Prova questo
DWORD dwAhnHS_MakeResponse_JMPBack = 0;
DWORD dwAhnHS_EndOfMakeResponse_HookStart = 0;
DWORD HS_Place = 0;
__declspec(naked) void __cdecl hkAhnHS_MakeResponse ( DWORD a1, char* a2, char* a3 )
{
__asm
{
push ebp
mov ebp,esp
push 0xFF
pushad
pushfd
}
if ( a1 == 0xD )
{
*(BYTE*)(HS_Place) = 0x33;
*(BYTE*)(HS_Place+0x1) = 0xD0;
}
__asm
{
popfd
popad
jmp dwAhnHS_MakeResponse_JMPBack
}
}
__declspec(naked) void __cdecl hkAhnHS_EndOfMakeResponse()
{
__asm
{
pushad
pushfd
}
*(BYTE*)(HS_Place) = 0x85;
*(BYTE*)(HS_Place+0x1) = 0xD2;
__asm
{
popfd
popad
retn 0x0C
}
}
int DetouringHackShield (void)
{
int hEhSvc, OK = 1337;
do
{
hEhSvc = (int)Tools.oWnGetModuleHandle("EhSvc.dll");
Sleep(1000);
} while(!hEhSvc);
if( hEhSvc > 0 )
{
unsigned long MProtection;
if ( ProtectVirtualProtect((void*)hEhSvc,0x00125000,0x04,&MProtection) )
{
HS_Place = (hEhSvc+0x******);
// CRC
*(BYTE*)(hEhSvc+0x******) = 0x31;
// Detection
*(BYTE*)(hEhSvc+0x******) = 0xC3;
// Detection
*(BYTE*)(hEhSvc+0x******) = 0xC3;
dwAhnHS_MakeResponse_JMPBack = (hEhSvc+0x******0+0x5);
Detour->Create((PBYTE)(hEhSvc+0x******),(LPBYTE)hkAhnHS_MakeResponse,DETOUR_TYPE_JMP,DETOUR_LEN_AUTO);
Detour->Create((PBYTE)(hEhSvc+0x******),(LPBYTE)hkAhnHS_EndOfMakeResponse,DETOUR_TYPE_JMP,DETOUR_LEN_AUTO);
ProtectVirtualProtect((void*)hEhSvc,0x00125000,MProtection,0);
}
}
}
Però devi trovare gli address, quelli non li so io .