Skip to content

Commit

Permalink
Added some modules, may crash tbh
Browse files Browse the repository at this point in the history
Added some modules, may crash tbh
  • Loading branch information
Lefraudeur authored Feb 25, 2024
2 parents 0fc3b47 + fda7ef8 commit b48f568
Show file tree
Hide file tree
Showing 32 changed files with 826 additions and 72 deletions.
21 changes: 21 additions & 0 deletions HotSpot/HotSpot.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -528,6 +528,27 @@ unsigned short* HotSpot::Method::get_flags()
return (unsigned short*)((uint8_t*)this + vm_entry->offset);
}

void HotSpot::Method::set_dont_inline(bool enabled)
{
unsigned short* _flags = get_flags();
if (!_flags)
{
static VMStructEntry* vm_entry = find_VMStructEntry("Method", "_intrinsic_id", false);
if (!vm_entry) return;
unsigned char* flags = ((uint8_t*)this + vm_entry->offset + 1);
if (enabled)
*flags |= (1 << 4);
else
*flags &= ~(1 << 4);
return;
}

if (enabled)
*_flags |= _dont_inline;
else
*_flags &= ~_dont_inline;
}

int HotSpot::Thread::get_thread_state_offset()
{
static VMStructEntry* vm_entry = find_VMStructEntry("JavaThread", "_thread_state", false);
Expand Down
1 change: 1 addition & 0 deletions HotSpot/HotSpot.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,7 @@ namespace HotSpot
void set_from_compiled_entry(void* entry);
void* get_i2i_entry();
unsigned short* get_flags();
void set_dont_inline(bool enabled);
};

struct Array
Expand Down
18 changes: 12 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# RiptermsGhost
# RiptermsGhost

An example injectable cheat for minecraft using java native interface, jvmti, java method hooking, and constant pool editing.

Expand All @@ -16,7 +16,7 @@ Any question ? Contact me on discord: lefraudeur
### Supported versions :
x64 windows only. Because of the way ripterms hooks java methods, it supports only some jvm versions (tested on zulu17, openjdk8, openjdk17).
Please open an issue if it doesn't work on your jvm version.
- Lunar Client: 1.7.10, 1.8.9, 1.16.5, 1.17.1, 1.19.4, 1.20.4
- 🌙Lunar Client: 1.7.10, 1.8.9, 1.16.5, 1.17.1, 1.19.4, 1.20.4
- Forge: 1.7.10
- Badlion Client: 1.8.9
- Vanilla: 1.8.9
Expand All @@ -28,7 +28,7 @@ Change mappings to add new versions
- Reach (uses constant pool editing)
- Left Clicker
- Full Bright
- Velocity
- Velocity / VelocityPacket (uses channelRead0 event)
- Client Brand Changer (modifies the getClientModName return value) (to troll staffs lol, sent to the server on login and displayed by some anticheats)
- Blink (hooks and cancels addToSendQueue)
- FastPlace
Expand All @@ -41,6 +41,10 @@ Change mappings to add new versions
- Glide
- VelocityFly
- Speed
- BackTrack (set the hitbox of the target to a previous position)
- AttackLag (delay received packet when attacking someone)
- NoMiss
- BlockOnAttack

![image](https://github.com/Lefraudeur/RiptermsGhost/assets/91006387/39690baa-859a-4ea2-a9b0-dfbc8cbfe472)

Expand All @@ -49,17 +53,19 @@ Insert to open the gui / end key to self destruct

![image](https://github.com/Lefraudeur/RiptermsGhost/assets/73477238/0d8f6308-1036-4480-b487-eaf02d07259d)

### Event system (hook, modifiy parameters, cancel, modify return value):
### Event system (hook, modifiy parameters, cancel, modify return value):
- onAddToSendQueue (edit sent packets)
- onUpdateWalkingPlayer
- onAttackTargetEntityWithCurrentItem
- onChannelRead0 (edit received packets)
##### ⚠java method hooking is still unreliable, and might cause crash the game on some methods

To test it, just build the project with visual studio 2022, and inject the dll using any injector (process hacker, extreme injector...).
To test it, just build the project with visual studio 2022 (compile on x64 Release config), and inject the dll using any injector (process hacker, extreme injector...).
You can also take a look at RiptermsInjector: https://github.com/Lefraudeur/RiptermsInjector

Help would be appreciated, this repo is here to share your knowledge with other people. You can also make suggestions. (open an issue or a pull request to dev branch)

TODO:
📃TODO:
- Good world to screen, to make player and block ESP (missing w2s for 1.16.5)
- Customizable key binds
- Enabled modules list
Expand Down
6 changes: 6 additions & 0 deletions Ripterms Ghost.vcxproj
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,7 @@
<ClCompile Include="Include\ImGui\imgui_tables.cpp" />
<ClCompile Include="Include\ImGui\imgui_widgets.cpp" />
<ClCompile Include="Include\miniz\miniz.c" />
<ClCompile Include="io\netty\ChannelHandlerContext\ChannelHandlerContext.cpp" />
<ClCompile Include="java\lang\ClassLoader\ClassLoader.cpp" />
<ClCompile Include="java\lang\Double\Double.cpp" />
<ClCompile Include="java\lang\Object\Object.cpp" />
Expand Down Expand Up @@ -203,10 +204,12 @@
<ClCompile Include="net\minecraft\entity\EntityLivingBase\EntityLivingBase.cpp" />
<ClCompile Include="net\minecraft\entity\Entity\Entity.cpp" />
<ClCompile Include="net\minecraft\entity\player\EntityPlayer\EntityPlayer.cpp" />
<ClCompile Include="net\minecraft\network\NetworkManager\NetworkManager.cpp" />
<ClCompile Include="net\minecraft\network\Packet\Packet.cpp" />
<ClCompile Include="net\minecraft\network\play\client\C03PacketPlayer\C03PacketPlayer.cpp" />
<ClCompile Include="net\minecraft\network\play\client\C03PacketPlayer\C04PacketPlayerPosition\C04PacketPlayerPosition.cpp" />
<ClCompile Include="net\minecraft\network\play\client\C03PacketPlayer\C06PacketPlayerPosLook\C06PacketPlayerPosLook.cpp" />
<ClCompile Include="net\minecraft\network\play\server\S12PacketEntityVelocity\S12PacketEntityVelocity.cpp" />
<ClCompile Include="net\minecraft\util\AxisAlignedBB\AxisAlignedBB.cpp" />
<ClCompile Include="net\minecraft\util\BlockPos\BlockPos.cpp" />
<ClCompile Include="net\minecraft\util\MovingObjectPosition\MovingObjectPosition.cpp" />
Expand Down Expand Up @@ -246,6 +249,7 @@
</ItemGroup>
<ItemGroup>
<ClInclude Include="HotSpot\HotSpot.hpp" />
<ClInclude Include="io\netty\ChannelHandlerContext\ChannelHandlerContext.h" />
<ClInclude Include="java\lang\ClassLoader\ClassLoader.h" />
<ClInclude Include="java\lang\Double\Double.h" />
<ClInclude Include="java\lang\Object\Object.h" />
Expand All @@ -272,10 +276,12 @@
<ClInclude Include="net\minecraft\entity\EntityLivingBase\EntityLivingBase.h" />
<ClInclude Include="net\minecraft\entity\Entity\Entity.h" />
<ClInclude Include="net\minecraft\entity\player\EntityPlayer\EntityPlayer.h" />
<ClInclude Include="net\minecraft\network\NetworkManager\NetworkManager.h" />
<ClInclude Include="net\minecraft\network\Packet\Packet.h" />
<ClInclude Include="net\minecraft\network\play\client\C03PacketPlayer\C03PacketPlayer.h" />
<ClInclude Include="net\minecraft\network\play\client\C03PacketPlayer\C04PacketPlayerPosition\C04PacketPlayerPosition.h" />
<ClInclude Include="net\minecraft\network\play\client\C03PacketPlayer\C06PacketPlayerPosLook\C06PacketPlayerPosLook.h" />
<ClInclude Include="net\minecraft\network\play\server\S12PacketEntityVelocity\S12PacketEntityVelocity.h" />
<ClInclude Include="net\minecraft\util\AxisAlignedBB\AxisAlignedBB.h" />
<ClInclude Include="net\minecraft\util\BlockPos\BlockPos.h" />
<ClInclude Include="net\minecraft\util\MovingObjectPosition\MovingObjectPosition.h" />
Expand Down
18 changes: 18 additions & 0 deletions Ripterms Ghost.vcxproj.filters
Original file line number Diff line number Diff line change
Expand Up @@ -243,6 +243,15 @@
<ClCompile Include="Ripterms\Modules\BackTrack.cpp">
<Filter>Fichiers sources</Filter>
</ClCompile>
<ClCompile Include="net\minecraft\network\NetworkManager\NetworkManager.cpp">
<Filter>Fichiers sources</Filter>
</ClCompile>
<ClCompile Include="io\netty\ChannelHandlerContext\ChannelHandlerContext.cpp">
<Filter>Fichiers sources</Filter>
</ClCompile>
<ClCompile Include="net\minecraft\network\play\server\S12PacketEntityVelocity\S12PacketEntityVelocity.cpp">
<Filter>Fichiers sources</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="Ripterms\Ripterms.h">
Expand Down Expand Up @@ -413,5 +422,14 @@
<ClInclude Include="java\lang\Double\Double.h">
<Filter>Fichiers d%27en-tête</Filter>
</ClInclude>
<ClInclude Include="net\minecraft\network\NetworkManager\NetworkManager.h">
<Filter>Fichiers d%27en-tête</Filter>
</ClInclude>
<ClInclude Include="io\netty\ChannelHandlerContext\ChannelHandlerContext.h">
<Filter>Fichiers d%27en-tête</Filter>
</ClInclude>
<ClInclude Include="net\minecraft\network\play\server\S12PacketEntityVelocity\S12PacketEntityVelocity.h">
<Filter>Fichiers d%27en-tête</Filter>
</ClInclude>
</ItemGroup>
</Project>
2 changes: 1 addition & 1 deletion Ripterms/Cache/Cache.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ bool Ripterms::Cache::fillCache()
return false;
}
thePlayer = theMinecraft.getThePlayer();
if (!thePlayer.isValid())
if (!thePlayer.isValid() || thePlayer.getTicksExisted() < 10)
{
is_valid = false;
return false;
Expand Down
31 changes: 16 additions & 15 deletions Ripterms/GUI/GUI.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,9 @@ static LRESULT CALLBACK detour_WndProc(HWND hWnd, UINT msg, WPARAM wParam, LPARA

if (msg == WM_KEYDOWN)
{
for (const std::pair<std::string, std::vector<Ripterms::Modules::IModule*>>& category : Ripterms::Modules::categories)
for (Ripterms::Modules::Category& category : Ripterms::Modules::categories)
{
for (Ripterms::Modules::IModule* m : category.second)
for (Ripterms::Modules::IModule* m : category.modules)
{
m->onKeyBind(wParam);
}
Expand Down Expand Up @@ -161,9 +161,9 @@ static BOOL WINAPI detour_wglSwapBuffers(HDC unnamedParam1)
ImGuiWindowFlags_NoBackground);
{
Ripterms::JNIFrame jni_frame(Ripterms::p_env, 30);
for (const std::pair<std::string, std::vector<Ripterms::Modules::IModule*>>& category : Ripterms::Modules::categories)
for (Ripterms::Modules::Category& category : Ripterms::Modules::categories)
{
for (Ripterms::Modules::IModule* m : category.second)
for (Ripterms::Modules::IModule* m : category.modules)
{
m->render();
}
Expand Down Expand Up @@ -212,28 +212,29 @@ static BOOL WINAPI detour_wglSwapBuffers(HDC unnamedParam1)
}
ImGui::EndChild();

static std::string current_tab = "Combat";
static uint8_t current_category_id = 0;
constexpr uint8_t settings_id = sizeof(Ripterms::Modules::categories) / sizeof(Ripterms::Modules::Category);
ImGui::SetCursorPosY(55);
ImGui::BeginChild("##categories", ImVec2(100, 345), 0, ImGuiWindowFlags_NoScrollbar | ImGuiWindowFlags_NoScrollWithMouse);
{
ImGui::PushStyleVar(ImGuiStyleVar_FrameRounding, 2.f);

for (const std::pair<std::string, std::vector<Ripterms::Modules::IModule*>>& category : Ripterms::Modules::categories)
for (uint8_t i = 0; i < sizeof(Ripterms::Modules::categories) / sizeof(Ripterms::Modules::Category); ++i)
{
bool is_selected = category.first == current_tab;
bool is_selected = i == current_category_id;
if(is_selected)
ImGui::PushStyleColor(ImGuiCol_Button, Ripterms::GUI::color_active_tab);
if (ImGui::Button(category.first.c_str(), Ripterms::GUI::category_button_size))
current_tab = category.first;
if (ImGui::Button(Ripterms::Modules::categories[i].name, Ripterms::GUI::category_button_size))
current_category_id = i;
if (is_selected)
ImGui::PopStyleColor();
}

ImGui::SetCursorPos(ImVec2(0, ImGui::GetWindowSize()[1] - Ripterms::GUI::category_button_size[1]));

if (current_tab == "Settings") { ImGui::PushStyleColor(ImGuiCol_Button, Ripterms::GUI::color_active_tab); }
if (ImGui::Button("Settings", Ripterms::GUI::category_button_size)) { current_tab = "Settings"; }
if (current_tab == "Settings") { ImGui::PopStyleColor(); }
if (current_category_id == settings_id) { ImGui::PushStyleColor(ImGuiCol_Button, Ripterms::GUI::color_active_tab); }
if (ImGui::Button("Settings", Ripterms::GUI::category_button_size)) { current_category_id = settings_id; }
if (current_category_id == settings_id) { ImGui::PopStyleColor(); }

ImGui::PopStyleVar();
}
Expand All @@ -244,7 +245,7 @@ static BOOL WINAPI detour_wglSwapBuffers(HDC unnamedParam1)
ImGui::SetCursorPosX(115);
ImGui::BeginChild("##modules");
{
if (current_tab == "Settings")
if (current_category_id == settings_id)
{
ImGui::PushStyleVar(ImGuiStyleVar_ItemInnerSpacing, ImVec2(20.0f, 0.0f));
ImGui::PushStyleVar(ImGuiStyleVar_FramePadding, ImVec2(250.0f, ImGui::GetStyle().FramePadding.y));
Expand Down Expand Up @@ -298,11 +299,11 @@ static BOOL WINAPI detour_wglSwapBuffers(HDC unnamedParam1)
else
{
ImGui::SetCursorPos(ImVec2(4, 2));
ImGui::Text(current_tab.c_str());
ImGui::Text(Ripterms::Modules::categories[current_category_id].name);
ImGui::Separator();
{
Ripterms::JNIFrame jni_frame(Ripterms::p_env, 30);
for (Ripterms::Modules::IModule* module : Ripterms::Modules::categories[current_tab])
for (Ripterms::Modules::IModule* module : Ripterms::Modules::categories[current_category_id].modules)
{
module->renderGUI();
}
Expand Down
18 changes: 9 additions & 9 deletions Ripterms/Hook/JavaHook.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ void Ripterms::JavaHook::clean()
}
for (HookedMethod& hm : hooked_methods)
{
hm.method->set_dont_inline(false);
int* flags = (int*)hm.method->get_access_flags();
*flags &= ~(NO_COMPILE);
}
Expand All @@ -52,6 +53,9 @@ bool Ripterms::JavaHook::hook(jmethodID methodID, i2i_detour_t detour)
if (hk.method == method)
return true;
}


method->set_dont_inline(true);
int* flags = (int*)method->get_access_flags();
*flags |= (NO_COMPILE);

Expand All @@ -61,6 +65,8 @@ bool Ripterms::JavaHook::hook(jmethodID methodID, i2i_detour_t detour)
Ripterms::p_env->DeleteLocalRef(owner);

method = *(HotSpot::Method**)methodID;

method->set_dont_inline(true);
flags = (int*)method->get_access_flags();
*flags |= (NO_COMPILE);

Expand Down Expand Up @@ -148,20 +154,14 @@ void* find_correct_hook_place(void* _i2i_entry)

void common_detour(HotSpot::frame* frame, HotSpot::Thread* thread, bool* cancel)
{
if (!(*(void**)thread->get_env()) || thread->get_thread_state() != HotSpot::_thread_in_Java) return;
for (HookedMethod& hk : hooked_methods)
{
if (hk.method == frame->get_method())
{
HotSpot::JavaThreadState state = thread->get_thread_state();
if (state == HotSpot::_thread_in_Java)
thread->set_thread_state(HotSpot::_thread_in_native);
else return;
{
Ripterms::JNIFrame jni_frame(thread->get_env(), 30);
hk.detour(frame, thread, cancel);
}
hk.detour(frame, thread, cancel);
thread->set_thread_state(HotSpot::_thread_in_Java);
break;
return;
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion Ripterms/Hook/JavaHook.h
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ namespace Ripterms::JavaHook

template <typename T> inline void set_return_value(bool* cancel, T return_value)
{
*(T*)((void**)cancel + 8) = return_value;
*(T*)((void**)cancel + 8) = return_value; //see asm code to understand that
}

//param from left to right (arg0 beeing this for non static methods)
Expand Down
Loading

0 comments on commit b48f568

Please sign in to comment.