Codice:
VOID WriteMemory(DWORD dwAddress,LPBYTE lpBuffer,DWORD dwBufferLengh)
{
DWORD dwOldProtect;
VirtualProtect((LPVOID)dwAddress,dwBufferLengh,PAGE_READWRITE,&dwOldProtect);
memcpy((LPVOID)dwAddress,lpBuffer,dwBufferLengh);
VirtualProtect((LPVOID)dwAddress,dwBufferLengh,dwOldProtect,&dwOldProtect);
}
void HackShield( void)
{
DWORD dwEhSvc = 0;
do
{
dwEhSvc = (DWORD)( GetModuleHandle ( "EhSvc.dll" ) );
}
while ( dwEhSvc == 0 );
// ======================== EHSVC.DLL
WriteMemory ( (dwEhSvc + 0x8D580) , (LPBYTE)("\xC3") , 1 );
WriteMemory ( (dwEhSvc + 0x0AC28) , (LPBYTE)("\x74") , 1 );
WriteMemory ( (dwEhSvc + 0xAF9F5) , (LPBYTE)("\x03\xD2") , 2 );
WriteMemory ( (dwEhSvc + 0xACEBE) , (LPBYTE)("\xB8\x00\x00\x00\x00") , 5 );
WriteMemory ( (dwEhSvc + 0xF7F10) , (LPBYTE)("\xC2\x04\x00") , 3 );
WriteMemory ( (dwEhSvc + 0x0AB90) , (LPBYTE)("\xC2\x04\x00") , 3 );
WriteMemory ( (dwEhSvc + 0x43D5E) , (LPBYTE)("\x31") , 1 );
WriteMemory ( (dwEhSvc + 0x4105F) , (LPBYTE)("\x31") , 1 );
WriteMemory ( (dwEhSvc + 0x43DD4) , (LPBYTE)("\x90\x90") , 2 );
WriteMemory ( (dwEhSvc + 0x3329D) , (LPBYTE)("\x90\x90") , 2 );
// ======================== WARROCK.EXE
WriteMemory ( (0x5DCE21) , (LPBYTE)( "\xC3" ) , 1 );// RETN
WriteMemory ( (0x51D003) , (LPBYTE)( "\xEB" ) , 1 );// JMP
}
L'unico problema è che questo bypass ti butta fuori dopo 50 minuti
Ringrazio BlackLegend per gli address dell' ehsvc