From 19d69835f6b0504e2d95e6cd6ba1f333f2e49387 Mon Sep 17 00:00:00 2001 From: Luna <44528100+pozm@users.noreply.github.com> Date: Fri, 26 Aug 2022 21:52:21 +0100 Subject: [PATCH] ok --- .gitignore | 3 + godot_dump.sln | 31 +++++ godot_dump/dllmain.cpp | 108 ++++++++++++++++++ godot_dump/framework.h | 5 + godot_dump/godot_dump.vcxproj | 157 ++++++++++++++++++++++++++ godot_dump/godot_dump.vcxproj.filters | 33 ++++++ godot_dump/godot_dump.vcxproj.user | 4 + godot_dump/pch.cpp | 5 + godot_dump/pch.h | 13 +++ 9 files changed, 359 insertions(+) create mode 100644 godot_dump.sln create mode 100644 godot_dump/dllmain.cpp create mode 100644 godot_dump/framework.h create mode 100644 godot_dump/godot_dump.vcxproj create mode 100644 godot_dump/godot_dump.vcxproj.filters create mode 100644 godot_dump/godot_dump.vcxproj.user create mode 100644 godot_dump/pch.cpp create mode 100644 godot_dump/pch.h diff --git a/.gitignore b/.gitignore index 259148f..4ab08c4 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,6 @@ *.exe *.out *.app +/godot_dump/x64/Debug +/.vs/godot_dump +/x64/Debug diff --git a/godot_dump.sln b/godot_dump.sln new file mode 100644 index 0000000..ddbf30d --- /dev/null +++ b/godot_dump.sln @@ -0,0 +1,31 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 17 +VisualStudioVersion = 17.2.32526.322 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "godot_dump", "godot_dump\godot_dump.vcxproj", "{B5C2D08C-60E3-4760-BE7D-5BEEF27358EA}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + Release|x64 = Release|x64 + Release|x86 = Release|x86 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {B5C2D08C-60E3-4760-BE7D-5BEEF27358EA}.Debug|x64.ActiveCfg = Debug|x64 + {B5C2D08C-60E3-4760-BE7D-5BEEF27358EA}.Debug|x64.Build.0 = Debug|x64 + {B5C2D08C-60E3-4760-BE7D-5BEEF27358EA}.Debug|x86.ActiveCfg = Debug|Win32 + {B5C2D08C-60E3-4760-BE7D-5BEEF27358EA}.Debug|x86.Build.0 = Debug|Win32 + {B5C2D08C-60E3-4760-BE7D-5BEEF27358EA}.Release|x64.ActiveCfg = Release|x64 + {B5C2D08C-60E3-4760-BE7D-5BEEF27358EA}.Release|x64.Build.0 = Release|x64 + {B5C2D08C-60E3-4760-BE7D-5BEEF27358EA}.Release|x86.ActiveCfg = Release|Win32 + {B5C2D08C-60E3-4760-BE7D-5BEEF27358EA}.Release|x86.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {F8CC79BA-C5B1-4E51-B5A0-513D6A2DB01A} + EndGlobalSection +EndGlobal diff --git a/godot_dump/dllmain.cpp b/godot_dump/dllmain.cpp new file mode 100644 index 0000000..448645d --- /dev/null +++ b/godot_dump/dllmain.cpp @@ -0,0 +1,108 @@ +// dllmain.cpp : Defines the entry point for the DLL application. +#include "pch.h" +#include +#include + +char* ScanBasic(char* pattern, char* mask, char* begin, intptr_t size) +{ + intptr_t patternLen = strlen(mask); + + for (int i = 0; i < size; i++) + { + bool found = true; + for (int j = 0; j < patternLen; j++) + { + if (mask[j] != '?' && pattern[j] != *(char*)((intptr_t)begin + i + j)) + { + found = false; + break; + } + } + if (found) + { + return (begin + i); + } + } + return nullptr; +} + + + +char* ScanInternal(char* pattern,char * mask, char* begin, intptr_t size) +{ + char* match{ nullptr }; + MEMORY_BASIC_INFORMATION mbi{}; + + for (char* curr = begin; curr < begin + size; curr += mbi.RegionSize) + { + if (!VirtualQuery(curr, &mbi, sizeof(mbi)) || mbi.State != MEM_COMMIT || mbi.Protect == PAGE_NOACCESS) continue; + + match = ScanBasic(pattern, mask, curr, mbi.RegionSize); + + if (match != nullptr) + { + break; + } + } + return match; +} + + + + + + +void main_thread() { + AllocConsole(); + freopen_s((FILE**)stdout,"CONOUT$", "w", (FILE*)stdout); + freopen_s((FILE**)stdin,"CONIN$", "w", (FILE*)stdin); + + auto pog1 = GetModuleHandleA(nullptr); + + const char* load_byte_code_sig = "\x4C\x8D\x05\xCC\xCC\xCC\xCC\x0F\x1F\x40\x00"; + + auto pog = ScanInternal((char*)load_byte_code_sig, (char*)"xxx????xxxx", (char *)pog1, 0xfffffff); + + uint32_t offset; + + std::memcpy(&offset, (void*)(pog + 3), 4); + + void* next = (void*)((pog + 7) - (char *)pog1); + + auto parta = (char*)next + offset; + void* location = reinterpret_cast(pog1) + (uint32_t)parta; + + std::cout << "key loc @ " << location << std::endl; + + uint8_t secretKey[32]; + + std::memcpy(&secretKey, location, 32); + + std::cout << "key = "; + for (int i = 0; i < 32; i++) { + std::cout << std::hex << (int) secretKey[i]; + } + std::cout << std::dec << ";" << std::endl; + std::cin.get(); + +} + +BOOL APIENTRY DllMain( HMODULE hModule, + DWORD ul_reason_for_call, + LPVOID lpReserved + ) +{ + switch (ul_reason_for_call) + { + case DLL_PROCESS_ATTACH: { + std::thread pog(main_thread); + pog.detach(); + } + case DLL_THREAD_ATTACH: + case DLL_THREAD_DETACH: + case DLL_PROCESS_DETACH: + break; + } + return TRUE; +} + diff --git a/godot_dump/framework.h b/godot_dump/framework.h new file mode 100644 index 0000000..54b83e9 --- /dev/null +++ b/godot_dump/framework.h @@ -0,0 +1,5 @@ +#pragma once + +#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers +// Windows Header Files +#include diff --git a/godot_dump/godot_dump.vcxproj b/godot_dump/godot_dump.vcxproj new file mode 100644 index 0000000..46f710d --- /dev/null +++ b/godot_dump/godot_dump.vcxproj @@ -0,0 +1,157 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 16.0 + Win32Proj + {b5c2d08c-60e3-4760-be7d-5beef27358ea} + godotdump + 10.0 + + + + DynamicLibrary + true + v143 + Unicode + + + DynamicLibrary + false + v143 + true + Unicode + + + DynamicLibrary + true + v143 + Unicode + + + DynamicLibrary + false + v143 + true + Unicode + + + + + + + + + + + + + + + + + + + + + + Level3 + true + WIN32;_DEBUG;GODOTDUMP_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + true + Use + pch.h + + + Windows + true + false + + + + + Level3 + true + true + true + WIN32;NDEBUG;GODOTDUMP_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + true + Use + pch.h + + + Windows + true + true + true + false + + + + + Level3 + true + _DEBUG;GODOTDUMP_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + true + Use + pch.h + + + Windows + true + false + + + + + Level3 + true + true + true + NDEBUG;GODOTDUMP_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + true + Use + pch.h + + + Windows + true + true + true + false + + + + + + + + + + Create + Create + Create + Create + + + + + + \ No newline at end of file diff --git a/godot_dump/godot_dump.vcxproj.filters b/godot_dump/godot_dump.vcxproj.filters new file mode 100644 index 0000000..1e57c7b --- /dev/null +++ b/godot_dump/godot_dump.vcxproj.filters @@ -0,0 +1,33 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Header Files + + + Header Files + + + + + Source Files + + + Source Files + + + \ No newline at end of file diff --git a/godot_dump/godot_dump.vcxproj.user b/godot_dump/godot_dump.vcxproj.user new file mode 100644 index 0000000..88a5509 --- /dev/null +++ b/godot_dump/godot_dump.vcxproj.user @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/godot_dump/pch.cpp b/godot_dump/pch.cpp new file mode 100644 index 0000000..64b7eef --- /dev/null +++ b/godot_dump/pch.cpp @@ -0,0 +1,5 @@ +// pch.cpp: source file corresponding to the pre-compiled header + +#include "pch.h" + +// When you are using pre-compiled headers, this source file is necessary for compilation to succeed. diff --git a/godot_dump/pch.h b/godot_dump/pch.h new file mode 100644 index 0000000..885d5d6 --- /dev/null +++ b/godot_dump/pch.h @@ -0,0 +1,13 @@ +// pch.h: This is a precompiled header file. +// Files listed below are compiled only once, improving build performance for future builds. +// This also affects IntelliSense performance, including code completion and many code browsing features. +// However, files listed here are ALL re-compiled if any one of them is updated between builds. +// Do not add files here that you will be updating frequently as this negates the performance advantage. + +#ifndef PCH_H +#define PCH_H + +// add headers that you want to pre-compile here +#include "framework.h" + +#endif //PCH_H