@ -0,0 +1,22 @@
|
||||
// amlegit_dll.cpp : Defines the exported functions for the DLL.
|
||||
//
|
||||
|
||||
#include "pch.h"
|
||||
#include "framework.h"
|
||||
#include "amlegit_dll.h"
|
||||
|
||||
|
||||
// This is an example of an exported variable
|
||||
AMLEGITDLL_API int namlegitdll=0;
|
||||
|
||||
// This is an example of an exported function.
|
||||
AMLEGITDLL_API int fnamlegitdll(void)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
// This is the constructor of a class that has been exported.
|
||||
Camlegitdll::Camlegitdll()
|
||||
{
|
||||
return;
|
||||
}
|
@ -0,0 +1,22 @@
|
||||
// The following ifdef block is the standard way of creating macros which make exporting
|
||||
// from a DLL simpler. All files within this DLL are compiled with the AMLEGITDLL_EXPORTS
|
||||
// symbol defined on the command line. This symbol should not be defined on any project
|
||||
// that uses this DLL. This way any other project whose source files include this file see
|
||||
// AMLEGITDLL_API functions as being imported from a DLL, whereas this DLL sees symbols
|
||||
// defined with this macro as being exported.
|
||||
#ifdef AMLEGITDLL_EXPORTS
|
||||
#define AMLEGITDLL_API __declspec(dllexport)
|
||||
#else
|
||||
#define AMLEGITDLL_API __declspec(dllimport)
|
||||
#endif
|
||||
|
||||
// This class is exported from the dll
|
||||
class AMLEGITDLL_API Camlegitdll {
|
||||
public:
|
||||
Camlegitdll(void);
|
||||
// TODO: add your methods here.
|
||||
};
|
||||
|
||||
extern AMLEGITDLL_API int namlegitdll;
|
||||
|
||||
AMLEGITDLL_API int fnamlegitdll(void);
|
@ -0,0 +1,182 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup Label="ProjectConfigurations">
|
||||
<ProjectConfiguration Include="Debug|Win32">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|Win32">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Debug|x64">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|x64">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
</ItemGroup>
|
||||
<PropertyGroup Label="Globals">
|
||||
<VCProjectVersion>16.0</VCProjectVersion>
|
||||
<ProjectGuid>{0DC4C851-FA89-47FE-A891-C7590376D2C2}</ProjectGuid>
|
||||
<Keyword>Win32Proj</Keyword>
|
||||
<RootNamespace>amlegitdll</RootNamespace>
|
||||
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
<SpectreMitigation>false</SpectreMitigation>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
<SpectreMitigation>false</SpectreMitigation>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
<SpectreMitigation>false</SpectreMitigation>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
<SpectreMitigation>false</SpectreMitigation>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||
<ImportGroup Label="ExtensionSettings">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="Shared">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<PropertyGroup Label="UserMacros" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<TargetName>hello_world</TargetName>
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<TargetName>hello_world</TargetName>
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<TargetName>hello_world</TargetName>
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<TargetName>hello_world</TargetName>
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>NDEBUG;AMLEGITDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<EnableUAC>false</EnableUAC>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;_DEBUG;AMLEGITDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<EnableUAC>false</EnableUAC>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>_DEBUG;AMLEGITDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<EnableUAC>false</EnableUAC>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;NDEBUG;AMLEGITDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<EnableUAC>false</EnableUAC>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemGroup>
|
||||
<None Include="cpp.hint" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="amlegit_dll.h" />
|
||||
<ClInclude Include="framework.h" />
|
||||
<ClInclude Include="pch.h" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="amlegit_dll.cpp" />
|
||||
<ClCompile Include="dllmain.cpp" />
|
||||
<ClCompile Include="pch.cpp">
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||
<ImportGroup Label="ExtensionTargets">
|
||||
</ImportGroup>
|
||||
</Project>
|
@ -0,0 +1,42 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup>
|
||||
<Filter Include="Source Files">
|
||||
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
||||
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Header Files">
|
||||
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
|
||||
<Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Resource Files">
|
||||
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
|
||||
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
|
||||
</Filter>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<None Include="cpp.hint" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="framework.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="amlegit_dll.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="pch.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="amlegit_dll.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="dllmain.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="pch.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
</Project>
|
@ -0,0 +1,4 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<PropertyGroup />
|
||||
</Project>
|
@ -0,0 +1,2 @@
|
||||
#define AMLEGITDLL_API __declspec(dllexport)
|
||||
#define AMLEGITDLL_API __declspec(dllimport)
|
@ -0,0 +1,39 @@
|
||||
// dllmain.cpp : Defines the entry point for the DLL application.
|
||||
#include "pch.h"
|
||||
|
||||
void __stdcall main_thread(HMODULE current_module)
|
||||
{
|
||||
|
||||
const auto create_console = []() -> bool
|
||||
{
|
||||
if (AllocConsole()) {
|
||||
freopen_s(reinterpret_cast<FILE**>(stdin), "CONIN$", "r", stdin);
|
||||
freopen_s(reinterpret_cast<FILE**>(stdout), "CONOUT$", "w", stdout);
|
||||
SetConsoleTitleA("[amlegit_dll] - xerox@hacks.ltd");
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
};
|
||||
|
||||
//check to make sure we actually alloc console
|
||||
if (!create_console())
|
||||
FreeLibraryAndExitThread(current_module, EXIT_FAILURE);
|
||||
|
||||
std::cout << "[+] Hello world" << std::endl;
|
||||
|
||||
FreeConsole();
|
||||
FreeLibraryAndExitThread(current_module, EXIT_SUCCESS);
|
||||
}
|
||||
|
||||
bool __stdcall DllMain(HMODULE module_entry, std::uint32_t call_reason, void*) {
|
||||
|
||||
if (call_reason == DLL_PROCESS_ATTACH)
|
||||
if (CreateThread(nullptr, 0, reinterpret_cast<LPTHREAD_START_ROUTINE>(main_thread), module_entry, 0, nullptr) != INVALID_HANDLE_VALUE)
|
||||
return true;
|
||||
else
|
||||
FreeLibraryAndExitThread(module_entry, EXIT_FAILURE);
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -0,0 +1,7 @@
|
||||
#pragma once
|
||||
|
||||
#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
|
||||
// Windows Header Files
|
||||
#include <windows.h>
|
||||
#include <thread>
|
||||
#include <iostream>
|
@ -0,0 +1,5 @@
|
||||
// pch.cpp: source file corresponding to the pre-compiled header
|
||||
|
||||
#include "pch.h"
|
||||
|
||||
// When you are using pre-compiled headers, this source file is necessary for compilation to succeed.
|
@ -0,0 +1,13 @@
|
||||
// pch.h: This is a precompiled header file.
|
||||
// Files listed below are compiled only once, improving build performance for future builds.
|
||||
// This also affects IntelliSense performance, including code completion and many code browsing features.
|
||||
// However, files listed here are ALL re-compiled if any one of them is updated between builds.
|
||||
// Do not add files here that you will be updating frequently as this negates the performance advantage.
|
||||
|
||||
#ifndef PCH_H
|
||||
#define PCH_H
|
||||
|
||||
// add headers that you want to pre-compile here
|
||||
#include "framework.h"
|
||||
|
||||
#endif //PCH_H
|
@ -0,0 +1,65 @@
|
||||
#include <Windows.h>
|
||||
#include <tuple>
|
||||
#include <cstdint>
|
||||
|
||||
#pragma once
|
||||
//--- amlegit dll functions
|
||||
namespace amlegit
|
||||
{
|
||||
//--- function is only for extracting the driver
|
||||
static std::tuple<std::uintptr_t, std::size_t> get_driver()
|
||||
{
|
||||
auto get_driver_temp =
|
||||
reinterpret_cast<__int64(*)(unsigned*)>(
|
||||
GetProcAddress(LoadLibrary(L"buffer.dll"), "GetDriver"));
|
||||
unsigned driver_size;
|
||||
if (get_driver_temp)
|
||||
return { get_driver_temp(&driver_size), driver_size };
|
||||
return { {}, {} };
|
||||
}
|
||||
|
||||
//--- this function calls GetDriver inside buffer.dll
|
||||
static bool load_driver()
|
||||
{
|
||||
auto load_drv =
|
||||
reinterpret_cast<bool(*)()>(
|
||||
GetProcAddress(LoadLibrary(L"buffer.dll"), "ExportLoad"));
|
||||
return load_drv ? load_drv() : false;
|
||||
}
|
||||
|
||||
//--- driver_name is the name of the driver which is in current working directory
|
||||
static bool map_driver(const char* driver_name)
|
||||
{
|
||||
auto map_drv =
|
||||
reinterpret_cast<bool(*)(const char*)>(
|
||||
GetProcAddress(LoadLibrary(L"mmap.dll"), "ExportMap"));
|
||||
return map_drv ? map_drv(driver_name) : false;
|
||||
}
|
||||
|
||||
//--- hooks ioctl of gpuenergydrv.sys
|
||||
static bool connect_driver()
|
||||
{
|
||||
auto connect_drv =
|
||||
reinterpret_cast<bool(*)()>(
|
||||
GetProcAddress(LoadLibrary(L"inject.dll"), "ExportConnect"));
|
||||
return connect_drv ? connect_drv() : false;
|
||||
}
|
||||
|
||||
//--- pasted from: https://github.com/btbd/hwid
|
||||
static bool spoof()
|
||||
{
|
||||
auto spoof_addr =
|
||||
reinterpret_cast<bool(*)()>(
|
||||
GetProcAddress(LoadLibrary(L"inject.dll"), "ExportSpoof"));
|
||||
return spoof_addr ? spoof_addr() : false;
|
||||
}
|
||||
|
||||
//--- this doesnt hide memory!
|
||||
static bool inject(const char* wind_name, const char* dll_name)
|
||||
{
|
||||
auto inject_addr =
|
||||
reinterpret_cast<bool(*)(const char*, const char*)>(
|
||||
GetProcAddress(LoadLibrary(L"inject.dll"), "ExportInject"));
|
||||
return inject_addr ? inject_addr(wind_name, dll_name) : false;
|
||||
}
|
||||
}
|
@ -0,0 +1,40 @@
|
||||
#include <iostream>
|
||||
#include <fstream>
|
||||
#include <filesystem>
|
||||
#include "amlegit.hpp"
|
||||
#include "hooked_functions.hpp"
|
||||
|
||||
using namespace std;
|
||||
|
||||
/*
|
||||
Warning! This will get you banned, do not use this!
|
||||
*/
|
||||
int main()
|
||||
{
|
||||
//--- hook DeviceIoControl
|
||||
hook::install(&DeviceIoControl, &shithook::h_device_io_control);
|
||||
|
||||
//--- get driver buffer
|
||||
auto [driver_ptr, driver_size] = amlegit::get_driver();
|
||||
cout << hex << showbase << "[+] driver_ptr: " << driver_ptr << endl;
|
||||
cout << hex << showbase << "[+] driver_size: " << driver_size << endl;
|
||||
|
||||
//--- writes driver to file
|
||||
ofstream driver(filesystem::path("driver.sys"), std::ofstream::out | std::ofstream::binary);
|
||||
driver.write(reinterpret_cast<char*>(driver_ptr), driver_size);
|
||||
driver.close();
|
||||
cout << "[+] wrote driver to disk" << endl;
|
||||
|
||||
//--- load driver
|
||||
amlegit::load_driver();
|
||||
cout << "[+] loaded intel lan driver" << endl;
|
||||
amlegit::map_driver("driver.sys");
|
||||
cout << "[+] mapped unsigned driver" << endl;
|
||||
amlegit::connect_driver();
|
||||
cout << "[+] connected to driver" << endl;
|
||||
|
||||
//--- inject dll into process with window name
|
||||
amlegit::inject("Rainbow Six", "hello_world.dll");
|
||||
cout << "[+] injected dll" << endl;
|
||||
cin.get();
|
||||
}
|
@ -0,0 +1,169 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup Label="ProjectConfigurations">
|
||||
<ProjectConfiguration Include="Debug|Win32">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|Win32">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Debug|x64">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|x64">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
</ItemGroup>
|
||||
<PropertyGroup Label="Globals">
|
||||
<VCProjectVersion>16.0</VCProjectVersion>
|
||||
<ProjectGuid>{6CFA63DA-34DE-46E7-81BA-876CF3267A4F}</ProjectGuid>
|
||||
<Keyword>Win32Proj</Keyword>
|
||||
<RootNamespace>amlegitdriver</RootNamespace>
|
||||
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
<SpectreMitigation>false</SpectreMitigation>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
<SpectreMitigation>false</SpectreMitigation>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
<SpectreMitigation>false</SpectreMitigation>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
<SpectreMitigation>false</SpectreMitigation>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||
<ImportGroup Label="ExtensionSettings">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="Shared">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<PropertyGroup Label="UserMacros" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>
|
||||
</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<LanguageStandard>stdcpplatest</LanguageStandard>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>
|
||||
</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<LanguageStandard>stdcpplatest</LanguageStandard>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>
|
||||
</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<LanguageStandard>stdcpplatest</LanguageStandard>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>
|
||||
</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<LanguageStandard>stdcpplatest</LanguageStandard>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="amlegit_driver.cpp" />
|
||||
<ClCompile Include="hook.cpp" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="amlegit.hpp" />
|
||||
<ClInclude Include="hook.hpp" />
|
||||
<ClInclude Include="hooked_functions.hpp" />
|
||||
</ItemGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||
<ImportGroup Label="ExtensionTargets">
|
||||
</ImportGroup>
|
||||
</Project>
|
@ -0,0 +1,36 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup>
|
||||
<Filter Include="Source Files">
|
||||
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
||||
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Header Files">
|
||||
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
|
||||
<Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Resource Files">
|
||||
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
|
||||
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
|
||||
</Filter>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="amlegit_driver.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="hook.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="amlegit.hpp">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="hooked_functions.hpp">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="hook.hpp">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
</Project>
|
@ -0,0 +1,4 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<PropertyGroup />
|
||||
</Project>
|
@ -0,0 +1,42 @@
|
||||
#include "hook.hpp"
|
||||
|
||||
namespace hook
|
||||
{
|
||||
//--- default constructor
|
||||
detour::detour(void* addr_to_hook, void* jmp_to_addr)
|
||||
: hook_addr((std::uintptr_t)addr_to_hook), detour_addr((std::uintptr_t)jmp_to_addr)
|
||||
{
|
||||
//finish the shellcode by adding the address to jmp to
|
||||
*(uintptr_t*)(jmp_code + OFFSET_TO_ADDRESS) = (std::uintptr_t)jmp_to_addr;
|
||||
//save old bytes
|
||||
memcpy(org_bytes, (void*)hook_addr, JMP_CODE_SIZE);
|
||||
//install the hook.
|
||||
install();
|
||||
}
|
||||
|
||||
detour::~detour()
|
||||
{uninstall();}
|
||||
|
||||
void detour::install()
|
||||
{
|
||||
//install the hook.
|
||||
write_to_readonly((void *)hook_addr, jmp_code, JMP_CODE_SIZE);
|
||||
hook_installed = true;
|
||||
}
|
||||
|
||||
void detour::uninstall()
|
||||
{
|
||||
//write the original bytes back.
|
||||
write_to_readonly((void *)hook_addr, org_bytes, JMP_CODE_SIZE);
|
||||
hook_installed = false;
|
||||
}
|
||||
|
||||
uintptr_t detour::hook_address()
|
||||
{return hook_addr;}
|
||||
|
||||
uintptr_t detour::detour_address()
|
||||
{return detour_addr;}
|
||||
|
||||
bool detour::installed()
|
||||
{return hook_installed;}
|
||||
}
|
@ -0,0 +1,109 @@
|
||||
#pragma once
|
||||
#include <Windows.h>
|
||||
#include <map>
|
||||
#include <memory>
|
||||
|
||||
#define JMP_CODE_SIZE 14
|
||||
#define OFFSET_TO_ADDRESS 0x2
|
||||
|
||||
namespace hook
|
||||
{
|
||||
class detour
|
||||
{
|
||||
public:
|
||||
detour(void* addrToHook, void* jmpTo);
|
||||
~detour();
|
||||
void install();
|
||||
void uninstall();
|
||||
bool installed();
|
||||
uintptr_t hook_address();
|
||||
uintptr_t detour_address();
|
||||
private:
|
||||
bool hook_installed{ false };
|
||||
uintptr_t hook_addr, detour_addr;
|
||||
unsigned char jmp_code[JMP_CODE_SIZE] = {
|
||||
0x48, 0xb8, //movabs rax, &jmpTo
|
||||
0x0, //jmpTo address will be here in these 0's
|
||||
0x0,
|
||||
0x0,
|
||||
0x0,
|
||||
0x0,
|
||||
0x0,
|
||||
0x0,
|
||||
0x0,
|
||||
0xff, 0xe0, //jmp rax
|
||||
0x90, 0x90 //nop, nop
|
||||
};
|
||||
char org_bytes[JMP_CODE_SIZE];
|
||||
};
|
||||
|
||||
static std::map<uintptr_t, std::unique_ptr<detour>> hooks{};
|
||||
|
||||
__forceinline void write_to_readonly(void* addr, void* data, int size)
|
||||
{
|
||||
DWORD old_flags;
|
||||
VirtualProtect((LPVOID)addr, size, PAGE_READWRITE, &old_flags);
|
||||
memcpy((void*)addr, data, size);
|
||||
VirtualProtect((LPVOID)addr, size, old_flags, &old_flags);
|
||||
}
|
||||
|
||||
/*
|
||||
Author: xerox
|
||||
Date: 12/19/2019
|
||||
|
||||
Create Hook without needing to deal with objects
|
||||
*/
|
||||
__forceinline void install(void* addr_to_hook, void* jmp_to_addr) {
|
||||
|
||||
if (!addr_to_hook)
|
||||
return;
|
||||
|
||||
hooks.insert({
|
||||
(std::uintptr_t)addr_to_hook,
|
||||
std::make_unique<detour>(
|
||||
addr_to_hook,
|
||||
jmp_to_addr
|
||||
)}
|
||||
);
|
||||
}
|
||||
|
||||
/*
|
||||
Author: xerox
|
||||
Date: 12/19/2019
|
||||
|
||||
Enable hook given the address to hook
|
||||
*/
|
||||
__forceinline void enable(void* addr)
|
||||
{
|
||||
if (!addr)
|
||||
return;
|
||||
hooks.at((std::uintptr_t)addr)->install();
|
||||
}
|
||||
|
||||
/*
|
||||
Author: xerox
|
||||
Date: 12/19/2019
|
||||
|
||||
Disable hook givent the address of the hook
|
||||
*/
|
||||
__forceinline void disable(void* addr)
|
||||
{
|
||||
if (!addr)
|
||||
return;
|
||||
hooks.at((std::uintptr_t)addr)->uninstall();
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
Author: xerox
|
||||
Date: 12/19/2019
|
||||
|
||||
Remove hook completely from vector
|
||||
*/
|
||||
__forceinline void remove(void* addr)
|
||||
{
|
||||
if (!addr)
|
||||
return;
|
||||
hooks.erase((std::uintptr_t)addr);
|
||||
}
|
||||
}
|
@ -0,0 +1,57 @@
|
||||
#include <iostream>
|
||||
#include "hook.hpp"
|
||||
|
||||
namespace shithook
|
||||
{
|
||||
static BOOL h_device_io_control(
|
||||
HANDLE hDevice,
|
||||
DWORD dwIoControlCode,
|
||||
LPVOID lpInBuffer,
|
||||
DWORD nInBufferSize,
|
||||
LPVOID lpOutBuffer,
|
||||
DWORD nOutBufferSize,
|
||||
LPDWORD lpBytesReturned,
|
||||
LPOVERLAPPED lpOverlapped
|
||||
)
|
||||
{
|
||||
switch (dwIoControlCode)
|
||||
{
|
||||
case 0x2248D2:
|
||||
std::cout << std::endl << "[IOCTL] Testing communication" << std::endl;
|
||||
break;
|
||||
case 0x224DCA:
|
||||
std::cout << std::endl << "[IOCTL] Read data (MmCopyVirtualMemory)" << std::endl;
|
||||
break;
|
||||
case 0x225CC1:
|
||||
std::cout << std::endl << "[IOCTL] Write data (MmCopyVirtualMemory)" << std::endl;
|
||||
break;
|
||||
case 0x224986:
|
||||
std::cout << std::endl << "[IOCTL] Allocate Virtual Memory (MmMapLockedPagesSpecifyCache, ZwOpenProcess, ZwAllocateVirtualMemory)" << std::endl;
|
||||
break;
|
||||
case 0x235C42:
|
||||
std::cout << std::endl << "[IOCTL] Spoofer (Pasted from hwid)" << std::endl;
|
||||
break;
|
||||
default:
|
||||
std::cout << "[-] unknown ioctl code " << std::showbase << std::hex << dwIoControlCode << std::endl;
|
||||
}
|
||||
|
||||
std::cout << "[+] buffer size: " << nInBufferSize << std::endl;
|
||||
|
||||
for (auto idx = 0u; idx < nInBufferSize; ++idx)
|
||||
printf("0x%x ", ((uint8_t*)lpInBuffer)[idx]);
|
||||
|
||||
hook::disable(&DeviceIoControl);
|
||||
bool result = DeviceIoControl(
|
||||
hDevice,
|
||||
dwIoControlCode,
|
||||
lpInBuffer,
|
||||
nInBufferSize,
|
||||
lpOutBuffer,
|
||||
nOutBufferSize,
|
||||
lpBytesReturned,
|
||||
lpOverlapped
|
||||
);
|
||||
hook::enable(&DeviceIoControl);
|
||||
return result;
|
||||
}
|
||||
}
|
After Width: | Height: | Size: 44 KiB |
Before Width: | Height: | Size: 43 KiB After Width: | Height: | Size: 43 KiB |
Before Width: | Height: | Size: 30 KiB After Width: | Height: | Size: 30 KiB |
After Width: | Height: | Size: 22 KiB |
Before Width: | Height: | Size: 144 KiB After Width: | Height: | Size: 144 KiB |
Before Width: | Height: | Size: 163 KiB After Width: | Height: | Size: 163 KiB |
Before Width: | Height: | Size: 66 KiB After Width: | Height: | Size: 66 KiB |
After Width: | Height: | Size: 48 KiB |
Before Width: | Height: | Size: 15 KiB After Width: | Height: | Size: 15 KiB |
Before Width: | Height: | Size: 15 KiB After Width: | Height: | Size: 15 KiB |
Before Width: | Height: | Size: 87 KiB After Width: | Height: | Size: 87 KiB |
After Width: | Height: | Size: 167 KiB |
Before Width: | Height: | Size: 112 KiB After Width: | Height: | Size: 112 KiB |
Before Width: | Height: | Size: 122 KiB After Width: | Height: | Size: 122 KiB |