master
xerox 5 years ago
parent b1fa23a055
commit 7603fff2ca

Binary file not shown.

@ -0,0 +1,22 @@
// amlegit_dll.cpp : Defines the exported functions for the DLL.
//
#include "pch.h"
#include "framework.h"
#include "amlegit_dll.h"
// This is an example of an exported variable
AMLEGITDLL_API int namlegitdll=0;
// This is an example of an exported function.
AMLEGITDLL_API int fnamlegitdll(void)
{
return 0;
}
// This is the constructor of a class that has been exported.
Camlegitdll::Camlegitdll()
{
return;
}

@ -0,0 +1,22 @@
// The following ifdef block is the standard way of creating macros which make exporting
// from a DLL simpler. All files within this DLL are compiled with the AMLEGITDLL_EXPORTS
// symbol defined on the command line. This symbol should not be defined on any project
// that uses this DLL. This way any other project whose source files include this file see
// AMLEGITDLL_API functions as being imported from a DLL, whereas this DLL sees symbols
// defined with this macro as being exported.
#ifdef AMLEGITDLL_EXPORTS
#define AMLEGITDLL_API __declspec(dllexport)
#else
#define AMLEGITDLL_API __declspec(dllimport)
#endif
// This class is exported from the dll
class AMLEGITDLL_API Camlegitdll {
public:
Camlegitdll(void);
// TODO: add your methods here.
};
extern AMLEGITDLL_API int namlegitdll;
AMLEGITDLL_API int fnamlegitdll(void);

@ -0,0 +1,182 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<VCProjectVersion>16.0</VCProjectVersion>
<ProjectGuid>{0DC4C851-FA89-47FE-A891-C7590376D2C2}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>amlegitdll</RootNamespace>
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v142</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>false</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v142</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>false</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v142</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>false</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v142</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>false</SpectreMitigation>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="Shared">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<TargetName>hello_world</TargetName>
<LinkIncremental>false</LinkIncremental>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<TargetName>hello_world</TargetName>
<LinkIncremental>true</LinkIncremental>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<TargetName>hello_world</TargetName>
<LinkIncremental>true</LinkIncremental>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<TargetName>hello_world</TargetName>
<LinkIncremental>false</LinkIncremental>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<PrecompiledHeader>Use</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>NDEBUG;AMLEGITDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableUAC>false</EnableUAC>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PrecompiledHeader>Use</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>WIN32;_DEBUG;AMLEGITDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableUAC>false</EnableUAC>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PrecompiledHeader>Use</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>_DEBUG;AMLEGITDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableUAC>false</EnableUAC>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<PrecompiledHeader>Use</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>WIN32;NDEBUG;AMLEGITDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableUAC>false</EnableUAC>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<None Include="cpp.hint" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="amlegit_dll.h" />
<ClInclude Include="framework.h" />
<ClInclude Include="pch.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="amlegit_dll.cpp" />
<ClCompile Include="dllmain.cpp" />
<ClCompile Include="pch.cpp">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
</ClCompile>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<None Include="cpp.hint" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="framework.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="amlegit_dll.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="pch.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ClCompile Include="amlegit_dll.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="dllmain.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="pch.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
</Project>

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup />
</Project>

@ -0,0 +1,2 @@
#define AMLEGITDLL_API __declspec(dllexport)
#define AMLEGITDLL_API __declspec(dllimport)

@ -0,0 +1,39 @@
// dllmain.cpp : Defines the entry point for the DLL application.
#include "pch.h"
void __stdcall main_thread(HMODULE current_module)
{
const auto create_console = []() -> bool
{
if (AllocConsole()) {
freopen_s(reinterpret_cast<FILE**>(stdin), "CONIN$", "r", stdin);
freopen_s(reinterpret_cast<FILE**>(stdout), "CONOUT$", "w", stdout);
SetConsoleTitleA("[amlegit_dll] - xerox@hacks.ltd");
return true;
}
return false;
};
//check to make sure we actually alloc console
if (!create_console())
FreeLibraryAndExitThread(current_module, EXIT_FAILURE);
std::cout << "[+] Hello world" << std::endl;
FreeConsole();
FreeLibraryAndExitThread(current_module, EXIT_SUCCESS);
}
bool __stdcall DllMain(HMODULE module_entry, std::uint32_t call_reason, void*) {
if (call_reason == DLL_PROCESS_ATTACH)
if (CreateThread(nullptr, 0, reinterpret_cast<LPTHREAD_START_ROUTINE>(main_thread), module_entry, 0, nullptr) != INVALID_HANDLE_VALUE)
return true;
else
FreeLibraryAndExitThread(module_entry, EXIT_FAILURE);
else
return false;
}

@ -0,0 +1,7 @@
#pragma once
#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
// Windows Header Files
#include <windows.h>
#include <thread>
#include <iostream>

@ -0,0 +1,5 @@
// pch.cpp: source file corresponding to the pre-compiled header
#include "pch.h"
// When you are using pre-compiled headers, this source file is necessary for compilation to succeed.

@ -0,0 +1,13 @@
// pch.h: This is a precompiled header file.
// Files listed below are compiled only once, improving build performance for future builds.
// This also affects IntelliSense performance, including code completion and many code browsing features.
// However, files listed here are ALL re-compiled if any one of them is updated between builds.
// Do not add files here that you will be updating frequently as this negates the performance advantage.
#ifndef PCH_H
#define PCH_H
// add headers that you want to pre-compile here
#include "framework.h"
#endif //PCH_H

@ -0,0 +1,41 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16
VisualStudioVersion = 16.0.29519.181
MinimumVisualStudioVersion = 10.0.40219.1
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "amlegit_driver", "amlegit_driver\amlegit_driver.vcxproj", "{6CFA63DA-34DE-46E7-81BA-876CF3267A4F}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "amlegit_dll", "amlegit_dll\amlegit_dll.vcxproj", "{0DC4C851-FA89-47FE-A891-C7590376D2C2}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|x64 = Debug|x64
Debug|x86 = Debug|x86
Release|x64 = Release|x64
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{6CFA63DA-34DE-46E7-81BA-876CF3267A4F}.Debug|x64.ActiveCfg = Debug|x64
{6CFA63DA-34DE-46E7-81BA-876CF3267A4F}.Debug|x64.Build.0 = Debug|x64
{6CFA63DA-34DE-46E7-81BA-876CF3267A4F}.Debug|x86.ActiveCfg = Debug|Win32
{6CFA63DA-34DE-46E7-81BA-876CF3267A4F}.Debug|x86.Build.0 = Debug|Win32
{6CFA63DA-34DE-46E7-81BA-876CF3267A4F}.Release|x64.ActiveCfg = Release|x64
{6CFA63DA-34DE-46E7-81BA-876CF3267A4F}.Release|x64.Build.0 = Release|x64
{6CFA63DA-34DE-46E7-81BA-876CF3267A4F}.Release|x86.ActiveCfg = Release|Win32
{6CFA63DA-34DE-46E7-81BA-876CF3267A4F}.Release|x86.Build.0 = Release|Win32
{0DC4C851-FA89-47FE-A891-C7590376D2C2}.Debug|x64.ActiveCfg = Debug|x64
{0DC4C851-FA89-47FE-A891-C7590376D2C2}.Debug|x64.Build.0 = Debug|x64
{0DC4C851-FA89-47FE-A891-C7590376D2C2}.Debug|x86.ActiveCfg = Debug|Win32
{0DC4C851-FA89-47FE-A891-C7590376D2C2}.Debug|x86.Build.0 = Debug|Win32
{0DC4C851-FA89-47FE-A891-C7590376D2C2}.Release|x64.ActiveCfg = Release|x64
{0DC4C851-FA89-47FE-A891-C7590376D2C2}.Release|x64.Build.0 = Release|x64
{0DC4C851-FA89-47FE-A891-C7590376D2C2}.Release|x86.ActiveCfg = Release|Win32
{0DC4C851-FA89-47FE-A891-C7590376D2C2}.Release|x86.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {37C72252-9A1B-4F3A-9964-E00F3268EF98}
EndGlobalSection
EndGlobal

@ -0,0 +1,65 @@
#include <Windows.h>
#include <tuple>
#include <cstdint>
#pragma once
//--- amlegit dll functions
namespace amlegit
{
//--- function is only for extracting the driver
static std::tuple<std::uintptr_t, std::size_t> get_driver()
{
auto get_driver_temp =
reinterpret_cast<__int64(*)(unsigned*)>(
GetProcAddress(LoadLibrary(L"buffer.dll"), "GetDriver"));
unsigned driver_size;
if (get_driver_temp)
return { get_driver_temp(&driver_size), driver_size };
return { {}, {} };
}
//--- this function calls GetDriver inside buffer.dll
static bool load_driver()
{
auto load_drv =
reinterpret_cast<bool(*)()>(
GetProcAddress(LoadLibrary(L"buffer.dll"), "ExportLoad"));
return load_drv ? load_drv() : false;
}
//--- driver_name is the name of the driver which is in current working directory
static bool map_driver(const char* driver_name)
{
auto map_drv =
reinterpret_cast<bool(*)(const char*)>(
GetProcAddress(LoadLibrary(L"mmap.dll"), "ExportMap"));
return map_drv ? map_drv(driver_name) : false;
}
//--- hooks ioctl of gpuenergydrv.sys
static bool connect_driver()
{
auto connect_drv =
reinterpret_cast<bool(*)()>(
GetProcAddress(LoadLibrary(L"inject.dll"), "ExportConnect"));
return connect_drv ? connect_drv() : false;
}
//--- pasted from: https://github.com/btbd/hwid
static bool spoof()
{
auto spoof_addr =
reinterpret_cast<bool(*)()>(
GetProcAddress(LoadLibrary(L"inject.dll"), "ExportSpoof"));
return spoof_addr ? spoof_addr() : false;
}
//--- this doesnt hide memory!
static bool inject(const char* wind_name, const char* dll_name)
{
auto inject_addr =
reinterpret_cast<bool(*)(const char*, const char*)>(
GetProcAddress(LoadLibrary(L"inject.dll"), "ExportInject"));
return inject_addr ? inject_addr(wind_name, dll_name) : false;
}
}

@ -0,0 +1,40 @@
#include <iostream>
#include <fstream>
#include <filesystem>
#include "amlegit.hpp"
#include "hooked_functions.hpp"
using namespace std;
/*
Warning! This will get you banned, do not use this!
*/
int main()
{
//--- hook DeviceIoControl
hook::install(&DeviceIoControl, &shithook::h_device_io_control);
//--- get driver buffer
auto [driver_ptr, driver_size] = amlegit::get_driver();
cout << hex << showbase << "[+] driver_ptr: " << driver_ptr << endl;
cout << hex << showbase << "[+] driver_size: " << driver_size << endl;
//--- writes driver to file
ofstream driver(filesystem::path("driver.sys"), std::ofstream::out | std::ofstream::binary);
driver.write(reinterpret_cast<char*>(driver_ptr), driver_size);
driver.close();
cout << "[+] wrote driver to disk" << endl;
//--- load driver
amlegit::load_driver();
cout << "[+] loaded intel lan driver" << endl;
amlegit::map_driver("driver.sys");
cout << "[+] mapped unsigned driver" << endl;
amlegit::connect_driver();
cout << "[+] connected to driver" << endl;
//--- inject dll into process with window name
amlegit::inject("Rainbow Six", "hello_world.dll");
cout << "[+] injected dll" << endl;
cin.get();
}

@ -0,0 +1,169 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<VCProjectVersion>16.0</VCProjectVersion>
<ProjectGuid>{6CFA63DA-34DE-46E7-81BA-876CF3267A4F}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>amlegitdriver</RootNamespace>
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v142</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>false</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v142</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>false</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v142</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>false</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v142</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>false</SpectreMitigation>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="Shared">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>true</LinkIncremental>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<LanguageStandard>stdcpplatest</LanguageStandard>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<LanguageStandard>stdcpplatest</LanguageStandard>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<LanguageStandard>stdcpplatest</LanguageStandard>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<LanguageStandard>stdcpplatest</LanguageStandard>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="amlegit_driver.cpp" />
<ClCompile Include="hook.cpp" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="amlegit.hpp" />
<ClInclude Include="hook.hpp" />
<ClInclude Include="hooked_functions.hpp" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

@ -0,0 +1,36 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="amlegit_driver.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="hook.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="amlegit.hpp">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="hooked_functions.hpp">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="hook.hpp">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
</Project>

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup />
</Project>

@ -0,0 +1,42 @@
#include "hook.hpp"
namespace hook
{
//--- default constructor
detour::detour(void* addr_to_hook, void* jmp_to_addr)
: hook_addr((std::uintptr_t)addr_to_hook), detour_addr((std::uintptr_t)jmp_to_addr)
{
//finish the shellcode by adding the address to jmp to
*(uintptr_t*)(jmp_code + OFFSET_TO_ADDRESS) = (std::uintptr_t)jmp_to_addr;
//save old bytes
memcpy(org_bytes, (void*)hook_addr, JMP_CODE_SIZE);
//install the hook.
install();
}
detour::~detour()
{uninstall();}
void detour::install()
{
//install the hook.
write_to_readonly((void *)hook_addr, jmp_code, JMP_CODE_SIZE);
hook_installed = true;
}
void detour::uninstall()
{
//write the original bytes back.
write_to_readonly((void *)hook_addr, org_bytes, JMP_CODE_SIZE);
hook_installed = false;
}
uintptr_t detour::hook_address()
{return hook_addr;}
uintptr_t detour::detour_address()
{return detour_addr;}
bool detour::installed()
{return hook_installed;}
}

@ -0,0 +1,109 @@
#pragma once
#include <Windows.h>
#include <map>
#include <memory>
#define JMP_CODE_SIZE 14
#define OFFSET_TO_ADDRESS 0x2
namespace hook
{
class detour
{
public:
detour(void* addrToHook, void* jmpTo);
~detour();
void install();
void uninstall();
bool installed();
uintptr_t hook_address();
uintptr_t detour_address();
private:
bool hook_installed{ false };
uintptr_t hook_addr, detour_addr;
unsigned char jmp_code[JMP_CODE_SIZE] = {
0x48, 0xb8, //movabs rax, &jmpTo
0x0, //jmpTo address will be here in these 0's
0x0,
0x0,
0x0,
0x0,
0x0,
0x0,
0x0,
0xff, 0xe0, //jmp rax
0x90, 0x90 //nop, nop
};
char org_bytes[JMP_CODE_SIZE];
};
static std::map<uintptr_t, std::unique_ptr<detour>> hooks{};
__forceinline void write_to_readonly(void* addr, void* data, int size)
{
DWORD old_flags;
VirtualProtect((LPVOID)addr, size, PAGE_READWRITE, &old_flags);
memcpy((void*)addr, data, size);
VirtualProtect((LPVOID)addr, size, old_flags, &old_flags);
}
/*
Author: xerox
Date: 12/19/2019
Create Hook without needing to deal with objects
*/
__forceinline void install(void* addr_to_hook, void* jmp_to_addr) {
if (!addr_to_hook)
return;
hooks.insert({
(std::uintptr_t)addr_to_hook,
std::make_unique<detour>(
addr_to_hook,
jmp_to_addr
)}
);
}
/*
Author: xerox
Date: 12/19/2019
Enable hook given the address to hook
*/
__forceinline void enable(void* addr)
{
if (!addr)
return;
hooks.at((std::uintptr_t)addr)->install();
}
/*
Author: xerox
Date: 12/19/2019
Disable hook givent the address of the hook
*/
__forceinline void disable(void* addr)
{
if (!addr)
return;
hooks.at((std::uintptr_t)addr)->uninstall();
}
/*
Author: xerox
Date: 12/19/2019
Remove hook completely from vector
*/
__forceinline void remove(void* addr)
{
if (!addr)
return;
hooks.erase((std::uintptr_t)addr);
}
}

@ -0,0 +1,57 @@
#include <iostream>
#include "hook.hpp"
namespace shithook
{
static BOOL h_device_io_control(
HANDLE hDevice,
DWORD dwIoControlCode,
LPVOID lpInBuffer,
DWORD nInBufferSize,
LPVOID lpOutBuffer,
DWORD nOutBufferSize,
LPDWORD lpBytesReturned,
LPOVERLAPPED lpOverlapped
)
{
switch (dwIoControlCode)
{
case 0x2248D2:
std::cout << std::endl << "[IOCTL] Testing communication" << std::endl;
break;
case 0x224DCA:
std::cout << std::endl << "[IOCTL] Read data (MmCopyVirtualMemory)" << std::endl;
break;
case 0x225CC1:
std::cout << std::endl << "[IOCTL] Write data (MmCopyVirtualMemory)" << std::endl;
break;
case 0x224986:
std::cout << std::endl << "[IOCTL] Allocate Virtual Memory (MmMapLockedPagesSpecifyCache, ZwOpenProcess, ZwAllocateVirtualMemory)" << std::endl;
break;
case 0x235C42:
std::cout << std::endl << "[IOCTL] Spoofer (Pasted from hwid)" << std::endl;
break;
default:
std::cout << "[-] unknown ioctl code " << std::showbase << std::hex << dwIoControlCode << std::endl;
}
std::cout << "[+] buffer size: " << nInBufferSize << std::endl;
for (auto idx = 0u; idx < nInBufferSize; ++idx)
printf("0x%x ", ((uint8_t*)lpInBuffer)[idx]);
hook::disable(&DeviceIoControl);
bool result = DeviceIoControl(
hDevice,
dwIoControlCode,
lpInBuffer,
nInBufferSize,
lpOutBuffer,
nOutBufferSize,
lpBytesReturned,
lpOverlapped
);
hook::enable(&DeviceIoControl);
return result;
}
}

Binary file not shown.

After

Width:  |  Height:  |  Size: 44 KiB

Before

Width:  |  Height:  |  Size: 43 KiB

After

Width:  |  Height:  |  Size: 43 KiB

Before

Width:  |  Height:  |  Size: 30 KiB

After

Width:  |  Height:  |  Size: 30 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 22 KiB

Before

Width:  |  Height:  |  Size: 144 KiB

After

Width:  |  Height:  |  Size: 144 KiB

Before

Width:  |  Height:  |  Size: 163 KiB

After

Width:  |  Height:  |  Size: 163 KiB

Before

Width:  |  Height:  |  Size: 66 KiB

After

Width:  |  Height:  |  Size: 66 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 48 KiB

Before

Width:  |  Height:  |  Size: 15 KiB

After

Width:  |  Height:  |  Size: 15 KiB

Before

Width:  |  Height:  |  Size: 87 KiB

After

Width:  |  Height:  |  Size: 87 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 167 KiB

Before

Width:  |  Height:  |  Size: 112 KiB

After

Width:  |  Height:  |  Size: 112 KiB

Before

Width:  |  Height:  |  Size: 122 KiB

After

Width:  |  Height:  |  Size: 122 KiB

Binary file not shown.
Loading…
Cancel
Save