-
Notifications
You must be signed in to change notification settings - Fork 14
/
Driver.h
167 lines (129 loc) · 4.03 KB
/
Driver.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
typedef struct _MEMORY_STRUCT
{
BYTE type;
LONG usermode_pid;
LONG target_pid;
ULONG64 base_address;
void* address;
LONG size;
void* output;
} MEMORY_STRUCT, * PMEMORY_STRUCT;
template<typename ... A>
uint64_t call_driver_control(void* control_function, const A ... arguments)
{
if (!control_function)
return 0;
using tFunction = uint64_t(__stdcall*)(A...);
const auto control = static_cast<tFunction>(control_function);
return control(arguments ...);
}
void* kernel_control_function()
{
HMODULE hModule = LoadLibrary((L"win32u.dll"));
if (!hModule)
return nullptr;
void* func = reinterpret_cast<void*>(GetProcAddress(hModule, ("NtDxgkGetTrackedWorkloadStatistics")));
return func;
}
void* m_driver_control;
DWORD64 m_pid;
DWORD64 usermode_pid;
DWORD64 m_base;
DWORD64 m_unityplayer;
DWORD64 m_gameassembly;
DWORD64 GetBaseAddress()
{
Protect(_ReturnAddress());
MEMORY_STRUCT memory_struct = { 0 };
memory_struct.type = 11;
memory_struct.usermode_pid = m_pid;
int result = call_driver_control(m_driver_control, &memory_struct);
Unprotect(_ReturnAddress());
return result == 0 ? memory_struct.base_address : 0;
}
static ULONG64 UnityPlayer(const char* moduleName)
{
Protect(_ReturnAddress());
MEMORY_STRUCT memory_struct = { 0 };
memory_struct.type = 14;
memory_struct.usermode_pid = m_pid;
int result = call_driver_control(m_driver_control, &memory_struct);
Unprotect(_ReturnAddress());
return result == 0 ? memory_struct.base_address : 0;
}
static ULONG64 GameAssembly(const char* moduleName)
{
Protect(_ReturnAddress());
MEMORY_STRUCT memory_struct = { 0 };
memory_struct.type = 15;
memory_struct.usermode_pid = m_pid;
int result = call_driver_control(m_driver_control, &memory_struct);
Unprotect(_ReturnAddress());
return result == 0 ? memory_struct.base_address : 0;
}
template <typename T>
T read(uintptr_t address)
{
Protect(_ReturnAddress());
T buffer{ };
MEMORY_STRUCT memory_struct = { 0 };
memory_struct.type = 3;
memory_struct.usermode_pid = usermode_pid;
memory_struct.target_pid = m_pid;
memory_struct.address = reinterpret_cast<void*>(address);
memory_struct.output = &buffer;
memory_struct.size = sizeof(T);
int result = call_driver_control(m_driver_control, &memory_struct);
Unprotect(_ReturnAddress());
return buffer;
}
template<typename T>
bool write(uint64_t address, T buffer)
{
Protect(_ReturnAddress());
MEMORY_STRUCT memory_struct = { 0 };
memory_struct.type = 7;
memory_struct.usermode_pid = usermode_pid;
memory_struct.target_pid = m_pid;
memory_struct.address = reinterpret_cast<void*>(address);
memory_struct.size = sizeof(T);
memory_struct.output = &buffer;
int result = call_driver_control(m_driver_control, &memory_struct);
if (result != 0)
return false;
Unprotect(_ReturnAddress());
return true;
}
bool readwtf(uintptr_t Address, void* Buffer, SIZE_T Size)
{
Protect(_ReturnAddress());
MEMORY_STRUCT memory_struct = { 0 };
memory_struct.type = 3;
memory_struct.usermode_pid = usermode_pid;
memory_struct.target_pid = m_pid;
memory_struct.address = reinterpret_cast<void*>(Address);
memory_struct.output = Buffer;
memory_struct.size = Size;
int result = call_driver_control(m_driver_control, &memory_struct);
Unprotect(_ReturnAddress());
return true;
}
std::string read_ascii(const std::uintptr_t address, std::size_t size)
{
std::unique_ptr<char[]> buffer(new char[size]);
readwtf(address, buffer.get(), size);
return std::string(buffer.get());
}
std::wstring read_unicode(const std::uintptr_t address, std::size_t size)
{
const auto buffer = std::make_unique<wchar_t[]>(size);
readwtf(address, buffer.get(), size * 2);
return std::wstring(buffer.get());
}
uint64_t ReadChain(uint64_t base, const std::vector<uint64_t>& offsets) {
uint64_t result = read<uint64_t>(base + offsets.at(0));
for (int i = 1; i < offsets.size(); i++) {
result = read<uint64_t>(result + offsets.at(i));
}
return result;
}