From daa87d2a504dec754044462dd5edc42adacdf210 Mon Sep 17 00:00:00 2001 From: momo5502 Date: Mon, 29 Feb 2016 15:49:27 +0100 Subject: [PATCH] Protect .text segment --- src/Components/Modules/AntiCheat.cpp | 3 +-- src/Components/Modules/Colors.cpp | 2 +- src/Main.cpp | 4 +++- src/Utils/Hooking.cpp | 6 ++++++ src/Utils/Hooking.hpp | 20 ++++++++++++++++++++ 5 files changed, 31 insertions(+), 4 deletions(-) diff --git a/src/Components/Modules/AntiCheat.cpp b/src/Components/Modules/AntiCheat.cpp index 7e08e308..ee7299d6 100644 --- a/src/Components/Modules/AntiCheat.cpp +++ b/src/Components/Modules/AntiCheat.cpp @@ -51,8 +51,7 @@ namespace Components lastCheck = Game::Com_Milliseconds(); // Get base module - const uint8_t* module = reinterpret_cast(GetModuleHandle(NULL)); - std::string hash = Utils::Cryptography::SHA512::Compute(module + 0x1000, 0x2D6000, false); + std::string hash = Utils::Cryptography::SHA512::Compute(reinterpret_cast(GetModuleHandle(NULL)) + 0x1000, 0x2D6000, false); // Set the hash, if none is set if (AntiCheat::Hash.empty()) diff --git a/src/Components/Modules/Colors.cpp b/src/Components/Modules/Colors.cpp index 6072a7d6..a2769e39 100644 --- a/src/Components/Modules/Colors.cpp +++ b/src/Components/Modules/Colors.cpp @@ -206,7 +206,7 @@ namespace Components Colors::Colors() { // Disable SV_UpdateUserinfo_f, to block changing the name ingame - *(BYTE*)0x6258D0 = 0xC3; + Utils::Hook::Set(0x6258D0, 0xC3); // Allow colored names ingame Utils::Hook(0x5D8B40, Colors::ClientUserinfoChanged, HOOK_JUMP).Install()->Quick(); diff --git a/src/Main.cpp b/src/Main.cpp index cf5cafcb..dcb88fbe 100644 --- a/src/Main.cpp +++ b/src/Main.cpp @@ -43,7 +43,9 @@ BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReser } DWORD oldProtect; - VirtualProtect(GetModuleHandle(NULL), 0x6C73000, PAGE_EXECUTE_READWRITE, &oldProtect); + uint8_t* module = reinterpret_cast(GetModuleHandle(NULL)); + VirtualProtect(module, 0x6C73000, PAGE_EXECUTE_READWRITE, &oldProtect); // Unprotect the entire process + VirtualProtect(module + 0x1000, 0x2D6000, PAGE_EXECUTE_READ, &oldProtect); // Protect the .text segment Main::EntryPointHook.Initialize(0x6BAC0F, [] () { diff --git a/src/Utils/Hooking.cpp b/src/Utils/Hooking.cpp index 67407574..e887bca0 100644 --- a/src/Utils/Hooking.cpp +++ b/src/Utils/Hooking.cpp @@ -104,7 +104,13 @@ namespace Utils void Hook::Nop(void* place, size_t length) { + DWORD oldProtect; + VirtualProtect(place, length, PAGE_EXECUTE_READWRITE, &oldProtect); + memset(place, 0x90, length); + + VirtualProtect(place, length, oldProtect, &oldProtect); + FlushInstructionCache(GetCurrentProcess(), place, length); } void Hook::Nop(DWORD place, size_t length) diff --git a/src/Utils/Hooking.hpp b/src/Utils/Hooking.hpp index 6c6e352c..d7a28930 100644 --- a/src/Utils/Hooking.hpp +++ b/src/Utils/Hooking.hpp @@ -49,7 +49,12 @@ namespace Utils template static void Set(void* place, T value) { + DWORD oldProtect; + VirtualProtect(place, sizeof(T), PAGE_EXECUTE_READWRITE, &oldProtect); + *static_cast(place) = value; + + VirtualProtect(place, sizeof(T), oldProtect, &oldProtect); FlushInstructionCache(GetCurrentProcess(), place, sizeof(T)); } @@ -60,7 +65,12 @@ namespace Utils template static void Xor(void* place, T value) { + DWORD oldProtect; + VirtualProtect(place, sizeof(T), PAGE_EXECUTE_READWRITE, &oldProtect); + *static_cast(place) ^= value; + + VirtualProtect(place, sizeof(T), oldProtect, &oldProtect); FlushInstructionCache(GetCurrentProcess(), place, sizeof(T)); } @@ -71,7 +81,12 @@ namespace Utils template static void Or(void* place, T value) { + DWORD oldProtect; + VirtualProtect(place, sizeof(T), PAGE_EXECUTE_READWRITE, &oldProtect); + *static_cast(place) |= value; + + VirtualProtect(place, sizeof(T), oldProtect, &oldProtect); FlushInstructionCache(GetCurrentProcess(), place, sizeof(T)); } @@ -82,7 +97,12 @@ namespace Utils template static void And(void* place, T value) { + DWORD oldProtect; + VirtualProtect(place, sizeof(T), PAGE_EXECUTE_READWRITE, &oldProtect); + *static_cast(place) &= value; + + VirtualProtect(place, sizeof(T), oldProtect, &oldProtect); FlushInstructionCache(GetCurrentProcess(), place, sizeof(T)); }