Skip to content

Commit fdb89bc

Browse files
dest4590dest4590
committed
fixed skeet injection
1 parent 9f2d7e8 commit fdb89bc

1 file changed

Lines changed: 31 additions & 2 deletions

File tree

main.cpp

Lines changed: 31 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -233,7 +233,30 @@ namespace MemoryUtils {
233233
}
234234
}
235235

236+
LPVOID ntOpenFile = GetProcAddress(LoadLibraryW(L"ntdll"), "NtOpenFile"); // https://github.com/v3ctra/load-lib-injector
237+
236238
namespace Injection {
239+
void bypass(HANDLE hProcess) // https://github.com/v3ctra/load-lib-injector
240+
{
241+
// Restore original NtOpenFile from external process
242+
//credits: Daniel Krupiñski(pozdro dla ciebie byczku <3)
243+
if (ntOpenFile) {
244+
char originalBytes[5];
245+
memcpy(originalBytes, ntOpenFile, 5);
246+
WriteProcessMemory(hProcess, ntOpenFile, originalBytes, 5, NULL);
247+
}
248+
}
249+
250+
void backup(HANDLE hProcess) // https://github.com/v3ctra/load-lib-injector
251+
{
252+
if (ntOpenFile) {
253+
//So, when I patching first 5 bytes I need to backup them to 0? (I think)
254+
char originalBytes[5];
255+
memcpy(originalBytes, ntOpenFile, 5);
256+
WriteProcessMemory(hProcess, ntOpenFile, originalBytes, 0, NULL);
257+
}
258+
}
259+
237260
bool InjectDll(const std::string& path, HANDLE hProcess) {
238261
std::filesystem::path dllPath = std::filesystem::absolute(path);
239262
std::string absoluteDllPath = dllPath.string();
@@ -258,6 +281,8 @@ namespace Injection {
258281
std::cout << "Performing skeet-specific injection..." << std::endl;
259282
Helper::SetConsoleColor(FOREGROUND_WHITE);
260283

284+
bypass(hProcess);
285+
261286
VirtualAllocEx(hProcess, (LPVOID)0x43310000, 0x2FC000u, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); // for skeet
262287
VirtualAllocEx(hProcess, 0, 0x1000u, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); // for skeet
263288

@@ -279,6 +304,7 @@ namespace Injection {
279304
VirtualFreeEx(hProcess, lpPathAddress, 0, MEM_RELEASE);
280305
return false;
281306
}
307+
282308
std::cout << "[+] DLL path written successfully." << std::endl;
283309

284310
HMODULE hKernel32 = GetModuleHandleA("kernel32.dll");
@@ -330,6 +356,7 @@ namespace Injection {
330356
Helper::SetConsoleColor(FOREGROUND_WHITE);
331357

332358
CloseHandle(hThread);
359+
backup(hProcess);
333360
std::cout << "[+] Injection completed (skeet)." << std::endl;
334361
return true;
335362
}
@@ -821,8 +848,10 @@ int main(int argc, char* argv[]) {
821848
std::wcout << L"Process found: " << targetProcessName << std::endl;
822849
Helper::SetConsoleColor(FOREGROUND_WHITE);
823850

851+
std::string dllFileName = Helper::GetFileNameFromPath(dllPath);
852+
824853
bool disableBypass = injectedIntoSteam;
825-
if (isSupportedGame)
854+
if (isSupportedGame && dllFileName != "skeet.dll")
826855
{
827856
if (!GameSpecific::ApplyHookBypass(targetProcessName, disableBypass))
828857
{
@@ -841,7 +870,7 @@ int main(int argc, char* argv[]) {
841870
return 1;
842871
}
843872

844-
if (isSupportedGame && !disableBypass)
873+
if ((isSupportedGame && !disableBypass) && dllFileName != "skeet.dll")
845874
{
846875
GameSpecific::RestoreHookBypass(targetProcessName);
847876
}

0 commit comments

Comments
 (0)