Neuen Bypass erstellen

Quote:

Originally Posted by lolor2 Code: #include <stdio.h> #include <string.h> #include <windows.h> #include <tlhelp32.h> #pragma warn(disable: 2117) #define DEBUG_VALS 1 long GameVer = 0; void intro() { printf("********************************************\n"); printf(" BattleEye Script Detection Bypass v3\n"); printf(" Author: Darky\n"); printf(" GameVer: Arma2 OA/CO 1.60\n"); printf(" Date: 28/6/2012\n"); printf("********************************************\n\n"); } long GetProcessPID(char* ProcName) { PROCESSENTRY32 lppe; long PID = 0, Result = 0; HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); if (hSnap) { lppe.dwSize = sizeof(PROCESSENTRY32); Result = Process32First(hSnap, &lppe); while (Result) { if (_stricmp(lppe.szExeFile, ProcName)==0){ PID = lppe.th32ProcessID; break; } Result = Process32Next(hSnap, &lppe); } CloseHandle(hSnap); } return PID; } long ProcessFound(char* ProcName) { return GetProcessPID(ProcName); } long ModuleFound(long PID, char* Module) { MODULEENTRY32 lpme; long Result = 0, Found = 0; HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,PID); if (hSnap) { lpme.dwSize = sizeof(MODULEENTRY32); Result = Module32First(hSnap, &lpme); while (Result) { if (_stricmp(lpme.szModule,Module)==0) { Found = 1; break; } Result = Module32Next(hSnap, &lpme); } CloseHandle(hSnap); } return Found; } long WaitForModule(long PID, char* Module, long Milliseconds) { long Result = 0; long long start; if (Milliseconds > -1) { start = timeGetTime(); while (1) { if (ModuleFound(PID, Module)){ Result = 1; break; } else if ((timeGetTime()-start) >= Milliseconds){ break; } } } else { while (!ModuleFound(PID, Module)) { Sleep(5); } Result = 1; } return Result; } // This for Arma2 OA 1.60 Normal Version long BypassIt(long GamePID) { long Result = 0; const DWORD MainAddr = 0x0047F194; //0x00CA2578 DWORD thiPtr = 0, ptr1 = 0, ptr2 = 0, BE_CallBackFunc = 0, dummy = 0; HANDLE hProc = OpenProcess(PROCESS_VM_WRITE|PROCESS_VM_READ|PROCESS_VM_OPERATION,0,GamePID); if (hProc) { if (ReadProcessMemory(hProc, (const void*)MainAddr, &thiPtr, 4, 0)){ #if DEBUG_VALS printf("\n --- DEBUG VALS ---\nthisPtr: 0x%X\n",thiPtr); #endif if (ReadProcessMemory(hProc, (const void*)(thiPtr + 0x24), &ptr1, 4, 0)){ while (!ptr1){ ReadProcessMemory(hProc, (const void*)(thiPtr + 0x24), &ptr1, 4, 0); Sleep(100); } if (ptr1) { ptr2 = ptr1 + 0x198; if (ReadProcessMemory(hProc, (const void*)(ptr2 + 0x14), &BE_CallBackFunc, 4,0)){ printf((BE_CallBackFunc==0) ? "BE_CallBackFunc: 0x%X (Bypassed already)!\n" : "BE_CallBackFunc: 0x%X\n\n", BE_CallBackFunc); } else{ printf("Error - Failed to read BE_CallBackFunc addr: %i\n",GetLastError()); return 0; } if (WriteProcessMemory(hProc, (void*)(ptr2 + 0x14), &dummy, 4, 0)){ printf("Bypass Completed successfully\n"); } else{ printf("Error - WMP failed: %i\n",GetLastError()); } } } else{ printf("Error 2 - Failed to read pointer ptr1: %i\n",GetLastError()); } } else{ printf("Error 1 - Failed to read thisPtr: %i\n",GetLastError()); } CloseHandle(hProc); } return Result; } // Arma2 OA Beta 1.60 - 93825 // 00AB0DF9 55 PUSH EBP // Arma2 OA Beta 1.60 - 94209 //00AB0869 55 PUSH EBP // 00AB093E 8B7F 5C MOV EDI,[EDI+5C] ; BEClient.0F3933C0 // Sig: \xFB\x7F\x5C\x85\xFF\x74\x85\x8B\x45\x08\x85\xC0\x74\x05 // Mask: xxxxxxxxxxxxxx long BypassIt_Beta(long GamePID, long BetaVer) { long Result = 0; DWORD MainAddr = 0; DWORD thiPtr1 = 0, thiPtr2 = 0, ptr1 = 0, ptr2 = 0, BE_CallBackFunc = 0, dummy = 0; switch (BetaVer) { case 93825: { MainAddr = 0x004ACD48; break; } case 94209: { MainAddr = 0x004E3590; break; } } HANDLE hProc = OpenProcess(PROCESS_VM_WRITE|PROCESS_VM_READ|PROCESS_VM_OPERATION,0,GamePID); if (hProc) { if (ReadProcessMemory(hProc, (const void*)MainAddr, &thiPtr1, 4, 0)){ #if DEBUG_VALS printf("\n --- DEBUG VALS ---\nthiPtr1: 0x%X\n",thiPtr1); #endif if (ReadProcessMemory(hProc, (const void*)(thiPtr1+0x24), &thiPtr2, 4, 0)){ #if DEBUG_VALS printf("thiPtr2: 0x%X\n",thiPtr2); #endif ptr1 = thiPtr2 + 0x198; #if DEBUG_VALS printf("ptr1: 0x%X\n",ptr1); #endif if (ReadProcessMemory(hProc, (const void*)(ptr1 + 0x5C), &ptr2, 4, 0)){ BE_CallBackFunc = ptr2; printf((BE_CallBackFunc==0) ? "BE_CallBackFunc: 0x%X (Bypassed already)!\n" : "BE_CallBackFunc: 0x%X\n\n", BE_CallBackFunc); if (WriteProcessMemory(hProc, (void*)(ptr1 + 0x5C), &dummy, 4, 0)){ printf("Bypass Completed successfully\n"); } else{ printf("Error - WMP failed: %i\n",GetLastError()); } } else{ printf("Error 3 - Failed to read pointer ptr2: %i\n",GetLastError()); } } else{ printf("Error 2 - Failed to read thisPtr2: %i\n",GetLastError()); } } else{ printf("Error 2 - Failed to read thisPtr1: %i\n",GetLastError()); } CloseHandle(hProc); } } int main(int argc, char *argv[]) { intro(); long PID = 0; printf("Select your game version: \n\n"); printf("1. Arma2 OA 1.60\n"); printf("2. Arma2 OA 1.60 Beta 93825\n"); printf("3. Arma2 OA 1.60 Beta 94209\n"); scanf("%i", &GameVer); printf("\nWaiting for ArmA2OA.exe...\n"); while (!PID) { PID = GetProcessPID("arma2oa.exe"); Sleep(200); } printf("ArmA2OA.exe Found (%i)\n", PID); printf("Waiting for BEClient.dll...\n"); WaitForModule(PID, "BEClient.dll",-1); printf("BEClient.dll Found\n\n"); Sleep(1400); switch(GameVer) { case 1:{ BypassIt(PID); break; } case 2:{ BypassIt_Beta(PID, 93825); break; } case 3:{ BypassIt_Beta(PID, 94209); break; } default: { printf("Invalid GameVersion!\n"); break; } } return 0; } hier die source von ner alten version