Backups/Akebi-GC
1
0
Fork 0
mirror of https://github.com/SunsetMkt/Akebi-GC.git synced 2025-09-19 03:56:05 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add project files.

Browse Source
This commit is contained in:
CallowBlack
2022-02-27 14:38:51 +03:00
commit 759118f830
47 changed files with 13969 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3487
injector/include/simple-ini.hpp Normal file
View File

File diff suppressed because it is too large Load Diff

210
injector/injector.vcxproj Normal file
View File

@ -0,0 +1,210 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
<ClCompile Include="src\injector.cpp" />
<ClCompile Include="src\main.cpp" />
<ClCompile Include="src\util.cpp" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="include\simple-ini.hpp" />
<ClInclude Include="src\injector.h" />
<ClInclude Include="src\util.h" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\cheat-library\cheat-library.vcxproj">
<Project>{704c8746-1bd9-4bc8-9ebe-8187f1a1ad72}</Project>
<LinkLibraryDependencies>false</LinkLibraryDependencies>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
<VCProjectVersion>16.0</VCProjectVersion>
<Keyword>Win32Proj</Keyword>
<ProjectGuid>{f578b30c-8de6-4741-99e4-1d30d2acdac4}</ProjectGuid>
<RootNamespace>testbypassmhyprot</RootNamespace>
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
<ProjectName>injector</ProjectName>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="Shared">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>false</LinkIncremental>
<OutDir>$(ProjectDir)bin\$(PlatformShortName)\$(Configuration)\</OutDir>
<IntDir>$(ProjectDir)bin\$(PlatformShortName)\$(Configuration)\obj\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
<OutDir>$(ProjectDir)bin\$(PlatformShortName)\$(Configuration)\</OutDir>
<IntDir>$(ProjectDir)bin\$(PlatformShortName)\$(Configuration)\obj\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>false</LinkIncremental>
<OutDir>$(ProjectDir)bin\$(PlatformShortName)\$(Configuration)\</OutDir>
<IntDir>$(ProjectDir)bin\$(PlatformShortName)\$(Configuration)\obj\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<OutDir>$(ProjectDir)bin\$(PlatformShortName)\$(Configuration)\</OutDir>
<IntDir>$(ProjectDir)bin\$(PlatformShortName)\$(Configuration)\obj\</IntDir>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<LanguageStandard>stdcpp17</LanguageStandard>
<AdditionalIncludeDirectories>$(ProjectDir)include/</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link>
<PostBuildEvent>
<Command>
</Command>
</PostBuildEvent>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<LanguageStandard>stdcpp17</LanguageStandard>
<AdditionalIncludeDirectories>$(ProjectDir)include/</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link>
<PostBuildEvent>
<Command>
</Command>
</PostBuildEvent>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>
</SDLCheck>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<LanguageStandard>stdcpp17</LanguageStandard>
<BufferSecurityCheck>false</BufferSecurityCheck>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<SupportJustMyCode>false</SupportJustMyCode>
<AdditionalIncludeDirectories>$(ProjectDir)include/</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
<ImageHasSafeExceptionHandlers>
</ImageHasSafeExceptionHandlers>
</Link>
<PostBuildEvent>
<Command>
</Command>
</PostBuildEvent>
<PreLinkEvent>
<Command>
</Command>
</PreLinkEvent>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<LanguageStandard>stdcpp17</LanguageStandard>
<AdditionalIncludeDirectories>$(ProjectDir)include/</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link>
<PostBuildEvent>
<Command>
</Command>
</PostBuildEvent>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

39
injector/injector.vcxproj.filters Normal file
View File

@ -0,0 +1,39 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="src\main.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\injector.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\util.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="src\injector.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\util.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="include\simple-ini.hpp">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
</Project>

412
injector/src/injector.cpp Normal file
View File

@ -0,0 +1,412 @@
#include "injector.h"
#if defined(DISABLE_OUTPUT)
#define ILog(data, ...)
#define IPrintError(text, ...)
#else
#define ILog(text, ...) printf(text, __VA_ARGS__)
#define ILogError(text, ...) ILog(text, __VA_ARGS__); std::cout << "Error: " << GetLastErrorAsString() << std::endl
#endif
#ifdef _WIN64
#define CURRENT_ARCH IMAGE_FILE_MACHINE_AMD64
#else
#define CURRENT_ARCH IMAGE_FILE_MACHINE_I386
#endif
bool InjectDLL(HANDLE hProc, const std::string& filepath) {
#ifndef _DEBUG // _DEBUG
// Using LoadLibrary inject to be able to debug DLL in attached process.
// NOTE. For debug also needs disable mhyprot protection. (See protection-bypass.h in cheat-library)
bool result = LoadLibraryInject(hProc, filepath);
#else
std::ifstream file(filepath, std::ios::in | std::ios::binary | std::ios::ate);
if (!file.is_open())
{
std::cout << "Error while reading DLL file!" << std::endl;
return false;
}
std::streampos size = file.tellg();
auto memblock = new char[size];
file.seekg(0, std::ios::beg);
file.read(memblock, size);
file.close();
BYTE* fileContent = (BYTE*)memblock;
// Manual map injection will help us to be like a assasin
bool result = ManualMapDll(hProc, fileContent, size);
delete[] memblock;
#endif
return result;
}
#ifdef _DEBUG
static bool LoadLibraryInject(HANDLE hProc, const std::string& dllpath)
{
HMODULE hKernel = GetModuleHandle("kernel32.dll");
if (hKernel == NULL) {
ILogError("[DLL Injection] Failed to get kernel32.dll module address.\n");
return false;
}
LPVOID pLoadLibrary = (LPVOID)GetProcAddress(hKernel, "LoadLibraryA");
if (pLoadLibrary == NULL) {
ILogError("[DLL Injection] Failed to get LoadLibraryA address.\n");
return false;
}
LPVOID pDLLPath = VirtualAllocEx(hProc, NULL, strlen(dllpath.c_str()) + 1, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (pDLLPath == NULL) {
ILogError("[DLL Injection] Failed to allocate memory for DLLPath in target process.\n");
return false;
}
// Write the string name of our DLL in the memory allocated
BOOL writeResult = WriteProcessMemory(hProc, pDLLPath, dllpath.c_str(), strlen(dllpath.c_str()), NULL);
if (writeResult == FALSE) {
ILogError("[DLL Injection] Failed to write remote process memory.\n");
return false;
}
// Load our DLL by calling loadlibrary in the other process and passing our dll name
HANDLE hThread = CreateRemoteThread(hProc, NULL, NULL, (LPTHREAD_START_ROUTINE)pLoadLibrary, (LPVOID)pDLLPath, NULL, NULL);
if (hThread == NULL) {
ILogError("[DLL Injection] Failed to create remote thread.\n");
VirtualFreeEx(hProc, pDLLPath, 0, MEM_RELEASE);
return false;
}
CloseHandle(hThread);
// TODO: Add waiting for thread end and release unneccessary data.
// VirtualFreeEx(hProc, pDLLPath, 0, MEM_RELEASE);
ILogError("[DLL Injection] Successfully LoadLibraryA injection.\n");
return true;
}
#endif // _DEBUG
bool ManualMapDll(HANDLE hProc, BYTE* pSrcData, SIZE_T FileSize, bool ClearHeader, bool ClearNonNeededSections, bool AdjustProtections, bool SEHExceptionSupport, DWORD fdwReason) {
IMAGE_NT_HEADERS* pOldNtHeader = nullptr;
IMAGE_OPTIONAL_HEADER* pOldOptHeader = nullptr;
IMAGE_FILE_HEADER* pOldFileHeader = nullptr;
BYTE* pTargetBase = nullptr;
if (reinterpret_cast<IMAGE_DOS_HEADER*>(pSrcData)->e_magic != 0x5A4D) { //"MZ"
ILog("[DLL injection] Invalid file\n");
return false;
}
pOldNtHeader = reinterpret_cast<IMAGE_NT_HEADERS*>(pSrcData + reinterpret_cast<IMAGE_DOS_HEADER*>(pSrcData)->e_lfanew);
pOldOptHeader = &pOldNtHeader->OptionalHeader;
pOldFileHeader = &pOldNtHeader->FileHeader;
if (pOldFileHeader->Machine != CURRENT_ARCH) {
ILog("[DLL injection] Invalid platform.\n");
return false;
}
ILog("[DLL injection] File ok\n");
pTargetBase = reinterpret_cast<BYTE*>(VirtualAllocEx(hProc, nullptr, pOldOptHeader->SizeOfImage, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE));
if (!pTargetBase) {
ILogError("[DLL injection] Target process memory allocation failed (ex)\n");
return false;
}
DWORD oldp = 0;
VirtualProtectEx(hProc, pTargetBase, pOldOptHeader->SizeOfImage, PAGE_EXECUTE_READWRITE, &oldp);
MANUAL_MAPPING_DATA data{ 0 };
data.pLoadLibraryA = LoadLibraryA;
data.pGetProcAddress = GetProcAddress;
#ifdef _WIN64
data.pRtlAddFunctionTable = (f_RtlAddFunctionTable)RtlAddFunctionTable;
#else
SEHExceptionSupport = false;
#endif
data.pbase = pTargetBase;
data.fdwReasonParam = fdwReason;
data.SEHSupport = SEHExceptionSupport;
//File header
if (!WriteProcessMemory(hProc, pTargetBase, pSrcData, 0x1000, nullptr)) { //only first 0x1000 bytes for the header
ILogError("[DLL injection] Can't write file header.\n");
VirtualFreeEx(hProc, pTargetBase, 0, MEM_RELEASE);
return false;
}
IMAGE_SECTION_HEADER* pSectionHeader = IMAGE_FIRST_SECTION(pOldNtHeader);
for (UINT i = 0; i != pOldFileHeader->NumberOfSections; ++i, ++pSectionHeader) {
if (pSectionHeader->SizeOfRawData) {
if (!WriteProcessMemory(hProc, pTargetBase + pSectionHeader->VirtualAddress, pSrcData + pSectionHeader->PointerToRawData, pSectionHeader->SizeOfRawData, nullptr)) {
ILogError("[DLL injection] Can't map sections.\n");
VirtualFreeEx(hProc, pTargetBase, 0, MEM_RELEASE);
return false;
}
}
}
//Mapping params
BYTE* MappingDataAlloc = reinterpret_cast<BYTE*>(VirtualAllocEx(hProc, nullptr, sizeof(MANUAL_MAPPING_DATA), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE));
if (!MappingDataAlloc) {
ILogError("[DLL injection] Target process mapping allocation failed (ex).\n");
VirtualFreeEx(hProc, pTargetBase, 0, MEM_RELEASE);
return false;
}
if (!WriteProcessMemory(hProc, MappingDataAlloc, &data, sizeof(MANUAL_MAPPING_DATA), nullptr)) {
ILogError("[DLL injection] Can't write mapping.\n");
VirtualFreeEx(hProc, pTargetBase, 0, MEM_RELEASE);
VirtualFreeEx(hProc, MappingDataAlloc, 0, MEM_RELEASE);
return false;
}
//Shell code
void* pShellcode = VirtualAllocEx(hProc, nullptr, 0x1000, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if (!pShellcode) {
ILogError("[DLL injection] Memory shellcode allocation failed (ex).\n");
VirtualFreeEx(hProc, pTargetBase, 0, MEM_RELEASE);
VirtualFreeEx(hProc, MappingDataAlloc, 0, MEM_RELEASE);
return false;
}
if (!WriteProcessMemory(hProc, pShellcode, Shellcode, 0x1000, nullptr)) {
ILogError("[DLL injection] Can't write shellcode.\n");
VirtualFreeEx(hProc, pTargetBase, 0, MEM_RELEASE);
VirtualFreeEx(hProc, MappingDataAlloc, 0, MEM_RELEASE);
VirtualFreeEx(hProc, pShellcode, 0, MEM_RELEASE);
return false;
}
ILog("[DLL injection] Mapped DLL at %p\n", pTargetBase);
ILog("[DLL injection] Mapping info at %p\n", MappingDataAlloc);
ILog("[DLL injection] Shell code at %p\n", pShellcode);
ILog("[DLL injection] Data allocated\n");
#ifdef _DEBUG
ILog("[DLL injection] My shellcode pointer %p\n", Shellcode);
ILog("[DLL injection] Target point %p\n", pShellcode);
#endif
HANDLE hThread = CreateRemoteThread(hProc, nullptr, 0, reinterpret_cast<LPTHREAD_START_ROUTINE>(pShellcode), MappingDataAlloc, 0, nullptr);
if (!hThread) {
ILogError("[DLL injection] Thread creation failed.\n");
VirtualFreeEx(hProc, pTargetBase, 0, MEM_RELEASE);
VirtualFreeEx(hProc, MappingDataAlloc, 0, MEM_RELEASE);
VirtualFreeEx(hProc, pShellcode, 0, MEM_RELEASE);
return false;
}
CloseHandle(hThread);
ILog("[DLL injection] Thread created at: %p, waiting for return...\n", pShellcode);
HINSTANCE hCheck = NULL;
while (!hCheck) {
DWORD exitcode = 0;
GetExitCodeProcess(hProc, &exitcode);
if (exitcode != STILL_ACTIVE) {
ILog("[DLL injection] Process crashed, exit code: 0x%x\n", exitcode);
return false;
}
MANUAL_MAPPING_DATA data_checked{ 0 };
ReadProcessMemory(hProc, MappingDataAlloc, &data_checked, sizeof(data_checked), nullptr);
hCheck = data_checked.hMod;
if (hCheck == (HINSTANCE)0x404040) {
ILog("[DLL injection] Wrong mapping ptr.\n");
VirtualFreeEx(hProc, pTargetBase, 0, MEM_RELEASE);
VirtualFreeEx(hProc, MappingDataAlloc, 0, MEM_RELEASE);
VirtualFreeEx(hProc, pShellcode, 0, MEM_RELEASE);
return false;
}
else if (hCheck == (HINSTANCE)0x505050) {
ILog("[DLL injection] WARNING: Exception support failed!\n");
}
Sleep(10);
}
BYTE* emptyBuffer = (BYTE*)malloc(1024 * 1024 * 20);
if (emptyBuffer == nullptr) {
ILog("[DLL injection] Unable to allocate memory\n");
return false;
}
memset(emptyBuffer, 0, 1024 * 1024 * 20);
//CLEAR PE HEAD
if (ClearHeader) {
if (!WriteProcessMemory(hProc, pTargetBase, emptyBuffer, 0x1000, nullptr)) {
ILogError("[DLL injection] WARNING!: Can't clear HEADER\n");
}
}
//END CLEAR PE HEAD
if (ClearNonNeededSections) {
pSectionHeader = IMAGE_FIRST_SECTION(pOldNtHeader);
for (UINT i = 0; i != pOldFileHeader->NumberOfSections; ++i, ++pSectionHeader) {
if (pSectionHeader->Misc.VirtualSize) {
if ((SEHExceptionSupport ? 0 : strcmp((char*)pSectionHeader->Name, ".pdata") == 0) ||
strcmp((char*)pSectionHeader->Name, ".rsrc") == 0 ||
strcmp((char*)pSectionHeader->Name, ".reloc") == 0) {
ILog("[DLL injection] Processing %s removal\n", pSectionHeader->Name);
if (!WriteProcessMemory(hProc, pTargetBase + pSectionHeader->VirtualAddress, emptyBuffer, pSectionHeader->Misc.VirtualSize, nullptr)) {
ILogError("[DLL injection] Can't clear section %s.\n", pSectionHeader->Name);
}
}
}
}
}
if (AdjustProtections) {
pSectionHeader = IMAGE_FIRST_SECTION(pOldNtHeader);
for (UINT i = 0; i != pOldFileHeader->NumberOfSections; ++i, ++pSectionHeader) {
if (pSectionHeader->Misc.VirtualSize) {
DWORD old = 0;
DWORD newP = PAGE_READONLY;
if ((pSectionHeader->Characteristics & IMAGE_SCN_MEM_WRITE) > 0) {
newP = PAGE_READWRITE;
}
else if ((pSectionHeader->Characteristics & IMAGE_SCN_MEM_EXECUTE) > 0) {
newP = PAGE_EXECUTE_READ;
}
if (VirtualProtectEx(hProc, pTargetBase + pSectionHeader->VirtualAddress, pSectionHeader->Misc.VirtualSize, newP, &old)) {
ILog("[DLL injection] Section %s set as %lX\n", (char*)pSectionHeader->Name, newP);
}
else {
ILog("[DLL injection] FAIL: section %s not set as %lX\n", (char*)pSectionHeader->Name, newP);
}
}
}
DWORD old = 0;
VirtualProtectEx(hProc, pTargetBase, IMAGE_FIRST_SECTION(pOldNtHeader)->VirtualAddress, PAGE_READONLY, &old);
}
if (!WriteProcessMemory(hProc, pShellcode, emptyBuffer, 0x1000, nullptr)) {
ILog("[DLL injection] WARNING: Can't clear shellcode\n");
}
if (!VirtualFreeEx(hProc, pShellcode, 0, MEM_RELEASE)) {
ILog("[DLL injection] WARNING: can't release shell code memory\n");
}
if (!VirtualFreeEx(hProc, MappingDataAlloc, 0, MEM_RELEASE)) {
ILog("[DLL injection] WARNING: can't release mapping data memory\n");
}
return true;
}
#define RELOC_FLAG32(RelInfo) ((RelInfo >> 0x0C) == IMAGE_REL_BASED_HIGHLOW)
#define RELOC_FLAG64(RelInfo) ((RelInfo >> 0x0C) == IMAGE_REL_BASED_DIR64)
#ifdef _WIN64
#define RELOC_FLAG RELOC_FLAG64
#else
#define RELOC_FLAG RELOC_FLAG32
#endif
#pragma runtime_checks( "", off )
#pragma optimize( "", off )
void __stdcall Shellcode(MANUAL_MAPPING_DATA* pData) {
if (!pData) {
pData->hMod = (HINSTANCE)0x404040;
return;
}
BYTE* pBase = pData->pbase;
auto* pOpt = &reinterpret_cast<IMAGE_NT_HEADERS*>(pBase + reinterpret_cast<IMAGE_DOS_HEADER*>((uintptr_t)pBase)->e_lfanew)->OptionalHeader;
auto _LoadLibraryA = pData->pLoadLibraryA;
auto _GetProcAddress = pData->pGetProcAddress;
#ifdef _WIN64
auto _RtlAddFunctionTable = pData->pRtlAddFunctionTable;
#endif
auto _DllMain = reinterpret_cast<f_DLL_ENTRY_POINT>(pBase + pOpt->AddressOfEntryPoint);
BYTE* LocationDelta = pBase - pOpt->ImageBase;
if (LocationDelta) {
if (pOpt->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size) {
auto* pRelocData = reinterpret_cast<IMAGE_BASE_RELOCATION*>(pBase + pOpt->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress);
const auto* pRelocEnd = reinterpret_cast<IMAGE_BASE_RELOCATION*>(reinterpret_cast<uintptr_t>(pRelocData) + pOpt->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size);
while (pRelocData < pRelocEnd && pRelocData->SizeOfBlock) {
UINT AmountOfEntries = (pRelocData->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(WORD);
WORD* pRelativeInfo = reinterpret_cast<WORD*>(pRelocData + 1);
for (UINT i = 0; i != AmountOfEntries; ++i, ++pRelativeInfo) {
if (RELOC_FLAG(*pRelativeInfo)) {
UINT_PTR* pPatch = reinterpret_cast<UINT_PTR*>(pBase + pRelocData->VirtualAddress + ((*pRelativeInfo) & 0xFFF));
*pPatch += reinterpret_cast<UINT_PTR>(LocationDelta);
}
}
pRelocData = reinterpret_cast<IMAGE_BASE_RELOCATION*>(reinterpret_cast<BYTE*>(pRelocData) + pRelocData->SizeOfBlock);
}
}
}
if (pOpt->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size) {
auto* pImportDescr = reinterpret_cast<IMAGE_IMPORT_DESCRIPTOR*>(pBase + pOpt->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
while (pImportDescr->Name) {
char* szMod = reinterpret_cast<char*>(pBase + pImportDescr->Name);
HINSTANCE hDll = _LoadLibraryA(szMod);
ULONG_PTR* pThunkRef = reinterpret_cast<ULONG_PTR*>(pBase + pImportDescr->OriginalFirstThunk);
ULONG_PTR* pFuncRef = reinterpret_cast<ULONG_PTR*>(pBase + pImportDescr->FirstThunk);
if (!pThunkRef)
pThunkRef = pFuncRef;
for (; *pThunkRef; ++pThunkRef, ++pFuncRef) {
if (IMAGE_SNAP_BY_ORDINAL(*pThunkRef)) {
*pFuncRef = (ULONG_PTR)_GetProcAddress(hDll, reinterpret_cast<char*>(*pThunkRef & 0xFFFF));
}
else {
auto* pImport = reinterpret_cast<IMAGE_IMPORT_BY_NAME*>(pBase + (*pThunkRef));
*pFuncRef = (ULONG_PTR)_GetProcAddress(hDll, pImport->Name);
}
}
++pImportDescr;
}
}
if (pOpt->DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size) {
auto* pTLS = reinterpret_cast<IMAGE_TLS_DIRECTORY*>(pBase + pOpt->DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
auto* pCallback = reinterpret_cast<PIMAGE_TLS_CALLBACK*>(pTLS->AddressOfCallBacks);
for (; pCallback && *pCallback; ++pCallback)
(*pCallback)(pBase, DLL_PROCESS_ATTACH, nullptr);
}
bool ExceptionSupportFailed = false;
#ifdef _WIN64
if (pData->SEHSupport) {
auto excep = pOpt->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXCEPTION];
if (excep.Size) {
if (!_RtlAddFunctionTable(
reinterpret_cast<IMAGE_RUNTIME_FUNCTION_ENTRY*>(pBase + excep.VirtualAddress),
excep.Size / sizeof(IMAGE_RUNTIME_FUNCTION_ENTRY), (DWORD64)pBase)) {
ExceptionSupportFailed = true;
}
}
}
#endif
_DllMain(pBase, pData->fdwReasonParam, nullptr);
if (ExceptionSupportFailed)
pData->hMod = reinterpret_cast<HINSTANCE>(0x505050);
else
pData->hMod = reinterpret_cast<HINSTANCE>(pBase);
}

48
injector/src/injector.h Normal file
View File

@ -0,0 +1,48 @@
#pragma once
#include <Windows.h>
#include <iostream>
#include <fstream>
#include <TlHelp32.h>
#include <stdio.h>
#include <string>
#include "util.h"
using f_LoadLibraryA = HINSTANCE(WINAPI*)(const char* lpLibFilename);
using f_GetProcAddress = FARPROC(WINAPI*)(HMODULE hModule, LPCSTR lpProcName);
using f_DLL_ENTRY_POINT = BOOL(WINAPI*)(void* hDll, DWORD dwReason, void* pReserved);
#ifdef _WIN64
using f_RtlAddFunctionTable = BOOL(WINAPIV*)(PRUNTIME_FUNCTION FunctionTable, DWORD EntryCount, DWORD64 BaseAddress);
#endif
struct ConfigInfo {
bool disableMhyprot;
bool consoleLogging;
};
struct MANUAL_MAPPING_DATA
{
f_LoadLibraryA pLoadLibraryA;
f_GetProcAddress pGetProcAddress;
#ifdef _WIN64
f_RtlAddFunctionTable pRtlAddFunctionTable;
#endif
BYTE* pbase;
HINSTANCE hMod;
DWORD fdwReasonParam;
LPVOID reservedParam;
BOOL SEHSupport;
};
bool InjectDLL(HANDLE hProc, const std::string& filepath);
#ifdef _DEBUG
static bool LoadLibraryInject(HANDLE hProc, const std::string& dllpath);
#endif
// Note: Exception support only x64 with build params /EHa or /EHc
bool ManualMapDll(HANDLE hProc, BYTE* pSrcData, SIZE_T FileSize, bool ClearHeader = false, bool ClearNonNeededSections = false, bool AdjustProtections = false, bool SEHExceptionSupport = false, DWORD fdwReason = DLL_PROCESS_ATTACH);
void __stdcall Shellcode(MANUAL_MAPPING_DATA* pData);

91
injector/src/main.cpp Normal file
View File

@ -0,0 +1,91 @@
#include <Windows.h>
#include <iostream>
#include <sstream>
#include <filesystem>
#include "injector.h"
#include "simple-ini.hpp"
#include "util.h"
const std::string GlobalGenshinProcName = "GenshinImpact.exe";
const std::string ChinaGenshinProcName = "YuanShen.exe";
const char* INIFileName = "config.ini";
static CSimpleIni ini;
HANDLE OpenGenshinProcess();
int main(int argc, char* argv[])
{
auto path = std::filesystem::path(argv[0]).parent_path();
std::filesystem::current_path(path);
WaitForCloseProcess(GlobalGenshinProcName);
WaitForCloseProcess(ChinaGenshinProcName);
Sleep(1000); // Wait for unloading all dlls.
ini.SetUnicode();
ini.LoadFile(INIFileName);
HANDLE hProcess = OpenGenshinProcess();
if (hProcess == NULL)
{
std::cout << "Failed to open GenshinImpact process." << std::endl;
return 1;
}
ini.SaveFile(INIFileName);
std::filesystem::current_path(path);
std::string filename = (argc == 2 ? argv[1] : "CLibrary.dll");
std::filesystem::path currentDllPath = std::filesystem::current_path() / filename;
std::filesystem::path tempDllPath = std::filesystem::temp_directory_path() / filename;
std::filesystem::copy(currentDllPath, tempDllPath, std::filesystem::copy_options::update_existing);
InjectDLL(hProcess, tempDllPath.string());
CloseHandle(hProcess);
}
HANDLE OpenGenshinProcess() {
STARTUPINFOA startInfo{};
PROCESS_INFORMATION processInformation{};
auto savedPath = ini.GetValue("Inject", "GenshinPath");
bool exePathNotExist = savedPath == nullptr;
std::string* filePath = exePathNotExist ? nullptr : new std::string(savedPath);
if (exePathNotExist) {
std::cout << "Genshin path not found. Please point to it manually. ^)" << std::endl;
filePath = GetFilePathByUser();
if (filePath == nullptr) {
std::cout << "Failed to get genshin path from user. Exiting..." << std::endl;
return NULL;
}
}
BOOL result = CreateProcessA(filePath->c_str(),
nullptr, 0, 0, false, CREATE_SUSPENDED, nullptr, nullptr, &startInfo, &processInformation);
if (result == FALSE) {
std::cout << "Failed to create game process." << std::endl;
std::cout << "Error: " << GetLastErrorAsString() << std::endl;
std::cout << "If you have problem with GenshinImpact.exe path. You can change it manually in " << INIFileName << "." << std::endl;
return NULL;
}
if (exePathNotExist) {
ini.SetValue("Inject", "genshinPath", (*filePath).c_str());
std::cout << "New GenshinImpact.exe path saved to " << INIFileName << "." << std::endl;
}
delete filePath;
std::cout << "Created game process." << std::endl;
ResumeThread(processInformation.hThread);
return processInformation.hProcess;
}

107
injector/src/util.cpp Normal file
View File

@ -0,0 +1,107 @@
#include "util.h"
#include <TlHelp32.h>
#include <iostream>
#include <sstream>
//Returns the last Win32 error, in string format. Returns an empty string if there is no error.
std::string GetLastErrorAsString()
{
//Get the error message ID, if any.
DWORD errorMessageID = ::GetLastError();
if (errorMessageID == 0) {
return std::string(); //No error message has been recorded
}
LPSTR messageBuffer = nullptr;
//Ask Win32 to give us the string version of that message ID.
//The parameters we pass in, tell Win32 to create the buffer that holds the message for us (because we don't yet know how long the message string will be).
size_t size = FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, errorMessageID, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPSTR)&messageBuffer, 0, NULL);
//Copy the error message into a std::string.
std::string message(messageBuffer, size);
//Free the Win32's string's buffer.
LocalFree(messageBuffer);
return message;
}
std::string* GetFilePathByUser() {
// common dialog box structure, setting all fields to 0 is important
OPENFILENAME ofn = { 0 };
TCHAR szFile[260] = { 0 };
// Initialize remaining fields of OPENFILENAME structure
ofn.lStructSize = sizeof(ofn);
ofn.hwndOwner = NULL;
ofn.lpstrFile = szFile;
ofn.nMaxFile = sizeof(szFile);
ofn.lpstrFilter = "Executable\0*.exe\0";
ofn.nFilterIndex = 1;
ofn.lpstrFileTitle = NULL;
ofn.nMaxFileTitle = 0;
ofn.lpstrInitialDir = NULL;
ofn.Flags = OFN_PATHMUSTEXIST | OFN_FILEMUSTEXIST;
if (GetOpenFileName(&ofn) == TRUE)
{
return new std::string(szFile);
}
return nullptr;
}
int FindProcessId(const std::string& processName) {
int pid = -1;
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 process;
ZeroMemory(&process, sizeof(process));
process.dwSize = sizeof(process);
if (Process32First(snapshot, &process))
{
do
{
if (std::string(process.szExeFile) == processName)
{
pid = process.th32ProcessID;
break;
}
} while (Process32Next(snapshot, &process));
}
CloseHandle(snapshot);
return pid;
}
void WaitForCloseProcess(const std::string& processName) {
int pid = FindProcessId(processName);
if (pid == -1)
return;
std::cout << "Found '" << processName << "' process. Waiting for closing..." << std::endl;
#ifdef _DEBUG
std::stringstream stream;
stream << "taskkill /F /T /IM " << processName;
int retval = system(stream.str().c_str());
std::cout << "Trying to kill process." << std::endl;
#endif
HANDLE hProc = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, pid);
DWORD exitCode = 0;
while (hProc && (GetExitCodeProcess(hProc, &exitCode), exitCode == STILL_ACTIVE)) {
Sleep(1000);
}
if (hProc != NULL)
CloseHandle(hProc);
}

9
injector/src/util.h Normal file
View File

@ -0,0 +1,9 @@
#include <string>
#include <Windows.h>
#pragma once
std::string GetLastErrorAsString();
std::string* GetFilePathByUser();
int FindProcessId(const std::string& processName);
void WaitForCloseProcess(const std::string& processName);