You last visited: Today at 02:41
Advertisement
c++ code anti GG...
Discussion on c++ code anti GG... within the 9Dragons forum part of the MMORPGs category.
11/17/2011, 22:20
#1
elite*gold: 0
Join Date: Dec 2008
Posts: 367
Received Thanks: 124
c++ code anti GG...
hi found this code from "Fyyre"...
but for some reaso idk why i cant compilate or make it work
say i have some missing files " ntoskrnl.h and driver.h "
btw maybe someone here can make it works or explain the code...
Code:
//prevents GameMon from deleting dump_wmimmc.sys
//by hooking of ZwCreateFile
//
//Fyyre
//http://fyyre.l2-fashion.de
//
//
#define UNICODE
#define VER_PRODUCTBUILD 2600
#define _X86_
#include "ntoskrnl.h"
#include "driver.h"
#define SYSTEMSERVICE(_function) KeServiceDescriptorTable.ServiceTableBase[ *(PULONG)((PUCHAR)_function+1)]
typedef NTSTATUS (__stdcall *ZWCREATEFILE)(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, PLARGE_INTEGER AllocationSize ,ULONG FileAttributes,ULONG ShareAccess,ULONG CreateDisposition,ULONG CreateOptions,PVOID EaBuffer ,ULONG EaLength);
ZWCREATEFILE ntoskrnl_ZwCreateFile;
PDEVICE_OBJECT ThisDevice;
PDRIVER_OBJECT ThisDriver;
UNICODE_STRING DeviceNameString;
UNICODE_STRING DestinationString;
PEPROCESS pProcess = 0;
ULONG NtosBase;
NTSTATUS
NewZwCreateFile(PHANDLE FileHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes,
PIO_STATUS_BLOCK IoStatusBlock,
PLARGE_INTEGER AllocationSize,
ULONG FileAttributes,
ULONG ShareAccess,
ULONG CreateDisposition,
ULONG CreateOptions,
PVOID EaBuffer,
ULONG EaLength)
{
PEPROCESS pProcess = PsGetCurrentProcess();
PCHAR FileName = (PCHAR) pProcess->ImageFileName;
//Determine the name of the calling process, is it GameMon.des...
if(strcmpinA("GameMon.des", FileName, \
strlenA("GameMon.des")) == NULL)
{
//and does he want to create/obtain handle of dump_wmimmc.sys?
if(strcmpW(ObjectAttributes->ObjectName->Buffer, L"dump_wmimmc"))
{
DbgPrint("GameMon sent CreateFile request...\r\n");
//filter for: CreateOptions FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE | FILE_DELETE_ON_CLOSE
//DesiredAccess: GENERIC_READ | READ_ATTRIBUTES | DELETE
if ((DesiredAccess == 0x400100D0) || (CreateOptions == 0x1060))
{
DbgPrint("ZwCreateFile: FileHandle: %x DesiredAccess: %x AllocationSize: %x ShareAccess: %x\r\n CreateDisposition: %x CreateOptions: %x\r\n", FileHandle, DesiredAccess, AllocationSize, ShareAccess, CreateDisposition, CreateOptions);
//GameMon will not delete dump_wmimmc.sys now =))
return ntoskrnl_ZwCreateFile(FileHandle,
GENERIC_READ | READ_ATTRIBUTES,
ObjectAttributes,
IoStatusBlock,
AllocationSize,
FileAttributes,
ShareAccess,
CreateDisposition,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE,
EaBuffer,
EaLength);
}
}
}
return ntoskrnl_ZwCreateFile(FileHandle,
DesiredAccess,
ObjectAttributes,
IoStatusBlock,
AllocationSize,
FileAttributes,
ShareAccess,
CreateDisposition,
CreateOptions,
EaBuffer,
EaLength);
}
VOID DoStuff()
{
//NtosBase = (ULONG)FindNtosBase();
//DbgPrint("ntoskrnl base address: %x\r\n", NtosBase);
memopen();
ntoskrnl_ZwCreateFile = (ZWCREATEFILE)i386InterlockedExchangeUlong((PULONG)&SYSTEMSERVICE(ZwCreateFile),
(ULONG)NewZwCreateFile);
memclose();
}
VOID __stdcall Unload(IN PDRIVER_OBJECT DriverObject)
{
memopen();
i386InterlockedExchangeUlong((PULONG)&SYSTEMSERVICE(ZwCreateFile), (ULONG)ntoskrnl_ZwCreateFile);
memclose();
IoDeleteDevice(DriverObject->DeviceObject);
}
NTSTATUS __stdcall HandleCreateClose(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
{
UNREFERENCED_PARAMETER(DeviceObject);
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = NULL;
IofCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
NTSTATUS __stdcall DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
NTSTATUS Status;
UNREFERENCED_PARAMETER(RegistryPath);
RtlInitUnicodeString(&DeviceNameString, L"\\Device\\this");
Status = IoCreateDevice(DriverObject, NULL, &DeviceNameString, FILE_DEVICE_UNKNOWN, NULL, FALSE, &ThisDevice);
if (Status == STATUS_SUCCESS)
{
DriverObject->DriverUnload = &Unload;
DriverObject->MajorFunction[IRP_MJ_CREATE] = &HandleCreateClose;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = &HandleCreateClose;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = &HandleCreateClose;
}
DoStuff();
return STATUS_SUCCESS;
}
Need anti afk code
07/27/2011 - Facebook - 1 Replies
That works with razorkings new to old bym :)
Welcher Anti-SQL-Injection-Code ist sicherer?
07/19/2010 - General Coding - 5 Replies
Ich beschäftige mich schon seit längerem mit Privatserver HPs, nun meine Frage:
Was ist sicherer?
<?php
function anti_injection($sql) {
$sql = preg_replace(sql_regcase("/(from|select|inser t|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
Anti Xign Code is made in what ?
01/13/2010 - Dekaron - 12 Replies
Anti Xign Code is made in what ?
Visual C++ ?
Auto-Queue/Anti-AFK HonorBot With Source Code (c++)
10/13/2007 - WoW Exploits, Hacks, Tools & Macros - 10 Replies
I wrote this bot awhile back before BC released in C# but a lot of my friends were complaining about the .Net Framework .. so w/e .. i rewrote it in c++
Source Code .. Screenshots .. Binarys
Index of /nullvalue/nullvalue/HonorBot
This is still a beta and although it all functions correctly the "Auto-Queue" routine needs a little tweaking .. so modify the source if you want
How It Works -
Every 18 seconds or so .. the bot checks to see if your queued .. if your not, it runs the...
All times are GMT +2. The time now is 02:41 .
c++ code anti GG...
