API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 20th, 2019
114
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.50 KB | None | 0 0
raw download clone embed print report
  1. #pragma once
  2.  
  3. #include <stdio.h>
  4. #include <tchar.h>
  5. #include <stdio.h>
  6. #include <windows.h>
  7. #include <string>
  8. #include <time.h>
  9. #include <stdlib.h>
  10. #include <iostream>
  11. #include <tlhelp32.h>
  12. #include <psapi.h>
  13. #include <sddl.h>
  14. #include <accctrl.h>
  15. #include <conio.h>
  16. #include <aclapi.h>
  17. #include <thread>
  18. #include <fstream> //derp obvious.
  19. #include <time.h>
  20. #include <Tlhelp32.h>
  21. #include <stdio.h>
  22. #include <stdlib.h>
  23. #include <ctype.h>
  24. #include <Shlwapi.h>
  25.  
  26.  
  27.  
  28. #pragma comment(lib, "Ws2_32.lib")
  29. using namespace std;
  30. #define MAX_PROCESSES (1024)
  31. typedef HMODULE(WINAPI* pLoadLibraryA)(LPCSTR);
  32. typedef FARPROC(WINAPI* pGetProcAddress)(HMODULE, LPCSTR);
  33. typedef BOOL(WINAPI* PDLL_MAIN)(HMODULE, DWORD, PVOID);
  34.  
  35. class ManualMapPoly
  36. {
  37. public:
  38. virtual DWORD InjectCSGOCheatInternalBeta(std::string Username, std::string Password);
  39. virtual DWORD InjectCSGOCheatInternal(std::string Username, std::string Password);
  40. virtual DWORD MyGetProcessId(LPCTSTR ProcessName);
  41. virtual DWORD FindProcess(__in_z LPCTSTR lpcszFileName);
  42.  
  43. private:
  44.  
  45. protected:
  46.  
  47. };
  48.  
  49. class ManualMap : public ManualMapPoly
  50. {
  51. public:
  52.  
  53. virtual DWORD InjectCSGOCheatInternal(unsigned char* s);
  54. virtual DWORD MyGetProcessId(LPCTSTR ProcessName);
  55. virtual DWORD FindProcess(__in_z LPCTSTR lpcszFileName);
  56.  
  57. private:
  58.  
  59. protected:
  60.  
  61. };
  62.  
  63.  
  64. typedef struct _MANUAL_INJECT
  65. {
  66. PVOID ImageBase;
  67. PIMAGE_NT_HEADERS NtHeaders;
  68. PIMAGE_BASE_RELOCATION BaseRelocation;
  69. PIMAGE_IMPORT_DESCRIPTOR ImportDirectory;
  70. pLoadLibraryA fnLoadLibraryA;
  71. pGetProcAddress fnGetProcAddress;
  72. }MANUAL_INJECT, * PMANUAL_INJECT;
  73. DWORD WINAPI LoadDll(PVOID p)
  74. {
  75. PMANUAL_INJECT ManualInject;
  76.  
  77. HMODULE hModule;
  78. DWORD i, Function, count, delta;
  79.  
  80. PDWORD ptr;
  81. PWORD list;
  82.  
  83. PIMAGE_BASE_RELOCATION pIBR;
  84. PIMAGE_IMPORT_DESCRIPTOR pIID;
  85. PIMAGE_IMPORT_BY_NAME pIBN;
  86. PIMAGE_THUNK_DATA FirstThunk, OrigFirstThunk;
  87.  
  88. PDLL_MAIN EntryPoint;
  89.  
  90. ManualInject = (PMANUAL_INJECT)p;
  91.  
  92. pIBR = ManualInject->BaseRelocation;
  93. delta = (DWORD)((LPBYTE)ManualInject->ImageBase - ManualInject->NtHeaders->OptionalHeader.ImageBase); // Calculate the delta
  94.  
  95. // Relocate the image
  96.  
  97. while (pIBR->VirtualAddress)
  98. {
  99. if (pIBR->SizeOfBlock >= sizeof(IMAGE_BASE_RELOCATION))
  100. {
  101. count = (pIBR->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(WORD);
  102. list = (PWORD)(pIBR + 1);
  103.  
  104. for (i = (0); i < count; i++)
  105. {
  106. if (list[i])
  107. {
  108. ptr = (PDWORD)((LPBYTE)ManualInject->ImageBase + (pIBR->VirtualAddress + (list[i] & (0xFFF))));
  109. *ptr += delta;
  110. }
  111. }
  112. }
  113. pIBR = (PIMAGE_BASE_RELOCATION)((LPBYTE)pIBR + pIBR->SizeOfBlock);
  114. }
  115.  
  116. pIID = ManualInject->ImportDirectory;
  117.  
  118. // Resolve DLL imports
  119.  
  120. while (pIID->Characteristics)
  121. {
  122. OrigFirstThunk = (PIMAGE_THUNK_DATA)((LPBYTE)ManualInject->ImageBase + pIID->OriginalFirstThunk);
  123. FirstThunk = (PIMAGE_THUNK_DATA)((LPBYTE)ManualInject->ImageBase + pIID->FirstThunk);
  124.  
  125. hModule = ManualInject->fnLoadLibraryA((LPCSTR)ManualInject->ImageBase + pIID->Name);
  126.  
  127. if (!hModule)
  128. {
  129. return FALSE;
  130. }
  131.  
  132. while (OrigFirstThunk->u1.AddressOfData)
  133. {
  134. if (OrigFirstThunk->u1.Ordinal & IMAGE_ORDINAL_FLAG)
  135. {
  136. // Import by ordinal
  137.  
  138. Function = (DWORD)ManualInject->fnGetProcAddress(hModule, (LPCSTR)(OrigFirstThunk->u1.Ordinal & (0xFFFF)));
  139.  
  140. if (!Function)
  141. {
  142. return FALSE;
  143. }
  144.  
  145.  
  146. FirstThunk->u1.Function = Function;
  147. }
  148.  
  149. else
  150. {
  151. // Import by name
  152.  
  153. pIBN = (PIMAGE_IMPORT_BY_NAME)((LPBYTE)ManualInject->ImageBase + OrigFirstThunk->u1.AddressOfData);
  154. Function = (DWORD)ManualInject->fnGetProcAddress(hModule, (LPCSTR)pIBN->Name);
  155.  
  156. if (!Function)
  157. {
  158. return FALSE;
  159. }
  160.  
  161. FirstThunk->u1.Function = Function;
  162. }
  163.  
  164. OrigFirstThunk++;
  165. FirstThunk++;
  166. }
  167.  
  168. pIID++;
  169. }
  170.  
  171. if (ManualInject->NtHeaders->OptionalHeader.AddressOfEntryPoint)
  172. {
  173. EntryPoint = (PDLL_MAIN)((LPBYTE)ManualInject->ImageBase + ManualInject->NtHeaders->OptionalHeader.AddressOfEntryPoint);
  174. return EntryPoint((HMODULE)ManualInject->ImageBase, DLL_PROCESS_ATTACH, NULL); // Call the entry point
  175. }
  176. return true;
  177. }
  178. DWORD WINAPI LoadDllEnd()
  179. {
  180. return (0);
  181. }
  182. DWORD ProcId = (0);
  183.  
  184. DWORD ManualMapPoly::FindProcess(__in_z LPCTSTR lpcszFileName)
  185. {
  186.  
  187. }
  188.  
  189.  
  190. DWORD ManualMap::FindProcess(__in_z LPCTSTR lpcszFileName)
  191. {
  192.  
  193. LPDWORD lpdwProcessIds;
  194. LPTSTR lpszBaseName;
  195. HANDLE hProcess;
  196. DWORD i, cdwProcesses, dwProcessId = (0);
  197.  
  198. lpdwProcessIds = (LPDWORD)HeapAlloc(GetProcessHeap(), (0), MAX_PROCESSES * sizeof(DWORD));
  199. if (lpdwProcessIds != NULL)
  200. {
  201. if (EnumProcesses(lpdwProcessIds, MAX_PROCESSES * sizeof(DWORD), &cdwProcesses))
  202. {
  203. lpszBaseName = (LPTSTR)HeapAlloc(GetProcessHeap(), (0), MAX_PATH * sizeof(TCHAR));
  204. if (lpszBaseName != NULL)
  205. {
  206. cdwProcesses /= sizeof(DWORD);
  207. for (i = (0); i < cdwProcesses; i++)
  208. {
  209. hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, lpdwProcessIds[i]);
  210. if (hProcess != NULL)
  211. {
  212. if (GetModuleBaseName(hProcess, NULL, lpszBaseName, MAX_PATH) > (0))
  213. {
  214. if (!lstrcmpi(lpszBaseName, lpcszFileName))
  215. {
  216. dwProcessId = lpdwProcessIds[i];
  217. CloseHandle(hProcess);
  218. break;
  219. }
  220. }
  221. CloseHandle(hProcess);
  222. }
  223. }
  224. HeapFree(GetProcessHeap(), (0), (LPVOID)lpszBaseName);
  225. }
  226. }
  227. HeapFree(GetProcessHeap(), (0), (LPVOID)lpdwProcessIds);
  228. }
  229. return(dwProcessId);
  230.  
  231. }
  232.  
  233. DWORD ManualMapPoly::MyGetProcessId(LPCTSTR ProcessName)
  234. {
  235.  
  236.  
  237. }
  238.  
  239.  
  240. DWORD ManualMap::MyGetProcessId(LPCTSTR ProcessName)
  241. {
  242.  
  243.  
  244.  
  245. PROCESSENTRY32 pt;
  246. HANDLE hsnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, (0));
  247. pt.dwSize = sizeof(PROCESSENTRY32);
  248. if (Process32First(hsnap, &pt))
  249. {
  250. do {
  251. if (!(lstrcmpiW)(pt.szExeFile, ProcessName))
  252. {
  253. (CloseHandle)(hsnap);
  254. return(pt.th32ProcessID);
  255. }
  256.  
  257. } while (Process32Next(hsnap, &pt));
  258. }
  259.  
  260. (CloseHandle)(hsnap);
  261. return((0));
  262.  
  263.  
  264. }
  265.  
  266. PIMAGE_DOS_HEADER pIDH;
  267. PIMAGE_NT_HEADERS pINH;
  268. PIMAGE_SECTION_HEADER pISH;
  269. HANDLE hProcess, hThread, hFile, hToken;
  270. PVOID buffer, image, mem;
  271. DWORD i, FileSize, ProcessId, ExitCode, read;
  272. TOKEN_PRIVILEGES tp;
  273. MANUAL_INJECT ManualInject;
  274.  
  275. bool autbypass = false;
  276.  
  277. /*injection*/
  278.  
  279. DWORD ManualMapPoly::InjectCSGOCheatInternal(std::string Username, std::string Password)
  280. {
  281. return 0;
  282.  
  283. }
  284.  
  285. DWORD ManualMapPoly::InjectCSGOCheatInternalBeta(std::string Username, std::string Password)
  286. {
  287. return 0;
  288. }
  289.  
  290. static size_t WriteMemoryCallbacks(void* contents, size_t size, size_t nmemb, void* userp)
  291. {
  292.  
  293.  
  294. /*Code*/
  295. ((std::string*)userp)->append((char*)contents, size * nmemb);
  296. return(size * nmemb);
  297.  
  298.  
  299. }
  300.  
  301. std::string guids()
  302. {
  303.  
  304.  
  305. /*Define vars*/
  306. std::string ret;
  307. char value[64];
  308. DWORD size = _countof(value);
  309. DWORD type = REG_SZ;
  310. HKEY key;
  311. LONG retKey = (RegOpenKeyExA)(HKEY_LOCAL_MACHINE, (("SOFTWARE\\Microsoft\\Cryptography")), (0), KEY_READ | KEY_WOW64_64KEY, &key);
  312. LONG retVal = (RegQueryValueExA)(key, (("MachineGuid")), nullptr, &type, (LPBYTE)value, &size);
  313.  
  314. /*Get key*/
  315. if (retKey == ERROR_SUCCESS && retVal == ERROR_SUCCESS)
  316. {
  317. ret = value;
  318. }
  319.  
  320.  
  321. (RegCloseKey)(key);
  322. return(ret);
  323.  
  324. }
  325.  
  326. size_t writedata_download(void* ptr, size_t size, size_t nmemb, FILE* stream)
  327. {
  328.  
  329. size_t written;
  330. written = (fwrite)(ptr, size, nmemb, stream);
  331. return(written);
  332.  
  333. }
  334.  
  335.  
  336. bool doesFileExist(const std::string& file)
  337. {
  338.  
  339. std::ifstream f(file.c_str());
  340. return(f.good());
  341.  
  342. }
  343.  
  344.  
  345.  
  346. DWORD ManualMap::InjectCSGOCheatInternal(unsigned char* s)
  347. {
  348.  
  349.  
  350.  
  351. while (!FindProcess(((L"csgo.exe"))))
  352. {
  353.  
  354. Sleep(300);
  355.  
  356. }
  357.  
  358. while (true)
  359. {
  360.  
  361.  
  362. Sleep(15000);
  363.  
  364.  
  365. PVOID rData = reinterpret_cast<char*>(s);
  366.  
  367.  
  368. pIDH = (PIMAGE_DOS_HEADER)rData;
  369. pINH = (PIMAGE_NT_HEADERS)((LPBYTE)rData + pIDH->e_lfanew);
  370.  
  371. DWORD pid = FindProcess((L"csgo.exe"));
  372. hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
  373.  
  374. image = VirtualAllocEx(hProcess, NULL, pINH->OptionalHeader.SizeOfImage, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
  375. (WriteProcessMemory)(hProcess, image, rData, pINH->OptionalHeader.SizeOfHeaders, NULL);
  376. pISH = (PIMAGE_SECTION_HEADER)(pINH + (1));
  377. for (i = (0); i < pINH->FileHeader.NumberOfSections; i++)
  378. {
  379. (WriteProcessMemory)(hProcess, (PVOID)((LPBYTE)image + pISH[i].VirtualAddress),
  380. (PVOID)((LPBYTE)rData + pISH[i].PointerToRawData), pISH[i].SizeOfRawData, NULL);
  381. }
  382. mem = VirtualAllocEx(hProcess, NULL, (4096), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
  383. memset(&ManualInject, (0), sizeof(MANUAL_INJECT));
  384.  
  385. ManualInject.ImageBase = image;
  386. ManualInject.NtHeaders = (PIMAGE_NT_HEADERS)((LPBYTE)image + pIDH->e_lfanew);
  387. ManualInject.BaseRelocation = (PIMAGE_BASE_RELOCATION)((LPBYTE)image + pINH->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress);
  388. ManualInject.ImportDirectory = (PIMAGE_IMPORT_DESCRIPTOR)((LPBYTE)image + pINH->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
  389. ManualInject.fnLoadLibraryA = LoadLibraryA;
  390. ManualInject.fnGetProcAddress = GetProcAddress;
  391.  
  392. (WriteProcessMemory)(hProcess, mem, &ManualInject, sizeof(MANUAL_INJECT), NULL);
  393. (WriteProcessMemory)(hProcess, (PVOID)((PMANUAL_INJECT)mem + (1)), LoadDll, (DWORD)LoadDllEnd - (DWORD)LoadDll, NULL);
  394.  
  395. hThread = (CreateRemoteThread)(hProcess, NULL, (0), (LPTHREAD_START_ROUTINE)((PMANUAL_INJECT)mem + (1)), mem, (0), NULL);
  396. (WaitForSingleObject)(hThread, INFINITE);
  397. (GetExitCodeThread)(hThread, &ExitCode);
  398. (exit)(1);
  399. }
  400.  
  401. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!