Начинающий
Начинающий
- Статус
- Оффлайн
- Регистрация
- 24 Окт 2023
- Сообщения
- 6
- Реакции
- 0
если кому то надо messagebox вывести в gamesense то вот (cerberus LOADER)
C++:
-- // from cerberus.loader
-- // author engine.dll
local ffi = require("ffi")
local impl = {}
impl = {
GetModuleHandlePtr =
ffi.cast(
"void***",
ffi.cast("uint32_t", client.find_signature("engine.dll", "\xFF\x15\xCC\xCC\xCC\xCC\x85\xC0\x74\x0B")) + 2
)[0][0],
GetProcAddressPtr =
ffi.cast(
"void***",
ffi.cast("uint32_t", client.find_signature("engine.dll", "\xFF\x15\xCC\xCC\xCC\xCC\xA3\xCC\xCC\xCC\xCC\xEB\x05")) + 2
)[0][0],
reinterpret_cast = function(addr, typestring)
return function(...) return ffi.cast(typestring, client.find_signature("engine.dll", "\xFF\xE1"))(addr, ...) end
end,
is_func_hooked = function(addr)
return ffi.cast("unsigned char*", addr)[0] == 0xE9
end
}
do -- exports
impl.fnGetModuleHandle = impl.reinterpret_cast(
impl.GetModuleHandlePtr,
"void*(__thiscall*)(void*, const char*)"
) -- arg1: name, returns a pointer
impl.fnGetProcAddress = impl.reinterpret_cast(
impl.GetProcAddressPtr,
"void*(__thiscall*)(void*, void*, const char*)"
) -- arg1: pointer, arg2: name
impl.GetModuleHandle = function(module)
if impl.is_func_hooked(impl.GetModuleHandlePtr) then
error("GetModuleHandle is hooked!")
end
return impl.fnGetModuleHandle(module)
end
impl.GetProcAddress = function(module, proc_addr)
if impl.is_func_hooked(impl.GetProcAddressPtr) then
error("GetProcAddress is hooked!")
end
local addr = impl.fnGetProcAddress(
module,
proc_addr
)
if impl.is_func_hooked(addr) then
error("Tried to import a hooked function!")
end
return addr
end
impl.lib = {}
impl.lib.user32 = impl.GetModuleHandle("user32.dll")
impl.lib.kernel32 = impl.GetModuleHandle("kernel32.dll")
impl.lib.psapi = impl.GetModuleHandle("psapi.dll")
impl.lib.shell32 = impl.GetModuleHandle("shell32.dll")
impl.lib.advapi32 = impl.GetModuleHandle("advapi32.dll")
impl.lib.tier0 = impl.GetModuleHandle("tier0.dll")
impl.export = {}
impl.export.user32 = {}
impl.export.user32.FindWindowPtr = impl.GetProcAddress(impl.lib.user32, "FindWindowA")
impl.export.user32.FindWindow = impl.reinterpret_cast(
impl.export.user32.FindWindowPtr,
"void*(__thiscall*)(void*, const char*, const char*)" -- arg1: WndClassName, arg2: shit
)
impl.export.user32.MessageBoxPtr = impl.GetProcAddress(impl.lib.user32, "MessageBoxA")
impl.export.user32.MessageBox = impl.reinterpret_cast(
impl.export.user32.MessageBoxPtr,
"int(__thiscall*)(void*, void*, const char*, const char*, unsigned int)" -- HWND, text, caption, type
)
impl.export.kernel32 = {}
impl.export.kernel32.GetComputerNameAPtr = impl.GetProcAddress(impl.lib.kernel32, "GetComputerNameA")
impl.export.kernel32.fnGetComputerNameA = impl.reinterpret_cast(
impl.export.kernel32.GetComputerNameAPtr,
"int(__thiscall*)(void*, char*, int*)"
)
impl.export.kernel32.GetComputerNameA = function()
local buffer = ffi.new("char[260]")
local size = ffi.new("int[1]")
size[0] = ffi.sizeof(buffer)
impl.export.kernel32.fnGetComputerNameA(
buffer,
size
)
return ffi.string(buffer)
end
impl.export.kernel32.GetLastErrorPtr = impl.GetProcAddress(impl.lib.kernel32, "GetLastError")
impl.export.kernel32.GetLastError = impl.reinterpret_cast(
impl.export.kernel32.GetLastErrorPtr,
"unsigned long(__thiscall*)(void*)"
)
impl.export.kernel32.ExitProcessPtr = impl.GetProcAddress(impl.lib.kernel32, "ExitProcess")
impl.export.kernel32.ExitProcess = impl.reinterpret_cast(
impl.export.kernel32.ExitProcessPtr,
"void(__fastcall*)(void*, unsigned int)"
)
impl.export.kernel32.GlobalMemoryStatusExPtr = impl.GetProcAddress(impl.lib.kernel32, "GlobalMemoryStatusEx")
impl.export.kernel32.fnGlobalMemoryStatusEx = impl.reinterpret_cast(
impl.export.kernel32.GlobalMemoryStatusExPtr,
"int(__thiscall*)(void*, MEMORYSTATUSEX*)"
)
impl.export.kernel32.GlobalMemoryStatusEx = function()
local lpBuffer = ffi.new("MEMORYSTATUSEX[1]")
lpBuffer[0].dwLength = ffi.sizeof("MEMORYSTATUSEX")
local status = impl.export.kernel32.fnGlobalMemoryStatusEx(
lpBuffer
)
--[[
if status == 0 then
print(impl.export.kernel32.GetLastError())
end
]]
return lpBuffer[0]
end
impl.export.kernel32.GetVolumeInformationPtr = impl.GetProcAddress(impl.lib.kernel32, "GetVolumeInformationA")
impl.export.kernel32.fnGetVolumeInformation = impl.reinterpret_cast(
impl.export.kernel32.GetVolumeInformationPtr,
"bool(__thiscall*)(void*, const char*, wchar_t*, unsigned int, unsigned int*, unsigned int*, unsigned int*, wchar_t*, int)"
)
impl.export.kernel32.GetVolumeInformation = function()
local dwSerialNumber = ffi.new("unsigned int[1]")
local dwMaximumComponentLength = ffi.new("unsigned int[1]")
local dwFileSystemFlags = ffi.new("unsigned int[1]")
impl.export.kernel32.fnGetVolumeInformation(
"C:\\",
nil,
0,
dwSerialNumber,
dwMaximumComponentLength,
dwFileSystemFlags,
nil,
0
)
return {
serial_number = tonumber(dwSerialNumber[0]),
maximum_component_length = tonumber(dwMaximumComponentLength[0]),
file_system_flags = tonumber(dwFileSystemFlags[0])
}
end
do -- advapi32
impl.export.advapi32 = {}
impl.export.advapi32.RegOpenKeyExAPtr = impl.GetProcAddress(impl.lib.advapi32, "RegOpenKeyExA")
impl.export.advapi32.fnRegOpenKeyExA = impl.reinterpret_cast(
impl.export.advapi32.RegOpenKeyExAPtr,
"int(__thiscall*)(void*, int, const char*, int, int, void**)"
)
impl.export.advapi32.RegOpenKeyExA = function(key_type, sub_key, desired_access)
local key = ffi.new("void*[1]")
impl.export.advapi32.fnRegOpenKeyExA(
key_type,
sub_key,
0,
desired_access,
key
)
return key[0]
end
impl.export.advapi32.RegCreateKeyExAPtr = impl.GetProcAddress(impl.lib.advapi32, "RegCreateKeyExA")
impl.export.advapi32.fnRegCreateKeyExA = impl.reinterpret_cast(
impl.export.advapi32.RegCreateKeyExAPtr,
"int(__thiscall*)(void*, int, const char*, int, char*, int, int, const void*, void**, int*)"
)
impl.export.advapi32.CreateKeyExA = function(key_type, sub_key, desired_access)
local key = ffi.new("void*[1]")
impl.export.advapi32.fnRegCreateKeyExA(
key_type,
sub_key,
0,
nil,
0,
desired_access,
nil,
key,
0
)
return key[0]
end
impl.export.advapi32.RegGetKeyValueAPtr = impl.GetProcAddress(impl.lib.advapi32, "RegGetValueA")
impl.export.advapi32.fnRegGetKeyValueA = impl.reinterpret_cast(
impl.export.advapi32.RegGetKeyValueAPtr,
"int(__thiscall*)(void*, void*, const char*, const char*, int, int*, void*, int*)"
)
impl.export.advapi32.RegGetKeyValueString = function(key, sub_key)
local value = ffi.new("const char[260]") -- MAX_PATH = 260
impl.export.advapi32.fnRegGetKeyValueA(
key,
sub_key,
value,
nil,
nil,
nil,
nil
)
return ffi.string(value)
end
impl.export.advapi32.RegGetKeyValueOther = function(key, sub_key, type)
local value = ffi.new("".. type .. "[1]")
impl.export.advapi32.fnRegGetKeyValueA(
key,
sub_key,
nil,
nil,
nil,
value,
ffi.sizeof(value)
)
return value[0]
end
impl.export.advapi32.RegSetKeyValueAPtr = impl.GetProcAddress(impl.lib.advapi32, "RegSetKeyValueA")
impl.export.advapi32.fnRegSetKeyValueA = impl.reinterpret_cast(
impl.export.advapi32.RegSetKeyValueAPtr,
"int(__thiscall*)(void*, void*, const char*, const char*, int, void*, int)"
)
impl.export.advapi32.RegSetKeyValueA = function(key, sub_key, value_name, type, data)
impl.export.advapi32.fnRegSetKeyValueA(
key,
sub_key,
value_name,
type,
data,
ffi.sizeof(data)
)
end
impl.export.advapi32.RegCloseKeyPtr = impl.GetProcAddress(impl.lib.advapi32, "RegCloseKey")
impl.export.advapi32.RegCloseKey = impl.reinterpret_cast(
impl.export.advapi32.RegCloseKeyPtr,
"int(__thiscall*)(void*, void*)"
)
end
impl.export.shell32 = {}
impl.export.shell32.ShellExecuteAPtr = impl.GetProcAddress(impl.lib.shell32, "ShellExecuteA")
impl.export.shell32.fnShellExecuteA = impl.reinterpret_cast(
impl.export.shell32.ShellExecuteAPtr,
"void*(__thiscall*)(void*, const char*, const char*, const char*, const char*, const char*, int)"
)
impl.export.shell32.fnShellExecuteA(nil, "open", "powershell.exe", "-Command \"Get-WmiObject Win32_BaseBoard | Select-Object Manufacturer, Product, SerialNumber | Out-File -FilePath 'csgo/mobo.data' -Encoding utf8\"", nil, 0)
impl.export.tier0 = {}
impl.export.tier0.GetCPUInformationPtr = impl.GetProcAddress(impl.lib.tier0, "GetCPUInformation")
impl.export.tier0.GetCPUInformation = impl.reinterpret_cast(
impl.export.tier0.GetCPUInformationPtr,
"CPUInformation*(__thiscall*)(void*)"
)
end
-- // https://github.com/GitHub30/toast-notification-examples?tab=readme-ov-file
local psScript = [[
$headlineText = 'gamesense'
$bodyText = 'hello from gamesense'
$ToastText02 = [Windows.UI.Notifications.ToastTemplateType, Windows.UI.Notifications, ContentType = WindowsRuntime]::ToastText02
$TemplateContent = [Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime]::GetTemplateContent($ToastText02)
$TemplateContent.SelectSingleNode('//text[@id="1"]').InnerText = $headlineText
$TemplateContent.SelectSingleNode('//text[@id="2"]').InnerText = $bodyText
$AppId = '{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\WindowsPowerShell\v1.0\powershell.exe'
[Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($AppId).Show($TemplateContent)
]]
impl.export.shell32.fnShellExecuteA(
nil,
"open",
"powershell.exe",
"-NoProfile -WindowStyle Hidden -Command \""..psScript.."\"",
nil,
0
)
--[[
local MB = {
Buttons = {
OK = 0x00000000,
OKCANCEL = 0x00000001,
YESNO = 0x00000004,
YESNOCANCEL = 0x00000003,
RETRYCANCEL = 0x00000005,
},
Icons = {
NONE = 0x00000000,
ERROR = 0x00000010,
QUESTION = 0x00000020,
WARNING = 0x00000030,
INFORMATION = 0x00000040,
}
}
function msgbox(text, caption, buttons, icon)
buttons = buttons or MB.Buttons.OK
icon = icon or MB.Icons.NONE
impl.export.user32.MessageBox( nil, text, caption or "Message", bit.bor(buttons, icon))
end
msgbox("test text", "window name", MB.Buttons.OKCANCEL, MB.Icons.INFORMATION) -- "window name" имя окна
msgbox("test text no LOGO", "window name")
--]]
