Kind Push

gogo9211 · Jun 12, 2022 · cfd7881 · cfd7881
1 parent 688a9ad
commit cfd7881
Show file tree

Hide file tree

Showing 9 changed files with 507 additions and 0 deletions.
diff --git a/RACBW.sln b/RACBW.sln
@@ -0,0 +1,31 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.2.32526.322
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "RACBW", "RACBW\RACBW.vcxproj", "{403CAC8D-686C-428C-8B6B-A8F7FF8D2DC4}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{403CAC8D-686C-428C-8B6B-A8F7FF8D2DC4}.Debug|x64.ActiveCfg = Debug|x64
+		{403CAC8D-686C-428C-8B6B-A8F7FF8D2DC4}.Debug|x64.Build.0 = Debug|x64
+		{403CAC8D-686C-428C-8B6B-A8F7FF8D2DC4}.Debug|x86.ActiveCfg = Debug|Win32
+		{403CAC8D-686C-428C-8B6B-A8F7FF8D2DC4}.Debug|x86.Build.0 = Debug|Win32
+		{403CAC8D-686C-428C-8B6B-A8F7FF8D2DC4}.Release|x64.ActiveCfg = Release|x64
+		{403CAC8D-686C-428C-8B6B-A8F7FF8D2DC4}.Release|x64.Build.0 = Release|x64
+		{403CAC8D-686C-428C-8B6B-A8F7FF8D2DC4}.Release|x86.ActiveCfg = Release|Win32
+		{403CAC8D-686C-428C-8B6B-A8F7FF8D2DC4}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {A0190D4F-5605-449F-8293-B4A0F077DA29}
+	EndGlobalSection
+EndGlobal
diff --git a/RACBW/RACBW.vcxproj b/RACBW/RACBW.vcxproj
@@ -0,0 +1,143 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>16.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{403cac8d-686c-428c-8b6b-a8f7ff8d2dc4}</ProjectGuid>
+    <RootNamespace>RACBW</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <LanguageStandard>stdcpplatest</LanguageStandard>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="main.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="structs\structs.hpp" />
+    <ClInclude Include="utilities\hook.hpp" />
+    <ClInclude Include="utilities\io.hpp" />
+    <ClInclude Include="utilities\scan.hpp" />
+    <ClInclude Include="utilities\trust.hpp" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
diff --git a/RACBW/RACBW.vcxproj.filters b/RACBW/RACBW.vcxproj.filters
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="main.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="utilities\scan.hpp">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="utilities\io.hpp">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="utilities\hook.hpp">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="structs\structs.hpp">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="utilities\trust.hpp">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+  </ItemGroup>
+</Project>
diff --git a/RACBW/main.cpp b/RACBW/main.cpp
@@ -0,0 +1,96 @@
+#include <thread>
+#include <Windows.h>
+#include <Psapi.h>
+
+#include <DbgHelp.h>
+#pragma comment(lib, "DbgHelp.lib")
+
+#include "structs/structs.hpp"
+#include "utilities/scan.hpp"
+#include "utilities/io.hpp"
+#include "utilities/hook.hpp"
+#include "utilities/trust.hpp"
+
+void __stdcall detect(std::uintptr_t mod)
+{
+	const auto get_roblox_handle = [ ] ( ) -> HANDLE
+	{
+		DWORD proc_id;
+		GetWindowThreadProcessId( FindWindowA( nullptr, "Roblox" ), &proc_id );
+
+		return OpenProcess( PROCESS_ALL_ACCESS, FALSE, proc_id );
+
+	}; 	static auto roblox_handle = get_roblox_handle( );
+
+	const auto scan = reinterpret_cast< scan_container_t* >( mod );
+
+	if ( scan->status == scan_container_t::status_t::queued )
+	{
+		const auto to_copy_sz = min( 0x1000, scan->size );
+
+		std::uint8_t* buff = new std::uint8_t [ to_copy_sz ];
+		ReadProcessMemory( roblox_handle, reinterpret_cast< void* >( scan->address ), buff, to_copy_sz, nullptr );
+
+		if ( const auto nt_header = ImageNtHeader( buff ) )
+		{
+			if ( nt_header->Signature == 0x4550 )
+			{
+				if ( !is_signed( roblox_handle, scan->address ) )
+				{
+					utilities::io::log( "[RACBW] -> Setting unsigned module status to whitelisted\n\n" );
+
+					scan->status = scan_container_t::status_t::whitelisted;
+				}
+			}
+		}
+
+		delete [ ] buff;
+	}
+
+	utilities::io::log( 
+		"[RACBW] -> status: %i	|	address: 0x%X	|	size: 0x%X\n\n", 
+		scan->status, 
+		scan->address, 
+		scan->size 
+	);
+}
+
+std::uintptr_t old = 0;
+__declspec( naked ) void stub( )
+{
+	std::uintptr_t mf_edi;
+
+	__asm 
+	{
+		mov mf_edi, edi
+        pushad
+	}
+
+    detect( mf_edi );
+
+	__asm
+	{
+		popad
+		jmp old
+	}
+}
+
+void entry( )
+{
+	utilities::io::initiate( "RACBW - gogo1000, 0x90, iivillian, ozzy" );
+
+	if ( const auto ac = find_ac( ) )
+	{
+		utilities::io::log( "[RACBW] -> add_to_map:	0x%X\n\n", ac );
+
+		old = tramp_hook( ac, reinterpret_cast< std::uintptr_t >( &stub ), 6 );
+	}
+}
+
+bool __stdcall DllMain( void*, DWORD reason, void* )
+{
+	if ( reason == DLL_PROCESS_ATTACH )
+		std::thread{ entry }.detach( );
+
+	return true;
+}
diff --git a/RACBW/structs/structs.hpp b/RACBW/structs/structs.hpp
@@ -0,0 +1,16 @@
+#pragma once
+
+#include <cstdint>
+
+struct scan_container_t
+{
+	enum class status_t : std::int32_t
+	{
+		queued = -1,
+		scanning,
+		whitelisted,
+		finished
+	} status;
+
+	std::uint32_t address, size;
+};
diff --git a/RACBW/utilities/hook.hpp b/RACBW/utilities/hook.hpp
@@ -0,0 +1,37 @@
+#pragma once
+
+#include <Windows.h>
+#include <cstdint>
+#include <cstddef>
+#include <cstring>
+
+inline std::uintptr_t tramp_hook( std::uintptr_t func, std::uintptr_t new_func, std::size_t inst_size )
+{
+    constexpr auto extra_size = 5;
+
+    auto clone = reinterpret_cast< std::uintptr_t >( VirtualAlloc( nullptr, inst_size + extra_size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) );
+
+    if ( !clone )
+        return 0;
+
+    std::memmove( reinterpret_cast< void* >( clone ), reinterpret_cast< void* >( func ), inst_size );
+
+    const auto jmp_pos = ( func - clone - extra_size );
+
+    *reinterpret_cast< std::uint8_t* >( clone + inst_size ) = 0xE9;
+    *reinterpret_cast< std::uintptr_t* >( clone + inst_size + 1 ) = jmp_pos;
+
+    DWORD old_protect;
+
+    VirtualProtect( reinterpret_cast< void* >( func ), inst_size, 0x40, &old_protect );
+
+    std::memset( reinterpret_cast< void* >( func ), 0x90, inst_size );
+
+    const auto rel_location = ( new_func - func - extra_size );
+    *reinterpret_cast< std::uint8_t* >( func ) = 0xE9;
+    *reinterpret_cast< std::uintptr_t* >( func + 1 ) = rel_location;
+
+    VirtualProtect( reinterpret_cast< void* >( func ), inst_size, old_protect, &old_protect );
+
+    return clone;
+}