1.
Das ist nur für Leute die damit was anfangen können!
Ich werden dazu keine Fragen beantworten
Das ist nur für Leute die damit was anfangen können!
Ich werden dazu keine Fragen beantworten
Sprache: C++Quote:
I don't even code in C++ nor do I understand it very well but here's the some of the source to the little shitty anti-hack which simply protects against automaton...
I could probably improve it anti dll injection etc, but why spend my time when my buddy is dev'n a better one for fame.
Code:
// FFF_ACC.cpp : Defines the entry point for the DLL application.
//
#include "stdafx.h"
#include "FFF_ACC.h"
#include "socket.h"
#include <AtlBase.h>
#include <windows.h>
#include <iostream>
#include <conio.h>
#include <tlhelp32.h>
#include <tchar.h>
using namespace std;
HWND MainWindowHandle = 0;
bool InitWindowApp(HINSTANCE instanceHandle, int Show);
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
bool check_user(){
bool result;
// Firewall Check Removed For Security Purposes //
return result;
}
void ban_user(char *handler){
// Ban Function Removed For Security Purposes //
}
void wconsole(const char *text,char *color){
if(color == "white"){
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY | FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
}
if(color == "green"){
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY | FOREGROUND_GREEN);
}
if(color == "red"){
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY | FOREGROUND_RED);
}
char consoleStringBuffer[2000];
HANDLE hOut = GetStdHandle(STD_OUTPUT_HANDLE);
DWORD dwChars;
sprintf(consoleStringBuffer, text);
WriteConsole(hOut, consoleStringBuffer,
(DWORD)strlen(consoleStringBuffer), &dwChars, NULL);
}
void wconsole_prox(const char *text, char *color){
wconsole("[","white");
wconsole("ACC","green");
wconsole("]: ","white");
wconsole(text,color);
wconsole("\r\n","white");
}
void reset_method(){
wconsole_prox("Attempting to reset connection to anti-cheat system!","red");
wconsole_prox("Please standby...","white");
// Reset Method Removed For Security Purposes //
}
void acc_connect(){
wconsole_prox("The AntiHack system will now attempt to connect to the server side.","white");
wconsole_prox("Please standby...","white");
// Connect Method Removed For Security Purposes //
}
DWORD WINAPI ThreadFunc( LPVOID lpParam )
{
AllocConsole();
SetConsoleTitle("FlyForFame Anti-Hack Beta 0.2 | Status Window");
char text[255];
sprintf(text,"Calling: %s", reinterpret_cast<const char*>(lpParam));
wconsole_prox("FlyForFame Anti-Hack System(Beta 0.2), Successfully Loaded!","white");
wconsole_prox(text,"white");
if(strstr(reinterpret_cast<const char*>(lpParam),"acc_connect")){
acc_connect();
}else{
if(strstr(reinterpret_cast<const char*>(lpParam),"CheckUser")){
check_user();
}
if(strstr(reinterpret_cast<const char*>(lpParam),"Ban0E1")){
ban_user("E01");
}
if(strstr(reinterpret_cast<const char*>(lpParam),"Ban0E2")){
ban_user("E02");
}
if(strstr(reinterpret_cast<const char*>(lpParam),"Ban0E3")){
ban_user("E03");
}
if(strstr(reinterpret_cast<const char*>(lpParam),"Ban0E4")){
ban_user("E04");
}
if(strstr(reinterpret_cast<const char*>(lpParam),"Ban0E5")){
ban_user("E05");
}else{
acc_connect();
}
}
return 0;
}
void automaton_registry(int level)
{
// Automaton Registry Check //
// When Automaton is installed the path to FlyFF is set here. //
// If Automaton is run the Teleport keys are stored here. //
// Detection Method: 0E1 //
if(level == 1){
CRegKey key;
long nError = key.Open(HKEY_CURRENT_USER, "Software\\FlyFF Automaton", MB_OK);
if(nError == ERROR_SUCCESS)
{
DWORD dwThreadId;
char dwThrdParam[7] = "Ban0E1";
HANDLE hThread;
hThread = CreateThread(NULL,0,ThreadFunc,&dwThrdParam,0,&dwThreadId);
MessageBox(NULL, "FlyFF Automaton has been detected!\n\nYou've now been IP/Account Banned.\n\nThe detection does not mean you were running Automaton currently.\nIt could mean it used to be on your system or still resides on your system.\n\nPrivate Message: AntiHack\nOn the forums for information on getting unbanned or why you got this message.\n\n\nDetection Method: 0E1", "FlyForFame Anti-Cheat(Beta 0.1)", MB_OK);
exit(0);
}
}
// GameGuard Down //
// If any application ever loads the gameguard down service it should popup here. //
// I'd asume it's simply used to bypass game guard, but still can be used as a detection method. //
// Detection Method: E02 //
if(level == 2){
CRegKey key;
long nError = key.Open(HKEY_LOCAL_MACHINE, "SYSTEM\\ControlSet001\\Enum\\Root\\LEGACY_GAMEGUARDDOWN", KEY_READ);
if(nError == ERROR_SUCCESS)
{
DWORD dwThreadId;
char dwThrdParam[16] = "Ban0E2";
HANDLE hThread;
hThread = CreateThread(NULL,0,ThreadFunc,&dwThrdParam,0,&dwThreadId);
MessageBox(NULL, "GameGuard Down(FlyFF Automaton Module) has been detected!\n\nYou've now been IP/Account Banned.\n\nThe detection does not mean you were running Automaton currently.\nIt could mean it used to be on your system or still resides on your system.\n\nPrivate Message: AntiHack\nOn the forums for information on getting unbanned or why you got this message.\n\n\nDetection Method: 0E2", "FlyForFame Anti-Cheat(Beta 0.1)", MB_OK);
exit(0);
}
}
// GameGuard Down //
// I'm certain that any application that loads gameguard down would create this key. //
// Windows uses registry in order to store services and system drivers. //
// The catch is windows never removes these registry keys even when the service, or driver is unloaded the key remains. //
// Detection Method: 0E3 //
if(level == 3){
CRegKey key;
long nError = key.Open(HKEY_LOCAL_MACHINE, "SYSTEM\\ControlSet001\\Services\\GameGuardDown", KEY_READ);
if(nError == ERROR_SUCCESS)
{
DWORD dwThreadId;
char dwThrdParam[16] = "Ban0E3";
HANDLE hThread;
hThread = CreateThread(NULL,0,ThreadFunc,&dwThrdParam,0,&dwThreadId);
MessageBox(NULL, "GameGuard Down(FlyFF Automaton Module) has been detected!\n\nYou've now been IP/Account Banned.\n\nThe detection does not mean you were running Automaton currently.\nIt could mean it used to be on your system or still resides on your system.\n\nPrivate Message: AntiHack\nOn the forums for information on getting unbanned or why you got this message.\n\n\nDetection Method: 0E3", "FlyForFame Anti-Cheat(Beta 0.1)", MB_OK);
exit(0);
}
}
// Detection Method: 0E4 //
if(level == 4){
CRegKey key;
long n1Error = key.Open(HKEY_LOCAL_MACHINE, "SYSTEM\\ControlSet003\\Services\\GameGuardDown", KEY_READ);
if(n1Error == ERROR_SUCCESS)
{
DWORD dwThreadId;
char dwThrdParam[16] = "Ban0E4";
HANDLE hThread;
hThread = CreateThread(NULL,0,ThreadFunc,&dwThrdParam,0,&dwThreadId);
MessageBox(NULL, "GameGuard Down(FlyFF Automaton Module) has been detected!\n\nYou've now been IP/Account Banned.\n\nThe detection does not mean you were running Automaton currently.\nIt could mean it used to be on your system or still resides on your system.\n\nPrivate Message: AntiHack\nOn the forums for information on getting unbanned or why you got this message.\n\n\nDetection Method: 0E4", "FlyForFame Anti-Cheat(Beta 0.1)", MB_OK);
exit(0);
}
}
// Detection Method: 0E5 //
if(level == 5){
CRegKey key;
long n2Error = key.Open(HKEY_LOCAL_MACHINE, "SYSTEM\\ControlSet003\\Enum\\Root\\LEGACY_GAMEGUARDDOWN", KEY_READ);
if(n2Error == ERROR_SUCCESS)
{
DWORD dwThreadId;
char dwThrdParam[16] = "Ban0E5";
HANDLE hThread;
hThread = CreateThread(NULL,0,ThreadFunc,&dwThrdParam,0,&dwThreadId);
MessageBox(NULL, "GameGuard Down(FlyFF Automaton Module) has been detected!\n\nYou've now been IP/Account Banned.\n\nThe detection does not mean you were running Automaton currently.\nIt could mean it used to be on your system or still resides on your system.\n\nPrivate Message: AntiHack\nOn the forums for information on getting unbanned or why you got this message.\n\n\nDetection Method: 0E5", "FlyForFame Anti-Cheat(Beta 0.1)", MB_OK);
exit(0);
}
}
}
void antihack_connect()
{
DWORD dwThreadId;
char dwThrdParam[12] = "acc_connect";
HANDLE hThread;
hThread = CreateThread(NULL,0,ThreadFunc,&dwThrdParam,0,&dwThreadId);
}
void _stdcall check()
{
// Automaton/GameGuard Down Checks //
automaton_registry(1);
automaton_registry(2);
automaton_registry(3);
automaton_registry(4);
automaton_registry(5);
// Connection to the anticheat server //
antihack_connect();
}
