Browse Source

updated example and cleaned some code

master
xerox 2 years ago
parent
commit
c4ee1817a8
  1. 0
      badeye/badeye/BEDaisy.sys
  2. 7
      badeye/badeye/badeye.vcxproj
  3. 8
      badeye/badeye/badeye.vcxproj.filters
  4. 3
      badeye/badeye/icon.rc
  5. 8
      badeye/badeye/main.cpp
  6. 4
      badeye/badeye/nozzle.hpp
  7. BIN
      badeye/badeye/small.ico
  8. 20
      badeye/inside/bedaisy.hpp
  9. 29
      badeye/inside/dllmain.cpp
  10. 1
      badeye/inside/inside.vcxproj
  11. 3
      badeye/inside/inside.vcxproj.filters
  12. 30
      badeye/inside/rust.hpp
  13. 20
      badeye/inside/utils.hpp
  14. BIN
      battleye.8.17.2020/cmd.exe
  15. BIN
      example/BattlEye (8.17.2020)/BEDaisy (8.17.2020).sys
  16. 0
      example/BattlEye (8.17.2020)/BELauncher.exe
  17. 0
      example/BattlEye (8.17.2020)/BattlEye/BEClient_x64.dll
  18. BIN
      example/BattlEye (8.17.2020)/BattlEye/BELauncher.ini
  19. 0
      example/BattlEye (8.17.2020)/BattlEye/BEService_x64.exe
  20. 0
      example/BattlEye (8.17.2020)/BattlEye/Install_BattlEye.bat
  21. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/cs-CZ.txt
  22. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/cs.txt
  23. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/de-DE.txt
  24. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/de.txt
  25. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/en-US.txt
  26. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/en.txt
  27. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/es-ES.txt
  28. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/es-MX.txt
  29. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/es.txt
  30. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/fr-FR.txt
  31. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/fr.txt
  32. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/it-IT.txt
  33. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/it.txt
  34. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/ja-JP.txt
  35. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/ja.txt
  36. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/ko-KR.txt
  37. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/ko.txt
  38. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/nl-NL.txt
  39. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/nl.txt
  40. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/pl-PL.txt
  41. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/pl.txt
  42. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/pt-BR.txt
  43. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/pt.txt
  44. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/ru-RU.txt
  45. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/ru.txt
  46. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/tr-TR.txt
  47. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/tr.txt
  48. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/zh-CN.txt
  49. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/zh-TW.txt
  50. 0
      example/BattlEye (8.17.2020)/BattlEye/Privacy/zh.txt
  51. 0
      example/BattlEye (8.17.2020)/BattlEye/Uninstall_BattlEye.bat
  52. BIN
      example/BattlEye (8.17.2020)/cmd.exe.lnk
  53. 0
      example/README.md
  54. BIN
      example/badeye.exe
  55. 2
      example/desktop.ini
  56. 2
      example/example.bat
  57. BIN
      example/inside.dll

0
battleye.8.17.2020/BEDaisy.sys → badeye/badeye/BEDaisy.sys

7
badeye/badeye/badeye.vcxproj

@ -24,6 +24,7 @@
<ProjectGuid>{faadd55d-e2c8-4e6d-be7e-6d8b5209f4f0}</ProjectGuid>
<RootNamespace>badeye</RootNamespace>
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
<ProjectName>badeye</ProjectName>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
@ -78,9 +79,11 @@
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
<TargetName>$(ProjectName)</TargetName>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<TargetName>$(ProjectName)</TargetName>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
@ -116,6 +119,7 @@
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<LanguageStandard>stdcpp17</LanguageStandard>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -148,6 +152,9 @@
<ItemGroup>
<ClInclude Include="nozzle.hpp" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="icon.rc" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>

8
badeye/badeye/badeye.vcxproj.filters

@ -9,6 +9,9 @@
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{7d90a3bf-3270-443e-8add-02f28e77071a}</UniqueIdentifier>
</Filter>
</ItemGroup>
<ItemGroup>
<ClInclude Include="nozzle.hpp">
@ -20,4 +23,9 @@
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="icon.rc">
<Filter>Resource Files</Filter>
</ResourceCompile>
</ItemGroup>
</Project>

3
badeye/badeye/icon.rc

@ -0,0 +1,3 @@
// Icon Resource Definition
#define MAIN_ICON 102
MAIN_ICON ICON "small.ico"

8
badeye/badeye/main.cpp

@ -9,7 +9,13 @@ int main(const int argc, const char** argv)
return -1;
}
const auto lsass_pid = util::get_process_id(L"lsass.exe");
if (!util::get_pid(L"BEService.exe"))
{
std::perror("[-] please run BattlEye...\n");
return -1;
}
const auto lsass_pid = util::get_pid(L"lsass.exe");
std::printf("[+] lsass_pid => %p\n", lsass_pid);
nozzle::injector inject(argv[1], lsass_pid);

4
badeye/badeye/nozzle.hpp

@ -104,7 +104,7 @@ namespace util
data.insert(data.begin(), std::istream_iterator<uint8_t>(fstr), std::istream_iterator<uint8_t>());
}
inline uint32_t get_process_id(const std::wstring_view process_name)
inline uint32_t get_pid(const std::wstring_view process_name)
{
// open a system snapshot of all loaded processes
uq_handle snap_shot{ CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0), &CloseHandle };
@ -506,7 +506,7 @@ namespace nozzle
void injector::set_target(std::wstring proc_name)
{
target_pid = util::get_process_id(proc_name);
target_pid = util::get_pid(proc_name);
}
void* injector::get_pe_image() const

BIN
badeye/badeye/small.ico

Binary file not shown.

After

Width:  |  Height:  |  Size: 222 KiB

20
badeye/inside/bedaisy.hpp

@ -10,7 +10,7 @@ using ioctl_data = struct { HANDLE drv_handle; void* return_addr; };
namespace bedaisy
{
struct beioctl
struct beioctl_t
{
void* ret_addr;
void* handle;
@ -20,7 +20,7 @@ namespace bedaisy
size_t* bytes_read;
};
inline ioctl_data get_ioctl_data()
__forceinline ioctl_data get_ioctl_data()
{
const auto wpm =
reinterpret_cast<std::uint8_t*>(
@ -47,20 +47,20 @@ namespace bedaisy
return { {}, {} };
}
inline void read(HANDLE proc_handle, std::uintptr_t addr, void* buffer, std::size_t size)
__forceinline void read(HANDLE proc_handle, std::uintptr_t addr, void* buffer, std::size_t size)
{
if (!addr || !buffer || !size)
return;
const auto [daisy_handle, return_addr] = get_ioctl_data();
const beioctl ioctl_data
beioctl_t ioctl_data
{
return_addr,
proc_handle,
addr,
buffer,
size,
(size_t*)0xFFFFFFF3423424
nullptr
};
DWORD bytes_read;
@ -72,18 +72,18 @@ namespace bedaisy
sizeof ioctl_data,
nullptr,
NULL,
&bytes_read,
(LPDWORD)&bytes_read,
nullptr
);
}
void write(HANDLE proc_handle, std::uintptr_t addr, void* buffer, std::size_t size)
__forceinline void write(HANDLE proc_handle, std::uintptr_t addr, void* buffer, std::size_t size)
{
if (!proc_handle || !addr)
return;
const auto [daisy_handle, return_addr] = get_ioctl_data();
const beioctl ioctl_data
beioctl_t ioctl_data
{
return_addr,
proc_handle,
@ -108,7 +108,7 @@ namespace bedaisy
}
template <class T>
inline T read(HANDLE proc_handle, std::uintptr_t addr)
__forceinline T read(HANDLE proc_handle, std::uintptr_t addr)
{
if (!addr || !proc_handle)
return {};
@ -119,7 +119,7 @@ namespace bedaisy
}
template <class T>
inline void write(HANDLE proc_handle, std::uintptr_t addr, const T& data)
__forceinline void write(HANDLE proc_handle, std::uintptr_t addr, const T& data)
{
if (!proc_handle || !addr)
return;

29
badeye/inside/dllmain.cpp

@ -1,29 +1,34 @@
#include "rust.hpp"
#include "utils.hpp"
void example()
void run_example()
{
OutputDebugStringA("[lsass] main thread created!");
const auto proc_handle =
OpenProcess(
PROCESS_QUERY_INFORMATION, FALSE,
utils::get_pid(L"RustClient.exe")
);
OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, utils::get_pid(L"notepad.exe"));
if (proc_handle)
if (proc_handle == INVALID_HANDLE_VALUE)
{
rust::set_fov(proc_handle, 120.f);
OutputDebugStringA("[lsass] set fov!");
OutputDebugStringA("[lsass] failed to open handle to system process...");
return;
}
}
const auto ntdll_base =
reinterpret_cast<std::uintptr_t>(GetModuleHandleA("ntdll.dll"));
if (bedaisy::read<short>(proc_handle, ntdll_base) == IMAGE_DOS_SIGNATURE)
OutputDebugStringA("[lsass] read ntdll MZ from notepad.exe using BEDaisy.sys...\n");
else
OutputDebugStringA("[lsass] failed to read MZ...\n");
}
std::atomic<bool> init = false;
extern "C" NTSTATUS nt_close(void* handle)
extern "C" auto nt_close(void* handle) -> NTSTATUS
{
if (!init.exchange(true))
{
OutputDebugStringA("[lsass] creating thread!");
CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)&example, NULL, NULL, NULL);
CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)&run_example, NULL, NULL, NULL);
}
return NULL;
}

1
badeye/inside/inside.vcxproj

@ -165,7 +165,6 @@
</ItemGroup>
<ItemGroup>
<ClInclude Include="bedaisy.hpp" />
<ClInclude Include="rust.hpp" />
<ClInclude Include="utils.hpp" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />

3
badeye/inside/inside.vcxproj.filters

@ -21,8 +21,5 @@
<ClInclude Include="utils.hpp">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="rust.hpp">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
</Project>

30
badeye/inside/rust.hpp

@ -1,30 +0,0 @@
#pragma once
#include "utils.hpp"
#define GFX_MANAGER 0x28C6F30
#define CAMERA_MANAGER 0xB8
#define CAMERA_FOV 0x18
namespace rust
{
void set_fov(HANDLE proc_handle, float fov_value)
{
const auto asm_base = utils::get_module_base(proc_handle, L"GameAssembly.dll");
if (!asm_base)
return;
const auto gfx_manager = bedaisy::read<std::uintptr_t>(
proc_handle, asm_base + GFX_MANAGER);
if (!gfx_manager)
return;
const auto camera_manager = bedaisy::read<std::uintptr_t>(
proc_handle, gfx_manager + CAMERA_MANAGER);
if (!camera_manager)
return;
bedaisy::write<float>(proc_handle, camera_manager + CAMERA_FOV, fov_value);
}
}

20
badeye/inside/utils.hpp

@ -7,17 +7,17 @@
namespace utils
{
struct nt_peb
typedef struct _nt_peb
{
std::uintptr_t res[2];
std::uintptr_t image_base;
std::uintptr_t ldr;
std::uintptr_t proc_params;
};
} nt_peb;
inline uint32_t get_pid(const std::wstring_view process_name)
__forceinline auto get_pid(const std::wstring_view process_name) -> std::uint32_t
{
const auto handle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
const auto handle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (handle == INVALID_HANDLE_VALUE)
return !CloseHandle(handle);
@ -34,7 +34,7 @@ namespace utils
return NULL;
}
inline PPEB get_process_peb(const HANDLE process_handle)
__forceinline auto get_process_peb(const HANDLE process_handle) -> nt_peb*
{
PROCESS_BASIC_INFORMATION process_info{};
ULONG bytes_returned;
@ -47,20 +47,18 @@ namespace utils
&bytes_returned
) != ERROR_SUCCESS)
return nullptr;
return process_info.PebBaseAddress;
return reinterpret_cast<utils::nt_peb*>(process_info.PebBaseAddress);
}
// could do a snapshot but i have this code handy atm...
inline std::uintptr_t get_proc_base(const HANDLE proc_handle)
__forceinline auto get_proc_base(const HANDLE proc_handle) -> std::uintptr_t
{
if (!proc_handle) return {};
const auto ppeb = reinterpret_cast<std::uintptr_t>(get_process_peb(proc_handle));
const auto peb = bedaisy::read<nt_peb>(proc_handle, ppeb);
return peb.image_base;
}
// could do a snapshot but i have this code handy atm...
inline std::uintptr_t get_module_base(const HANDLE proc_handle, const wchar_t* module_handle)
__forceinline auto get_module_base(const HANDLE proc_handle, const wchar_t* module_handle) -> std::uintptr_t
{
const auto ppeb = reinterpret_cast<std::uintptr_t>(get_process_peb(proc_handle));
const auto peb = bedaisy::read<nt_peb>(proc_handle, ppeb);

BIN
battleye.8.17.2020/cmd.exe

Binary file not shown.

BIN
example/BattlEye (8.17.2020)/BEDaisy (8.17.2020).sys

Binary file not shown.

0
battleye.8.17.2020/BELauncher.exe → example/BattlEye (8.17.2020)/BELauncher.exe

0
battleye.8.17.2020/BattlEye/BEClient_x64.dll → example/BattlEye (8.17.2020)/BattlEye/BEClient_x64.dll

BIN
battleye.8.17.2020/BattlEye/BELauncher.ini → example/BattlEye (8.17.2020)/BattlEye/BELauncher.ini

Binary file not shown.

0
battleye.8.17.2020/BattlEye/BEService_x64.exe → example/BattlEye (8.17.2020)/BattlEye/BEService_x64.exe

0
battleye.8.17.2020/BattlEye/Install_BattlEye.bat → example/BattlEye (8.17.2020)/BattlEye/Install_BattlEye.bat

0
battleye.8.17.2020/BattlEye/Privacy/cs-CZ.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/cs-CZ.txt

0
battleye.8.17.2020/BattlEye/Privacy/cs.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/cs.txt

0
battleye.8.17.2020/BattlEye/Privacy/de-DE.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/de-DE.txt

0
battleye.8.17.2020/BattlEye/Privacy/de.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/de.txt

0
battleye.8.17.2020/BattlEye/Privacy/en-US.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/en-US.txt

0
battleye.8.17.2020/BattlEye/Privacy/en.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/en.txt

0
battleye.8.17.2020/BattlEye/Privacy/es-ES.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/es-ES.txt

0
battleye.8.17.2020/BattlEye/Privacy/es-MX.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/es-MX.txt

0
battleye.8.17.2020/BattlEye/Privacy/es.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/es.txt

0
battleye.8.17.2020/BattlEye/Privacy/fr-FR.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/fr-FR.txt

0
battleye.8.17.2020/BattlEye/Privacy/fr.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/fr.txt

0
battleye.8.17.2020/BattlEye/Privacy/it-IT.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/it-IT.txt

0
battleye.8.17.2020/BattlEye/Privacy/it.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/it.txt

0
battleye.8.17.2020/BattlEye/Privacy/ja-JP.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/ja-JP.txt

0
battleye.8.17.2020/BattlEye/Privacy/ja.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/ja.txt

0
battleye.8.17.2020/BattlEye/Privacy/ko-KR.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/ko-KR.txt

0
battleye.8.17.2020/BattlEye/Privacy/ko.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/ko.txt

0
battleye.8.17.2020/BattlEye/Privacy/nl-NL.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/nl-NL.txt

0
battleye.8.17.2020/BattlEye/Privacy/nl.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/nl.txt

0
battleye.8.17.2020/BattlEye/Privacy/pl-PL.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/pl-PL.txt

0
battleye.8.17.2020/BattlEye/Privacy/pl.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/pl.txt

0
battleye.8.17.2020/BattlEye/Privacy/pt-BR.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/pt-BR.txt

0
battleye.8.17.2020/BattlEye/Privacy/pt.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/pt.txt

0
battleye.8.17.2020/BattlEye/Privacy/ru-RU.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/ru-RU.txt

0
battleye.8.17.2020/BattlEye/Privacy/ru.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/ru.txt

0
battleye.8.17.2020/BattlEye/Privacy/tr-TR.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/tr-TR.txt

0
battleye.8.17.2020/BattlEye/Privacy/tr.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/tr.txt

0
battleye.8.17.2020/BattlEye/Privacy/zh-CN.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/zh-CN.txt

0
battleye.8.17.2020/BattlEye/Privacy/zh-TW.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/zh-TW.txt

0
battleye.8.17.2020/BattlEye/Privacy/zh.txt → example/BattlEye (8.17.2020)/BattlEye/Privacy/zh.txt

0
battleye.8.17.2020/BattlEye/Uninstall_BattlEye.bat → example/BattlEye (8.17.2020)/BattlEye/Uninstall_BattlEye.bat

BIN
example/BattlEye (8.17.2020)/cmd.exe.lnk

Binary file not shown.

0
battleye.8.17.2020/README.md → example/README.md

BIN
example/badeye.exe

Binary file not shown.

2
example/desktop.ini

@ -0,0 +1,2 @@
[LocalizedFileNames]
Command Prompt.lnk=@%SystemRoot%\system32\shell32.dll,-22022

2
example/example.bat

@ -0,0 +1,2 @@
start notepad.exe
start badeye.exe inside.dll

BIN
example/inside.dll

Binary file not shown.
Loading…
Cancel
Save