Rim/iw4x-client
Rim/iw4x-client
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Remove VMProtect from project

Browse Source
This commit is contained in:
Diavolo 2022-04-14 22:24:37 +02:00
parent 215c5b269a
commit 8bae77a8f6
No known key found for this signature in database
GPG Key ID: FA77F074E98D98A5
7 changed files with 47 additions and 216 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
lib/bin/VMProtectSDK32.dll
View File

Binary file not shown.

BIN
lib/bin/VMProtectSDK32.lib
View File

Binary file not shown.

102
lib/include/VMProtect/VMProtectSDK.h
View File

@ -1,102 +0,0 @@
#pragma once
#if defined(__APPLE__) || defined(__unix__)
#define VMP_IMPORT
#define VMP_API
#define VMP_WCHAR unsigned short
#else
#define VMP_IMPORT __declspec(dllimport)
#define VMP_API __stdcall
#define VMP_WCHAR wchar_t
#ifdef _WIN64
#pragma comment(lib, "VMProtectSDK64.lib")
#else
#pragma comment(lib, "VMProtectSDK32.lib")
#endif // _WIN64
#endif // __APPLE__ || __unix__
#ifdef __cplusplus
extern "C" {
#endif
// protection
VMP_IMPORT void VMP_API VMProtectBegin(const char *);
VMP_IMPORT void VMP_API VMProtectBeginVirtualization(const char *);
VMP_IMPORT void VMP_API VMProtectBeginMutation(const char *);
VMP_IMPORT void VMP_API VMProtectBeginUltra(const char *);
VMP_IMPORT void VMP_API VMProtectBeginVirtualizationLockByKey(const char *);
VMP_IMPORT void VMP_API VMProtectBeginUltraLockByKey(const char *);
VMP_IMPORT void VMP_API VMProtectEnd(void);
// utils
VMP_IMPORT bool VMP_API VMProtectIsProtected();
VMP_IMPORT bool VMP_API VMProtectIsDebuggerPresent(bool);
VMP_IMPORT bool VMP_API VMProtectIsVirtualMachinePresent(void);
VMP_IMPORT bool VMP_API VMProtectIsValidImageCRC(void);
VMP_IMPORT const char * VMP_API VMProtectDecryptStringA(const char *value);
VMP_IMPORT const VMP_WCHAR * VMP_API VMProtectDecryptStringW(const VMP_WCHAR *value);
VMP_IMPORT bool VMP_API VMProtectFreeString(const void *value);
// licensing
enum VMProtectSerialStateFlags
{
SERIAL_STATE_SUCCESS = 0,
SERIAL_STATE_FLAG_CORRUPTED = 0x00000001,
SERIAL_STATE_FLAG_INVALID = 0x00000002,
SERIAL_STATE_FLAG_BLACKLISTED = 0x00000004,
SERIAL_STATE_FLAG_DATE_EXPIRED = 0x00000008,
SERIAL_STATE_FLAG_RUNNING_TIME_OVER = 0x00000010,
SERIAL_STATE_FLAG_BAD_HWID = 0x00000020,
SERIAL_STATE_FLAG_MAX_BUILD_EXPIRED = 0x00000040,
};
#pragma pack(push, 1)
typedef struct
{
unsigned short wYear;
unsigned char bMonth;
unsigned char bDay;
} VMProtectDate;
typedef struct
{
int nState; // VMProtectSerialStateFlags
VMP_WCHAR wUserName[256]; // user name
VMP_WCHAR wEMail[256]; // email
VMProtectDate dtExpire; // date of serial number expiration
VMProtectDate dtMaxBuild; // max date of build, that will accept this key
int bRunningTime; // running time in minutes
unsigned char nUserDataLength; // length of user data in bUserData
unsigned char bUserData[255]; // up to 255 bytes of user data
} VMProtectSerialNumberData;
#pragma pack(pop)
VMP_IMPORT int VMP_API VMProtectSetSerialNumber(const char *serial);
VMP_IMPORT int VMP_API VMProtectGetSerialNumberState();
VMP_IMPORT bool VMP_API VMProtectGetSerialNumberData(VMProtectSerialNumberData *data, int size);
VMP_IMPORT int VMP_API VMProtectGetCurrentHWID(char *hwid, int size);
// activation
enum VMProtectActivationFlags
{
ACTIVATION_OK = 0,
ACTIVATION_SMALL_BUFFER,
ACTIVATION_NO_CONNECTION,
ACTIVATION_BAD_REPLY,
ACTIVATION_BANNED,
ACTIVATION_CORRUPTED,
ACTIVATION_BAD_CODE,
ACTIVATION_ALREADY_USED,
ACTIVATION_SERIAL_UNKNOWN,
ACTIVATION_EXPIRED,
ACTIVATION_NOT_AVAILABLE
};
VMP_IMPORT int VMP_API VMProtectActivateLicense(const char *code, char *serial, int size);
VMP_IMPORT int VMP_API VMProtectDeactivateLicense(const char *serial);
VMP_IMPORT int VMP_API VMProtectGetOfflineActivationString(const char *code, char *buf, int size);
VMP_IMPORT int VMP_API VMProtectGetOfflineDeactivationString(const char *serial, char *buf, int size);
#ifdef __cplusplus
}
#endif

3
premake5.lua
View File

@ -269,9 +269,6 @@ workspace "iw4x"
"./src",
"./lib/include",
}
syslibdirs {
"./lib/bin",
}
resincludedirs {
"$(ProjectDir)src" -- fix for VS IDE
}

143
src/Components/Modules/AntiCheat.cpp
View File

@ -36,7 +36,6 @@ namespace Components
void AntiCheat::CrashClient()
{
__VMProtectBeginUltra("");
#ifdef DEBUG_DETECTIONS
Logger::Flush();
MessageBoxA(nullptr, "Check the log for more information!", "AntiCheat triggered", MB_ICONERROR);
@ -52,12 +51,10 @@ namespace Components
});
}
#endif
__VMProtectEnd;
}
void AntiCheat::AssertCalleeModule(void* callee)
{
__VMProtectBeginUltra("");
HMODULE hModuleSelf = nullptr, hModuleTarget = nullptr, hModuleProcess = GetModuleHandleA(nullptr);
GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, reinterpret_cast<char*>(callee), &hModuleTarget);
GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, reinterpret_cast<char*>(AntiCheat::AssertCalleeModule), &hModuleSelf);
@ -73,12 +70,10 @@ namespace Components
AntiCheat::CrashClient();
}
__VMProtectEnd;
}
void AntiCheat::InitLoadLibHook()
{
__VMProtectBeginUltra("");
static uint8_t kernel32Str[] = { 0xB4, 0x9A, 0x8D, 0xB1, 0x9A, 0x93, 0xCC, 0xCD, 0xD1, 0x9B, 0x93, 0x93 }; // KerNel32.dll
static uint8_t loadLibAStr[] = { 0xB3, 0x90, 0x9E, 0x9B, 0xB3, 0x96, 0x9D, 0x8D, 0x9E, 0x8D, 0x86, 0xBE }; // LoadLibraryA
static uint8_t loadLibWStr[] = { 0xB3, 0x90, 0x9E, 0x9B, 0xB3, 0x96, 0x9D, 0x8D, 0x9E, 0x8D, 0x86, 0xA8 }; // LoadLibraryW
@ -138,13 +133,10 @@ namespace Components
Utils::Hook::Signature signature(ntdll, Utils::GetModuleSize(ntdll));
signature.add(container);
//signature.process();
__VMProtectEnd;
}
void AntiCheat::ReadIntegrityCheck()
{
__VMProtectBeginUltra("");
#ifdef PROCTECT_PROCESS
static Utils::Time::Interval check;
@ -166,12 +158,10 @@ namespace Components
// Set the integrity flag
AntiCheat::Flags |= AntiCheat::IntergrityFlag::READ_INTEGRITY_CHECK;
#endif
__VMProtectEnd;
}
void AntiCheat::FlagIntegrityCheck()
{
__VMProtectBeginUltra("");
static Utils::Time::Interval check;
if (check.elapsed(30s))
@ -189,12 +179,10 @@ namespace Components
AntiCheat::CrashClient();
}
}
__VMProtectEnd;
}
void AntiCheat::ScanIntegrityCheck()
{
__VMProtectBeginUltra("");
// If there was no check within the last 40 seconds, crash!
if (AntiCheat::LastCheck.elapsed(40s))
{
@ -207,12 +195,10 @@ namespace Components
// Set the integrity flag
AntiCheat::Flags |= AntiCheat::IntergrityFlag::SCAN_INTEGRITY_CHECK;
__VMProtectEnd;
}
void AntiCheat::PerformScan()
{
__VMProtectBeginUltra("");
static std::optional<unsigned int> hashVal;
// Perform check only every 20 seconds
@ -243,12 +229,10 @@ namespace Components
// Set the memory scan flag
AntiCheat::Flags |= AntiCheat::IntergrityFlag::MEMORY_SCAN;
__VMProtectEnd;
}
void AntiCheat::QuickCodeScanner1()
{
__VMProtectBeginUltra("");
static Utils::Time::Interval interval;
static std::optional<unsigned int> hashVal;
@ -267,12 +251,10 @@ namespace Components
}
hashVal.emplace(hash);
__VMProtectEnd;
}
void AntiCheat::QuickCodeScanner2()
{
__VMProtectBeginUltra("");
static Utils::Time::Interval interval;
static std::optional<unsigned int> hashVal;
@ -287,7 +269,6 @@ namespace Components
}
hashVal.emplace(hash);
__VMProtectEnd;
}
#ifdef DEBUG_LOAD_LIBRARY
@ -433,7 +414,6 @@ namespace Components
bool AntiCheat::IsPageChangeAllowed(void* callee, void* addr, size_t len)
{
__VMProtectBeginUltra("");
HMODULE hModuleSelf = nullptr, hModuleTarget = nullptr, hModuleMain = GetModuleHandle(nullptr);
GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, reinterpret_cast<char*>(callee), &hModuleTarget);
GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, reinterpret_cast<char*>(AntiCheat::IsPageChangeAllowed), &hModuleSelf);
@ -450,40 +430,34 @@ namespace Components
}
}
__VMProtectEnd;
return true;
}
BOOL WINAPI AntiCheat::VirtualProtectStub(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect)
{
__VMProtectBeginUltra("");
if (!AntiCheat::IsPageChangeAllowed(_ReturnAddress(), lpAddress, dwSize)) return FALSE;
AntiCheat::VirtualProtectHook[0].uninstall(false);
BOOL result = VirtualProtect(lpAddress, dwSize, flNewProtect, lpflOldProtect);
AntiCheat::VirtualProtectHook[0].install(false);
__VMProtectEnd;
return result;
}
BOOL WINAPI AntiCheat::VirtualProtectExStub(HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect)
{
__VMProtectBeginUltra("");
if (GetCurrentProcessId() == GetProcessId(hProcess) && !AntiCheat::IsPageChangeAllowed(_ReturnAddress(), lpAddress, dwSize)) return FALSE;
AntiCheat::VirtualProtectHook[1].uninstall(false);
BOOL result = VirtualProtectEx(hProcess, lpAddress, dwSize, flNewProtect, lpflOldProtect);
AntiCheat::VirtualProtectHook[1].install(false);
__VMProtectEnd;
return result;
}
unsigned long AntiCheat::ProtectProcess()
{
#ifdef PROCTECT_PROCESS
__VMProtectBeginUltra("");
Utils::Memory::Allocator allocator;
@ -611,8 +585,6 @@ namespace Components
if (!InitializeSecurityDescriptor(pSecDesc, SECURITY_DESCRIPTOR_REVISION)) return GetLastError();
if (!SetSecurityDescriptorDacl(pSecDesc, TRUE, pDacl, FALSE)) return GetLastError();
__VMProtectEnd;
return SetSecurityInfo(
GetCurrentProcess(),
SE_KERNEL_OBJECT, // process object
@ -629,8 +601,6 @@ namespace Components
void AntiCheat::AcquireDebugPrivilege(HANDLE hToken)
{
__VMProtectBeginUltra("");
LUID luid;
TOKEN_PRIVILEGES tp = { 0 };
DWORD cb = sizeof(TOKEN_PRIVILEGES);
@ -641,22 +611,16 @@ namespace Components
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, FALSE, &tp, cb, nullptr, nullptr);
//if (GetLastError() != ERROR_SUCCESS) return;
__VMProtectEnd;
}
void AntiCheat::PatchVirtualProtect(void* vp, void* vpex)
{
__VMProtectBeginUltra("");
AntiCheat::VirtualProtectHook[1].initialize(vpex, AntiCheat::VirtualProtectExStub, HOOK_JUMP)->install(true, true);
AntiCheat::VirtualProtectHook[0].initialize(vp, AntiCheat::VirtualProtectStub, HOOK_JUMP)->install(true, true);
__VMProtectEnd;
}
NTSTATUS NTAPI AntiCheat::NtCreateThreadExStub(PHANDLE phThread, ACCESS_MASK desiredAccess, LPVOID objectAttributes, HANDLE processHandle, LPTHREAD_START_ROUTINE startAddress, LPVOID parameter, BOOL createSuspended, DWORD stackZeroBits, DWORD sizeOfStackCommit, DWORD sizeOfStackReserve, LPVOID bytesBuffer)
{
__VMProtectBeginUltra("");
HANDLE hThread = nullptr;
std::lock_guard<std::mutex> _(AntiCheat::ThreadMutex);
@ -671,15 +635,11 @@ namespace Components
AntiCheat::OwnThreadIds.push_back(GetThreadId(hThread));
}
__VMProtectEnd;
return result;
}
void AntiCheat::PatchThreadCreation()
{
__VMProtectBeginUltra("");
HMODULE ntdll = Utils::GetNTDLL();
if (ntdll)
{
@ -690,19 +650,15 @@ namespace Components
AntiCheat::CreateThreadHook.initialize(createThread, AntiCheat::NtCreateThreadExStub, HOOK_JUMP)->install();
}
}
__VMProtectEnd;
}
int AntiCheat::ValidateThreadTermination(void* addr)
{
__VMProtectBeginUltra("");
{
std::lock_guard<std::mutex> _(AntiCheat::ThreadMutex);
DWORD id = GetCurrentThreadId();
auto threadHook = AntiCheat::ThreadHookMap.find(id);
if (threadHook != AntiCheat::ThreadHookMap.end())
if (const auto threadHook = AntiCheat::ThreadHookMap.find(id); threadHook != AntiCheat::ThreadHookMap.end())
{
threadHook->second->uninstall(false);
AntiCheat::ThreadHookMap.erase(threadHook); // Uninstall and delete the hook
@ -717,7 +673,7 @@ namespace Components
// It would be better to wait for the thread
// but we don't know if there are multiple hooks at the same address
bool found = false;
for (auto threadHook : AntiCheat::ThreadHookMap)
for (const auto& threadHook : AntiCheat::ThreadHookMap)
{
if (threadHook.second->getAddress() == addr)
{
@ -730,8 +686,6 @@ namespace Components
std::this_thread::sleep_for(10ms);
}
__VMProtectEnd;
return 0; // Don't kill
}
@ -773,7 +727,6 @@ namespace Components
void AntiCheat::VerifyThreadIntegrity()
{
__VMProtectBeginUltra("");
bool kill = true;
{
std::lock_guard<std::mutex> _(AntiCheat::ThreadMutex);
@ -821,71 +774,67 @@ namespace Components
}
}
}
__VMProtectEnd;
}
void AntiCheat::SystemTimeDiff(LPSYSTEMTIME stA, LPSYSTEMTIME stB, LPSYSTEMTIME stC) {
FILETIME ftA, ftB, ftC;
ULARGE_INTEGER uiA, uiB, uiC;
void AntiCheat::SystemTimeDiff(LPSYSTEMTIME stA, LPSYSTEMTIME stB, LPSYSTEMTIME stC)
{
FILETIME ftA, ftB, ftC;
ULARGE_INTEGER uiA, uiB, uiC;
SystemTimeToFileTime(stA, &ftA);
SystemTimeToFileTime(stB, &ftB);
uiA.HighPart = ftA.dwHighDateTime;
uiA.LowPart = ftA.dwLowDateTime;
uiB.HighPart = ftB.dwHighDateTime;
uiB.LowPart = ftB.dwLowDateTime;
SystemTimeToFileTime(stA, &ftA);
SystemTimeToFileTime(stB, &ftB);
uiA.HighPart = ftA.dwHighDateTime;
uiA.LowPart = ftA.dwLowDateTime;
uiB.HighPart = ftB.dwHighDateTime;
uiB.LowPart = ftB.dwLowDateTime;
uiC.QuadPart = uiA.QuadPart - uiB.QuadPart;
uiC.QuadPart = uiA.QuadPart - uiB.QuadPart;
ftC.dwHighDateTime = uiC.HighPart;
ftC.dwLowDateTime = uiC.LowPart;
FileTimeToSystemTime(&ftC, stC);
}
ftC.dwHighDateTime = uiC.HighPart;
ftC.dwLowDateTime = uiC.LowPart;
FileTimeToSystemTime(&ftC, stC);
}
void AntiCheat::CheckStartupTime()
{
__VMProtectBeginUltra("");
FILETIME creation, exit, kernel, user;
SYSTEMTIME current, creationSt, diffSt;
void AntiCheat::CheckStartupTime()
{
FILETIME creation, exit, kernel, user;
SYSTEMTIME current, creationSt, diffSt;
GetSystemTime(&current);
GetProcessTimes(GetCurrentProcess(), &creation, &exit, &kernel, &user);
GetSystemTime(&current);
GetProcessTimes(GetCurrentProcess(), &creation, &exit, &kernel, &user);
FileTimeToSystemTime(&creation, &creationSt);
AntiCheat::SystemTimeDiff(&current, &creationSt, &diffSt);
FileTimeToSystemTime(&creation, &creationSt);
AntiCheat::SystemTimeDiff(&current, &creationSt, &diffSt);
#ifdef DEBUG
char buf[512];
snprintf(buf, 512, "creation: %d:%d:%d:%d\n", creationSt.wHour, creationSt.wMinute, creationSt.wSecond, creationSt.wMilliseconds);
OutputDebugStringA(buf);
char buf[512];
snprintf(buf, 512, "creation: %d:%d:%d:%d\n", creationSt.wHour, creationSt.wMinute, creationSt.wSecond, creationSt.wMilliseconds);
OutputDebugStringA(buf);
snprintf(buf, 512, "current: %d:%d:%d:%d\n", current.wHour, current.wMinute, current.wSecond, current.wMilliseconds);
OutputDebugStringA(buf);
snprintf(buf, 512, "current: %d:%d:%d:%d\n", current.wHour, current.wMinute, current.wSecond, current.wMilliseconds);
OutputDebugStringA(buf);
snprintf(buf, 512, "diff: %d:%d:%d:%d\n", diffSt.wHour, diffSt.wMinute, diffSt.wSecond, diffSt.wMilliseconds);
OutputDebugStringA(buf);
snprintf(buf, 512, "diff: %d:%d:%d:%d\n", diffSt.wHour, diffSt.wMinute, diffSt.wSecond, diffSt.wMilliseconds);
OutputDebugStringA(buf);
#endif
// crash client if they are using process suspension to inject dlls during startup (aka before we got to here)
// maybe tweak this value depending on what the above logging reveals during testing,
// but 5 seconds seems about right for now
int time = diffSt.wMilliseconds + (diffSt.wSecond * 1000) + (diffSt.wMinute * 1000 * 60);
if (time > 5000) {
Components::AntiCheat::CrashClient();
}
// crash client if they are using process suspension to inject dlls during startup (aka before we got to here)
// maybe tweak this value depending on what the above logging reveals during testing,
// but 5 seconds seems about right for now
int time = diffSt.wMilliseconds + (diffSt.wSecond * 1000) + (diffSt.wMinute * 1000 * 60);
if (time > 5000)
{
Components::AntiCheat::CrashClient();
}
// use below for logging when using StartSuspended.exe
// FILE* f = fopen("times.txt", "a");
// fwrite(buf, 1, strlen(buf), f);
// fclose(f);
__VMProtectEnd;
}
// use below for logging when using StartSuspended.exe
// FILE* f = fopen("times.txt", "a");
// fwrite(buf, 1, strlen(buf), f);
// fclose(f);
}
AntiCheat::AntiCheat()
{
__VMProtectBeginUltra("");
time(nullptr);
AntiCheat::Flags = NO_FLAG;
@ -921,8 +870,6 @@ namespace Components
AntiCheat::Flags |= AntiCheat::IntergrityFlag::INITIALIZATION;
#endif
__VMProtectEnd;
}
AntiCheat::~AntiCheat()

4
src/Components/Modules/AntiCheat.hpp
View File

@ -54,8 +54,8 @@ namespace Components
static void UninstallLibHook();
static void InstallLibHook();
static void CheckStartupTime();
static void SystemTimeDiff(LPSYSTEMTIME stA, LPSYSTEMTIME stB, LPSYSTEMTIME stC);
static void CheckStartupTime();
static void SystemTimeDiff(LPSYSTEMTIME stA, LPSYSTEMTIME stB, LPSYSTEMTIME stC);
private:
enum IntergrityFlag

11
src/STDInclude.hpp
View File

@ -90,17 +90,6 @@
#undef min
#endif
// VMProtect
// #define USE_VMP
#ifdef USE_VMP
#include <VMProtect/VMProtectSDK.h>
#define __VMProtectBeginUltra VMProtectBeginUltra
#define __VMProtectEnd VMProtectEnd()
#else
#define __VMProtectBeginUltra
#define __VMProtectEnd
#endif
// Protobuf
#include "proto/session.pb.h"
#include "proto/party.pb.h"