Code:
Module Hook #Region "Access" 'Setting some privileges. Const PROCESS_ALL_ACCESS = &H1F0FF Public Enum ThreadAccess As Integer TERMINATE = (&H1) SUSPEND_RESUME = (&H2) GET_CONTEXT = (&H8) SET_CONTEXT = (&H10) SET_INFORMATION = (&H20) QUERY_INFORMATION = (&H40) SET_THREAD_TOKEN = (&H80) IMPERSONATE = (&H100) DIRECT_IMPERSONATION = (&H200) End Enum #End Region #Region "Functions" Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Integer, ByVal bInheritHandle As Integer, ByVal dwProcessId As Integer) As Integer 'Functions that will allow us to write/read process memory. Public Declare Function WriteProcessMemory1 Lib "kernel32" Alias "WriteProcessMemory" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByRef lpBuffer As Integer, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Integer Public Declare Function ReadProcessMemory1 Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByRef lpBuffer As Integer, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Integer 'Functions to suspend/resume the process. Public Declare Function OpenThread Lib "kernel32.dll" (ByVal dwDesiredAccess As ThreadAccess, ByVal bInheritHandle As Boolean, ByVal dwThreadId As UInteger) As IntPtr Public Declare Function SuspendThread Lib "kernel32.dll" (ByVal hThread As IntPtr) As UInteger Public Declare Function ResumeThread Lib "kernel32.dll" (ByVal hThread As IntPtr) As UInteger Public Declare Function CloseHandle Lib "kernel32.dll" (ByVal hHandle As IntPtr) As Boolean #End Region #Region "Suspend/Resume" 'Some functions that allow us to suspend/resume the process. Public Function SuspendProcess(ByVal nProcess As System.Diagnostics.Process) For Each t As ProcessThread In nProcess.Threads Dim th As IntPtr th = OpenThread(ThreadAccess.SUSPEND_RESUME, False, t.Id) If th <> IntPtr.Zero Then SuspendThread(th) CloseHandle(th) End If Next End Function Public Function ResumeProcess(ByVal nProcess As System.Diagnostics.Process) For Each t As ProcessThread In nProcess.Threads Dim th As IntPtr th = OpenThread(ThreadAccess.SUSPEND_RESUME, False, t.Id) If th <> IntPtr.Zero Then ResumeThread(th) CloseHandle(th) End If Next End Function #End Region #Region "Memory" Public Function GetMemoryAddress(ByVal nProcess As String, ByVal nBaseAddress As Integer, ByVal nOffsets As Integer(), ByVal nLevel As Integer, Optional ByVal nSize As Integer = 4) As Integer Dim nAddress As Integer = nBaseAddress For i As Integer = 1 To nLevel nAddress = ReadInteger(nProcess, nAddress, nSize) + nOffsets(i - 1) Next Return nAddress End Function Public Function ReadInteger(ByVal nProcess As String, ByVal nAddress As Integer, Optional ByVal nSize As Integer = 4) As Integer If nProcess.EndsWith(".exe") Then nProcess = nProcess.Replace(".exe", Nothing) End If Dim ProcessHandle As Process() = Process.GetProcessesByName(nProcess) If Not ProcessHandle.Count = 1 Then Exit Function End If Dim hProcess As IntPtr = OpenProcess(PROCESS_ALL_ACCESS, 0, ProcessHandle(0).Id) If hProcess = IntPtr.Zero Then Exit Function End If Dim hAddress As Integer Dim vBuffer As Integer hAddress = nAddress ReadProcessMemory1(hProcess, hAddress, vBuffer, nSize, 0) Return vBuffer End Function Public Function DefineBytes(ByVal nProcess As String, ByVal nAddress As Integer, ByVal nValue As String) If nProcess.EndsWith(".exe") Then nProcess = nProcess.Replace(".exe", Nothing) End If If nValue.Contains(" ") Then nValue = nValue.Replace(" ", Nothing) End If Dim ProcessHandle As Process() = Process.GetProcessesByName(nProcess) If ProcessHandle.Length = 0 Then Exit Function End If Dim hProcess As IntPtr = OpenProcess(PROCESS_ALL_ACCESS, 0, ProcessHandle(0).Id) If hProcess = IntPtr.Zero Then Exit Function End If Dim C As Integer Dim B As Integer Dim D As Integer Dim V As Byte B = 0 D = 1 For C = 1 To Math****und((Len(nValue) / 2)) V = Val("&H" & Mid$(nValue, D, 2)) Call WriteProcessMemory1(hProcess, nAddress + B, V, 1, 0&) B = B + 1 D = D + 2 Next C End Function #End Region #Region "Message(s)" 'Some defines. Dim Credits As String = ("This bypass was created by Papulatus, happy hacking! ^^") REM: You could just leech this bypass, but I would appreciate it if you credit me :). Dim Bit32 As String = ("This bypass doesn't support 32-Bit!") REM: Disappoint some 32-Bit users. Dim SearchFailed As String = ("Couldn't find the MicroVolts directory, please put this application in the 'Bin' folder of MicroVolts!") REM: Message to display if we couldn't find the MicroVolts directory. #End Region #Region "Required addresses" 'The addresses we'll need to bypass XTrap. Dim GetProcAddress As Integer Dim ReadProcessMemory As Integer Dim XTrapDriver As Integer #End Region #Region "Timer(s)" Dim MainTMR As New System.Timers.Timer REM: Timer to do some important stuff. #End Region #Region "Main" REM: Our main. Sub Main() 'Timer settings: MainTMR.AutoReset = True MainTMR.Interval = 1 AddHandler MainTMR.Elapsed, AddressOf MainTMR_Tick If Environment.Is64BitOperatin****tem = False Then REM: Detect 32-Bit users. Console.WriteLine(Bit32) Else If My.Computer.FileSystem.CurrentDirectory.Contains("\MicroVolts\Bin") Then REM: Check if the application is in the 'Bin' folder of MicroVolts. Console.WriteLine(Credits) My.Computer.FileSystem.CurrentDirectory = My.Computer.FileSystem.CurrentDirectory.Replace("\Bin", Nothing) REM: Set current directory. Process.Start("Bin\MicroVolts.exe") MainTMR.Start() Else If My.Computer.FileSystem.DirectoryExists("C:\Program Files\MicroVolts\") Then Console.WriteLine(Credits) My.Computer.FileSystem.CurrentDirectory = ("C:\Program Files\MicroVolts\") REM: Set current directory. Process.Start("Bin\MicroVolts.exe") MainTMR.Start() ElseIf My.Computer.FileSystem.DirectoryExists("C:\Program Files (x86)\MicroVolts\") Then Console.WriteLine(Credits) My.Computer.FileSystem.CurrentDirectory = ("C:\Program Files (x86)\MicroVolts\") REM: Set current directory. Process.Start("Bin\MicroVolts.exe") MainTMR.Start() ElseIf My.Computer.FileSystem.DirectoryExists("C:\Archivos de Programa\MicroVolts\") Then Console.WriteLine(Credits) My.Computer.FileSystem.CurrentDirectory = ("C:\Archivos de Programa\MicroVolts\") REM: Set current directory. Process.Start("Bin\MicroVolts.exe") MainTMR.Start() ElseIf My.Computer.FileSystem.DirectoryExists("C:\Archivos de Programa (x86)\MicroVolts\") Then Console.WriteLine(Credits) My.Computer.FileSystem.CurrentDirectory = ("C:\Archivos de Programa (x86)\MicroVolts\") REM: Set current directory. Process.Start("Bin\MicroVolts.exe") MainTMR.Start() ElseIf My.Computer.FileSystem.DirectoryExists("C:\MicroVolts\") Then Console.WriteLine(Credits) My.Computer.FileSystem.CurrentDirectory = ("C:\MicroVolts\") REM: Set current directory. Process.Start("Bin\MicroVolts.exe") MainTMR.Start() ElseIf My.Computer.FileSystem.DirectoryExists("D:\MicroVolts\") Then Console.WriteLine(Credits) My.Computer.FileSystem.CurrentDirectory = ("D:\MicroVolts\") REM: Set current directory. Process.Start("Bin\MicroVolts.exe") MainTMR.Start() ElseIf My.Computer.FileSystem.DirectoryExists("D:\Program Files\MicroVolts\") Then Console.WriteLine(Credits) My.Computer.FileSystem.CurrentDirectory = ("D:\Program Files\MicroVolts\") REM: Set current directory. Process.Start("Bin\MicroVolts.exe") MainTMR.Start() ElseIf My.Computer.FileSystem.DirectoryExists("D:\Program Files (x86)\MicroVolts\") Then Console.WriteLine(Credits) My.Computer.FileSystem.CurrentDirectory = ("D:\Program Files (x86)\MicroVolts\") REM: Set current directory. Process.Start("Bin\MicroVolts.exe") MainTMR.Start() ElseIf My.Computer.FileSystem.DirectoryExists("D:\Archivos de Programa\MicroVolts\") Then Console.WriteLine(Credits) My.Computer.FileSystem.CurrentDirectory = ("D:\Archivos de Programa\MicroVolts\") REM: Set current directory. Process.Start("Bin\MicroVolts.exe") MainTMR.Start() ElseIf My.Computer.FileSystem.DirectoryExists("D:\Archivos de Programa (x86)\MicroVolts\") Then Console.WriteLine(Credits) My.Computer.FileSystem.CurrentDirectory = ("D:\Archivos de Programa (x86)\MicroVolts\") REM: Set current directory. Process.Start("Bin\MicroVolts.exe") MainTMR.Start() Else Console.WriteLine(SearchFailed) End If End If End If Do Until Console.Title = (Nothing) REM: A simple infinite loop to keep the console stay open. Console.ReadKey() Loop End Sub Private Sub MainTMR_Tick(ByVal sender As Object, ByVal e As System.Timers.ElapsedEventArgs) Dim MV() As Process = Process.GetProcessesByName("MicroVolts") Dim XT() As Process = Process.GetProcessesByName("XTrap.xt") GetProcAddress = GetMemoryAddress("MicroVolts", &HF5F0F0, {&H0}, 0, 4) REM: Grab MicroVolts' GetProcAddress function. ReadProcessMemory = ReadInteger("MicroVolts", GetProcAddress, 4) REM: Use MicroVolts' GetProcAddress function. XTrapDriver = GetMemoryAddress("MicroVolts", &H406BECD4, {&H0}, 0, 4) REM: Grab the XTrap driver. 'You'll need this if you want to create BYPASSED multiclients. Dim MVIndex As Integer = MV.Count - 1 Dim XTIndex As Integer = XT.Count - 1 If XT.Count = MV.Count Then REM: Check if XTrap is running. 'Begin the motherf*cking hook. SuspendProcess(MV(MVIndex)) DefineBytes("MicroVolts", XTrapDriver, "6F 6C 6F 6C 6F 6C 6F") REM: F*cking up the XTrap driver. DefineBytes("MicroVolts", ReadProcessMemory, "EB FE") REM: Send ReadProcessMemory to an infinite loop. ResumeProcess(MV(MVIndex)) REM: Enjoy the bypass ;). End REM: Close our handle. End If End Sub #End Region End Module
WARNING Please check the lines at
DefineBytes("MicroVolts", XTrapDriver, "6F 6C 6F 6C 6F 6C 6F") REM: F*cking up the XTrap driver.
DefineBytes("MicroVolts", ReadProcessMemory, "EB FE") REM: Send ReadProcessMemory to an infinite loop.
The man/ScriptKid who posted this tried to well.. play and mesh up the Xtrap Driver by overlooping the Memory. Correct this at your own.