- Ersteller des Themas
- Gesperrt
- #1
C++:
#include <cstdio>
#include <string>
#include <windows.h>
#include "detours.h"
#include <process.h>
bool DataCompare(const unsigned char* OpCode, const unsigned char* Mask, const char* strMask);
unsigned long FindPattern(unsigned long StartAddress, unsigned long codeLen, unsigned char* Mask, char* strMask, unsigned short ignore);
using loadgamewitheac_type = int(__thiscall*)(DWORD*, LPCWSTR, int, char, DWORD*, LPHANDLE);
loadgamewitheac_type loadgamewitheac_orig = nullptr;
using closehandle_type = BOOL(WINAPI*)(HANDLE);
closehandle_type closehandle_orig = nullptr;
HANDLE ScumThreadHanddle = nullptr;
HANDLE ScumHandle = nullptr;
//Hook Functions
BOOL WINAPI closehandle_hook(HANDLE handle)
{
static int count = 0;
if (count == 1)
ScumHandle = handle;
++count;
return true;
}
int __fastcall loadgamewitheac_hook(DWORD* _this, void* edx, LPCWSTR application_name, int a3, char a4, DWORD* process_id_out, LPHANDLE target_handle)
{
//Hook CloseHandle first and remove it after EAC loading
closehandle_orig = (closehandle_type)DetourAttach((PVOID*)CloseHandle, (PBYTE*)closehandle_hook);
auto ret = loadgamewitheac_orig(_this, application_name, a3, a4, process_id_out, target_handle);
DetourDetach((PVOID*)closehandle_orig, (PBYTE*)closehandle_hook);
//PaladinsHandle access rights == PROCESS_ALL_ACCESS. INJECT CODE HERE
/*DetourContinueProcessWithDllW(PaladinsHandle, L"your_dll_to_inject.dll");*/
return ret;
}
//Threads Function
void __cdecl main_thread(void*)
{
HMODULE eac_module = nullptr;
while (eac_module == nullptr)
{
eac_module = GetModuleHandleW(L"EasyAntiCheat_x64.dll");
Sleep(10);
}
// 0xE8 0x00 0x00 0x00 0x00 0xE9 0x00 0x00 0x00 0x00 0xC6 0x83 0x00 0x00 0x00 0x00 0x00
auto loadeac_addr = FindPattern((DWORD)eac_module, 0xFFFFFFFF, (BYTE*)"\xE8\x00\x00\x00\x00\xE9\x00\x00\x00\x00\xC6\x83\x00\x00\x00\x00\x00", (char*)"x????x????xx?????", 0);
if (loadeac_addr == 0)
{
MessageBoxW(nullptr, L"EasyAntiCheat signature broken", L"Bypass Error", MB_TOPMOST);
ExitProcess(-1);
}
loadgamewitheac_orig = (loadgamewitheac_type)DetourAttach((PVOID*)loadeac_addr, (PBYTE)loadgamewitheac_hook);
if (loadgamewitheac_orig == nullptr)
{
MessageBoxW(nullptr, L"EasyAntiCheat signature broken (2)", L"Exploit Error", MB_TOPMOST);
ExitProcess(-1);
}
}
BOOL WINAPI DllMain(_In_ void* _DllHandle, _In_ unsigned long _Reason, _In_opt_ void* _Reserved)
{
if (_Reason == DLL_PROCESS_ATTACH)
{
DisableThreadLibraryCalls((HMODULE)_DllHandle);
_beginthread(main_thread, 0, nullptr);
}
return true;
}
bool DataCompare(const BYTE* OpCodes, const BYTE* Mask, const char* strMask)
{
while (*strMask)
{
if (*strMask == 'x' && *OpCodes != *Mask)
return false;
++strMask;
++OpCodes;
++Mask;
}
return true;
}
DWORD FindPattern(DWORD StartAddress, DWORD CodeLen, BYTE* Mask, char* strMask, unsigned short ignore)
{
unsigned short Ign = 0;
DWORD i = 0;
while (Ign <= ignore)
{
if (DataCompare((BYTE*)(StartAddress + i++), Mask, strMask))
++Ign;
else if (i >= CodeLen)
return 0;
}
return StartAddress + i - 1;
}
Die Funktion : https://github.com/microsoft/Detours/blob/master/src/detours.cpp#L1970
