增加loader
This commit is contained in:
Huoji's
187
csgo2/version_hijack.cpp
Normal file
187
csgo2/version_hijack.cpp
Normal file
@@ -0,0 +1,187 @@
|
||||
|
||||
//
|
||||
// created by AheadLib
|
||||
// github:https://github.com/strivexjun/AheadLib-x86-x64
|
||||
//
|
||||
|
||||
#include <windows.h>
|
||||
#include <Shlwapi.h>
|
||||
|
||||
#pragma comment( lib, "Shlwapi.lib")
|
||||
|
||||
#pragma comment(linker, "/EXPORT:GetFileVersionInfoA=AheadLib_GetFileVersionInfoA,@1")
|
||||
#pragma comment(linker, "/EXPORT:GetFileVersionInfoByHandle=AheadLib_GetFileVersionInfoByHandle,@2")
|
||||
#pragma comment(linker, "/EXPORT:GetFileVersionInfoExA=AheadLib_GetFileVersionInfoExA,@3")
|
||||
#pragma comment(linker, "/EXPORT:GetFileVersionInfoExW=AheadLib_GetFileVersionInfoExW,@4")
|
||||
#pragma comment(linker, "/EXPORT:GetFileVersionInfoSizeA=AheadLib_GetFileVersionInfoSizeA,@5")
|
||||
#pragma comment(linker, "/EXPORT:GetFileVersionInfoSizeExA=AheadLib_GetFileVersionInfoSizeExA,@6")
|
||||
#pragma comment(linker, "/EXPORT:GetFileVersionInfoSizeExW=AheadLib_GetFileVersionInfoSizeExW,@7")
|
||||
#pragma comment(linker, "/EXPORT:GetFileVersionInfoSizeW=AheadLib_GetFileVersionInfoSizeW,@8")
|
||||
#pragma comment(linker, "/EXPORT:GetFileVersionInfoW=AheadLib_GetFileVersionInfoW,@9")
|
||||
#pragma comment(linker, "/EXPORT:VerFindFileA=AheadLib_VerFindFileA,@10")
|
||||
#pragma comment(linker, "/EXPORT:VerFindFileW=AheadLib_VerFindFileW,@11")
|
||||
#pragma comment(linker, "/EXPORT:VerInstallFileA=AheadLib_VerInstallFileA,@12")
|
||||
#pragma comment(linker, "/EXPORT:VerInstallFileW=AheadLib_VerInstallFileW,@13")
|
||||
#pragma comment(linker, "/EXPORT:VerLanguageNameA=KERNEL32.VerLanguageNameA,@14")
|
||||
#pragma comment(linker, "/EXPORT:VerLanguageNameW=KERNEL32.VerLanguageNameW,@15")
|
||||
#pragma comment(linker, "/EXPORT:VerQueryValueA=AheadLib_VerQueryValueA,@16")
|
||||
#pragma comment(linker, "/EXPORT:VerQueryValueW=AheadLib_VerQueryValueW,@17")
|
||||
|
||||
|
||||
extern "C"
|
||||
{
|
||||
PVOID pfnAheadLib_GetFileVersionInfoA;
|
||||
PVOID pfnAheadLib_GetFileVersionInfoByHandle;
|
||||
PVOID pfnAheadLib_GetFileVersionInfoExA;
|
||||
PVOID pfnAheadLib_GetFileVersionInfoExW;
|
||||
PVOID pfnAheadLib_GetFileVersionInfoSizeA;
|
||||
PVOID pfnAheadLib_GetFileVersionInfoSizeExA;
|
||||
PVOID pfnAheadLib_GetFileVersionInfoSizeExW;
|
||||
PVOID pfnAheadLib_GetFileVersionInfoSizeW;
|
||||
PVOID pfnAheadLib_GetFileVersionInfoW;
|
||||
PVOID pfnAheadLib_VerFindFileA;
|
||||
PVOID pfnAheadLib_VerFindFileW;
|
||||
PVOID pfnAheadLib_VerInstallFileA;
|
||||
PVOID pfnAheadLib_VerInstallFileW;
|
||||
PVOID pfnAheadLib_VerQueryValueA;
|
||||
PVOID pfnAheadLib_VerQueryValueW;
|
||||
}
|
||||
|
||||
|
||||
static
|
||||
HMODULE g_OldModule = NULL;
|
||||
|
||||
VOID WINAPI Free()
|
||||
{
|
||||
if (g_OldModule)
|
||||
{
|
||||
FreeLibrary(g_OldModule);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
BOOL WINAPI Load()
|
||||
{
|
||||
TCHAR tzPath[MAX_PATH];
|
||||
TCHAR tzTemp[MAX_PATH * 2];
|
||||
|
||||
//
|
||||
// <20><><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><C7B7><EFBFBD>ϵͳĿ¼<C4BF><C2BC><EFBFBD><EFBFBD>ǰĿ¼<C4BF><C2BC><EFBFBD><EFBFBD>ԭʼDLL
|
||||
//
|
||||
//GetModuleFileName(NULL,tzPath,MAX_PATH); //<2F><>ȡ<EFBFBD><C8A1>Ŀ¼<C4BF>µ<EFBFBD>
|
||||
//PathRemoveFileSpec(tzPath);
|
||||
|
||||
GetSystemDirectory(tzPath, MAX_PATH); //Ĭ<>ϻ<EFBFBD>ȡϵͳĿ¼<C4BF><C2BC>
|
||||
|
||||
lstrcat(tzPath, TEXT("\\version.dll"));
|
||||
|
||||
g_OldModule = LoadLibrary(tzPath);
|
||||
if (g_OldModule == NULL)
|
||||
{
|
||||
wsprintf(tzTemp, TEXT("<EFBFBD><EFBFBD><EFBFBD>ҵ<EFBFBD>ģ<EFBFBD><EFBFBD> %s,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><DEB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>"), tzPath);
|
||||
MessageBox(NULL, tzTemp, TEXT("AheadLib"), MB_ICONSTOP);
|
||||
}
|
||||
|
||||
return (g_OldModule != NULL);
|
||||
|
||||
}
|
||||
|
||||
|
||||
FARPROC WINAPI GetAddress(PCSTR pszProcName)
|
||||
{
|
||||
FARPROC fpAddress;
|
||||
CHAR szProcName[64];
|
||||
TCHAR tzTemp[MAX_PATH];
|
||||
|
||||
fpAddress = GetProcAddress(g_OldModule, pszProcName);
|
||||
if (fpAddress == NULL)
|
||||
{
|
||||
if (HIWORD(pszProcName) == 0)
|
||||
{
|
||||
wsprintfA(szProcName, "#%d", pszProcName);
|
||||
pszProcName = szProcName;
|
||||
}
|
||||
|
||||
wsprintf(tzTemp, TEXT("<EFBFBD><EFBFBD><EFBFBD>ҵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> %hs,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><DEB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>"), pszProcName);
|
||||
MessageBox(NULL, tzTemp, TEXT("AheadLib"), MB_ICONSTOP);
|
||||
ExitProcess(-2);
|
||||
}
|
||||
return fpAddress;
|
||||
}
|
||||
|
||||
BOOL WINAPI Init()
|
||||
{
|
||||
pfnAheadLib_GetFileVersionInfoA = GetAddress("GetFileVersionInfoA");
|
||||
pfnAheadLib_GetFileVersionInfoByHandle = GetAddress("GetFileVersionInfoByHandle");
|
||||
pfnAheadLib_GetFileVersionInfoExA = GetAddress("GetFileVersionInfoExA");
|
||||
pfnAheadLib_GetFileVersionInfoExW = GetAddress("GetFileVersionInfoExW");
|
||||
pfnAheadLib_GetFileVersionInfoSizeA = GetAddress("GetFileVersionInfoSizeA");
|
||||
pfnAheadLib_GetFileVersionInfoSizeExA = GetAddress("GetFileVersionInfoSizeExA");
|
||||
pfnAheadLib_GetFileVersionInfoSizeExW = GetAddress("GetFileVersionInfoSizeExW");
|
||||
pfnAheadLib_GetFileVersionInfoSizeW = GetAddress("GetFileVersionInfoSizeW");
|
||||
pfnAheadLib_GetFileVersionInfoW = GetAddress("GetFileVersionInfoW");
|
||||
pfnAheadLib_VerFindFileA = GetAddress("VerFindFileA");
|
||||
pfnAheadLib_VerFindFileW = GetAddress("VerFindFileW");
|
||||
pfnAheadLib_VerInstallFileA = GetAddress("VerInstallFileA");
|
||||
pfnAheadLib_VerInstallFileW = GetAddress("VerInstallFileW");
|
||||
pfnAheadLib_VerQueryValueA = GetAddress("VerQueryValueA");
|
||||
pfnAheadLib_VerQueryValueW = GetAddress("VerQueryValueW");
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
DWORD WINAPI ThreadProc(LPVOID lpThreadParameter)
|
||||
{
|
||||
HANDLE hProcess;
|
||||
|
||||
PVOID addr1 = reinterpret_cast<PVOID>(0x00401000);
|
||||
BYTE data1[] = { 0x90, 0x90, 0x90, 0x90 };
|
||||
|
||||
//
|
||||
// <20>ƹ<EFBFBD>VMP3.x <20><><EFBFBD>ڴ汣<DAB4><E6B1A3>
|
||||
//
|
||||
hProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, FALSE, GetCurrentProcessId());
|
||||
if (hProcess)
|
||||
{
|
||||
WriteProcessMemory(hProcess, addr1, data1, sizeof(data1), NULL);
|
||||
|
||||
CloseHandle(hProcess);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
BOOL APIENTRY VersionHijack_DllMain(HMODULE hModule, DWORD dwReason, PVOID pvReserved)
|
||||
{
|
||||
if (dwReason == DLL_PROCESS_ATTACH)
|
||||
{
|
||||
DisableThreadLibraryCalls(hModule);
|
||||
|
||||
if (Load() && Init())
|
||||
{
|
||||
TCHAR szAppName[MAX_PATH] = TEXT("cs2.exe");//<2F><><EFBFBD><EFBFBD><DEB8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
TCHAR szCurName[MAX_PATH];
|
||||
|
||||
GetModuleFileName(NULL, szCurName, MAX_PATH);
|
||||
PathStripPath(szCurName);
|
||||
|
||||
//<2F>Ƿ<EFBFBD><C7B7>ж<EFBFBD><D0B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
if (StrCmpI(szCurName, szAppName) == 0)
|
||||
{
|
||||
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̻߳<DFB3><CCBB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
HANDLE hThread = CreateThread(NULL, NULL, ThreadProc, NULL, NULL, NULL);
|
||||
if (hThread)
|
||||
{
|
||||
CloseHandle(hThread);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else if (dwReason == DLL_PROCESS_DETACH)
|
||||
{
|
||||
Free();
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user