Advertisement
Guest User

Untitled

a guest
Dec 7th, 2019
185
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.80 KB | None | 0 0
  1. clude <windows.h>
  2. #include <iostream>
  3. #include <functional>
  4.  
  5. #include "MinHook.h"
  6.  
  7. const uintptr_t g_scriptingBase = (uintptr_t)GetModuleHandleA("citizen-scripting-lua.dll");
  8.  
  9. typedef struct lua_State lua_State;
  10. typedef intptr_t lua_KContext;
  11. typedef int (*lua_KFunction)(lua_State* L, int status, lua_KContext ctx);
  12.  
  13. typedef int(__fastcall* luaL_loadbufferxProto)(lua_State* L, const char* buff, size_t sz, const char* name, const char* mode);
  14. typedef lua_State*(__fastcall* lua_newthreadProto)(lua_State *L);
  15. typedef int(__fastcall* lua_pcallkProto)(lua_State *L, int nargs, int nresults, int errfunc, lua_KContext ctx, lua_KFunction k);
  16. typedef void(__fastcall* lua_settopProto)(lua_State *L, int idx);
  17. typedef const char*(__fastcall* lua_tolstringProto)(lua_State *L, int idx, size_t *len);
  18. //
  19. typedef int(__fastcall* LuaScriptRuntime__RunFileInternalProto)(uint64_t _this, const char* scriptName, std::function<int(const char*)> loadFunction);
  20.  
  21. const auto lua_settop = (lua_settopProto) (g_scriptingBase + 0x21DE0);
  22. const auto lua_pcallk = (lua_pcallkProto) (g_scriptingBase + 0x211E0);
  23. const auto lua_newthread = (lua_newthreadProto) (g_scriptingBase + 0x20020);
  24. const auto luaL_loadbufferx = (luaL_loadbufferxProto) (g_scriptingBase + 0x22F50);
  25. const auto lua_tolstring = (lua_tolstringProto) (g_scriptingBase + 0x220D0);
  26. //
  27. const auto LuaScriptRuntime__RunFileInternal = (LuaScriptRuntime__RunFileInternalProto)(g_scriptingBase + 0x107A0);
  28.  
  29. #define lua_pcall(L,n,r,f) lua_pcallk(L, (n), (r), (f), 0, NULL)
  30. #define luaL_loadbuffer(L,s,sz,n) luaL_loadbufferx(L,s,sz,n,NULL)
  31. #define lua_pop(L,n) lua_settop(L, -(n)-1)
  32. #define LUA_MULTRET (-1)
  33.  
  34. LuaScriptRuntime__RunFileInternalProto LuaScriptRuntime__RunFileInternalPtr = nullptr;
  35. luaL_loadbufferxProto luaL_loadbufferxPtr = nullptr;
  36.  
  37. lua_State* g_state = nullptr;
  38.  
  39. int LuaScriptRuntime__RunFileInternalDetour(uintptr_t _this, const char* scriptName, std::function<int(const char*)> loadFunction) {
  40. g_state = *(lua_State**)(_this + 0x30);
  41. return LuaScriptRuntime__RunFileInternalPtr(_this, scriptName, loadFunction);
  42. }
  43.  
  44. void createConsole(const char* title) {
  45. AllocConsole();
  46. SetConsoleTitleA(title);
  47.  
  48. freopen_s((FILE**)stdin, "conin$", "r", stdin);
  49. freopen_s((FILE**)stdout, "conout$", "w", stdout);
  50. }
  51.  
  52. DWORD WINAPI tmain(LPVOID lpParam) {
  53. createConsole("yung Executor");
  54.  
  55. MH_Initialize();
  56.  
  57. MH_CreateHook(LuaScriptRuntime__RunFileInternal, &LuaScriptRuntime__RunFileInternalDetour, (LPVOID*)&LuaScriptRuntime__RunFileInternalPtr);
  58. MH_EnableHook(LuaScriptRuntime__RunFileInternal);
  59.  
  60. char buffer[4096];
  61. DWORD dwRead;
  62. HANDLE pipe = CreateNamedPipeA("\\\\.\\pipe\\FivePipe",
  63. PIPE_ACCESS_DUPLEX,
  64. PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT,
  65. 1,
  66. sizeof(buffer) * 16,
  67. sizeof(buffer) * 16,
  68. NMPWAIT_USE_DEFAULT_WAIT,
  69. NULL);
  70. while (pipe != INVALID_HANDLE_VALUE) {
  71. if (ConnectNamedPipe(pipe, nullptr)) {
  72. while (ReadFile(pipe, buffer, sizeof(buffer) - 1, &dwRead, nullptr)) {
  73. if (g_state) {
  74. buffer[dwRead] = '\0';
  75.  
  76. lua_State* L = lua_newthread(g_state);
  77.  
  78. std::string script = "Citizen.CreateThread(function() ";
  79. script += buffer;
  80. script += " end)";
  81.  
  82. if (luaL_loadbuffer(L, script.c_str(), script.length(), "t") || lua_pcall(L, 0, LUA_MULTRET, 0)) {
  83. // Todo: Error output?
  84. }
  85. } else {
  86. MessageBoxA(NULL, "g_state was invalid, are you in a game?", NULL, MB_OK);
  87. }
  88. }
  89. }
  90.  
  91. DisconnectNamedPipe(pipe);
  92. }
  93.  
  94. return 0;
  95. }
  96.  
  97. BOOL APIENTRY DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpReserved) {
  98. switch (dwReason) {
  99. case DLL_PROCESS_ATTACH:
  100. DisableThreadLibraryCalls(hModule);
  101. CreateThread(NULL, 0, tmain, NULL, 0, NULL);
  102. break;
  103.  
  104. case DLL_PROCESS_DETACH:
  105. break;
  106.  
  107. default:
  108. break;
  109. }
  110.  
  111. return TRUE;
  112. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement