Backups/SA-MP
1
0
Fork 0
mirror of https://github.com/dashr9230/SA-MP.git synced 2025-01-04 00:23:22 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
SA-MP/launch3/launch3Dlg.cpp

412 lines
11 KiB
C++
Raw Normal View History

Create VC2003 project file for launch3
2023-10-20 06:40:57 +08:00
// launch3Dlg.cpp : implementation file
//
#include "stdafx.h"
#include "launch3.h"
#include "launch3Dlg.h"
[launch3] Implement DLL inject functions
2023-10-24 23:58:07 +08:00
#include <windows.h>
Create VC2003 project file for launch3
2023-10-20 06:40:57 +08:00
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
[launch3] Implement DLL inject functions
2023-10-24 23:58:07 +08:00
typedef BOOL (WINAPI* Proc_CreateProcessA)(LPCSTR lpApplicationName,
LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation);
BOOL WINAPI CreateProcessWithDllA(LPCSTR lpApplicationName,
LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation,
LPSTR lpDllFullPath,
Proc_CreateProcessA FuncAddress);
BOOL SuspendTidAndInjectCode(HANDLE hProcess, HANDLE hThread, DWORD dwFuncAddress, const BYTE * lpShellCode, size_t uCodeSize);
BYTE* mov_eax_xx(BYTE* lpCurAddress, DWORD eax);
BYTE* mov_ebx_xx(BYTE* lpCurAddress, DWORD ebx);
BYTE* mov_ecx_xx(BYTE* lpCurAddress, DWORD ecx);
BYTE* mov_edx_xx(BYTE* lpCurAddress, DWORD edx);
BYTE* mov_esi_xx(BYTE* lpCurAddress, DWORD esi);
BYTE* mov_edi_xx(BYTE* lpCurAddress, DWORD edi);
BYTE* mov_ebp_xx(BYTE* lpCurAddress, DWORD ebp);
BYTE* mov_esp_xx(BYTE* lpCurAddress, DWORD esp);
BYTE* push_xx(BYTE* lpCurAddress, DWORD dwAddress);
BYTE* mov_eip_xx(BYTE* lpCurAddress, DWORD eip, DWORD newEip);
BYTE* Call_xx(BYTE* lpCurAddress, DWORD eip, DWORD newEip);
/////////////////////////////////////////////////////////////////////////////
PROCESS_INFORMATION ProcessInformation;
STARTUPINFO StartupInfo;
void LaunchMod(LPCSTR lpPath, LPSTR lpParams)
{
char szGtaExe[256];
char szSampDll[256];
sprintf(szGtaExe,"%s\\%s",lpPath,"gta_sa.exe");
sprintf(szSampDll,"%s\\%s",lpPath,"samp.dll");
ZeroMemory(&StartupInfo, sizeof(StartupInfo));
StartupInfo.cb = sizeof(StartupInfo);
ZeroMemory(&ProcessInformation, sizeof(ProcessInformation));
if (!CreateProcessWithDllA(szGtaExe,
lpParams,
NULL,
NULL,
FALSE,
CREATE_DEFAULT_ERROR_MODE,
NULL,
lpPath,
&StartupInfo,
&ProcessInformation,
szSampDll,
NULL))
{
MessageBoxA(NULL, "Initialization failed.\r\nPlease reinstall.", "SA:MP", MB_OK | MB_ICONERROR | MB_HELP);
}
}
Create VC2003 project file for launch3
2023-10-20 06:40:57 +08:00
/////////////////////////////////////////////////////////////////////////////
// CLaunch3Dlg dialog
CLaunch3Dlg::CLaunch3Dlg(CWnd* pParent /*=NULL*/)
: CDialog(CLaunch3Dlg::IDD, pParent)
{
//{{AFX_DATA_INIT(CLaunch3Dlg)
// NOTE: the ClassWizard will add member initialization here
//}}AFX_DATA_INIT
// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}
void CLaunch3Dlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CLaunch3Dlg)
// NOTE: the ClassWizard will add DDX and DDV calls here
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CLaunch3Dlg, CDialog)
//{{AFX_MSG_MAP(CLaunch3Dlg)
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
[launch3] Change main dialog form
2023-10-22 17:19:24 +08:00
ON_EN_CHANGE(IDC_NICK, OnChangeNick)
ON_BN_CLICKED(IDC_LAUNCH, OnLaunch)
ON_BN_CLICKED(IDC_BUTTON2, OnButton2)
ON_BN_CLICKED(IDC_BUTTON1, OnButton1)
Create VC2003 project file for launch3
2023-10-20 06:40:57 +08:00
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
[launch3] Implement DLL inject functions
2023-10-24 23:58:07 +08:00
/////////////////////////////////////////////////////////////////////////////
CString GetAppPath ()
{
TCHAR app_path[_MAX_PATH];
GetModuleFileName((HMODULE)AfxGetApp()->m_hInstance, app_path, MAX_PATH);
CString app_str = app_path;
app_str = app_str.Left(app_str.ReverseFind('\\')+1);
return app_str;
}
Create VC2003 project file for launch3
2023-10-20 06:40:57 +08:00
/////////////////////////////////////////////////////////////////////////////
// CLaunch3Dlg message handlers
BOOL CLaunch3Dlg::OnInitDialog()
{
CDialog::OnInitDialog();
// Set the icon for this dialog. The framework does this automatically
// when the application's main window is not a dialog
SetIcon(m_hIcon, TRUE); // Set big icon
SetIcon(m_hIcon, FALSE); // Set small icon
// TODO: Add extra initialization here
return TRUE; // return TRUE unless you set the focus to a control
}
// If you add a minimize button to your dialog, you will need the code below
// to draw the icon. For MFC applications using the document/view model,
// this is automatically done for you by the framework.
void CLaunch3Dlg::OnPaint()
{
if (IsIconic())
{
CPaintDC dc(this); // device context for painting
SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);
// Center icon in client rectangle
int cxIcon = GetSystemMetrics(SM_CXICON);
int cyIcon = GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(&rect);
int x = (rect.Width() - cxIcon + 1) / 2;
int y = (rect.Height() - cyIcon + 1) / 2;
// Draw the icon
dc.DrawIcon(x, y, m_hIcon);
}
else
{
CDialog::OnPaint();
}
}
// The system calls this to obtain the cursor to display while the user drags
// the minimized window.
HCURSOR CLaunch3Dlg::OnQueryDragIcon()
{
return (HCURSOR) m_hIcon;
}
[launch3] Change main dialog form
2023-10-22 17:19:24 +08:00
void CLaunch3Dlg::OnChangeNick()
{
// TODO: If this is a RICHEDIT control, the control will not
// send this notification unless you override the CDialog::OnInitDialog()
// function and call CRichEditCtrl().SetEventMask()
// with the ENM_CHANGE flag ORed into the mask.
// TODO: Add your control notification handler code here
}
void CLaunch3Dlg::OnLaunch()
{
[launch3] Implement DLL inject functions
2023-10-24 23:58:07 +08:00
LaunchMod(GetAppPath(), "-d");
[launch3] Change main dialog form
2023-10-22 17:19:24 +08:00
}
void CLaunch3Dlg::OnButton2()
{
[launch3] Implement DLL inject functions
2023-10-24 23:58:07 +08:00
this->OnCancel();
[launch3] Change main dialog form
2023-10-22 17:19:24 +08:00
}
void CLaunch3Dlg::OnButton1()
{
[launch3] Implement DLL inject functions
2023-10-24 23:58:07 +08:00
LaunchMod(GetAppPath(), "-c -h 127.0.0.1 -p 7777 -n Player");
}
DWORD GetFuncAddress()
{
return (DWORD)GetProcAddress(GetModuleHandleA("Kernel32"), "LoadLibraryA");
}
BOOL WINAPI CreateProcessWithDllA(LPCSTR lpApplicationName,
LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation,
LPSTR lpDllFullPath,
Proc_CreateProcessA FuncAddress)
{
BOOL bResult = FALSE;
size_t uCodeSize;
DWORD dwCreaFlags = dwCreationFlags;
PROCESS_INFORMATION pi;
if (FuncAddress == NULL)
{
FuncAddress = CreateProcessA;
}
dwCreaFlags = dwCreationFlags | CREATE_SUSPENDED;
if (FuncAddress(lpApplicationName,
lpCommandLine,
lpProcessAttributes,
lpThreadAttributes,
bInheritHandles,
dwCreaFlags,
lpEnvironment,
lpCurrentDirectory,
lpStartupInfo,
&pi))
{
if (lpDllFullPath)
uCodeSize = strlen(lpDllFullPath) + 1;
else
uCodeSize = 0;
DWORD dwLoadDllProc = GetFuncAddress();
if (SuspendTidAndInjectCode(pi.hProcess, pi.hThread, dwLoadDllProc, (BYTE*)lpDllFullPath, uCodeSize))
{
if (lpProcessInformation)
memcpy(lpProcessInformation, &pi, sizeof(PROCESS_INFORMATION));
if (!(dwCreationFlags & CREATE_SUSPENDED))
ResumeThread(pi.hThread);
bResult = TRUE;
}
}
return bResult;
}
BOOL SuspendTidAndInjectCode(HANDLE hProcess, HANDLE hThread, DWORD dwFuncAddress, const BYTE * lpShellCode, size_t uCodeSize)
{
BYTE ShellCodeBuf[0x480];
CONTEXT Context;
DWORD flOldProtect = 0;
SIZE_T NumberOfBytesWritten = 0;
LPBYTE lpCurESPAddress;
LPBYTE lpCurBufAddress;
BOOL bResult = FALSE;
SuspendThread(hThread);
memset(&Context,0,sizeof(Context));
Context.ContextFlags = CONTEXT_FULL;
if (GetThreadContext(hThread, &Context))
{
lpCurESPAddress = (LPBYTE)((Context.Esp - 0x480) & 0xFFFFFFE0);
lpCurBufAddress = &ShellCodeBuf[0];
if (lpShellCode)
{
memcpy(ShellCodeBuf + 128, lpShellCode, uCodeSize);
lpCurBufAddress = push_xx(lpCurBufAddress, (DWORD)(lpCurESPAddress + 128));
lpCurBufAddress = Call_xx(lpCurBufAddress, dwFuncAddress, (DWORD)lpCurESPAddress + (DWORD)lpCurBufAddress - (DWORD)&ShellCodeBuf);
}
lpCurBufAddress = mov_eax_xx(lpCurBufAddress, Context.Eax);
lpCurBufAddress = mov_ebx_xx(lpCurBufAddress, Context.Ebx);
lpCurBufAddress = mov_ecx_xx(lpCurBufAddress, Context.Ecx);
lpCurBufAddress = mov_edx_xx(lpCurBufAddress, Context.Edx);
lpCurBufAddress = mov_esi_xx(lpCurBufAddress, Context.Esi);
lpCurBufAddress = mov_edi_xx(lpCurBufAddress, Context.Edi);
lpCurBufAddress = mov_ebp_xx(lpCurBufAddress, Context.Ebp);
lpCurBufAddress = mov_esp_xx(lpCurBufAddress, Context.Esp);
lpCurBufAddress = mov_eip_xx(lpCurBufAddress, Context.Eip, (DWORD)lpCurESPAddress + (DWORD)lpCurBufAddress - (DWORD)&ShellCodeBuf);
Context.Esp = (DWORD)(lpCurESPAddress - 4);
Context.Eip = (DWORD)lpCurESPAddress;
if (VirtualProtectEx(hProcess, lpCurESPAddress, 0x480, PAGE_EXECUTE_READWRITE, &flOldProtect)
&& WriteProcessMemory(hProcess, lpCurESPAddress, &ShellCodeBuf, 0x480, &NumberOfBytesWritten)
&& FlushInstructionCache(hProcess, lpCurESPAddress, 0x480)
&& SetThreadContext(hThread, &Context) )
{
bResult = TRUE;
}
}
ResumeThread(hThread);
return bResult;
}
BYTE* mov_eax_xx(BYTE* lpCurAddress, DWORD eax)
{
*lpCurAddress = 0xB8;
*(DWORD*)(lpCurAddress + 1) = eax;
return lpCurAddress + 5;
[launch3] Change main dialog form
2023-10-22 17:19:24 +08:00
}
[launch3] Implement DLL inject functions
2023-10-24 23:58:07 +08:00
BYTE* mov_ebx_xx(BYTE* lpCurAddress, DWORD ebx)
{
*lpCurAddress = 0xBB;
*(DWORD*)(lpCurAddress + 1) = ebx;
return lpCurAddress + 5;
}
BYTE* mov_ecx_xx(BYTE* lpCurAddress, DWORD ecx)
{
*lpCurAddress = 0xB9;
*(DWORD*)(lpCurAddress + 1) = ecx;
return lpCurAddress + 5;
}
BYTE* mov_edx_xx(BYTE* lpCurAddress, DWORD edx)
{
*lpCurAddress = 0xBA;
*(DWORD*)(lpCurAddress + 1) = edx;
return lpCurAddress + 5;
}
BYTE* mov_esi_xx(BYTE* lpCurAddress, DWORD esi)
{
*lpCurAddress = 0xBE;
*(DWORD*)(lpCurAddress + 1) = esi;
return lpCurAddress + 5;
}
BYTE* mov_edi_xx(BYTE* lpCurAddress, DWORD edi)
{
*lpCurAddress = 0xBF;
*(DWORD*)(lpCurAddress + 1) = edi;
return lpCurAddress + 5;
}
BYTE* mov_ebp_xx(BYTE* lpCurAddress, DWORD ebp)
{
*lpCurAddress = 0xBD;
*(DWORD*)(lpCurAddress + 1) = ebp;
return lpCurAddress + 5;
}
BYTE* mov_esp_xx(BYTE* lpCurAddress, DWORD esp)
{
*lpCurAddress = 0xBC;
*(DWORD*)(lpCurAddress + 1) = esp;
return lpCurAddress + 5;
}
BYTE* push_xx(BYTE* lpCurAddress, DWORD dwAddress)
{
*lpCurAddress = 0x68;
*(DWORD*)(lpCurAddress + 1) = dwAddress;
return lpCurAddress + 5;
}
BYTE* mov_eip_xx(BYTE* lpCurAddress, DWORD eip, DWORD newEip)
{
if (!newEip)
{
newEip = (DWORD)lpCurAddress;
}
*lpCurAddress = 0xE9;
*(DWORD*)(lpCurAddress + 1) = eip - (newEip + 5);
return lpCurAddress + 5;
}
BYTE* Call_xx(BYTE* lpCurAddress, DWORD eip, DWORD newEip)
{
if (!newEip)
{
newEip = (DWORD)lpCurAddress;
}
*lpCurAddress = 0xE8;
*(DWORD*)(lpCurAddress + 1) = eip - (newEip + 5);
return lpCurAddress + 5;
}
Reference in New Issue Copy Permalink