API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 20th, 2018
94
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.48 KB | None | 0 0
raw download clone embed print report
  1. #pragma once
  2. #include <Windows.h>
  3. #include "globals.h"
  4. #include "memory.h"
  5.  
  6. #define r_lua_tostring(rL,i) r_lua_tolstring(rL, (i), NULL)
  7. #define r_lua_pop(rL,n) r_lua_settop(rL, -(n)-1)
  8. #define r_lua_gettop(rL) (*(DWORD *)(rL + 32) - *(DWORD *)(rL + 8)) >> 4
  9. #define r_lua_getglobal(rL,s) r_lua_getfield(rL, LUA_GLOBALSINDEX, (s))
  10. #define r_lua_newtable(rL) r_lua_createtable(rL, 0, 0)
  11.  
  12. /*
  13. Aobscan part
  14. Credits to austin for this scanning
  15. making our own soon
  16. */
  17. DWORD ADDRESS_PCALL = x(0x73e760);//
  18. /*DWORD ADDRESS_TYPE = x(0x73CDD0);//
  19. DWORD ADDRESS_GETFIELD = x(0x73A5C0);//
  20. DWORD ADDRESS_SETFIELD = x(0x73C380);//
  21. DWORD ADDRESS_SETTABLE = x(0x73C6C0);//(uintptr_t)sigscan::scan("RobloxPlayerBeta.exe", "\x55\x8B\xEC\x83\xEC\x10\x53\x56\x8B\x75\x08\x57\xFF\x75\x0C\x56\xE8\x00\x00\x00\x00\x8B\x55\x10\x8B\xF8\x8B\xCA\x8D\x59\x01\x90\x8A\x01\x41\x84\xC0\x75\xF9\x2B\xCB\x51\x52\x56\xE8\x00\x00\x00\x00\x6A\x01", "xxxxxxxxxxxxxxxxx????xxxxxxxxxxxxxxxxxxxxxxxx????xx");
  22. DWORD ADDRESS_GETTABLE = x(0x73AA30);//(uintptr_t)sigscan::scan("RobloxPlayerBeta.exe", "\x55\x8B\xEC\x56\xFF\x75\x0C\x8B\x75\x08\x56\xE8\x00\x00\x00\x00\x8B\x4E\x20\x6A\x01", "xxxxxxxxxxxx????xxxxx");
  23. DWORD ADDRESS_SETTOP = x(0x73c750);//
  24. DWORD ADDRESS_CREATETABLE = x(0x73A210);//
  25. DWORD ADDRESS_NEXT = x(0x73B200);//
  26. DWORD ADDRESS_NEWTHREAD = x(0x73B050);//(uintptr_t)sigscan::scan("RobloxPlayerBeta.exe", "\x55\x8B\xEC\x6A\xFF\x68\x00\x00\x00\x00\x64\xA1\x00\x00\x00\x00\x50\x64\x89\x25\x00\x00\x00\x00\x51\x56\x8B\x75\x08\x8B\x46\x1C", "xxxxxx????xx????xxxx????xxxxxxxx");
  27. DWORD ADDRESS_TOBOOLEAN = x(0x73C8D0);//
  28. DWORD ADDRESS_TOLSTRING = x(0x73C990);//
  29. DWORD ADDRESS_TONUMBER = x(0x73CC60);//
  30. DWORD ADDRESS_PUSHVALUE = x(0x73BA10);//
  31. DWORD ADDRESS_PUSHSTRING = x(0x73B950);//
  32. DWORD ADDRESS_PUSHCCLOSURE = x(0x73B4D0);//
  33. DWORD ADDRESS_PUSHBOOLEAN = x(0x73b450);//
  34. DWORD ADDRESS_PUSHNIL = x(0x73b850);//
  35. DWORD ADDRESS_PUSHLIGHTUSERDATA = x(0x73b730);// (uintptr_t)sigscan::scan("RobloxPlayerBeta.exe", "\x55\x8B\xEC\x8B\x55\x08\x8B\x45\x0C\x8B\x4A\x20", "xxxxxxxxxxxx");
  36. //DWORD ADDRESS_TOPOINTER = x();
  37. DWORD ADDRESS_NEWUSERDATA = x(0x73B140); //
  38. DWORD ADDRESS_GETMETATABLE = x(0x73A890); //
  39. //DWORD ADDRESS_SINGLETON = x();
  40. DWORD ADDRESS_REF = x(0x735490); //
  41. DWORD ADDRESS_RAWGETI = x(0x73BCD0);
  42. DWORD ADDRESS_UNREF = x(0x735770);*/
  43. DWORD ADDRESS_TOUSERDATA = x(0x7401B0);
  44. //DWORD ADDRESS_PUSHNUMBER = x(0x73B8C0);
  45.  
  46.  
  47. /*
  48. Typedefs part
  49. All our typedefs that rvx uses
  50. */
  51. /*auto rr_lua_gettop = (int(__cdecl*)(DWORD))x(0x73AAB0);
  52. auto r_lua_getmetatable = (int(__fastcall*)(DWORD, int))Retcheck::Unprotect(ADDRESS_GETMETATABLE, true);
  53. auto r_lua_type = (int(__cdecl*)(DWORD, int))ADDRESS_TYPE;
  54. auto r_lua_toboolean = (bool(__cdecl*)(DWORD, int))ADDRESS_TOBOOLEAN;
  55. auto r_lua_tolstring = (char*(__cdecl*)(DWORD, int, std::size_t*))Retcheck::Unprotect(ADDRESS_TOLSTRING, true);
  56. auto r_lua_tonumber = (double(__stdcall*)(DWORD, int))ADDRESS_TONUMBER;
  57. //auto r_lua_topointer = (const void*(__cdecl*)(DWORD, int))ADDRESS_TOPOINTER;
  58. auto r_lua_touserdata = (void*(__cdecl*)(DWORD, int))Retcheck::Unprotect(ADDRESS_TOUSERDATA, true);
  59. auto r_lua_pushvalue = (void(__stdcall*)(DWORD, int))Retcheck::Unprotect(ADDRESS_PUSHVALUE, true);
  60. auto r_lua_pushlightuserdata = (void(__cdecl*)(DWORD, void*))Retcheck::Unprotect(ADDRESS_PUSHLIGHTUSERDATA, true);
  61. auto r_lua_pushboolean = (void(__cdecl*)(DWORD, int))Retcheck::Unprotect(ADDRESS_PUSHBOOLEAN, true);
  62. auto r_lua_pushnumber = (void(__stdcall*)(DWORD, double))Retcheck::Unprotect(ADDRESS_PUSHNUMBER, true);
  63. auto r_lua_pushnil = (void(__cdecl*)(DWORD))Retcheck::Unprotect(ADDRESS_PUSHNIL, true);
  64. auto r_lua_pushstring = (void(__fastcall*)(DWORD, const char*))ADDRESS_PUSHSTRING;
  65. auto r_lua_pushcclosure = (void(__stdcall*)(DWORD, int, int))Retcheck::Unprotect(ADDRESS_PUSHCCLOSURE, true);
  66. auto r_lua_getfield = (void*(__stdcall*)(DWORD, int, const char*))Retcheck::Unprotect(ADDRESS_GETFIELD, true);
  67. auto r_lua_setfield = (void(__cdecl*)(DWORD, int, const char*))Retcheck::Unprotect(ADDRESS_SETFIELD, true);
  68. auto r_lua_settable = (void(__cdecl*)(DWORD, int))Retcheck::Unprotect(ADDRESS_SETTABLE, true);
  69. auto r_lua_gettable = (void(*__cdecl)(DWORD, int))Retcheck::Unprotect(ADDRESS_GETTABLE, true);
  70. auto r_lua_settop = (void(__cdecl*)(DWORD, int))Retcheck::Unprotect(ADDRESS_SETTOP, true);
  71. auto r_lua_createtable = (void(__cdecl*)(DWORD, int, int))Retcheck::Unprotect(ADDRESS_CREATETABLE, true);
  72. auto r_lua_next = (int(__cdecl*)(DWORD, int))Retcheck::Unprotect(ADDRESS_NEXT, true);
  73. auto r_lua_newuserdata = (void*(__cdecl*)(DWORD, std::size_t))Retcheck::Unprotect(ADDRESS_NEWUSERDATA, true);
  74. auto r_lua_newthread = (DWORD(__cdecl *)(DWORD))Retcheck::Unprotect(ADDRESS_NEWTHREAD, true);;
  75. auto r_luaL_ref = (int(__cdecl*)(DWORD, int))ADDRESS_REF;
  76. auto r_luaL_unref = (void(__cdecl*)(DWORD, int, int))ADDRESS_UNREF;
  77. auto r_lua_rawgeti = (int(__cdecl*)(DWORD, int, int))Retcheck::Unprotect(ADDRESS_RAWGETI, true);
  78. auto r_lua_rawseti = (int(__cdecl*)(DWORD, int, int))ADDRESS_RAWGETI;*/
  79. auto r_luad_pcall = (int(__cdecl*)(DWORD, int, int, int))Retcheck::Unprotect(ADDRESS_PCALL, true);
  80. auto r_lua_touserdata = (void*(__cdecl*)(DWORD, int))Retcheck::Unprotect(ADDRESS_TOUSERDATA, true);
  81.  
  82. DWORD unprotect(DWORD addr)
  83. {
  84. BYTE* tAddr = (BYTE*)addr;
  85. do
  86. {
  87. tAddr += 16;
  88. } while (!(tAddr[0] == 0x55 && tAddr[1] == 0x8B && tAddr[2] == 0xEC));
  89.  
  90. DWORD funcSz = tAddr - (BYTE*)addr;
  91.  
  92. PVOID nFunc = VirtualAlloc(NULL, funcSz, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
  93. if (nFunc == NULL)
  94. return addr;
  95.  
  96. memcpy(nFunc, (void*)addr, funcSz);
  97.  
  98. BYTE* pos = (BYTE*)nFunc;
  99. BOOL valid = false;
  100. do
  101. {
  102. if (pos[0] == 0x72 && pos[2] == 0xA1 && pos[7] == 0x8B) {
  103. *(BYTE*)pos = 0xEB;
  104.  
  105. DWORD cByte = (DWORD)nFunc;
  106. do
  107. {
  108. if (*(BYTE*)cByte == 0xE8)
  109. {
  110. DWORD oFuncPos = addr + (cByte - (DWORD)nFunc);
  111. DWORD oFuncAddr = (oFuncPos + *(DWORD*)(oFuncPos + 1)) + 5;
  112.  
  113. if (oFuncAddr % 16 == 0)
  114. {
  115. DWORD relativeAddr = oFuncAddr - cByte - 5;
  116. *(DWORD*)(cByte + 1) = relativeAddr;
  117.  
  118. cByte += 4;
  119. }
  120. }
  121.  
  122. cByte += 1;
  123. } while (cByte - (DWORD)nFunc < funcSz);
  124.  
  125. valid = true;
  126. }
  127. pos += 1;
  128. } while ((DWORD)pos < (DWORD)nFunc + funcSz);
  129.  
  130. if (!valid)
  131. {
  132. VirtualFree(nFunc, funcSz, MEM_RELEASE);
  133. return addr;
  134. }
  135.  
  136. return (DWORD)nFunc;
  137. }
  138.  
  139. typedef void(__stdcall* rgetfield)(DWORD rL, int idx, const char *k);
  140. rgetfield r_lua_getfield = (rgetfield)unprotect(x(0x73D980));
  141. typedef char*(__stdcall* rtolstring)(DWORD rL, int idx, size_t *size);
  142. rtolstring r_lua_tolstring = (rtolstring)(unprotect(x(0x73fd80)));
  143. typedef void(__stdcall* rsettop)(DWORD rL, int idx);
  144. rsettop r_lua_settop = (rsettop)(unprotect(x(0x73fb40)));
  145. typedef bool(__cdecl* toboolean)(DWORD rL, bool idx);
  146. toboolean r_lua_toboolean = (toboolean)(x(0x73FCC0));
  147. typedef void(__fastcall* pushvalue)(DWORD rL, DWORD idx);
  148. pushvalue r_lua_pushvalue = (pushvalue)(unprotect(x(0x73EDE0)));
  149. typedef double(__cdecl* pushnumber)(DWORD rL, double idx);
  150. pushnumber r_lua_pushnumber = (pushnumber)(unprotect(x(0x73eca0)));
  151. typedef void(__fastcall* rpushstring)(DWORD rL, const char*);
  152. rpushstring r_lua_pushstring = (rpushstring)(x(0x73ed30));
  153. //typedef int(__cdecl* pcall)(DWORD rL, DWORD, DWORD, DWORD);
  154. //pcall r_lua_pcall2 = (pcall)(unprotect(x(0x73B380)));
  155. typedef void(__cdecl* pushnil)(DWORD);
  156. pushnil r_lua_pushnil = (pushnil)(unprotect(x(0x73ec30)));
  157. typedef DWORD(__cdecl* next2)(DWORD rL, int idx);
  158. next2 r_lua_next = (next2)(unprotect(x(0x73e5e0)));
  159. typedef bool(__cdecl* rboolean)(unsigned int, bool);
  160. rboolean r_lua_pushboolean = (rboolean)(unprotect(x(0x73e830)));
  161. typedef double(__cdecl* rtonumber)(DWORD, int);
  162. rtonumber r_lua_tonumber = (rtonumber)(x(0x740080));
  163. typedef void(__stdcall* rpushcclosure)(DWORD rL, int fn, int non);
  164. rpushcclosure r_lua_pushcclosure = (rpushcclosure)(unprotect(x(0x73e8b0)));
  165. typedef void(__cdecl *rcreatetable)(DWORD rL, int num, int fix);
  166. rcreatetable r_lua_createtable = (rcreatetable)(unprotect(x(0x73D5C0)));
  167. typedef void*(__cdecl *rnewuserdata)(DWORD rL, int idx);
  168. rnewuserdata r_lua_newuserdata = (rnewuserdata)(unprotect(x(0x73E520)));
  169. typedef void*(__stdcall *rgetmetatable)(DWORD rL, int idx);
  170. rgetmetatable r_lua_getmetatable = (rgetmetatable)(unprotect(x(0x73DC50)));
  171. typedef void*(__cdecl *rsettable)(DWORD rL, int);
  172. rsettable r_lua_settable = (rsettable)(unprotect(x(0x73fab0)));
  173. typedef DWORD(__cdecl *rtype)(DWORD, int);
  174. rtype r_lua_type = (rtype)(x(0x7401E0));
  175. //typedef DWORD(__cdecl *rgettop)(DWORD);
  176. //rgettop rlua_gettop = (rgettop)(x(0x73AAB0));
  177. typedef DWORD(__cdecl *rnewthread)(DWORD);
  178. rnewthread r_lua_newthread = (rnewthread)unprotect(x(0x73e430));
  179. typedef void(__cdecl *rgetmetafield)(DWORD rL, const char*);
  180. rgetmetafield r_lua_getmetafield = (rgetmetafield)(unprotect(x(0x7383E0)));
  181. typedef DWORD(__cdecl *rref)(DWORD, DWORD);
  182. #include "retcheck.h"
  183. rref r_luaL_ref = (rref)(Ret::unprotect<DWORD>((byte*)(x(0x738890))));
  184. typedef void(__stdcall *rrsetfield)(DWORD, int, const char*);
  185. rrsetfield rlua_setfield2 = (rrsetfield)(unprotect(x(0x73F760)));
  186. typedef void(__cdecl *rrawgeti)(DWORD, DWORD, DWORD);
  187. rrawgeti r_lua_rawgeti = (rrawgeti)unprotect(x(0x73f0a0));
  188. typedef int(__cdecl *gettop)(DWORD);
  189. gettop r_lua_gettop = (gettop)(x(0x73DE80));
  190. typedef void(__cdecl *rpushlight)(DWORD, void*);
  191. rpushlight r_lua_pushlightuserdata = (rpushlight)(unprotect(x(0x73eb10)));
  192.  
  193. /*
  194. Sehchainfaker
  195. Eternals sehchain fixed for windows7, windows 8,...
  196. */
  197. void fakeChain(DWORD* chain)
  198. {
  199. chain[1] = 0x1555555;
  200. if ((((DWORD*)chain[0])[1]) != NULL) {
  201. ((DWORD*)chain[0])[1] = 0x1555555;
  202. }
  203. }
  204. void restoreChain(DWORD* chain, DWORD unk, DWORD nextUnk)
  205. {
  206. chain[1] = unk;
  207. if ((((DWORD*)chain[0])[1]) != NULL) {
  208. ((DWORD*)chain[0])[1] = nextUnk;
  209. }
  210. }
  211.  
  212. /*
  213. r_lua_pcall
  214. r_lua_pcall we use this to see what error roblox returns if it returns the error we want we put a breakpoint on it
  215. and rewrite it to our own functions sadly r_lua_pcall has a check sehchaincheck which i already bypassed!
  216. */
  217.  
  218. int r_lua_pcall(DWORD rL, int nargs, int nresults, int errfunc)
  219. {
  220. DWORD* exceptionChain = (DWORD*)__readfsdword(0);
  221. DWORD unk = exceptionChain[1];
  222. ((((DWORD*)exceptionChain[0])[1]) != NULL );
  223. {
  224. DWORD nextUnk = ((DWORD*)exceptionChain[0])[1];
  225. fakeChain(exceptionChain);
  226. int ret = r_luad_pcall(rL, nargs, nresults, errfunc);
  227. restoreChain(exceptionChain, unk, nextUnk);
  228. return ret;
  229. }
  230.  
  231. fakeChain(exceptionChain);
  232. int ret = r_luad_pcall(rL, nargs, nresults, errfunc);
  233. restoreChain(exceptionChain, unk, 0);
  234. return ret;
  235. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!