Anticheat fixes and aimbot detection

2016-08-08 01:57:00 +02:00 · 2016-08-08 01:57:00 +02:00 · b0df3e0e21
commit b0df3e0e21
parent 4fc7de502a
19 changed files with 710 additions and 695 deletions
--- a/src/Components/Modules/AntiCheat.cpp
+++ b/src/Components/Modules/AntiCheat.cpp
@ -9,7 +9,7 @@ namespace Components
 	// This function does nothing, it only adds the two passed variables and returns the value
 	// The only important thing it does is to clean the first parameter, and then return
 	// By returning, the crash procedure will be called, as it hasn't been cleaned from the stack
-	void __declspec(naked) AntiCheat::NullSub()
+	__declspec(naked) void AntiCheat::NullSub()
 	{
 		__asm
 		{
@ -28,7 +28,8 @@ namespace Components
 		}
 	}

-	void __declspec(naked) AntiCheat::CrashClient()
+#if 0
+	__declspec(naked) void AntiCheat::CrashClient()
 	{
 		static uint8_t crashProcedure[] =
 		{
@ -83,26 +84,20 @@ namespace Components
 			jmp AntiCheat::NullSub
 		}
 	}
+#endif

-	void AntiCheat::AssertLibraryCall(void* callee)
+	void AntiCheat::CrashClient()
 	{
-		HMODULE hModuleSelf = nullptr;
-		GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, reinterpret_cast<char*>(AntiCheat::AssertLibraryCall), &hModuleSelf);
-
-		AntiCheat::AssertModuleCall(hModuleSelf, callee);
+		Utils::Hook::Set<BYTE>(0x41BA2C, 0xEB);
 	}

-	void AntiCheat::AssertProcessCall(void* callee)
+	void AntiCheat::AssertCalleeModule(void* callee)
 	{
-		AntiCheat::AssertModuleCall(GetModuleHandle(NULL), callee);
-	}
-
-	void AntiCheat::AssertModuleCall(HMODULE module, void* callee)
-	{
-		HMODULE hModuleTarget = nullptr;
+		HMODULE hModuleSelf = nullptr, hModuleTarget = nullptr, hModuleProcess = GetModuleHandleA(NULL);
 		GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, reinterpret_cast<char*>(callee), &hModuleTarget);
+		GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, reinterpret_cast<char*>(AntiCheat::AssertCalleeModule), &hModuleSelf);

-		if (!module || !hModuleTarget || module != hModuleTarget)
+		if (!hModuleSelf || !hModuleTarget || !hModuleProcess || (hModuleTarget != hModuleSelf &&hModuleTarget != hModuleProcess))
 		{
 			//AntiCheat::CrashClient();
 			AntiCheat::Hash.append("\0", 1);
@ -110,12 +105,12 @@ namespace Components
 	}

 	// This has to be called when doing .text changes during runtime
-	void AntiCheat::EmptyHash()
+	__declspec(noinline) void AntiCheat::EmptyHash()
 	{
 		AntiCheat::LastCheck = 0;
 		AntiCheat::Hash.clear();

-		AntiCheat::AssertLibraryCall(_ReturnAddress());
+		AntiCheat::AssertCalleeModule(_ReturnAddress());
 	}

 	void AntiCheat::InitLoadLibHook()
@ -255,7 +250,7 @@ namespace Components
 		AntiCheat::InstallLibHook();
 	}

-	void __declspec(naked) AntiCheat::CinematicStub()
+	__declspec(naked) void AntiCheat::CinematicStub()
 	{
 		__asm
 		{
@ -273,14 +268,34 @@ namespace Components
 		}
 	}

-	void __declspec(naked) AntiCheat::AimTargetGetTagPosStub()
+	__declspec(naked) void AntiCheat::DObjGetWorldTagPosStub()
+	{
+		__asm
+		{
+			pushad
+			push[esp + 20h]
+
+			call AntiCheat::AssertCalleeModule
+
+			pop esi
+			popad
+
+			push ecx
+			mov ecx, [esp + 10h]
+
+			push 426585h
+			retn
+		}
+	}
+
+	__declspec(naked) void AntiCheat::AimTargetGetTagPosStub()
 	{
 		__asm
 		{
 			pushad
 			push [esp + 20h]

-			call AntiCheat::AssertProcessCall
+			call AntiCheat::AssertCalleeModule

 			pop esi
 			popad
@ -311,8 +326,9 @@ namespace Components
 		Utils::Hook(0x418204, AntiCheat::SoundInitDriverStub, HOOK_CALL).Install()->Quick();
 		QuickPatch::OnFrame(AntiCheat::Frame);

-		// Check AimTarget_GetTagPos
-		//Utils::Hook(0x56AC60, AntiCheat::AimTargetGetTagPosStub, HOOK_JUMP).Install()->Quick();
+		// Detect aimbots
+		Utils::Hook(0x426580, AntiCheat::DObjGetWorldTagPosStub, HOOK_JUMP).Install()->Quick();
+		Utils::Hook(0x56AC60, AntiCheat::AimTargetGetTagPosStub, HOOK_JUMP).Install()->Quick();

 		// TODO: Probably move that :P
 		AntiCheat::InitLoadLibHook();
--- a/src/Components/Modules/AntiCheat.hpp
+++ b/src/Components/Modules/AntiCheat.hpp
@ -27,9 +27,7 @@ namespace Components

 		static void NullSub();

-		static void AssertLibraryCall(void* callee);
-		static void AssertProcessCall(void* callee);
-		static void AssertModuleCall(HMODULE module, void* callee);
+		static void AssertCalleeModule(void* callee);

 		static void UninstallLibHook();
 		static void InstallLibHook();
@ -44,6 +42,7 @@ namespace Components
 		static void SoundInitStub(int a1, int a2, int a3);
 		static void SoundInitDriverStub();

+		static void DObjGetWorldTagPosStub();
 		static void AimTargetGetTagPosStub();

 		static Utils::Hook LoadLibHook[4];
--- a/src/Components/Modules/AssetHandler.cpp
+++ b/src/Components/Modules/AssetHandler.cpp
@ -64,7 +64,7 @@ namespace Components
 		return header;
 	}

-	void __declspec(naked) AssetHandler::FindAssetStub()
+	__declspec(naked) void AssetHandler::FindAssetStub()
 	{
 		__asm
 		{
@ -122,7 +122,7 @@ namespace Components
 		return (!restrict);
 	}

-	void __declspec(naked) AssetHandler::AddAssetStub()
+	__declspec(naked) void AssetHandler::AddAssetStub()
 	{
 		__asm
 		{
--- a/src/Components/Modules/Auth.cpp
+++ b/src/Components/Modules/Auth.cpp
@ -152,7 +152,7 @@ namespace Components
 		}
 	}

-	void __declspec(naked) Auth::DirectConnectStub()
+	__declspec(naked) void Auth::DirectConnectStub()
 	{
 		__asm
 		{
--- a/src/Components/Modules/Colors.cpp
+++ b/src/Components/Modules/Colors.cpp
@ -86,7 +86,7 @@ namespace Components
 		return std::string(buffer);
 	}

-	void __declspec(naked) Colors::ClientUserinfoChanged()
+	__declspec(naked) void Colors::ClientUserinfoChanged()
 	{
 		__asm
 		{
@ -190,7 +190,7 @@ namespace Components
 		return string;
 	}

-	void __declspec(naked) Colors::LookupColorStub()
+	__declspec(naked) void Colors::LookupColorStub()
 	{
 		__asm
 		{
--- a/src/Components/Modules/Console.cpp
+++ b/src/Components/Modules/Console.cpp
@ -433,7 +433,7 @@ namespace Components
 		ExitProcess(1);
 	}

-	void __declspec(naked) Console::DrawSolidConsoleStub()
+	__declspec(naked) void Console::DrawSolidConsoleStub()
 	{
 		__asm
 		{
--- a/src/Components/Modules/Dedicated.cpp
+++ b/src/Components/Modules/Dedicated.cpp
@ -48,7 +48,7 @@ namespace Components
 		Utils::Hook::Call<void()>(0x60C3D0)();
 	}

-	void __declspec(naked) Dedicated::PostInitializationStub()
+	__declspec(naked) void Dedicated::PostInitializationStub()
 	{
 		__asm
 		{
@ -74,7 +74,7 @@ namespace Components
 		return text;
 	}

-	void __declspec(naked) Dedicated::PreSayStub()
+	__declspec(naked) void Dedicated::PreSayStub()
 	{
 		__asm
 		{
@ -90,7 +90,7 @@ namespace Components
 		}
 	}

-	void __declspec(naked) Dedicated::PostSayStub()
+	__declspec(naked) void Dedicated::PostSayStub()
 	{
 		__asm
 		{
--- a/src/Components/Modules/FileSystem.cpp
+++ b/src/Components/Modules/FileSystem.cpp
@ -113,7 +113,7 @@ namespace Components
 		FileSystem::RegisterFolder("userraw");
 	}

-	void __declspec(naked) FileSystem::StartupStub()
+	__declspec(naked) void FileSystem::StartupStub()
 	{
 		__asm
 		{
--- a/src/Components/Modules/Logger.cpp
+++ b/src/Components/Modules/Logger.cpp
@ -108,7 +108,7 @@ namespace Components
 		}
 	}

-	void __declspec(naked) Logger::PrintMessageStub()
+	__declspec(naked) void Logger::PrintMessageStub()
 	{
 		__asm
 		{
--- a/src/Components/Modules/Materials.cpp
+++ b/src/Components/Modules/Materials.cpp
@ -4,7 +4,7 @@ namespace Components
 {
 	Utils::Hook Materials::ImageVersionCheckHook;

-	void __declspec(naked) Materials::ImageVersionCheck()
+	__declspec(naked) void Materials::ImageVersionCheck()
 	{
 		__asm
 		{
@ -30,7 +30,7 @@ namespace Components
 		return Game::DB_FindXAssetHeader(Game::XAssetType::ASSET_TYPE_MATERIAL, "default").material;
 	}

-	void __declspec(naked) Materials::DrawMaterialStub()
+	__declspec(naked) void Materials::DrawMaterialStub()
 	{
 		__asm
 		{
--- a/src/Components/Modules/Network.cpp
+++ b/src/Components/Modules/Network.cpp
@ -278,7 +278,7 @@ namespace Components
 		Network::StartupSignal();
 	}

-	void __declspec(naked) Network::NetworkStartStub()
+	__declspec(naked) void Network::NetworkStartStub()
 	{
 		__asm 
 		{
@ -288,7 +288,7 @@ namespace Components
 		}
 	}

-	void __declspec(naked) Network::DeployPacketStub()
+	__declspec(naked) void Network::DeployPacketStub()
 	{
 		__asm
 		{
--- a/src/Components/Modules/Renderer.cpp
+++ b/src/Components/Modules/Renderer.cpp
@ -7,7 +7,7 @@ namespace Components
 	wink::signal<wink::slot<Renderer::Callback>> Renderer::FrameOnceSignal;
 	wink::signal<wink::slot<Renderer::BackendCallback>> Renderer::BackendFrameSignal;

-	void __declspec(naked) Renderer::FrameStub()
+	__declspec(naked) void Renderer::FrameStub()
 	{
 		__asm
 		{
@ -23,7 +23,7 @@ namespace Components
 		Renderer::FrameOnceSignal.clear();
 	}

-	void __declspec(naked) Renderer::BackendFrameStub()
+	__declspec(naked) void Renderer::BackendFrameStub()
 	{
 		__asm
 		{
--- a/src/Components/Modules/Script.cpp
+++ b/src/Components/Modules/Script.cpp
@ -21,7 +21,7 @@ namespace Components
 		Logger::Error(5, "script compile error\nunknown function %s\n%s\n\n", funcName.data(), Script::ScriptName.data());
 	}

-	void __declspec(naked) Script::StoreFunctionNameStub()
+	__declspec(naked) void Script::StoreFunctionNameStub()
 	{
 		__asm
 		{
@ -48,7 +48,7 @@ namespace Components
 		}
 	}

-	void __declspec(naked) Script::StoreScriptNameStub()
+	__declspec(naked) void Script::StoreScriptNameStub()
 	{
 		__asm
 		{
@ -71,7 +71,7 @@ namespace Components
 		Script::ScriptNameStack.pop_back();
 	}

-	void __declspec(naked) Script::RestoreScriptNameStub()
+	__declspec(naked) void Script::RestoreScriptNameStub()
 	{
 		__asm
 		{
--- a/src/Components/Modules/ServerInfo.cpp
+++ b/src/Components/Modules/ServerInfo.cpp
@ -88,7 +88,7 @@ namespace Components
 		Game::UI_DrawText(cxt, addressText.data(), 0x7FFFFFFF, font, x2 - Game::UI_TextWidth(addressText.data(), 0, font, fontSize), y, 0, 0, fontSize, reinterpret_cast<float*>(0x747F34), 3);
 	}

-	void __declspec(naked) ServerInfo::DrawScoreboardStub()
+	__declspec(naked) void ServerInfo::DrawScoreboardStub()
 	{
 		__asm 
 		{
--- a/src/Components/Modules/Theatre.cpp
+++ b/src/Components/Modules/Theatre.cpp
@ -30,7 +30,7 @@ namespace Components
 		std::memcpy(Theatre::BaselineSnapshot, *reinterpret_cast<DWORD**>(snapshotMsg + 8), *reinterpret_cast<DWORD*>(snapshotMsg + 20));
 	}

-	void __declspec(naked) Theatre::BaselineStoreStub()
+	__declspec(naked) void Theatre::BaselineStoreStub()
 	{
 		_asm
 		{
@ -79,7 +79,7 @@ namespace Components
 		}
 	}

-	void __declspec(naked) Theatre::BaselineToFileStub()
+	__declspec(naked) void Theatre::BaselineToFileStub()
 	{
 		__asm
 		{
@ -95,7 +95,7 @@ namespace Components
 		}
 	}

-	void __declspec(naked) Theatre::AdjustTimeDeltaStub()
+	__declspec(naked) void Theatre::AdjustTimeDeltaStub()
 	{
 		__asm
 		{
@ -113,7 +113,7 @@ namespace Components
 		}
 	}

-	void __declspec(naked) Theatre::ServerTimedOutStub()
+	__declspec(naked) void Theatre::ServerTimedOutStub()
 	{
 		__asm
 		{
@ -132,7 +132,7 @@ namespace Components
 		}
 	}

-	void __declspec(naked) Theatre::UISetActiveMenuStub()
+	__declspec(naked) void Theatre::UISetActiveMenuStub()
 	{
 		__asm
 		{
--- a/src/Components/Modules/UIFeeder.cpp
+++ b/src/Components/Modules/UIFeeder.cpp
@ -47,7 +47,7 @@ namespace Components
 		return (UIFeeder::Feeders.find(UIFeeder::Current.Feeder) != UIFeeder::Feeders.end());
 	}

-	void __declspec(naked) UIFeeder::SetItemSelectionStub()
+	__declspec(naked) void UIFeeder::SetItemSelectionStub()
 	{
 		__asm
 		{
@ -72,7 +72,7 @@ namespace Components
 		}
 	}

-	void __declspec(naked) UIFeeder::GetItemTextStub()
+	__declspec(naked) void UIFeeder::GetItemTextStub()
 	{
 		__asm
 		{
@ -105,7 +105,7 @@ namespace Components
 		}
 	}

-	void __declspec(naked) UIFeeder::GetItemCountStub()
+	__declspec(naked) void UIFeeder::GetItemCountStub()
 	{
 		__asm
 		{
@ -128,7 +128,7 @@ namespace Components
 		}
 	}

-	void __declspec(naked) UIFeeder::HandleKeyStub()
+	__declspec(naked) void UIFeeder::HandleKeyStub()
 	{
 		static int NextClickTime = 0;

@ -191,7 +191,7 @@ namespace Components
 		}
 	}

-	void __declspec(naked) UIFeeder::MouseEnterStub()
+	__declspec(naked) void UIFeeder::MouseEnterStub()
 	{
 		__asm
 		{
@ -211,7 +211,7 @@ namespace Components
 		}
 	}

-	void __declspec(naked) UIFeeder::MouseSelectStub()
+	__declspec(naked) void UIFeeder::MouseSelectStub()
 	{
 		__asm
 		{
@ -231,7 +231,7 @@ namespace Components
 		}
 	}

-	void __declspec(naked) UIFeeder::PlaySoundStub()
+	__declspec(naked) void UIFeeder::PlaySoundStub()
 	{
 		__asm
 		{
--- a/src/Components/Modules/UIScript.cpp
+++ b/src/Components/Modules/UIScript.cpp
@ -90,7 +90,7 @@ namespace Components
 		Utils::Hook::Call<void(int, int, float*, int)>(0x4F58A0)(ownerDraw, flags, special, key);
 	}

-	void __declspec(naked) UIScript::RunMenuScriptStub()
+	__declspec(naked) void UIScript::RunMenuScriptStub()
 	{
 		__asm
 		{
--- a/src/Components/Modules/Window.cpp
+++ b/src/Components/Modules/Window.cpp
@ -66,7 +66,7 @@ namespace Components
 		return Window::NoBorder.Get<bool>();
 	}

-	void __declspec(naked) Window::StyleHookStub()
+	__declspec(naked) void Window::StyleHookStub()
 	{
 		__asm
 		{
--- a/src/Utils/Hooking.cpp
+++ b/src/Utils/Hooking.cpp
@ -56,7 +56,7 @@ namespace Utils
 		*place = Hook::Interceptor::InterceptionStub;
 	}

-	void __declspec(naked) Hook::Interceptor::InterceptionStub()
+	__declspec(naked) void Hook::Interceptor::InterceptionStub()
 	{
 		__asm
 		{