Browse Source

Еще немного реконструкции

master^2
shelru 8 years ago
parent
commit
fc8339d30f
  1. 3
      MiniBase/client.cpp
  2. 137
      MiniBase/enginemsg.cpp
  3. 14
      MiniBase/enginemsg.h
  4. 134
      MiniBase/main.cpp
  5. 7
      MiniBase/redirect.h

3
MiniBase/client.cpp

@ -30,7 +30,6 @@ void HookEngineMessages(){
pSVC_SendCvarValue2 = HookEngineMsg("svc_sendcvarvalue2", SVC_SendCvarValue2); pSVC_SendCvarValue2 = HookEngineMsg("svc_sendcvarvalue2", SVC_SendCvarValue2);
pSVC_Director = HookEngineMsg("svc_director", SVC_Director); pSVC_Director = HookEngineMsg("svc_director", SVC_Director);
pSVC_VoiceInit = HookEngineMsg("svc_voiceinit", SVC_VoiceInit); pSVC_VoiceInit = HookEngineMsg("svc_voiceinit", SVC_VoiceInit);
// pSVC_Resourcelist = HookEngineMsg("svc_resourcelist", SVC_Resourcelist);
} }
@ -281,8 +280,10 @@ void SetRenderModel(struct model_s *model)
g_Engine.Con_Printf("\tmodel: %s\n", model->name); g_Engine.Con_Printf("\tmodel: %s\n", model->name);
g_Studio.SetRenderModel(model); g_Studio.SetRenderModel(model);
} }
void HookFunction(){ void HookFunction(){
g_pClient->CL_CreateMove = CL_CreateMove; g_pClient->CL_CreateMove = CL_CreateMove;
g_pClient->HUD_Frame = HUD_Frame; g_pClient->HUD_Frame = HUD_Frame;
g_pEngine->pfnDrawUnicodeCharacter = pfnDrawUnicodeCharacter; g_pEngine->pfnDrawUnicodeCharacter = pfnDrawUnicodeCharacter;
// g_pStudio->SetRenderModel = SetRenderModel; // g_pStudio->SetRenderModel = SetRenderModel;

137
MiniBase/enginemsg.cpp

@ -40,6 +40,8 @@ pfnEngineMessage pSVC_SendCvarValue;
pfnEngineMessage pSVC_SendCvarValue2; pfnEngineMessage pSVC_SendCvarValue2;
pfnEngineMessage pSVC_Director; pfnEngineMessage pSVC_Director;
void(*Cbuf_Execute)();
void(*Cbuf_AddText)(char *text);
typedef enum cmd_source_s typedef enum cmd_source_s
{ {
@ -47,21 +49,17 @@ typedef enum cmd_source_s
src_command = 1, // from the command buffer. src_command = 1, // from the command buffer.
} cmd_source_t; } cmd_source_t;
void __cdecl ExecuteString(char *text, cmd_source_t src); void __cdecl Cmd_ExecuteString(char *text, cmd_source_t src);
HOOKINIT( HOOKINIT(
ExecuteString_F, // the type created ExecuteString_F, // the type created
ExecuteString, // the function prototyped Cmd_ExecuteString, // the function prototyped
ExecuteString_Tramp, // the trampoline to the original function ExecuteString_Tramp, // the trampoline to the original function
ExecuteString_Prologue // the prologue object of the function used for this hook ExecuteString_Prologue // the prologue object of the function used for this hook
) )
DWORD ExecuteString_call; DWORD ExecuteString_call;
DWORD ExecuteString_jump; DWORD ExecuteString_jump;
DWORD Cbuf_Addtext_call;
DWORD Cbuf_Addtext_jump;
DWORD Cbuf_Execute_call;
DWORD Cbuf_Execute_jump;
EasyHook::Hook32 hooker; // an object meant to service you EasyHook::Hook32 hooker; // an object meant to service you
@ -125,106 +123,42 @@ bool CheckExecute(char *text)
} }
return false; return false;
} }
// experimental
__declspec(naked) void Cmd_ExecuteString_CallHook( ) __declspec(naked) void Cmd_ExecuteString_CallHook( )
{ {
static char *text; static char *text;
__asm MOV text, ECX __asm mov text, ecx
bool Test; bool CheckValid;
Test = CheckExecute(text); CheckValid = CheckExecute(text);
if (Test) if (CheckValid)
{ {
__asm PUSH EBP __asm {
__asm MOV EBP, ESP push ebp
__asm MOV ECX, [EBP + 0x8] mov ebp, esp
__asm MOV EAX, [EBP + 0xC] mov ecx, [ebp + 0x8]
__asm JMP[ExecuteString_jump] mov eax, [ebp + 0xC]
jmp[ExecuteString_jump]
}
} }
else else
{ {
__asm ret; __asm ret;
} }
}/*
__declspec(naked) void Cmd_ExecuteString_CallHook()
{
char *text;
cmd_source_t src;
__asm {
PUSH EBP
MOV EBP, ESP
MOV ECX, [EBP + 0x8]
MOV EAX, [EBP + 0xC]
PUSH EAX
PUSH ECX
MOV text, ECX
MOV src, EAX
POP ECX
POP EAX
POP EBP
}
__asm {
PUSH EBP
MOV EBP, ESP
MOV ECX, [EBP + 0x8]
MOV EAX, [EBP + 0xC]
jmp[ExecuteString_jump]
}
ConsolePrintColor(0, 255, 255, "%s", text);
hooker.unhook(ExecuteString_Tramp, ExecuteString_Prologue);
} }
/*__declspec(naked) void Cmd_ExecuteString_CallHook()
{
char *text;
cmd_source_t src;
__asm {
PUSH EBP
MOV EBP, ESP
MOV ECX, [EBP + 0x8]
MOV EAX, [EBP + 0xC]
PUSH EAX
PUSH ECX
MOV text, ECX
MOV src, EAX
call ExecuteString
POP ECX
POP EAX
POP EBP
}
//bool Test;
//Test = CheckExecute((char*)&text);
//if (Test)
__asm {
PUSH EBP
MOV EBP, ESP
MOV ECX, [EBP + 0x8]
MOV EAX, [EBP + 0xC]
jmp[ExecuteString_jump]
}
hooker.unhook(ExecuteString_Tramp, ExecuteString_Prologue);
}*/
/*
void __cdecl ExecuteString(char *text, cmd_source_t src)
{
if (FirstFrame)
ConsolePrintColor(0, 255, 0, "%s %d \n", text, src);
//MessageBox(NULL, text, NULL, MB_OK); void ExecuteString_Add(const char *str) {
}
*/
void ExecuteString_Test(const char *str, pfnEngineMessage Func) {
ExecuteString_Tramp = (ExecuteString_F)hooker.hook( ExecuteString_Tramp = (ExecuteString_F)hooker.hook(
(LPVOID)ExecuteString_call, // pointer to the function you'd like to hook (LPVOID)ExecuteString_call, // pointer to the function you'd like to hook
ExecuteString_Prologue, // the prologue created by the INIT macro ExecuteString_Prologue, // the prologue created by the INIT macro
Cmd_ExecuteString_CallHook // the hook function to which you want to redirect the original Cmd_ExecuteString_CallHook // the hook function to which you want to redirect the original
); );
Cbuf_AddText_CallHook_Ext((char*)str); Cbuf_AddText((char*)str);
Cbuf_Execute_CallHook_Ext(); Cbuf_Execute();
hooker.unhook(ExecuteString_Tramp, ExecuteString_Prologue); hooker.unhook(ExecuteString_Tramp, ExecuteString_Prologue);
} }
/*
bool BlackList(char *str) { bool BlackList(char *str) {
bool changed = false; bool changed = false;
char *text = str; char *text = str;
@ -254,7 +188,7 @@ bool BlackList(char *str) {
char *a = isGood ? "[Extra Mirror] execute: \"" : "[Extra Mirror] blocked: \""; char *a = isGood ? "[Extra Mirror] execute: \"" : "[Extra Mirror] blocked: \"";
if (logsfiles->value > 0) { ConsolePrintColor(255, 255, 255, ("%s", a)); ConsolePrintColor(255, 255, 255, ("%s", c)); ConsolePrintColor(255, 255, 255, "\"\n"); } if (logsfiles->value > 0) { ConsolePrintColor(255, 255, 255, ("%s", a)); ConsolePrintColor(255, 255, 255, ("%s", c)); ConsolePrintColor(255, 255, 255, "\"\n"); }
// if (isFake) a = isGood ? "[Extra Mirror] set fake cvar: \"" : "[Extra Mirror] block fake cvar: \""; // if (isFake) a = isGood ? "[Extra Mirror] set fake cvar: \"" : "[Extra Mirror] block fake cvar: \"";
/*else*/if (isSet)a = "[Extra Mirror] update server-side cvar: \""; /*else*//*if (isSet)a = "[Extra Mirror] update server-side cvar: \"";
if (isGood)g_Engine.pfnClientCmd(c); if (isGood)g_Engine.pfnClientCmd(c);
if (isSet) { if (logsfiles->value > 0) { ConsolePrintColor(255, 255, 255, ("%s", a)); ConsolePrintColor(255, 255, 255, ("%s", c)); ConsolePrintColor(255, 255, 255, "\"\n"); } } if (isSet) { if (logsfiles->value > 0) { ConsolePrintColor(255, 255, 255, ("%s", a)); ConsolePrintColor(255, 255, 255, ("%s", c)); ConsolePrintColor(255, 255, 255, "\"\n"); } }
len -= i; len -= i;
@ -262,7 +196,7 @@ bool BlackList(char *str) {
else { text += i + 1; } else { text += i + 1; }
} }
return true; return true;
} }*/
void SVC_SendCvarValue() { void SVC_SendCvarValue() {
MSG_SaveReadCount(); MSG_SaveReadCount();
@ -402,31 +336,24 @@ bool CheckAndSetCvar(string FullCmd) {
return true; return true;
} }
void SVC_StuffText() { void SVC_StuffText() {
//MSG_SaveReadCount();
char* command = MSG_ReadString(); char* command = MSG_ReadString();
//MSG_RestoreReadCount(); ExecuteString_Add(command);
ExecuteString_Test(command, pSVC_StuffText);
/*char str[1024];
strncpy(str, command, sizeof(str));
str[sizeof(str) - 1] = 0;
if (BlackList(str))return;
MSG_RestoreReadCount();*/
//ConsolePrintColor(0, 255, 0, "%s", command);
} }
void SVC_Director() { void SVC_Director() {
/*MSG_SaveReadCount(); MSG_SaveReadCount();
int msglen = MSG_ReadByte(); int msglen = MSG_ReadByte();
int msgtype = MSG_ReadByte(); int msgtype = MSG_ReadByte();
char* DirectCommand = MSG_ReadString();
if (msgtype == 10) { if (msgtype == 10) {
char str[1024]; char* command = MSG_ReadString();
strncpy(str, DirectCommand, sizeof(str)); ExecuteString_Add(command);
str[sizeof(str) - 1] = 0; }
if (BlackList(str))return; else
{
MSG_RestoreReadCount();
pSVC_Director();
} }
MSG_RestoreReadCount();
pSVC_Director();*/
} }
void SVC_VoiceInit() { void SVC_VoiceInit() {
MSG_SaveReadCount(); MSG_SaveReadCount();
char* codec = MSG_ReadString(); int bitz = MSG_ReadByte(); bool blocked; char* codec = MSG_ReadString(); int bitz = MSG_ReadByte(); bool blocked;

14
MiniBase/enginemsg.h

@ -67,13 +67,13 @@ extern HL_MSG_ReadBitVec3Coord MSG_ReadBitVec3Coord;
extern HL_MSG_ReadBits MSG_ReadBits; extern HL_MSG_ReadBits MSG_ReadBits;
extern HL_MSG_StartBitReading MSG_StartBitReading; extern HL_MSG_StartBitReading MSG_StartBitReading;
extern HL_MSG_EndBitReading MSG_EndBitReading; extern HL_MSG_EndBitReading MSG_EndBitReading;
/*
typedef void(*HL_MSG_CBuf_AddText)(char* text); typedef void(*HL_MSG_CBuf_AddText)(char* text);
extern HL_MSG_CBuf_AddText CBuf_AddText_Orign; extern HL_MSG_CBuf_AddText CBuf_AddText_Orign;
*/
void MSG_SaveReadCount(); void MSG_SaveReadCount();
void MSG_RestoreReadCount(); void MSG_RestoreReadCount();
void CBuf_AddText(char* text); //void CBuf_AddText(char* text);
void SVC_StuffText(); void SVC_StuffText();
void SVC_SendCvarValue(); void SVC_SendCvarValue();
@ -82,14 +82,10 @@ void SVC_Director();
void SVC_Resourcelist(); void SVC_Resourcelist();
void SVC_VoiceInit(); void SVC_VoiceInit();
extern DWORD Cbuf_Addtext_call;
extern DWORD Cbuf_Addtext_jump;
extern DWORD Cbuf_Execute_call;
extern DWORD Cbuf_Execute_jump;
extern DWORD ExecuteString_call; extern DWORD ExecuteString_call;
extern DWORD ExecuteString_jump; extern DWORD ExecuteString_jump;
extern void Cbuf_AddText_CallHook_Ext(char *text); extern void(*Cbuf_Execute)();
extern void Cbuf_Execute_CallHook_Ext(); extern void(*Cbuf_AddText)(char *text);
extern pfnEngineMessage pSVC_VoiceInit; extern pfnEngineMessage pSVC_VoiceInit;
extern pfnEngineMessage pSVC_StuffText; extern pfnEngineMessage pSVC_StuffText;

134
MiniBase/main.cpp

@ -463,125 +463,12 @@ memcpy(pData, &revEmuTicket, sizeof(revEmuTicket));
return sizeof(revEmuTicket); return sizeof(revEmuTicket);
} }
__declspec(naked) void Cbuf_Execute_CallHook()
{
__asm PUSH EBP
__asm MOV EBP, ESP
__asm SUB ESP, 400h
__asm JMP[Cbuf_Execute_jump]
}
void Cbuf_Execute_CallHook_Ext()
{
Cbuf_Execute_CallHook();
}
__declspec(naked) void Cbuf_AddText_CallHook(char *text)
{
//MessageBox(NULL, text, NULL, MB_OK);
__asm PUSH EBP
__asm MOV EBP, ESP
__asm PUSH ESI
__asm MOV ESI, [EBP + 0x8]
__asm JMP[Cbuf_Addtext_jump]
/*MessageBox(NULL, text, NULL, MB_OK);*/
}
void Cbuf_AddText_CallHook_Ext(char *text)
{
Cbuf_AddText_CallHook(text);
}
void CL_ReadDemoMessage_OLD_Cbuf_AddText_CallHook(const char *str){ void CL_ReadDemoMessage_OLD_Cbuf_AddText_CallHook(const char *str){
// Add your filters there // Add your filters there
//MessagePrintf("Demo tried to execute: %s", str); //MessagePrintf("Demo tried to execute: %s", str);
} }
//void (*Original_ExecuteString)(char *text, cmd_source_t src);
/*
void __cdecl Cmd_ExecuteString_CallHook(char *text, cmd_source_t src)
{
__asm PUSH EBP
__asm MOV EBP, ESP
__asm MOV ECX, [EBP + 8]
__asm MOV EAX, [EBP + 0Ch]
__asm PUSH ESI
__asm JMP [Original_ExecuteString]
}
*/
/*
void Cmd_ExecuteString_CallHook(char *text, cmd_source_t src)
{
char * lox;
__asm PUSH EBP
__asm MOV EBP, ESP
//__asm MOV ECX, DWORD PTR SS : [EBP + 0x8]
__asm MOV ECX, [EBP + 0x8]
__asm MOV EAX, [EBP + 0xC]
__asm { MOV ECX, lox }
{
std::stringstream stream;
stream << "1 " << lox;
MessageBox(0, stream.str().c_str(), 0, MB_OK);
}
__asm PUSH ESI
__asm JMP[Original_ExecuteString]
}
*/
//void Cmd_ExecuteString_CallHook(char *text, cmd_source_t src)
//__declspec(naked) void WINAPI Cmd_ExecuteString_CallHook()
/*__declspec(naked) void Cmd_ExecuteString_CallHook()
{
__asm PUSH EBP
__asm call ExecuteString
__asm MOV EBP, ESP
__asm MOV ECX, [EBP + 0x8]
__asm MOV EAX, [EBP + 0xC]
__asm JMP[Original_ExecuteString]
}*/
/*
__declspec(naked) void Cmd_ExecuteString_CallHook()
{
static char *text; cmd_source_t src;
__asm MOV text, ECX
__asm MOV src, EAX
ExecuteString(text, src);
__asm PUSH EBP
__asm MOV EBP, ESP
__asm MOV ECX, [EBP + 0x8]
__asm MOV EAX, [EBP + 0xC]
__asm JMP[Original_ExecuteString]
}
*/
/*
// good func #2
__declspec(naked) void Cmd_ExecuteString_CallHook()
{
__asm {
PUSH EBP
MOV EBP, ESP
MOV ECX, [EBP + 0x8]
MOV EAX, [EBP + 0xC]
PUSH EAX
PUSH ECX
call ExecuteString
POP ECX
POP EAX
POP EBP
}
__asm {
PUSH EBP
MOV EBP, ESP
MOV ECX, [EBP + 0x8]
MOV EAX, [EBP + 0xC]
jmp[Original_ExecuteString]
}
}*/
void CL_ConnectionlessPacket_Cbuf_AddText_CallHook(const char *str){ void CL_ConnectionlessPacket_Cbuf_AddText_CallHook(const char *str){
// Add your filters there // Add your filters there
//ConsolePrintColor(0, 255, 0, "Server tried to execute via connectionless: %s", str); //ConsolePrintColor(0, 255, 0, "Server tried to execute via connectionless: %s", str);
@ -609,7 +496,6 @@ void ModuleLoaded() {
ptr = pModule->FindFirstUseOfString("Error, bad server command %s\n"); ptr = pModule->FindFirstUseOfString("Error, bad server command %s\n");
ptr = pModule->SearchUpForBinaryPattern(ptr, BinaryPattern("E8 ?? ?? ?? ?? 83 C4 04 5E")); ptr = pModule->SearchUpForBinaryPattern(ptr, BinaryPattern("E8 ?? ?? ?? ?? 83 C4 04 5E"));
uintptr_t pfnCbuf_AddText = (decltype(pfnCbuf_AddText))CallOpcode::GetDestination(ptr); uintptr_t pfnCbuf_AddText = (decltype(pfnCbuf_AddText))CallOpcode::GetDestination(ptr);
//.data:01E55198 00000006 C quit\n
{ {
ptr = pModule->FindFirstUseOfString("connect local"); ptr = pModule->FindFirstUseOfString("connect local");
ptr += sizeof(uintptr_t); ptr += sizeof(uintptr_t);
@ -620,22 +506,14 @@ void ModuleLoaded() {
{ {
ptr = pModule->FindFirstUseOfString("exec config.cfg\n"); ptr = pModule->FindFirstUseOfString("exec config.cfg\n");
ptr += sizeof(uintptr_t); ptr += sizeof(uintptr_t);
Cbuf_Addtext_call = (uintptr_t)CallOpcode::GetDestination(ptr); Cbuf_AddText = (decltype(Cbuf_AddText))(uintptr_t)CallOpcode::GetDestination(ptr);
{ {
std::stringstream stream;
ptr += 0xf; ptr += 0xf;
Cbuf_Execute_call = (uintptr_t)CallOpcode::GetDestination(ptr); Cbuf_Execute = (decltype(Cbuf_Execute))(uintptr_t)CallOpcode::GetDestination(ptr);
stream << " LEL " << std::hex << Cbuf_Execute_call << " \n";
Cbuf_Execute_jump = Cbuf_Execute_call + 0x9;
//MessageBox(NULL, stream.str().c_str(), NULL, MB_OK);
JmpOpcode::Setup(Cbuf_Execute_call, (DWORD)&Cbuf_Execute_CallHook);
} }
Cbuf_Addtext_jump = Cbuf_Addtext_call + 0x7;
JmpOpcode::Setup(Cbuf_Addtext_call, (DWORD)&Cbuf_AddText_CallHook);
} }
//CallOpcode::SetDestination(ptr, &Cmd_ExecuteString_CallHook);
//PlaceJMP((BYTE*)ptr, (DWORD)&Cmd_ExecuteString_CallHook, 0x9);
//JmpOpcode::Setup(ptr, (DWORD)&Cmd_ExecuteString_CallHook);
ptr = pModule->FindFirstUseOfString("Tried to read a demo message with no demo file\n"); ptr = pModule->FindFirstUseOfString("Tried to read a demo message with no demo file\n");
ptr = pModule->SearchDownForFirstCallToFunction(ptr, pfnCbuf_AddText); ptr = pModule->SearchDownForFirstCallToFunction(ptr, pfnCbuf_AddText);
CallOpcode::SetDestination(ptr, &CL_ReadDemoMessage_OLD_Cbuf_AddText_CallHook); CallOpcode::SetDestination(ptr, &CL_ReadDemoMessage_OLD_Cbuf_AddText_CallHook);
@ -659,7 +537,9 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved){
TCHAR sFileName[MAX_PATH]; TCHAR sFileName[MAX_PATH];
StringCchCopyN(sFileName, ARRAYSIZE(sFileName), lpFileName, lpExtension - lpFileName); StringCchCopyN(sFileName, ARRAYSIZE(sFileName), lpFileName, lpExtension - lpFileName);
bool fPrefixDetected = true; // debug no rename extramirror
//bool fPrefixDetected = true;
bool fPrefixDetected = false;
for (PTCHAR pch = sFileName; *pch != '\0'; pch++) { for (PTCHAR pch = sFileName; *pch != '\0'; pch++) {
if (*pch == 'm') { if (*pch == 'm') {
fPrefixDetected = true; fPrefixDetected = true;

7
MiniBase/redirect.h

@ -1,11 +1,6 @@
#ifndef EASYHOOK_HPP #ifndef EASYHOOK_HPP
#define EASYHOOK_HPP #define EASYHOOK_HPP
#include <array> #include "main.h"
#include <cstdio>
#include <iostream>
#include <Windows.h>
#include <winternl.h>
/* This macro creates the type, an instance of the type, and a prologue object specific to that function */ /* This macro creates the type, an instance of the type, and a prologue object specific to that function */
#define HOOKINIT(functor_type, function, trampoline_name, prologue_name) \ #define HOOKINIT(functor_type, function, trampoline_name, prologue_name) \
using functor_type = decltype(&function); \ using functor_type = decltype(&function); \

Loading…
Cancel
Save