diff --git a/gdkeinj/src/lib.rs b/gdkeinj/src/lib.rs index 90aaa1c..8f76169 100644 --- a/gdkeinj/src/lib.rs +++ b/gdkeinj/src/lib.rs @@ -9,9 +9,9 @@ use poggers::{ use retour::static_detour; // *const i32, *const i32, *const i32, bool -type open_and_parse_t = unsafe extern "fastcall" fn(*const i32, *const i32, *const i32, bool) -> (); +type open_and_parse_t = unsafe extern "fastcall" fn(*const i32, *const i32, *const u8, bool) -> (); static_detour! { - pub static OpenAndParse: unsafe extern "fastcall" fn(*const i32, *const i32, *const i32, bool) -> (); + pub static OpenAndParse: unsafe extern "fastcall" fn(*const i32, *const i32, *const u8, bool) -> (); } #[poggers_derive::create_entry(no_free)] @@ -29,7 +29,6 @@ pub fn main() { let modd = proc.get_base_module().unwrap(); println!("sending data, waiting for sig ver"); - std::thread::sleep(Duration::from_secs(2)); sock.send(&buf); let mut sig_type = [0; 4]; @@ -42,20 +41,19 @@ pub fn main() { let mut addr_offset = [0; 4]; unsafe { std::ptr::copy(ptr_to_fn, addr_offset.as_mut_ptr(), 4) }; let by = i32::from_ne_bytes(addr_offset); - println!("addr offset = {:x?}", addr_offset); let fn_ptr = (addr + by as isize + 5) as *const c_void; println!("fnptr = {:x?}", fn_ptr); - println!("sig found: {:x} {:p}", addr, ptr_to_fn); + println!("sig found: {:x} ", addr); let sock2 = sock.try_clone().unwrap(); unsafe { let open_and_parse = std::mem::transmute::(fn_ptr as isize); let opp = OpenAndParse .initialize(open_and_parse, move |this, base, key, mode| { - println!("open and parse called {key:?}"); - let mut key: *const u8 = std::ptr::null(); - // std::arch::asm!("mov {}, r8", out(reg) key); - // println!("key = {:?}", key); + let mut read_key = [0u8; 32]; + let ptr_to_key = (key as usize + 8) as *const *const u8; + std::ptr::copy(*ptr_to_key, read_key.as_mut_ptr(), 32); + sock2.send(read_key.as_slice()); }) .unwrap(); opp.enable(); diff --git a/src/lib.rs b/src/lib.rs index 9d6d9b9..baccfbe 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -6,6 +6,7 @@ use std::{ io::Read, mem::{size_of, transmute}, net::UdpSocket, + path::Path, ptr::{addr_of, null, null_mut}, time::Duration, }; @@ -39,6 +40,10 @@ fn create_pstr(c_str: &CStr) -> PSTR { } pub unsafe fn spawn_and_inject(proc: &str) { + let pth = Path::new(proc); + if !pth.is_file() { + panic!("file does not exist"); + } let cmd_line_c = CString::new(proc).expect("invalid cstr"); let start_up_info = STARTUPINFOA { ..Default::default() @@ -83,12 +88,7 @@ pub unsafe fn spawn_and_inject(proc: &str) { ); let code_entry = image_base_addr.wrapping_add((*nt_hdrs).OptionalHeader.AddressOfEntryPoint as usize); - println!( - "entry = {:p} B = {:X} C = {:p}", - code_entry, - (*nt_hdrs).OptionalHeader.AddressOfEntryPoint, - image_base_addr - ); + println!("entry = {:p}", code_entry,); let entry_insts: [u8; 2] = proc .read(code_entry as usize) .expect("failed to read entry"); @@ -97,7 +97,6 @@ pub unsafe fn spawn_and_inject(proc: &str) { // // resume the thread ResumeThread(proc_info.hThread); - // ResumeThread(proc_info.hThread); // wait until trapped... and inject let sock = UdpSocket::bind("127.0.0.1:28713").expect("failed to bind socket"); { @@ -112,12 +111,15 @@ pub unsafe fn spawn_and_inject(proc: &str) { let _ = sock.recv(&mut []); } // we're done. let's kill the process. - println!("done, running code after enter..",); - let mut inp = String::new(); - std::io::stdin().read_line(&mut inp); + println!("done, running code",); proc.write(code_entry as usize, &entry_insts); println!("waiting for call."); - let _ = sock.recv(&mut []); - println!("complete."); + let mut key = [0; 32]; + let _ = sock.recv(&mut key); + println!("recieved key: "); + for val in key { + print!("{:x}", val); + } + println!("\ncomplete."); TerminateProcess(proc_info.hProcess, 1); } diff --git a/src/main.rs b/src/main.rs index 612d2d7..571e71b 100644 --- a/src/main.rs +++ b/src/main.rs @@ -2,6 +2,6 @@ use gdke::spawn_and_inject; fn main() { unsafe { - spawn_and_inject("./z421.exe"); + spawn_and_inject(&std::env::args().nth(1).unwrap()); } } diff --git a/z421.exe b/z421.exe new file mode 100644 index 0000000..5ce8507 Binary files /dev/null and b/z421.exe differ diff --git a/z421.pck b/z421.pck new file mode 100644 index 0000000..a7fbf13 Binary files /dev/null and b/z421.pck differ