diff options
| author | auth12 <[email protected]> | 2020-08-06 15:33:18 +0100 |
|---|---|---|
| committer | auth12 <[email protected]> | 2020-08-06 15:33:18 +0100 |
| commit | d120e7b489adc42a4489c63305413dfe52ed8bbf (patch) | |
| tree | 6c114e3b0e8f22aa4c0210e2006a88ec63182b95 /client/src/security/security.h | |
| parent | More ui improvements. (diff) | |
| download | loader-d120e7b489adc42a4489c63305413dfe52ed8bbf.tar.xz loader-d120e7b489adc42a4489c63305413dfe52ed8bbf.zip | |
Improved CPU usage drastically.
Switched to directx9.
Reduced RAM usage by only remapping modules from a blacklist.
Diffstat (limited to 'client/src/security/security.h')
| -rw-r--r-- | client/src/security/security.h | 58 |
1 files changed, 57 insertions, 1 deletions
diff --git a/client/src/security/security.h b/client/src/security/security.h index 009622a..fd2a5f3 100644 --- a/client/src/security/security.h +++ b/client/src/security/security.h @@ -4,6 +4,8 @@ namespace security { extern std::unordered_map<std::string, std::vector<char>> parsed_images; + + struct patch_t { uintptr_t va; uint8_t original_op; @@ -11,5 +13,59 @@ namespace security { std::string module; }; - void thread(tcp::client &client); + void thread(tcp::client& client); + + __forceinline bool check(); + + __forceinline bool init() { + std::list<std::string> blacklist = { "ntdll.dll", "kernel32.dll" }; + + std::unordered_map<std::string, pe::virtual_image> memory_modules; + std::unordered_map<std::string, pe::image<true>> disk_modules; + if (!pe::get_all_modules(memory_modules)) { + io::log_error("failed to get loaded modules."); + return false; + } + + for (auto& [name, vi] : memory_modules) { + auto it = std::find(blacklist.begin(), blacklist.end(), name); + if (it == blacklist.end()) { + continue; + } + + std::vector<char> raw; + char path[MAX_PATH]; + GetModuleFileNameA(GetModuleHandleA(name.c_str()), path, MAX_PATH); + + if (!io::read_file(path, raw)) { + io::log("failed to read {}.", name); + continue; + } + + disk_modules[name] = pe::image<true>(raw); + } + + for (auto& [name, image] : disk_modules) { + std::vector<char> mem; + + image.copy(mem); + image.relocate(mem, uintptr_t(GetModuleHandleA(name.c_str()))); + + for (auto& [mod, funcs] : image.imports()) { + std::string mod_name{ mod }; + g_apiset.find(mod_name); + + for (auto& func : funcs) { + *reinterpret_cast<uintptr_t*>(&mem[func.rva]) = uintptr_t(GetProcAddress(GetModuleHandleA(mod_name.c_str()), func.name.c_str())); + } + } + + parsed_images[name] = mem; + } + + disk_modules.clear(); + memory_modules.clear(); + + return !parsed_images.empty(); + } };
\ No newline at end of file |