diff options
Diffstat (limited to 'client/src/injection/mapper.cpp')
| -rw-r--r-- | client/src/injection/mapper.cpp | 122 |
1 files changed, 110 insertions, 12 deletions
diff --git a/client/src/injection/mapper.cpp b/client/src/injection/mapper.cpp index 1951ab2..c7f771c 100644 --- a/client/src/injection/mapper.cpp +++ b/client/src/injection/mapper.cpp @@ -9,11 +9,116 @@ void mmap::thread(tcp::client& client) { std::this_thread::sleep_for(std::chrono::seconds(1)); } + if (client.selected_game.x64) { + map64(client); + + return; + } + + map32(client); +} + +void mmap::map32(tcp::client& client) { + util::system_data_t dat; + util::fetch_system_data(dat); + + auto needle = std::find_if(dat.processes.begin(), dat.processes.end(), [&](util::process_data_t& dat) { + return dat.name == client.selected_game.process_name; + }); + + if (needle == dat.processes.end()) { + io::log_error("failed to find process."); + return; + } + + util::process<uint32_t> proc(*needle); + + if (!proc.open()) { + return; + } + + if (!proc.enum_modules()) { + io::log_error("failed to enum {} modules", proc.name()); + return; + } + + auto image = proc.allocate(client.mapper_data.image_size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); + if (!image) { + io::log_error("failed to allocate memory for image."); + return; + } + + io::log("image base : {:x}", image); + + auto imports = nlohmann::json::parse(client.mapper_data.imports); + + nlohmann::json final_imports; + for (auto& [key, value] : imports.items()) { + for (auto& i : value) { + auto name = i.get<std::string>(); + + final_imports[name] = proc.module_export(proc.map(key), name); + } + } + imports.clear(); + + nlohmann::json resp; + resp["alloc"] = image; + resp["id"] = client.selected_game.process_name; + resp["x64"] = client.selected_game.x64; + + client.write(tcp::packet_t(resp.dump(), tcp::packet_type::write, client.session_id, tcp::packet_id::image)); + resp.clear(); + + client.stream(final_imports.dump()); + final_imports.clear(); + + io::log("please wait..."); + while (client.state != tcp::client_state::image_ready) { + std::this_thread::sleep_for(std::chrono::seconds(1)); + } + + if (!proc.write(image, client.mapper_data.image.data(), client.mapper_data.image.size())) { + io::log_error("failed to write image."); + return; + } + client.mapper_data.image.clear(); + + auto entry = image + client.mapper_data.entry; + + io::log("entry : {:x}", entry); + + static std::vector<uint8_t> shellcode = { 0x55, 0x89, 0xE5, 0x6A, 0x00, 0x6A, 0x01, 0x68, 0xEF, 0xBE, + 0xAD, 0xDE, 0xB8, 0xEF, 0xBE, 0xAD, 0xDE, 0xFF, 0xD0, 0x89, 0xEC, 0x5D, 0xC3 }; + + *reinterpret_cast<uint32_t*>(&shellcode[8]) = image; + *reinterpret_cast<uint32_t*>(&shellcode[13]) = entry; + + auto code = proc.allocate(shellcode.size(), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); + if (!proc.write(code, shellcode.data(), shellcode.size())) { + io::log_error("failed to write shellcode."); + return; + } + + io::log("shellcode : {:x}", code); + + proc.thread(code); + + proc.free(code, shellcode.size()); + + proc.close(); + + client.state = tcp::client_state::injected; + + io::log("done"); +} + +void mmap::map64(tcp::client& client) { util::system_data_t dat; util::fetch_system_data(dat); auto needle = std::find_if(dat.processes.begin(), dat.processes.end(), [&](util::process_data_t& dat) { - return dat.name == "sublime_text.exe"; + return dat.name == client.selected_game.process_name; }); if (needle == dat.processes.end()) { @@ -54,7 +159,8 @@ void mmap::thread(tcp::client& client) { nlohmann::json resp; resp["alloc"] = image; - resp["id"] = client.selected_game.id; + resp["id"] = client.selected_game.process_name; + resp["x64"] = client.selected_game.x64; client.write(tcp::packet_t(resp.dump(), tcp::packet_type::write, client.session_id, tcp::packet_id::image)); resp.clear(); @@ -77,15 +183,9 @@ void mmap::thread(tcp::client& client) { io::log("entry : {:x}", entry); - /*static std::vector<uint8_t> shellcode = { 0x55, 0x89, 0xE5, 0x6A, 0x00, 0x6A, 0x01, 0x68, 0xEF, 0xBE, - 0xAD, 0xDE, 0xB8, 0xEF, 0xBE, 0xAD, 0xDE, 0xFF, 0xD0, 0x89, 0xEC, 0x5D, 0xC3 };*/ - static std::vector<uint8_t> shellcode = { 0x48, 0x83, 0xEC, 0x28, 0x48, 0xB9, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x48, 0xC7, 0xC2,0x01, 0x00, 0x00, 0x00, 0x4D, 0x31, 0xC0, - 0x48, 0xB8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xD0, 0x48, 0x83, 0xC4, 0x28, 0xC3 }; - - /**reinterpret_cast<uint32_t*>(&shellcode[8]) = image; - *reinterpret_cast<uint32_t*>(&shellcode[13]) = entry;*/ + 0x00, 0x00, 0x00, 0x00, 0x48, 0xC7, 0xC2,0x01, 0x00, 0x00, 0x00, 0x4D, 0x31, 0xC0, + 0x48, 0xB8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xD0, 0x48, 0x83, 0xC4, 0x28, 0xC3 }; *reinterpret_cast<uint64_t*>(&shellcode[6]) = image; *reinterpret_cast<uint64_t*>(&shellcode[26]) = entry; @@ -102,8 +202,6 @@ void mmap::thread(tcp::client& client) { proc.free(code, shellcode.size()); - //proc.free(image, client.mapper_data.image_size); - proc.close(); client.state = tcp::client_state::injected; |