Skip to content

Commit

Permalink
Resolved False Positive Antivirus Alerts
Browse files Browse the repository at this point in the history
  • Loading branch information
@hotline1337
hotline1337 committed Oct 31, 2023
1 parent 85e1608 commit 260ef5e
Show file tree
Hide file tree
Showing 6 changed files with 359 additions and 259 deletions.
61 changes: 32 additions & 29 deletions R3nzSkin_Injector/Injector.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@

#include "Injector.hpp"
#include "R3nzUI.hpp"
#include "xorstr.hpp"
#include "lazy_importer.hpp"

using namespace System;
Expand All @@ -18,6 +19,8 @@ using namespace System::Threading;
using namespace System::Globalization;
using namespace System::Net;

#define xor_clrstr_w(x) msclr::interop::marshal_as<String^>(static_cast<std::wstring>(_XorStrW(x)))

proclist_t WINAPI Injector::findProcesses(const std::wstring& name) noexcept
{
auto process_snap{ LI_FN(CreateToolhelp32Snapshot)(TH32CS_SNAPPROCESS, 0) };
Expand Down Expand Up @@ -57,7 +60,7 @@ bool WINAPI Injector::isInjected(const std::uint32_t pid) noexcept
for (auto i{ 0u }; i < (cbNeeded / sizeof(HMODULE)); ++i) {
TCHAR szModName[MAX_PATH];
if (LI_FN(K32GetModuleBaseNameW)(hProcess, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR))) {
if (std::wcscmp(szModName, L"R3nzSkin.dll") == 0) {
if (std::wcscmp(szModName, _XorStrW(L"R3nzSkin.dll")) == 0) {
LI_FN(CloseHandle)(hProcess);
return true;
}
Expand Down Expand Up @@ -89,10 +92,10 @@ bool WINAPI Injector::inject(const std::uint32_t pid) noexcept
if (delta > 0)
std::this_thread::sleep_for(std::chrono::seconds(delta));

const auto dll_path{ std::wstring(current_dir) + L"\\R3nzSkin.dll" };
const auto dll_path{ std::wstring(current_dir) + _XorStrW(L"\\R3nzSkin.dll") };

if (const auto f{ std::ifstream(dll_path) }; !f.is_open()) {
LI_FN(MessageBoxW)(nullptr, L"R3nzSkin.dll file could not be found.\nTry reinstalling the cheat.", L"R3nzSkin", MB_ICONERROR | MB_OK);
LI_FN(MessageBoxW)(nullptr, _XorStrW(L"R3nzSkin.dll file could not be found.\nTry reinstalling the cheat."), _XorStrW(L"R3nzSkin"), MB_ICONERROR | MB_OK);
LI_FN(CloseHandle)(handle);
return false;
}
Expand All @@ -111,7 +114,7 @@ bool WINAPI Injector::inject(const std::uint32_t pid) noexcept
}

HANDLE thread{};
LI_FN(NtCreateThreadEx).nt_cached()(&thread, GENERIC_ALL, nullptr, handle, reinterpret_cast<LPTHREAD_START_ROUTINE>(LI_FN(GetProcAddress).get()(LI_FN(GetModuleHandleW).get()(L"kernel32.dll"), "LoadLibraryW")), dll_path_remote, FALSE, NULL, NULL, NULL, NULL);
LI_FN(NtCreateThreadEx).nt_cached()(&thread, GENERIC_ALL, nullptr, handle, reinterpret_cast<LPTHREAD_START_ROUTINE>(LI_FN(GetProcAddress).get()(LI_FN(GetModuleHandleW).get()(_XorStrW(L"kernel32.dll")), _XorStr("LoadLibraryW"))), dll_path_remote, FALSE, NULL, NULL, NULL, nullptr);

if (!thread || thread == INVALID_HANDLE_VALUE) {
LI_FN(VirtualFreeEx).get()(handle, dll_path_remote, 0u, MEM_RELEASE);
Expand All @@ -131,7 +134,7 @@ void WINAPI Injector::enableDebugPrivilege() noexcept
HANDLE token{};
if (OpenProcessToken(LI_FN(GetCurrentProcess).get()(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &token)) {
LUID value;
if (LookupPrivilegeValueW(nullptr, SE_DEBUG_NAME, &value)) {
if (LookupPrivilegeValueW(nullptr, _XorStrW(SE_DEBUG_NAME), &value)) {
TOKEN_PRIVILEGES tp{};
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = value;
Expand All @@ -147,58 +150,58 @@ void Injector::autoUpdate()
auto client = gcnew WebClient();
ServicePointManager::Expect100Continue = true;
ServicePointManager::SecurityProtocol = SecurityProtocolType::Tls12;
client->Headers->Add(L"User-Agent", L"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0");
client->Headers->Add(xor_clrstr_w(L"User-Agent"), xor_clrstr_w(L"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0"));

try
{
auto json = msclr::interop::marshal_as<std::string>(client->DownloadString(L"https://api.github.com/repos/R3nzTheCodeGOD/R3nzSkin/releases/latest"));
std::regex tagnameRegex("\"tag_name\"\\s*:\\s*\"([^\"]+)");
std::regex urlRegex("\"browser_download_url\"\\s*:\\s*\"([^\"]+)");
std::regex dateRegex("\"created_at\"\\s*:\\s*\"([^\"]+)");
auto json = msclr::interop::marshal_as<std::string>(client->DownloadString(xor_clrstr_w(L"https://api.github.com/repos/R3nzTheCodeGOD/R3nzSkin/releases/latest")));
std::regex tagnameRegex(_XorStr("\"tag_name\"\\s*:\\s*\"([^\"]+)"));
std::regex urlRegex(_XorStr("\"browser_download_url\"\\s*:\\s*\"([^\"]+)"));
std::regex dateRegex(_XorStr("\"created_at\"\\s*:\\s*\"([^\"]+)"));

if (std::smatch tagnameMatch; std::regex_search(json, tagnameMatch, tagnameRegex))
{
auto version = gcnew String(tagnameMatch[1].str().c_str());
if (std::smatch dateMatch; std::regex_search(json, dateMatch, dateRegex))
{
if (!System::IO::File::Exists(L"R3nzSkin.dll"))
if (!System::IO::File::Exists(xor_clrstr_w(L"R3nzSkin.dll")))
{
throw gcnew Exception(L"Failed to find R3nzSkin.dll in the current directory");
throw gcnew Exception(xor_clrstr_w(L"Failed to find R3nzSkin.dll in the current directory"));
}
auto date_of_github_release = DateTime::ParseExact(gcnew String(dateMatch[1].str().c_str()), L"yyyy-MM-ddTHH:mm:ssZ", CultureInfo::InvariantCulture).ToString(L"dd.MM.yyyy HH:00");
auto date_of_current_release = System::IO::File::GetLastWriteTime(L"R3nzSkin.dll").ToString(L"dd.MM.yyyy HH:00");
const auto date_of_github_release = DateTime::ParseExact(gcnew String(dateMatch[1].str().c_str()), xor_clrstr_w(L"yyyy-MM-ddTHH:mm:ssZ"), CultureInfo::InvariantCulture).ToString(xor_clrstr_w(L"dd.MM.yyyy HH:00"));
const auto date_of_current_release = System::IO::File::GetLastWriteTime(xor_clrstr_w(L"R3nzSkin.dll")).ToString(xor_clrstr_w(L"dd.MM.yyyy HH:00"));
if (date_of_current_release != date_of_github_release)
{
auto date_of_github_release_class = DateTime::ParseExact(date_of_github_release, L"dd.MM.yyyy HH:00", CultureInfo::InvariantCulture);
auto date_of_current_release_class = DateTime::ParseExact(date_of_current_release, L"dd.MM.yyyy HH:00", CultureInfo::InvariantCulture);
const auto date_of_github_release_class = DateTime::ParseExact(date_of_github_release, xor_clrstr_w(L"dd.MM.yyyy HH:00"), CultureInfo::InvariantCulture);
const auto date_of_current_release_class = DateTime::ParseExact(date_of_current_release, xor_clrstr_w(L"dd.MM.yyyy HH:00"), CultureInfo::InvariantCulture);
if (date_of_current_release_class > date_of_github_release_class)
{
return;
}

auto result = MessageBox::Show(L"New version is available on GitHub\nWould you like to download it now?", L"R3nzSkin", MessageBoxButtons::YesNo, MessageBoxIcon::Information);
const auto result = MessageBox::Show(xor_clrstr_w(L"New version is available on GitHub\nWould you like to download it now?"), xor_clrstr_w(L"R3nzSkin"), MessageBoxButtons::YesNo, MessageBoxIcon::Information);
if (result == DialogResult::Yes)
{
if (std::smatch urlMatch; std::regex_search(json, urlMatch, urlRegex))
{
auto url = gcnew String(urlMatch[1].str().c_str());
auto file = String::Format(L"R3nzSkin_{0}.zip", version);
auto file = String::Format(xor_clrstr_w(L"R3nzSkin_{0}.zip"), version);
client->DownloadFile(url, file);

System::IO::Compression::ZipFile::ExtractToDirectory(file, L"R3nzSkin");
System::IO::Compression::ZipFile::ExtractToDirectory(file, xor_clrstr_w(L"R3nzSkin"));
System::IO::File::Delete(file);
System::IO::File::Delete(L"R3nzSkin.dll");
System::IO::File::Move(L"R3nzSkin\\R3nzSkin_Injector.exe", String::Format(L"R3nzSkin_Injector_{0}.exe", version));
System::IO::File::Move(L"R3nzSkin\\R3nzSkin.dll", L"R3nzSkin.dll");
System::IO::Directory::Delete(L"R3nzSkin");
System::IO::File::Delete(xor_clrstr_w(L"R3nzSkin.dll"));
System::IO::File::Move(xor_clrstr_w(L"R3nzSkin\\R3nzSkin_Injector.exe"), String::Format(xor_clrstr_w(L"R3nzSkin_Injector_{0}.exe"), version));
System::IO::File::Move(xor_clrstr_w(L"R3nzSkin\\R3nzSkin.dll"), xor_clrstr_w(L"R3nzSkin.dll"));
System::IO::Directory::Delete(xor_clrstr_w(L"R3nzSkin"));

auto process_info = gcnew System::Diagnostics::ProcessStartInfo();
process_info->Arguments = L"/C choice /C Y /N /D Y /T 1 & del \"" + System::Diagnostics::Process::GetCurrentProcess()->MainModule->FileName + L"\"";
process_info->Arguments = xor_clrstr_w(L"/C choice /C Y /N /D Y /T 1 & del \"") + System::Diagnostics::Process::GetCurrentProcess()->MainModule->FileName + xor_clrstr_w(L"\"");
process_info->CreateNoWindow = true;
process_info->FileName = L"cmd.exe";
process_info->FileName = xor_clrstr_w(L"cmd.exe");
process_info->WindowStyle = System::Diagnostics::ProcessWindowStyle::Hidden;
System::Diagnostics::Process::Start(process_info);
System::Diagnostics::Process::Start(String::Format(L"R3nzSkin_Injector_{0}.exe", version));
System::Diagnostics::Process::Start(String::Format(xor_clrstr_w(L"R3nzSkin_Injector_{0}.exe"), version));

Environment::Exit(0);
}
Expand All @@ -209,7 +212,7 @@ void Injector::autoUpdate()
}
catch (Exception^ e)
{
MessageBox::Show(String::Format(L"{0} - {1}", e->Message, e->StackTrace->Substring(5)), L"R3nzSkin", MessageBoxButtons::OK, MessageBoxIcon::Error);
MessageBox::Show(String::Format(xor_clrstr_w(L"{0} - {1}"), e->Message, e->StackTrace->Substring(5)), xor_clrstr_w(L"R3nzSkin"), MessageBoxButtons::OK, MessageBoxIcon::Error);
Environment::Exit(0);
}
}
Expand All @@ -218,8 +221,8 @@ void Injector::run() noexcept
{
enableDebugPrivilege();
while (true) {
const auto& league_client_processes{ Injector::findProcesses(L"LeagueClient.exe") };
const auto& league_processes{ Injector::findProcesses(L"League of Legends.exe") };
const auto& league_client_processes{ Injector::findProcesses(_XorStrW(L"LeagueClient.exe")) };
const auto& league_processes{ Injector::findProcesses(_XorStrW(L"League of Legends.exe")) };

R3nzSkinInjector::gameState = (league_processes.size() > 0) ? true : false;
R3nzSkinInjector::clientState = (league_client_processes.size() > 0) ? true : false;
Expand Down
1 change: 1 addition & 0 deletions R3nzSkin_Injector/R3nzSkin_Injector.vcxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,7 @@
<FileType>CppForm</FileType>
</ClInclude>
<ClInclude Include="resource.h" />
<ClInclude Include="xorstr.hpp" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="R3nzSkin_Injector.rc" />
Expand Down
3 changes: 3 additions & 0 deletions R3nzSkin_Injector/R3nzSkin_Injector.vcxproj.filters
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,9 @@
<ClInclude Include="lazy_importer.hpp">
<Filter>Source Files</Filter>
</ClInclude>
<ClInclude Include="xorstr.hpp">
<Filter>Source Files</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<Image Include="icon.ico">
Expand Down

1 comment on commit 260ef5e

@LucasAlfare
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunatelly in last build released windows still recognizing the injector as virus.

Please sign in to comment.