Register for your free account! | Forgot your password?

Go Back   elitepvpers > MMORPGs > Flyff > Flyff Hacks, Bots, Cheats, Exploits & Macros
You last visited: Today at 05:02

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement



[Tutorial + Source] Bypass Most Anti-Hacks Easy

Discussion on [Tutorial + Source] Bypass Most Anti-Hacks Easy within the Flyff Hacks, Bots, Cheats, Exploits & Macros forum part of the Flyff category.

Reply
 
Old   #1
 
greyb1t's Avatar
 
elite*gold: 70
Join Date: Apr 2015
Posts: 421
Received Thanks: 1,023
Thumbs up [Tutorial + Source] Flyff Bypass Most Anti-Hacks Easy

Today I'm going to share a method to be able to bypass client-sided anti-cheats without editing any memory. It is basically update-friendly and will not be patched by regular server updates. It works by utilizing the fact that the server uses a method called to call code infinitely that protects their client from cheating / reverse engineering.

Having such critical code in it's own thread is easy to bypass and I'm quite surprised that none has yet figured it out. The point of this thread is not only to show people how to bypass the anti-cheats but also to make the server owners aware about it. I'm going to use a server called Flyff Thai to showcase. But this works on most servers which has client-sided protection. I know, it's sad.

Be aware that it's easier to bypass an anti-cheat with this method while not logged into the game since there's less threads running and you'll easier identify which threads are the ones protecting the client.

The server "Flyff Thai" has two types of security (most servers doesn't). One of them is a dll called "GameGuard.dll" and the other one is internal inside of the "Neuz.exe". By looking at the image below you're able to see which threads are the ones keeping the client safe. I've surrounded them with blue and green rectangles. Btw, the program used is called .





When you've found them, you can easily just stop their flow by suspending them and they'll stop doing what they're doing.
Boom, you've successfully bypassed a anti-cheat without any coding knowledge at all.
The only annoying thing right now, is that you're manually required to do it everytime.
What if we could make the computer do it for us instead?

Luckily we can! The only thing we need to do is find patterns to be able to identify the anti-cheat threads. The pattern is required to be the same everytime the client is restarted. E.g we would not be able to use the TEB address.

The first pattern we can easily detect is the start address of the gameguard threads. Example: GameGuard.dll!Vermillion_Guard+0x3b70. We can see that the thread's associated module is GameGuard.dll, that's the first and easy part of the anti-cheat bypass.

The only thing left is the internal anti-cheat which is located inside of the "Neuz.exe". Those are the threads marked with a green rectangle in the first image above. Sadly we cannot take the approach as we did with the GameGuard threads because there's three threads with the same associated module and one is the main threads for the game, if we suspend that one. The game will be paused.

So we'll need another pattern. There are two patterns which we're able to use to identify the threads. Their "Status" is set to "DelayExecution" and their Start Address's are both the same but the main thread is not. We can use either one of these patterns. I'm using the "DelayExecution" in the code below.

Now too the fun part, the ugly code. Hopefully I've explained good enough. Btw, now that people know about this, servers might hopefully fix it. Bai!


nt_ddk.h - (Required Header) Download:

Source.cpp
Code:
#include "gWin_ProcessEnumerator.h"

int main() {

	gWin::ProcessEnumerator procEnum;

	for (auto &process : procEnum.getProcesses()) {
		if (process.getName() == "Neuz.exe") {

			for (auto &thread : process.getThreads()) {
				auto modInfo = process.getAssociatedModule(&thread);

				std::cout << modInfo.name << "+" << std::hex << 
					thread.getStartAddress() - modInfo.base << std::endl;

				if (modInfo.name.find("GameGuard") != std::string::npos)
					SuspendThread(thread.getHandle().getRaw());

				if (modInfo.name.find("Neuz") != std::string::npos)
					if (thread.getWaitReason() == DelayExecution)
						SuspendThread(thread.getHandle().getRaw());
			}
		}
	}

	return 0;
}
gWin_ProcessEnumerator.h
Code:
#pragma once

/*
	NT Internals Process Enumerator
	- Created by greyb1t 2016-04-22

	I'd appreciate if you left this comment here when copy pasting it somewhere else.
	Thank you!
*/

#include <iostream>
#include <Windows.h>
#include <vector>
#include <memory>
#include <string>
#include <TlHelp32.h>

#include "nt_ddk.h"

#define PRINT_ERRORS true

std::string getNtErrorCode(NTSTATUS ntStatus);
void PRINT_ERROR(std::string s, NTSTATUS status);

namespace gWin {

struct ModuleInfo {
	DWORD base;
	DWORD size; 
	std::string name;
};

class SafeHandle {
public:
	SafeHandle() {}
	// Legal Usage (constructor):
	// gWin::SafeHandle handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
	SafeHandle(HANDLE handle) : m_handle(handle) {}

	~SafeHandle() {
		CloseHandle(m_handle);
	}

	SafeHandle(const SafeHandle &source) {
		this->operator=(source);
	}

	// Legal Usage (assignment operator):
	// handle1 = handle2;
	SafeHandle& operator= (const SafeHandle &hSource) {
		// TODO: Check if DuplicateHandle is the function which is needed

		m_handle = hSource.m_handle;
		return *this;
	}

	SafeHandle& operator= (const HANDLE hSource) {
		// TODO: Check if DuplicateHandle is the function which is needed
		m_handle = hSource;
		return *this;
	}

	const HANDLE getRaw() const {
		return m_handle;
	}

private:
	HANDLE m_handle;
};

class Thread {
public:
	Thread(SYSTEM_THREADS_INFORMATION *threadInfo) : m_threadInfo(threadInfo) {}
	~Thread() {}

	SYSTEM_THREADS_INFORMATION *getPtr() { return m_threadInfo; }

	// Getters
	DWORD getStartAddress() { return (DWORD)m_threadInfo->StartAddress; }
	DWORD getProcessId() { return (DWORD)m_threadInfo->ClientId.UniqueProcess; }
	DWORD getThreadId() { return (DWORD)m_threadInfo->ClientId.UniqueThread; }
	int getPriority() { return m_threadInfo->Priority; }
	ULONG getContextSwitchCount() { return m_threadInfo->ContextSwitchCount; }
	int getState() { return m_threadInfo->State; }
	KWAIT_REASON getWaitReason() { return m_threadInfo->WaitReason; }
	gWin::SafeHandle getHandle() { return OpenThread(THREAD_ALL_ACCESS, FALSE, getThreadId()); }

private:
	SYSTEM_THREADS_INFORMATION *m_threadInfo;
};

class Process {
public:
	Process(SYSTEM_PROCESS_INFORMATION *spi, PVOID buf) : m_spi(spi), m_allBuffer(buf) {}

	void deallocWholeBuffer() { delete[] m_allBuffer; }
	SYSTEM_PROCESS_INFORMATION *getPtr() { return m_spi; }

	std::vector<Thread> &getThreads() {
		if (m_threads.size() <= 0)
			enumThreads();

		return m_threads;
	}

	std::vector<MODULEENTRY32> &getModules() {
		if (m_modules.size() <= 0)
			enumModules();

		return m_modules;
	}

	std::string getName() {
		if (m_spi->ImageName.Buffer != nullptr) {
			std::wstring wProcName = m_spi->ImageName.Buffer;
			return std::string(wProcName.begin(), wProcName.end());
		}
		else {
			return "nullptr";
		}
	}

	ModuleInfo getAssociatedModule(Thread *thread);
	DWORD getId() { return (DWORD)m_spi->UniqueProcessId; }

private:
	void enumModules();
	void enumThreads();

	DWORD getThreadStartAddress(HANDLE hThread);

private:
	std::vector<Thread> m_threads;
	std::vector<MODULEENTRY32> m_modules;

	SYSTEM_PROCESS_INFORMATION *m_spi;
	_SYSTEM_HANDLE_INFORMATION_T<PVOID> *m_shi;

	PVOID m_allBuffer;
};

class ProcessEnumerator {
public:
	ProcessEnumerator() { iterateProcesses(); }
	~ProcessEnumerator() { 
		if (m_processes.size() >= 0)
			m_processes[0].deallocWholeBuffer(); 
	}

	std::vector<Process> &getProcesses() {
		return m_processes;
	}

private:
	void iterateProcesses();

private:
	std::vector<Process> m_processes;
};

}
gWin_ProcessEnumerator.cpp
Code:
#include "gWin_ProcessEnumerator.h"

std::string getNtErrorCode(NTSTATUS ntStatus) {
	switch (ntStatus) {
		case STATUS_SUCCESS:
			return "NTSuccess";
		case STATUS_UNSUCCESSFUL:
			return "NTUnsuccessful";
		case STATUS_NOT_IMPLEMENTED:
			return "Not Implemented";
		case STATUS_INFO_LENGTH_MISMATCH:
			return "Length Mismatch";
		case STATUS_NO_MEMORY:
			return "No memory";
		case STATUS_ACCESS_DENIED:
			return "Access Denied";
		case STATUS_BUFFER_TOO_SMALL:
			return "Buffer too small";
		case STATUS_PROCEDURE_NOT_FOUND:
			return "Proceadure not found";
		case STATUS_NOT_SUPPORTED:
			return "Not supported";
		case STATUS_NOT_FOUND:
			return "Not found";
		case STATUS_PARTIAL_COPY:
			return "Partial copy";
		default:
			return "Unkown error";
	}
}

void PRINT_ERROR(std::string s, NTSTATUS status) {
#if PRINT_ERRORS
	std::cerr << "GetLastError() - " << GetLastError() << " - " << "NTSTATUS - " << getNtErrorCode(status) << " - " << s << std::endl;
#endif
}

namespace gWin {

void Process::enumModules() {
	gWin::SafeHandle hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPALL, (DWORD)m_spi->UniqueProcessId);
	MODULEENTRY32 modEntry = { 0 };

	modEntry.dwSize = sizeof(MODULEENTRY32);
	m_modules.clear();

	if (!Module32First(hSnapshot.getRaw(), &modEntry))
		PRINT_ERROR("Unable to iterate through modules", 0);

	do {
		m_modules.push_back(modEntry);
	} while (Module32Next(hSnapshot.getRaw(), &modEntry));
}

void Process::enumThreads() {
	for (ULONG i = 0; i < m_spi->NumberOfThreads; ++i) {
		m_spi->Threads[i].StartAddress = (PVOID)getThreadStartAddress(m_spi->Threads[i].ClientId.UniqueThread);
		m_threads.push_back(Thread(&m_spi->Threads[i]));
	}
}

DWORD Process::getThreadStartAddress(HANDLE hThread) {
	HMODULE ntDll = GetModuleHandle("ntdll.dll");

	if (ntDll == NULL) {
		PRINT_ERROR("Unable to get module handle from ntdll.dll", 0);
		return 0;
	}

	tNtQueryInformationThread NtQueryInformationThread =
		(tNtQueryInformationThread)GetProcAddress(ntDll, ("NtQueryInformationThread"));

	if (NtQueryInformationThread == NULL) {
		PRINT_ERROR("NtQueryInformationThread was not found", 0);
		return 0;
	}

	gWin::SafeHandle hNewThread = OpenThread(THREAD_QUERY_INFORMATION, FALSE, (DWORD)hThread);

	DWORD threadStartAddr = 0;
	NTSTATUS retval = NtQueryInformationThread(hNewThread.getRaw(), ThreadQuerySetWin32StartAddress, &threadStartAddr, sizeof(DWORD), NULL);

	if (!NT_SUCCESS(retval)) {
		PRINT_ERROR("Unable to get start address of thread", retval);
		return 0;
	}

	return threadStartAddr;
}

ModuleInfo Process::getAssociatedModule(Thread *thread) {
	if (m_modules.size() <= 0)
		enumModules();

	for (auto &module : m_modules) {
		if (thread->getStartAddress() >= (DWORD)module.modBaseAddr &&
			thread->getStartAddress() <= ((DWORD)module.modBaseAddr + module.modBaseSize)) {
			return ModuleInfo { (DWORD)module.modBaseAddr, module.modBaseSize, module.szExePath };
		}
	}

	return ModuleInfo { 0 };
}

void ProcessEnumerator::iterateProcesses() {
	HMODULE ntDll = GetModuleHandle("ntdll.dll");

	if (ntDll == NULL)
		PRINT_ERROR("Unable to get module handle from ntdll.dll", 0);

	tNtQuerySystemInformation NtQuerySystemInformation =
		(tNtQuerySystemInformation)GetProcAddress(ntDll, ("NtQuerySystemInformation"));

	if (NtQuerySystemInformation == NULL)
		PRINT_ERROR("NtQuerySystemInformation was not found", 0);

	void *buffer = new void *[1024 * 1024];
	PSYSTEM_PROCESS_INFORMATION pSpi = (PSYSTEM_PROCESS_INFORMATION)buffer;

	NTSTATUS ntStatus = NtQuerySystemInformation(SystemProcessInformation, pSpi, 1024 * 1024, NULL);

	if (!NT_SUCCESS(ntStatus)) {
		PRINT_ERROR("Unable to iterate through process list", ntStatus);
		return;
	}

	m_processes.clear();

	while (pSpi->NextEntryOffset) {
		m_processes.push_back(Process(pSpi, buffer));

		ULONG nextEntry = (ULONG)pSpi + pSpi->NextEntryOffset;
		pSpi = (PSYSTEM_PROCESS_INFORMATION)(nextEntry);
	}
}

}
Attached Files
File Type: zip Process - Thread Iteration NT Internals - VS Solution.zip (21.2 KB, 1373 views)
greyb1t is offline  
Thanks
28 Users
Old 04/25/2016, 02:18   #2

 
elite*gold: 28
Join Date: Feb 2010
Posts: 463
Received Thanks: 277
Nice work
ZeroTwo02 is offline  
Thanks
2 Users
Old 04/25/2016, 04:29   #3
 
elite*gold: 0
Join Date: Apr 2016
Posts: 40
Received Thanks: 8
Nice. Glad to see a person who knows what to do and how to do it.
xRicky is offline  
Old 04/25/2016, 09:13   #4
 
nicenickman's Avatar
 
elite*gold: 0
Join Date: Jun 2012
Posts: 68
Received Thanks: 2
^^x
nicenickman is offline  
Old 04/25/2016, 19:08   #5
 
al3ab98's Avatar
 
elite*gold: 0
Join Date: May 2014
Posts: 35
Received Thanks: 0
thanks for sharing
al3ab98 is offline  
Old 04/26/2016, 04:27   #6
 
matonskie23's Avatar
 
elite*gold: 0
Join Date: Jul 2012
Posts: 259
Received Thanks: 16
nice work
matonskie23 is offline  
Old 04/28/2016, 14:42   #7
 
BadisDz's Avatar
 
elite*gold: 0
Join Date: Nov 2013
Posts: 21
Received Thanks: 4
Oh My *** ! Thanks for the release!
BadisDz is offline  
Old 04/29/2016, 00:25   #8
 
elite*gold: 0
Join Date: Oct 2007
Posts: 45
Received Thanks: 33
So with The Prozess Viewer you Look into process Neuz and suspend the gameguard threads and the other Neuz threads right?
Got a problem with compilation of the source, why do I get errors?
Amatzu is offline  
Old 04/29/2016, 13:39   #9
 
greyb1t's Avatar
 
elite*gold: 70
Join Date: Apr 2015
Posts: 421
Received Thanks: 1,023
Quote:
Originally Posted by Amatzu View Post
So with The Prozess Viewer you Look into process Neuz and suspend the gameguard threads and the other Neuz threads right?
Got a problem with compilation of the source, why do I get errors?
Post the error messages.
greyb1t is offline  
Old 04/29/2016, 14:17   #10
 
elite*gold: 0
Join Date: Oct 2007
Posts: 45
Received Thanks: 33
too many to post, here a few of them:
nt_ddk.h [Error] conflicting declaration 'typedef struct _EXCEPTION_REGISTRATION EXCEPTION_REGISTRATION'

mingw64\x86_64-w64-mingw32\include\excpt.h [Error] 'PEXCEPTION_HANDLER' has a previous declaration as 'typedef int (* PEXCEPTION_HANDLER)(struct _EXCEPTION_RECORD*, void*, struct _CONTEXT*, void*)'

nt_ddk.h [Error] conflicting declaration 'typedef struct _EXCEPTION_REGISTRATION EXCEPTION_REGISTRATION'

nt_ddk.h [Error] 'PROCESSOR_NUMBER' does not name a type

nt_ddk.h [Error] typedef 'tNtCreateThreadEx' is initialized (use decltype instead)

nt_ddk.h [Error] '__out' was not declared in this scope

nt_ddk.h [Error] '__in' was not declared in this scope

gWin_ProcessEnumerator.h [Error] cast from 'PVOID {aka void*}' to 'DWORD {aka long unsigned int}' loses precision [-fpermissive]

and a few more, they repeat themselves..
Im just learning c++ right now so maybe I missed something..
tried to understand the code, could follow source but the others too complex for me to understand right now..
could you help?
Amatzu is offline  
Old 04/29/2016, 15:54   #11
 
greyb1t's Avatar
 
elite*gold: 70
Join Date: Apr 2015
Posts: 421
Received Thanks: 1,023
Quote:
Originally Posted by Amatzu View Post
too many to post, here a few of them:
nt_ddk.h [Error] conflicting declaration 'typedef struct _EXCEPTION_REGISTRATION EXCEPTION_REGISTRATION'

mingw64\x86_64-w64-mingw32\include\excpt.h [Error] 'PEXCEPTION_HANDLER' has a previous declaration as 'typedef int (* PEXCEPTION_HANDLER)(struct _EXCEPTION_RECORD*, void*, struct _CONTEXT*, void*)'

nt_ddk.h [Error] conflicting declaration 'typedef struct _EXCEPTION_REGISTRATION EXCEPTION_REGISTRATION'

nt_ddk.h [Error] 'PROCESSOR_NUMBER' does not name a type

nt_ddk.h [Error] typedef 'tNtCreateThreadEx' is initialized (use decltype instead)

nt_ddk.h [Error] '__out' was not declared in this scope

nt_ddk.h [Error] '__in' was not declared in this scope

gWin_ProcessEnumerator.h [Error] cast from 'PVOID {aka void*}' to 'DWORD {aka long unsigned int}' loses precision [-fpermissive]

and a few more, they repeat themselves..
Im just learning c++ right now so maybe I missed something..
tried to understand the code, could follow source but the others too complex for me to understand right now..
could you help?
Weird errors! That could be alot of things, most likely a problem you've done since you're a beginner. But maybe not. Or maybe another IDE / compiler or some other crap. Don't really know how to fix them just by seeing them errors and not looking through what you've done. But what you could do is skip the nt_ddk.h and just use the required definitions instead.

Remove the include to "nt_ddk.h" in "gWin_ProcessEnumerator.h" and check which errors appear. Then just manually take all the defintions and copy over them to the gWin_ProcessEnumerator.h.

If you're using Visual Studio, I've uploaded the solution as an attachment. Download that one if you're unable to get it to work.
Attached Files
File Type: zip Process - Thread Iteration - VS Solution.zip (1.05 MB, 173 views)
greyb1t is offline  
Old 04/29/2016, 19:12   #12
 
elite*gold: 0
Join Date: Oct 2007
Posts: 45
Received Thanks: 33
Thank you, but still doesnt work, even with your solution. Visual studio says it failed.
this whole compiler stuff sucks -.-
im using visual studio 2015 btw

also, if you use the process view program, the processes neuz.exe and gameguard disappear after a short period of time. do they hide themselves in some way? since the code doesnt work with me I tried manually but the processes disappear real quick.
Amatzu is offline  
Old 04/29/2016, 19:28   #13
 
greyb1t's Avatar
 
elite*gold: 70
Join Date: Apr 2015
Posts: 421
Received Thanks: 1,023
Quote:
Originally Posted by Amatzu View Post
Thank you, but still doesnt work, even with your solution. Visual studio says it failed.
this whole compiler stuff sucks -.-
im using visual studio 2015 btw
If the code below doesn't work, I don't know what will. It's probably something you're missing installed or something. Replace the code in the gWin_ProcessEnumerator.h with the one below and see if it works.

// Edit: Forgot to mention, don't forget to remove the nt_ddk.h
Which server are you trying this on?

gWin_ProcessEnumerator.h
Code:
#pragma once

/*
	NT Internals Process Enumerator
	- Created by greyb1t 2016-04-22

	I'd appreciate if you left this comment here when copy pasting it somewhere else.
	Thank you!
*/

#include <iostream>
#include <Windows.h>
#include <vector>
#include <memory>
#include <string>
#include <TlHelp32.h>

#define PRINT_ERRORS true

std::string getNtErrorCode(NTSTATUS ntStatus);
void PRINT_ERROR(std::string s, NTSTATUS status);

#ifndef NT_SUCCESS
#define NT_SUCCESS(x)				   ((x) >= 0)
#endif

typedef enum _SYSTEM_INFORMATION_CLASS {
	SystemBasicInformation, // q: SYSTEM_BASIC_INFORMATION
	SystemProcessorInformation, // q: SYSTEM_PROCESSOR_INFORMATION
	SystemPerformanceInformation, // q: SYSTEM_PERFORMANCE_INFORMATION
	SystemTimeOfDayInformation, // q: SYSTEM_TIMEOFDAY_INFORMATION
	SystemPathInformation, // not implemented
	SystemProcessInformation, // q: SYSTEM_PROCESS_INFORMATION
	SystemCallCountInformation, // q: SYSTEM_CALL_COUNT_INFORMATION
	SystemDeviceInformation, // q: SYSTEM_DEVICE_INFORMATION
	SystemProcessorPerformanceInformation, // q: SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
	SystemFlagsInformation, // q: SYSTEM_FLAGS_INFORMATION
	SystemCallTimeInformation, // not implemented // 10
	SystemModuleInformation, // q: RTL_PROCESS_MODULES
	SystemLocksInformation,
	SystemStackTraceInformation,
	SystemPagedPoolInformation, // not implemented
	SystemNonPagedPoolInformation, // not implemented
	SystemHandleInformation, // q: SYSTEM_HANDLE_INFORMATION
	SystemObjectInformation, // q: SYSTEM_OBJECTTYPE_INFORMATION mixed with SYSTEM_OBJECT_INFORMATION
	SystemPageFileInformation, // q: SYSTEM_PAGEFILE_INFORMATION
	SystemVdmInstemulInformation, // q
	SystemVdmBopInformation, // not implemented // 20
	SystemFileCacheInformation, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypeSystemCache)
	SystemPoolTagInformation, // q: SYSTEM_POOLTAG_INFORMATION
	SystemInterruptInformation, // q: SYSTEM_INTERRUPT_INFORMATION
	SystemDpcBehaviorInformation, // q: SYSTEM_DPC_BEHAVIOR_INFORMATION; s: SYSTEM_DPC_BEHAVIOR_INFORMATION (requires SeLoadDriverPrivilege)
	SystemFullMemoryInformation, // not implemented
	SystemLoadGdiDriverInformation, // s (kernel-mode only)
	SystemUnloadGdiDriverInformation, // s (kernel-mode only)
	SystemTimeAdjustmentInformation, // q: SYSTEM_QUERY_TIME_ADJUST_INFORMATION; s: SYSTEM_SET_TIME_ADJUST_INFORMATION (requires SeSystemtimePrivilege)
	SystemSummaryMemoryInformation, // not implemented
	SystemMirrorMemoryInformation, // s (requires license value "Kernel-MemoryMirroringSupported") (requires SeShutdownPrivilege) // 30
	SystemPerformanceTraceInformation, // s
	SystemObsolete0, // not implemented
	SystemExceptionInformation, // q: SYSTEM_EXCEPTION_INFORMATION
	SystemCrashDumpStateInformation, // s (requires SeDebugPrivilege)
	SystemKernelDebuggerInformation, // q: SYSTEM_KERNEL_DEBUGGER_INFORMATION
	SystemContextSwitchInformation, // q: SYSTEM_CONTEXT_SWITCH_INFORMATION
	SystemRegistryQuotaInformation, // q: SYSTEM_REGISTRY_QUOTA_INFORMATION; s (requires SeIncreaseQuotaPrivilege)
	SystemExtendServiceTableInformation, // s (requires SeLoadDriverPrivilege) // loads win32k only
	SystemPrioritySeperation, // s (requires SeTcbPrivilege)
	SystemVerifierAddDriverInformation, // s (requires SeDebugPrivilege) // 40
	SystemVerifierRemoveDriverInformation, // s (requires SeDebugPrivilege)
	SystemProcessorIdleInformation, // q: SYSTEM_PROCESSOR_IDLE_INFORMATION
	SystemLegacyDriverInformation, // q: SYSTEM_LEGACY_DRIVER_INFORMATION
	SystemCurrentTimeZoneInformation, // q
	SystemLookasideInformation, // q: SYSTEM_LOOKASIDE_INFORMATION
	SystemTimeSlipNotification, // s (requires SeSystemtimePrivilege)
	SystemSessionCreate, // not implemented
	SystemSessionDetach, // not implemented
	SystemSessionInformation, // not implemented
	SystemRangeStartInformation, // q // 50
	SystemVerifierInformation, // q: SYSTEM_VERIFIER_INFORMATION; s (requires SeDebugPrivilege)
	SystemVerifierThunkExtend, // s (kernel-mode only)
	SystemSessionProcessInformation, // q: SYSTEM_SESSION_PROCESS_INFORMATION
	SystemLoadGdiDriverInSystemSpace, // s (kernel-mode only) (same as SystemLoadGdiDriverInformation)
	SystemNumaProcessorMap, // q
	SystemPrefetcherInformation, // q: PREFETCHER_INFORMATION; s: PREFETCHER_INFORMATION // PfSnQueryPrefetcherInformation
	SystemExtendedProcessInformation, // q: SYSTEM_PROCESS_INFORMATION
	SystemRecommendedSharedDataAlignment, // q
	SystemComPlusPackage, // q; s
	SystemNumaAvailableMemory, // 60
	SystemProcessorPowerInformation, // q: SYSTEM_PROCESSOR_POWER_INFORMATION
	SystemEmulationBasicInformation, // q
	SystemEmulationProcessorInformation,
	SystemExtendedHandleInformation, // q: SYSTEM_HANDLE_INFORMATION_EX
	SystemLostDelayedWriteInformation, // q: ULONG
	SystemBigPoolInformation, // q: SYSTEM_BIGPOOL_INFORMATION
	SystemSessionPoolTagInformation, // q: SYSTEM_SESSION_POOLTAG_INFORMATION
	SystemSessionMappedViewInformation, // q: SYSTEM_SESSION_MAPPED_VIEW_INFORMATION
	SystemHotpatchInformation, // q; s
	SystemObjectSecurityMode, // q // 70
	SystemWatchdogTimerHandler, // s (kernel-mode only)
	SystemWatchdogTimerInformation, // q (kernel-mode only); s (kernel-mode only)
	SystemLogicalProcessorInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION
	SystemWow64SharedInformationObsolete, // not implemented
	SystemRegisterFirmwareTableInformationHandler, // s (kernel-mode only)
	SystemFirmwareTableInformation, // not implemented
	SystemModuleInformationEx, // q: RTL_PROCESS_MODULE_INFORMATION_EX
	SystemVerifierTriageInformation, // not implemented
	SystemSuperfetchInformation, // q: SUPERFETCH_INFORMATION; s: SUPERFETCH_INFORMATION // PfQuerySuperfetchInformation
	SystemMemoryListInformation, // q: SYSTEM_MEMORY_LIST_INFORMATION; s: SYSTEM_MEMORY_LIST_COMMAND (requires SeProfileSingleProcessPrivilege) // 80
	SystemFileCacheInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (same as SystemFileCacheInformation)
	SystemThreadPriorityClientIdInformation, // s: SYSTEM_THREAD_CID_PRIORITY_INFORMATION (requires SeIncreaseBasePriorityPrivilege)
	SystemProcessorIdleCycleTimeInformation, // q: SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION[]
	SystemVerifierCancellationInformation, // not implemented // name:wow64:whNT32QuerySystemVerifierCancellationInformation
	SystemProcessorPowerInformationEx, // not implemented
	SystemRefTraceInformation, // q; s // ObQueryRefTraceInformation
	SystemSpecialPoolInformation, // q; s (requires SeDebugPrivilege) // MmSpecialPoolTag, then MmSpecialPoolCatchOverruns != 0
	SystemProcessIdInformation, // q: SYSTEM_PROCESS_ID_INFORMATION
	SystemErrorPortInformation, // s (requires SeTcbPrivilege)
	SystemBootEnvironmentInformation, // q: SYSTEM_BOOT_ENVIRONMENT_INFORMATION // 90
	SystemHypervisorInformation, // q; s (kernel-mode only)
	SystemVerifierInformationEx, // q; s
	SystemTimeZoneInformation, // s (requires SeTimeZonePrivilege)
	SystemImageFileExecutionOptionsInformation, // s: SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION (requires SeTcbPrivilege)
	SystemCoverageInformation, // q; s // name:wow64:whNT32QuerySystemCoverageInformation; ExpCovQueryInformation
	SystemPrefetchPatchInformation, // not implemented
	SystemVerifierFaultsInformation, // s (requires SeDebugPrivilege)
	SystemSystemPartitionInformation, // q: SYSTEM_SYSTEM_PARTITION_INFORMATION
	SystemSystemDiskInformation, // q: SYSTEM_SYSTEM_DISK_INFORMATION
	SystemProcessorPerformanceDistribution, // q: SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION // 100
	SystemNumaProximityNodeInformation, // q
	SystemDynamicTimeZoneInformation, // q; s (requires SeTimeZonePrivilege)
	SystemCodeIntegrityInformation, // q // SeCodeIntegrityQueryInformation
	SystemProcessorMicrocodeUpdateInformation, // s
	SystemProcessorBrandString, // q // HaliQuerySystemInformation -> HalpGetProcessorBrandString, info class 23
	SystemVirtualAddressInformation, // q: SYSTEM_VA_LIST_INFORMATION[]; s: SYSTEM_VA_LIST_INFORMATION[] (requires SeIncreaseQuotaPrivilege) // MmQuerySystemVaInformation
	SystemLogicalProcessorAndGroupInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX // since WIN7 // KeQueryLogicalProcessorRelationship
	SystemProcessorCycleTimeInformation, // q: SYSTEM_PROCESSOR_CYCLE_TIME_INFORMATION[]
	SystemStoreInformation, // q; s // SmQueryStoreInformation
	SystemRegistryAppendString, // s: SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS // 110
	SystemAitSamplingValue, // s: ULONG (requires SeProfileSingleProcessPrivilege)
	SystemVhdBootInformation, // q: SYSTEM_VHD_BOOT_INFORMATION
	SystemCpuQuotaInformation, // q; s // PsQueryCpuQuotaInformation
	SystemNativeBasicInformation, // not implemented
	SystemSpare1, // not implemented
	SystemLowPriorityIoInformation, // q: SYSTEM_LOW_PRIORITY_IO_INFORMATION
	SystemTpmBootEntropyInformation, // q: TPM_BOOT_ENTROPY_NT_RESULT // ExQueryTpmBootEntropyInformation
	SystemVerifierCountersInformation, // q: SYSTEM_VERIFIER_COUNTERS_INFORMATION
	SystemPagedPoolInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypePagedPool)
	SystemSystemPtesInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypeSystemPtes) // 120
	SystemNodeDistanceInformation, // q
	SystemAcpiAuditInformation, // q: SYSTEM_ACPI_AUDIT_INFORMATION // HaliQuerySystemInformation -> HalpAuditQueryResults, info class 26
	SystemBasicPerformanceInformation, // q: SYSTEM_BASIC_PERFORMANCE_INFORMATION // name:wow64:whNtQuerySystemInformation_SystemBasicPerformanceInformation
	SystemQueryPerformanceCounterInformation, // q: SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION // since WIN7 SP1
	SystemSessionBigPoolInformation, // since WIN8
	SystemBootGraphicsInformation,
	SystemScrubPhysicalMemoryInformation,
	SystemBadPageInformation,
	SystemProcessorProfileControlArea,
	SystemCombinePhysicalMemoryInformation, // 130
	SystemEntropyInterruptTimingCallback,
	SystemConsoleInformation,
	SystemPlatformBinaryInformation,
	SystemThrottleNotificationInformation,
	SystemHypervisorProcessorCountInformation,
	SystemDeviceDataInformation,
	SystemDeviceDataEnumerationInformation,
	SystemMemoryTopologyInformation,
	SystemMemoryChannelInformation,
	SystemBootLogoInformation, // 140
	SystemProcessorPerformanceInformationEx, // q: SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX // since WINBLUE
	SystemSpare0,
	SystemSecureBootPolicyInformation,
	SystemPageFileInformationEx, // q: SYSTEM_PAGEFILE_INFORMATION_EX
	SystemSecureBootInformation,
	SystemEntropyInterruptTimingRawInformation,
	SystemPortableWorkspaceEfiLauncherInformation,
	SystemFullProcessInformation, // q: SYSTEM_PROCESS_INFORMATION with SYSTEM_PROCESS_INFORMATION_EXTENSION (requires admin)
	SystemKernelDebuggerInformationEx, // q: SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX
	SystemBootMetadataInformation, // 150
	SystemSoftRebootInformation,
	SystemElamCertificateInformation,
	SystemOfflineDumpConfigInformation,
	SystemProcessorFeaturesInformation, // q: SYSTEM_PROCESSOR_FEATURES_INFORMATION
	SystemRegistryReconciliationInformation,
	SystemEdidInformation,
	SystemManufacturingInformation, // q: SYSTEM_MANUFACTURING_INFORMATION // since THRESHOLD
	SystemEnergyEstimationConfigInformation, // q: SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION
	SystemHypervisorDetailInformation, // q: SYSTEM_HYPERVISOR_DETAIL_INFORMATION
	SystemProcessorCycleStatsInformation, // q: SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION // 160
	SystemVmGenerationCountInformation,
	SystemTrustedPlatformModuleInformation, // q: SYSTEM_TPM_INFORMATION
	SystemKernelDebuggerFlags,
	SystemCodeIntegrityPolicyInformation,
	SystemIsolatedUserModeInformation,
	SystemHardwareSecurityTestInterfaceResultsInformation,
	SystemSingleModuleInformation, // q: SYSTEM_SINGLE_MODULE_INFORMATION
	SystemAllowedCpuSetsInformation,
	SystemDmaProtectionInformation, // q: SYSTEM_DMA_PROTECTION_INFORMATION
	SystemInterruptCpuSetsInformation,
	SystemSecureBootPolicyFullInformation,
	SystemCodeIntegrityPolicyFullInformation,
	SystemAffinitizedInterruptProcessorInformation,
	SystemRootSiloInformation, // q: SYSTEM_ROOT_SILO_INFORMATION
	SystemCpuSetInformation, // q: SYSTEM_CPU_SET_INFORMATION // since THRESHOLD2
	SystemCpuSetTagInformation, // q: SYSTEM_CPU_SET_TAG_INFORMATION
	SystemWin32WerStartCallout,
	SystemSecureKernelProfileInformation,
	MaxSystemInfoClass
} SYSTEM_INFORMATION_CLASS;

typedef enum _PROCESSINFOCLASS {
	ProcessBasicInformation = 0, // 0, q: PROCESS_BASIC_INFORMATION, PROCESS_EXTENDED_BASIC_INFORMATION
	ProcessQuotaLimits, // qs: QUOTA_LIMITS, QUOTA_LIMITS_EX
	ProcessIoCounters, // q: IO_COUNTERS
	ProcessVmCounters, // q: VM_COUNTERS, VM_COUNTERS_EX
	ProcessTimes, // q: KERNEL_USER_TIMES
	ProcessBasePriority, // s: KPRIORITY
	ProcessRaisePriority, // s: ULONG
	ProcessDebugPort, // q: HANDLE
	ProcessExceptionPort, // s: HANDLE
	ProcessAccessToken, // s: PROCESS_ACCESS_TOKEN
	ProcessLdtInformation, // 10
	ProcessLdtSize,
	ProcessDefaultHardErrorMode, // qs: ULONG
	ProcessIoPortHandlers, // (kernel-mode only)
	ProcessPooledUsageAndLimits, // q: POOLED_USAGE_AND_LIMITS
	ProcessWorkingSetWatch, // q: PROCESS_WS_WATCH_INFORMATION[]; s: void
	ProcessUserModeIOPL,
	ProcessEnableAlignmentFaultFixup, // s: BOOLEAN
	ProcessPriorityClass, // qs: PROCESS_PRIORITY_CLASS
	ProcessWx86Information,
	ProcessHandleCount, // 20, q: ULONG, PROCESS_HANDLE_INFORMATION
	ProcessAffinityMask, // s: KAFFINITY
	ProcessPriorityBoost, // qs: ULONG
	ProcessDeviceMap, // qs: PROCESS_DEVICEMAP_INFORMATION, PROCESS_DEVICEMAP_INFORMATION_EX
	ProcessSessionInformation, // q: PROCESS_SESSION_INFORMATION
	ProcessForegroundInformation, // s: PROCESS_FOREGROUND_BACKGROUND
	ProcessWow64Information, // q: ULONG_PTR
	ProcessImageFileName, // q: UNICODE_STRING
	ProcessLUIDDeviceMapsEnabled, // q: ULONG
	ProcessBreakOnTermination, // qs: ULONG
	ProcessDebugObjectHandle, // 30, q: HANDLE
	ProcessDebugFlags, // qs: ULONG
	ProcessHandleTracing, // q: PROCESS_HANDLE_TRACING_QUERY; s: size 0 disables, otherwise enables
	ProcessIoPriority, // qs: ULONG
	ProcessExecuteFlags, // qs: ULONG
	ProcessResourceManagement,
	ProcessCookie, // q: ULONG
	ProcessImageInformation, // q: SECTION_IMAGE_INFORMATION
	ProcessCycleTime, // q: PROCESS_CYCLE_TIME_INFORMATION
	ProcessPagePriority, // q: ULONG
	ProcessInstrumentationCallback, // 40
	ProcessThreadStackAllocation, // s: PROCESS_STACK_ALLOCATION_INFORMATION, PROCESS_STACK_ALLOCATION_INFORMATION_EX
	ProcessWorkingSetWatchEx, // q: PROCESS_WS_WATCH_INFORMATION_EX[]
	ProcessImageFileNameWin32, // q: UNICODE_STRING
	ProcessImageFileMapping, // q: HANDLE (input)
	ProcessAffinityUpdateMode, // qs: PROCESS_AFFINITY_UPDATE_MODE
	ProcessMemoryAllocationMode, // qs: PROCESS_MEMORY_ALLOCATION_MODE
	ProcessGroupInformation, // q: USHORT[]
	ProcessTokenVirtualizationEnabled, // s: ULONG
	ProcessConsoleHostProcess, // q: ULONG_PTR
	ProcessWindowInformation, // 50, q: PROCESS_WINDOW_INFORMATION
	ProcessHandleInformation, // q: PROCESS_HANDLE_SNAPSHOT_INFORMATION // since WIN8
	ProcessMitigationPolicy, // s: PROCESS_MITIGATION_POLICY_INFORMATION
	ProcessDynamicFunctionTableInformation,
	ProcessHandleCheckingMode,
	ProcessKeepAliveCount, // q: PROCESS_KEEPALIVE_COUNT_INFORMATION
	ProcessRevokeFileHandles, // s: PROCESS_REVOKE_FILE_HANDLES_INFORMATION
	MaxProcessInfoClass
} PROCESSINFOCLASS;

typedef enum _THREADINFOCLASS {
	ThreadBasicInformation,
	ThreadTimes,
	ThreadPriority,
	ThreadBasePriority,
	ThreadAffinityMask,
	ThreadImpersonationToken,
	ThreadDescriptorTableEntry,
	ThreadEnableAlignmentFaultFixup,
	ThreadEventPair_Reusable,
	ThreadQuerySetWin32StartAddress,
	ThreadZeroTlsCell,
	ThreadPerformanceCount,
	ThreadAmILastThread,
	ThreadIdealProcessor,
	ThreadPriorityBoost,
	ThreadSetTlsArrayAddress,
	ThreadIsIoPending,
	ThreadHideFromDebugger,
	ThreadBreakOnTermination,
	ThreadSwitchLegacyState,
	ThreadIsTerminated,
	ThreadLastSystemCall,
	ThreadIoPriority,
	ThreadCycleTime,
	ThreadPagePriority,
	ThreadActualBasePriority,
	ThreadTebInformation,
	ThreadCSwitchMon,
	MaxThreadInfoClass
} THREADINFOCLASS;

typedef NTSTATUS(NTAPI *tRtlGetNativeSystemInformation)(SYSTEM_INFORMATION_CLASS SystemInformationClass, PVOID SystemInformation, ULONG SystemInformationLength, PULONG ReturnLength);
typedef NTSTATUS(NTAPI *tNtQueryInformationProcess)(HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength, PULONG ReturnLength);
typedef NTSTATUS(NTAPI *tNtQuerySystemInformation)(ULONG SystemInformationClass, PVOID SystemInformation, ULONG SystemInformationLength, PULONG ReturnLength);
typedef NTSTATUS(NTAPI *tNtQueryInformationThread)(HANDLE ThreadHandle, THREADINFOCLASS ThreadInformationClass, PVOID ThreadInformation, ULONG ThreadInformationLength, PULONG ReturnLength);

#ifndef STATUS_SUCCESS
#define STATUS_SUCCESS                 ((NTSTATUS)0x00000000L)
#endif //!STATUS_SUCCESS
#ifndef STATUS_UNSUCCESSFUL
#define STATUS_UNSUCCESSFUL            ((NTSTATUS)0xC0000001L)
#endif //!STATUS_UNSUCCESSFUL
#ifndef STATUS_NOT_IMPLEMENTED
#define STATUS_NOT_IMPLEMENTED         ((NTSTATUS)0xC0000002L)
#endif //!STATUS_NOT_IMPLEMENTED
#ifndef STATUS_INFO_LENGTH_MISMATCH
#define STATUS_INFO_LENGTH_MISMATCH    ((NTSTATUS)0xC0000004L)
#endif //!STATUS_INFO_LENGTH_MISMATCH
#ifndef STATUS_NO_MEMORY
#define STATUS_NO_MEMORY               ((NTSTATUS)0xC0000017L)
#endif //!STATUS_NO_MEMORY
#ifndef STATUS_ACCESS_DENIED
#define STATUS_ACCESS_DENIED           ((NTSTATUS)0xC0000022L)
#endif //!STATUS_ACCESS_DENIED
#ifndef STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL        ((NTSTATUS)0xC0000023L)
#endif //!STATUS_BUFFER_TOO_SMALL
#ifndef STATUS_PROCEDURE_NOT_FOUND
#define STATUS_PROCEDURE_NOT_FOUND     ((NTSTATUS)0xC000007AL)
#endif //!STATUS_PROCEDURE_NOT_FOUND
#ifndef STATUS_NOT_SUPPORTED
#define STATUS_NOT_SUPPORTED           ((NTSTATUS)0xC00000BBL)
#endif //!STATUS_NOT_SUPPORTED
#ifndef STATUS_NOT_FOUND
#define STATUS_NOT_FOUND               ((NTSTATUS)0xC0000225L)
#endif //!STATUS_NOT_FOUND
#ifndef STATUS_PARTIAL_COPY
#define STATUS_PARTIAL_COPY            ((NTSTATUS)0x8000000DL)
#endif //!STATUS_PARTIAL_COPY

template<typename T>
struct _SYSTEM_HANDLE_T {
	ULONG ProcessId;
	BYTE ObjectTypeNumber;
	BYTE Flags;
	USHORT Handle;
	T Object;
	ACCESS_MASK GrantedAccess;
};

template<typename T>
struct _SYSTEM_HANDLE_INFORMATION_T {
	ULONG HandleCount;
	_SYSTEM_HANDLE_T<T> Handles[1];
};

typedef long KPRIORITY;

typedef struct _UNICODE_STRING {
	USHORT Length;
	USHORT MaximumLength;
	PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;

typedef enum _KWAIT_REASON {
	Executive,
	FreePage,
	PageIn,
	PoolAllocation,
	DelayExecution,
	Suspended,
	UserRequest,
	WrExecutive,
	WrFreePage,
	WrPageIn,
	WrPoolAllocation,
	WrDelayExecution,
	WrSuspended,
	WrUserRequest,
	WrEventPair,
	WrQueue,
	WrLpcReceive,
	WrLpcReply,
	WrVirtualMemory,
	WrPageOut,
	WrRendezvous,
	WrKeyedEvent,
	WrTerminated,
	WrProcessInSwap,
	WrCpuRateControl,
	WrCalloutStack,
	WrKernel,
	WrResource,
	WrPushLock,
	WrMutex,
	WrQuantumEnd,
	WrDispatchInt,
	WrPreempted,
	WrYieldExecution,
	WrFastMutex,
	WrGuardedMutex,
	WrRundown,
	WrAlertByThreadId,
	WrDeferredPreempt,
	MaximumWaitReason
} KWAIT_REASON, *PKWAIT_REASON;

typedef struct _CLIENT_ID {
	HANDLE					UniqueProcess;
	HANDLE					UniqueThread;
} CLIENT_ID, *PCLIENT_ID;

typedef struct _SYSTEM_THREADS_INFORMATION {
	LARGE_INTEGER	   KernelTime;
	LARGE_INTEGER	   UserTime;
	LARGE_INTEGER	   CreateTime;
	ULONG			   WaitTime;
	PVOID			   StartAddress;
	CLIENT_ID		   ClientId;
	int				   Priority;
	int				   BasePriority;
	ULONG              ContextSwitchCount;
	int				   State;
	KWAIT_REASON        WaitReason;
} SYSTEM_THREADS_INFORMATION, *PSYSTEM_THREADS_INFORMATION;

typedef struct _SYSTEM_PROCESS_INFORMATION {
	ULONG NextEntryOffset;
	ULONG NumberOfThreads;
	LARGE_INTEGER WorkingSetPrivateSize; // since VISTA
	ULONG HardFaultCount; // since WIN7
	ULONG NumberOfThreadsHighWatermark; // since WIN7
	ULONGLONG CycleTime; // since WIN7
	LARGE_INTEGER CreateTime;
	LARGE_INTEGER UserTime;
	LARGE_INTEGER KernelTime;
	UNICODE_STRING ImageName;
	KPRIORITY BasePriority;
	HANDLE UniqueProcessId;
	HANDLE InheritedFromUniqueProcessId;
	ULONG HandleCount;
	ULONG SessionId;
	ULONG_PTR UniqueProcessKey; // since VISTA (requires SystemExtendedProcessInformation)
	SIZE_T PeakVirtualSize;
	SIZE_T VirtualSize;
	ULONG PageFaultCount;
	SIZE_T PeakWorkingSetSize;
	SIZE_T WorkingSetSize;
	SIZE_T QuotaPeakPagedPoolUsage;
	SIZE_T QuotaPagedPoolUsage;
	SIZE_T QuotaPeakNonPagedPoolUsage;
	SIZE_T QuotaNonPagedPoolUsage;
	SIZE_T PagefileUsage;
	SIZE_T PeakPagefileUsage;
	SIZE_T PrivatePageCount;
	LARGE_INTEGER ReadOperationCount;
	LARGE_INTEGER WriteOperationCount;
	LARGE_INTEGER OtherOperationCount;
	LARGE_INTEGER ReadTransferCount;
	LARGE_INTEGER WriteTransferCount;
	LARGE_INTEGER OtherTransferCount;
	SYSTEM_THREADS_INFORMATION Threads[1];
	//	SYSTEM_EXTENDED_THREAD_INFORMATION Threads[1];
} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;

namespace gWin {

struct ModuleInfo {
	DWORD base;
	DWORD size; 
	std::string name;
};

class SafeHandle {
public:
	SafeHandle() {}
	// Legal Usage (constructor):
	// gWin::SafeHandle handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
	SafeHandle(HANDLE handle) : m_handle(handle) {}

	~SafeHandle() {
		CloseHandle(m_handle);
	}

	SafeHandle(const SafeHandle &source) {
		this->operator=(source);
	}

	// Legal Usage (assignment operator):
	// handle1 = handle2;
	SafeHandle& operator= (const SafeHandle &hSource) {
		// TODO: Check if DuplicateHandle is the function which is needed

		m_handle = hSource.m_handle;
		return *this;
	}

	SafeHandle& operator= (const HANDLE hSource) {
		// TODO: Check if DuplicateHandle is the function which is needed
		m_handle = hSource;
		return *this;
	}

	const HANDLE getRaw() const {
		return m_handle;
	}

private:
	HANDLE m_handle;
};

class Thread {
public:
	Thread(SYSTEM_THREADS_INFORMATION *threadInfo) : m_threadInfo(threadInfo) {}
	~Thread() {}

	SYSTEM_THREADS_INFORMATION *getPtr() { return m_threadInfo; }

	// Getters
	DWORD getStartAddress() { return (DWORD)m_threadInfo->StartAddress; }
	DWORD getProcessId() { return (DWORD)m_threadInfo->ClientId.UniqueProcess; }
	DWORD getThreadId() { return (DWORD)m_threadInfo->ClientId.UniqueThread; }
	int getPriority() { return m_threadInfo->Priority; }
	ULONG getContextSwitchCount() { return m_threadInfo->ContextSwitchCount; }
	int getState() { return m_threadInfo->State; }
	KWAIT_REASON getWaitReason() { return m_threadInfo->WaitReason; }
	gWin::SafeHandle getHandle() { return OpenThread(THREAD_ALL_ACCESS, FALSE, getThreadId()); }

private:
	SYSTEM_THREADS_INFORMATION *m_threadInfo;
};

class Process {
public:
	Process(SYSTEM_PROCESS_INFORMATION *spi, PVOID buf) : m_spi(spi), m_allBuffer(buf) {}

	void deallocWholeBuffer() { delete[] m_allBuffer; }
	SYSTEM_PROCESS_INFORMATION *getPtr() { return m_spi; }

	std::vector<Thread> &getThreads() {
		if (m_threads.size() <= 0)
			enumThreads();

		return m_threads;
	}

	std::vector<MODULEENTRY32> &getModules() {
		if (m_modules.size() <= 0)
			enumModules();

		return m_modules;
	}

	std::string getName() {
		if (m_spi->ImageName.Buffer != nullptr) {
			std::wstring wProcName = m_spi->ImageName.Buffer;
			return std::string(wProcName.begin(), wProcName.end());
		}
		else {
			return "nullptr";
		}
	}

	ModuleInfo getAssociatedModule(Thread *thread);
	DWORD getId() { return (DWORD)m_spi->UniqueProcessId; }

private:
	void enumModules();
	void enumThreads();

	DWORD getThreadStartAddress(HANDLE hThread);

private:
	std::vector<Thread> m_threads;
	std::vector<MODULEENTRY32> m_modules;

	SYSTEM_PROCESS_INFORMATION *m_spi;
	_SYSTEM_HANDLE_INFORMATION_T<PVOID> *m_shi;

	PVOID m_allBuffer;
};

class ProcessEnumerator {
public:
	ProcessEnumerator() { iterateProcesses(); }
	~ProcessEnumerator() { 
		if (m_processes.size() >= 0)
			m_processes[0].deallocWholeBuffer(); 
	}

	std::vector<Process> &getProcesses() {
		return m_processes;
	}

private:
	void iterateProcesses();

private:
	std::vector<Process> m_processes;
};

}
greyb1t is offline  
Thanks
1 User
Old 04/29/2016, 20:48   #14
 
elite*gold: 0
Join Date: Oct 2007
Posts: 45
Received Thanks: 33
trying the manual version on the official flyff. isnt it working on offi?
Amatzu is offline  
Old 04/29/2016, 20:54   #15
 
greyb1t's Avatar
 
elite*gold: 70
Join Date: Apr 2015
Posts: 421
Received Thanks: 1,023
Quote:
Originally Posted by Amatzu View Post
trying the manual version on the official flyff. isnt it working on offi?
I'm going to guess that it doesn't, but I don't know.
I don't play on official servers at all. It'd be quite dumb if it did work though.
greyb1t is offline  
Reply

Tags
bypass, cheat, flyff, greyb1t, hack


Similar Threads Similar Threads
YT-Tutorial: Easy Bypass [Working]
08/25/2013 - Wolfteam - 20 Replies
Bypass Wolfteam Ich zeige euch hier mal einen funktionierenden Bypass, mit verständlicher Erklärung. ;) Habe auch extra ein Tutorial für euch zusammengestellt, dass keine weiteren Fragen mehr auftreten sollten :P Schaut euch das Video an, und die Fragen sind wie weggeblasen ;)
[Tutorial] Anti Memory Detection Bypass Benutzung
05/25/2013 - S4 League Hacks, Bots, Cheats & Exploits - 2 Replies
Einen wunderschönen guten Abend, ich verkünde frohe Botschaftich hab herausgefunden wie man den Bypass von iKasaii benutz mit 2 anderen Bypässen Links werde ich zu den einzelnen Bypässen posten. Hier ist das Tutorial:Anti Memory Detection Hacking Und hier die Links zu den Bypässen:Xtrap Bypass(Delphi/C++) Decay' Bypass!



All times are GMT +1. The time now is 05:02.


Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2024 elitepvpers All Rights Reserved.