Пользователь
-
Автор темы
- #1
Работает на большинстве BattlEye/EAC играх
Download link:
As some of you might have heard, the lsass & csrss meme is probably going to be patched in few weeks so i'm releasing this here
How to use:
1) Use proper manualmapper to inject the DOLBOEB.INJECTOR.dll into lsass.exe (Xenos/Blackbone or anything that initializes TLS & SEH/C++ exceptions support)
2) Open up C:\Windows\System32\config\systemprofile\AppData\Roaming, you'll see 2 files there, first one is ntmapper-log.txt, it's a log file, and second one is ntmapper-control.txt, it's a configuration/command file. You have to open up the ntmapper-control.txt and paste the injection configuration in the following format:
TargetProcessName.exe
C:\Path\To\Your\Cheat\Dll.dll
ImportingModule.dll
ExportingModule.dll
ExportedFunc
OpenProcessOrNot (yes - will open the handle / no - will try to find one)
CreateThreadOrNot (yes - will create a new thread / no - will hijack an existing one)
Module backing (create - will link the manually mapped image to PEB, overwrite - will overwrite existing image in target process, none - will just VirtualAllocEx pages for remote image)
Wait 10s before injection (yes/no)
Module to overwrite.dll
Once you've saved the configuration file, the injector is gonna start waiting for process and once process arrived it's gonna try injecting.
The log output is going to be in ntmapper-log.txt
- STILL WORKS ON MOST BE GAMES
- Has a working TH'd DllMain call via IAT hooking example (see manualmap.cpp -> injection::manualmap::threadhijack_call_entrypoint(map_ctx& ctx))
- Manual mapping is pasted from @
- Been made in 2 days by me under ton of red bull cans
- x64 only
- Windows 10 only
- Right now it is DETECTED and SIGGED although it was UD on BE for full FIVE months. Around ~1k people were using something that is based on it for 5 months without any bans and shit :^)
- Has every detection vector an lsass injector can possibly have
- Requires you to provide C++ exception support (if you don't, it's gonna fuckup the lsass (use Xenos/Blackbone))
- Doesn't copy headers
- Stays in lsass forever and doesn't try to be stealthy at all
- Doesn't initialize TLS & SEH
- Doesn't resolve some imports like D3D ones (D3DCompile for example) - you're gonna get a crash if you'll try injecting working PUBG chams. To fix the issue, use GetProcAddress internally to resolve missing imports
- Just an awful piece of shit, an example how NOT to write an injector
How it works - it basically just manually maps the image into target process using lsass's handle and then just calls the entrypoint via IAT hook (it searches for the exporter-importer-importedfunc chain you've specified then hooks the IAT of specified importing module with a shellcode that simply calls DllMain)
I rewrote it some time ago so my current injector is fast, convinient, stealthy, and doesnt fuckup the imports. I maybe MAYBE will release my new injector some time later
About detection vectors for this meme:
- Handles to ntmapper-log file, ntmapper-control file and a file handle to your DLL, this all can be easily checked.
- Once injected, it's gonna have it's own waiting thread running in a RX/RWX memory that Xenos allocated. The pages are going to be outside of legit module SOOO you're gonna get fucked
- When manually mapping, it creates a shared memory section but never closes it
- Doesn't free the shellcode at all
- Has some strings that are easy to sig (and they already are sigged so to say)
- It would be wise to auto-cleanup import names, PE headers, strip some sections from the mmapped image that you don't need in DllMain of the dolboeb.injector.dll but it doesn't do it.
- Idk if i've missed something, tell me
Don't tell me the code is shit because i pretty much know it's shit, i didn't craft it especially to show off on UC so w/e.
Download link:
Пожалуйста, авторизуйтесь для просмотра ссылки.
(APPROVED)As some of you might have heard, the lsass & csrss meme is probably going to be patched in few weeks so i'm releasing this here
How to use:
1) Use proper manualmapper to inject the DOLBOEB.INJECTOR.dll into lsass.exe (Xenos/Blackbone or anything that initializes TLS & SEH/C++ exceptions support)
2) Open up C:\Windows\System32\config\systemprofile\AppData\Roaming, you'll see 2 files there, first one is ntmapper-log.txt, it's a log file, and second one is ntmapper-control.txt, it's a configuration/command file. You have to open up the ntmapper-control.txt and paste the injection configuration in the following format:
TargetProcessName.exe
C:\Path\To\Your\Cheat\Dll.dll
ImportingModule.dll
ExportingModule.dll
ExportedFunc
OpenProcessOrNot (yes - will open the handle / no - will try to find one)
CreateThreadOrNot (yes - will create a new thread / no - will hijack an existing one)
Module backing (create - will link the manually mapped image to PEB, overwrite - will overwrite existing image in target process, none - will just VirtualAllocEx pages for remote image)
Wait 10s before injection (yes/no)
Module to overwrite.dll
Once you've saved the configuration file, the injector is gonna start waiting for process and once process arrived it's gonna try injecting.
The log output is going to be in ntmapper-log.txt
- STILL WORKS ON MOST BE GAMES
- Has a working TH'd DllMain call via IAT hooking example (see manualmap.cpp -> injection::manualmap::threadhijack_call_entrypoint(map_ctx& ctx))
- Manual mapping is pasted from @
Пожалуйста, авторизуйтесь для просмотра ссылки.
- Been made in 2 days by me under ton of red bull cans
- x64 only
- Windows 10 only
- Right now it is DETECTED and SIGGED although it was UD on BE for full FIVE months. Around ~1k people were using something that is based on it for 5 months without any bans and shit :^)
- Has every detection vector an lsass injector can possibly have
- Requires you to provide C++ exception support (if you don't, it's gonna fuckup the lsass (use Xenos/Blackbone))
- Doesn't copy headers
- Stays in lsass forever and doesn't try to be stealthy at all
- Doesn't initialize TLS & SEH
- Doesn't resolve some imports like D3D ones (D3DCompile for example) - you're gonna get a crash if you'll try injecting working PUBG chams. To fix the issue, use GetProcAddress internally to resolve missing imports
- Just an awful piece of shit, an example how NOT to write an injector
How it works - it basically just manually maps the image into target process using lsass's handle and then just calls the entrypoint via IAT hook (it searches for the exporter-importer-importedfunc chain you've specified then hooks the IAT of specified importing module with a shellcode that simply calls DllMain)
I rewrote it some time ago so my current injector is fast, convinient, stealthy, and doesnt fuckup the imports. I maybe MAYBE will release my new injector some time later
About detection vectors for this meme:
- Handles to ntmapper-log file, ntmapper-control file and a file handle to your DLL, this all can be easily checked.
- Once injected, it's gonna have it's own waiting thread running in a RX/RWX memory that Xenos allocated. The pages are going to be outside of legit module SOOO you're gonna get fucked
- When manually mapping, it creates a shared memory section but never closes it
- Doesn't free the shellcode at all
- Has some strings that are easy to sig (and they already are sigged so to say)
- It would be wise to auto-cleanup import names, PE headers, strip some sections from the mmapped image that you don't need in DllMain of the dolboeb.injector.dll but it doesn't do it.
- Idk if i've missed something, tell me
Don't tell me the code is shit because i pretty much know it's shit, i didn't craft it especially to show off on UC so w/e.
Пожалуйста, авторизуйтесь для просмотра ссылки.
Последнее редактирование:
