Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include "stdafx.h"
- uint32_t find(const wchar_t* proc)
- {
- auto snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
- auto pe = PROCESSENTRY32W{ sizeof(PROCESSENTRY32W) };
- if (Process32First(snapshot, &pe)) {
- do {
- if (!_wcsicmp(proc, pe.szExeFile)) {
- CloseHandle(snapshot);
- return pe.th32ProcessID;
- }
- } while (Process32Next(snapshot, &pe));
- }
- CloseHandle(snapshot);
- return 0;
- }
- HANDLE GetProcessHandle(uint64_t targetProcessId)
- {
- auto NtQuerySystemInformation = reinterpret_cast<NtQuerySystemInformationFn>(GetLib("ntdll.dll"), "NtQuerySystemInformation"));
- NTSTATUS status;
- ULONG handleInfoSize = 0x10000;
- auto handleInfo = reinterpret_cast<PSYSTEM_HANDLE_INFORMATION>(malloc(handleInfoSize));
- while ((status = NtQuerySystemInformation(SystemHandleInformation, handleInfo, handleInfoSize, nullptr)) == STATUS_INFO_LENGTH_MISMATCH)
- handleInfo = reinterpret_cast<PSYSTEM_HANDLE_INFORMATION>(realloc(handleInfo, handleInfoSize *= 2));
- if (!NT_SUCCESS(status))
- {
- MessageBox("Error: Handle Not Found", "Error!");
- }
- for (auto i = 0; i < handleInfo->HandleCount; i++)
- {
- auto handle = handleInfo->Handles[i];
- const auto process = reinterpret_cast<HANDLE>(handle.Handle);
- if (handle.ProcessId == GetCurrentProcessId() && GetProcessId(process) == targetProcessId)
- return process;
- }
- free(handleInfo);
- return nullptr;
- }
- class Wrappers
- {
- public:
- HANDLE hDriver;
- // Open a handle to the driver
- Wrappers(LPCSTR RegistryPath)
- {
- hDriver = CreateFileA(RegistryPath, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0);
- }
- // Sets the games PID in the driver
- DWORD SetTargetPid(DWORD PID)
- {
- DWORD Bytes;
- if (DeviceIoControl(hDriver, SET_ID_REQUEST, &PID, sizeof(PID), 0, 0, &Bytes, NULL))
- return true;
- else
- return false;
- }
- // Get's the main modules base address
- DWORD64 GetMainModule()
- {
- DWORD64 MainModule;
- if (DeviceIoControl(hDriver, GET_MODULE_REQUEST, 0, 0, &MainModule, sizeof(MainModule), 0, 0))
- return MainModule;
- else
- return false;
- }
- };
- bool SendProcessIDs(ULONG PROTECTEDPROGRAM, ULONG LSASS, ULONG CSRSS)
- {
- hDriver = CreateFileA("\\\\.\\discordexp", GENERIC_READ | GENERIC_WRITE,FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0);
- if (hDriver == INVALID_HANDLE_VALUE)
- return false;
- DWORD Return, Bytes;
- READ_REQUEST ReadRequest;
- ReadRequest.ProtectedProgram = PROTECTEDPROGRAM;
- ReadRequest.LSASS = LSASS;
- ReadRequest.CSRSS = CSRSS;
- // send code to our driver with the arguments
- if (DeviceIoControl(hDriver, IO_READ_REQUEST, &ReadRequest,sizeof(ReadRequest), &ReadRequest, sizeof(ReadRequest), &Bytes, NULL))
- {
- return true;
- }
- else
- {
- return false;
- }
- }
- void Init()
- {
- Wrappers Driver("\\\\.\\discordexp");
- DWORD ProcessId;
- string csrss = "csrss.exe"
- vector<uint32_t> pidcsrss = find(csrss);
- string lsass = "lsass.exe";
- vector<uint32_t> pidlsass = find(lsass);
- SendProcessIDs(GetCurrentProcessId(), pidlsass, pidcsrss);
- Driver.SetTargetPid(GetProcessHandle(find(L"RainbowSix.exe")));
- //Set PID in driver
- auto MainModule = Driver.GetMainModule();
- CCheat::Initilize();
- }
- BOOL APIENTRY DllMain( HMODULE hModule,DWORD ul_reason_for_call,
- LPVOID lpReserved
- )
- {
- switch (ul_reason_for_call)
- {
- case DLL_PROCESS_ATTACH:
- MessageBox("Injected", "Injected");
- CreateThread(0, 0, (LPTHREAD_START_ROUTINE)Init, 0, 0, 0);
- case DLL_THREAD_ATTACH:
- case DLL_THREAD_DETACH:
- case DLL_PROCESS_DETACH:
- break;
- }
- return TRUE;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement