-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathAddr.cc
More file actions
98 lines (74 loc) · 2.43 KB
/
Addr.cc
File metadata and controls
98 lines (74 loc) · 2.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#include "Addr.hh"
#include "common/process.h"
#include <Windows.h>
#include <iostream>
static DBVM dbvm;
const Process* g_proc;
//const CR3 UserCR3 = dbvm.GetCR3();
//const CR3 KrnlCR3 = [&] {
// const uintptr_t GsBase = dbvm.ReadMSR(IA32_KERNEL_GS_BASE_MSR);
// //The process is not kva-shadowed.
// if (dbvm.GetPhysicalAddress(GsBase, UserCR3))
// return UserCR3;
//
// error("KVA-SHADOWED"e);
//
// CR3 cr3 = 0;
// //Finding KernelDirectoryBase...
// for (size_t Offset = 0x1000; Offset < 0x10000 &&
// !dbvm.RPM(GsBase + Offset, &cr3, sizeof(cr3), UserCR3); Offset += 0x1000);
//
// verify(cr3);
// return cr3;
//}();
constexpr auto pass1 = 0xfafafa;
constexpr auto pass2= 0xDedafafa;
constexpr auto pass3 = 0xfffefafa;
__int64 RtlDecodePointer_ex(__int64 encpointer, unsigned int ntdllcookie)
{
return _rotr64(encpointer, '@' - (ntdllcookie & 0x3F)) ^ ntdllcookie;
}
__int64 RtlEncodePointer_ex(__int64 pointer, unsigned int ntdllcookie)
{
return _rotr64(pointer ^ ntdllcookie, ntdllcookie & 0x3F);
}
int game::ReaderInit()
{
if (!dbvm.GetVersion())
{
dbvm.SetPassword(pass1, pass2, pass3);
if (!dbvm.GetVersion())
{
return false;
}
}
else
{
dbvm.ChangePassword(pass1, pass2, pass3);
}
auto passtest = dbvm.GetMemory();
printf("%x\n", passtest);
auto pd = GetPIDByProcessName("sogame.exe"e);
if (!pd)
return 0;
//error("[USER]Can't find procces!"e); // replcae with std::exeption?
static Kernel processkrnl(dbvm);
static const auto proc = Process(processkrnl, pd, 0);
g_proc = &proc;
game::Base = g_proc->GetBaseAddress();
if (!game::Base)
error("[DEV]Can't Get Base Address!"e);
auto chain69 = g_proc->ScanCurrentModule("48 8B 05 ? ? ? ? 4C 8B 50 28"e); // replace this with pattern scan from file instead reading .text section from process memory
if (!chain69)
error("[DEV]Can't find EntityManager!"e); //
// umbra.dll 48 8B ? ? ? ? ? 48 8B ? ? E8 ? ? ? ? 48 8B ? 48 8B ? E8;
game::g_entitymanager = chain69 + read<int>(chain69 + 3i64) + 7i64;
game::umbra_camera = 0x180098220;
//processkrnl.GetKernelCR3(4);
printf("[DEV] EntityManager 0x%llx \n", (unsigned long long )game::g_entitymanager);
// 48 8B ? ? ? ? ? 48 8B ? ? E8 ? ? ? ? 48 8B ? 48 8B ? E8
return pd;
}
bool read(unsigned long long address, void* buffer, unsigned long long size) {
return g_proc->ReadProcessMemory(address, buffer, size);
}