Skip to content

Commit

Permalink
Merge pull request #9 from 0xvpr/dev
Browse files Browse the repository at this point in the history 
revisit
  • Loading branch information
@0xvpr
0xvpr authored Feb 9, 2024
2 parents 46597f2 + 710e8f2 commit 2d0f70a
Show file tree
Hide file tree
Showing 13 changed files with 154 additions and 43 deletions.
8 changes: 4 additions & 4 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@ LIB_FILES = d3d9 d3dx9 kernel32 user32 msvcrt
LIBS = $(addprefix -l,$(LIB_FILES))

ASM_TARGET = health_detour
ASM_SRC = $(SRC)/asm
ASM_OBJ = $(BUILD)/asm
ASM_SRC = $(SRC)
ASM_OBJ = $(BUILD)
ASM_SOURCES = $(wildcard $(ASM_SRC)/*.asm)
ASM_OBJECTS = $(patsubst $(ASM_SRC)/%.asm,$(ASM_OBJ)/%.obj,$(ASM_SOURCES))

Expand All @@ -45,12 +45,12 @@ $(DEBUG): CFLAGS += -g

release: $(PROJECT)
$(PROJECT): $(BIN)/$(PROJECT).dll
$(PROJECT): CFLAGS += -march=native -Ofast -fPIE -funsafe-math-optimizations -fomit-frame-pointer
$(PROJECT): CFLAGS += -march=native -mavx2 -Ofast -fPIE -funsafe-math-optimizations -fomit-frame-pointer
$(PROJECT): CFLAGS += -funroll-loops -funsafe-loop-optimizations -funswitch-loops -floop-parallelize-all
$(PROJECT): CFLAGS += -finline-functions -falign-functions -falign-loops -falign-jumps -fno-function-sections
$(PROJECT): CFLAGS += -fno-ident -fvisibility=hidden -fstrict-aliasing
$(PROJECT): CFLAGS += -DUNICODE -D_WIN32 -DVC_EXTRALEAN
$(PROJECT): LDFLAGS += -s
#$(PROJECT): LDFLAGS += -s

$(BIN)/$(PROJECT)_d.dll: $(OBJ) $(BIN) $(ASM_OBJECTS) $(DBG_OBJECTS)
$(LD) $(LDFLAGS) $(ASM_OBJECTS) $(DBG_OBJECTS) $(LIBS) -o $@
Expand Down
1 change: 1 addition & 0 deletions include/mem.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ void memory_patch(void* dst, const void* src, size_t size);
*
* @return: bool
**/
/*__attribute__((always_inline))*/
int memory_detour(void* targetFunc, void(* myFunc)(), size_t size);

/**
Expand Down
2 changes: 1 addition & 1 deletion include/render.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
* @param pDevice
* @return void
*/
void render_menu(IDirect3DDevice9* pDevice);
void WINAPI render_menu(IDirect3DDevice9* pDevice);


typedef struct _HackMenu
Expand Down
5 changes: 1 addition & 4 deletions inject.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,9 @@

TARGET="splintercell3.exe" # Change as necessary
PAYLOAD="lib/sp3.dll" # Change as necessary
PIDJEON_PATH="${HOME}/.toolkit" # Change as necessary

export PATH=$PATH:"${PIDJEON_PATH}"

function inject {
vpr-pidjeon "${TARGET}" "${PAYLOAD}" -i ManualMap
vpr-pidjeon-x86.exe "${TARGET}" "${PAYLOAD}" -i ManualMap
}

inject
24 changes: 24 additions & 0 deletions src/dll_main.asm
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
extern _DisableThreadLibraryCalls@4
extern _MainThread@4
extern _CreateThread@24

section .text
global _DllMain@12

%define DLL_PROCESS_ATTACH 1

_DllMain@12:
cmp byte [ esp + 0x8 ], DLL_PROCESS_ATTACH
jne exit
push dword [ esp + 0x4 ]
call _DisableThreadLibraryCalls@4
push 0
push 0
push dword [ esp + 0x4 ]
push _MainThread@4
push 0
push 0
call _CreateThread@24
exit:
mov eax, 1
ret 12
Empty file added src/hack_god_mode.asm
View file
Empty file.
11 changes: 10 additions & 1 deletion src/hacks.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,11 @@
#include "entity.h"
#include "mem.h"

#include <memoryapi.h>

extern uintptr_t g_module_base_addr;

__attribute__((always_inline))
void hack_god_mode(int bEnabled)
{
void* const health_addr = (void *)(g_module_base_addr + offsets_health_base);
Expand All @@ -22,6 +25,7 @@ void hack_god_mode(int bEnabled)
}
}

__attribute__((always_inline))
void hack_ghost_mode(int bEnabled)
{
void* const visibility_addr = (void *)(g_module_base_addr + offsets_invisibility_base);
Expand All @@ -31,7 +35,12 @@ void hack_ghost_mode(int bEnabled)

if (bEnabled)
{
memory_nop(visibility_addr, sizeof(patch_visibility_original));
DWORD old_protect = 0;
VirtualProtect(visibility_addr, sizeof(patch_visibility_original), PAGE_EXECUTE_WRITECOPY, &old_protect);
*((uint64_t *)visibility_addr) = 0x05D9909090909090;
VirtualProtect(visibility_addr, sizeof(patch_visibility_original), old_protect, &old_protect);

/*memory_nop(visibility_addr, sizeof(patch_visibility_original));*/
memory_patch(noise_addr, patch_noise_patch, sizeof(patch_noise_patch));
}
else
Expand Down
0 src/asm/health_detour.asm → src/health_detour.asm
View file
File renamed without changes.
24 changes: 24 additions & 0 deletions src/hook_end_scene.asm.bak
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
extern _oEndScene
extern _render_menu@4

section .text
global _hook_end_scene@4

_hook_end_scene@4:
push dword [ esp + 0x4 ]
call _render_menu@4
jmp [_oEndScene]
;push ebx
;sub esp,0x18
;mov ebx, dword [esp+0x20]
;mov dword [esp],ebx
;call _render_menu@4
;sub esp,0x4
;mov dword [esp+0x20],ebx
;add esp,0x18
;pop ebx
;jmp dword [_oEndScene]
;xchg esi,esi
;xchg esi,esi
;nop
;nop
39 changes: 7 additions & 32 deletions src/main.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,18 +15,13 @@
#include "render.h"
#include "events.h"
#include "mem.h"
#include "assembly.h"

uintptr_t g_module_base_addr = 0;

static uint8_t oEndScene_bytes[7] = { 0 };
static void* d3d9Device[119] = { 0 };
tEndScene oEndScene = NULL;

static tEndScene oEndScene = NULL;
static PVOID gateway = NULL;

HRESULT
APIENTRY
hkEndScene(LPDIRECT3DDEVICE9 pDevice)
HRESULT APIENTRY hook_end_scene(LPDIRECT3DDEVICE9 pDevice)
{
render_menu(pDevice);

Expand All @@ -38,11 +33,14 @@ WINAPI
MainThread(HINSTANCE hInstance)
{
g_module_base_addr = (uintptr_t)GetModuleHandle(NULL);
void* gateway = NULL;
uint8_t oEndScene_bytes[7] = { 0 };
void* d3d9Device[119] = { 0 };

if (GetD3D9Device(d3d9Device, sizeof(d3d9Device)))
{
memcpy(oEndScene_bytes, d3d9Device[42], sizeof(oEndScene_bytes));
gateway = memory_tramp_hook(d3d9Device[42], (PVOID)hkEndScene, sizeof(oEndScene_bytes));
gateway = memory_tramp_hook(d3d9Device[42], (PVOID)hook_end_scene, sizeof(oEndScene_bytes));
oEndScene = (tEndScene)gateway;
}

Expand All @@ -55,26 +53,3 @@ MainThread(HINSTANCE hInstance)
memory_patch(d3d9Device[42], oEndScene_bytes, sizeof(oEndScene_bytes));
FreeLibraryAndExitThread(hInstance, 0);
}

BOOL
WINAPI
DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
UNREFERENCED_PARAMETER(lpReserved);

switch (dwReason)
{
case DLL_PROCESS_ATTACH:
{
DisableThreadLibraryCalls(hInstance);
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)MainThread, hInstance, 0, NULL);
break;
}
case DLL_PROCESS_DETACH:
break;
default:
break;
}

return TRUE;
}
74 changes: 74 additions & 0 deletions src/main_thread.asm.bak
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
extern _GetD3D9Device
extern _events_handle_keyboard
extern _memory_tramp_hook

global _MainThread@4
section .text

_MainThread: ; 10002480 <_MainThread@4>:
push edi ; 10002480: 57
push esi ; 10002481: 56
push ebx ; 10002482: 53
sub esp,0x200 ; 10002483: 81 ec 00 02 00 00
mov dword [esp],0x0 ; 10002489: c7 04 24 00 00 00 00
call dword ds:0x100080c4 ; 10002490: ff 15 c4 80 00 10
sub esp,0x4 ; 10002496: 83 ec 04
lea edx,[esp+0x24] ; 10002499: 8d 54 24 24
mov ds:0x10006008,eax ; 1000249d: a3 08 60 00 10
xor eax,eax ; 100024a2: 31 c0
mov word [esp+0x21],ax ; 100024a4: 66 89 44 24 21
mov edi,edx ; 100024a9: 89 d7
xor eax,eax ; 100024ab: 31 c0
mov ecx,0x77 ; 100024ad: b9 77 00 00 00
rep stos dword es:[edi],eax ; 100024b2: f3 ab
mov dword [esp+0x4],0x1dc ; 100024b4: c7 44 24 04 dc 01 00
; 100024bb: 00
mov dword [esp],edx ; 100024bc: 89 14 24
mov dword [esp+0x1d],0x0 ; 100024bf: c7 44 24 1d 00 00 00
; 100024c6: 00
mov byte [esp+0x23],0x0 ; 100024c7: c6 44 24 23 00
xor edi,edi ; 100024cc: 31 ff
call 100010d0 <_GetD3D9Device> ; 100024ce: e8 fd eb ff ff
lea ebx,[esp+0x1d] ; 100024d3: 8d 5c 24 1d
test eax,eax ; 100024d7: 85 c0
jne 10002538 <_MainThread@4+0xb8> ; 100024d9: 75 5d
lea esi,[esi+eiz*1+0x0] ; 100024db: 8d 74 26 00
nop ; 100024df: 90
call 10001430 <_events_handle_keyboard> ; 100024e0: e8 4b ef ff ff
test eax,eax ; 100024e5: 85 c0
je 100024e0 <_MainThread@4+0x60> ; 100024e7: 74 f7
mov dword [esp+0x8],0x8000 ; 100024e9: c7 44 24 08 00 80 00
; 100024f0: 00
mov dword [esp+0x4],0xc ; 100024f1: c7 44 24 04 0c 00 00
; 100024f8: 00
mov dword [esp],edi ; 100024f9: 89 3c 24
call dword ds:0x100080cc ; 100024fc: ff 15 cc 80 00 10
sub esp,0xc ; 10002502: 83 ec 0c
mov eax,dword [esp+0xcc] ; 10002505: 8b 84 24 cc 00 00 00
mov dword [esp+0x4],ebx ; 1000250c: 89 5c 24 04
mov dword [esp+0x8],0x7 ; 10002510: c7 44 24 08 07 00 00
; 10002517: 00
mov dword [esp],eax ; 10002518: 89 04 24
call 10002710 <_memory_patch> ; 1000251b: e8 f0 01 00 00
mov ebx,dword [esp+0x210] ; 10002520: 8b 9c 24 10 02 00 00
mov dword [esp+0x4],0x0 ; 10002527: c7 44 24 04 00 00 00
; 1000252e: 00
mov dword [esp],ebx ; 1000252f: 89 1c 24
call dword ds:0x100080bc ; 10002532: ff 15 bc 80 00 10
mov edx,dword [esp+0xcc] ; 10002538: 8b 94 24 cc 00 00 00
mov ecx,0x7 ; 1000253f: b9 07 00 00 00
mov esi,edx ; 10002544: 89 d6
mov edi,ebx ; 10002546: 89 df
rep movs byte es:[edi], byte ds:[esi] ; 10002548: f3 a4
mov dword [esp+0x8],0x7 ; 1000254a: c7 44 24 08 07 00 00
; 10002551: 00
mov dword [esp+0x4],0x10001050 ; 10002552: c7 44 24 04 50 10 00
; 10002559: 10
mov dword [esp],edx ; 1000255a: 89 14 24
call 10002800 <_memory_tramp_hook> ; 1000255d: e8 9e 02 00 00
mov ds:0x10006004,eax ; 10002562: a3 04 60 00 10
mov edi,eax ; 10002567: 89 c7
jmp 100024e0 <_MainThread@4+0x60> ; 10002569: e9 72 ff ff ff
nop ; 1000256e: 90
nop ; 1000256f: 90

5 changes: 5 additions & 0 deletions src/mem.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

#include <memoryapi.h>

__attribute__((always_inline))
uintptr_t memory_find_dynamic_address(uintptr_t ptr, uint16_t* offsets, size_t size)
{
uintptr_t addr = ptr;
Expand All @@ -20,6 +21,7 @@ uintptr_t memory_find_dynamic_address(uintptr_t ptr, uint16_t* offsets, size_t s
return addr;
}

__attribute__((always_inline))
void memory_nop(void* dst, size_t size)
{
DWORD oldprotect;
Expand All @@ -29,6 +31,7 @@ void memory_nop(void* dst, size_t size)
VirtualProtect(dst, size, oldprotect, &oldprotect);
}

__attribute__((always_inline))
void memory_patch(void* dst, const void* src, size_t size)
{
DWORD oldprotect;
Expand All @@ -38,6 +41,7 @@ void memory_patch(void* dst, const void* src, size_t size)
VirtualProtect(dst, size, oldprotect, &oldprotect);
}

__attribute__((always_inline))
int memory_detour(void* targetFunc, void(* myFunc)(), size_t size)
{
if (size < 5)
Expand All @@ -58,6 +62,7 @@ int memory_detour(void* targetFunc, void(* myFunc)(), size_t size)
return TRUE;
}

__attribute__((always_inline))
char* memory_tramp_hook(char* src, char* dst, size_t size)
{
if (size < 5)
Expand Down
4 changes: 3 additions & 1 deletion src/render.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,9 @@ static const D3DCOLOR c_dark_grey = D3DCOLOR_ARGB( 255, 25, 25, 25 );
static const D3DCOLOR c_black = D3DCOLOR_ARGB( 255, 0, 0, 0 );
static const D3DCOLOR c_neon_green = D3DCOLOR_ARGB( 255, 10, 200, 10 );

void render_menu(IDirect3DDevice9* d3dDevice)
void
WINAPI
render_menu(IDirect3DDevice9* d3dDevice)
{
g_resolution = *((Resolution *)(0x0009D2A8));

Expand Down

0 comments on commit 2d0f70a

Please sign in to comment.