, size_t size); 16 | bool dirExists(const std::string& dirName_in); 17 | DWORD EnumProcess(std::string name); 18 | uint64_t GetKernelModuleAddress(const std::string& module_name); 19 | } -------------------------------------------------------------------------------- /Loader/main/encrypt-decrypt/encrypt-decrypt.cpp: -------------------------------------------------------------------------------- 1 | #include "encrypt-decrypt.hpp" 2 | #include "..\utilities\lazy_importer.hpp" 3 | 4 | 5 | namespace aes 6 | { 7 | __forceinline std::string encrypt(const std::string& str, const std::string& cipher_key, const std::string& iv_key) 8 | { 9 | std::string str_out; 10 | 11 | CryptoPP::CFB_Mode::Encryption encryption((BYTE*)cipher_key.c_str(), cipher_key.length(), (BYTE*)iv_key.c_str()); 12 | 13 | CryptoPP::StringSource encryptor(str, true, 14 | new CryptoPP::StreamTransformationFilter(encryption, 15 | new CryptoPP::Base64Encoder( 16 | new CryptoPP::StringSink(str_out), 17 | false 18 | ) 19 | ) 20 | ); 21 | return str_out; 22 | } 23 | __forceinline std::string decrypt(const std::string& str, const std::string& cipher_key, const std::string& iv_key) 24 | { 25 | std::string str_out; 26 | 27 | CryptoPP::CFB_Mode::Decryption decryption((BYTE*)cipher_key.c_str(), cipher_key.length(), (BYTE*)iv_key.c_str()); 28 | 29 | CryptoPP::StringSource decryptor(str, true, 30 | new CryptoPP::Base64Decoder( 31 | new CryptoPP::StreamTransformationFilter(decryption, 32 | new CryptoPP::StringSink(str_out) 33 | ) 34 | ) 35 | ); 36 | return str_out; 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /Loader/main/encrypt-decrypt/encrypt-decrypt.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include "..\utilities\lazy_importer.hpp" 7 | #pragma comment(lib, "cryptlib.lib") 8 | 9 | namespace aes 10 | { 11 | extern __forceinline std::string encrypt(const std::string& str, const std::string& cipher_key, const std::string& iv_key); 12 | extern __forceinline std::string decrypt(const std::string& str, const std::string& cipher_key, const std::string& iv_key); 13 | } 14 | 15 | -------------------------------------------------------------------------------- /Loader/main/encrypt-decrypt/md5.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | #define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) 5 | #define G(x, y, z) ((y) ^ ((z) & ((x) ^ (y)))) 6 | #define H(x, y, z) ((x) ^ (y) ^ (z)) 7 | #define I(x, y, z) ((y) ^ ((x) | ~(z))) 8 | #define STEP(f, a, b, c, d, x, t, s) \ 9 | (a) += f((b), (c), (d)) + (x) + (t); \ 10 | (a) = (((a) << (s)) | (((a) & 0xffffffff) >> (32 - (s)))); \ 11 | (a) += (b); 12 | 13 | #if defined(__i386__) || defined(__x86_64__) || defined(__vax__) 14 | #define SET(n) \ 15 | (*(MD5_u32 *)&ptr[(n) * 4]) 16 | #define GET(n) \ 17 | SET(n) 18 | #else 19 | #define SET(n) \ 20 | (ctx->block[(n)] = \ 21 | (MD5_u32)ptr[(n) * 4] | \ 22 | ((MD5_u32)ptr[(n) * 4 + 1] << 8) | \ 23 | ((MD5_u32)ptr[(n) * 4 + 2] << 16) | \ 24 | ((MD5_u32)ptr[(n) * 4 + 3] << 24)) 25 | #define GET(n) \ 26 | (ctx->block[(n)]) 27 | #endif 28 | 29 | typedef unsigned int MD5_u32; 30 | 31 | typedef struct { 32 | MD5_u32 lo, hi; 33 | MD5_u32 a, b, c, d; 34 | unsigned char buffer[64]; 35 | MD5_u32 block[16]; 36 | } MD5_CTX; 37 | 38 | namespace md5 39 | { 40 | static void MD5_Init(MD5_CTX* ctx); 41 | static void MD5_Update(MD5_CTX* ctx, const void* data, unsigned long size); 42 | static void MD5_Final(unsigned char* result, MD5_CTX* ctx); 43 | 44 | static const void* body(MD5_CTX* ctx, const void* data, unsigned long size) { 45 | const unsigned char* ptr; 46 | MD5_u32 a, b, c, d; 47 | MD5_u32 saved_a, saved_b, saved_c, saved_d; 48 | 49 | ptr = (const unsigned char*)data; 50 | 51 | a = ctx->a; 52 | b = ctx->b; 53 | c = ctx->c; 54 | d = ctx->d; 55 | 56 | do { 57 | saved_a = a; 58 | saved_b = b; 59 | saved_c = c; 60 | saved_d = d; 61 | 62 | STEP(F, a, b, c, d, SET(0), 0xd76aa478, 7) 63 | STEP(F, d, a, b, c, SET(1), 0xe8c7b756, 12) 64 | STEP(F, c, d, a, b, SET(2), 0x242070db, 17) 65 | STEP(F, b, c, d, a, SET(3), 0xc1bdceee, 22) 66 | STEP(F, a, b, c, d, SET(4), 0xf57c0faf, 7) 67 | STEP(F, d, a, b, c, SET(5), 0x4787c62a, 12) 68 | STEP(F, c, d, a, b, SET(6), 0xa8304613, 17) 69 | STEP(F, b, c, d, a, SET(7), 0xfd469501, 22) 70 | STEP(F, a, b, c, d, SET(8), 0x698098d8, 7) 71 | STEP(F, d, a, b, c, SET(9), 0x8b44f7af, 12) 72 | STEP(F, c, d, a, b, SET(10), 0xffff5bb1, 17) 73 | STEP(F, b, c, d, a, SET(11), 0x895cd7be, 22) 74 | STEP(F, a, b, c, d, SET(12), 0x6b901122, 7) 75 | STEP(F, d, a, b, c, SET(13), 0xfd987193, 12) 76 | STEP(F, c, d, a, b, SET(14), 0xa679438e, 17) 77 | STEP(F, b, c, d, a, SET(15), 0x49b40821, 22) 78 | STEP(G, a, b, c, d, GET(1), 0xf61e2562, 5) 79 | STEP(G, d, a, b, c, GET(6), 0xc040b340, 9) 80 | STEP(G, c, d, a, b, GET(11), 0x265e5a51, 14) 81 | STEP(G, b, c, d, a, GET(0), 0xe9b6c7aa, 20) 82 | STEP(G, a, b, c, d, GET(5), 0xd62f105d, 5) 83 | STEP(G, d, a, b, c, GET(10), 0x02441453, 9) 84 | STEP(G, c, d, a, b, GET(15), 0xd8a1e681, 14) 85 | STEP(G, b, c, d, a, GET(4), 0xe7d3fbc8, 20) 86 | STEP(G, a, b, c, d, GET(9), 0x21e1cde6, 5) 87 | STEP(G, d, a, b, c, GET(14), 0xc33707d6, 9) 88 | STEP(G, c, d, a, b, GET(3), 0xf4d50d87, 14) 89 | STEP(G, b, c, d, a, GET(8), 0x455a14ed, 20) 90 | STEP(G, a, b, c, d, GET(13), 0xa9e3e905, 5) 91 | STEP(G, d, a, b, c, GET(2), 0xfcefa3f8, 9) 92 | STEP(G, c, d, a, b, GET(7), 0x676f02d9, 14) 93 | STEP(G, b, c, d, a, GET(12), 0x8d2a4c8a, 20) 94 | STEP(H, a, b, c, d, GET(5), 0xfffa3942, 4) 95 | STEP(H, d, a, b, c, GET(8), 0x8771f681, 11) 96 | STEP(H, c, d, a, b, GET(11), 0x6d9d6122, 16) 97 | STEP(H, b, c, d, a, GET(14), 0xfde5380c, 23) 98 | STEP(H, a, b, c, d, GET(1), 0xa4beea44, 4) 99 | STEP(H, d, a, b, c, GET(4), 0x4bdecfa9, 11) 100 | STEP(H, c, d, a, b, GET(7), 0xf6bb4b60, 16) 101 | STEP(H, b, c, d, a, GET(10), 0xbebfbc70, 23) 102 | STEP(H, a, b, c, d, GET(13), 0x289b7ec6, 4) 103 | STEP(H, d, a, b, c, GET(0), 0xeaa127fa, 11) 104 | STEP(H, c, d, a, b, GET(3), 0xd4ef3085, 16) 105 | STEP(H, b, c, d, a, GET(6), 0x04881d05, 23) 106 | STEP(H, a, b, c, d, GET(9), 0xd9d4d039, 4) 107 | STEP(H, d, a, b, c, GET(12), 0xe6db99e5, 11) 108 | STEP(H, c, d, a, b, GET(15), 0x1fa27cf8, 16) 109 | STEP(H, b, c, d, a, GET(2), 0xc4ac5665, 23) 110 | STEP(I, a, b, c, d, GET(0), 0xf4292244, 6) 111 | STEP(I, d, a, b, c, GET(7), 0x432aff97, 10) 112 | STEP(I, c, d, a, b, GET(14), 0xab9423a7, 15) 113 | STEP(I, b, c, d, a, GET(5), 0xfc93a039, 21) 114 | STEP(I, a, b, c, d, GET(12), 0x655b59c3, 6) 115 | STEP(I, d, a, b, c, GET(3), 0x8f0ccc92, 10) 116 | STEP(I, c, d, a, b, GET(10), 0xffeff47d, 15) 117 | STEP(I, b, c, d, a, GET(1), 0x85845dd1, 21) 118 | STEP(I, a, b, c, d, GET(8), 0x6fa87e4f, 6) 119 | STEP(I, d, a, b, c, GET(15), 0xfe2ce6e0, 10) 120 | STEP(I, c, d, a, b, GET(6), 0xa3014314, 15) 121 | STEP(I, b, c, d, a, GET(13), 0x4e0811a1, 21) 122 | STEP(I, a, b, c, d, GET(4), 0xf7537e82, 6) 123 | STEP(I, d, a, b, c, GET(11), 0xbd3af235, 10) 124 | STEP(I, c, d, a, b, GET(2), 0x2ad7d2bb, 15) 125 | STEP(I, b, c, d, a, GET(9), 0xeb86d391, 21) 126 | 127 | a += saved_a; 128 | b += saved_b; 129 | c += saved_c; 130 | d += saved_d; 131 | 132 | ptr += 64; 133 | } while (size -= 64); 134 | 135 | ctx->a = a; 136 | ctx->b = b; 137 | ctx->c = c; 138 | ctx->d = d; 139 | 140 | return ptr; 141 | } 142 | 143 | void MD5_Init(MD5_CTX* ctx) { 144 | ctx->a = 0x67452301; 145 | ctx->b = 0xefcdab89; 146 | ctx->c = 0x98badcfe; 147 | ctx->d = 0x10325476; 148 | 149 | ctx->lo = 0; 150 | ctx->hi = 0; 151 | } 152 | 153 | void MD5_Update(MD5_CTX* ctx, const void* data, unsigned long size) { 154 | MD5_u32 saved_lo; 155 | unsigned long used, free; 156 | 157 | saved_lo = ctx->lo; 158 | if ((ctx->lo = (saved_lo + size) & 0x1fffffff) < saved_lo) 159 | ctx->hi++; 160 | ctx->hi += size >> 29; 161 | used = saved_lo & 0x3f; 162 | 163 | if (used) { 164 | free = 64 - used; 165 | if (size < free) { 166 | memcpy(&ctx->buffer[used], data, size); 167 | return; 168 | } 169 | 170 | memcpy(&ctx->buffer[used], data, free); 171 | data = (unsigned char*)data + free; 172 | size -= free; 173 | body(ctx, ctx->buffer, 64); 174 | } 175 | 176 | if (size >= 64) { 177 | data = body(ctx, data, size & ~(unsigned long)0x3f); 178 | size &= 0x3f; 179 | } 180 | 181 | memcpy(ctx->buffer, data, size); 182 | } 183 | 184 | void MD5_Final(unsigned char* result, MD5_CTX* ctx) { 185 | unsigned long used, free; 186 | used = ctx->lo & 0x3f; 187 | ctx->buffer[used++] = 0x80; 188 | free = 64 - used; 189 | 190 | if (free < 8) { 191 | memset(&ctx->buffer[used], 0, free); 192 | body(ctx, ctx->buffer, 64); 193 | used = 0; 194 | free = 64; 195 | } 196 | 197 | memset(&ctx->buffer[used], 0, free - 8); 198 | 199 | ctx->lo <<= 3; 200 | ctx->buffer[56] = ctx->lo; 201 | ctx->buffer[57] = ctx->lo >> 8; 202 | ctx->buffer[58] = ctx->lo >> 16; 203 | ctx->buffer[59] = ctx->lo >> 24; 204 | ctx->buffer[60] = ctx->hi; 205 | ctx->buffer[61] = ctx->hi >> 8; 206 | ctx->buffer[62] = ctx->hi >> 16; 207 | ctx->buffer[63] = ctx->hi >> 24; 208 | body(ctx, ctx->buffer, 64); 209 | result[0] = ctx->a; 210 | result[1] = ctx->a >> 8; 211 | result[2] = ctx->a >> 16; 212 | result[3] = ctx->a >> 24; 213 | result[4] = ctx->b; 214 | result[5] = ctx->b >> 8; 215 | result[6] = ctx->b >> 16; 216 | result[7] = ctx->b >> 24; 217 | result[8] = ctx->c; 218 | result[9] = ctx->c >> 8; 219 | result[10] = ctx->c >> 16; 220 | result[11] = ctx->c >> 24; 221 | result[12] = ctx->d; 222 | result[13] = ctx->d >> 8; 223 | result[14] = ctx->d >> 16; 224 | result[15] = ctx->d >> 24; 225 | memset(ctx, 0, sizeof(*ctx)); 226 | } 227 | 228 | /* Return Calculated raw result(always little-endian), the size is always 16 */ 229 | void md5bin(const void* dat, size_t len, unsigned char out[16]) 230 | { 231 | MD5_CTX c; 232 | MD5_Init(&c); 233 | MD5_Update(&c, dat, len); 234 | MD5_Final(out, &c); 235 | } 236 | 237 | static char hb2hex(unsigned char hb) { 238 | hb = hb & 0xF; 239 | return hb < 10 ? '0' + hb : hb - 10 + 'a'; 240 | } 241 | 242 | std::string create_from_raw(const void* dat, size_t len) 243 | { 244 | std::string res; 245 | unsigned char out[16]; 246 | 247 | md5bin(dat, len, out); 248 | 249 | for (size_t i = 0; i < 16; ++i) 250 | { 251 | res.push_back(hb2hex(out[i] >> 4)); 252 | res.push_back(hb2hex(out[i])); 253 | } 254 | 255 | return res; 256 | } 257 | 258 | std::string create_from_string(std::string dat) 259 | { 260 | return create_from_raw(dat.c_str(), dat.length()); 261 | } 262 | } -------------------------------------------------------------------------------- /Loader/main/globals.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "..\main\utilities\xorstr.hpp" 3 | struct globals 4 | { 5 | struct 6 | { 7 | std::string version; 8 | std::string status; 9 | 10 | std::string ip = xorstr_("steepcheat.pw"); 11 | 12 | struct 13 | { 14 | std::string cipher; 15 | std::string iv; 16 | } key; 17 | } server_side; 18 | 19 | struct 20 | { 21 | std::string version = xorstr_("1.2"); 22 | 23 | struct 24 | { 25 | std::string name = utilities::get_random_string(16); 26 | float width = 600.f; 27 | float height = 350.f; 28 | } window_settings; 29 | 30 | struct 31 | { 32 | std::string key; 33 | std::string hwid = utilities::get_hwid(); 34 | 35 | std::string token; 36 | std::string structure_cheat; 37 | 38 | } data; 39 | } client_side; 40 | }; 41 | 42 | extern globals g_globals; -------------------------------------------------------------------------------- /Loader/main/libcurl.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idarlingid/rust-cheat-paste/25e2ae793d6a97b5158aa56a700e3418fd7ce284/Loader/main/libcurl.lib -------------------------------------------------------------------------------- /Loader/main/menu/ImGui/font.cpp: -------------------------------------------------------------------------------- 1 | #include "font.h" 2 | 3 | ImFont* little = nullptr; 4 | ImFont* medium = nullptr; 5 | -------------------------------------------------------------------------------- /Loader/main/menu/ImGui/font.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "imgui.h" 4 | #include "imgui_impl_dx9.h" 5 | #include "imgui_impl_win32.h" 6 | 7 | extern ImFont* little; 8 | extern ImFont* medium; 9 | -------------------------------------------------------------------------------- /Loader/main/menu/ImGui/imconfig.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // COMPILE-TIME OPTIONS FOR DEAR IMGUI 3 | // Runtime options (clipboard callbacks, enabling various features, etc.) can generally be set via the ImGuiIO structure. 4 | // You can use ImGui::SetAllocatorFunctions() before calling ImGui::CreateContext() to rewire memory allocation functions. 5 | //----------------------------------------------------------------------------- 6 | // A) You may edit imconfig.h (and not overwrite it when updating Dear ImGui, or maintain a patch/branch with your modifications to imconfig.h) 7 | // B) or add configuration directives in your own file and compile with #define IMGUI_USER_CONFIG "myfilename.h" 8 | // If you do so you need to make sure that configuration settings are defined consistently _everywhere_ Dear ImGui is used, which include 9 | // the imgui*.cpp files but also _any_ of your code that uses Dear ImGui. This is because some compile-time options have an affect on data structures. 10 | // Defining those options in imconfig.h will ensure every compilation unit gets to see the same data structure layouts. 11 | // Call IMGUI_CHECKVERSION() from your .cpp files to verify that the data structures your files are using are matching the ones imgui.cpp is using. 12 | //----------------------------------------------------------------------------- 13 | 14 | #pragma once 15 | 16 | //---- Define assertion handler. Defaults to calling assert(). 17 | // If your macro uses multiple statements, make sure is enclosed in a 'do { .. } while (0)' block so it can be used as a single statement. 18 | //#define IM_ASSERT(_EXPR) MyAssert(_EXPR) 19 | //#define IM_ASSERT(_EXPR) ((void)(_EXPR)) // Disable asserts 20 | 21 | //---- Define attributes of all API symbols declarations, e.g. for DLL under Windows 22 | // Using dear imgui via a shared library is not recommended, because of function call overhead and because we don't guarantee backward nor forward ABI compatibility. 23 | //#define IMGUI_API __declspec( dllexport ) 24 | //#define IMGUI_API __declspec( dllimport ) 25 | 26 | //---- Don't define obsolete functions/enums/behaviors. Consider enabling from time to time after updating to avoid using soon-to-be obsolete function/names. 27 | //#define IMGUI_DISABLE_OBSOLETE_FUNCTIONS 28 | 29 | //---- Disable all of Dear ImGui or don't implement standard windows. 30 | // It is very strongly recommended to NOT disable the demo windows during development. Please read comments in imgui_demo.cpp. 31 | //#define IMGUI_DISABLE // Disable everything: all headers and source files will be empty. 32 | //#define IMGUI_DISABLE_DEMO_WINDOWS // Disable demo windows: ShowDemoWindow()/ShowStyleEditor() will be empty. Not recommended. 33 | //#define IMGUI_DISABLE_METRICS_WINDOW // Disable debug/metrics window: ShowMetricsWindow() will be empty. 34 | 35 | //---- Don't implement some functions to reduce linkage requirements. 36 | //#define IMGUI_DISABLE_WIN32_DEFAULT_CLIPBOARD_FUNCTIONS // [Win32] Don't implement default clipboard handler. Won't use and link with OpenClipboard/GetClipboardData/CloseClipboard etc. 37 | //#define IMGUI_DISABLE_WIN32_DEFAULT_IME_FUNCTIONS // [Win32] Don't implement default IME handler. Won't use and link with ImmGetContext/ImmSetCompositionWindow. 38 | //#define IMGUI_DISABLE_WIN32_FUNCTIONS // [Win32] Won't use and link with any Win32 function (clipboard, ime). 39 | //#define IMGUI_ENABLE_OSX_DEFAULT_CLIPBOARD_FUNCTIONS // [OSX] Implement default OSX clipboard handler (need to link with '-framework ApplicationServices', this is why this is not the default). 40 | //#define IMGUI_DISABLE_DEFAULT_FORMAT_FUNCTIONS // Don't implement ImFormatString/ImFormatStringV so you can implement them yourself (e.g. if you don't want to link with vsnprintf) 41 | //#define IMGUI_DISABLE_DEFAULT_MATH_FUNCTIONS // Don't implement ImFabs/ImSqrt/ImPow/ImFmod/ImCos/ImSin/ImAcos/ImAtan2 so you can implement them yourself. 42 | //#define IMGUI_DISABLE_DEFAULT_FILE_FUNCTIONS // Don't implement ImFileOpen/ImFileClose/ImFileRead/ImFileWrite so you can implement them yourself if you don't want to link with fopen/fclose/fread/fwrite. This will also disable the LogToTTY() function. 43 | //#define IMGUI_DISABLE_DEFAULT_ALLOCATORS // Don't implement default allocators calling malloc()/free() to avoid linking with them. You will need to call ImGui::SetAllocatorFunctions(). 44 | 45 | //---- Include imgui_user.h at the end of imgui.h as a convenience 46 | //#define IMGUI_INCLUDE_IMGUI_USER_H 47 | 48 | //---- Pack colors to BGRA8 instead of RGBA8 (to avoid converting from one to another) 49 | //#define IMGUI_USE_BGRA_PACKED_COLOR 50 | 51 | //---- Avoid multiple STB libraries implementations, or redefine path/filenames to prioritize another version 52 | // By default the embedded implementations are declared static and not available outside of imgui cpp files. 53 | //#define IMGUI_STB_TRUETYPE_FILENAME "my_folder/stb_truetype.h" 54 | //#define IMGUI_STB_RECT_PACK_FILENAME "my_folder/stb_rect_pack.h" 55 | //#define IMGUI_DISABLE_STB_TRUETYPE_IMPLEMENTATION 56 | //#define IMGUI_DISABLE_STB_RECT_PACK_IMPLEMENTATION 57 | 58 | //---- Unless IMGUI_DISABLE_DEFAULT_FORMAT_FUNCTIONS is defined, use the much faster STB sprintf library implementation of vsnprintf instead of the one from the default C library. 59 | // Note that stb_sprintf.h is meant to be provided by the user and available in the include path at compile time. Also, the compatibility checks of the arguments and formats done by clang and GCC will be disabled in order to support the extra formats provided by STB sprintf. 60 | // #define IMGUI_USE_STB_SPRINTF 61 | 62 | //---- Define constructor and implicit cast operators to convert back<>forth between your math types and ImVec2/ImVec4. 63 | // This will be inlined as part of ImVec2 and ImVec4 class declarations. 64 | /* 65 | #define IM_VEC2_CLASS_EXTRA \ 66 | ImVec2(const MyVec2& f) { x = f.x; y = f.y; } \ 67 | operator MyVec2() const { return MyVec2(x,y); } 68 | 69 | #define IM_VEC4_CLASS_EXTRA \ 70 | ImVec4(const MyVec4& f) { x = f.x; y = f.y; z = f.z; w = f.w; } \ 71 | operator MyVec4() const { return MyVec4(x,y,z,w); } 72 | */ 73 | 74 | //---- Use 32-bit vertex indices (default is 16-bit) is one way to allow large meshes with more than 64K vertices. 75 | // Your renderer back-end will need to support it (most example renderer back-ends support both 16/32-bit indices). 76 | // Another way to allow large meshes while keeping 16-bit indices is to handle ImDrawCmd::VtxOffset in your renderer. 77 | // Read about ImGuiBackendFlags_RendererHasVtxOffset for details. 78 | //#define ImDrawIdx unsigned int 79 | 80 | //---- Override ImDrawCallback signature (will need to modify renderer back-ends accordingly) 81 | //struct ImDrawList; 82 | //struct ImDrawCmd; 83 | //typedef void (*MyImDrawCallback)(const ImDrawList* draw_list, const ImDrawCmd* cmd, void* my_renderer_user_data); 84 | //#define ImDrawCallback MyImDrawCallback 85 | 86 | //---- Debug Tools: Macro to break in Debugger 87 | // (use 'Metrics->Tools->Item Picker' to pick widgets with the mouse and break into them for easy debugging.) 88 | //#define IM_DEBUG_BREAK IM_ASSERT(0) 89 | //#define IM_DEBUG_BREAK __debugbreak() 90 | 91 | //---- Debug Tools: Have the Item Picker break in the ItemAdd() function instead of ItemHoverable(), 92 | // (which comes earlier in the code, will catch a few extra items, allow picking items other than Hovered one.) 93 | // This adds a small runtime cost which is why it is not enabled by default. 94 | //#define IMGUI_DEBUG_TOOL_ITEM_PICKER_EX 95 | 96 | //---- Debug Tools: Enable slower asserts 97 | //#define IMGUI_DEBUG_PARANOID 98 | 99 | //---- Tip: You can add extra functions within the ImGui:: namespace, here or in your own headers files. 100 | /* 101 | namespace ImGui 102 | { 103 | void MyFunction(const char* name, const MyMatrix44& v); 104 | } 105 | */ 106 | -------------------------------------------------------------------------------- /Loader/main/menu/ImGui/imgui_impl_dx9.h: -------------------------------------------------------------------------------- 1 | // dear imgui: Renderer for DirectX9 2 | // This needs to be used along with a Platform Binding (e.g. Win32) 3 | 4 | // Implemented features: 5 | // [X] Renderer: User texture binding. Use 'LPDIRECT3DTEXTURE9' as ImTextureID. Read the FAQ about ImTextureID! 6 | // [X] Renderer: Support for large meshes (64k+ vertices) with 16-bit indices. 7 | 8 | // You can copy and use unmodified imgui_impl_* files in your project. See main.cpp for an example of using this. 9 | // If you are new to dear imgui, read examples/README.txt and read the documentation at the top of imgui.cpp. 10 | // https://github.com/ocornut/imgui 11 | 12 | #pragma once 13 | 14 | struct IDirect3DDevice9; 15 | 16 | IMGUI_IMPL_API bool ImGui_ImplDX9_Init(IDirect3DDevice9* device); 17 | IMGUI_IMPL_API void ImGui_ImplDX9_Shutdown(); 18 | IMGUI_IMPL_API void ImGui_ImplDX9_NewFrame(); 19 | IMGUI_IMPL_API void ImGui_ImplDX9_RenderDrawData(ImDrawData* draw_data); 20 | 21 | // Use if you want to reset your rendering device without losing ImGui state. 22 | IMGUI_IMPL_API bool ImGui_ImplDX9_CreateDeviceObjects(); 23 | IMGUI_IMPL_API void ImGui_ImplDX9_InvalidateDeviceObjects(); 24 | -------------------------------------------------------------------------------- /Loader/main/menu/ImGui/imgui_impl_win32.h: -------------------------------------------------------------------------------- 1 | // dear imgui: Platform Binding for Windows (standard windows API for 32 and 64 bits applications) 2 | // This needs to be used along with a Renderer (e.g. DirectX11, OpenGL3, Vulkan..) 3 | 4 | // Implemented features: 5 | // [X] Platform: Clipboard support (for Win32 this is actually part of core imgui) 6 | // [X] Platform: Mouse cursor shape and visibility. Disable with 'io.ConfigFlags |= ImGuiConfigFlags_NoMouseCursorChange'. 7 | // [X] Platform: Keyboard arrays indexed using VK_* Virtual Key Codes, e.g. ImGui::IsKeyPressed(VK_SPACE). 8 | // [X] Platform: Gamepad support. Enabled with 'io.ConfigFlags |= ImGuiConfigFlags_NavEnableGamepad'. 9 | 10 | #pragma once 11 | 12 | IMGUI_IMPL_API bool ImGui_ImplWin32_Init(void* hwnd); 13 | IMGUI_IMPL_API void ImGui_ImplWin32_Shutdown(); 14 | IMGUI_IMPL_API void ImGui_ImplWin32_NewFrame(); 15 | 16 | // Configuration: Disable gamepad support or linking with xinput.lib 17 | //#define IMGUI_IMPL_WIN32_DISABLE_GAMEPAD 18 | //#define IMGUI_IMPL_WIN32_DISABLE_LINKING_XINPUT 19 | 20 | // Handler for Win32 messages, update mouse/keyboard data. 21 | // You may or not need this for your implementation, but it can serve as reference for handling inputs. 22 | // Intentionally commented out to avoid dragging dependencies on types. You can COPY this line into your .cpp code instead. 23 | #if 0 24 | IMGUI_IMPL_API LRESULT ImGui_ImplWin32_WndProcHandler(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam); 25 | #endif 26 | -------------------------------------------------------------------------------- /Loader/main/menu/ImGui/imgui_rotate.hpp: -------------------------------------------------------------------------------- 1 | #include "imgui.h" 2 | #include "imgui_internal.h" 3 | 4 | int rotation_start_index; 5 | 6 | void ImRotateStart() 7 | { 8 | rotation_start_index = ImGui::GetWindowDrawList()->VtxBuffer.Size; 9 | } 10 | 11 | ImVec2 ImRotationCenter() 12 | { 13 | ImVec2 l(FLT_MAX, FLT_MAX), u(-FLT_MAX, -FLT_MAX); 14 | 15 | const auto& buf = ImGui::GetWindowDrawList()->VtxBuffer; 16 | for (int i = rotation_start_index; i < buf.Size; i++) 17 | l = ImMin(l, buf[i].pos), u = ImMax(u, buf[i].pos); 18 | 19 | return ImVec2((l.x + u.x) / 2, (l.y + u.y) / 2); 20 | } 21 | 22 | ImVec2 operator-(const ImVec2& l, const ImVec2& r) { return{ l.x - r.x, l.y - r.y }; } 23 | 24 | void ImRotateEnd(float rad, ImVec2 center = ImRotationCenter()) 25 | { 26 | float s = sin(rad), c = cos(rad); 27 | center = ImRotate(center, s, c) - center; 28 | 29 | auto& buf = ImGui::GetWindowDrawList()->VtxBuffer; 30 | for (int i = rotation_start_index; i < buf.Size; i++) 31 | buf[i].pos = ImRotate(buf[i].pos, s, c) - center; 32 | } 33 | 34 | /* 35 | ImRotateStart(); 36 | ImGui::Text("Text rotate"); 37 | ImRotateEnd(0.0005f * ::GetTickCount()); 38 | */ -------------------------------------------------------------------------------- /Loader/main/menu/registrywindow.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | #include "ImGui/imgui.h" 6 | #include "ImGui/imgui_impl_dx9.h" 7 | #include "ImGui/imgui_internal.h" 8 | 9 | #include "ImGui/imgui_internal.h" 10 | #include "../globals.hpp" 11 | 12 | #include 13 | #include 14 | #include 15 | #include 16 | #include "ImGui/hashes.h" 17 | #include "ImGui/imgui_rotate.hpp" 18 | #include "ImGui/font.h" 19 | #pragma comment(lib, "d3d9.lib") 20 | #pragma comment(lib, "d3dx9.lib") 21 | #pragma comment(lib,"dxguid.lib") 22 | 23 | #define rgba_to_float(r,g,b,a) (float)r/255.0f, (float)g/255.0f, (float)b/255.0f, (float)a/255.0f 24 | 25 | ImFont* Normal = nullptr; 26 | ImFont* Main = nullptr; 27 | ImFont* Notification = nullptr; 28 | ImFont* Medium = nullptr; 29 | ImFont* MyFont = nullptr; 30 | static LPDIRECT3DDEVICE9 g_pd3dDevice = NULL; 31 | static D3DPRESENT_PARAMETERS g_d3dpp; 32 | 33 | static int alpha = 0; 34 | static int alpha2 = 0; 35 | static int timer = 0; 36 | static int tab = 0; 37 | static bool banned = false; 38 | static bool activation_invalid_key = false; 39 | static bool activation_unknown_cheat = false; 40 | static bool activation_expired_subscribe = false; 41 | static bool activation_data_error = false; 42 | static bool injection = false; 43 | static bool activation_success = false; 44 | static bool logout = false; 45 | extern ImVec2 position; 46 | extern ImDrawList* draw; 47 | 48 | bool reverse = false; 49 | int offset = 0; 50 | bool show_popup = false; 51 | ImVec2 position; 52 | ImDrawList* draw; 53 | static LPDIRECT3D9 g_pD3D = NULL; 54 | bool CreateDeviceD3D(HWND hWnd); 55 | void CleanupDeviceD3D(); 56 | 57 | HWND MainWindow; 58 | IDirect3DTexture9* tImage = nullptr; 59 | IDirect3DTexture9* back = nullptr; 60 | ATOM RegMyWindowClass(HINSTANCE, LPCTSTR); 61 | LRESULT WINAPI WndProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam); 62 | ATOM RegMyWindowClass(HINSTANCE hInst, LPCTSTR lpzClassName) 63 | { 64 | WNDCLASS wcWindowClass = { 0 }; 65 | wcWindowClass.lpfnWndProc = (WNDPROC)WndProc; 66 | wcWindowClass.style = CS_HREDRAW | CS_VREDRAW; 67 | wcWindowClass.hInstance = hInst; 68 | wcWindowClass.lpszClassName = lpzClassName; 69 | wcWindowClass.hCursor = LoadCursor(NULL, IDC_ARROW); 70 | wcWindowClass.hbrBackground = (HBRUSH)COLOR_APPWORKSPACE; 71 | return RegisterClass(&wcWindowClass); 72 | } 73 | 74 | bool CreateDeviceD3D(HWND hWnd) 75 | { 76 | if ((g_pD3D = Direct3DCreate9(D3D_SDK_VERSION)) == NULL) 77 | return false; 78 | 79 | // Create the D3DDevice 80 | ZeroMemory(&g_d3dpp, sizeof(g_d3dpp)); 81 | g_d3dpp.Windowed = TRUE; 82 | g_d3dpp.SwapEffect = D3DSWAPEFFECT_DISCARD; 83 | g_d3dpp.BackBufferFormat = D3DFMT_UNKNOWN; 84 | g_d3dpp.EnableAutoDepthStencil = TRUE; 85 | g_d3dpp.AutoDepthStencilFormat = D3DFMT_D16; 86 | g_d3dpp.PresentationInterval = D3DPRESENT_INTERVAL_ONE; // Present with vsync 87 | //g_d3dpp.PresentationInterval = D3DPRESENT_INTERVAL_IMMEDIATE; // Present without vsync, maximum unthrottled framerate 88 | if (g_pD3D->CreateDevice(D3DADAPTER_DEFAULT, D3DDEVTYPE_HAL, hWnd, D3DCREATE_HARDWARE_VERTEXPROCESSING, &g_d3dpp, &g_pd3dDevice) < 0) 89 | return false; 90 | 91 | return true; 92 | } 93 | void ResetDevice() 94 | { 95 | ImGui_ImplDX9_InvalidateDeviceObjects(); 96 | HRESULT hr = g_pd3dDevice->Reset(&g_d3dpp); 97 | if (hr == D3DERR_INVALIDCALL) 98 | IM_ASSERT(0); 99 | ImGui_ImplDX9_CreateDeviceObjects(); 100 | } 101 | 102 | extern LRESULT ImGui_ImplWin32_WndProcHandler(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam); 103 | LRESULT WINAPI WndProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam) 104 | { 105 | if (ImGui_ImplWin32_WndProcHandler(hWnd, msg, wParam, lParam)) 106 | return true; 107 | 108 | switch (msg) 109 | { 110 | case WM_SIZE: 111 | if (g_pd3dDevice != NULL && wParam != SIZE_MINIMIZED) 112 | { 113 | ImGui_ImplDX9_InvalidateDeviceObjects(); 114 | g_d3dpp.BackBufferWidth = LOWORD(lParam); 115 | g_d3dpp.BackBufferHeight = HIWORD(lParam); 116 | HRESULT hr = g_pd3dDevice->Reset(&g_d3dpp); 117 | if (hr == D3DERR_INVALIDCALL) IM_ASSERT(0); 118 | ImGui_ImplDX9_CreateDeviceObjects(); 119 | } 120 | return NULL; 121 | 122 | case WM_SYSCOMMAND: 123 | if ((wParam & 0xfff0) == SC_KEYMENU) return NULL; 124 | break; 125 | case WM_DESTROY: 126 | PostQuitMessage(0); 127 | return NULL; 128 | case WM_NCHITTEST: 129 | POINT pt; 130 | RECT windowPos; 131 | GetWindowRect(hWnd, &windowPos); 132 | static RECT r1; 133 | r1.left = 0; 134 | r1.right = windowPos.right - windowPos.left; 135 | r1.top = 0; 136 | r1.bottom = 40; 137 | GetCursorPos(&pt); 138 | ScreenToClient(hWnd, &pt); 139 | LRESULT result = DefWindowProc(hWnd, msg, wParam, lParam); 140 | if ((int)r1.bottom > (int)pt.y) 141 | { 142 | if (result == HTCLIENT) result = HTCAPTION; 143 | } 144 | return result; 145 | } 146 | return DefWindowProc(hWnd, msg, wParam, lParam); 147 | } 148 | void CleanupDeviceD3D() 149 | { 150 | if (g_pd3dDevice) { g_pd3dDevice->Release(); g_pd3dDevice = NULL; } 151 | if (g_pD3D) { g_pD3D->Release(); g_pD3D = NULL; } 152 | } 153 | namespace notification 154 | { 155 | long getMils() 156 | { 157 | auto duration = std::chrono::system_clock::now().time_since_epoch(); 158 | 159 | return std::chrono::duration_cast(duration).count(); 160 | } 161 | 162 | void start(const char* text, bool* done) 163 | { 164 | if (!done) 165 | show_popup = true; 166 | 167 | if (&show_popup) 168 | { 169 | if (timer < 6000) 170 | { 171 | if (alpha < 240) 172 | alpha = alpha + 5; 173 | 174 | if (alpha2 < 255) 175 | alpha2 = alpha2 + 8; 176 | } 177 | 178 | if (timer < 6000) 179 | timer = timer + 50; 180 | 181 | if (timer > 6000) 182 | timer = 6000; 183 | 184 | if (timer >= 6000) 185 | { 186 | if (alpha > 0) 187 | alpha = alpha - 5; 188 | 189 | if (alpha2 > 0) 190 | alpha2 = alpha2 - 8; 191 | 192 | if (alpha <= 0 && alpha2 <= 0) 193 | { 194 | alpha = 0; 195 | timer = -1; 196 | show_popup = false; 197 | *done = true; 198 | } 199 | } 200 | if (timer <= 6000 && alpha > 0 && alpha2 > 0) 201 | { 202 | draw->AddRectFilled({ position.x,position.y }, { position.x + 600, position.y + 350 }, ImColor(0, 0, 0, alpha)); 203 | ImGui::PushFont(medium); 204 | ImGui::SetCursorPos(ImVec2(ImGui::GetWindowSize().x / 2 - ImGui::CalcTextSize(text).x / 2, ImGui::GetWindowSize().y / 2 - ImGui::CalcTextSize(text).y / 2 + 22)); 205 | draw->AddText({ ImGui::GetWindowSize().x / 2 - ImGui::CalcTextSize(text).x / 2, ImGui::GetWindowSize().y / 2 - ImGui::CalcTextSize(text).y / 2 }, ImColor(255, 255, 255, alpha2), text); 206 | ImGui::PopFont(); 207 | } 208 | } 209 | } 210 | } -------------------------------------------------------------------------------- /Loader/main/rose-m.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /Loader/main/syscalls/apiset.cpp: -------------------------------------------------------------------------------- 1 | #include "includes.h" 2 | #include "util.h" 3 | #include "io.h" 4 | #include "apiset.h" 5 | apiset g_apiset; 6 | 7 | apiset::apiset() { 8 | auto map = *reinterpret_cast(uintptr_t(util::peb()) + 0x68); 9 | for (int i = 0; i < map->Count; ++i) { 10 | std::wstring wapi_name(255, 0); 11 | std::wstring wapi_host(255, 0); 12 | 13 | auto entry = reinterpret_cast(uintptr_t(map) + map->End + i * sizeof(native::API_SET_NAMESPACE_ENTRY)); 14 | auto array = reinterpret_cast(uintptr_t(map) + map->Start + entry->Size * sizeof(native::API_SET_VALUE_ARRAY)); 15 | 16 | auto byte_map = reinterpret_cast(map); 17 | std::memcpy(&wapi_name[0], &byte_map[array->NameOffset], array->NameLength); 18 | 19 | auto host = reinterpret_cast(&byte_map[array->DataOffset]); 20 | 21 | std::memcpy(&wapi_host[0], &byte_map[host->ValueOffset], host->ValueLength); 22 | 23 | wapi_name.assign(wapi_name.data()); 24 | wapi_host.assign(wapi_host.data()); 25 | 26 | auto api_name = util::wide_to_multibyte(wapi_name); 27 | auto api_host = util::wide_to_multibyte(wapi_host); 28 | 29 | m_apimap[api_name] = api_host; 30 | } 31 | } -------------------------------------------------------------------------------- /Loader/main/syscalls/apiset.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | class apiset { 4 | std::unordered_map m_apimap; 5 | public: 6 | apiset(); 7 | 8 | bool find(std::string& mod) { 9 | auto it = std::find_if(m_apimap.begin(), m_apimap.end(), [&](const std::pair& pair) { 10 | return mod.find(pair.first) != std::string::npos; 11 | }); 12 | 13 | if (it != m_apimap.end()) { 14 | mod = it->second; 15 | return true; 16 | } 17 | return false; 18 | } 19 | 20 | auto& map() { return m_apimap; } 21 | }; 22 | 23 | extern apiset g_apiset; -------------------------------------------------------------------------------- /Loader/main/syscalls/debugsecurity.cpp: -------------------------------------------------------------------------------- 1 | #include "includes.h" 2 | #include "util.h" 3 | #include "syscalls.h" 4 | #include "apiset.h" 5 | #include 6 | #include "debugsecurity.h" 7 | #include 8 | #include "..\debug utils/XorStr.h" 9 | #include "..\utilities\security.h" 10 | #include "..\client/client.hpp" 11 | #pragma comment(lib,"ntdll.lib") 12 | std::unordered_map> debugsecurity::parsed_images; 13 | __forceinline bool stop() 14 | { 15 | return raise(11); 16 | } 17 | __forceinline bool read_file(const std::string_view path, std::vector& out) 18 | { 19 | std::ifstream file(path.data(), std::ios::binary); 20 | if (!file.good()) 21 | { 22 | //std::cout << "{} isnt valid." << path << std::endl; 23 | return false; 24 | } 25 | 26 | file.unsetf(std::ios::skipws); 27 | 28 | file.seekg(0, std::ios::end); 29 | const size_t size = file.tellg(); 30 | file.seekg(0, std::ios::beg); 31 | 32 | out.resize(size); 33 | 34 | file.read(&out[0], size); 35 | 36 | file.close(); 37 | 38 | return true; 39 | } 40 | __forceinline bool init() 41 | { 42 | std::list blacklist = { "ntdll.dll", "kernel32.dll" }; 43 | 44 | std::unordered_map memory_modules; 45 | std::unordered_map> disk_modules; 46 | if (!get_all_modules(memory_modules)) 47 | { 48 | //std::cout << "failed to get loaded modules" << std::endl; 49 | return false; 50 | } 51 | 52 | for (auto& [name, vi] : memory_modules) { 53 | auto it = std::find(blacklist.begin(), blacklist.end(), name); 54 | if (it == blacklist.end()) { 55 | continue; 56 | } 57 | 58 | std::vector raw; 59 | char path[MAX_PATH]; 60 | GetModuleFileNameA(GetModuleHandleA(name.c_str()), path, MAX_PATH); 61 | 62 | if (!read_file(path, raw)) 63 | { 64 | //std::cout << "failed to read{}" << name << std::endl; 65 | continue; 66 | } 67 | 68 | disk_modules[name] = pe::image(raw); 69 | } 70 | 71 | for (auto& [name, image] : disk_modules) { 72 | std::vector mem; 73 | 74 | image.copy(mem); 75 | image.relocate(mem, uintptr_t(GetModuleHandleA(name.c_str()))); 76 | 77 | for (auto& [mod, funcs] : image.imports()) { 78 | std::string mod_name{ mod }; 79 | g_apiset.find(mod_name); 80 | 81 | for (auto& func : funcs) { 82 | *reinterpret_cast(&mem[func.rva]) = uintptr_t(GetProcAddress(GetModuleHandleA(mod_name.c_str()), func.name.c_str())); 83 | } 84 | } 85 | 86 | debugsecurity::parsed_images[name] = mem; 87 | } 88 | 89 | disk_modules.clear(); 90 | memory_modules.clear(); 91 | 92 | return !debugsecurity::parsed_images.empty(); 93 | } 94 | void debugsecurity::thread() 95 | { 96 | if (!init()) 97 | { 98 | //std::cout << "failed to init security thread."; 99 | stop(); 100 | } 101 | 102 | while (true) 103 | { 104 | check(); 105 | std::this_thread::sleep_for(std::chrono::milliseconds(500)); 106 | /*std::this_thread::sleep_for(chrono::seconds(1));*/ 107 | } 108 | } 109 | 110 | __forceinline bool debugsecurity::check() 111 | { 112 | static auto peb = util::peb(); 113 | auto being_debugged = static_cast(peb->BeingDebugged); 114 | if (being_debugged) 115 | { 116 | stop(); 117 | return true; 118 | } 119 | 120 | 121 | static auto query_info = g_syscalls.get("NtQueryInformationProcess"); 122 | 123 | uint32_t debug_inherit = 0; 124 | auto status = query_info(INVALID_HANDLE_VALUE, native::ProcessDebugFlags, &debug_inherit, sizeof(debug_inherit), 0); 125 | if (!NT_SUCCESS(status)) 126 | { 127 | stop(); 128 | //std::cout << "failed to get local process debug flags, status {:#X}." << (status & 0xFFFFFFFF); 129 | return true; 130 | } 131 | 132 | if (debug_inherit == 0) 133 | { 134 | stop(); 135 | return true; 136 | } 137 | 138 | uint64_t remote_debug = 0; 139 | status = query_info(INVALID_HANDLE_VALUE, native::ProcessDebugPort, &remote_debug, sizeof(remote_debug), 0); 140 | if (!NT_SUCCESS(status)) 141 | { 142 | stop(); 143 | //std::cout << "failed to get local process debug port, status {:#X}." << (status & 0xFFFFFFFF) << std::endl; 144 | return true; 145 | } 146 | 147 | if (remote_debug != 0) 148 | { 149 | stop(); 150 | return true; 151 | } 152 | 153 | return false; 154 | } -------------------------------------------------------------------------------- /Loader/main/syscalls/debugsecurity.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | namespace debugsecurity 3 | { 4 | extern std::unordered_map> parsed_images; 5 | 6 | struct patch_t { 7 | uintptr_t va; 8 | uint8_t original_op; 9 | uint8_t patched_op; 10 | std::string module; 11 | }; 12 | 13 | void thread(); 14 | 15 | __forceinline bool check(); 16 | }; -------------------------------------------------------------------------------- /Loader/main/syscalls/includes.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include -------------------------------------------------------------------------------- /Loader/main/syscalls/syscalls.cpp: -------------------------------------------------------------------------------- 1 | #include "includes.h" 2 | #include "io.h" 3 | #include "util.h" 4 | #include "syscalls.h" 5 | #include "../utilities/security.h" 6 | 7 | syscalls g_syscalls; 8 | 9 | syscalls::syscalls() { 10 | m_call_table = VirtualAlloc(0, 0x100000, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); 11 | std::memset(m_call_table, 0x90, 0x100000); 12 | } 13 | 14 | syscalls::~syscalls() { 15 | VirtualFree(m_call_table, 0, MEM_RELEASE); 16 | } 17 | 18 | void syscalls::init() 19 | { 20 | /*std::cout << "syscall: 0x" << uintptr_t(m_call_table) << std::endl;*/ 21 | static auto nt = pe::ntdll(); 22 | for (auto& exp : nt.exports()) 23 | { 24 | auto addr = exp.second; 25 | 26 | uint16_t offset; 27 | auto idx = get_index(addr, offset); 28 | 29 | if (!idx) continue; 30 | 31 | m_indexes[exp.first] = std::make_pair(idx, offset); 32 | 33 | if (m_stub.empty()) { 34 | auto s = func_size(reinterpret_cast(addr)); 35 | 36 | m_stub.resize(s); 37 | 38 | memcpy(&m_stub[0], reinterpret_cast(addr), s); 39 | } 40 | } 41 | 42 | for (auto& [name, pair] : m_indexes) 43 | { 44 | auto& [idx, offset] = pair; 45 | 46 | auto addr = uintptr_t(m_call_table) + (idx * m_stub.size()); 47 | std::memcpy(reinterpret_cast(addr), m_stub.data(), m_stub.size()); 48 | 49 | *reinterpret_cast(addr + m_stub.size() - 1) = 0xc3; 50 | *reinterpret_cast(addr + offset + 1) = idx; 51 | } 52 | } 53 | 54 | bool syscalls::valid(const uintptr_t addr, const size_t& size) { 55 | auto func = reinterpret_cast(addr); 56 | 57 | // mov r10, rcx 58 | uint32_t a = func[0] + func[1] + func[2]; 59 | if (a != 0x1a8) { 60 | return false; 61 | } 62 | 63 | for (size_t i{}; i < size; i++) 64 | { 65 | auto op = func[i]; 66 | auto next = func[i + 1]; 67 | 68 | if (op == 0x0f && next == 0x05) 69 | { 70 | return true; 71 | } 72 | } 73 | 74 | return false; 75 | } 76 | 77 | uint16_t syscalls::get_index(const uintptr_t va, uint16_t& offset) { 78 | auto func = reinterpret_cast(va); 79 | auto size = func_size(reinterpret_cast(va)); 80 | if (!valid(va, size)) { 81 | return 0; 82 | } 83 | 84 | for (size_t i{}; i < size; i++) { 85 | auto op = func[i]; 86 | if (op == 0xb8) { 87 | offset = i; 88 | 89 | return *reinterpret_cast(va + i + 1); 90 | } 91 | } 92 | return 0; 93 | } 94 | 95 | size_t syscalls::func_size(const uint8_t* func) { 96 | for (size_t i = 0; i < 64; i++) { 97 | auto op = func[i]; 98 | if (op == 0xc3 || op == 0xc2) { 99 | return i + 1; 100 | } 101 | } 102 | return 0; 103 | } 104 | -------------------------------------------------------------------------------- /Loader/main/syscalls/syscalls.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | class syscalls { 3 | std::unordered_map> m_indexes; 4 | std::vector m_stub; 5 | 6 | void* m_call_table; 7 | public: 8 | syscalls(); 9 | ~syscalls(); 10 | 11 | void init(); 12 | bool valid(const uintptr_t func, const size_t& size); 13 | uint16_t get_index(const uintptr_t va, uint16_t& offset); 14 | size_t func_size(const uint8_t* func); 15 | 16 | template 17 | T get(const std::string_view func) { 18 | return reinterpret_cast(uintptr_t(m_call_table) + (m_indexes[func.data()].first * m_stub.size())); 19 | }; 20 | 21 | uintptr_t operator()(const std::string_view func) { 22 | return uintptr_t(m_call_table) + (m_indexes[func.data()].first * m_stub.size()); 23 | } 24 | 25 | uintptr_t operator()() { 26 | return uintptr_t(m_call_table); 27 | } 28 | }; 29 | 30 | extern syscalls g_syscalls; -------------------------------------------------------------------------------- /Loader/main/syscalls/util.cpp: -------------------------------------------------------------------------------- 1 | #include "includes.h" 2 | #include "util.h" 3 | #include "io.h" 4 | #include "syscalls.h" 5 | 6 | std::string util::wide_to_multibyte(const std::wstring& str) 7 | { 8 | std::string ret; 9 | size_t str_len; 10 | 11 | // check if not empty str 12 | if (str.empty()) 13 | return{}; 14 | 15 | // count size 16 | str_len = WideCharToMultiByte(CP_UTF8, 0, &str[0], str.size(), 0, 0, 0, 0); 17 | 18 | // setup return value 19 | ret.resize(str_len); 20 | 21 | // final conversion 22 | WideCharToMultiByte(CP_UTF8, 0, &str[0], str.size(), &ret[0], str_len, 0, 0); 23 | 24 | return ret; 25 | } 26 | 27 | std::wstring util::multibyte_to_wide(const std::string& str) { 28 | size_t size; 29 | std::wstring out; 30 | 31 | // get size 32 | size = MultiByteToWideChar(CP_UTF8, 0, str.c_str(), str.size() + 1, 0, 0); 33 | 34 | out.resize(size); 35 | 36 | // finally convert 37 | MultiByteToWideChar(CP_UTF8, 0, str.c_str(), str.size() + 1, &out[0], size); 38 | 39 | return out; 40 | } 41 | 42 | bool util::close_handle(HANDLE handle) 43 | { 44 | static auto nt_close = g_syscalls.get("NtClose"); 45 | 46 | auto status = nt_close(handle); 47 | if (!NT_SUCCESS(status)) 48 | { 49 | return false; 50 | } 51 | 52 | return true; 53 | } 54 | 55 | 56 | bool pe::get_all_modules(std::unordered_map& modules) { 57 | modules.clear(); 58 | 59 | auto peb = util::peb(); 60 | if (!peb) return false; 61 | 62 | if (!peb->Ldr->InMemoryOrderModuleList.Flink) return false; 63 | 64 | auto* list = &peb->Ldr->InMemoryOrderModuleList; 65 | 66 | for (auto i = list->Flink; i != list; i = i->Flink) { 67 | auto entry = CONTAINING_RECORD(i, native::LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks); 68 | if (!entry) 69 | continue; 70 | 71 | auto name = util::wide_to_multibyte(entry->BaseDllName.Buffer); 72 | std::transform(name.begin(), name.end(), name.begin(), ::tolower); 73 | 74 | modules[name] = virtual_image(entry->DllBase); 75 | } 76 | 77 | return !modules.empty(); 78 | } -------------------------------------------------------------------------------- /Loader/main/syscalls/util.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "native.h" 4 | 5 | namespace util { 6 | std::string wide_to_multibyte(const std::wstring& str); 7 | std::wstring multibyte_to_wide(const std::string& str); 8 | 9 | __forceinline native::_PEB* peb() { 10 | return reinterpret_cast(__readgsqword(0x60)); 11 | } 12 | 13 | bool close_handle(HANDLE handle); 14 | 15 | }; // namespace util 16 | 17 | #include "pe.h" -------------------------------------------------------------------------------- /Loader/main/utilities/security.h: -------------------------------------------------------------------------------- 1 | #include "../debug utils/ScyllaHideDetector.h" 2 | #include "anti-hook.h" 3 | typedef NTSTATUS(__stdcall* t_NtQuerySystemInformation)(IN ULONG, OUT PVOID, IN ULONG, OUT PULONG); 4 | typedef VOID(_stdcall* RtlSetProcessIsCritical) (IN BOOLEAN NewValue, OUT PBOOLEAN OldValue, IN BOOLEAN IsWinlogon); 5 | namespace sec 6 | { 7 | extern std::string getCurrentDateTime(); 8 | extern __forceinline void Logger(std::string logMsg, int Mode); 9 | extern __forceinline BOOL IsRemoteSession(void); 10 | extern __forceinline BOOL EnablePriv(LPCSTR lpszPriv); 11 | extern __forceinline void shutdown(); 12 | extern __forceinline void Session(); 13 | extern __forceinline BOOL MakeCritical(); 14 | extern __forceinline void killProcessByName(const char* filename); 15 | extern __forceinline bool IsDebuggersInstalledStart(); 16 | extern __forceinline bool IsDebuggersInstalledThread(); 17 | extern __forceinline DWORD GetProcessIdFromName(LPCTSTR szProcessName); 18 | extern __forceinline bool analysis(); 19 | extern __forceinline bool TestSign(); 20 | extern __forceinline void clown(); 21 | extern __forceinline bool start(); 22 | extern __forceinline void ErasePEHeaderFromMemory(); 23 | extern __forceinline void ST(); 24 | } 25 | -------------------------------------------------------------------------------- /Loader/main/utilities/utilities.cpp: -------------------------------------------------------------------------------- 1 | #include "utilities.hpp" 2 | #include "../encrypt-decrypt/md5.hpp" 3 | #include 4 | #include 5 | #include 6 | 7 | 8 | namespace utilities 9 | { 10 | __forceinline std::string get_random_string(size_t length) 11 | { 12 | std::string str(xorstr_("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890")); 13 | std::random_device rd; 14 | std::mt19937 generator(rd()); 15 | std::shuffle(str.begin(), str.end(), generator); 16 | return str.substr(0, length); 17 | } 18 | __forceinline void strip_string(std::string& str) 19 | { 20 | str.erase(std::remove_if(str.begin(), str.end(), [](int c) {return !(c > 32 && c < 127); }), str.end()); 21 | } 22 | 23 | __forceinline BOOL ProcessExists(const char* const processName) 24 | { 25 | HANDLE hProcessSnap; 26 | PROCESSENTRY32 pe32; 27 | hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 28 | pe32.dwSize = sizeof(PROCESSENTRY32); 29 | do { 30 | if (strcmp(pe32.szExeFile, processName) == 0) 31 | { 32 | CloseHandle(hProcessSnap); 33 | return true; 34 | } 35 | } while (Process32Next(hProcessSnap, &pe32)); 36 | 37 | CloseHandle(hProcessSnap); 38 | return false; 39 | } 40 | __forceinline std::vector split_string(const std::string& str, const std::string& delim) 41 | { 42 | std::vector tokens; 43 | size_t prev = 0, pos = 0; 44 | do 45 | { 46 | pos = str.find(delim, prev); 47 | if (pos == std::string::npos) pos = str.length(); 48 | std::string token = str.substr(prev, pos - prev); 49 | if (!token.empty()) tokens.push_back(token); 50 | prev = pos + delim.length(); 51 | 52 | } while (pos < str.length() && prev < str.length()); 53 | 54 | return tokens; 55 | } 56 | __forceinline std::string request_to_server(std::string site, std::string param) 57 | { 58 | HINTERNET hInternet = InternetOpenW(xorstr_(L""), INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0); 59 | 60 | if (hInternet == NULL) 61 | { 62 | li(MessageBoxA)(NULL, xorstr_("Cannot connect to server."), utilities::get_random_string(16).c_str(), MB_SYSTEMMODAL | MB_ICONERROR); 63 | return NULL; 64 | } 65 | else 66 | { 67 | std::wstring widestr; 68 | for (int i = 0; i < site.length(); ++i) 69 | { 70 | widestr += wchar_t(site[i]); 71 | } 72 | const wchar_t* site_name = widestr.c_str(); 73 | 74 | std::wstring widestr2; 75 | for (int i = 0; i < param.length(); ++i) 76 | { 77 | widestr2 += wchar_t(param[i]); 78 | } 79 | const wchar_t* site_param = widestr2.c_str(); 80 | 81 | HINTERNET hConnect = li(InternetConnectW)(hInternet, site_name, 80, NULL, NULL, INTERNET_SERVICE_HTTP, 0, NULL); 82 | 83 | if (hConnect == NULL) 84 | { 85 | li(MessageBoxA)(NULL, xorstr_("Error sending message to server"), utilities::get_random_string(16).c_str(), MB_SYSTEMMODAL | MB_ICONERROR); 86 | return NULL; 87 | } 88 | else 89 | { 90 | const wchar_t* parrAcceptTypes[] = { xorstr_(L"text/*"), NULL }; 91 | 92 | HINTERNET hRequest = li(HttpOpenRequestW)(hConnect, xorstr_(L"POST"), site_param, NULL, NULL, parrAcceptTypes, 0, 0); 93 | 94 | if (hRequest == NULL) 95 | { 96 | li(MessageBoxA)(NULL, xorstr_("Error sending message to server"), utilities::get_random_string(16).c_str(), MB_SYSTEMMODAL | MB_ICONERROR); 97 | return NULL; 98 | } 99 | else 100 | { 101 | BOOL bRequestSent = li(HttpSendRequestW)(hRequest, NULL, 0, NULL, 0); 102 | 103 | if (!bRequestSent) 104 | { 105 | li(MessageBoxA)(NULL, xorstr_("Error sending message to server"), utilities::get_random_string(16).c_str(), MB_SYSTEMMODAL | MB_ICONERROR); 106 | return NULL; 107 | } 108 | else 109 | { 110 | std::string strResponse; 111 | const int nBuffSize = 1024; 112 | char buff[nBuffSize]; 113 | 114 | BOOL bKeepReading = true; 115 | DWORD dwBytesRead = -1; 116 | 117 | while (bKeepReading && dwBytesRead != 0) 118 | { 119 | bKeepReading = li(InternetReadFile)(hRequest, buff, nBuffSize, &dwBytesRead); 120 | strResponse.append(buff, dwBytesRead); 121 | } 122 | return strResponse; 123 | } 124 | li(InternetCloseHandle)(hRequest); 125 | } 126 | li(InternetCloseHandle)(hConnect); 127 | } 128 | li(InternetCloseHandle)(hInternet); 129 | } 130 | } 131 | __forceinline std::string get_hwid() 132 | { 133 | std::string result = xorstr_(""); 134 | 135 | HANDLE hDevice = li(CreateFileA)(xorstr_("\\\\.\\PhysicalDrive0"), (DWORD)nullptr, FILE_SHARE_READ | FILE_SHARE_WRITE, (LPSECURITY_ATTRIBUTES)nullptr, OPEN_EXISTING, (DWORD)nullptr, (HANDLE)nullptr); 136 | 137 | if (hDevice == INVALID_HANDLE_VALUE) return result; 138 | 139 | STORAGE_PROPERTY_QUERY storagePropertyQuery; 140 | ZeroMemory(&storagePropertyQuery, sizeof(STORAGE_PROPERTY_QUERY)); 141 | storagePropertyQuery.PropertyId = StorageDeviceProperty; 142 | storagePropertyQuery.QueryType = PropertyStandardQuery; 143 | 144 | STORAGE_DESCRIPTOR_HEADER storageDescriptorHeader = { 0 }; 145 | DWORD dwBytesReturned = 0; 146 | 147 | li(DeviceIoControl) 148 | ( 149 | hDevice, 150 | IOCTL_STORAGE_QUERY_PROPERTY, 151 | &storagePropertyQuery, 152 | sizeof(STORAGE_PROPERTY_QUERY), 153 | &storageDescriptorHeader, 154 | sizeof(STORAGE_DESCRIPTOR_HEADER), 155 | &dwBytesReturned, 156 | nullptr 157 | ); 158 | 159 | const DWORD dwOutBufferSize = storageDescriptorHeader.Size; 160 | BYTE* pOutBuffer = new BYTE[dwOutBufferSize]; 161 | ZeroMemory(pOutBuffer, dwOutBufferSize); 162 | 163 | li(DeviceIoControl) 164 | ( 165 | hDevice, 166 | IOCTL_STORAGE_QUERY_PROPERTY, 167 | &storagePropertyQuery, 168 | sizeof(STORAGE_PROPERTY_QUERY), 169 | pOutBuffer, 170 | dwOutBufferSize, 171 | &dwBytesReturned, 172 | nullptr 173 | ); 174 | 175 | STORAGE_DEVICE_DESCRIPTOR* pDeviceDescriptor = (STORAGE_DEVICE_DESCRIPTOR*)pOutBuffer; 176 | 177 | if (pDeviceDescriptor->SerialNumberOffset) 178 | { 179 | result += std::string((char*)(pOutBuffer + pDeviceDescriptor->SerialNumberOffset)); 180 | } 181 | 182 | if (pDeviceDescriptor->ProductRevisionOffset) 183 | { 184 | result += std::string((char*)(pOutBuffer + pDeviceDescriptor->ProductRevisionOffset)); 185 | } 186 | 187 | if (pDeviceDescriptor->ProductIdOffset) 188 | { 189 | result += std::string((char*)(pOutBuffer + pDeviceDescriptor->ProductIdOffset)); 190 | } 191 | 192 | uint32_t regs[4]; 193 | __cpuid((int*)regs, 0); 194 | 195 | std::string vendor; 196 | 197 | vendor += std::string((char*)®s[1], 4); 198 | vendor += std::string((char*)®s[3], 4); 199 | vendor += std::string((char*)®s[2], 4); 200 | 201 | result += std::string(vendor); 202 | 203 | strip_string(result); 204 | 205 | delete[] pOutBuffer; 206 | li(CloseHandle)(hDevice); 207 | 208 | result = md5::create_from_string(result); 209 | 210 | return result; 211 | } 212 | 213 | __forceinline std::string MAC() 214 | { 215 | PIP_ADAPTER_INFO AdapterInfo; 216 | DWORD dwBufLen = sizeof(IP_ADAPTER_INFO); 217 | char* mac_addr = (char*)malloc(18); 218 | 219 | AdapterInfo = (IP_ADAPTER_INFO*)malloc(sizeof(IP_ADAPTER_INFO)); 220 | if (AdapterInfo == NULL) 221 | { 222 | printf("Error allocating memory needed to call GetAdaptersinfo\n"); 223 | free(mac_addr); 224 | return NULL; // it is safe to call free(NULL) 225 | } 226 | 227 | // Make an initial call to GetAdaptersInfo to get the necessary size into the dwBufLen variable 228 | if (GetAdaptersInfo(AdapterInfo, &dwBufLen) == ERROR_BUFFER_OVERFLOW) 229 | { 230 | free(AdapterInfo); 231 | AdapterInfo = (IP_ADAPTER_INFO*)malloc(dwBufLen); 232 | if (AdapterInfo == NULL) { 233 | printf("Error allocating memory needed to call GetAdaptersinfo\n"); 234 | free(mac_addr); 235 | return NULL; 236 | } 237 | } 238 | 239 | if (GetAdaptersInfo(AdapterInfo, &dwBufLen) == NO_ERROR) 240 | { 241 | // Contains pointer to current adapter info 242 | PIP_ADAPTER_INFO pAdapterInfo = AdapterInfo; 243 | do { 244 | // technically should look at pAdapterInfo->AddressLength 245 | // and not assume it is 6. 246 | sprintf(mac_addr, "%02X:%02X:%02X:%02X:%02X:%02X", 247 | pAdapterInfo->Address[0], pAdapterInfo->Address[1], 248 | pAdapterInfo->Address[2], pAdapterInfo->Address[3], 249 | pAdapterInfo->Address[4], pAdapterInfo->Address[5]); 250 | printf("Address: %s, mac: %s\n", pAdapterInfo->IpAddressList.IpAddress.String, mac_addr); 251 | // print them all, return the last one. 252 | // return mac_addr; 253 | 254 | printf("\n"); 255 | pAdapterInfo = pAdapterInfo->Next; 256 | } while (pAdapterInfo); 257 | } 258 | free(AdapterInfo); 259 | return md5::create_from_string(mac_addr); // caller must free. 260 | } 261 | } 262 | -------------------------------------------------------------------------------- /Loader/main/utilities/utilities.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | #include "lazy_importer.hpp" 10 | #pragma comment(lib, "WinINet.lib") 11 | 12 | 13 | namespace utilities 14 | { 15 | extern __forceinline std::string get_random_string(size_t length); 16 | extern __forceinline void strip_string(std::string& str); 17 | extern __forceinline BOOL ProcessExists(const char* const processName); 18 | extern __forceinline std::vector split_string(const std::string& str, const std::string& delim); 19 | extern __forceinline std::string request_to_server(std::string site, std::string param); 20 | extern __forceinline std::string get_hwid(); 21 | extern __forceinline std::string MAC(); 22 | template 23 | T get_export(const std::string& dll_name, const std::string& function_name) 24 | { 25 | return (T)(li(GetProcAddress)(li(GetModuleHandleA)(dll_name.c_str()), function_name.c_str())); 26 | } 27 | } -------------------------------------------------------------------------------- /Loader/main/utilities/xorstr.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 - 2020 Justas Masiulis 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef JM_XORSTR_HPP 18 | #define JM_XORSTR_HPP 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | 25 | #define xorstr(str) \ 26 | ::jm::make_xorstr( \ 27 | []() { return str; }, \ 28 | std::make_index_sequence{}, \ 29 | std::make_index_sequence<::jm::detail::_buffer_size()>{}) 30 | #define xorstr_(str) xorstr(str).crypt_get() 31 | 32 | #ifdef _MSC_VER 33 | #define XORSTR_FORCEINLINE __forceinline 34 | #else 35 | #define XORSTR_FORCEINLINE __attribute__((always_inline)) inline 36 | #endif 37 | 38 | namespace jm { 39 | 40 | namespace detail { 41 | 42 | template 43 | struct unsigned_; 44 | 45 | template<> 46 | struct unsigned_<1> { 47 | using type = std::uint8_t; 48 | }; 49 | template<> 50 | struct unsigned_<2> { 51 | using type = std::uint16_t; 52 | }; 53 | template<> 54 | struct unsigned_<4> { 55 | using type = std::uint32_t; 56 | }; 57 | 58 | template 59 | struct pack_value_type { 60 | using type = decltype(C); 61 | }; 62 | 63 | template 64 | XORSTR_FORCEINLINE constexpr std::size_t _buffer_size() 65 | { 66 | return ((Size / 16) + (Size % 16 != 0)) * 2; 67 | } 68 | 69 | template 70 | struct tstring_ { 71 | using value_type = typename pack_value_type::type; 72 | constexpr static std::size_t size = sizeof...(Cs); 73 | constexpr static value_type str[size] = { Cs... }; 74 | 75 | constexpr static std::size_t buffer_size = _buffer_size(); 76 | constexpr static std::size_t buffer_align = 77 | #ifndef JM_XORSTR_DISABLE_AVX_INTRINSICS 78 | ((sizeof(str) > 16) ? 32 : 16); 79 | #else 80 | 16; 81 | #endif 82 | }; 83 | 84 | template 85 | struct _ki { 86 | constexpr static std::size_t idx = I; 87 | constexpr static std::uint64_t key = K; 88 | }; 89 | 90 | template 91 | XORSTR_FORCEINLINE constexpr std::uint32_t key4() noexcept 92 | { 93 | std::uint32_t value = Seed; 94 | for(char c : __TIME__) 95 | value = static_cast((value ^ c) * 77378678ull); 96 | return value; 97 | } 98 | 99 | template 100 | XORSTR_FORCEINLINE constexpr std::uint64_t key8() 101 | { 102 | constexpr auto first_part = key4<3458235553 + S>(); 103 | constexpr auto second_part = key4(); 104 | return (static_cast(first_part) << 32) | second_part; 105 | } 106 | 107 | // loads up to 8 characters of string into uint64 and xors it with the key 108 | template 109 | XORSTR_FORCEINLINE constexpr std::uint64_t 110 | load_xored_str8(std::uint64_t key, std::size_t idx) noexcept 111 | { 112 | using cast_type = typename unsigned_::type; 113 | constexpr auto value_size = sizeof(typename T::value_type); 114 | constexpr auto idx_offset = 8 / value_size; 115 | 116 | std::uint64_t value = key; 117 | for(std::size_t i = 0; i < idx_offset && i + idx * idx_offset < T::size; ++i) 118 | value ^= 119 | (std::uint64_t{ static_cast(T::str[i + idx * idx_offset]) } 120 | << ((i % idx_offset) * 8 * value_size)); 121 | 122 | return value; 123 | } 124 | 125 | // forces compiler to use registers instead of stuffing constants in rdata 126 | XORSTR_FORCEINLINE std::uint64_t load_from_reg(std::uint64_t value) noexcept 127 | { 128 | #if defined(__clang__) || defined(__GNUC__) 129 | asm("" : "=r"(value) : "0"(value) :); 130 | #endif 131 | return value; 132 | } 133 | 134 | XORSTR_FORCEINLINE void xor128(std::uint64_t* value, 135 | const std::uint64_t* key) noexcept 136 | { 137 | _mm_store_si128( 138 | reinterpret_cast<__m128i*>(value), 139 | _mm_xor_si128(_mm_load_si128(reinterpret_cast(value)), 140 | _mm_load_si128(reinterpret_cast(key)))); 141 | } 142 | 143 | XORSTR_FORCEINLINE void xor256(std::uint64_t* value, 144 | const std::uint64_t* key) noexcept 145 | { 146 | _mm256_store_si256( 147 | reinterpret_cast<__m256i*>(value), 148 | _mm256_xor_si256( 149 | _mm256_load_si256(reinterpret_cast(value)), 150 | _mm256_load_si256(reinterpret_cast(key)))); 151 | } 152 | 153 | template 154 | struct uint64_v { 155 | constexpr static std::uint64_t value = V; 156 | }; 157 | 158 | } // namespace detail 159 | 160 | template 161 | class xor_string { 162 | alignas(T::buffer_align) std::uint64_t _storage[T::buffer_size]; 163 | 164 | template 165 | XORSTR_FORCEINLINE void _crypt_256(const std::uint64_t* keys, 166 | std::index_sequence) noexcept 167 | { 168 | (detail::xor256(_storage + Idxs * 4, keys + Idxs * 4), ...); 169 | } 170 | 171 | template 172 | XORSTR_FORCEINLINE void _crypt_128(const std::uint64_t* keys, 173 | std::index_sequence) noexcept 174 | { 175 | (detail::xor128(_storage + Idxs * 2, keys + Idxs * 2), ...); 176 | } 177 | 178 | public: 179 | using value_type = typename T::value_type; 180 | using size_type = std::size_t; 181 | using pointer = value_type*; 182 | using const_pointer = const value_type*; 183 | 184 | XORSTR_FORCEINLINE xor_string() noexcept 185 | : _storage{ detail::load_from_reg(detail::uint64_v( 186 | Keys::key, Keys::idx)>::value)... } 187 | {} 188 | 189 | XORSTR_FORCEINLINE constexpr size_type size() const noexcept 190 | { 191 | return T::size - 1; 192 | } 193 | 194 | XORSTR_FORCEINLINE void crypt() noexcept 195 | { 196 | #if defined(__clang__) 197 | alignas(T::buffer_align) 198 | std::uint64_t arr[sizeof...(Keys)]{ detail::load_from_reg(Keys::key)... }; 199 | std::uint64_t* keys = 200 | (std::uint64_t*)detail::load_from_reg((std::uint64_t)arr); 201 | #else 202 | alignas(T::buffer_align) std::uint64_t keys[sizeof...(Keys)]{ 203 | detail::load_from_reg(Keys::key)... 204 | }; 205 | #endif 206 | 207 | #ifndef JM_XORSTR_DISABLE_AVX_INTRINSICS 208 | _crypt_256(keys, std::make_index_sequence{}); 209 | if constexpr(T::buffer_size % 4 != 0) 210 | _crypt_128(keys, std::index_sequence{}); 211 | #else 212 | _crypt_128(keys, std::make_index_sequence{}); 213 | #endif 214 | } 215 | 216 | XORSTR_FORCEINLINE const_pointer get() const noexcept 217 | { 218 | return reinterpret_cast(_storage); 219 | } 220 | 221 | XORSTR_FORCEINLINE pointer get() noexcept 222 | { 223 | return reinterpret_cast(_storage); 224 | } 225 | 226 | XORSTR_FORCEINLINE pointer crypt_get() noexcept 227 | { 228 | crypt(); 229 | return (pointer)(_storage); 230 | } 231 | }; 232 | 233 | template 234 | XORSTR_FORCEINLINE constexpr auto 235 | make_xorstr(Tstr str_lambda, 236 | std::index_sequence, 237 | std::index_sequence) noexcept 238 | { 239 | return xor_string, 240 | detail::_ki()>...>{}; 241 | } 242 | 243 | } // namespace jm 244 | 245 | #endif // include guard 246 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # steepcheat 2 | ROOT AKA BEZNOGIY :( 3 | SAKURA#9224 4 | -------------------------------------------------------------------------------- /Steepcheat_xenforo/AES/AES.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include "Libs\CryptoPP/aes.h" 3 | #include "Libs\CryptoPP/modes.h" 4 | #include "Libs\CryptoPP/base64.h" 5 | //#include "..\utilities\lazy_importer.hpp" 6 | #pragma comment(lib, "cryptlib.lib") 7 | 8 | namespace aes 9 | { 10 | __forceinline std::string encrypt(const std::string& str, const std::string& cipher_key, const std::string& iv_key) 11 | { 12 | std::string str_out; 13 | 14 | CryptoPP::CFB_Mode::Encryption encryption((BYTE*)cipher_key.c_str(), cipher_key.length(), (BYTE*)iv_key.c_str()); 15 | 16 | CryptoPP::StringSource encryptor(str, true, 17 | new CryptoPP::StreamTransformationFilter(encryption, 18 | new CryptoPP::Base64Encoder( 19 | new CryptoPP::StringSink(str_out), 20 | false 21 | ) 22 | ) 23 | ); 24 | return str_out; 25 | } 26 | 27 | __forceinline std::string decrypt(const std::string& str, const std::string& cipher_key, const std::string& iv_key) 28 | { 29 | std::string str_out; 30 | 31 | CryptoPP::CFB_Mode::Decryption decryption((BYTE*)cipher_key.c_str(), cipher_key.length(), (BYTE*)iv_key.c_str()); 32 | 33 | CryptoPP::StringSource decryptor(str, true, 34 | new CryptoPP::Base64Decoder( 35 | new CryptoPP::StreamTransformationFilter(decryption, 36 | new CryptoPP::StringSink(str_out) 37 | ) 38 | ) 39 | ); 40 | return str_out; 41 | } 42 | } -------------------------------------------------------------------------------- /Steepcheat_xenforo/AES/md5.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | #define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) 5 | #define G(x, y, z) ((y) ^ ((z) & ((x) ^ (y)))) 6 | #define H(x, y, z) ((x) ^ (y) ^ (z)) 7 | #define I(x, y, z) ((y) ^ ((x) | ~(z))) 8 | #define STEP(f, a, b, c, d, x, t, s) \ 9 | (a) += f((b), (c), (d)) + (x) + (t); \ 10 | (a) = (((a) << (s)) | (((a) & 0xffffffff) >> (32 - (s)))); \ 11 | (a) += (b); 12 | 13 | #if defined(__i386__) || defined(__x86_64__) || defined(__vax__) 14 | #define SET(n) \ 15 | (*(MD5_u32 *)&ptr[(n) * 4]) 16 | #define GET(n) \ 17 | SET(n) 18 | #else 19 | #define SET(n) \ 20 | (ctx->block[(n)] = \ 21 | (MD5_u32)ptr[(n) * 4] | \ 22 | ((MD5_u32)ptr[(n) * 4 + 1] << 8) | \ 23 | ((MD5_u32)ptr[(n) * 4 + 2] << 16) | \ 24 | ((MD5_u32)ptr[(n) * 4 + 3] << 24)) 25 | #define GET(n) \ 26 | (ctx->block[(n)]) 27 | #endif 28 | 29 | typedef unsigned int MD5_u32; 30 | 31 | typedef struct { 32 | MD5_u32 lo, hi; 33 | MD5_u32 a, b, c, d; 34 | unsigned char buffer[64]; 35 | MD5_u32 block[16]; 36 | } MD5_CTX; 37 | 38 | namespace md5 39 | { 40 | static void MD5_Init(MD5_CTX* ctx); 41 | static void MD5_Update(MD5_CTX* ctx, const void* data, unsigned long size); 42 | static void MD5_Final(unsigned char* result, MD5_CTX* ctx); 43 | 44 | static const void* body(MD5_CTX* ctx, const void* data, unsigned long size) { 45 | const unsigned char* ptr; 46 | MD5_u32 a, b, c, d; 47 | MD5_u32 saved_a, saved_b, saved_c, saved_d; 48 | 49 | ptr = (const unsigned char*)data; 50 | 51 | a = ctx->a; 52 | b = ctx->b; 53 | c = ctx->c; 54 | d = ctx->d; 55 | 56 | do { 57 | saved_a = a; 58 | saved_b = b; 59 | saved_c = c; 60 | saved_d = d; 61 | 62 | STEP(F, a, b, c, d, SET(0), 0xd76aa478, 7) 63 | STEP(F, d, a, b, c, SET(1), 0xe8c7b756, 12) 64 | STEP(F, c, d, a, b, SET(2), 0x242070db, 17) 65 | STEP(F, b, c, d, a, SET(3), 0xc1bdceee, 22) 66 | STEP(F, a, b, c, d, SET(4), 0xf57c0faf, 7) 67 | STEP(F, d, a, b, c, SET(5), 0x4787c62a, 12) 68 | STEP(F, c, d, a, b, SET(6), 0xa8304613, 17) 69 | STEP(F, b, c, d, a, SET(7), 0xfd469501, 22) 70 | STEP(F, a, b, c, d, SET(8), 0x698098d8, 7) 71 | STEP(F, d, a, b, c, SET(9), 0x8b44f7af, 12) 72 | STEP(F, c, d, a, b, SET(10), 0xffff5bb1, 17) 73 | STEP(F, b, c, d, a, SET(11), 0x895cd7be, 22) 74 | STEP(F, a, b, c, d, SET(12), 0x6b901122, 7) 75 | STEP(F, d, a, b, c, SET(13), 0xfd987193, 12) 76 | STEP(F, c, d, a, b, SET(14), 0xa679438e, 17) 77 | STEP(F, b, c, d, a, SET(15), 0x49b40821, 22) 78 | STEP(G, a, b, c, d, GET(1), 0xf61e2562, 5) 79 | STEP(G, d, a, b, c, GET(6), 0xc040b340, 9) 80 | STEP(G, c, d, a, b, GET(11), 0x265e5a51, 14) 81 | STEP(G, b, c, d, a, GET(0), 0xe9b6c7aa, 20) 82 | STEP(G, a, b, c, d, GET(5), 0xd62f105d, 5) 83 | STEP(G, d, a, b, c, GET(10), 0x02441453, 9) 84 | STEP(G, c, d, a, b, GET(15), 0xd8a1e681, 14) 85 | STEP(G, b, c, d, a, GET(4), 0xe7d3fbc8, 20) 86 | STEP(G, a, b, c, d, GET(9), 0x21e1cde6, 5) 87 | STEP(G, d, a, b, c, GET(14), 0xc33707d6, 9) 88 | STEP(G, c, d, a, b, GET(3), 0xf4d50d87, 14) 89 | STEP(G, b, c, d, a, GET(8), 0x455a14ed, 20) 90 | STEP(G, a, b, c, d, GET(13), 0xa9e3e905, 5) 91 | STEP(G, d, a, b, c, GET(2), 0xfcefa3f8, 9) 92 | STEP(G, c, d, a, b, GET(7), 0x676f02d9, 14) 93 | STEP(G, b, c, d, a, GET(12), 0x8d2a4c8a, 20) 94 | STEP(H, a, b, c, d, GET(5), 0xfffa3942, 4) 95 | STEP(H, d, a, b, c, GET(8), 0x8771f681, 11) 96 | STEP(H, c, d, a, b, GET(11), 0x6d9d6122, 16) 97 | STEP(H, b, c, d, a, GET(14), 0xfde5380c, 23) 98 | STEP(H, a, b, c, d, GET(1), 0xa4beea44, 4) 99 | STEP(H, d, a, b, c, GET(4), 0x4bdecfa9, 11) 100 | STEP(H, c, d, a, b, GET(7), 0xf6bb4b60, 16) 101 | STEP(H, b, c, d, a, GET(10), 0xbebfbc70, 23) 102 | STEP(H, a, b, c, d, GET(13), 0x289b7ec6, 4) 103 | STEP(H, d, a, b, c, GET(0), 0xeaa127fa, 11) 104 | STEP(H, c, d, a, b, GET(3), 0xd4ef3085, 16) 105 | STEP(H, b, c, d, a, GET(6), 0x04881d05, 23) 106 | STEP(H, a, b, c, d, GET(9), 0xd9d4d039, 4) 107 | STEP(H, d, a, b, c, GET(12), 0xe6db99e5, 11) 108 | STEP(H, c, d, a, b, GET(15), 0x1fa27cf8, 16) 109 | STEP(H, b, c, d, a, GET(2), 0xc4ac5665, 23) 110 | STEP(I, a, b, c, d, GET(0), 0xf4292244, 6) 111 | STEP(I, d, a, b, c, GET(7), 0x432aff97, 10) 112 | STEP(I, c, d, a, b, GET(14), 0xab9423a7, 15) 113 | STEP(I, b, c, d, a, GET(5), 0xfc93a039, 21) 114 | STEP(I, a, b, c, d, GET(12), 0x655b59c3, 6) 115 | STEP(I, d, a, b, c, GET(3), 0x8f0ccc92, 10) 116 | STEP(I, c, d, a, b, GET(10), 0xffeff47d, 15) 117 | STEP(I, b, c, d, a, GET(1), 0x85845dd1, 21) 118 | STEP(I, a, b, c, d, GET(8), 0x6fa87e4f, 6) 119 | STEP(I, d, a, b, c, GET(15), 0xfe2ce6e0, 10) 120 | STEP(I, c, d, a, b, GET(6), 0xa3014314, 15) 121 | STEP(I, b, c, d, a, GET(13), 0x4e0811a1, 21) 122 | STEP(I, a, b, c, d, GET(4), 0xf7537e82, 6) 123 | STEP(I, d, a, b, c, GET(11), 0xbd3af235, 10) 124 | STEP(I, c, d, a, b, GET(2), 0x2ad7d2bb, 15) 125 | STEP(I, b, c, d, a, GET(9), 0xeb86d391, 21) 126 | 127 | a += saved_a; 128 | b += saved_b; 129 | c += saved_c; 130 | d += saved_d; 131 | 132 | ptr += 64; 133 | } while (size -= 64); 134 | 135 | ctx->a = a; 136 | ctx->b = b; 137 | ctx->c = c; 138 | ctx->d = d; 139 | 140 | return ptr; 141 | } 142 | 143 | void MD5_Init(MD5_CTX* ctx) { 144 | ctx->a = 0x67452301; 145 | ctx->b = 0xefcdab89; 146 | ctx->c = 0x98badcfe; 147 | ctx->d = 0x10325476; 148 | 149 | ctx->lo = 0; 150 | ctx->hi = 0; 151 | } 152 | 153 | void MD5_Update(MD5_CTX* ctx, const void* data, unsigned long size) { 154 | MD5_u32 saved_lo; 155 | unsigned long used, free; 156 | 157 | saved_lo = ctx->lo; 158 | if ((ctx->lo = (saved_lo + size) & 0x1fffffff) < saved_lo) 159 | ctx->hi++; 160 | ctx->hi += size >> 29; 161 | used = saved_lo & 0x3f; 162 | 163 | if (used) { 164 | free = 64 - used; 165 | if (size < free) { 166 | memcpy(&ctx->buffer[used], data, size); 167 | return; 168 | } 169 | 170 | memcpy(&ctx->buffer[used], data, free); 171 | data = (unsigned char*)data + free; 172 | size -= free; 173 | body(ctx, ctx->buffer, 64); 174 | } 175 | 176 | if (size >= 64) { 177 | data = body(ctx, data, size & ~(unsigned long)0x3f); 178 | size &= 0x3f; 179 | } 180 | 181 | memcpy(ctx->buffer, data, size); 182 | } 183 | 184 | void MD5_Final(unsigned char* result, MD5_CTX* ctx) { 185 | unsigned long used, free; 186 | used = ctx->lo & 0x3f; 187 | ctx->buffer[used++] = 0x80; 188 | free = 64 - used; 189 | 190 | if (free < 8) { 191 | memset(&ctx->buffer[used], 0, free); 192 | body(ctx, ctx->buffer, 64); 193 | used = 0; 194 | free = 64; 195 | } 196 | 197 | memset(&ctx->buffer[used], 0, free - 8); 198 | 199 | ctx->lo <<= 3; 200 | ctx->buffer[56] = ctx->lo; 201 | ctx->buffer[57] = ctx->lo >> 8; 202 | ctx->buffer[58] = ctx->lo >> 16; 203 | ctx->buffer[59] = ctx->lo >> 24; 204 | ctx->buffer[60] = ctx->hi; 205 | ctx->buffer[61] = ctx->hi >> 8; 206 | ctx->buffer[62] = ctx->hi >> 16; 207 | ctx->buffer[63] = ctx->hi >> 24; 208 | body(ctx, ctx->buffer, 64); 209 | result[0] = ctx->a; 210 | result[1] = ctx->a >> 8; 211 | result[2] = ctx->a >> 16; 212 | result[3] = ctx->a >> 24; 213 | result[4] = ctx->b; 214 | result[5] = ctx->b >> 8; 215 | result[6] = ctx->b >> 16; 216 | result[7] = ctx->b >> 24; 217 | result[8] = ctx->c; 218 | result[9] = ctx->c >> 8; 219 | result[10] = ctx->c >> 16; 220 | result[11] = ctx->c >> 24; 221 | result[12] = ctx->d; 222 | result[13] = ctx->d >> 8; 223 | result[14] = ctx->d >> 16; 224 | result[15] = ctx->d >> 24; 225 | memset(ctx, 0, sizeof(*ctx)); 226 | } 227 | 228 | /* Return Calculated raw result(always little-endian), the size is always 16 */ 229 | void md5bin(const void* dat, size_t len, unsigned char out[16]) 230 | { 231 | MD5_CTX c; 232 | MD5_Init(&c); 233 | MD5_Update(&c, dat, len); 234 | MD5_Final(out, &c); 235 | } 236 | 237 | static char hb2hex(unsigned char hb) { 238 | hb = hb & 0xF; 239 | return hb < 10 ? '0' + hb : hb - 10 + 'a'; 240 | } 241 | 242 | std::string create_from_raw(const void* dat, size_t len) 243 | { 244 | std::string res; 245 | unsigned char out[16]; 246 | 247 | md5bin(dat, len, out); 248 | 249 | for (size_t i = 0; i < 16; ++i) 250 | { 251 | res.push_back(hb2hex(out[i] >> 4)); 252 | res.push_back(hb2hex(out[i])); 253 | } 254 | 255 | return res; 256 | } 257 | 258 | std::string create_from_string(std::string dat) 259 | { 260 | return create_from_raw(dat.c_str(), dat.length()); 261 | } 262 | } -------------------------------------------------------------------------------- /Steepcheat_xenforo/ImGui/imconfig.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // USER IMPLEMENTATION 3 | // This file contains compile-time options for ImGui. 4 | // Other options (memory allocation overrides, callbacks, etc.) can be set at runtime via the ImGuiIO structure - ImGui::GetIO(). 5 | //----------------------------------------------------------------------------- 6 | 7 | #pragma once 8 | 9 | //---- Define assertion handler. Defaults to calling assert(). 10 | //#define IM_ASSERT(_EXPR) MyAssert(_EXPR) 11 | 12 | //---- Define attributes of all API symbols declarations, e.g. for DLL under Windows. 13 | //#define IMGUI_API __declspec( dllexport ) 14 | //#define IMGUI_API __declspec( dllimport ) 15 | 16 | //---- Include imgui_user.h at the end of imgui.h/#define IMGUI_INCLUDE_IMGUI_USER_H 17 | 18 | //---- Don't implement default handlers for Windows (so as not to link with OpenClipboard() and others Win32 functions) 19 | //#define IMGUI_DISABLE_WIN32_DEFAULT_CLIPBOARD_FUNCS 20 | //#define IMGUI_DISABLE_WIN32_DEFAULT_IME_FUNCS 21 | 22 | //---- Don't implement test window functionality (ShowTestWindow()/ShowStyleEditor()/ShowUserGuide() methods will be empty) 23 | //---- It is very strongly recommended to NOT disable the test windows. Please read the comment at the top of imgui_demo.cpp to learn why. 24 | //#define IMGUI_DISABLE_TEST_WINDOWS 25 | 26 | //---- Don't define obsolete functions names 27 | //#define IMGUI_DISABLE_OBSOLETE_FUNCTIONS 28 | 29 | //---- Pack colors to BGRA instead of RGBA (remove need to post process vertex buffer in back ends) 30 | //#define IMGUI_USE_BGRA_PACKED_COLOR 31 | 32 | //---- Implement STB libraries in a namespace to avoid conflicts 33 | //#define IMGUI_STB_NAMESPACE ImGuiStb 34 | 35 | //---- Define constructor and implicit cast operators to convert back<>forth from your math types and ImVec2/ImVec4. 36 | /* 37 | #define IM_VEC2_CLASS_EXTRA \ 38 | ImVec2(const MyVec2& f) { x = f.x; y = f.y; } \ 39 | operator MyVec2() const { return MyVec2(x,y); } 40 | 41 | #define IM_VEC4_CLASS_EXTRA \ 42 | ImVec4(const MyVec4& f) { x = f.x; y = f.y; z = f.z; w = f.w; } \ 43 | operator MyVec4() const { return MyVec4(x,y,z,w); } 44 | */ 45 | 46 | //---- Use 32-bit vertex indices (instead of default: 16-bit) to allow meshes with more than 64K vertices 47 | //#define ImDrawIdx unsigned int 48 | 49 | //---- Tip: You can add extra functions within the ImGui:: namespace, here or in your own headers files. 50 | //---- e.g. create variants of the ImGui::Value() helper for your low-level math types, or your own widgets/helpers. 51 | /* 52 | namespace ImGui 53 | { 54 | void Value(const char* prefix, const MyMatrix44& v, const char* float_format = NULL); 55 | } 56 | */ 57 | 58 | -------------------------------------------------------------------------------- /Steepcheat_xenforo/ImGui/imgui_impl_dx9.h: -------------------------------------------------------------------------------- 1 | // ImGui Win32 + DirectX9 binding 2 | // In this binding, ImTextureID is used to store a 'LPDIRECT3DTEXTURE9' texture identifier. Read the FAQ about ImTextureID in imgui.cpp. 3 | 4 | // You can copy and use unmodified imgui_impl_* files in your project. See main.cpp for an example of using this. 5 | // If you use this binding you'll need to call 4 functions: ImGui_ImplXXXX_Init(), ImGui_ImplXXXX_NewFrame(), ImGui::Render() and ImGui_ImplXXXX_Shutdown(). 6 | // If you are new to ImGui, see examples/README.txt and documentation at the top of imgui.cpp. 7 | // https://github.com/ocornut/imgui 8 | 9 | struct IDirect3DDevice9; 10 | 11 | IMGUI_API bool ImGui_ImplDX9_Init(void* hwnd, IDirect3DDevice9* device); 12 | IMGUI_API void ImGui_ImplDX9_Shutdown(); 13 | IMGUI_API void ImGui_ImplDX9_NewFrame(); 14 | 15 | // Use if you want to reset your rendering device without losing ImGui state. 16 | IMGUI_API void ImGui_ImplDX9_InvalidateDeviceObjects(); 17 | IMGUI_API bool ImGui_ImplDX9_CreateDeviceObjects(); 18 | 19 | // Handler for Win32 messages, update mouse/keyboard data. 20 | // You may or not need this for your implementation, but it can serve as reference for handling inputs. 21 | // Commented out to avoid dragging dependencies on types. You can copy the extern declaration in your code. 22 | /* 23 | IMGUI_API LRESULT ImGui_ImplDX9_WndProcHandler(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam); 24 | */ 25 | -------------------------------------------------------------------------------- /Steepcheat_xenforo/Steepcheat_xenforo.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {372229eb-8b0b-4b33-9184-d36ad4e43e7f} 10 | 11 | 12 | {b8dfb693-4603-461c-8bcf-6c181f55fc12} 13 | 14 | 15 | {9001c740-a07e-41b8-a6f1-2935f55f0f9f} 16 | 17 | 18 | {2db768dd-3bce-4e02-9f45-196bb4f0853f} 19 | 20 | 21 | 22 | 23 | Main 24 | 25 | 26 | Main\WebRequest 27 | 28 | 29 | Main\ImGui 30 | 31 | 32 | Main\ImGui 33 | 34 | 35 | Main\ImGui 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | Main\AES 44 | 45 | 46 | Main\WebRequest 47 | 48 | 49 | Main 50 | 51 | 52 | Main\Utilities 53 | 54 | 55 | Main 56 | 57 | 58 | Main\ImGui 59 | 60 | 61 | Main\ImGui 62 | 63 | 64 | Main\ImGui 65 | 66 | 67 | Main\ImGui 68 | 69 | 70 | Main\ImGui 71 | 72 | 73 | Main\ImGui 74 | 75 | 76 | Main\ImGui 77 | 78 | 79 | Main\AES 80 | 81 | 82 | Main\Utilities 83 | 84 | 85 | Main 86 | 87 | 88 | -------------------------------------------------------------------------------- /Steepcheat_xenforo/Steepcheat_xenforo.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /Steepcheat_xenforo/Utilities/Utilities.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #define VC_EXTRALEAN 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | namespace Utilities 12 | { 13 | 14 | __forceinline std::string Get_random_string(size_t length) 15 | { 16 | std::string str(_("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890")); 17 | std::random_device rd; 18 | std::mt19937 generator(rd()); 19 | std::shuffle(str.begin(), str.end(), generator); 20 | return str.substr(0, length); 21 | } 22 | 23 | __forceinline std::string request_to_server(std::string site, std::string param) 24 | { 25 | HINTERNET hInternet = InternetOpenW(_(L""), INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0); 26 | 27 | if (hInternet == NULL) 28 | { 29 | //li(MessageBoxA)(NULL, _("Cannot connect to server."), utilities::get_random_string(16).c_str(), MB_SYSTEMMODAL | MB_ICONERROR); 30 | return NULL; 31 | } 32 | else 33 | { 34 | std::wstring widestr; 35 | for (int i = 0; i < site.length(); ++i) 36 | { 37 | widestr += wchar_t(site[i]); 38 | } 39 | const wchar_t* site_name = widestr.c_str(); 40 | 41 | std::wstring widestr2; 42 | for (int i = 0; i < param.length(); ++i) 43 | { 44 | widestr2 += wchar_t(param[i]); 45 | } 46 | const wchar_t* site_param = widestr2.c_str(); 47 | 48 | HINTERNET hConnect = InternetConnectW(hInternet, site_name, 80, NULL, NULL, INTERNET_SERVICE_HTTP, 0, NULL); 49 | 50 | if (hConnect == NULL) 51 | { 52 | MessageBoxA(NULL, _("Error sending message to server"), Utilities::Get_random_string(16).c_str(), MB_SYSTEMMODAL | MB_ICONERROR); 53 | return NULL; 54 | } 55 | else 56 | { 57 | const wchar_t* parrAcceptTypes[] = { _(L"text/*"), NULL }; 58 | 59 | HINTERNET hRequest = HttpOpenRequestW(hConnect, _(L"POST"), site_param, NULL, NULL, parrAcceptTypes, 0, 0); 60 | 61 | if (hRequest == NULL) 62 | { 63 | (MessageBoxA)(NULL, _("Error sending message to server"), Utilities::Get_random_string(16).c_str(), MB_SYSTEMMODAL | MB_ICONERROR); 64 | return NULL; 65 | } 66 | else 67 | { 68 | BOOL bRequestSent = (HttpSendRequestW)(hRequest, NULL, 0, NULL, 0); 69 | 70 | if (!bRequestSent) 71 | { 72 | (MessageBoxA)(NULL, _("Error sending message to server"), Utilities::Get_random_string(16).c_str(), MB_SYSTEMMODAL | MB_ICONERROR); 73 | return NULL; 74 | } 75 | else 76 | { 77 | std::string strResponse; 78 | const int nBuffSize = 1024; 79 | char buff[nBuffSize]; 80 | 81 | BOOL bKeepReading = true; 82 | DWORD dwBytesRead = -1; 83 | 84 | while (bKeepReading && dwBytesRead != 0) 85 | { 86 | bKeepReading = (InternetReadFile)(hRequest, buff, nBuffSize, &dwBytesRead); 87 | strResponse.append(buff, dwBytesRead); 88 | } 89 | return strResponse; 90 | } 91 | (InternetCloseHandle)(hRequest); 92 | } 93 | (InternetCloseHandle)(hConnect); 94 | } 95 | (InternetCloseHandle)(hInternet); 96 | } 97 | } 98 | 99 | const char* cryptKey(char str[], int KEY) 100 | { 101 | for (int i = 0; i < strlen(str); i++) 102 | str[i] += KEY; 103 | const char* ret = str; 104 | return str; 105 | } 106 | 107 | const wchar_t* cryptKeyW(wchar_t str[], int KEY) 108 | { 109 | for (int i = 0; i < wcslen(str); i++) 110 | str[i] += KEY; 111 | 112 | return str; 113 | } 114 | 115 | __forceinline void strip_string(std::string& str) 116 | { 117 | str.erase(std::remove_if(str.begin(), str.end(), [](int c) {return !(c > 32 && c < 127); }), str.end()); 118 | } 119 | 120 | __forceinline std::vector split_string(const std::string& str, const std::string& delim) 121 | { 122 | std::vector tokens; 123 | size_t prev = 0, pos = 0; 124 | do 125 | { 126 | pos = str.find(delim, prev); 127 | if (pos == std::string::npos) pos = str.length(); 128 | std::string token = str.substr(prev, pos - prev); 129 | if (!token.empty()) tokens.push_back(token); 130 | prev = pos + delim.length(); 131 | 132 | } while (pos < str.length() && prev < str.length()); 133 | 134 | return tokens; 135 | } 136 | 137 | __forceinline std::string GetHWID() 138 | { 139 | std::string result = ""; 140 | 141 | HANDLE hDevice = CreateFileA(_("\\\\.\\PhysicalDrive0"), (DWORD)nullptr, FILE_SHARE_READ | FILE_SHARE_WRITE, (LPSECURITY_ATTRIBUTES)nullptr, OPEN_EXISTING, (DWORD)nullptr, (HANDLE)nullptr); 142 | 143 | if (hDevice == INVALID_HANDLE_VALUE) return result; 144 | 145 | STORAGE_PROPERTY_QUERY storagePropertyQuery; 146 | ZeroMemory(&storagePropertyQuery, sizeof(STORAGE_PROPERTY_QUERY)); 147 | storagePropertyQuery.PropertyId = StorageDeviceProperty; 148 | storagePropertyQuery.QueryType = PropertyStandardQuery; 149 | 150 | STORAGE_DESCRIPTOR_HEADER storageDescriptorHeader = { 0 }; 151 | DWORD dwBytesReturned = 0; 152 | 153 | DeviceIoControl 154 | ( 155 | hDevice, 156 | IOCTL_STORAGE_QUERY_PROPERTY, 157 | &storagePropertyQuery, 158 | sizeof(STORAGE_PROPERTY_QUERY), 159 | &storageDescriptorHeader, 160 | sizeof(STORAGE_DESCRIPTOR_HEADER), 161 | &dwBytesReturned, 162 | nullptr 163 | ); 164 | 165 | const DWORD dwOutBufferSize = storageDescriptorHeader.Size; 166 | BYTE* pOutBuffer = new BYTE[dwOutBufferSize]; 167 | ZeroMemory(pOutBuffer, dwOutBufferSize); 168 | 169 | DeviceIoControl 170 | ( 171 | hDevice, 172 | IOCTL_STORAGE_QUERY_PROPERTY, 173 | &storagePropertyQuery, 174 | sizeof(STORAGE_PROPERTY_QUERY), 175 | pOutBuffer, 176 | dwOutBufferSize, 177 | &dwBytesReturned, 178 | nullptr 179 | ); 180 | 181 | STORAGE_DEVICE_DESCRIPTOR* pDeviceDescriptor = (STORAGE_DEVICE_DESCRIPTOR*)pOutBuffer; 182 | 183 | if (pDeviceDescriptor->SerialNumberOffset) 184 | { 185 | result += std::string((char*)(pOutBuffer + pDeviceDescriptor->SerialNumberOffset)); 186 | } 187 | 188 | if (pDeviceDescriptor->ProductRevisionOffset) 189 | { 190 | result += std::string((char*)(pOutBuffer + pDeviceDescriptor->ProductRevisionOffset)); 191 | } 192 | 193 | if (pDeviceDescriptor->ProductIdOffset) 194 | { 195 | result += std::string((char*)(pOutBuffer + pDeviceDescriptor->ProductIdOffset)); 196 | } 197 | 198 | uint32_t regs[4]; 199 | __cpuid((int*)regs, 0); 200 | 201 | std::string vendor; 202 | 203 | vendor += std::string((char*)®s[1], 4); 204 | vendor += std::string((char*)®s[3], 4); 205 | vendor += std::string((char*)®s[2], 4); 206 | 207 | result += std::string(vendor); 208 | 209 | strip_string(result); 210 | 211 | delete[] pOutBuffer; 212 | CloseHandle(hDevice); 213 | 214 | result = md5::create_from_string(result); 215 | 216 | return result; 217 | } 218 | 219 | BOOL IsProcessRunning(DWORD pid) 220 | { 221 | HANDLE process = OpenProcess(SYNCHRONIZE, FALSE, pid); 222 | DWORD ret = WaitForSingleObject(process, 0); 223 | CloseHandle(process); 224 | return ret == WAIT_TIMEOUT; 225 | } 226 | _forceinline std::string get_random_string(size_t length) 227 | { 228 | const static std::string chrs = (string)_("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"); 229 | 230 | thread_local static std::mt19937 rg{ std::random_device{}() }; 231 | thread_local static std::uniform_int_distribution pick(0, sizeof(chrs) - 2); 232 | 233 | std::string s; 234 | 235 | s.reserve(length); 236 | 237 | while (length--) 238 | s += chrs[pick(rg)]; 239 | 240 | return s; 241 | } 242 | HANDLE GetProcessByName(const char* name) 243 | { 244 | HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL); 245 | 246 | PROCESSENTRY32 entry; 247 | entry.dwSize = sizeof(entry); 248 | HANDLE process; 249 | ZeroMemory(&process, sizeof(HANDLE)); 250 | 251 | do { 252 | if (!strcmp(name, _bstr_t(entry.szExeFile))) 253 | { 254 | process = OpenProcess(PROCESS_ALL_ACCESS, false, entry.th32ProcessID); 255 | CloseHandle(hSnapshot); 256 | } 257 | } while (Process32Next(hSnapshot, &entry)); 258 | 259 | return process; 260 | } 261 | } -------------------------------------------------------------------------------- /Steepcheat_xenforo/Utilities/skCrypt.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | /*____________________________________________________________________________________________________________ 4 | Original Author: skadro 5 | Github: https://github.com/skadro-official 6 | License: See end of file 7 | skCrypter 8 | Compile-time, Usermode + Kernelmode, safe and lightweight string crypter library for C++11+ 9 | *Not removing this part is appreciated* 10 | ____________________________________________________________________________________________________________*/ 11 | 12 | #ifdef _KERNEL_MODE 13 | namespace std 14 | { 15 | // STRUCT TEMPLATE remove_reference 16 | template 17 | struct remove_reference { 18 | using type = _Ty; 19 | }; 20 | 21 | template 22 | struct remove_reference<_Ty&> { 23 | using type = _Ty; 24 | }; 25 | 26 | template 27 | struct remove_reference<_Ty&&> { 28 | using type = _Ty; 29 | }; 30 | 31 | template 32 | using remove_reference_t = typename remove_reference<_Ty>::type; 33 | 34 | // STRUCT TEMPLATE remove_const 35 | template 36 | struct remove_const { // remove top-level const qualifier 37 | using type = _Ty; 38 | }; 39 | 40 | template 41 | struct remove_const { 42 | using type = _Ty; 43 | }; 44 | 45 | template 46 | using remove_const_t = typename remove_const<_Ty>::type; 47 | } 48 | #else 49 | #include 50 | #endif 51 | 52 | namespace skc 53 | { 54 | template 55 | using clean_type = typename std::remove_const_t>; 56 | 57 | template 58 | class skCrypter 59 | { 60 | public: 61 | __forceinline constexpr skCrypter(T* data) 62 | { 63 | crypt(data); 64 | } 65 | 66 | __forceinline T* get() 67 | { 68 | return _storage; 69 | } 70 | 71 | __forceinline int size() // (w)char count 72 | { 73 | return _size; 74 | } 75 | 76 | __forceinline char key() 77 | { 78 | return _key1; 79 | } 80 | 81 | __forceinline T* encrypt() 82 | { 83 | if (!isEncrypted()) 84 | crypt(_storage); 85 | 86 | return _storage; 87 | } 88 | 89 | __forceinline T* decrypt() 90 | { 91 | if (isEncrypted()) 92 | crypt(_storage); 93 | 94 | return _storage; 95 | } 96 | 97 | __forceinline bool isEncrypted() 98 | { 99 | return _storage[_size - 1] != 0; 100 | } 101 | 102 | __forceinline void clear() // set full storage to 0 103 | { 104 | for (int i = 0; i < _size; i++) 105 | { 106 | _storage[i] = 0; 107 | } 108 | } 109 | 110 | __forceinline operator T* () 111 | { 112 | decrypt(); 113 | 114 | return _storage; 115 | } 116 | 117 | private: 118 | __forceinline constexpr void crypt(T* data) 119 | { 120 | for (int i = 0; i < _size; i++) 121 | { 122 | _storage[i] = data[i] ^ (_key1 + i % (1 + _key2)); 123 | } 124 | } 125 | 126 | T _storage[_size]{}; 127 | }; 128 | } 129 | 130 | #define _(str) skCrypt_key(str, __TIME__[4], __TIME__[7]) 131 | #define skCrypt_key(str, key1, key2) []() { \ 132 | constexpr static auto crypted = skc::skCrypter \ 133 | >((skc::clean_type*)str); \ 134 | return crypted; }() 135 | 136 | /*________________________________________________________________________________ 137 | MIT License 138 | Copyright (c) 2020 skadro 139 | Permission is hereby granted, free of charge, to any person obtaining a copy 140 | of this software and associated documentation files (the "Software"), to deal 141 | in the Software without restriction, including without limitation the rights 142 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 143 | copies of the Software, and to permit persons to whom the Software is 144 | furnished to do so, subject to the following conditions: 145 | The above copyright notice and this permission notice shall be included in all 146 | copies or substantial portions of the Software. 147 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 148 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 149 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 150 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 151 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 152 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 153 | SOFTWARE. 154 | ________________________________________________________________________________*/ 155 | -------------------------------------------------------------------------------- /Steepcheat_xenforo/WebRequest/WebRequest.cpp: -------------------------------------------------------------------------------- 1 | #include "WebRequest.h" 2 | 3 | namespace Web 4 | { 5 | string replaceAll(string subject, const string& search, 6 | const string& replace) { 7 | size_t pos = 0; 8 | while ((pos = subject.find(search, pos)) != string::npos) { 9 | subject.replace(pos, search.length(), replace); 10 | pos += replace.length(); 11 | } 12 | return subject; 13 | } 14 | 15 | string DownloadString(string URL) { 16 | HINTERNET interwebs = InternetOpenA("Mozilla/5.0", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, NULL); 17 | HINTERNET urlFile; 18 | string rtn; 19 | if (interwebs) { 20 | urlFile = InternetOpenUrlA(interwebs, URL.c_str(), NULL, NULL, NULL, NULL); 21 | if (urlFile) { 22 | char buffer[2000]; 23 | DWORD bytesRead; 24 | do { 25 | InternetReadFile(urlFile, buffer, 2000, &bytesRead); 26 | rtn.append(buffer, bytesRead); 27 | memset(buffer, 0, 2000); 28 | } while (bytesRead); 29 | InternetCloseHandle(interwebs); 30 | InternetCloseHandle(urlFile); 31 | string p = replaceAll(rtn, "|n", "\r\n"); 32 | return p; 33 | } 34 | } 35 | InternetCloseHandle(interwebs); 36 | string p = replaceAll(rtn, "|n", "\r\n"); 37 | return p; 38 | } 39 | 40 | void DownloadFile(LPCSTR URL, LPCSTR file_loc) { 41 | URLDownloadToFileA(0, URL, file_loc, 0, 0); 42 | } 43 | } -------------------------------------------------------------------------------- /Steepcheat_xenforo/WebRequest/WebRequest.h: -------------------------------------------------------------------------------- 1 | /* 2 | WEBCLIENT LIBRARY BY FLOWXRC 3 | MADE FOR SWIFTWARE 4 | */ 5 | #pragma once 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #pragma comment(lib, "WinINet.lib") 16 | #pragma comment(lib, "Ws2_32.lib") 17 | #pragma comment(lib, "urlmon.lib") 18 | using namespace std; 19 | 20 | namespace Web { 21 | extern string replaceAll(string subject, const string& search, const string& replace); 22 | extern string DownloadString(string URL); 23 | extern void DownloadFile(LPCSTR URL, LPCSTR file_loc); 24 | } -------------------------------------------------------------------------------- /Steepcheat_xenforo/WndProc.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "Dwmapi.h" 5 | #include "ImGui\imgui.h" 6 | #include "ImGui\imgui_impl_dx9.h" 7 | 8 | #pragma comment(lib, "d3d9.lib") 9 | #pragma comment(lib, "dwmapi.lib") 10 | 11 | static LPDIRECT3DDEVICE9 g_pd3dDevice = NULL; 12 | static D3DPRESENT_PARAMETERS g_d3dpp; 13 | 14 | 15 | extern LRESULT ImGui_ImplDX9_WndProcHandler(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam); 16 | 17 | LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM); 18 | 19 | LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) 20 | { 21 | if (ImGui_ImplDX9_WndProcHandler(hWnd, message, wParam, lParam)) 22 | return true; 23 | 24 | switch (message) 25 | { 26 | 27 | case WM_SIZE: 28 | if (g_pd3dDevice != NULL && wParam != SIZE_MINIMIZED) 29 | { 30 | ImGui_ImplDX9_InvalidateDeviceObjects(); 31 | g_d3dpp.BackBufferWidth = LOWORD(lParam); 32 | g_d3dpp.BackBufferHeight = HIWORD(lParam); 33 | HRESULT hr = g_pd3dDevice->Reset(&g_d3dpp); 34 | if (hr == D3DERR_INVALIDCALL) 35 | IM_ASSERT(0); 36 | ImGui_ImplDX9_CreateDeviceObjects(); 37 | } 38 | return 0; 39 | 40 | case WM_SYSCOMMAND: 41 | if ((wParam & 0xfff0) == SC_KEYMENU) // Disable ALT application menu 42 | return 0; 43 | break; 44 | 45 | case WM_DESTROY: 46 | PostQuitMessage(0); 47 | return 0; 48 | } 49 | return DefWindowProc(hWnd, message, wParam, lParam); 50 | } -------------------------------------------------------------------------------- /Steepcheat_xenforo/global.h: -------------------------------------------------------------------------------- 1 | namespace Global 2 | { 3 | static struct 4 | { 5 | std::string server = (string)_("steepcheat.pw"); 6 | std::string forum_dir = (string)_("/"); 7 | std::string secret_key = (string)_("2jh1iedskaj32jwkdjaks"); 8 | } server; 9 | 10 | static struct 11 | { 12 | std::string version = (string)_("1.0"); 13 | std::string client_key = (string)_("dsaj3ijdw21jdljek21u9e"); 14 | std::string cheat = (string)_("Steepcheat"); 15 | std::string username; 16 | std::string password; 17 | std::string stop; 18 | } client; 19 | }; -------------------------------------------------------------------------------- /Steepcheat_xenforo/rawCheat.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idarlingid/rust-cheat-paste/25e2ae793d6a97b5158aa56a700e3418fd7ce284/Steepcheat_xenforo/rawCheat.h -------------------------------------------------------------------------------- /Steepcheat_xenforo/web/auth.php: -------------------------------------------------------------------------------- 1 | service('XF:User\Login', decrypt(fix_request($_GET["c"]), $tempory_cipher_key, $tempory_iv_key), $ip); 22 | $userValidate = $loginService->validate(decrypt(fix_request($_GET['d']), $tempory_cipher_key, $tempory_iv_key), $error); 23 | if($userValidate) 24 | { 25 | $username = decrypt(fix_request($_GET['c']), $tempory_cipher_key, $tempory_iv_key); 26 | $shwid = fix_request($_GET['f']); 27 | $hwid = decrypt($shwid, $tempory_cipher_key, $tempory_iv_key); 28 | $sql = mysqli_connect("localhost", "sharawin_iforum", "12345678Darling1337!", "sharawin_iforum"); 29 | $query = mysqli_query($sql, "SELECT * FROM hwids WHERE username='$username'"); 30 | $count = mysqli_num_rows($query); 31 | $row = mysqli_fetch_assoc($query); 32 | 33 | $user = mysqli_query($sql, "SELECT * FROM xf_user WHERE username='$username'"); 34 | $roles = mysqli_fetch_assoc($user); 35 | $role = $roles['secondary_group_ids']; //encrypt($test2['secondary_group_ids'], "r09y7LrY1C4yqONI641qMQe7GA5mQvdf", $tempory_iv_key); 36 | $user_ = decrypt(fix_request($_GET['c']), $tempory_cipher_key, $tempory_iv_key); 37 | if ($count > 0) { 38 | if ($row['hwid'] == $hwid) { 39 | $RuExFull; 40 | $RuExCompact; 41 | $Spoofer; 42 | if(strstr($role, "5")){ 43 | mysqli_query($sql, "UPDATE hwids SET RuExFull='1' WHERE username='$username'"); 44 | $RuExFull = "RuExFull"; 45 | //$query = mysqli_query($sql, "INSERT INTO hwids (username, hwid, full, compact) VALUES ('$username', '$hwid', '1', '1')"); 46 | } 47 | else { 48 | mysqli_query($sql, "UPDATE hwids SET RuExFull=NULL WHERE username='$username'"); 49 | $RuExFull = "REFN"; 50 | } 51 | if(strstr($role, "6")){ 52 | mysqli_query($sql, "UPDATE hwids SET RuExLow='1' WHERE username='$username'"); 53 | $RuExCompact = "RuExLow"; 54 | } 55 | else { 56 | mysqli_query($sql, "UPDATE hwids SET RuExLow=NULL WHERE username='$username'"); 57 | $RuExCompact = "RELN"; 58 | } 59 | 60 | 61 | if(strstr($role, "7")){ 62 | mysqli_query($sql, "UPDATE hwids SET Spoofer='1' WHERE username='$username'"); 63 | $Spoofer = "Spoofer"; 64 | } 65 | else { 66 | mysqli_query($sql, "UPDATE hwids SET Spoofer=NULL WHERE username='$username'"); 67 | $Spoofer = "SpN"; 68 | } 69 | //echo $role . $user_; 70 | 71 | 72 | if (!$role) { 73 | //echo "NotFound"; 74 | } 75 | echo encrypt(encrypt($user_ . ";" . $RuExFull . ";" . $RuExCompact . ";" . $Spoofer, $tempory_cipher_key, $tempory_iv_key), $tempory_cipher_key, $tempory_iv_key); 76 | } 77 | else { 78 | echo encrypt(encrypt("hwid_fail", $tempory_cipher_key, $tempory_iv_key), $tempory_cipher_key, $tempory_iv_key); 79 | } 80 | } 81 | else { 82 | $query = mysqli_query($sql, "INSERT INTO hwids (username, hwid) VALUES ('$username', '$hwid')"); 83 | echo encrypt(encrypt("hwid_installed", $tempory_cipher_key, $tempory_iv_key), $tempory_cipher_key, $tempory_iv_key); 84 | } 85 | } 86 | else { 87 | echo encrypt(encrypt("auth_failed",$tempory_cipher_key , $tempory_iv_key), $tempory_cipher_key, $tempory_iv_key); 88 | } 89 | } 90 | else { 91 | echo encrypt(encrypt("password_not_found", $tempory_cipher_key, $tempory_iv_key), $tempory_cipher_key, $tempory_iv_key); 92 | } 93 | } 94 | else { 95 | echo encrypt(encrypt("unknown_error", $tempory_cipher_key, $tempory_iv_key), $tempory_cipher_key, $tempory_iv_key); 96 | } 97 | ?> -------------------------------------------------------------------------------- /Steepcheat_xenforo/web/check.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Steepcheat_xenforo/web/config.php: -------------------------------------------------------------------------------- 1 | '1.0', 4 | 'secret_key' => '2jh1iedskaj32jwkdjaks', 5 | 'client_key' => 'dsaj3ijdw21jdljek21u9e' 6 | ]; 7 | ?> -------------------------------------------------------------------------------- /Steepcheat_xenforo/web/download.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Steepcheat_xenforo/web/load.php: -------------------------------------------------------------------------------- 1 | cipher_key = $generated_session_cipher_key; 40 | 41 | $generated_session_iv_key = generate_key(32); 42 | $session_iv_key = $data->iv_key = $generated_session_iv_key; 43 | 44 | //mysqli_query($helper::connect(),"INSERT INTO aes_keys_injection(cipher, iv, date, ip) VALUES('$generated_session_cipher_key', '$generated_session_iv_key', '$date_register_key', '$ip_request')"); 45 | 46 | $attachment_location = $_SERVER["DOCUMENT_ROOT"] . $dllpath; 47 | 48 | if (file_exists($attachment_location)) 49 | { 50 | //header($_SERVER["SERVER_PROTOCOL"] . " 200 OK"); 51 | //header("Cache-Control: public"); // needed for internet explorer 52 | //header("Content-Type: application/dll"); 53 | //header("Content-Transfer-Encoding: Binary"); 54 | //header("Content-Length:".filesize($attachment_location)); 55 | //header("Content-Disposition: attachment; filename=Full.dll"); 56 | $raw = file_get_contents($attachment_location); 57 | //echo $raw; 58 | echo RSACrypt($raw); 59 | } 60 | 61 | unset($tempory_cipher_key); 62 | unset($tempory_iv_key); 63 | } 64 | else 65 | { 66 | die(encrypt("file_error", "r09y7LrY1C4yqONI641qMQe7GA5mQvdf", "H1ggF9foFGLerr8q")); 67 | } 68 | } 69 | else 70 | { 71 | die(); 72 | } 73 | ?> -------------------------------------------------------------------------------- /Steepcheat_xenforo/web/load/RuExCompact.php: -------------------------------------------------------------------------------- 1 | cipher_key = $generated_session_cipher_key; 39 | 40 | $generated_session_iv_key = $aes::generate_key(32); 41 | $session_iv_key = $data->iv_key = $generated_session_iv_key; 42 | 43 | mysqli_query($helper::connect(),"INSERT INTO aes_keys_injection(cipher, iv, date, ip) VALUES('$generated_session_cipher_key', '$generated_session_iv_key', '$date_register_key', '$ip_request')"); 44 | 45 | $attachment_location = $_SERVER["DOCUMENT_ROOT"] . $dllpath; 46 | 47 | if (file_exists($attachment_location)) 48 | { 49 | header($_SERVER["SERVER_PROTOCOL"] . " 200 OK"); 50 | header("Cache-Control: public"); // needed for internet explorer 51 | header("Content-Type: application/dll"); 52 | header("Content-Transfer-Encoding: Binary"); 53 | header("Content-Length:".filesize($attachment_location)); 54 | header("Content-Disposition: attachment; filename=e9dc924f2.dll"); 55 | $raw = file_get_contents($attachment_location); 56 | echo RSACrypt($raw); 57 | //echo $raw; 58 | } 59 | 60 | unset($tempory_cipher_key); 61 | unset($tempory_iv_key); 62 | } 63 | else 64 | { 65 | die($aes::encrypt("file_error", $_SESSION["cipher_key"], $_SESSION["iv_key"])); 66 | } 67 | } 68 | else 69 | { 70 | die(); 71 | } 72 | ?> -------------------------------------------------------------------------------- /Steepcheat_xenforo/web/load_full.php: -------------------------------------------------------------------------------- 1 | cipher_key = $generated_session_cipher_key; 39 | 40 | $generated_session_iv_key = generate_key(32); 41 | $session_iv_key = $data->iv_key = $generated_session_iv_key; 42 | 43 | //mysqli_query($helper::connect(),"INSERT INTO aes_keys_injection(cipher, iv, date, ip) VALUES('$generated_session_cipher_key', '$generated_session_iv_key', '$date_register_key', '$ip_request')"); 44 | 45 | $attachment_location = $_SERVER["DOCUMENT_ROOT"] . $dllpath; 46 | 47 | if (file_exists($attachment_location)) 48 | { 49 | //header($_SERVER["SERVER_PROTOCOL"] . " 200 OK"); 50 | //header("Cache-Control: public"); // needed for internet explorer 51 | //header("Content-Type: application/dll"); 52 | //header("Content-Transfer-Encoding: Binary"); 53 | //header("Content-Length:".filesize($attachment_location)); 54 | //header("Content-Disposition: attachment; filename=Full.dll"); 55 | $raw = file_get_contents($attachment_location); 56 | //echo $raw; 57 | echo RSACrypt($raw); 58 | } 59 | 60 | unset($tempory_cipher_key); 61 | unset($tempory_iv_key); 62 | } 63 | else 64 | { 65 | die(encrypt("file_error", "r09y7LrY1C4yqONI641qMQe7GA5mQvdf", "H1ggF9foFGLerr8q")); 66 | } 67 | } 68 | else 69 | { 70 | die(); 71 | } 72 | ?> -------------------------------------------------------------------------------- /Steepcheat_xenforo/web/loadlow.php: -------------------------------------------------------------------------------- 1 | cipher_key = $generated_session_cipher_key; 38 | 39 | $generated_session_iv_key = generate_key(32); 40 | $session_iv_key = $data->iv_key = $generated_session_iv_key; 41 | 42 | //mysqli_query($helper::connect(),"INSERT INTO aes_keys_injection(cipher, iv, date, ip) VALUES('$generated_session_cipher_key', '$generated_session_iv_key', '$date_register_key', '$ip_request')"); 43 | 44 | $attachment_location = $_SERVER["DOCUMENT_ROOT"] . $dllpath; 45 | 46 | if (file_exists($attachment_location)) 47 | { 48 | //header($_SERVER["SERVER_PROTOCOL"] . " 200 OK"); 49 | //header("Cache-Control: public"); // needed for internet explorer 50 | //header("Content-Type: application/dll"); 51 | //header("Content-Transfer-Encoding: Binary"); 52 | //header("Content-Length:".filesize($attachment_location)); 53 | //header("Content-Disposition: attachment; filename=Full.dll"); 54 | $raw = file_get_contents($attachment_location); 55 | //echo $raw; 56 | echo RSACrypt($raw); 57 | } 58 | else { 59 | } 60 | 61 | unset($tempory_cipher_key); 62 | unset($tempory_iv_key); 63 | } 64 | else 65 | { 66 | die(encrypt("file_error", "r09y7LrY1C4yqONI641qMQe7GA5mQvdf", "H1ggF9foFGLerr8q")); 67 | } 68 | } 69 | else 70 | { 71 | die(); 72 | } 73 | ?> -------------------------------------------------------------------------------- /Steepcheat_xenforo/web/session.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cheat-callhook-driver.7z: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idarlingid/rust-cheat-paste/25e2ae793d6a97b5158aa56a700e3418fd7ce284/cheat-callhook-driver.7z -------------------------------------------------------------------------------- /cheat-ioctl-driver.7z: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idarlingid/rust-cheat-paste/25e2ae793d6a97b5158aa56a700e3418fd7ce284/cheat-ioctl-driver.7z --------------------------------------------------------------------------------