Ultima modifica da un moderatore:
PASTEBIN:
Oppure qui:
Prima di compilare ricordate di inserire tra le vostre librerie i Detours.
Da compilare in Visual C++ (Io vi consiglio Visual Studio 2013 per Visual C++), e infine creare 1 piccolo patcher/launcher in C++ che auto injetta la dll prima dell'avvio del gioco, tipo cosi:
Fonte: BodyBuilder89 (FORUM ESTERNO)
Oppure qui:
Codice:
///////////////////////////////////////////JOHN CENA VS RANDY ORTON???///////////////////////////////////////////////
#include "stdafx.h"
#include <iostream>
#include <fstream>
#include <string>
#include <sstream>
#include <locale>
#include <vector>
#include <array>
#include <ctime>
#include <csignal>
#include <sys/types.h>
#include <sys/stat.h>
#include <windows.h>
#include <Aclapi.h>
#include <tlhelp32.h>
#include <detours.h>
#include <direct.h>
#pragma comment(lib, "detours.lib")
#pragma comment(lib, "advapi32.lib")
#pragma comment(lib, "User32.lib")
#define MYDLL extern "C" __declspec(dllexport)
using namespace std;
string Endl="\n";
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////GALAXYA2 FUTURE OLDSTYLE?////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////JOHN CENA VS RANDY ORTON???///////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////PROTEZIONE IDEATA DA THEROCK (SPACCONE) & [TM]REBY (AURORA BONNY) PER GALAXYA2 - [CONFIGURAZIONE PROTEZIONE]////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
///////////////////// Ext. Epk | Ext. Eix | Root | LZO Key | PONG
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
array<int,6> Offset={ 0x34c518 , 0x34c520 , 0x340c5c , 0x3b2c6c , 0x340a38 }; //DEVI INSERIRE GLI OFFSET GIUSTI DEL TUO LAUNCHER
string Key=\
".EPK=2e 65 69 78" + Endl +\
".EIX=2e 65 70 6b" + Endl +\
"ROOT=69 63 6f 6e" + Endl +\
"LZO1=cc 61 cc 74 cc cc cc cc cc cc cc cc cc cc cc 00" + Endl +\
"PONG=2a 2a 2a 2e 2e 2e 2a 2a 2a 2e 2e 78 72 6f 6f 74" + Endl;
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
///PROTEZIONE IDEATA DA THEROCK (SPACCONE) & [TM]REBY (AURORA BONNY) PER GALAXYA2 - [FINE CONFIGURAZIONE PROTEZIONE]/
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
BYTE Keys[5][16];
HANDLE ProcessHandle=GetCurrentProcess();
DWORD ProcessId=GetCurrentProcessId();
HANDLE Address=GetProcAddress(GetModuleHandleA("Kernel32.dll"), "LoadLibraryA");
HMODULE (__stdcall *Originale)(LPCSTR);
array<string,23>coso={"cheat", "engine", "switch", "inject", "bot", "hack", "m2bob", "ch347", "3ng1n3", "actool", "m2", "archiver", "loader", "dbg", "olly", "ally", "softice", "wpe", "unpublished", "padmack", "extractor", "pythonloader", "packet"};
void SignalHandler(int signum) {
ExitProcess(0);
}
int HexToDec(string tok2){
int Dec;
istringstream iss3("0x"+tok2);
iss3 >> std::hex >> Dec;
return Dec;
}
string strtoupper(string String){
locale Locale;
string StrIng=String;
for (unsigned int i=0; i<String.length(); i++) {
StrIng[i]=toupper(String[i], Locale);
}
return StrIng;
}
string strtolower(string String){
locale Locale;
string StrIng=String;
for (unsigned int i=0; i<String.length(); i++) {
StrIng[i]=tolower(String[i], Locale);
}
return StrIng;
}
string zerofill(int mon){
if (mon < 10) {
return "0"+to_string(mon);
}else{
return to_string(mon);
}
}
void ExitProc(string lptext, int is){
time_t t=time(NULL);
struct tm TM;
localtime_s(&TM, &t);
ofstream f("Aurora.txt", ofstream::out | ofstream::app);
f << "<" << 1900+TM.tm_year << "-" << zerofill(1+TM.tm_mon) << "-" << zerofill(TM.tm_mday) << " " \
<< zerofill(TM.tm_hour) << ":" << zerofill(TM.tm_min) << ":" << zerofill(TM.tm_sec);
if (is == 0) f << "> E' stato rilevato un " << lptext << "." << endl; else f << "> " << lptext << endl;
f.close();
raise(SIGINT);
}
void GetKeys(){
istringstream iss(Key);
string tok;
int is;
while (getline(iss, tok, '\n')) {
istringstream iss2(tok);
string tok2;
int i=0;
while (iss2 >> tok2) {
if (tok2.find("=") != string::npos) {
if (tok2[0] == '.' && tok2[1] == 'E' && tok2[2] == 'P' && tok2[3] == 'K') {
is=0;
}else if (tok2[0] == '.' && tok2[1] == 'E' && tok2[2] == 'I' && tok2[3] == 'X') {
is=1;
}else if (tok2[0] == 'R' && tok2[1] == 'O' && tok2[2] == 'O' && tok2[3] == 'T') {
is=2;
}else if (tok2[0] == 'L' && tok2[1] == 'Z' && tok2[2] == 'O' && tok2[3] == '1') {
is=3;
}else if (tok2[0] == 'P' && tok2[1] == 'O' && tok2[2] == 'N' && tok2[3] == 'G') {
is=4;
}
tok2.erase(0, 5);
}
Keys[is][i]=HexToDec(tok2);
i++;
}
}
}
//IN QUESTO MODO IL CLIENT NON DA PROBLEMI
//QUESTO SETTAGGIO DELLE CHIAVI FUNZIONA COSI: SE LA CHIAVE NON VIENE SCRITTA LA RISCRIVE
void SetKeys(){
Eix:
if (!WriteProcessMemory(ProcessHandle, (LPVOID)(Offset[0]+0x400000), Keys[0], sizeof(Keys[0]), NULL)) {
goto Eix;
}
Epk:
if (!WriteProcessMemory(ProcessHandle, (LPVOID)(Offset[1]+0x400000), Keys[1], sizeof(Keys[1]), NULL)) {
goto Epk;
}
Root:
if (!WriteProcessMemory(ProcessHandle, (LPVOID)(Offset[2]+0x400000), Keys[2], sizeof(Keys[2]), NULL)) {
goto Root;
}
LZO:
if (!WriteProcessMemory(ProcessHandle, (LPVOID)(Offset[3]+0x400000), Keys[3], sizeof(Keys[3]), NULL)) {
goto LZO;
}
PONG:
if (!WriteProcessMemory(ProcessHandle, (LPVOID)(Offset[4]+0x400000), Keys[4], sizeof(Keys[4]), NULL)) {
goto PONG;
}
}
vector<string>Split(char Divisore, wstring StriNg){
string STriNg(StriNg.begin(), StriNg.end());
istringstream Iss(STriNg);
string Tok;
vector<string>Vettore;
while(getline(Iss, Tok, Divisore))Vettore.push_back(Tok);
return Vettore;
}
void Check_Process(){
HANDLE snapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (snapshot==INVALID_HANDLE_VALUE) ExitProc("Errore durante l'avvio della protezione", 0);
PROCESSENTRY32 pe32;
pe32.dwSize=sizeof(PROCESSENTRY32);
if (!Process32First(snapshot, &pe32)) {
CloseHandle(snapshot);
ExitProc("Errore durante il caricamento della protezione", 0);
}
vector<string>casaofcoso;
casaofcoso=Split('\\', pe32.szExeFile);
for (string &i : coso) {
if (strtolower(casaofcoso[casaofcoso.size()-1]).find(i) != string::npos) {
string I=i;
I[0]=toupper(I[0]);
ExitProc(I, 0);
}
}
casaofcoso.clear();
while (Process32Next(snapshot, &pe32)) {
casaofcoso=Split('\\', pe32.szExeFile);
for (string &i : coso) {
if (strtolower(casaofcoso[casaofcoso.size()-1]).find(i) != string::npos) {
string I=i;
I[0]=toupper(I[0]);
ExitProc(I, 0);
}
}
}
CloseHandle(snapshot);
}
void Check_Module(){
HANDLE snapshot=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessId);
if (snapshot==INVALID_HANDLE_VALUE) ExitProc("Errore durante l'avvio della protezione", 0);
MODULEENTRY32 me32;
me32.dwSize=sizeof(MODULEENTRY32);
if (!Module32First(snapshot, &me32)) {
CloseHandle(snapshot);
ExitProc("Errore durante il caricamento della protezione", 0);
}
vector<string>casaofcoso;
casaofcoso=Split('\\', me32.szModule);
for (string &i : coso) {
if (strtolower(casaofcoso[casaofcoso.size()-1]).find(i) != string::npos) {
string I=i;
I[0]=toupper(I[0]);
ExitProc(I, 0);
}
}
casaofcoso.clear();
while (Module32Next(snapshot, &me32)) {
casaofcoso=Split('\\', me32.szModule);
for (string &i : coso) {
if (strtolower(casaofcoso[casaofcoso.size()-1]).find(i) != string::npos) {
string I=i;
I[0]=toupper(I[0]);
ExitProc(I, 0);
}
}
}
CloseHandle(snapshot);
}
HMODULE __stdcall Hookata(LPCSTR lpfilename){
if (FindWindowA("OLLYDBG", NULL) || FindWindowA("WinDbgFrameClass", NULL)) ExitProc("Debugger", 0);
if (FindWindowA(NULL, "CH347 3NG1N3 9.9") || FindWindowA(NULL, "Metin2 MultiHack 1.8.5") || \
FindWindowA(NULL, "Switch-Bot 1.0.0.4 © by Unpublished")) ExitProc("Hack", 0);
if (FindWindowA("PROCEXPL", NULL) || FindWindowA("TreeListWindowClass", NULL) || FindWindowA("ProcessHacker", NULL) \
|| FindWindowA("PhTreeNew", NULL) || FindWindowA("SysListView32", NULL)) ExitProc("Rilevatore di processi", 0);
if (FindWindowA(NULL, "OldSchoolInject") || FindWindowA(NULL, "Injector © by Unpublished") \
|| FindWindowA(NULL, "Kernel Detective v1.4.1 :: System Idle Process")) ExitProc("Injector", 0);
Check_Process();
Check_Module();
return Originale(lpfilename);
}
void CloseLauncher(){
HWND Hwnd;
if (!(Hwnd=FindWindowA("WindowsForms10.Window.8.app.0.2bf8098_r28_ad1", " SXXLAUNCHERXSS "))) ExitProcess(0);
DWORD ProcessId;
GetWindowThreadProcessId(Hwnd, &ProcessId);
HANDLE Process=OpenProcess(PROCESS_TERMINATE, FALSE, (DWORD)ProcessId);
TerminateProcess(Process, 0xffffffff);
CloseHandle(Process);
}
long CRCFILE(string Filename) {
FILE *f;
if ((f=fopen(Filename.c_str(), "rb")) == NULL) {
if ((f=fopen(strtoupper(Filename).c_str(), "rb")) == NULL) {
if ((f=fopen(strtolower(Filename).c_str(), "rb")) == NULL) {
return 0;
}
}
}
unsigned long size;
fseek(f, 0, SEEK_END);
size=ftell(f);
fseek(f, 0, SEEK_SET);
unsigned char *File=new unsigned char[size];
fread(File, 1, size, f);
fclose(f);
unsigned long crc[256];
for (unsigned int i=0; i<=0xFF; i++) {
unsigned long coso=0;
unsigned long I=i;
for (unsigned int b=1; b<9; b++) {
if (I & 1) coso |= 1 << (8-b);
I >>= 1;
}
crc[i]=coso << 24;
for (unsigned int c=0; c<8; c++) crc[i]=(crc[i] << 1) ^ (crc[i] & (1 << 31) ? 0x04c11db7 : 0);
unsigned long coso2=0;
unsigned long Ii=crc[i];
for (unsigned int d=1; d<33; d++) {
if (Ii & 1) coso2 |= 1 << (32-d);
Ii >>= 1;
}
crc[i]=coso2;
}
unsigned long Crc=0xffffffff;
for (unsigned int i=0; i<size; i++) Crc=(Crc >> 8) ^ crc[(Crc & 0xFF) ^ File[i]];
delete [] File;
return Crc^0xffffffff;
}
inline void Control(){
unsigned long Flags=0;
__asm{
mov eax, fs:[30h]
mov eax, [eax+68h]
mov Flags, eax
}
if (Flags & 0x70) ExitProc("Debugger", 0);
char p=0;
__asm{
mov eax, fs:[30h]
mov al, [eax+2h]
mov p, al
}
if (p) ExitProc("Debugger", 0);
}
void SetPermissions(HANDLE ProcessHandle) {
EXPLICIT_ACCESS denyAccess = {0};
DWORD dwAccessPermissions = GENERIC_WRITE|PROCESS_ALL_ACCESS|WRITE_DAC|DELETE|WRITE_OWNER|READ_CONTROL;
BuildExplicitAccessWithName(&denyAccess, TEXT("CURRENT_USER"), dwAccessPermissions, DENY_ACCESS, NO_INHERITANCE);
PACL Pacl = NULL;
SetEntriesInAcl(1, &denyAccess, NULL, &Pacl);
SetSecurityInfo(ProcessHandle, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, Pacl, NULL);
LocalFree(Pacl);
CloseHandle(ProcessHandle);
}
void CheckDirectory(string Directory="") {
if (Directory.length() == 0) Directory="*"; else Directory=Directory+"\\*";
WIN32_FIND_DATAA FindData;
HANDLE Find=FindFirstFileA(Directory.c_str(), &FindData);
int py=0;
int m3d=0;
int asi=0;
int flt=0;
int mix=0;
while (FindNextFileA(Find, &FindData) != 0) {
if (!(FindData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)) {
if (strtolower(FindData.cFileName).compare("logininfo.py") == 0) {py=1; break;}
if (strtolower(FindData.cFileName).compare("mssa3d.m3d") != 0 && \
strtolower(FindData.cFileName).compare("mssds3d.m3d") != 0 && \
strtolower(FindData.cFileName).compare("mssdx7.m3d") != 0 && \
strtolower(FindData.cFileName).compare("msseax.m3d") != 0 && \
strtolower(FindData.cFileName).compare("mssrsx.m3d") != 0 && \
strtolower(FindData.cFileName).compare("msssoft.m3d") != 0) {
if (strtolower(FindData.cFileName).find(".m3d") != string::npos) {m3d=1; break;}
}
if (strtolower(FindData.cFileName).compare("mssmp3.asi") != 0 && \
strtolower(FindData.cFileName).compare("mssvoice.asi")) {
if (strtolower(FindData.cFileName).find(".asi") != string::npos) {asi=1; break;}
}
if (strtolower(FindData.cFileName).compare("mssdsp.flt")) {
if (strtolower(FindData.cFileName).find(".flt") != string::npos) {flt=1; break;}
}
if (strtolower(FindData.cFileName).find(".mix") != string::npos) {mix=1; break;}
}
}
if (!(py==0 && m3d==0 && asi==0 && flt==0 && mix==0)) {
string is;
if (py==1) is=".py";
if (m3d==1) is=".m3d";
if (asi==1) is=".asi";
if (flt==1) is=".flt";
if (mix==1) is=".mix";
ExitProc(is+" file injection", 0);
}
}
void CheckMss32(){
if (CRCFILE("mss32.dll") != -374552099) {
ExitProc("Injector", 0);
}
}
MYDLL void Main(){
__asm{
push ss
pop ss
mov eax, 9
xor edx, edx
}
Control();
OutputDebugString(TEXT("%s%s%s%s%s%s%s%s%s%s%s")TEXT("%s%s%s%s%s%s%s%s%s%s%s%s%s")TEXT("%s%s%s%s%s%s%s%s%s%s%s%s%s")TEXT("%s%s%s%s%s%s%s%s%s%s%s%s%s"));
//PROTEZIONE ANTIKILL DEL PROCESSO
SetPermissions(ProcessHandle);
//PRENDO LE CHIAVI DI CIFRATURA
GetKeys();
//SETTO LE CHIAVI DI CIFRATURA
SetKeys();
//CLOSE LAUNCHER
CloseLauncher();
signal(SIGINT, SignalHandler);
ofstream f("Aurora.txt", ofstream::out);
f << "Protection made by [GA]TheRock (Spaccone) & [TM]Reby (Aurora Bonny) (WrestlingMania O.O) ~~~ Compile Date: " << __DATE__ << " " << __TIME__ << endl;
f.close();
//CONTROLLO FILE .py, .mix, .m3d, .flt, .asi
CheckMss32();
CheckDirectory();
CheckDirectory("miles");
Originale=(HMODULE(__stdcall*)(LPCSTR))DetourFunction((PBYTE)Address, (PBYTE)Hookata);
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul, LPVOID lpReserved) {
switch (ul) {
case DLL_PROCESS_ATTACH:
Main();
break;
case DLL_PROCESS_DETACH:
DetourRemove((PBYTE)Address, (PBYTE)Originale);
break;
}
return TRUE;
}
Prima di compilare ricordate di inserire tra le vostre librerie i Detours.
Da compilare in Visual C++ (Io vi consiglio Visual Studio 2013 per Visual C++), e infine creare 1 piccolo patcher/launcher in C++ che auto injetta la dll prima dell'avvio del gioco, tipo cosi:
Codice:
string LAUNCHER="MioCoso.bin";
string PROTECTION="MiaCosaCompilata.dll";
int LoadLIBRARY(DWORD Proc_ID, string DLL_NAME){
char buf[50] = {0};
LPVOID RemoteString, LoadLibAddy;
if (!Proc_ID) {
MessageBoxA(0, "Errore durante l'avvio del gioco!", "Runtime Error", MB_ICONERROR);
return 0;
}
HANDLE Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, Proc_ID);
if (!Proc) {
MessageBoxA(0, "Errore durante l'avvio del gioco!", "Runtime Error", MB_ICONERROR);
return 0;
}
LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandleA("Kernel32.dll"), "LoadLibraryA");
RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME.c_str()), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME.c_str(), strlen(DLL_NAME.c_str()), NULL);
CreateRemoteThread(Proc, 0, 0, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, 0, 0);
CloseHandle(Proc);
return 0;
}
int StartGame(){
Sleep(2000);
STARTUPINFO si = {0};
PROCESS_INFORMATION pi = {0};
char path[200];
_getcwd(path, 200);
si.cb = sizeof(STARTUPINFO);
ifstream f(PROTECTION.c_str());
if (!f) {
MessageBoxA(0, "Errore durante l'avvio del gioco!", "Runtime Error", MB_ICONERROR);
return 0;
}
BOOLEAN p = CreateProcessA(NULL, (LPSTR)LAUNCHER.c_str(), NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, path, &si, &pi);
if (!p) {
MessageBoxA(0, "Errore durante l'avvio del gioco!", "Runtime Error", MB_ICONERROR);
return 0;
}
LoadLIBRARY(pi.dwProcessId, PROTECTION);
ResumeThread(pi.hThread);
return 0;
}
Fonte: BodyBuilder89 (FORUM ESTERNO)