vac bypass is now embedded inside the loader

b1scoito · Mar 24, 2021 · 181978d · 181978d
1 parent ea7db42
commit 181978d
Show file tree

Hide file tree

Showing 9 changed files with 1,550 additions and 109 deletions.
diff --git a/cozinha_loader/cozinha_loader.vcxproj b/cozinha_loader/cozinha_loader.vcxproj
@@ -115,6 +115,7 @@
     </ClCompile>
   </ItemGroup>
   <ItemGroup>
+    <ClInclude Include="data.hpp" />
     <ClInclude Include="injection.hpp" />
     <ClInclude Include="logger.hpp" />
     <ClInclude Include="memory.hpp" />

diff --git a/cozinha_loader/cozinha_loader.vcxproj.filters b/cozinha_loader/cozinha_loader.vcxproj.filters
@@ -19,6 +19,9 @@
     <Filter Include="helpers\utils">
       <UniqueIdentifier>{5dfeec10-d957-4322-8a9a-3f33434a2c17}</UniqueIdentifier>
     </Filter>
+    <Filter Include="helpers\vac3_bypass">
+      <UniqueIdentifier>{1771c7ca-3cf1-4f5a-8fb0-c784c17f5d96}</UniqueIdentifier>
+    </Filter>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="main.cpp" />
@@ -45,5 +48,8 @@
     <ClInclude Include="injection.hpp">
       <Filter>loader</Filter>
     </ClInclude>
+    <ClInclude Include="data.hpp">
+      <Filter>helpers\vac3_bypass</Filter>
+    </ClInclude>
   </ItemGroup>
 </Project>
diff --git a/cozinha_loader/data.hpp b/cozinha_loader/data.hpp
diff --git a/cozinha_loader/injection.cpp b/cozinha_loader/injection.cpp
@@ -1,27 +1,17 @@
 #include "pch.hpp"
 #include "injection.hpp"
 
-bool injector::map( std::string process, std::wstring module_name, std::filesystem::path path_to_dll )
+bool injector::map( std::string process, std::wstring module_name, std::vector<std::uint8_t> binary_bytes )
 {
-	std::vector<std::uint8_t> buffer {};
-
-	// Reading file and writing it to a variable
-	if (!utils::read_file_to_memory( path_to_dll.string(), &buffer ))
-	{
-		_loge( "Failed to write %ls to buffer.", path_to_dll.filename().c_str() );
-		return EXIT_FAILURE;
-	}
-
 	// Wait for process to be opened
-	auto proc_list = memory::get_process_list();
+	auto process_list = memory::get_process_list();
 	while (true)
 	{
-		proc_list = memory::get_process_list();
-		if (memory::is_process_open( proc_list, process ))
-			break;
-
-		// this is a magic number, and for some reason, if it's not 1 second, won't load csgo.
 		std::this_thread::sleep_for( std::chrono::seconds( 1 ) );
+
+		process_list = memory::get_process_list();
+		if (memory::is_process_open( process_list, process ))
+			break;
 	}
 
 	if (process.find( "csgo" ) != std::string::npos)
@@ -48,22 +38,22 @@ bool injector::map( std::string process, std::wstring module_name, std::filesyst
 			CloseHandle( h_process );
 		};
 
-		bypass_nt_open_file( memory::get_process_id_by_name( proc_list, process ) );
-		_logi( "NtOpenFile bypass applied." );
+		bypass_nt_open_file( memory::get_process_id_by_name( process_list, process ) );
 	}
 
 	// Spawning blackbone process variable
 	blackbone::Process bb_process {};
 
 	// Attaching blackbone to the process
-	bb_process.Attach( memory::get_process_id_by_name( proc_list, process ), PROCESS_ALL_ACCESS );
-
-	_logi( "Injection with %ls is waiting for module %ls in %s.", path_to_dll.filename().c_str(), module_name.c_str(), process.c_str() );
+	bb_process.Attach( memory::get_process_id_by_name( process_list, process ), PROCESS_ALL_ACCESS );
+	_logd( "Injecting into %s, waiting for %ls.", process.c_str(), module_name.c_str() );
 
 	// Wait for a process module so we can continue with injection.
-	auto mod_ready = false;
+	bool mod_ready = false;
 	while (!mod_ready)
 	{
+		std::this_thread::sleep_for( std::chrono::milliseconds( 500 ) );
+
 		for (const auto &mod : bb_process.modules().GetAllModules())
 		{
 			if (mod.first.first == module_name)
@@ -75,8 +65,6 @@ bool injector::map( std::string process, std::wstring module_name, std::filesyst
 
 		if (mod_ready)
 			break;
-
-		std::this_thread::sleep_for( std::chrono::milliseconds( 500 ) );
 	}
 
 	// Resolve PE imports
@@ -92,48 +80,33 @@ bool injector::map( std::string process, std::wstring module_name, std::filesyst
 		return blackbone::LoadData( blackbone::MT_Default, blackbone::Ldr_Ignore );
 	};
 
-	// Mapping dll buffer to the process
-	if (!bb_process.mmap().MapImage( buffer.size(), buffer.data(), false, blackbone::WipeHeader, mod_callback, nullptr, nullptr ).success())
+	// Mapping dll bytes to the process
+	if (!bb_process.mmap().MapImage( binary_bytes.size(), binary_bytes.data(), false, blackbone::WipeHeader, mod_callback, nullptr, nullptr ).success())
 	{
 		_loge( "Failed to inject into %s.", process.c_str() );
 		bb_process.Detach();
 
 		return EXIT_FAILURE;
 	}
 
-	_logs( "Injected into %s successfully.", process.c_str() );
-
 	// Detach blackbone from the target process.
 	bb_process.Detach();
 
+	_logs( "Injected into %s successfully.", process.c_str() );
 	return EXIT_SUCCESS;
 }
 
 bool injector::run()
 {
-	if (!std::filesystem::exists( vac3_filename ))
-	{
-		_loge( "%s not found.", vac3_filename.c_str() );
-		return EXIT_FAILURE;
-	}
-
-	const auto vac_dll_path = std::filesystem::absolute( vac3_filename );
-
 	if (!std::filesystem::exists( cheat_filename ))
 	{
 		_loge( "%s not found.", cheat_filename.c_str() );
 		return EXIT_FAILURE;
 	}
 
-	const auto cheat_dll_path = std::filesystem::absolute( cheat_filename );
-
-	close_processes( {
-			"csgo",
-			"steam",
-			"gameoverlay"
-		} );
+	close_processes( { "csgo", "steam" } );
 
-	const auto steam_path = utils::get_steam_path();
+	const auto steam_path = utils::other::get_steam_path();
 	if (steam_path.empty())
 		return EXIT_FAILURE;
 
@@ -154,30 +127,39 @@ bool injector::run()
 	CloseHandle( pi.hProcess );
 	CloseHandle( pi.hThread );
 
+	std::vector<std::uint8_t> cheat {};
+
+	// Reading file and writing it to a variable
+	if (!utils::other::read_file_to_memory( std::filesystem::absolute( cheat_filename ).string(), &cheat ))
+	{
+		_loge( "Failed to write dll to memory." );
+		return EXIT_FAILURE;
+	}
+
 	// Inject vac bypass to steam
-	map( "steam", L"tier0_s.dll", vac_dll_path );
+	map( "steam", L"tier0_s.dll", vac3_data );
 
 	// Inject cheat to csgo
-	map( "csgo", L"serverbrowser.dll", cheat_dll_path );
+	map( "csgo", L"serverbrowser.dll", cheat );
 
-	_logi( "All done!" );
+	_logs( "All done!" );
 	return EXIT_SUCCESS;
 }
 
 void injector::close_processes( std::vector<std::string> processes )
 {
-	auto proc_list = memory::get_process_list();
+	auto process_list = memory::get_process_list();
 	for (const auto &process : processes)
 	{
 		while (true)
 		{
-			memory::kill_process( proc_list, process );
+			std::this_thread::sleep_for( std::chrono::milliseconds( 500 ) );
 
-			proc_list = memory::get_process_list();
-			if (!memory::is_process_open( proc_list, process ))
-				break;
+			memory::kill_process( process_list, process );
 
-			std::this_thread::sleep_for( std::chrono::milliseconds( 500 ) );
+			process_list = memory::get_process_list();
+			if (!memory::is_process_open( process_list, process ))
+				break;
 		}
 	}
 }
diff --git a/cozinha_loader/injection.hpp b/cozinha_loader/injection.hpp
@@ -3,10 +3,10 @@
 class injector
 {
 private:
-	bool map( std::string process, std::wstring module_name, std::filesystem::path path_to_dll );
+	bool map( std::string process, std::wstring module_name, std::vector<std::uint8_t> binary_bytes );
 	void close_processes( std::vector<std::string> processes );
+
 public:
-	std::string vac3_filename = "vac3_b.dll";
 	std::string cheat_filename = "cheat.dll";
 
 	injector() = default;

diff --git a/cozinha_loader/main.cpp b/cozinha_loader/main.cpp
@@ -5,12 +5,11 @@ int WINAPI WinMain( _In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance,
 {
 	// Sleep for 5 seconds before exiting.
 	std::atexit( [] { std::this_thread::sleep_for( std::chrono::seconds( 5 ) ); } );
-
 	int argc {}; LPWSTR *argv = CommandLineToArgvW( GetCommandLineW(), &argc );
 
-	// if an argument is passed inject the target dll
+	// if an argument is passed inject the target dll, so we can drag and drop the dll to the exe.
 	if (argv[1] != nullptr)
-		g_inj->cheat_filename = utils::wstring_to_string( argv[1] );
+		g_inj->cheat_filename = utils::string::wstring_to_string( argv[1] );
 
 	if (!g_inj->run())
 		return EXIT_FAILURE;

diff --git a/cozinha_loader/memory.hpp b/cozinha_loader/memory.hpp
@@ -27,10 +27,10 @@ namespace memory
 		if (str_proc.empty())
 			return false;
 
-		auto target = utils::to_lower( str_proc.data() );
+		auto target = utils::string::to_lower( str_proc.data() );
 		for (const auto &ctx : vec_processes)
 		{
-			auto ep = utils::to_lower( ctx.second );
+			auto ep = utils::string::to_lower( ctx.second );
 			if (target.find( ".exe" ) == std::string::npos)
 			{
 				if (ep.find( target ) == std::string::npos)
@@ -62,10 +62,10 @@ namespace memory
 			return false;
 
 		auto executed = false;
-		auto target = utils::to_lower( str_proc.data() );
+		auto target = utils::string::to_lower( str_proc.data() );
 		for (const auto &ctx : vec_processes)
 		{
-			auto ep = utils::to_lower( ctx.second );
+			auto ep = utils::string::to_lower( ctx.second );
 			if (target.find( ".exe" ) == std::string::npos)
 			{
 				if (ep.find( target ) == std::string::npos)
@@ -98,10 +98,10 @@ namespace memory
 		if (str_proc.empty())
 			return false;
 
-		auto target = utils::to_lower( str_proc.data() );
+		auto target = utils::string::to_lower( str_proc.data() );
 		for (const auto &ctx : vec_processes)
 		{
-			auto ep = utils::to_lower( ctx.second );
+			auto ep = utils::string::to_lower( ctx.second );
 			if (target.find( ".exe" ) == std::string::npos)
 			{
 				if (ep.find( target ) == std::string::npos)

diff --git a/cozinha_loader/pch.hpp b/cozinha_loader/pch.hpp
@@ -21,4 +21,5 @@
 #include "logger.hpp"
 #include "util.hpp"
 #include "memory.hpp"
+#include "data.hpp"
 #include "injection.hpp"
diff --git a/cozinha_loader/util.hpp b/cozinha_loader/util.hpp
@@ -2,64 +2,63 @@
 
 namespace utils
 {
-	inline std::string to_lower( std::string string )
+	namespace string
 	{
-		std::transform( string.begin(), string.end(), string.begin(), static_cast<int(*)(int)>(::tolower) );
-		return string;
-	}
-
-	inline std::string to_upper( std::string string )
-	{
-		std::transform( string.begin(), string.end(), string.begin(), static_cast<int(*)(int)>(::toupper) );
-		return string;
-	}
-
-	inline bool read_file_to_memory( const std::string &file_path, std::vector<std::uint8_t> *out_buffer )
-	{
-		std::ifstream file_ifstream( file_path, std::ios::binary );
-		if (!file_ifstream)
-			return false;
+		inline std::string to_lower( std::string string )
+		{
+			std::transform( string.begin(), string.end(), string.begin(), static_cast<int(*)(int)>(::tolower) );
+			return string;
+		}
 
-		out_buffer->assign( (std::istreambuf_iterator<char>( file_ifstream )), std::istreambuf_iterator<char>() );
-		file_ifstream.close();
+		inline std::string wstring_to_string( std::wstring wstr )
+		{
+			if (wstr.empty())
+				return std::string();
 
-		return true;
+			const auto size = WideCharToMultiByte( CP_UTF8, WC_ERR_INVALID_CHARS, &wstr[0], wstr.size(), nullptr, 0, nullptr, nullptr );
+			auto ret = std::string( size, 0 );
+			WideCharToMultiByte( CP_UTF8, WC_ERR_INVALID_CHARS, &wstr[0], wstr.size(), &ret[0], size, nullptr, nullptr );
+			return ret;
+		}
 	}
 
-	inline std::string wstring_to_string( std::wstring wstr )
+	namespace other
 	{
-		if (wstr.empty())
-			return std::string();
+		inline bool read_file_to_memory( const std::string &file_path, std::vector<std::uint8_t> *out_buffer )
+		{
+			std::ifstream file_ifstream( file_path, std::ios::binary );
+			if (!file_ifstream)
+				return false;
 
-		const auto size = WideCharToMultiByte( CP_UTF8, WC_ERR_INVALID_CHARS, &wstr[0], wstr.size(), nullptr, 0, nullptr, nullptr );
-		auto ret = std::string( size, 0 );
-		WideCharToMultiByte( CP_UTF8, WC_ERR_INVALID_CHARS, &wstr[0], wstr.size(), &ret[0], size, nullptr, nullptr );
+			out_buffer->assign( (std::istreambuf_iterator<char>( file_ifstream )), std::istreambuf_iterator<char>() );
+			file_ifstream.close();
 
-		return ret;
-	}
+			return true;
+		}
 
-	inline std::string get_steam_path()
-	{
-		HKEY h_key {};
-		if (RegOpenKeyEx( HKEY_CURRENT_USER, "Software\\Valve\\Steam", 0, KEY_QUERY_VALUE, &h_key ) != ERROR_SUCCESS)
+		inline std::string get_steam_path()
 		{
-			_loge( "Failed to find steam registry." );
-			RegCloseKey( h_key );
-			return "";
-		}
+			HKEY h_key {};
+			if (RegOpenKeyEx( HKEY_CURRENT_USER, "Software\\Valve\\Steam", 0, KEY_QUERY_VALUE, &h_key ) != ERROR_SUCCESS)
+			{
+				_loge( "Failed to find steam registry." );
+				RegCloseKey( h_key );
+				return std::string();
+			}
 
-		char steam_path_reg[MAX_PATH] {}; steam_path_reg[0] = '"';
-		DWORD steam_path_size = sizeof( steam_path_reg ) - sizeof( char );
+			char steam_path_reg[MAX_PATH] {}; steam_path_reg[0] = '"';
+			DWORD steam_path_size = sizeof( steam_path_reg ) - sizeof( char );
 
-		if (RegQueryValueEx( h_key, "SteamExe", nullptr, nullptr, (LPBYTE) (steam_path_reg + 1), &steam_path_size ) != ERROR_SUCCESS)
-		{
-			_loge( "Failed to query SteamExe." );
-			RegCloseKey( h_key );
-			return "";
-		}
+			if (RegQueryValueEx( h_key, "SteamExe", nullptr, nullptr, (LPBYTE) (steam_path_reg + 1), &steam_path_size ) != ERROR_SUCCESS)
+			{
+				_loge( "Failed to query SteamExe." );
+				RegCloseKey( h_key );
+				return std::string();
+			}
 
-		RegCloseKey( h_key );
+			RegCloseKey( h_key );
 
-		return std::string( steam_path_reg ) + "\"";
+			return std::string( steam_path_reg ) + "\"";
+		}
 	}
 }