Code:
#include <stdio.h>
#include <string.h>
#include <windows.h>
#include <tlhelp32.h>
#pragma warn(disable: 2117)
#define DEBUG_VALS 1
long GameVer = 0;
void intro()
{
printf("********************************************\n");
printf(" BattleEye Script Detection Bypass v3\n");
printf(" Author: Darky\n");
printf(" GameVer: Arma2 OA/CO 1.60\n");
printf(" Date: 28/6/2012\n");
printf("********************************************\n\n");
}
long GetProcessPID(char* ProcName)
{
PROCESSENTRY32 lppe;
long PID = 0, Result = 0;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if (hSnap)
{
lppe.dwSize = sizeof(PROCESSENTRY32);
Result = Process32First(hSnap, &lppe);
while (Result)
{
if (_stricmp(lppe.szExeFile, ProcName)==0){
PID = lppe.th32ProcessID;
break;
}
Result = Process32Next(hSnap, &lppe);
}
CloseHandle(hSnap);
}
return PID;
}
long ProcessFound(char* ProcName)
{
return GetProcessPID(ProcName);
}
long ModuleFound(long PID, char* Module)
{
MODULEENTRY32 lpme;
long Result = 0, Found = 0;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,PID);
if (hSnap)
{
lpme.dwSize = sizeof(MODULEENTRY32);
Result = Module32First(hSnap, &lpme);
while (Result)
{
if (_stricmp(lpme.szModule,Module)==0)
{
Found = 1;
break;
}
Result = Module32Next(hSnap, &lpme);
}
CloseHandle(hSnap);
}
return Found;
}
long WaitForModule(long PID, char* Module, long Milliseconds)
{
long Result = 0;
long long start;
if (Milliseconds > -1)
{
start = timeGetTime();
while (1)
{
if (ModuleFound(PID, Module)){
Result = 1;
break;
}
else if ((timeGetTime()-start) >= Milliseconds){
break;
}
}
}
else
{
while (!ModuleFound(PID, Module))
{
Sleep(5);
}
Result = 1;
}
return Result;
}
// This for Arma2 OA 1.60 Normal Version
long BypassIt(long GamePID)
{
long Result = 0;
const DWORD MainAddr = 0x0047F194; //0x00CA2578
DWORD thiPtr = 0, ptr1 = 0, ptr2 = 0, BE_CallBackFunc = 0, dummy = 0;
HANDLE hProc = OpenProcess(PROCESS_VM_WRITE|PROCESS_VM_READ|PROCESS_VM_OPERATION,0,GamePID);
if (hProc)
{
if (ReadProcessMemory(hProc, (const void*)MainAddr, &thiPtr, 4, 0)){
#if DEBUG_VALS
printf("\n --- DEBUG VALS ---\nthisPtr: 0x%X\n",thiPtr);
#endif
if (ReadProcessMemory(hProc, (const void*)(thiPtr + 0x24), &ptr1, 4, 0)){
while (!ptr1){
ReadProcessMemory(hProc, (const void*)(thiPtr + 0x24), &ptr1, 4, 0);
Sleep(100);
}
if (ptr1)
{
ptr2 = ptr1 + 0x198;
if (ReadProcessMemory(hProc, (const void*)(ptr2 + 0x14), &BE_CallBackFunc, 4,0)){
printf((BE_CallBackFunc==0) ? "BE_CallBackFunc: 0x%X (Bypassed already)!\n" : "BE_CallBackFunc: 0x%X\n\n", BE_CallBackFunc);
}
else{
printf("Error - Failed to read BE_CallBackFunc addr: %i\n",GetLastError());
return 0;
}
if (WriteProcessMemory(hProc, (void*)(ptr2 + 0x14), &dummy, 4, 0)){
printf("Bypass Completed successfully\n");
}
else{
printf("Error - WMP failed: %i\n",GetLastError());
}
}
}
else{
printf("Error 2 - Failed to read pointer ptr1: %i\n",GetLastError());
}
}
else{
printf("Error 1 - Failed to read thisPtr: %i\n",GetLastError());
}
CloseHandle(hProc);
}
return Result;
}
// Arma2 OA Beta 1.60 - 93825
// 00AB0DF9 55 PUSH EBP
// Arma2 OA Beta 1.60 - 94209
//00AB0869 55 PUSH EBP
// 00AB093E 8B7F 5C MOV EDI,[EDI+5C] ; BEClient.0F3933C0
// Sig: \xFB\x7F\x5C\x85\xFF\x74\x85\x8B\x45\x08\x85\xC0\x74\x05
// Mask: xxxxxxxxxxxxxx
long BypassIt_Beta(long GamePID, long BetaVer)
{
long Result = 0;
DWORD MainAddr = 0;
DWORD thiPtr1 = 0, thiPtr2 = 0, ptr1 = 0, ptr2 = 0, BE_CallBackFunc = 0, dummy = 0;
switch (BetaVer)
{
case 93825:
{
MainAddr = 0x004ACD48;
break;
}
case 94209:
{
MainAddr = 0x004E3590;
break;
}
}
HANDLE hProc = OpenProcess(PROCESS_VM_WRITE|PROCESS_VM_READ|PROCESS_VM_OPERATION,0,GamePID);
if (hProc)
{
if (ReadProcessMemory(hProc, (const void*)MainAddr, &thiPtr1, 4, 0)){
#if DEBUG_VALS
printf("\n --- DEBUG VALS ---\nthiPtr1: 0x%X\n",thiPtr1);
#endif
if (ReadProcessMemory(hProc, (const void*)(thiPtr1+0x24), &thiPtr2, 4, 0)){
#if DEBUG_VALS
printf("thiPtr2: 0x%X\n",thiPtr2);
#endif
ptr1 = thiPtr2 + 0x198;
#if DEBUG_VALS
printf("ptr1: 0x%X\n",ptr1);
#endif
if (ReadProcessMemory(hProc, (const void*)(ptr1 + 0x5C), &ptr2, 4, 0)){
BE_CallBackFunc = ptr2;
printf((BE_CallBackFunc==0) ? "BE_CallBackFunc: 0x%X (Bypassed already)!\n" : "BE_CallBackFunc: 0x%X\n\n", BE_CallBackFunc);
if (WriteProcessMemory(hProc, (void*)(ptr1 + 0x5C), &dummy, 4, 0)){
printf("Bypass Completed successfully\n");
}
else{
printf("Error - WMP failed: %i\n",GetLastError());
}
}
else{
printf("Error 3 - Failed to read pointer ptr2: %i\n",GetLastError());
}
}
else{
printf("Error 2 - Failed to read thisPtr2: %i\n",GetLastError());
}
}
else{
printf("Error 2 - Failed to read thisPtr1: %i\n",GetLastError());
}
CloseHandle(hProc);
}
}
int main(int argc, char *argv[])
{
intro();
long PID = 0;
printf("Select your game version: \n\n");
printf("1. Arma2 OA 1.60\n");
printf("2. Arma2 OA 1.60 Beta 93825\n");
printf("3. Arma2 OA 1.60 Beta 94209\n");
scanf("%i", &GameVer);
printf("\nWaiting for ArmA2OA.exe...\n");
while (!PID)
{
PID = GetProcessPID("arma2oa.exe");
Sleep(200);
}
printf("ArmA2OA.exe Found (%i)\n", PID);
printf("Waiting for BEClient.dll...\n");
WaitForModule(PID, "BEClient.dll",-1);
printf("BEClient.dll Found\n\n");
Sleep(1400);
switch(GameVer)
{
case 1:{
BypassIt(PID);
break;
}
case 2:{
BypassIt_Beta(PID, 93825);
break;
}
case 3:{
BypassIt_Beta(PID, 94209);
break;
}
default: {
printf("Invalid GameVersion!\n");
break;
}
}
return 0;
}
hab ich das gegenteil behauptet lag einfach auf meiner platte ahbs nicht durchgelesen