diff --git a/lib/bin/VMProtectSDK32.dll b/lib/bin/VMProtectSDK32.dll new file mode 100644 index 00000000..5b32d087 Binary files /dev/null and b/lib/bin/VMProtectSDK32.dll differ diff --git a/lib/bin/VMProtectSDK32.lib b/lib/bin/VMProtectSDK32.lib new file mode 100644 index 00000000..1111795a Binary files /dev/null and b/lib/bin/VMProtectSDK32.lib differ diff --git a/lib/include/VMProtect/VMProtectSDK.h b/lib/include/VMProtect/VMProtectSDK.h new file mode 100644 index 00000000..3368ddac --- /dev/null +++ b/lib/include/VMProtect/VMProtectSDK.h @@ -0,0 +1,102 @@ +#pragma once + +#if defined(__APPLE__) || defined(__unix__) +#define VMP_IMPORT +#define VMP_API +#define VMP_WCHAR unsigned short +#else +#define VMP_IMPORT __declspec(dllimport) +#define VMP_API __stdcall +#define VMP_WCHAR wchar_t +#ifdef _WIN64 + #pragma comment(lib, "VMProtectSDK64.lib") +#else + #pragma comment(lib, "VMProtectSDK32.lib") +#endif // _WIN64 +#endif // __APPLE__ || __unix__ + +#ifdef __cplusplus +extern "C" { +#endif + +// protection +VMP_IMPORT void VMP_API VMProtectBegin(const char *); +VMP_IMPORT void VMP_API VMProtectBeginVirtualization(const char *); +VMP_IMPORT void VMP_API VMProtectBeginMutation(const char *); +VMP_IMPORT void VMP_API VMProtectBeginUltra(const char *); +VMP_IMPORT void VMP_API VMProtectBeginVirtualizationLockByKey(const char *); +VMP_IMPORT void VMP_API VMProtectBeginUltraLockByKey(const char *); +VMP_IMPORT void VMP_API VMProtectEnd(void); + +// utils +VMP_IMPORT bool VMP_API VMProtectIsProtected(); +VMP_IMPORT bool VMP_API VMProtectIsDebuggerPresent(bool); +VMP_IMPORT bool VMP_API VMProtectIsVirtualMachinePresent(void); +VMP_IMPORT bool VMP_API VMProtectIsValidImageCRC(void); +VMP_IMPORT const char * VMP_API VMProtectDecryptStringA(const char *value); +VMP_IMPORT const VMP_WCHAR * VMP_API VMProtectDecryptStringW(const VMP_WCHAR *value); +VMP_IMPORT bool VMP_API VMProtectFreeString(const void *value); + +// licensing +enum VMProtectSerialStateFlags +{ + SERIAL_STATE_SUCCESS = 0, + SERIAL_STATE_FLAG_CORRUPTED = 0x00000001, + SERIAL_STATE_FLAG_INVALID = 0x00000002, + SERIAL_STATE_FLAG_BLACKLISTED = 0x00000004, + SERIAL_STATE_FLAG_DATE_EXPIRED = 0x00000008, + SERIAL_STATE_FLAG_RUNNING_TIME_OVER = 0x00000010, + SERIAL_STATE_FLAG_BAD_HWID = 0x00000020, + SERIAL_STATE_FLAG_MAX_BUILD_EXPIRED = 0x00000040, +}; + +#pragma pack(push, 1) +typedef struct +{ + unsigned short wYear; + unsigned char bMonth; + unsigned char bDay; +} VMProtectDate; + +typedef struct +{ + int nState; // VMProtectSerialStateFlags + VMP_WCHAR wUserName[256]; // user name + VMP_WCHAR wEMail[256]; // email + VMProtectDate dtExpire; // date of serial number expiration + VMProtectDate dtMaxBuild; // max date of build, that will accept this key + int bRunningTime; // running time in minutes + unsigned char nUserDataLength; // length of user data in bUserData + unsigned char bUserData[255]; // up to 255 bytes of user data +} VMProtectSerialNumberData; +#pragma pack(pop) + +VMP_IMPORT int VMP_API VMProtectSetSerialNumber(const char *serial); +VMP_IMPORT int VMP_API VMProtectGetSerialNumberState(); +VMP_IMPORT bool VMP_API VMProtectGetSerialNumberData(VMProtectSerialNumberData *data, int size); +VMP_IMPORT int VMP_API VMProtectGetCurrentHWID(char *hwid, int size); + +// activation +enum VMProtectActivationFlags +{ + ACTIVATION_OK = 0, + ACTIVATION_SMALL_BUFFER, + ACTIVATION_NO_CONNECTION, + ACTIVATION_BAD_REPLY, + ACTIVATION_BANNED, + ACTIVATION_CORRUPTED, + ACTIVATION_BAD_CODE, + ACTIVATION_ALREADY_USED, + ACTIVATION_SERIAL_UNKNOWN, + ACTIVATION_EXPIRED, + ACTIVATION_NOT_AVAILABLE +}; + +VMP_IMPORT int VMP_API VMProtectActivateLicense(const char *code, char *serial, int size); +VMP_IMPORT int VMP_API VMProtectDeactivateLicense(const char *serial); +VMP_IMPORT int VMP_API VMProtectGetOfflineActivationString(const char *code, char *buf, int size); +VMP_IMPORT int VMP_API VMProtectGetOfflineDeactivationString(const char *serial, char *buf, int size); + +#ifdef __cplusplus +} +#endif diff --git a/premake5.lua b/premake5.lua index 2625578c..2781c9e0 100644 --- a/premake5.lua +++ b/premake5.lua @@ -284,6 +284,10 @@ workspace "iw4x" includedirs { "%{prj.location}/src", "./src", + "./lib/include", + } + syslibdirs { + "./lib/bin", } resincludedirs { "$(ProjectDir)src" -- fix for VS IDE diff --git a/src/Components/Modules/AntiCheat.cpp b/src/Components/Modules/AntiCheat.cpp index 7223896d..da9af5ee 100644 --- a/src/Components/Modules/AntiCheat.cpp +++ b/src/Components/Modules/AntiCheat.cpp @@ -36,6 +36,7 @@ namespace Components void AntiCheat::CrashClient() { + __VMProtectBeginUltra(""); #ifdef DEBUG_DETECTIONS Logger::Flush(); MessageBoxA(nullptr, "Check the log for more information!", "AntiCheat triggered", MB_ICONERROR); @@ -51,10 +52,12 @@ namespace Components }); } #endif + __VMProtectEnd; } void AntiCheat::AssertCalleeModule(void* callee) { + __VMProtectBeginUltra(""); HMODULE hModuleSelf = nullptr, hModuleTarget = nullptr, hModuleProcess = GetModuleHandleA(nullptr); GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, reinterpret_cast(callee), &hModuleTarget); GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, reinterpret_cast(AntiCheat::AssertCalleeModule), &hModuleSelf); @@ -70,10 +73,12 @@ namespace Components AntiCheat::CrashClient(); } + __VMProtectEnd; } void AntiCheat::InitLoadLibHook() { + __VMProtectBeginUltra(""); static uint8_t kernel32Str[] = { 0xB4, 0x9A, 0x8D, 0xB1, 0x9A, 0x93, 0xCC, 0xCD, 0xD1, 0x9B, 0x93, 0x93 }; // KerNel32.dll static uint8_t loadLibAStr[] = { 0xB3, 0x90, 0x9E, 0x9B, 0xB3, 0x96, 0x9D, 0x8D, 0x9E, 0x8D, 0x86, 0xBE }; // LoadLibraryA static uint8_t loadLibWStr[] = { 0xB3, 0x90, 0x9E, 0x9B, 0xB3, 0x96, 0x9D, 0x8D, 0x9E, 0x8D, 0x86, 0xA8 }; // LoadLibraryW @@ -133,10 +138,13 @@ namespace Components Utils::Hook::Signature signature(ntdll, Utils::GetModuleSize(ntdll)); signature.add(container); //signature.process(); + + __VMProtectEnd; } void AntiCheat::ReadIntegrityCheck() { + __VMProtectBeginUltra(""); #ifdef PROCTECT_PROCESS static Utils::Time::Interval check; @@ -158,10 +166,12 @@ namespace Components // Set the integrity flag AntiCheat::Flags |= AntiCheat::IntergrityFlag::READ_INTEGRITY_CHECK; #endif + __VMProtectEnd; } void AntiCheat::FlagIntegrityCheck() { + __VMProtectBeginUltra(""); static Utils::Time::Interval check; if (check.elapsed(30s)) @@ -179,10 +189,12 @@ namespace Components AntiCheat::CrashClient(); } } + __VMProtectEnd; } void AntiCheat::ScanIntegrityCheck() { + __VMProtectBeginUltra(""); // If there was no check within the last 40 seconds, crash! if (AntiCheat::LastCheck.elapsed(40s)) { @@ -195,10 +207,12 @@ namespace Components // Set the integrity flag AntiCheat::Flags |= AntiCheat::IntergrityFlag::SCAN_INTEGRITY_CHECK; + __VMProtectEnd; } void AntiCheat::PerformScan() { + __VMProtectBeginUltra(""); static std::optional hashVal; // Perform check only every 20 seconds @@ -229,10 +243,12 @@ namespace Components // Set the memory scan flag AntiCheat::Flags |= AntiCheat::IntergrityFlag::MEMORY_SCAN; + __VMProtectEnd; } void AntiCheat::QuickCodeScanner1() { + __VMProtectBeginUltra(""); static Utils::Time::Interval interval; static std::optional hashVal; @@ -251,10 +267,12 @@ namespace Components } hashVal.emplace(hash); + __VMProtectEnd; } void AntiCheat::QuickCodeScanner2() { + __VMProtectBeginUltra(""); static Utils::Time::Interval interval; static std::optional hashVal; @@ -269,6 +287,7 @@ namespace Components } hashVal.emplace(hash); + __VMProtectEnd; } #ifdef DEBUG_LOAD_LIBRARY @@ -414,6 +433,7 @@ namespace Components bool AntiCheat::IsPageChangeAllowed(void* callee, void* addr, size_t len) { + __VMProtectBeginUltra(""); HMODULE hModuleSelf = nullptr, hModuleTarget = nullptr, hModuleMain = GetModuleHandle(nullptr); GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, reinterpret_cast(callee), &hModuleTarget); GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, reinterpret_cast(AntiCheat::IsPageChangeAllowed), &hModuleSelf); @@ -430,34 +450,41 @@ namespace Components } } + __VMProtectEnd; return true; } BOOL WINAPI AntiCheat::VirtualProtectStub(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect) { + __VMProtectBeginUltra(""); if (!AntiCheat::IsPageChangeAllowed(_ReturnAddress(), lpAddress, dwSize)) return FALSE; AntiCheat::VirtualProtectHook[0].uninstall(false); BOOL result = VirtualProtect(lpAddress, dwSize, flNewProtect, lpflOldProtect); AntiCheat::VirtualProtectHook[0].install(false); + __VMProtectEnd; return result; } BOOL WINAPI AntiCheat::VirtualProtectExStub(HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect) { + __VMProtectBeginUltra(""); if (GetCurrentProcessId() == GetProcessId(hProcess) && !AntiCheat::IsPageChangeAllowed(_ReturnAddress(), lpAddress, dwSize)) return FALSE; AntiCheat::VirtualProtectHook[1].uninstall(false); BOOL result = VirtualProtectEx(hProcess, lpAddress, dwSize, flNewProtect, lpflOldProtect); AntiCheat::VirtualProtectHook[1].install(false); + __VMProtectEnd; return result; } unsigned long AntiCheat::ProtectProcess() { #ifdef PROCTECT_PROCESS + __VMProtectBeginUltra(""); + Utils::Memory::Allocator allocator; HANDLE hToken = nullptr; @@ -584,6 +611,8 @@ namespace Components if (!InitializeSecurityDescriptor(pSecDesc, SECURITY_DESCRIPTOR_REVISION)) return GetLastError(); if (!SetSecurityDescriptorDacl(pSecDesc, TRUE, pDacl, FALSE)) return GetLastError(); + __VMProtectEnd; + return SetSecurityInfo( GetCurrentProcess(), SE_KERNEL_OBJECT, // process object @@ -600,6 +629,8 @@ namespace Components void AntiCheat::AcquireDebugPrivilege(HANDLE hToken) { + __VMProtectBeginUltra(""); + LUID luid; TOKEN_PRIVILEGES tp = { 0 }; DWORD cb = sizeof(TOKEN_PRIVILEGES); @@ -610,16 +641,22 @@ namespace Components tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(hToken, FALSE, &tp, cb, nullptr, nullptr); //if (GetLastError() != ERROR_SUCCESS) return; + + __VMProtectEnd; } void AntiCheat::PatchVirtualProtect(void* vp, void* vpex) { + __VMProtectBeginUltra(""); AntiCheat::VirtualProtectHook[1].initialize(vpex, AntiCheat::VirtualProtectExStub, HOOK_JUMP)->install(true, true); AntiCheat::VirtualProtectHook[0].initialize(vp, AntiCheat::VirtualProtectStub, HOOK_JUMP)->install(true, true); + __VMProtectEnd; } NTSTATUS NTAPI AntiCheat::NtCreateThreadExStub(PHANDLE phThread, ACCESS_MASK desiredAccess, LPVOID objectAttributes, HANDLE processHandle, LPTHREAD_START_ROUTINE startAddress, LPVOID parameter, BOOL createSuspended, DWORD stackZeroBits, DWORD sizeOfStackCommit, DWORD sizeOfStackReserve, LPVOID bytesBuffer) { + __VMProtectBeginUltra(""); + HANDLE hThread = nullptr; std::lock_guard _(AntiCheat::ThreadMutex); @@ -634,11 +671,15 @@ namespace Components AntiCheat::OwnThreadIds.push_back(GetThreadId(hThread)); } + __VMProtectEnd; + return result; } void AntiCheat::PatchThreadCreation() { + __VMProtectBeginUltra(""); + HMODULE ntdll = Utils::GetNTDLL(); if (ntdll) { @@ -649,10 +690,13 @@ namespace Components AntiCheat::CreateThreadHook.initialize(createThread, AntiCheat::NtCreateThreadExStub, HOOK_JUMP)->install(); } } + + __VMProtectEnd; } int AntiCheat::ValidateThreadTermination(void* addr) { + __VMProtectBeginUltra(""); { std::lock_guard _(AntiCheat::ThreadMutex); @@ -686,6 +730,8 @@ namespace Components std::this_thread::sleep_for(10ms); } + __VMProtectEnd; + return 0; // Don't kill } @@ -727,6 +773,7 @@ namespace Components void AntiCheat::VerifyThreadIntegrity() { + __VMProtectBeginUltra(""); bool kill = true; { std::lock_guard _(AntiCheat::ThreadMutex); @@ -774,10 +821,13 @@ namespace Components } } } + __VMProtectEnd; } AntiCheat::AntiCheat() { + __VMProtectBeginUltra(""); + time(nullptr); AntiCheat::Flags = NO_FLAG; @@ -817,6 +867,8 @@ namespace Components // Set the integrity flag AntiCheat::Flags |= AntiCheat::IntergrityFlag::INITIALIZATION; #endif + + __VMProtectEnd; } AntiCheat::~AntiCheat() diff --git a/src/Components/Modules/QuickPatch.cpp b/src/Components/Modules/QuickPatch.cpp index c9a1af42..ce11e613 100644 --- a/src/Components/Modules/QuickPatch.cpp +++ b/src/Components/Modules/QuickPatch.cpp @@ -100,6 +100,64 @@ namespace Components Game::CL_SelectStringTableEntryInDvar_f(); } + __declspec(naked) void QuickPatch::JavelinResetHookStub() + { + __asm + { + mov eax, 577A10h; + call eax; + pop edi; + mov dword ptr [esi+34h], 0; + pop esi; + pop ebx; + retn; + } + } + + int QuickPatch::InvalidNameCheck(char *dest, char *source, int size) + { + strncpy(dest, source, size - 1); + dest[size - 1] = 0; + + for (int i = 0; i < size - 1; i++) + { + if (dest[i] > 125 || dest[i] < 32) + { + return false; + } + } + + return true; + + } + + __declspec(naked) void QuickPatch::InvalidNameStub() + { + static char* kick_reason = "Invalid name detected."; + + __asm + { + call InvalidNameCheck; + cmp eax, 1; + + jne invalidName; + + invalidName: + pushad; + push 1; + push kick_reason; + push edi; + mov eax, 0x004D1600; + call eax; + add esp, 12; + popad; + + // return + push 0x00401988; + retn; + } + } + QuickPatch::QuickPatch() { QuickPatch::FrameTime = 0; @@ -108,6 +166,12 @@ namespace Components QuickPatch::FrameTime = Game::Sys_Milliseconds(); }); + // Disallow invalid player names + Utils::Hook(0x401983, QuickPatch::InvalidNameStub, HOOK_JUMP).install()->quick(); + + // Javelin fix + Utils::Hook(0x578F52, QuickPatch::JavelinResetHookStub, HOOK_JUMP).install()->quick(); + // Make sure preDestroy is called when the game shuts down Scheduler::OnShutdown(Loader::PreDestroy); diff --git a/src/Components/Modules/QuickPatch.hpp b/src/Components/Modules/QuickPatch.hpp index 22c57758..99ed8e6a 100644 --- a/src/Components/Modules/QuickPatch.hpp +++ b/src/Components/Modules/QuickPatch.hpp @@ -22,5 +22,10 @@ namespace Components static int MsgReadBitsCompressCheckSV(const char *from, char *to, int size); static int MsgReadBitsCompressCheckCL(const char *from, char *to, int size); + + static void JavelinResetHookStub(); + + static int QuickPatch::InvalidNameCheck(char *dest, char *source, int size); + static void QuickPatch::InvalidNameStub(); }; } diff --git a/src/Components/Modules/Script.cpp b/src/Components/Modules/Script.cpp index b7a4abd6..204039a8 100644 --- a/src/Components/Modules/Script.cpp +++ b/src/Components/Modules/Script.cpp @@ -341,6 +341,32 @@ namespace Components { MessageBoxA(nullptr, Game::Scr_GetString(0), "DEBUG", 0); }, true); + + // Script::AddFunction("playviewmodelfx", [](Game::scr_entref_t /*index*/) + // { + // /*auto Scr_Error = Utils::Hook::Call(0x42EF40); + // if (index >> 16) + // { + // Scr_Error("not an entity"); + // return; + // }*/ + + // // obtain FX name + // auto fxName = Game::Scr_GetString(0); + // auto fx = Game::DB_FindXAssetHeader(Game::XAssetType::ASSET_TYPE_FX, fxName).fx; + + // auto tagName = Game::Scr_GetString(1); + // auto tagIndex = Game::SL_GetString(tagName, 0); + + // /*char boneIndex = -2; + // if (!Game::CG_GetBoneIndex(2048, tagIndex, &boneIndex)) + // { + // Scr_Error(Utils::String::VA("Unknown bone %s.\n", tagName)); + // return; + // }*/ + + // Game::CG_PlayBoltedEffect(0, fx, 2048, tagIndex); + // }); } Script::~Script() diff --git a/src/Game/Functions.cpp b/src/Game/Functions.cpp index 5a647d11..07506472 100644 --- a/src/Game/Functions.cpp +++ b/src/Game/Functions.cpp @@ -15,7 +15,9 @@ namespace Game Cbuf_AddText_t Cbuf_AddText = Cbuf_AddText_t(0x404B20); CG_GetClientNum_t CG_GetClientNum = CG_GetClientNum_t(0x433700); - + CG_PlayBoltedEffect_t CG_PlayBoltedEffect = CG_PlayBoltedEffect_t(0x00430E10); + CG_GetBoneIndex_t CG_GetBoneIndex = CG_GetBoneIndex_t(0x00504F20); + CL_GetClientName_t CL_GetClientName = CL_GetClientName_t(0x4563D0); CL_IsCgameInitialized_t CL_IsCgameInitialized = CL_IsCgameInitialized_t(0x43EB20); CL_ConnectFromParty_t CL_ConnectFromParty = CL_ConnectFromParty_t(0x433D30); diff --git a/src/Game/Functions.hpp b/src/Game/Functions.hpp index 48d738e0..af4837f4 100644 --- a/src/Game/Functions.hpp +++ b/src/Game/Functions.hpp @@ -29,6 +29,12 @@ namespace Game typedef int(__cdecl * CG_GetClientNum_t)(); extern CG_GetClientNum_t CG_GetClientNum; + typedef std::int32_t(__cdecl* CG_PlayBoltedEffect_t) (std::int32_t, FxEffectDef*, std::int32_t, std::uint32_t); + extern CG_PlayBoltedEffect_t CG_PlayBoltedEffect; + + typedef std::int32_t(__cdecl* CG_GetBoneIndex_t)(std::int32_t, std::uint32_t name, char* index); + extern CG_GetBoneIndex_t CG_GetBoneIndex; + typedef char*(__cdecl * CL_GetClientName_t)(int localClientNum, int index, char *buf, size_t size); extern CL_GetClientName_t CL_GetClientName; diff --git a/src/STDInclude.hpp b/src/STDInclude.hpp index 5f5c297a..d44062dd 100644 --- a/src/STDInclude.hpp +++ b/src/STDInclude.hpp @@ -8,6 +8,7 @@ #define _HAS_CXX17 1 #define VC_EXTRALEAN #define WIN32_LEAN_AND_MEAN +#define _CRT_SECURE_NO_WARNINGS // Requires Visual Leak Detector plugin: http://vld.codeplex.com/ #define VLD_FORCE_ENABLE @@ -90,6 +91,17 @@ template class Sizer { }; #undef min #endif +// VMProtect +// #define USE_VMP +#ifdef USE_VMP +#include +#define __VMProtectBeginUltra VMProtectBeginUltra +#define __VMProtectEnd VMProtectEnd() +#else +#define __VMProtectBeginUltra +#define __VMProtectEnd +#endif + // Protobuf #include "proto/network.pb.h" #include "proto/party.pb.h"