#include "stdafx.h"uint32_t find(const wchar_t* proc){auto snapshot = Crea

1. #include "stdafx.h"
2. uint32_t find(const wchar_t* proc)
3. {
4. auto snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
5. auto pe = PROCESSENTRY32W{ sizeof(PROCESSENTRY32W) };
6. if (Process32First(snapshot, &pe)) {
7. do {
8. if (!_wcsicmp(proc, pe.szExeFile)) {
9. CloseHandle(snapshot);
10. return pe.th32ProcessID;
11. }
12. } while (Process32Next(snapshot, &pe));
13. }
14. CloseHandle(snapshot);
15. return 0;
16. }
17. HANDLE GetProcessHandle(uint64_t targetProcessId)
18. {
19. auto NtQuerySystemInformation = reinterpret_cast<NtQuerySystemInformationFn>(GetLib("ntdll.dll"), "NtQuerySystemInformation"));
20. NTSTATUS status;
21. ULONG handleInfoSize = 0x10000;
22. auto handleInfo = reinterpret_cast<PSYSTEM_HANDLE_INFORMATION>(malloc(handleInfoSize));
23. while ((status = NtQuerySystemInformation(SystemHandleInformation, handleInfo, handleInfoSize, nullptr)) == STATUS_INFO_LENGTH_MISMATCH)
24. handleInfo = reinterpret_cast<PSYSTEM_HANDLE_INFORMATION>(realloc(handleInfo, handleInfoSize *= 2));
25. if (!NT_SUCCESS(status))
26. {
27. MessageBox("Error: Handle Not Found", "Error!");
28. }
29. for (auto i = 0; i < handleInfo->HandleCount; i++)
30. {
31. auto handle = handleInfo->Handles[i];
32. const auto process = reinterpret_cast<HANDLE>(handle.Handle);
33. if (handle.ProcessId == GetCurrentProcessId() && GetProcessId(process) == targetProcessId)
34. return process;
35. }
36. free(handleInfo);
37. return nullptr;
38. }
39. class Wrappers
40. {
41. public:
42. HANDLE hDriver;
43. // Open a handle to the driver
44. Wrappers(LPCSTR RegistryPath)
45. {
46. hDriver = CreateFileA(RegistryPath, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0);
47. }
48. // Sets the games PID in the driver
49. DWORD SetTargetPid(DWORD PID)
50. {
51. DWORD Bytes;
52. if (DeviceIoControl(hDriver, SET_ID_REQUEST, &PID, sizeof(PID), 0, 0, &Bytes, NULL))
53. return true;
54. else
55. return false;
56. }
57. // Get's the main modules base address
58. DWORD64 GetMainModule()
59. {
60. DWORD64 MainModule;
61. if (DeviceIoControl(hDriver, GET_MODULE_REQUEST, 0, 0, &MainModule, sizeof(MainModule), 0, 0))
62. return MainModule;
63. else
64. return false;
65. }
66. };
67. bool SendProcessIDs(ULONG PROTECTEDPROGRAM, ULONG LSASS, ULONG CSRSS)
68. {
69. hDriver = CreateFileA("\\\\.\\discordexp", GENERIC_READ | GENERIC_WRITE,FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0);
70. if (hDriver == INVALID_HANDLE_VALUE)
71. return false;
72. DWORD Return, Bytes;
73. READ_REQUEST ReadRequest;
74. ReadRequest.ProtectedProgram = PROTECTEDPROGRAM;
75. ReadRequest.LSASS = LSASS;
76. ReadRequest.CSRSS = CSRSS;
77. // send code to our driver with the arguments
78. if (DeviceIoControl(hDriver, IO_READ_REQUEST, &ReadRequest,sizeof(ReadRequest), &ReadRequest, sizeof(ReadRequest), &Bytes, NULL))
79. {
80. return true;
81. }
82. else
83. {
84. return false;
85. }
86. }
87.  
88. void Init()
89. {
90. Wrappers Driver("\\\\.\\discordexp");
91. DWORD ProcessId;
92. string csrss = "csrss.exe"
93. vector<uint32_t> pidcsrss = find(csrss);
94. string lsass = "lsass.exe";
95. vector<uint32_t> pidlsass = find(lsass);
96. SendProcessIDs(GetCurrentProcessId(), pidlsass, pidcsrss);
97. Driver.SetTargetPid(GetProcessHandle(find(L"RainbowSix.exe")));
98. //Set PID in driver
99. auto MainModule = Driver.GetMainModule();
100. CCheat::Initilize();
101. }
102.  
103.  
104. BOOL APIENTRY DllMain( HMODULE hModule,DWORD ul_reason_for_call,
105. LPVOID lpReserved
106. )
107. {
108. switch (ul_reason_for_call)
109. {
110. case DLL_PROCESS_ATTACH:
111. MessageBox("Injected", "Injected");
112. CreateThread(0, 0, (LPTHREAD_START_ROUTINE)Init, 0, 0, 0);
113. case DLL_THREAD_ATTACH:
114. case DLL_THREAD_DETACH:
115. case DLL_PROCESS_DETACH:
116. break;
117. }
118. return TRUE;
119. }