Raised This Month: $ Target: $400
 0% 

[INC/ANY] Memory Extended 2.0 [WINAPI/Inject DLL through SourcePawn]


  
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Author
Rostu
Junior Member
Join Date: Feb 2019
Plugin ID:
6865
Plugin Version:
2.0
Plugin Category:
General Purpose
Plugin Game:
Any
Plugin Dependencies:
    Servers with this Plugin:
     
    Plugin Description:
    Extending opportunities for work with memory in SourcePawn
    Old 12-22-2019 , 06:04   [INC/ANY] Memory Extended 2.0 [WINAPI/Inject DLL through SourcePawn]
    Reply With Quote #1

    The first thing I would like to say - the philosophy of this library is that all manipulations are reproduced without creating and needing additional files on the server.

    From version 2.0 - added linux support

    Due to the fact that now you can work with all dynamic libraries - all the restrictions are only in your head


    Special thanks to Kailo for assistance in training ASM, working with debugger/IDA

    This "weapon" was created for convenient work with other .dll, because in SourcePawn functions you can work only with 3 => server/engine/matchmaking_ds
    What came of this? - Let's look at its structure =>

    Since version 2.0, the structure is divided by files

    1)MemoryEx/ASM_Instruction.inc - A helper file that allows you to use the most common ASM features in SourcePawn [include => MemoryEx/BaseMemory.inc]
    PHP Code:
    enum ASMRegister
    {
        
    ASMRegister_EAX,
        
    ASMRegister_ECX,
        
    ASMRegister_EDX,
        
    ASMRegister_EBX,
        
    ASMRegister_ESP,
        
    ASMRegister_EBP,
        
    ASMRegister_ESI,
        
    ASMRegister_EDI
    }

    enum struct ASMInstructions
    {
        
    BaseMemory mem;

        
    void Set(Pointer adr)
        {
            
    this.mem.pAddrBase adr;
        }
        
    Pointer Get()
        {
            return 
    this.mem.pAddrBase;
        }

        
    void PushRegister(ASMRegister reg)
        {
            
    this.mem.WriteByte(0x50 view_as<int>(reg),     _,     MemoryEx_AddAfterWrite);
        }
        
    void Push(any value)
        {
            
    this.mem.WriteByte(0x68,     _,     MemoryEx_AddAfterWrite);
            
    this.mem.WriteInt(value,    _,     MemoryEx_AddAfterWrite);
        }
        
    void PopRegister(ASMRegister reg)
        {
            
    this.mem.WriteByte(0x58 view_as<int>(reg),     _,     MemoryEx_AddAfterWrite);
        }

        
    void Call (any value)
        {
            
    this.mem.WriteWord(0x15FF,     _MemoryEx_AddAfterWrite);
            
    this.mem.WriteInt(value,    _,     MemoryEx_AddAfterWrite);
        }

        
    void Nop()
        {
            
    this.mem.WriteByte(0x90,     _,     MemoryEx_AddAfterWrite);
        }
        
    void Xchg(ASMRegister reg)
        {
            
    this.mem.WriteByte(0x90 view_as<int>(reg),     _,     MemoryEx_AddAfterWrite);
        }
        
    void Retn()
        {
            
    this.mem.WriteByte(0xC3,    _,    MemoryEx_AddAfterWrite);
        }
    }
    stock ASMInstructions g_ASM;

    #define ASM g_ASM

    #define ASMHELP_SET(%0)            g_ASM.Set(%0)
    #define ASMHELP_GET()            g_ASM.Get()
    #define PUSH_REGISTER(%0)         g_ASM.PushRegister(ASMRegister_%0)
    #define PUSH(%0)                 g_ASM.Push(%0)
    #define POP_REGISTER(%0)         g_ASM.PopRegister(ASMRegister_%0)
    #define CALL(%0)                 g_ASM.Call(%0)
    #define NOP()                     g_ASM.Nop()
    #define XCHG(%0)                 g_ASM.Xchg(ASMRegister_%0)
    #define RETN()                     g_ASM.Retn() 
    2) MemoryEx/BaseMemory.inc - Implements basic functions for more convenient work with memory
    PHP Code:
    void BaseMemory::SetAddr(any address)
    Pointer BaseMemory::GetAddr()
    void BaseMemory::Add(any iOffset)

    int BaseMemory::ReadByte(int iOffset 0)
    void BaseMemory::WriteByte(any iByteint iOffset 0,  int flags MemoryEx_NoNeedAdd)

    int BaseMemory::ReadWord(int iOffset 0)
    void BaseMemory::WriteWord(any iByteint iOffset 0,  int flags MemoryEx_NoNeedAdd)

    int BaseMemory::ReadInt(int iOffset 0)
    void BaseMemory::WriteInt(any iByteint iOffset 0,  int flags MemoryEx_NoNeedAdd)

    void BaseMemory::WriteData(const int[] dataint iSizeint flags MemoryEx_NoNeedAdd)

    int BaseMemory::ReadString(char[] sStringint iMaxLength) - Returns string length
    void BaseMemory
    ::WriteString(const char[] sStringbool bNull trueint flags MemoryEx_NoNeedAdd)
    void BaseMemory::WriteUnicodeString(const char[] sStringbool bNull trueint flags MemoryEx_NoNeedAdd)
    Pointer BaseMemory::FindPattern(Pointer baseany size, const int[] patternint iLengthint iOffset 0) - return address found address iOffset 
    3) MemoryEx/DynamicLibrary.inc - Implements functions for working with dynamic libraries
    PHP Code:
    void DynamicLibrary::Init()
    Pointer DynamicLibrary::InitModule(const char[] sNameLibrary) - exts .so/.dll you can omitInstead mem.lib.InitModule("engine.dll") => mem.lib.InitModule("engine") - inc will add the necessary extension for you :)

    Pointer DynamicLibrary::GetBaseAddress(const char[] sName)
    int DynamicLibrary::GetModuleSize(const char[] sName)
    Pointer DynamicLibrary::GetEndModule(const char[] sName)

    Pointer DynamicLibrary::GetModuleHandle(const char[] name)
    Pointer DynamicLibrary::GetProcAddress(const char[] sLibrary, const char[] sName) <<== https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-getprocaddress

    Pointer DynamicLibrary::FindPattern(const char[] sModule, const int[] sPatternint iLengthint iOffset 0)
    Pointer DynamicLibrary::FindString(const char[] sModule, const char[] sString)
    Pointer DynamicLibrary::FindUnicodeString(const char[] sModule, const char[] sString)
    Pointer DynamicLibrary::FindValue(const char[] sModuleany iValueint iNextByte 0x2A // iNextByte - to help 
    4) MemoryEx/ServerLibrary.inc - Work with the server [.so] / [.dll] - namely, getting the base address [for Windows only] (not needed for Linux) / Getting the server OS
    5) MemoryEx/LinuxFunction.inc - Helper functions for linux => loading a list of .so libraries
    6) MemoryEx/WindowsFunction.inc - Functions for Windows => Get DLL Size from PEB Header / Get Windows Version



    The most interesting feature as for me -> Pointer GetModuleHandle(const char[] name) which calls and returns the result of WINAPI GetModuleHandleW through SourcePawn

    What an interesting feature GetModuleHandle?


    Descriptions of some functions:

    GetModuleHandle/InitModule/GetBaseAddress/GetModuleSize/GetEndModule


    Examples of using

    1) Inject .dll through SourcePawn [GetProcAddress + call WINAPI LoadLibraryA]

    PHP Code:
    #include <MemoryEx>
    public void OnPluginStart()
    {
        
    MemoryEx mem;

        if(!
    mem.Init()) return;

        
    mem.InitModule("kernel32.dll");    
        
    Pointer libAddr mem.GetProcAddress("kernel32.dll""LoadLibraryA");

        
    StartPrepSDKCall(SDKCall_Static);
        
    PrepSDKCall_AddParameter(SDKType_StringSDKPass_Pointer);
        
    PrepSDKCall_SetAddress(libAddr);
        
    PrepSDKCall_SetReturnInfo(SDKType_PlainOldDataSDKPass_Plain);

        
    Handle h EndPrepSDKCall();
        
    int baseDLL SDKCall(h"D:/CSS_HOOK.dll");

        
    delete h;
        
    PrintToServer("libaddr = 0x%X Base Address DLL = 0x%X ",libAddrbaseDLL);

    Result


    What will my plugin `bypass nobots` look like if I will code it for a given library?

    Sometimes in the plugin - it is necessary to update the gamedate. Now we can just find the necessary word and "destroy it"

    PHP Code:
    #include <MemoryEx>
    public void OnPluginStart()
    {
        
    MemoryEx mem;
        
    mem.Init();
        
    Pointer pStr mem.lib.FindString("server""-nobots");
            
        if(
    pStr != nullptr)
        {
            
    mem.mem.SetAddr(pStr PTR(0x01)); // bypass `-`
            
    for(int y 06y++)    mem.mem.WriteByte(GetRandomInt(0x610x7A), y);
        }

    Another way is through MemoryEx::FindPattern

    PHP Code:
    #include <MemoryEx>

    public void OnPluginStart()
    {
        static 
    int pattern[8] = {0x2D0x6E0x6F0x620x6F0x740x730x00}; // `-nobots`;

        
    MemoryEx mem;
        
    mem.Init();

        
    ModuleInfo server;

        
    server.base mem.lib.GetBaseAddress("server");
        
    server.size mem.lib.GetModuleSize("server");

        
    Pointer pStr mem.mem.FindPattern(server.baseserver.sizepatternsizeof(pattern), 0x01); // bypass `-`

        
    if(pStr != nullptr)
        {
            
    mem.mem.SetAddr(pStr);
            for(
    int y 06y++)    mem.mem.WriteByte(GetRandomInt(0x610x7A), y);
        }

    Attached Files
    File Type: zip MemoryEx.zip (9.8 KB, 473 views)

    Last edited by Rostu; 01-26-2020 at 00:47. Reason: Upgrade to 2.0 version
    Rostu is offline
     


    Thread Tools
    Display Modes

    Posting Rules
    You may not post new threads
    You may not post replies
    You may not post attachments
    You may not edit your posts

    BB code is On
    Smilies are On
    [IMG] code is On
    HTML code is Off

    Forum Jump


    All times are GMT -4. The time now is 22:24.


    Powered by vBulletin®
    Copyright ©2000 - 2024, vBulletin Solutions, Inc.
    Theme made by Freecode