Benvenuto! Per postare e godere delle funzionalità del forum registrati, occorrono pochi secondi ed è gratis!

HackShield bypass

maurow
Messaggi: 6,041
Discussioni: 2,066
Registrato: 03-2011
Reputazione:
133

Mix: 8,107
Spoiler:
#ifndef _ANTIHACKSHIELD_H
#define _ANTIHACKSHIELD_H

#include "xorstr.h"

typedef LONG (WINAPI* tZwSetEvent)(HANDLE EventHandle, PLONG PreviousState);
tZwSetEvent oZwSetEvent;

bool bThreadTerminate = false;

DWORD dwMAIN_THREAD;
DWORD dwLMP_HACKSHIELD_THREAD;
DWORD dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1;
DWORD dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2;
DWORD dwCHECK_INTEGRITY_HACKSHIELD_THREAD;
DWORD dwKDTRACE_HACKSHIELD_THREAD;

DWORD dwLMP_HACKSHIELD_THREAD_EVENT;
DWORD dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1_EVENT;
DWORD dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT;
DWORD dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT;

DWORD dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL;
DWORD dwHACKSHIELD_CALL_TO_CREATE_THREAD;

MODULEINFO mEngine, mEhSvc;

#define INRANGE(x,a,b) (x >= a && x <= b)
#define getBits( x ) (INRANGE((x&(~0x20)),'A','F') ? ((x&(~0x20)) - 'A' + 0xa) : (INRANGE(x,'0','9') ? x - '0' : 0))
#define getByte( x ) (getBits(x[0]) << 4 | getBits(x[1]))
DWORD FindPattern( DWORD rangeStart, DWORD rangeEnd, const char* pattern )
{
const char* pat = pattern;
DWORD firstMatch = 0;
for( DWORD pCur = rangeStart; pCur < rangeEnd; pCur++ )
{
if( !*pat ) return firstMatch;
if( *(PBYTE)pat == '\?' || *(BYTE*)pCur == getByte( pat ) ) {
if( !firstMatch ) firstMatch = pCur;
if( !pat[2] ) return firstMatch;
if( *(PWORD)pat == '\?\?' || *(PBYTE)pat != '\?' ) pat += 3;
else pat += 2;

} else {
pat = pattern;
firstMatch = 0;
}
}
return NULL;
}

struct sHackShieldThreadParams
{
char _pad1[0x48];
DWORD param1;
DWORD param2;
};


#pragma optimize("", off)
void FakeASMCheck()
{
VIRTUALIZER1_START
oZwSetEvent((HANDLE) *(DWORD *)dwLMP_HACKSHIELD_THREAD_EVENT, 0);
VIRTUALIZER1_END

while(bThreadTerminate == false)
Sleep(1000);
}

void FakeHeuristicScanThread()
{
VIRTUALIZER1_START
dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1_EVENT = *(DWORD *)(dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1_EVENT + 1 );
dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1_EVENT = *(DWORD *)(dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1_EVENT + 0xBCC);

oZwSetEvent((HANDLE)dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1_EVENT, 0);
VIRTUALIZER1_END
while(bThreadTerminate == false)
Sleep(1000);
}

void FakeHeuristicModulesScanThread()
{
VIRTUALIZER1_START
dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT = *(DWORD *)(dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT + 1);
dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT = *(DWORD *)(dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT);
dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT = *(DWORD *)(dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT + 0xB9Cool;

oZwSetEvent((HANDLE)dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT, 0);
VIRTUALIZER1_END
while(bThreadTerminate == false)
Sleep(1000);
}


void FakeHackShieldIntegrityChecks()
{
VIRTUALIZER1_START
dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT = **(DWORD **)(dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT + 2);
oZwSetEvent((HANDLE) dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT, 0);
VIRTUALIZER1_END
while(bThreadTerminate == false)
Sleep(1000);
}

void FakeKernelTraceThread()
{
while(bThreadTerminate == false)
Sleep(1000);
}


typedef HANDLE(WINAPI* tCreateThread)(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId);
tCreateThread oCreateThread;
HANDLE WINAPI hkCreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId)
{
VIRTUALIZER1_START
__asm pushad;

if(lpStartAddress == (LPTHREAD_START_ROUTINE)dwMAIN_THREAD )
{
sHackShieldThreadParams * pHackShieldThreadParams = (sHackShieldThreadParams *)lpParameter;

if(pHackShieldThreadParams->param1 == dwLMP_HACKSHIELD_THREAD )
pHackShieldThreadParams->param1 = (DWORD)FakeASMCheck;

if(pHackShieldThreadParams->param1 == dwCHECK_INTEGRITY_HACKSHIELD_THREAD )
pHackShieldThreadParams->param1 = (DWORD)FakeHackShieldIntegrityChecks;

if(pHackShieldThreadParams->param1 == dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1 )
pHackShieldThreadParams->param1 = (DWORD)FakeHeuristicScanThread;

if(pHackShieldThreadParams->param1 == dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2 )
pHackShieldThreadParams->param1 = (DWORD)FakeHeuristicModulesScanThread;

if(pHackShieldThreadParams->param1 == dwKDTRACE_HACKSHIELD_THREAD )
pHackShieldThreadParams->param1 = (DWORD)FakeKernelTraceThread;

lpParameter = (LPVOID)pHackShieldThreadParams;
}

__asm popad;

return oCreateThread(lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpThreadId);
VIRTUALIZER1_END
}


MODULEINFO GetModuleInfo ( LPCTSTR lpModuleName )
{

MODULEINFO miInfos = { NULL };

HMODULE hPSAPI_module;

if(!GetModuleHandleA(/*psapi.dll*/XorStr<0x83,10,0x958DA3D8>("\xF3\xF7\xE4\xF6\xEE\xA6\xED\xE6\xE7"+0x958DA3DCool.s))
{
VIRTUALIZER1_START
char szSystemPath[MAX_PATH];
GetWindowsDirectory(szSystemPath, MAX_PATH);
char szPSAPIDLLPath[MAX_PATH];
sprintf(szPSAPIDLLPath, /*%s\\system32\\psapi.dll*/XorStr<0x36,22,0x2421358F>("\x13\x44\x64\x4A\x43\x48\x48\x58\x53\x0C\x72\x1D\x32\x30\x25\x35\x2F\x69\x2C\x25\x26"+0x2421358F).s, szSystemPath);
//char *szSystemPath = new char[MAX_PATH] = getenv(/*SystemRoot*/XorStr<0x7F,11,0xFE364ABD>("\x2C\xF9\xF2\xF6\xE6\xE9\xD7\xE9\xE8\xFC"+0xFE364ABD).s);
//sprintf(szSystemPath, /*%s\\system32\\psapi.dll*/XorStr<0xD9,22,0xFE6A7D9B>("\xFC\xA9\x87\xAF\xA4\xAD\xAB\x85\x8C\xD1\xD1\xB8\x95\x95\x86\x98\x80\xC4\x8F\x80\x81"+0xFE6A7D9B).s, szSystemPath);
hPSAPI_module = LoadLibrary(szPSAPIDLLPath);
VIRTUALIZER1_END
}
else
hPSAPI_module = GetModuleHandleA(/*psapi.dll*/XorStr<0xC0,10,0xF54899B1>("\xB0\xB2\xA3\xB3\xAD\xEB\xA2\xAB\xA4"+0xF54899B1).s);

if (!hPSAPI_module)
return miInfos;

HMODULE hmModule = GetModuleHandle(lpModuleName);

typedef DWORD ( __stdcall *tGetModuleInformation)( HANDLE, HMODULE, LPMODULEINFO, DWORD );
tGetModuleInformation oGetModuleInformation = (tGetModuleInformation) (GetProcAddress(hPSAPI_module, /*GetModuleInformation*/XorStr<0x51,21,0x2BAEFCCD>("\x16\x37\x27\x19\x3A\x32\x22\x34\x3C\x13\x35\x3A\x32\x2C\x32\x01\x15\x0B\x0C\x0A"+0x2BAEFCCD).s));
oGetModuleInformation(GetCurrentProcess(), hmModule, &miInfos, sizeof ( MODULEINFO ));

return miInfos;


}

#pragma optimize("", on)
typedef int(__cdecl* tSecureFunctionCall)(int a1, int a2, int a3);
tSecureFunctionCall oSecureFunctionCall;
int hk_secureFunctionCall(int a1, int a2, int a3)
{
__asm pushad;
VIRTUALIZER1_START
if(a1 == 6)
bThreadTerminate = true;
VIRTUALIZER1_END
__asm popad;
return oSecureFunctionCall(a1,a2,a3);
}


#pragma optimize("", off)
void InitializeHSBypass(void)
{
while(!GetModuleHandleA(/*EhSvc.dll*/XorStr<0x68,10,0x6EB6F07E>("\x2D\x01\x39\x1D\x0F\x43\x0A\x03\x1C"+0x6EB6F07E).s) )
Sleep(100);

mEngine = GetModuleInfo(0);
mEhSvc = GetModuleInfo(/*EhSvc.dll*/XorStr<0x52,10,0x1A77CE04>("\x17\x3B\x07\x23\x35\x79\x3C\x35\x36"+0x1A77CE04).s);

dwMAIN_THREAD = (DWORD) FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC ?? 53 56 57 89 65 ?? FF 35*/XorStr<0x21,120,0x2DDE4771>("\x14\x17\x03\x1C\x67\x06\x62\x6B\x09\x1C\x6A\x0C\x6B\x68\x0F\x06\x09\x12\x0C\x0B\x15\x09\x08\x18\x06\x05\x1B\x03\x02\x1E\x09\x78\x61\x7D\x7C\x64\x7A\x79\x67\x77\x76\x6A\x74\x73\x6D\x78\x7B\x70\x10\x63\x73\x64\x65\x76\x67\x68\x79\x6A\x6B\x7C\x6D\x6E\x7F\x55\x51\x42\x55\x50\x45\x5E\x5E\x48\x5B\x5F\x4B\x5C\x5D\x4E\x5F\x40\x51\x42\x43\x54\x45\x46\x57\x40\x4A\x5A\x3E\x3F\x5D\x41\x40\xA0\xB4\xB1\xA3\xB1\xB3\xA6\xB2\xBF\xA9\xB2\xB2\xAC\xBB\xBB\xAF\xAF\xAE\xB2\xD5\xD2\xB5\xA5\xA2"+0x2DDE4771).s);

dwLMP_HACKSHIELD_THREAD = (DWORD) FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC 53 56 57 E9*/XorStr<0x65,21,0x321AD150>("\x50\x53\x47\x50\x2B\x4A\x2E\x2F\x4D\x5B\x5C\x50\x44\x44\x53\x41\x42\x56\x32\x41"+0x321AD150).s );
dwLMP_HACKSHIELD_THREAD = dwLMP_HACKSHIELD_THREAD + 0x1;
dwLMP_HACKSHIELD_THREAD = (DWORD) FindPattern( (DWORD)dwLMP_HACKSHIELD_THREAD, (DWORD)dwLMP_HACKSHIELD_THREAD + (DWORD)mEhSvc.SizeOfImage, /*55 8B EC 53 56 57 E9*/XorStr<0x65,21,0x321AD150>("\x50\x53\x47\x50\x2B\x4A\x2E\x2F\x4D\x5B\x5C\x50\x44\x44\x53\x41\x42\x56\x32\x41"+0x321AD150).s);

dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1 = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*8B 4C 24 04 E8*/XorStr<0x3B,15,0xFE4FC9CF>("\x03\x7E\x1D\x0A\x7C\x60\x73\x76\x63\x74\x71\x66\x02\x70"+0xFE4FC9CF).s );
dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2 = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 81 EC ?? ?? ?? ?? 53 56 57 89 65 ?? C6 45 ?? ?? C6*/XorStr<0x0E,138,0xA52699E6>("\x3B\x3A\x30\x29\x50\x33\x51\x56\x36\x21\x59\x39\x5C\x5D\x3C\x2B\x26\x3F\x1F\x1E\x02\x1C\x1B\x05\x19\x18\x08\x16\x15\x0B\x1A\x15\x0E\x10\x0F\x11\x0D\x0C\x14\x0A\x09\x17\x07\x06\x1A\x0D\x08\x1D\x7F\x0E\x60\x71\x72\x63\x74\x75\x66\x77\x78\x69\x7A\x7B\x6C\x78\x7E\x6F\x66\x65\x72\x6B\x6D\x75\x64\x62\x78\x69\x6A\x7B\x6C\x6D\x7E\x6F\x50\x41\x52\x53\x44\x5D\x57\x47\x2D\x2A\x4A\x54\x53\x4D\x51\x50\x50\x4E\x4D\x53\x4B\x4A\x56\x42\x4B\x59\x4F\x4D\x5C\x48\x49\x5F\xB8\xB8\xA2\xB5\xB1\xA5\xB9\xB8\xA8\xCA\xBC\xAB\xB8\xB8\xAE\xB0\xAF\xB1\xAD\xAC\xB4\xD6\xA0"+0xA52699E6).s );
dwCHECK_INTEGRITY_HACKSHIELD_THREAD = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, ( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC B8*/XorStr<0xB9,12,0xE4296250>("\x8C\x8F\x9B\x84\xFF\x9E\xFA\x83\xE1\x80\xFB"+0xE4296250).s );
dwKDTRACE_HACKSHIELD_THREAD = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 81 C4 ?? ?? ?? ?? 53 56 57 89 65 ?? C7 45 ?? ?? ?? ?? ?? C7 45 ?? ?? ?? ?? ?? C7 45 ?? ?? ?? ?? ?? FF*/XorStr<0x90,189,0x9E605CC7>("\xA5\xA4\xB2\xAB\xD6\xB5\xD3\xD4\xB8\xAF\xDB\xBB\xDA\xDB\xBE\xA9\x98\x81\x9D\x9C\x84\x9A\x99\x87\x97\x96\x8A\x94\x93\x8D\x98\x97\x90\x8E\x8D\x93\x8B\x8A\x96\x88\x87\x99\x85\x84\x9C\x8B\x8A\x9F\x81\xF0\xE2\xF3\xF4\xE5\xF6\xF7\xE8\xF9\xFA\xEB\xFC\xFD\xEE\xFA\xE0\xF1\xE4\xE7\xF4\xED\xEF\xF7\xEA\xEC\xFA\xEB\xEC\xFD\xEE\xEF\xC0\xD1\xD2\xC3\xD4\xD5\xC6\xDF\xD9\xC9\xA9\xDF\xCC\xD2\xD1\xCF\xCF\xCE\xD2\xCC\xCB\xD5\xC9\xC8\xD8\xCC\xC9\xDB\xC9\xCB\xDE\xCA\x37\x21\x3A\x3A\x24\x33\x33\x27\x37\x36\x2A\x48\x3B\x2D\x3A\x3A\x30\x2E\x2D\x33\x2B\x2A\x36\x28\x27\x39\x25\x24\x3C\x22\x21\x3F\x63\x16\x02\x17\x11\x05\x19\x18\x08\x16\x15\x0B\x13\x12\x0E\x10\x0F\x11\x0D\x0C\x14\x76\x01\x17\x0C\x0C\x1A\x04\x03\x1D\x01\x00\x60\x7E\x7D\x63\x7B\x7A\x66\x78\x77\x69\x0C\x0D"+0x9E605CC7).s);

dwLMP_HACKSHIELD_THREAD_EVENT = ( (DWORD)mEhSvc.lpBaseOfDll + 0x130CACool;
dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1_EVENT = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*B9 ?? ?? ?? ?? E8 ?? ?? ?? ?? 5D C3*/XorStr<0x1C,36,0x0FA547FD>("\x5E\x24\x3E\x20\x1F\x01\x1D\x1C\x04\x1A\x19\x07\x17\x16\x0A\x6E\x14\x0D\x11\x10\x10\x0E\x0D\x13\x0B\x0A\x16\x08\x07\x19\x0F\x7F\x1C\x7E\x0D"+0x0FA547FD).s );
dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*A1 ?? ?? ?? ?? 53 56 33 F6 57 3B C6 89 65 ?? 75*/XorStr<0xDF,48,0x4944DE25>("\x9E\xD1\xC1\xDD\xDC\xC4\xDA\xD9\xC7\xD7\xD6\xCA\xD4\xD3\xCD\xDB\xDC\xD0\xC4\xC4\xD3\xC7\xC6\xD6\xB1\xCE\xD9\xCF\xCC\xDC\xCE\xBC\xDF\x43\x37\x22\x3B\x3D\x25\x30\x32\x28\x36\x35\x2B\x3B\x38"+0x4944DE25).s );

dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*8B 0D ?? ?? ?? ?? 51 FF 15 ?? ?? ?? ?? 8B 55*/XorStr<0x15,45,0x216E426F>("\x2D\x54\x37\x28\x5D\x3A\x24\x23\x3D\x21\x20\x00\x1E\x1D\x03\x1B\x1A\x06\x12\x19\x09\x6C\x6D\x0C\x1C\x1B\x0F\x0F\x0E\x12\x0C\x0B\x15\x09\x08\x18\x06\x05\x1B\x04\x7F\x1E\x0A\x75"+0x216E426F).s );

dwHACKSHIELD_CALL_TO_CREATE_THREAD = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD) ( (DWORD)mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*FF 15 ?? ?? ?? ?? 85 C0 75 ?? FF 15 ?? ?? ?? ?? 8B F8 56*/XorStr<0x82,57,0xBCA0FCCB>("\xC4\xC5\xA4\xB4\xB3\xA7\xB7\xB6\xAA\xB4\xB3\xAD\xB1\xB0\xB0\xAE\xAD\xB3\xAC\xA0\xB6\xD4\xA8\xB9\xAD\xAE\xBC\xA2\xA1\xBF\xE6\xE7\x82\x92\x91\x85\x99\x98\x88\x96\x95\x8B\x93\x92\x8E\x90\x8F\x91\x8A\xF1\x94\xF3\x8E\x97\x8D\x8F"+0xBCA0FCCB).s);
dwHACKSHIELD_CALL_TO_CREATE_THREAD = *(DWORD *)(dwHACKSHIELD_CALL_TO_CREATE_THREAD + 2);

dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL = (DWORD)FindPattern( (DWORD)mEngine.lpBaseOfDll, (DWORD) ( (DWORD)mEngine.lpBaseOfDll + (DWORD)mEngine.SizeOfImage), /*89 0D ?? ?? ?? ?? 8B 55 E8*/XorStr<0x57,27,0xD71F02EA>("\x6F\x61\x79\x6A\x1F\x7C\x62\x61\x7F\x5F\x5E\x42\x5C\x5B\x45\x59\x58\x48\x51\x28\x4B\x59\x58\x4E\x2A\x48"+0xD71F02EA).s);
dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL = *(DWORD *)(dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL + 2);


VIRTUALIZER1_START

oZwSetEvent = (tZwSetEvent)GetProcAddress( GetModuleHandle(/*ntdll.dll*/XorStr<0x89,10,0x1E870C7A>("\xE7\xFE\xEF\xE0\xE1\xA0\xEB\xFC\xFD"+0x1E870C7A).s), /*ZwSetEvent*/XorStr<0x34,11,0xCB9D323B>("\x6E\x42\x65\x52\x4C\x7C\x4C\x5E\x52\x49"+0xCB9D323B).s);

DWORD oldProtect;

VirtualProtect((void *)mEhSvc.lpBaseOfDll, mEhSvc.SizeOfImage, PAGE_EXECUTE_READWRITE, &oldProtect);
oCreateThread = (tCreateThread) *(DWORD *)((DWORD)dwHACKSHIELD_CALL_TO_CREATE_THREAD);
*(DWORD *)(dwHACKSHIELD_CALL_TO_CREATE_THREAD) = (DWORD)hkCreateThread;
VirtualProtect((void *)mEhSvc.lpBaseOfDll, mEhSvc.SizeOfImage, oldProtect, &oldProtect);

VirtualProtect((void *)mEngine.lpBaseOfDll, mEngine.SizeOfImage, PAGE_EXECUTE_READWRITE, &oldProtect);
oSecureFunctionCall = (tSecureFunctionCall)*(DWORD*)dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL;
*(DWORD *)(dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL) = (DWORD)hk_secureFunctionCall;
VirtualProtect((void *)mEngine.lpBaseOfDll, mEngine.SizeOfImage, oldProtect, &oldProtect);

VIRTUALIZER1_END
}
#pragma optimize("", on)
#endif
XORStr (for who doesnt have the class)
Code:
#ifndef _XORSTR_H
#define _XORSTR_H

#pragma once

template <int XORSTART, int BUFLEN, int XREFKILLER>
class XorStr
{
private:
XorStr();
public:
char s[BUFLEN];

XorStr(const char* xs);
~XorStr(){ for(int i=0;i<BUFLEN;i++)s[i]=0;}
};

template <int XORSTART, int BUFLEN, int XREFKILLER>
XorStr<XORSTART,BUFLEN,XREFKILLER>::XorStr(const char* xs)
{

int xvalue = XORSTART;
int i = 0;
for(;i<(BUFLEN-1);i++) {
s[i] = xs[i-XREFKILLER]^xvalue;
xvalue += 1;
xvalue %= 256;
}
s[BUFLEN-1] = 0;


}

#endif



La libertà non si insegna, è una scelta individuale.
22/08/2013, 23:22
#1
Cerca

1 Life, 1 Avatar &lt;3
Messaggi: 9,074
Discussioni: 271
Registrato: 08-2011
Reputazione:
77

Mix: 0
Mio dio che figata. Non ci capisco niente

24/08/2013, 12:02
#2
Cerca

maurow
Messaggi: 6,041
Discussioni: 2,066
Registrato: 03-2011
Reputazione:
133

Mix: 8,107
(24/08/2013, 12:02)Pocciox Ha scritto:

[Per vedere i link devi REGISTRARTI.]

Mio dio che figata. Non ci capisco niente
q8 Asd Asd


La libertà non si insegna, è una scelta individuale.
24/08/2013, 21:05
#3
Cerca


Discussioni simili
Discussione Autore Risposte Letto Ultimo messaggio
  Aiuto bypass sciaobelo 0 502 20/11/2014, 17:19
Ultimo messaggio: sciaobelo
  CRC Bypass e .bin encrypter/decrypter catoplepas 0 593 19/05/2014, 22:03
Ultimo messaggio: catoplepas
  bypass MAUROW 0 487 11/09/2013, 22:52
Ultimo messaggio: MAUROW



Utenti che stanno guardando questa discussione: 1 Ospite(i)