memory handling using kernel driver

ByteCorum · Sep 13, 2024 · 7de90fc · 7de90fc
1 parent 5e377ec
commit 7de90fc
Show file tree

Hide file tree

Showing 23 changed files with 383 additions and 389 deletions.
diff --git a/.gitignore b/.gitignore
@@ -402,6 +402,7 @@ FodyWeavers.xsd
 
 # JetBrains Rider
 *.sln.iml
+ProcessManager.txt
 DragonBurn/imgui.ini
 DragonBurn/settings.yml
 DragonBurn/prefs.ini

diff --git a/DragonBurn/Core/Cheats.cpp b/DragonBurn/Core/Cheats.cpp
@@ -37,7 +37,7 @@ void Cheats::Run()
 		return;
 
 	// Update matrix
-	if(!ProcessMgr.ReadMemory(gGame.GetMatrixAddress(), gGame.View.Matrix,64))
+	if(!memoryManager.ReadMemory(gGame.GetMatrixAddress(), gGame.View.Matrix,64))
 		return;
 
 	// Update EntityList Entry
@@ -46,9 +46,9 @@ void Cheats::Run()
 	DWORD64 LocalControllerAddress = 0;
 	DWORD64 LocalPawnAddress = 0;
 
-	if (!ProcessMgr.ReadMemory(gGame.GetLocalControllerAddress(), LocalControllerAddress))
+	if (!memoryManager.ReadMemory(gGame.GetLocalControllerAddress(), LocalControllerAddress))
 		return;
-	if (!ProcessMgr.ReadMemory(gGame.GetLocalPawnAddress(), LocalPawnAddress))
+	if (!memoryManager.ReadMemory(gGame.GetLocalPawnAddress(), LocalPawnAddress))
 		return;
 
 	// LocalEntity
@@ -79,7 +79,7 @@ void Cheats::Run()
 	{
 		CEntity Entity;
 		DWORD64 EntityAddress = 0;
-		if (!ProcessMgr.ReadMemory<DWORD64>(gGame.GetEntityListEntry() + (i + 1) * 0x78, EntityAddress))
+		if (!memoryManager.ReadMemory<DWORD64>(gGame.GetEntityListEntry() + (i + 1) * 0x78, EntityAddress))
 			continue;
 		if (EntityAddress == LocalEntity.Controller.Address)
 		{
@@ -167,7 +167,7 @@ void Cheats::Run()
 				{
 					bool HasHelmet;
 					ImVec2 ArmorBarPos;
-					ProcessMgr.ReadMemory(Entity.Controller.Address + Offset.PlayerController.HasHelmet, HasHelmet);
+					memoryManager.ReadMemory(Entity.Controller.Address + Offset.PlayerController.HasHelmet, HasHelmet);
 					if (ESPConfig::ShowHealthBar)
 						ArmorBarPos = { Rect.x - 10.f,Rect.y };
 					else
@@ -321,7 +321,7 @@ void RenderCrosshair(ImDrawList* drawList, const CEntity& LocalEntity)
 	//	return;
 
 	bool isScoped;
-	ProcessMgr.ReadMemory<bool>(LocalEntity.Pawn.Address + Offset.Pawn.isScoped, isScoped);
+	memoryManager.ReadMemory<bool>(LocalEntity.Pawn.Address + Offset.Pawn.isScoped, isScoped);
 
 	if (!MiscCFG::SniperCrosshair || LocalEntity.Controller.TeamID == 0 || !TriggerBot::CheckScopeWeapon(LocalEntity) || isScoped || MenuConfig::ShowMenu)
 		return;

diff --git a/DragonBurn/Core/GlobalVars.cpp b/DragonBurn/Core/GlobalVars.cpp
@@ -3,7 +3,7 @@
 bool globalvars::UpdateGlobalvars()
 {
 	DWORD64 m_DglobalVars = 0;
-	if (!ProcessMgr.ReadMemory<DWORD64>(gGame.GetGlobalVarsAddress(), m_DglobalVars))
+	if (!memoryManager.ReadMemory<DWORD64>(gGame.GetGlobalVarsAddress(), m_DglobalVars))
 		return false;
 
 	this->address = m_DglobalVars;

diff --git a/DragonBurn/Core/Globals.hpp b/DragonBurn/Core/Globals.hpp
@@ -1,13 +1,14 @@
 #pragma once
 #include <Windows.h>
-#include "ProcessManager.hpp"
+#include "MemoryMgr.h"
+
 template <typename T>
 inline bool GetDataAddressWithOffset(const DWORD64& Address, DWORD Offset, T& Data)
 {
 	if (Address == 0)
 		return false;
 
-	if (!ProcessMgr.ReadMemory<T>(Address + Offset, Data))
+	if (!memoryManager.ReadMemory<T>(Address + Offset, Data))
 		return false;
 
 	return true;

diff --git a/DragonBurn/Core/Init.h b/DragonBurn/Core/Init.h
@@ -91,7 +91,7 @@ namespace Init
 
         static int CheckCS2Version()
         {
-            DWORD pid = ProcessMgr.GetProcessID("cs2.exe");
+            DWORD pid = MemoryMgr::GetProcessID(L"cs2.exe");
             long curVer;
             const std::string cloudVersionUrl = "https://raw.githubusercontent.com/ByteCorum/DragonBurn/data/cs2-version";
             long cloudVersion;

diff --git a/DragonBurn/Core/MemoryMgr.cpp b/DragonBurn/Core/MemoryMgr.cpp
@@ -0,0 +1,181 @@
+#include "MemoryMgr.h"
+
+MemoryMgr::MemoryMgr() 
+{
+	ProcessID = 0;
+	kernelDriver = nullptr;
+}
+
+MemoryMgr::~MemoryMgr() 
+{
+	Detach();
+	DisconnectDriver();
+
+	ProcessID = 0;
+	kernelDriver = nullptr;
+}
+
+bool MemoryMgr::ConnectDriver(const LPCWSTR name)
+{
+	kernelDriver = CreateFile(name, GENERIC_READ, 0, nullptr, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, nullptr);
+	if (kernelDriver == INVALID_HANDLE_VALUE)
+		return false;
+
+	return true;
+}
+
+bool MemoryMgr::DisconnectDriver() 
+{
+	if (kernelDriver != nullptr)
+	{
+		return CloseHandle(kernelDriver);
+	}
+	else
+		return false;
+}
+
+bool MemoryMgr::Attach(const DWORD pid)
+{
+	Request req;
+	req.pid = reinterpret_cast<HANDLE>(pid);
+	ProcessID = pid;
+
+	return DeviceIoControl(kernelDriver, kernelCodes::ATTACH, &req, sizeof(req), &req, sizeof(req), nullptr, nullptr);
+}
+
+bool MemoryMgr::Detach() 
+{
+	if (kernelDriver != nullptr && ProcessID != 0)
+	{
+		Request req;
+		req.pid = reinterpret_cast<HANDLE>(ProcessID);
+		ProcessID = 0;
+
+		return DeviceIoControl(kernelDriver, kernelCodes::DETACH, &req, sizeof(req), &req, sizeof(req), nullptr, nullptr);
+	}
+	else
+		return false;
+}
+
+//template <typename ReadType>
+//bool MemoryMgr::ReadMemory(DWORD64 address, ReadType& value) 
+//{
+//	if (kernelDriver != nullptr && ProcessID != 0)
+//	{
+//		Request req;
+//
+//		req.target = reinterpret_cast<PVOID>(address);
+//		req.buffer = &value;
+//		req.size = sizeof(ReadType);
+//
+//		return DeviceIoControl(kernelDriver, kernelCodes::READ, &req, sizeof(req), &req, sizeof(req), nullptr, nullptr);
+//	}
+//	else
+//		return false;
+//}
+
+//template <typename ReadType>
+//bool MemoryMgr::ReadMemory(DWORD64 address, ReadType& value, int size)
+//{
+//	if (kernelDriver != nullptr && ProcessID != 0)
+//	{
+//		Request req;
+//
+//		req.target = reinterpret_cast<PVOID>(address);
+//		req.buffer = &value;
+//		req.size = size;
+//
+//		return DeviceIoControl(kernelDriver, kernelCodes::READ, &req, sizeof(req), &req, sizeof(req), nullptr, nullptr);
+//	}
+//	else
+//		return false;
+//}
+
+DWORD64 MemoryMgr::TraceAddress(DWORD64 baseAddress, std::vector<DWORD> offsets)
+{
+	if (kernelDriver != nullptr && ProcessID != 0)
+	{
+		DWORD64 address = 0;
+
+		if (offsets.size() == 0)
+			return baseAddress;
+
+		if (!ReadMemory<DWORD64>(baseAddress, address))
+			return 0;
+
+		for (int i = 0; i < offsets.size() - 1; i++)
+		{
+			if (!ReadMemory<DWORD64>(address + offsets[i], address))
+				return 0;
+		}
+		return address == 0 ? 0 : address + offsets[offsets.size() - 1];
+	}
+	else
+		return 0;
+}
+
+DWORD MemoryMgr::GetProcessID(const wchar_t* processName) 
+{
+	DWORD processId = 0;
+	HANDLE snapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
+
+	if (snapShot == INVALID_HANDLE_VALUE)
+		return processId;
+
+	PROCESSENTRY32W entry = {};
+	entry.dwSize = sizeof(decltype(entry));
+
+	if (Process32FirstW(snapShot, &entry) == TRUE) // Check if the first handle is the one we want
+	{
+		if (_wcsicmp(processName, entry.szExeFile) == 0)
+			processId = entry.th32ProcessID;
+
+		else
+		{
+			while (Process32NextW(snapShot, &entry) == TRUE)
+			{
+				if (_wcsicmp(processName, entry.szExeFile) == 0)
+				{
+					processId = entry.th32ProcessID;
+					break;
+				}
+			}
+		}
+	}
+
+	CloseHandle(snapShot);
+	return processId;
+}
+
+DWORD64 MemoryMgr::GetModuleBase(const DWORD pid, const wchar_t* moduleName) {
+	DWORD64 moduleBase = 0;
+
+	// Snap-shot of process' modules (dlls).
+	HANDLE snapShot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, pid);
+	if (snapShot == INVALID_HANDLE_VALUE)
+		return moduleBase;
+
+	MODULEENTRY32W entry = {};
+	entry.dwSize = sizeof(decltype(entry));
+
+	if (Module32FirstW(snapShot, &entry) == TRUE)
+	{
+		if (wcsstr(moduleName, entry.szModule) != nullptr)
+			moduleBase = reinterpret_cast<DWORD64>(entry.modBaseAddr);
+
+		else
+		{
+			while (Module32NextW(snapShot, &entry) == TRUE)
+			{
+				if (wcsstr(moduleName, entry.szModule) != nullptr)
+				{
+					moduleBase = reinterpret_cast<DWORD64>(entry.modBaseAddr);
+					break;
+				}
+			}
+		}
+	}
+
+	CloseHandle(snapShot);
+	return moduleBase;
+}
diff --git a/DragonBurn/Core/MemoryMgr.h b/DragonBurn/Core/MemoryMgr.h
@@ -0,0 +1,93 @@
+#pragma once
+#include <iostream>
+#include <Windows.h>
+#include <Tlhelp32.h>
+#include <string>
+#include <vector>
+
+namespace kernelCodes
+{
+	inline const ULONG ATTACH = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x4462, METHOD_BUFFERED, FILE_SPECIAL_ACCESS);
+	inline const ULONG READ = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x4472, METHOD_BUFFERED, FILE_SPECIAL_ACCESS);
+	inline const ULONG WRITE = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x4482, METHOD_BUFFERED, FILE_SPECIAL_ACCESS);
+	inline const ULONG DETACH = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x4492, METHOD_BUFFERED, FILE_SPECIAL_ACCESS);
+}
+
+class MemoryMgr
+{
+public:
+	MemoryMgr();
+	~MemoryMgr();
+
+	bool ConnectDriver(const LPCWSTR);
+	bool DisconnectDriver();
+
+	bool Attach(const DWORD);
+	bool Detach();
+
+	template <typename ReadType>
+	bool ReadMemory(DWORD64 address, ReadType& value)
+	{
+		if (kernelDriver != nullptr && ProcessID != 0)
+		{
+			Request req;
+
+			req.target = reinterpret_cast<PVOID>(address);
+			req.buffer = &value;
+			req.size = sizeof(ReadType);
+
+			return DeviceIoControl(kernelDriver, kernelCodes::READ, &req, sizeof(req), &req, sizeof(req), nullptr, nullptr);
+		}
+		else
+			return false;
+	}
+
+	template <typename ReadType>
+	bool ReadMemory(DWORD64 address, ReadType& value, int size)
+	{
+		if (kernelDriver != nullptr && ProcessID != 0)
+		{
+			Request req;
+
+			req.target = reinterpret_cast<PVOID>(address);
+			req.buffer = &value;
+			req.size = size;
+
+			return DeviceIoControl(kernelDriver, kernelCodes::READ, &req, sizeof(req), &req, sizeof(req), nullptr, nullptr);
+		}
+		else
+			return false;
+	}
+
+	DWORD64 TraceAddress(DWORD64, std::vector<DWORD>);
+
+	static DWORD GetProcessID(const wchar_t*);
+	static DWORD64 GetModuleBase(const DWORD, const wchar_t*);
+
+private:
+	DWORD ProcessID;
+	HANDLE kernelDriver;
+
+	struct Request
+	{
+		HANDLE pid;
+
+		PVOID target;
+		PVOID buffer;
+
+		SIZE_T size;
+		SIZE_T rtrn_size;
+	};
+
+	//static struct
+	//{
+	//	static const ULONG ATTACH = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x4462, METHOD_BUFFERED, FILE_SPECIAL_ACCESS);
+	//	static const ULONG READ = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x4472, METHOD_BUFFERED, FILE_SPECIAL_ACCESS);
+	//	static const ULONG WRITE = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x4482, METHOD_BUFFERED, FILE_SPECIAL_ACCESS);
+	//	static const ULONG DETACH = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x4492, METHOD_BUFFERED, FILE_SPECIAL_ACCESS);
+	//}Codes;
+
+};
+
+inline MemoryMgr memoryManager;
+