Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <windows.h>
- #include <tlhelp32.h>
- #include <fstream>
- #include <iostream>
- #include <string>
- #include <vector>
- #include <psapi.h>
- // Определения структур и констант
- #define IMAGE_REL_BASED_DIR64 10
- typedef ULONGLONG QWORD;
- typedef struct _BASE_RELOCATION_ENTRY {
- USHORT Offset : 12;
- USHORT Type : 4;
- } BASE_RELOCATION_ENTRY, *PBASE_RELOCATION_ENTRY;
- struct MANUAL_MAPPING_DATA {
- PVOID ImageBase;
- PVOID EntryPoint;
- };
- // Глобальные настройки
- const std::wstring TARGET_PROCESS = L"RainbowSix_DX11.exe";
- const std::string DLL_PATH = "C:\\Downloads\\d3d11hook_[unknowncheats.me]_.dll";
- const std::string LOG_FILE = "C:\\Downloads\\injector.log";
- // Функция логирования
- void Log(const std::string& message) {
- std::ofstream log(LOG_FILE, std::ios::app);
- if (log) {
- log << "[" << __TIME__ << "] " << message << std::endl;
- }
- }
- // Проверка прав администратора
- bool IsElevated() {
- HANDLE hToken;
- if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
- return false;
- TOKEN_ELEVATION elevation;
- DWORD cbSize = sizeof(TOKEN_ELEVATION);
- bool result = GetTokenInformation(hToken, TokenElevation, &elevation, sizeof(elevation), &cbSize);
- CloseHandle(hToken);
- return result && elevation.TokenIsElevated;
- }
- DWORD GetProcessIdByName(const std::wstring& processName) {
- DWORD processId = 0;
- HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
- if (snapshot == INVALID_HANDLE_VALUE) {
- Log("Snapshot error: " + std::to_string(GetLastError()));
- return 0;
- }
- PROCESSENTRY32W entry = { sizeof(PROCESSENTRY32W) };
- if (Process32FirstW(snapshot, &entry)) {
- do {
- if (processName == entry.szExeFile) {
- processId = entry.th32ProcessID;
- break;
- }
- } while (Process32NextW(snapshot, &entry));
- }
- CloseHandle(snapshot);
- return processId;
- }
- void ApplyRelocations(PIMAGE_NT_HEADERS64 pNtHeaders, PVOID base, ULONGLONG delta) {
- if (delta == 0) return;
- auto dir = &pNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC];
- if (dir->Size == 0) return;
- auto reloc = (PIMAGE_BASE_RELOCATION)((ULONGLONG)base + dir->VirtualAddress);
- while (reloc->VirtualAddress > 0) {
- ULONGLONG relocAddr = (ULONGLONG)base + reloc->VirtualAddress;
- UINT numEntries = (reloc->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(WORD);
- auto entries = (PBASE_RELOCATION_ENTRY)(reloc + 1);
- for (UINT i = 0; i < numEntries; i++) {
- if (entries[i].Type == IMAGE_REL_BASED_DIR64) {
- ULONGLONG* patchAddr = (ULONGLONG*)(relocAddr + entries[i].Offset);
- *patchAddr += delta;
- }
- }
- reloc = (PIMAGE_BASE_RELOCATION)((ULONGLONG)reloc + reloc->SizeOfBlock);
- }
- }
- bool ResolveImports(HANDLE hProcess, PIMAGE_NT_HEADERS64 pNtHeaders, PVOID base) {
- auto dir = &pNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT];
- if (dir->Size == 0) return true;
- auto importDesc = (PIMAGE_IMPORT_DESCRIPTOR)((ULONGLONG)base + dir->VirtualAddress);
- while (importDesc->Name) {
- char* moduleName = (char*)((ULONGLONG)base + importDesc->Name);
- HMODULE hModule = GetModuleHandleA(moduleName);
- if (!hModule) {
- hModule = LoadLibraryA(moduleName);
- if (!hModule) return false;
- }
- auto thunk = (PIMAGE_THUNK_DATA64)((ULONGLONG)base + importDesc->FirstThunk);
- while (thunk->u1.AddressOfData) {
- if (IMAGE_SNAP_BY_ORDINAL64(thunk->u1.Ordinal)) {
- auto proc = GetProcAddress(hModule, (LPCSTR)IMAGE_ORDINAL64(thunk->u1.Ordinal));
- if (!proc) return false;
- thunk->u1.Function = (ULONGLONG)proc;
- }
- else {
- auto import = (PIMAGE_IMPORT_BY_NAME)((ULONGLONG)base + thunk->u1.AddressOfData);
- auto proc = GetProcAddress(hModule, import->Name);
- if (!proc) return false;
- thunk->u1.Function = (ULONGLONG)proc;
- }
- thunk++;
- }
- importDesc++;
- }
- return true;
- }
- HANDLE OpenTargetProcess(DWORD pid) {
- HANDLE hProcess = OpenProcess(
- PROCESS_VM_OPERATION |
- PROCESS_VM_WRITE |
- PROCESS_CREATE_THREAD |
- PROCESS_QUERY_INFORMATION,
- FALSE,
- pid
- );
- if (!hProcess) {
- Log("OpenProcess failed: " + std::to_string(GetLastError()));
- return NULL;
- }
- // Проверка архитектуры
- BOOL isTargetWow64 = FALSE;
- IsWow64Process(hProcess, &isTargetWow64);
- if (isTargetWow64) {
- Log("Target process is 32-bit");
- CloseHandle(hProcess);
- return NULL;
- }
- return hProcess;
- }
- bool ManualMap(HANDLE hProcess, const std::string& dllPath) {
- Log("Starting manual mapping...");
- HANDLE hFile = CreateFileA(dllPath.c_str(), GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
- if (hFile == INVALID_HANDLE_VALUE) {
- Log("CreateFile failed: " + std::to_string(GetLastError()));
- return false;
- }
- DWORD fileSize = GetFileSize(hFile, NULL);
- std::vector<BYTE> dllData(fileSize);
- DWORD bytesRead;
- if (!ReadFile(hFile, dllData.data(), fileSize, &bytesRead, NULL)) {
- Log("ReadFile failed: " + std::to_string(GetLastError()));
- CloseHandle(hFile);
- return false;
- }
- CloseHandle(hFile);
- auto pDosHeader = (PIMAGE_DOS_HEADER)dllData.data();
- if (pDosHeader->e_magic != IMAGE_DOS_SIGNATURE) {
- Log("Invalid DOS header");
- return false;
- }
- auto pNtHeaders = (PIMAGE_NT_HEADERS64)((ULONGLONG)dllData.data() + pDosHeader->e_lfanew);
- if (pNtHeaders->Signature != IMAGE_NT_SIGNATURE ||
- pNtHeaders->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
- Log("Invalid NT header");
- return false;
- }
- PVOID remoteBase = VirtualAllocEx(hProcess,
- (PVOID)pNtHeaders->OptionalHeader.ImageBase,
- pNtHeaders->OptionalHeader.SizeOfImage,
- MEM_COMMIT | MEM_RESERVE,
- PAGE_EXECUTE_READWRITE);
- if (!remoteBase) {
- remoteBase = VirtualAllocEx(hProcess,
- NULL,
- pNtHeaders->OptionalHeader.SizeOfImage,
- MEM_COMMIT | MEM_RESERVE,
- PAGE_EXECUTE_READWRITE);
- if (!remoteBase) {
- Log("Memory allocation failed: " + std::to_string(GetLastError()));
- return false;
- }
- }
- Log("Memory allocated at: 0x" + std::to_string(reinterpret_cast<ULONGLONG>(remoteBase)));
- // Запись PE-заголовков
- if (!WriteProcessMemory(hProcess, remoteBase, dllData.data(),
- pNtHeaders->OptionalHeader.SizeOfHeaders, NULL)) {
- Log("Failed to write headers");
- VirtualFreeEx(hProcess, remoteBase, 0, MEM_RELEASE);
- return false;
- }
- // Запись секций
- auto pSection = IMAGE_FIRST_SECTION(pNtHeaders);
- for (WORD i = 0; i < pNtHeaders->FileHeader.NumberOfSections; ++i, ++pSection) {
- PVOID secDest = reinterpret_cast<BYTE*>(remoteBase) + pSection->VirtualAddress;
- if (!WriteProcessMemory(hProcess, secDest,
- dllData.data() + pSection->PointerToRawData,
- pSection->SizeOfRawData, NULL)) {
- Log("Failed to write section: " + std::string(reinterpret_cast<char*>(pSection->Name)));
- VirtualFreeEx(hProcess, remoteBase, 0, MEM_RELEASE);
- return false;
- }
- }
- // Релокации
- ULONGLONG delta = reinterpret_cast<ULONGLONG>(remoteBase) - pNtHeaders->OptionalHeader.ImageBase;
- ApplyRelocations(pNtHeaders, remoteBase, delta);
- // Разрешение импортов
- if (!ResolveImports(hProcess, pNtHeaders, remoteBase)) {
- Log("Import resolution failed");
- VirtualFreeEx(hProcess, remoteBase, 0, MEM_RELEASE);
- return false;
- }
- // Установка защиты памяти
- pSection = IMAGE_FIRST_SECTION(pNtHeaders);
- for (WORD i = 0; i < pNtHeaders->FileHeader.NumberOfSections; ++i, ++pSection) {
- DWORD oldProtect;
- DWORD protect = 0;
- if (pSection->Characteristics & IMAGE_SCN_MEM_EXECUTE) {
- protect = (pSection->Characteristics & IMAGE_SCN_MEM_WRITE)
- ? PAGE_EXECUTE_READWRITE
- : PAGE_EXECUTE_READ;
- }
- else if (pSection->Characteristics & IMAGE_SCN_MEM_WRITE) {
- protect = PAGE_READWRITE;
- }
- else {
- protect = PAGE_READONLY;
- }
- VirtualProtectEx(hProcess,
- reinterpret_cast<BYTE*>(remoteBase) + pSection->VirtualAddress,
- pSection->Misc.VirtualSize,
- protect,
- &oldProtect);
- }
- // Создание потока
- MANUAL_MAPPING_DATA mappingData = {
- remoteBase,
- reinterpret_cast<PVOID>(reinterpret_cast<ULONGLONG>(remoteBase) +
- pNtHeaders->OptionalHeader.AddressOfEntryPoint)
- };
- HANDLE hThread = CreateRemoteThread(hProcess,
- NULL,
- 0,
- reinterpret_cast<LPTHREAD_START_ROUTINE>(mappingData.EntryPoint),
- mappingData.ImageBase,
- 0,
- NULL);
- if (!hThread) {
- Log("Thread creation failed: " + std::to_string(GetLastError()));
- VirtualFreeEx(hProcess, remoteBase, 0, MEM_RELEASE);
- return false;
- }
- WaitForSingleObject(hThread, INFINITE);
- CloseHandle(hThread);
- Log("Manual mapping completed successfully");
- return true;
- }
- int main() {
- if (!IsElevated()) {
- MessageBoxA(NULL, "Запустите программу от имени администратора", "Ошибка", MB_ICONERROR);
- return 1;
- }
- // Вариант 1: Запуск через инжектор
- STARTUPINFOW si = { sizeof(si) };
- PROCESS_INFORMATION pi;
- if (CreateProcessW(
- L"D:\\Games\\Tom Clancy's Rainbow Six Siege\\RainbowSix_DX11.exe",
- NULL, NULL, NULL, FALSE,
- CREATE_SUSPENDED,
- NULL, NULL, &si, &pi))
- {
- Log("Process created in suspended state");
- if (ManualMap(pi.hProcess, DLL_PATH)) {
- Log("Resuming main thread");
- ResumeThread(pi.hThread);
- CloseHandle(pi.hThread);
- CloseHandle(pi.hProcess);
- return 0;
- }
- }
- // Вариант 2: Инжекция в уже запущенный процесс
- DWORD pid = GetProcessIdByName(TARGET_PROCESS);
- if (!pid) {
- Log("Process not found");
- return 1;
- }
- HANDLE hProcess = OpenTargetProcess(pid);
- if (!hProcess) {
- return 1;
- }
- if (!ManualMap(hProcess, DLL_PATH)) {
- Log("Injection failed");
- CloseHandle(hProcess);
- return 1;
- }
- CloseHandle(hProcess);
- Log("Injection succeeded");
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
