[Source Code]Cabal Pilipinas Bypass

Page 1 of 2

04/02/2017 04:44 Matthew Dartz#1

As the title already says, I just want to release it with source code, so you guys can use, change, study or whatever you want.

Language: C.
IDE: Visual Studio 2008 Pro.

Source:

Spoiler

PHP Code:


			
#pragma warning (disable: 4996)



#ifdef UNICODE

  #undef UNICODE

#endif



#include <Windows.h>

#include <TlHelp32.h>

#include <psapi.h>

#include <stdio.h>



#define callNT(name, params, args) ((long (__stdcall *)params)GetProcAddress(GetModuleHandleA("ntdll.dll"),name))args



#define ThreadQuerySetWin32StartAddress 9

#define WNDCLASS "D3D Window"

#define DLLNAME  "GameGuard.dll"



bool isGameAlive()

{

  return (FindWindowA(WNDCLASS, 0) != 0);

}



bool searchAndKillDllThreads()

{

  long killCount = 0;

  HANDLE hProcess;

  HANDLE hSnap;

  DWORD pid;



  GetWindowThreadProcessId(FindWindowA(WNDCLASS, 0),&pid);

  hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pid);



  if (hProcess == INVALID_HANDLE_VALUE)

  {

    printf("[error] OpenProcess has failed.\n");

    return false;

  }

  

  if (callNT("NtSuspendProcess",(HANDLE),(hProcess)) == 0)

  {

    tagMODULEENTRY32 mEntry = { 0 };

    tagTHREADENTRY32 tEntry = { 0 };



    mEntry.dwSize = sizeof(mEntry);

    hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pid);

    if (Module32First(hSnap, &mEntry))

    {

      do

      {

        if (!lstrcmpiA(mEntry.szModule, DLLNAME))

        {

          printf("[info]  Found Module: \"%s\" at 0x%08X, size: 0x%X\n", DLLNAME, mEntry.hModule, mEntry.modBaseSize);

          break;

        }

      }

      while (Module32Next(hSnap, &mEntry));

      callNT("NtClose",(HANDLE),(hSnap));

    }



    if (!lstrcmpiA(mEntry.szModule, DLLNAME))

    {

      tEntry.dwSize = sizeof(tEntry);

      hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);

      if (Thread32First(hSnap, &tEntry))

      {

        do

        {

          if (tEntry.th32OwnerProcessID == pid)

          {

            HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, false, tEntry.th32ThreadID);

            unsigned long thStartAddress;



            if (callNT("NtQueryInformationThread",(HANDLE, long, void*, long, void*),(hThread, ThreadQuerySetWin32StartAddress, &thStartAddress, sizeof(thStartAddress), 0)) == 0)

            {

              char* action = "ignored";

              char address[255] = { 0 };



              if ((thStartAddress >= (unsigned long)mEntry.hModule) && (thStartAddress <= ((unsigned long)mEntry.hModule + (unsigned long)mEntry.modBaseSize)))

              {

                if (callNT("NtTerminateThread",(HANDLE, long),(hThread, 0)) == 0)

                {

                  killCount++;

                  action = "killed";

                }

                else

                  action = "failed";



                sprintf(address, "\"%s\"+0x%X", DLLNAME, thStartAddress - (unsigned long)mEntry.hModule);

              }

              else

              {

                callNT("NtClose",(HANDLE),(hThread));

                sprintf(address, "0x%08X", thStartAddress);

              }



              printf("[info]  Thread address: %s, action: %s\n", address, action);

            }

            else

            {

              printf("[error] NtQueryInformationThread has failed, try opening me as admin.\n");

              return false;

            }

          }

        }

        while (Thread32Next(hSnap, &tEntry));

        callNT("NtClose",(HANDLE),(hSnap));

      }

    }

    

    callNT("NtResumeProcess",(HANDLE),(hProcess));

  }

  else

  {

    printf("[error] NtSuspendProcess has failed, try opening me as admin.\n");

    return false;

  }



  callNT("NtClose",(HANDLE),(hProcess));



  return (killCount > 0);

}



void main()

{

  char n;



  SetConsoleTitleA("Cabal Pilipinas Bypass - by Matthew Dartz");



  if (!isGameAlive())

    printf("[info]  Waiting for the game...\n");

  while (!isGameAlive()) Sleep(100);

  

  do

  {

    printf("[warn]  Are you in the login screen (y/n)? ");

    scanf("%c",&n);

    fflush(stdin);

    

    if (n != 'y')

      printf("[warn]  Ok, so wait until there.\n");

    else

    {

      if (!isGameAlive())

      {

        n = 'n';

        printf("[error] Why did you close the game? Start it again and wait.\n");

      }

    }

  }

  while (n != 'y');

  

  if (searchAndKillDllThreads())

    printf("[info]  Sucessfully Bypassed.\n");

  else

    printf("[warn]  Couldn't find any thread to bypass (it should be already bypassed, check the logs from above).\n");

  

  printf("\n");

  system("pause");

}

04/02/2017 05:09 Demon Hex#2

TIP: You can use this code in NSE too, also MSHIELD :V

04/02/2017 14:14 dorginho#3

pliss bypass mshield

04/02/2017 15:46 kriselle22#4

sir panu mag cheat sa cheat engine

04/03/2017 15:53 XPrinceJoeyX#5

please make a trainer for CABAL HELIX
PLEASE ..

04/04/2017 04:24 kurinaixl#6

Quote:

Originally Posted by Matthew Dartz

As the title already says, I just want to release it with source code, so you guys can use, change, study or whatever you want.

Language: C.
IDE: Visual Studio 2008 Pro.

Source:

Spoiler

PHP Code:

#pragma warning (disable: 4996) #ifdef UNICODE #undef UNICODE #endif #include <Windows.h> #include <TlHelp32.h> #include <psapi.h> #include <stdio.h> #define callNT(name, params, args) ((long (__stdcall *)params)GetProcAddress(GetModuleHandleA("ntdll.dll"),name))args #define ThreadQuerySetWin32StartAddress 9 #define WNDCLASS "D3D Window" #define DLLNAME "GameGuard.dll" bool isGameAlive() { return (FindWindowA(WNDCLASS, 0) != 0); } bool searchAndKillDllThreads() { long killCount = 0; HANDLE hProcess; HANDLE hSnap; DWORD pid; GetWindowThreadProcessId(FindWindowA(WNDCLASS, 0),&pid); hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pid); if (hProcess == INVALID_HANDLE_VALUE) { printf("[error] OpenProcess has failed.\n"); return false; } if (callNT("NtSuspendProcess",(HANDLE),(hProcess)) == 0) { tagMODULEENTRY32 mEntry = { 0 }; tagTHREADENTRY32 tEntry = { 0 }; mEntry.dwSize = sizeof(mEntry); hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pid); if (Module32First(hSnap, &mEntry)) { do { if (!lstrcmpiA(mEntry.szModule, DLLNAME)) { printf("[info] Found Module: \"%s\" at 0x%08X, size: 0x%X\n", DLLNAME, mEntry.hModule, mEntry.modBaseSize); break; } } while (Module32Next(hSnap, &mEntry)); callNT("NtClose",(HANDLE),(hSnap)); } if (!lstrcmpiA(mEntry.szModule, DLLNAME)) { tEntry.dwSize = sizeof(tEntry); hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0); if (Thread32First(hSnap, &tEntry)) { do { if (tEntry.th32OwnerProcessID == pid) { HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, false, tEntry.th32ThreadID); unsigned long thStartAddress; if (callNT("NtQueryInformationThread",(HANDLE, long, void*, long, void*),(hThread, ThreadQuerySetWin32StartAddress, &thStartAddress, sizeof(thStartAddress), 0)) == 0) { char* action = "ignored"; char address[255] = { 0 }; if ((thStartAddress >= (unsigned long)mEntry.hModule) && (thStartAddress <= ((unsigned long)mEntry.hModule + (unsigned long)mEntry.modBaseSize))) { if (callNT("NtTerminateThread",(HANDLE, long),(hThread, 0)) == 0) { killCount++; action = "killed"; } else action = "failed"; sprintf(address, "\"%s\"+0x%X", DLLNAME, thStartAddress - (unsigned long)mEntry.hModule); } else { callNT("NtClose",(HANDLE),(hThread)); sprintf(address, "0x%08X", thStartAddress); } printf("[info] Thread address: %s, action: %s\n", address, action); } else { printf("[error] NtQueryInformationThread has failed, try opening me as admin.\n"); return false; } } } while (Thread32Next(hSnap, &tEntry)); callNT("NtClose",(HANDLE),(hSnap)); } } callNT("NtResumeProcess",(HANDLE),(hProcess)); } else { printf("[error] NtSuspendProcess has failed, try opening me as admin.\n"); return false; } callNT("NtClose",(HANDLE),(hProcess)); return (killCount > 0); } void main() { char n; SetConsoleTitleA("Cabal Pilipinas Bypass - by Matthew Dartz"); if (!isGameAlive()) printf("[info] Waiting for the game...\n"); while (!isGameAlive()) Sleep(100); do { printf("[warn] Are you in the login screen (y/n)? "); scanf("%c",&n); fflush(stdin); if (n != 'y') printf("[warn] Ok, so wait until there.\n"); else { if (!isGameAlive()) { n = 'n'; printf("[error] Why did you close the game? Start it again and wait.\n"); } } } while (n != 'y'); if (searchAndKillDllThreads()) printf("[info] Sucessfully Bypassed.\n"); else printf("[warn] Couldn't find any thread to bypass (it should be already bypassed, check the logs from above).\n"); printf("\n"); system("pause"); }

Thanks sir

and also how to code if i want to kill 2 files like gameguard.dll and xpva04.dll?

04/04/2017 06:29 Matthew Dartz#7

Quote:

Originally Posted by kurinaixl

Thanks sir

and also how to code if i want to kill 2 files like gameguard.dll and xpva04.dll?

You mean unload it from memory, right? If is it, just call CreateRemoteThread on FreeLibrary API passing as arg the hModule from the *.dll you want.

04/04/2017 07:39 kurinaixl#8

Quote:

Originally Posted by Matthew Dartz

You mean unload it from memory, right? If is it, just call CreateRemoteThread on FreeLibrary API passing as arg the hModule from the *.dll you want.

thanks !!! sir

and can you show me a example on how to code it? i am really confused..

04/04/2017 18:02 Matthew Dartz#9

Inside my code, on "if (!lstrcmpiA(mEntry.szModule, DLLNAME))", mEntry.hModule ir what you need to do it.

Just do some like:

PHP Code:


			
void* ptr = GetProcAddress(LoadLibraryA("kernel32.dll"), "FreeLibrary");
CreateRemoteThread(hProcess, 0, 0, (LPTHRE....)ptr, (void*)mEntry.hModule, 0 0);

And it is done.

04/05/2017 04:58 daps.chivas#10

Boss can u make on arena knights cabal in bypassing nse?

04/06/2017 14:03 Demon Hex#11

Quote:

Originally Posted by Matthew Dartz

Inside my code, on "if (!lstrcmpiA(mEntry.szModule, DLLNAME))", mEntry.hModule ir what you need to do it.

Just do some like:

PHP Code:

void* ptr = GetProcAddress(LoadLibraryA("kernel32.dll"), "FreeLibrary"); CreateRemoteThread(hProcess, 0, 0, (LPTHRE....)ptr, (void*)mEntry.hModule, 0 0);

And it is done.

This is what im finding forrrrrr <3

04/08/2017 03:33 manalastas18#12

not working anymore they updated the game

04/08/2017 04:45 DiabloReady#13

Please update Not working to cabal paylipinas Master

04/08/2017 05:01 tunnel.exploit#14

Spoonfeed?.... Source code released...... Update your own!..

04/08/2017 06:50 DiabloReady#15

Not working in CabalPaylipinas!!! Please Update :' :'

Page 1 of 2