Sigscanner bypass (#703)

2022-12-15 11:38:03 +00:00 · 2022-12-15 11:38:03 +00:00 · b5b8a7b431
commit b5b8a7b431
parent 795929f96c
6 changed files with 19 additions and 17 deletions
--- a/src/backend/backend.cpp
+++ b/src/backend/backend.cpp
@ -14,7 +14,6 @@ namespace big
 		while (g_running) 
 		{
 			g->attempt_save();
-			// looped::system_disable_sigscanner();
 			looped::system_self_globals();
 			looped::system_update_pointers();
 			looped::system_desync_kick_protection();
--- a/src/backend/looped/looped.hpp
+++ b/src/backend/looped/looped.hpp
@ -41,7 +41,6 @@ namespace big
 		static void session_randomize_ceo_colors();
 		static void session_auto_kick_host();

-		static void system_disable_sigscanner();
 		static void system_self_globals();
 		static void system_update_pointers();
 		static void system_desync_kick_protection();
--- a/src/backend/looped/system/disable_sigscanner.cpp
+++ b/src/backend/looped/system/disable_sigscanner.cpp
@ -1,15 +0,0 @@
-#include "backend/looped/looped.hpp"
-#include "pointers.hpp"
-#include "rage/atSingleton.hpp"
-#include "security/RageSecurity.hpp"
-
-namespace big
-{
-    void looped::system_disable_sigscanner()
-    {
-        if (g_pointers->m_security->isValid())
-        {
-            g_pointers->m_security->getInstance()->m_interval = std::numeric_limits<std::uint32_t>::max();
-        }
-    }
-}
--- a/src/hooking.hpp
+++ b/src/hooking.hpp
@ -132,6 +132,8 @@ namespace big

 		static bool write_bitbuffer_gamer_handle(rage::datBitBuffer* buffer, rage::rlGamerHandle* handle);
 		static bool read_bitbuffer_gamer_handle(rage::datBitBuffer* buffer, rage::rlGamerHandle* handle);
+
+		static int nt_query_virtual_memory(void* _this, HANDLE handle, PVOID base_addr, int info_class, MEMORY_BASIC_INFORMATION* info, int size, size_t* return_len);
 	};

 	class minhook_keepalive
--- a/src/hooks/misc/nt_query_virtual_memory.cpp
+++ b/src/hooks/misc/nt_query_virtual_memory.cpp
@ -0,0 +1,10 @@
+#include "hooking.hpp"
+
+namespace big
+{
+	int hooks::nt_query_virtual_memory(void* _this, HANDLE handle, PVOID base_addr, int info_class, MEMORY_BASIC_INFORMATION* info, int size, size_t* return_len)
+	{
+		LOG(INFO) << "Reached here, base addr: " << base_addr;
+		return 1;
+	}
+}
--- a/src/pointers.cpp
+++ b/src/pointers.cpp
@ -3,6 +3,7 @@
 #include "memory/all.hpp"
 #include "rage/atSingleton.hpp"
 #include "security/RageSecurity.hpp"
+#include "hooking.hpp"

 namespace big
 {
@ -671,6 +672,12 @@ namespace big
 			m_invalid_decal_crash = ptr.add(1).rip().as<PVOID>();
 		});

+		// NTQVM Caller
+		main_batch.add("NTQVMC", "66 0F 6F 0D ? ? ? ? 66 0F 6F 05 ? ? ? ? 66 0F 66 C4", [this](memory::handle ptr)
+		{
+			memory::byte_patch::make(ptr.add(4).rip().sub(32).as<uint64_t*>(), (uint64_t)&hooks::nt_query_virtual_memory)->apply();
+		});
+
 		auto mem_region = memory::module("GTA5.exe");
 		main_batch.run(mem_region);