Hackeado By;GLASUS ROOT

Gostaria de reagir a esta mensagem? Crie uma conta em poucos cliques ou inicie sessão para continuar.

CU

Vagas para staff's aberta seja um de nossos futuros staff e participe da nossa equipe para ver mais informações ( clique aqui )

    C++ Aimbot



    B0L4D0_MC



    C++ Aimbot 3j9g4cjmvurh2066g

    Mensagens : 11
    Ponts : 3196
    Data de inscrição : 27/07/2015

    C++ Aimbot Empty C++ Aimbot

    Mensagem por B0L4D0_MC Qua Jul 29, 2015 9:32 am

    Main.cpp
    Código PHP:
    #include
    #include
    #include
    #include
    #include
    #include
    #include "Hider.h"
    #pragma comment(lib, "Wininet.lib")
    #pragma warning(disable : 4018 4102)
    void CopyCode(PDWORD target, PDWORD newfunc)
    {
    DWORD Jmpto=(DWORD)(newfunc)-(DWORD)target-5;
    DWORD a;
    VirtualProtect(target, 8, PAGE_EXECUTE_READWRITE, &a);
    *(PBYTE)(target)=0xE9;
    *(PDWORD)((DWORD)(target)+1)=Jmpto;
    VirtualProtect(target, 8, a, &a);
    }
    class CHSBypass
    {
    public:
    char _0x0000[168];
    DWORD dwES;
    char _0x00AC[156];
    DWORD dwDIP;
    };
    HMODULE hGfxDx = LoadLibrary("i3GfxDx.dll");
    DWORD WINAPI HookUndetect5(LPVOID Param)
    {
    if (hGfxDx > 0)
    {
    DWORD tmp1 = (DWORD)GetProcAddress(hGfxDx, "?g_pRenderContext@@3PAVi3RenderContext@@A");
    DWORD tmp2 = 0;
    while(!pGDevice)
    {
    if(IsBadReadPtr((PDWORD)tmp1,4)==NULL)tmp2 = *(PDWORD)((DWORD)(tmp1))+ 0x5380; // ?EndRender@i3RenderContext@@QAEXXZ
    if(IsBadReadPtr((PDWORD)tmp2,4)==NULL)
    {
    DWORD OldProtect;
    VirtualProtect((void*)(tmp2), 4, PAGE_EXECUTE_READWRITE, &OldProtect);
    memcpy(&pGDevice, (void *)tmp2, 4);
    VirtualProtect((void*)(tmp2), 4, OldProtect, NULL);
    }
    }
    DWORD *g_pDevice = (DWORD*)pGDevice;
    g_pDevice = (DWORD*)g_pDevice[0];
    while(!pDevice)pDevice = (LPDIRECT3DDEVICE9)(DWORD*)g_pDevice;
    *(PDWORD)&oEndScene = g_pDevice[42];
    *(PDWORD)&oDrawIndexedPrimitive = g_pDevice[82];
    CopyCode((PDWORD)(g_pDevice[1] - 5), (PDWORD)(g_pDevice[4] - 5));
    CopyCode((PDWORD)(g_pDevice[2] - 5), (PDWORD)(g_pDevice[5] - 5));
    CopyCode((PDWORD)(g_pDevice[3] - 5), (PDWORD)(g_pDevice[6] - 5));
    CopyCode((PDWORD)(g_pDevice[4] - 5), (PDWORD)hkEndScene);
    CopyCode((PDWORD)(g_pDevice[5] - 5), (PDWORD)hkDrawIndexedPrimitive);
    while(1)
    {
    DWORD dwEhsvc = (DWORD)GetModuleHandleA("EhSvc.dll") + 0x126F64 + 0x7B; //1008EBA1 . 68 646F1210 PUSH ehsvc.10126F64 ; ASCII " Exception Raised (Error : 0x%x)"
    CHSBypass *CHS = *(CHSBypass**)dwEhsvc;
    g_pDevice[42] = (DWORD)g_pDevice[1] - 5;
    g_pDevice[82] = (DWORD)g_pDevice[2] - 5;
    CHS->dwES = g_pDevice[42];
    CHS->dwDIP = g_pDevice[82];
    Sleep(1000);
    }
    }
    return 0;
    }
    BOOL WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpvReserved){
    if(dwReason == DLL_PROCESS_ATTACH)
    {
    DisableThreadLibraryCalls(hModule);
    HideModule(hModule);//hide module and prevent detection from hackshield
    EraseHeaders(hModule);//erase header to dispatch any header like function in building from hackshield
    CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)HookUndetect5, NULL, NULL, NULL);
    }
    return TRUE;
    }
    Hider.h
    Código PHP:
    void HideModule(HINSTANCE hModule)
    {
    DWORD dwPEB_LDR_DATA = 0;
    _asm
    {
    pushad;
    pushfd;
    mov eax, fs:[30h]
    mov eax, [eax+0Ch]
    mov dwPEB_LDR_DATA, eax
    InLoadOrderModuleList:
    mov esi, [eax+0Ch]
    mov edx, [eax+10h]
    LoopInLoadOrderModuleList:
    lodsd
    mov esi, eax
    mov ecx, [eax+18h]
    cmp ecx, hModule
    jne SkipA
    mov ebx, [eax]
    mov ecx, [eax+4]
    mov [ecx], ebx
    mov [ebx+4], ecx
    jmp InMemoryOrderModuleList
    SkipA:
    cmp edx, esi
    jne LoopInLoadOrderModuleList
    InMemoryOrderModuleList:
    mov eax, dwPEB_LDR_DATA
    mov esi, [eax+14h]
    mov edx, [eax+18h]
    LoopInMemoryOrderModuleList:
    lodsd
    mov esi, eax
    mov ecx, [eax+10h]
    cmp ecx, hModule
    jne SkipB
    mov ebx, [eax]
    mov ecx, [eax+4]
    mov [ecx], ebx
    mov [ebx+4], ecx
    jmp InInitializationOrderModuleList
    SkipB:
    cmp edx, esi
    jne LoopInMemoryOrderModuleList
    InInitializationOrderModuleList:
    mov eax, dwPEB_LDR_DATA
    mov esi, [eax+1Ch]
    mov edx, [eax+20h]
    LoopInInitializationOrderModuleList:
    lodsd
    mov esi, eax
    mov ecx, [eax+08h]
    cmp ecx, hModule
    jne SkipC
    mov ebx, [eax]
    mov ecx, [eax+4]
    mov [ecx], ebx
    mov [ebx+4], ecx
    jmp Finished
    SkipC:
    cmp edx, esi
    jne LoopInInitializationOrderModuleList
    Finished:
    popfd;
    popad;
    }
    }
    void EraseHeaders(HINSTANCE hModule)
    {
    /*
    * just a func to erase headers by Croner.
    * keep in mind you wont be able to load
    * any resources after you erase headers.
    */
    PIMAGE_DOS_HEADER pDoH;
    PIMAGE_NT_HEADERS pNtH;
    DWORD i, ersize, protect;
    if (!hModule) return;

    // well just to make clear what we doing
    pDoH = (PIMAGE_DOS_HEADER)(hModule);
    pNtH = (PIMAGE_NT_HEADERS)((LONG)hModule + ((PIMAGE_DOS_HEADER)hModule)->e_lfanew);
    ersize = sizeof(IMAGE_DOS_HEADER);
    if ( VirtualProtect(pDoH, ersize, PAGE_READWRITE, &protect) )
    {
    for ( i=0; i < ersize; i++ )
    *(BYTE*)((BYTE*)pDoH + i) = 0;
    }
    ersize = sizeof(IMAGE_NT_HEADERS);
    if ( pNtH && VirtualProtect(pNtH, ersize, PAGE_READWRITE, &protect) )
    {
    for ( i=0; i < ersize; i++ )
    *(BYTE*)((BYTE*)pNtH + i) = 0;
    }
    return;
    }
    Code :

    Código PHP:
    Well, i dont know how to make this simple to read, sorry for bad english.
    but please read my explanation from this hackshield bug

    the first bug is this :
    EraseHeaders(hModule);//erase header to dispatch any header like function in building from hackshield
    this is a function to make that DOS Header and NT Header that explain "This is an module" erased from PB Memory
    not much that
    HideModule(hModule);//hide module and prevent detection from hackshield
    Thats make our module get hidden from module listing, i dont have idea why can be like that, after i inject it and openmy dll name in CheatEngine, for example :
    FahmyXFiles.dll

    that CE cannot detect it! And from that we can conclude that this function make the module handler of our dll not readed as module,
    thats make undetected from hackshield


    now the second bug in EhSvc Module,
    /*
    DWORD tmp1 = (DWORD)GetProcAddress(hGfxDx, "?g_pRenderContext@@3PAVi3RenderContext@@A");
    DWORD tmp2 = 0;

    while(!pGDevice)
    {
    if(IsBadReadPtr((PDWORD)tmp1,4)==NULL)tmp2 = *(PDWORD)((DWORD)(tmp1))+ 0x5380; // ?EndRender@i3RenderContext@@QAEXXZ
    if(IsBadReadPtr((PDWORD)tmp2,4)==NULL)
    {
    DWORD OldProtect;
    VirtualProtect((void*)(tmp2), 4, PAGE_EXECUTE_READWRITE, &OldProtect);
    memcpy(&pGDevice, (void *)tmp2, 4);
    VirtualProtect((void*)(tmp2), 4, OldProtect, NULL);
    }
    }
    */
    as you see, this is a code replace from the IAT hooking, or can i say that in IAT hooking the code like this :
    /*
    DWORD VTable[3] = {0};
    while(GetModuleHandle(hD3D) == 0){
    Sleep(100);
    }
    IATInstalattion(VTable);//Searching VTable
    HOOK(EndScene,VTable[**]);//Hook End Scene


    Creditos
    Jackal
    &
    B0L4D0_MC

      Data/hora atual: Qui Mar 28, 2024 10:39 am