/// <summary>
/// Calls the Reveal All function in csgo
/// </summary>
/// <returns>If it succeeded or not</returns>
private unsafe bool unsafe_RevealAll()
{
try {
//If address for the reveal function was not found return
if (offsets.GetReavealRank() == IntPtr.Zero) //REVEAL ALL FUNC -> client.dll, "55 8B EC 8B 0D ? ? ? ? 68"
{
return(false);
}
IntPtr processHandle = Win32.OpenProcess((int)Win32.PROCESS_VM.ALL, false, process.Id); //Get a handle for writing, probably an other handle is more adequate
float[] param = new float[] { 0, 0, 0 }; //Empty float* as parameter
byte[] asm_stub = //<- Revealrank - https://www.unknowncheats.me/forum/1542524-post20.html
{
0x68, 0x00, 0x00, 0x00, 0x00, // push float* (Index 1)
0x55, 0x89, 0xE5, // cdecl call frame
0xB8, 0x00, 0x00, 0x00, 0x00, // mov eax,0x00000000 (Index 9)
0xFF, 0xD0, // call eax
0x83, 0xC4, 0x4, // clear stack
0x5D, // reset call frame
0xC3 // return
};
//Allocate space in the target process (12 bytes)
IntPtr paramSpace = Win32.VirtualAllocEx(processHandle, IntPtr.Zero, 0x0C, 0x1000, 0x40);
if (paramSpace == IntPtr.Zero) //Checkz
{
return(false);
//Write the float array to the address
fixed(float *pParam = param)
{
if (!Win32.WriteProcessMemory(processHandle, paramSpace, (IntPtr)pParam, param.Length, IntPtr.Zero))
{
return(false);
}
}
byte[] bytes = BitConverter.GetBytes(paramSpace.ToInt32()); //well.. Convert...
bytes.CopyTo(asm_stub, 1); //Update the stub with the float array address in the targets address space
bytes = BitConverter.GetBytes(offsets.GetReavealRank().ToInt32()); //well.. Convert...
bytes.CopyTo(asm_stub, 9); //Update the stub with the revealAll address in the targets address space
//Allocate space in the target process (20 bytes)
IntPtr asmSpace = Win32.VirtualAllocEx(processHandle, IntPtr.Zero, 0x14, 0x1000, 0x40);
if (asmSpace == IntPtr.Zero) //Checkz
{
return(false);
//Write the shellcode to the address
fixed(byte *pShellcode = asm_stub)
{
if (!Win32.WriteProcessMemory(processHandle, asmSpace, (IntPtr)pShellcode, asm_stub.Length, IntPtr.Zero))
{
return(false);
}
}
IntPtr hTr = IntPtr.Zero;
if (Win32.RtlCreateUserThread(processHandle, IntPtr.Zero, false, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, asmSpace, IntPtr.Zero, ref hTr, IntPtr.Zero) != 0) //If the creation was no success
//Release the allocated memory, of course!
{
Win32.VirtualFreeEx(processHandle, asmSpace, 0x14, 0x8000 /*AllocationType.Release*/);
Win32.VirtualFreeEx(processHandle, paramSpace, 0x0C, 0x8000 /*AllocationType.Release*/);
Win32.CloseHandle(processHandle);
return(false);
}
Win32.WaitForSingleObject(hTr, 0xFFFFFFFF); //Wait for it to complete
Win32.CloseHandle(hTr); //Close the handle of course
//Free the space in the target process!
Win32.VirtualFreeEx(processHandle, asmSpace, 0x14, 0x8000 /*AllocationType.Release*/);
Win32.VirtualFreeEx(processHandle, paramSpace, 0x0C, 0x8000 /*AllocationType.Release*/);
Win32.CloseHandle(processHandle);
return(true);
} catch (Exception) {
return(false);
}
}