mirror of
https://github.com/Ragora/T2-CPP.git
synced 2026-02-13 03:33:38 +00:00
Merge branch 'master' of https://github.com/Ragora/T2-CPP
This commit is contained in:
Robert MacGregor
commit
758d4243bd
2 changed files with 118 additions and 19 deletions
|
|
@ -4,9 +4,10 @@
|
|||
#include <time.h>
|
||||
#include <stdio.h>
|
||||
#include <conio.h>
|
||||
|
||||
#include <LinkerAPI.h>
|
||||
|
||||
// #define LONGHAMBURGERROUTINE
|
||||
|
||||
BOOL APIENTRY DllMain( HMODULE hModule,
|
||||
DWORD ul_reason_for_call,
|
||||
LPVOID lpReserved
|
||||
|
|
@ -25,11 +26,49 @@ BOOL APIENTRY DllMain( HMODULE hModule,
|
|||
|
||||
static bool sDogPetted = false;
|
||||
static DWORD mainthreadid=0;
|
||||
static bool evaldone=1;
|
||||
void overrideputhex(unsigned char hex) {
|
||||
char hexstr[40]="";
|
||||
char outchar=' ';
|
||||
int counter=0;
|
||||
sprintf (hexstr,"%02X",hex);
|
||||
while (hexstr[counter] != 0x0) {
|
||||
_putch(hexstr[counter]);
|
||||
counter++;
|
||||
}
|
||||
}
|
||||
void overridegets(char * string) {
|
||||
int counter=0;
|
||||
char outstr[3]="";
|
||||
while (1) {
|
||||
if (_kbhit()) {
|
||||
string[counter]=_getch();
|
||||
_putch(string[counter]);
|
||||
if (string[counter]=='\n' || string[counter]=='\r') {
|
||||
string[counter]=0x0;
|
||||
break;
|
||||
} else {
|
||||
counter++;
|
||||
}
|
||||
} else {
|
||||
Sleep(4);
|
||||
}
|
||||
}
|
||||
}
|
||||
DWORD WINAPI WatchDogEvalThread(LPVOID lpParam)
|
||||
{
|
||||
Con::evaluate((char *) lpParam,true,0,0);
|
||||
Con::printf ("Finished executing\n");
|
||||
evaldone=1;
|
||||
return 0;
|
||||
}
|
||||
DWORD WINAPI WatchDogThread(LPVOID lpParam)
|
||||
{
|
||||
time_t lastPet = time(0);
|
||||
CONTEXT hamburger;
|
||||
HANDLE mainThread = OpenThread(THREAD_ALL_ACCESS,false,mainthreadid);
|
||||
char inputchar=0;
|
||||
char evalcode[5000]="";
|
||||
while (true)
|
||||
{
|
||||
time_t now = time(0);
|
||||
|
|
@ -50,13 +89,57 @@ DWORD WINAPI WatchDogThread(LPVOID lpParam)
|
|||
fprintf (wlog,"EIP: %08X EAX: %08X EBX: %08X ECX: %08X \nEDX: %08X ESI: %08X EDI: %08X\nEBP:%08X ESP:%08X\n", hamburger.Eip, hamburger.Eax, hamburger.Ebx, hamburger.Ecx, hamburger.Edx, hamburger.Esi, hamburger.Edi, hamburger.Ebp, hamburger.Esp);
|
||||
fclose (wlog);
|
||||
Con::printf ("EIP: %08X EAX: %08X EBX: %08X ECX: %08X \nEDX: %08X ESI: %08X EDI: %08X\nEBP:%08X ESP:%08X\n", hamburger.Eip, hamburger.Eax, hamburger.Ebx, hamburger.Ecx, hamburger.Edx, hamburger.Esi, hamburger.Edi, hamburger.Ebp, hamburger.Esp);
|
||||
Con::printf ("Please press enter to try to continue\n or wait for 30 more seconds to kill T2 and write log\n");
|
||||
Sleep(30000);
|
||||
if (_kbhit()) {
|
||||
sDogPetted=true;
|
||||
_getch(); // make sure to clean the keyboard buffer
|
||||
ResumeThread(mainThread);
|
||||
} else {
|
||||
Con::printf ("Please press enter to try to continue, press e to get a torquescript shell, press d to get a hexdump of the last bit of torquescript bytecode to search for in DSO files, or wait for 30 more seconds to kill T2 and write log\n");
|
||||
#ifdef LONGHAMBURGERROUTINE
|
||||
for (int secondcounter=0;secondcounter<120;secondcounter++) {
|
||||
#else
|
||||
for (int secondcounter=0;secondcounter<8;secondcounter++) {
|
||||
#endif
|
||||
Sleep(250);
|
||||
if (_kbhit()) {
|
||||
sDogPetted=true;
|
||||
inputchar=_getch(); // make sure to clean the keyboard buffer
|
||||
if (inputchar=='e') {
|
||||
Con::printf ("Torque script shell activated enter the code to evaluate on the next line to exit, just type exitshell and press enter\n");
|
||||
while (true) {
|
||||
overridegets(evalcode);
|
||||
if (strcmp(evalcode,"exitshell")==0) {
|
||||
break;
|
||||
}
|
||||
DWORD threadID=0;
|
||||
evaldone=0;
|
||||
HANDLE thread = CreateThread(NULL, 0, WatchDogEvalThread, evalcode, 0, &threadID);
|
||||
while (!evaldone) {
|
||||
Sleep(256);
|
||||
}
|
||||
CloseHandle(thread);
|
||||
}
|
||||
|
||||
} else if (inputchar=='d') {
|
||||
DWORD codeOffset=*(DWORD *)(0xa3b714);
|
||||
DWORD codeBase=*(DWORD *)(0xa3b710);
|
||||
if (codeBase!=0) {
|
||||
unsigned char *basecodeptr=(unsigned char *)((codeBase+(codeOffset*4)));
|
||||
Con::printf ("CodeOffset: %08X CodeAddr: %08X (Codeoffset-128 to CodeOffset+512 is on the next line)\n",codeOffset, (codeBase+(codeOffset*4)));
|
||||
|
||||
|
||||
for (int codeOffsetCounter=-128; codeOffsetCounter<512; codeOffsetCounter++) {
|
||||
overrideputhex(*(basecodeptr+codeOffsetCounter));
|
||||
_putch(' ');
|
||||
}
|
||||
_putch('\n');
|
||||
_putch('\r');
|
||||
Con::printf("Search for those hex bytes in a binary search utility to find the DSO file with the last executed opcodes\n");
|
||||
} else {
|
||||
Con::printf ("you forgot to run this command: memPatch(\"42CED1\",getInterAddr());\n");
|
||||
}
|
||||
}
|
||||
ResumeThread(mainThread);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (!sDogPetted) {
|
||||
CloseHandle(mainThread);
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -74,6 +157,10 @@ extern "C"
|
|||
{
|
||||
__declspec(dllexport) void ModInitialize(void)
|
||||
{
|
||||
DWORD *codeOffset=(DWORD *)(0xa3b714);
|
||||
DWORD *codeBase=(DWORD *)(0xa3b710);
|
||||
*codeOffset=0x0;
|
||||
*codeBase=0x0;
|
||||
mainthreadid = GetThreadId(GetCurrentThread());
|
||||
SECURITY_DESCRIPTOR secDescVar;
|
||||
DWORD threadID;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue