Ich werde gleich noch paar sachen posten.
Code:
// (c) by BakaBug
#include <windows.h>
// basic file operations
#include <iostream>
#include <fstream>
#include <stdio.h>
// xxx
using namespace std;
#pragma pack(1)
#define ASM void __declspec(naked)
#define EXPORT __declspec(dllexport) __cdecl
#define THREAD DWORD WINAPI
#define Naked __declspec( naked )
#define INST_NOP 0x90
#define INST_CALL 0xe8
#define INST_JMP 0xe9
#define INST_BYTE 0x00
#define SHORT_JZ 0x74
HINSTANCE hLThis = 0;
HINSTANCE hL = 0;
FARPROC p[167] = {0};
DWORD push1;
DWORD push2;
DWORD push3;
DWORD push4;
DWORD push5;
DWORD push0;
ifstream::pos_type size;
char * memblock;
char * memblock2;
LPVOID MemcpyEx(DWORD lpDest, DWORD lpSource, int len)
{
DWORD oldSourceProt,oldDestProt=0;
VirtualProtect((LPVOID)lpSource,len,PAGE_EXECUTE_READWRITE,&oldSourceProt);
VirtualProtect((LPVOID)lpDest,len,PAGE_EXECUTE_READWRITE,&oldDestProt);
memcpy((void*)lpDest,(void*)lpSource,len);
VirtualProtect((LPVOID)lpDest,len,oldDestProt,&oldDestProt);
VirtualProtect((LPVOID)lpSource,len,oldSourceProt,&oldSourceProt);
return (LPVOID)lpDest;
};
DWORD Intercept(int instruction, DWORD lpSource, DWORD lpDest, int len)
{
// if(!lpDest || !lpSource || len <= 4) //ich brauch auch 2bytes
// return FALSE; //lpDest = neu_adresse for SHOT_JZ
DWORD realtarget;
LPBYTE buffer = new BYTE[len];
memset(buffer,0x90,len); //Fill out with nops
if (instruction != INST_NOP && len >= 5)
{
buffer[(len-5)] = instruction; //Set the start of the call @ the end
//so we can return normally if the code is unpatched (unhook patches while patchfunction is running)
DWORD dwJMP = (DWORD)lpDest - (lpSource + 5 + (len-5));
memcpy(&realtarget,(void*)(lpSource+1),4);
realtarget = realtarget+lpSource+5;
memcpy(buffer + 1 + (len-5),&dwJMP,4);
}
if (instruction == SHORT_JZ)
{
buffer[0]=instruction;
buffer[1]=(BYTE)lpDest;
}
if (instruction == INST_BYTE)
{
buffer[0]=(BYTE)lpDest;
}
MemcpyEx(lpSource, (DWORD) buffer, len);// Call to intercept
delete[] buffer;
return realtarget;
}
void DecryptOld(void* offsetData,DWORD sizeData,DWORD key)
{
//decrypt ;)
__asm
{
//yeah push what he should load ~.~
push sizeData
push offsetData //what he shoudle edit..
push offsetData //what he shoudle edit..
push key // the key
//call the functionb
mov ebx,0x00559410
call ebx
}
}
void WorkWithIt()
{
printf("Crypt started... stealed data ;)nREADY TO DECRYPT FILESnn");
while (1>0)
{
printf("Filename: ");
char filename[255];
scanf("%s%*c",&filename);
//open file
printf(" >Opening file..n");
ifstream file (filename, ios::in|ios::binary|ios::ate);
//check if open
if (!(file.is_open()))
{
printf(" >FILE NOT FOUND !nn");
continue;
}
//load file into memory...
size = file.tellg();
DWORD mysize=size;
memblock = new char [mysize];
memblock2 = new char [mysize];
file.seekg (0, ios::beg);
file.read (memblock, size);
file.close();
//everything is loaded into memory ;)
//decrypt it..
__asm
{
push push5
push mysize
push memblock
push memblock2
push push1
mov eax,0x005AE7CF
call eax
add esp, 0x14
}
//cecrypt this one too
printf(" >Crypt key [HEX]:");
BYTE key;
scanf("%x%*c",&key);
DecryptOld((void*)memblock2,mysize,key);
//show it:
printf(" >Save itn");
char filename2[255];
sprintf(filename2,"%s.txt",filename);
ofstream file2 (filename2, ios::out|ios::binary|ios::ate);
file2.write (memblock2, size);
file2.close();
printf(" >FINISHnn");
//delete memory
delete[] memblock;
delete[] memblock2;
}
}
ASM MyLoadHook()
{
//steal the data
__asm
{
pop push0 //jump back adress
pop push1 // IMPORTANT FOR DECOMPRESS
pop push2 //dest
pop push3 //source
pop push4 //size
pop push5 // IMPORTANT FOR DECOMPRESS
}
//yhea whahaha..
WorkWithIt();
}
BOOL WINAPI DllMain(HINSTANCE hInst,DWORD reason,LPVOID)
{
if (reason == DLL_PROCESS_ATTACH)
{
//.. ja decrypter
//printf("BakaBug's DCrypt - http://bakabug.blogspot.com/n#########################################################n");
hLThis = hInst;
char system[MAX_PATH];
GetSystemDirectoryA(system,sizeof(system));
strcat_s(system,"\ws2_32_.dll");
hL = LoadLibraryA(system);
if (!hL) return false;
//printf("Waiting for Crypt start...n");
p[0] = GetProcAddress(hL,"FreeAddrInfoEx");
p[1] = GetProcAddress(hL,"FreeAddrInfoExW");
p[2] = GetProcAddress(hL,"FreeAddrInfoW");
p[3] = GetProcAddress(hL,"GetAddrInfoExA");
p[4] = GetProcAddress(hL,"GetAddrInfoExW");
p[5] = GetProcAddress(hL,"GetAddrInfoW");
p[6] = GetProcAddress(hL,"GetNameInfoW");
p[7] = GetProcAddress(hL,"InetNtopW");
p[8] = GetProcAddress(hL,"InetPtonW");
p[9] = GetProcAddress(hL,"SetAddrInfoExA");
p[10] = GetProcAddress(hL,"SetAddrInfoExW");
p[11] = GetProcAddress(hL,"WEP");
p[12] = GetProcAddress(hL,"WPUCompleteOverlappedRequest");
p[13] = GetProcAddress(hL,"WSAAccept");
p[14] = GetProcAddress(hL,"WSAAddressToStringA");
p[15] = GetProcAddress(hL,"WSAAddressToStringW");
p[16] = GetProcAddress(hL,"WSAAdvertiseProvider");
p[17] = GetProcAddress(hL,"WSAAsyncGetHostByAddr");
p[18] = GetProcAddress(hL,"WSAAsyncGetHostByName");
p[19] = GetProcAddress(hL,"WSAAsyncGetProtoByName");
p[20] = GetProcAddress(hL,"WSAAsyncGetProtoByNumber");
p[21] = GetProcAddress(hL,"WSAAsyncGetServByName");
p[22] = GetProcAddress(hL,"WSAAsyncGetServByPort");
p[23] = GetProcAddress(hL,"WSAAsyncSelect");
p[24] = GetProcAddress(hL,"WSACancelAsyncRequest");
p[25] = GetProcAddress(hL,"WSACancelBlockingCall");
p[26] = GetProcAddress(hL,"WSACleanup");
p[27] = GetProcAddress(hL,"WSACloseEvent");
p[28] = GetProcAddress(hL,"WSAConnect");
p[29] = GetProcAddress(hL,"WSAConnectByList");
p[30] = GetProcAddress(hL,"WSAConnectByNameA");
p[31] = GetProcAddress(hL,"WSAConnectByNameW");
p[32] = GetProcAddress(hL,"WSACreateEvent");
p[33] = GetProcAddress(hL,"WSADuplicateSocketA");
p[34] = GetProcAddress(hL,"WSADuplicateSocketW");
p[35] = GetProcAddress(hL,"WSAEnumNameSpaceProvidersA");
p[36] = GetProcAddress(hL,"WSAEnumNameSpaceProvidersExA");
p[37] = GetProcAddress(hL,"WSAEnumNameSpaceProvidersExW");
p[38] = GetProcAddress(hL,"WSAEnumNameSpaceProvidersW");
p[39] = GetProcAddress(hL,"WSAEnumNetworkEvents");
p[40] = GetProcAddress(hL,"WSAEnumProtocolsA");
p[41] = GetProcAddress(hL,"WSAEnumProtocolsW");
p[42] = GetProcAddress(hL,"WSAEventSelect");
p[43] = GetProcAddress(hL,"WSAGetLastError");
p[44] = GetProcAddress(hL,"WSAGetOverlappedResult");
p[45] = GetProcAddress(hL,"WSAGetQOSByName");
p[46] = GetProcAddress(hL,"WSAGetServiceClassInfoA");
p[47] = GetProcAddress(hL,"WSAGetServiceClassInfoW");
p[48] = GetProcAddress(hL,"WSAGetServiceClassNameByClassIdA");
p[49] = GetProcAddress(hL,"WSAGetServiceClassNameByClassIdW");
p[50] = GetProcAddress(hL,"WSAHtonl");
p[51] = GetProcAddress(hL,"WSAHtons");
p[52] = GetProcAddress(hL,"WSAInstallServiceClassA");
p[53] = GetProcAddress(hL,"WSAInstallServiceClassW");
p[54] = GetProcAddress(hL,"WSAIoctl");
p[55] = GetProcAddress(hL,"WSAIsBlocking");
p[56] = GetProcAddress(hL,"WSAJoinLeaf");
p[57] = GetProcAddress(hL,"WSALookupServiceBeginA");
p[58] = GetProcAddress(hL,"WSALookupServiceBeginW");
p[59] = GetProcAddress(hL,"WSALookupServiceEnd");
p[60] = GetProcAddress(hL,"WSALookupServiceNextA");
p[61] = GetProcAddress(hL,"WSALookupServiceNextW");
p[62] = GetProcAddress(hL,"WSANSPIoctl");
p[63] = GetProcAddress(hL,"WSANtohl");
p[64] = GetProcAddress(hL,"WSANtohs");
p[65] = GetProcAddress(hL,"WSAPoll");
p[66] = GetProcAddress(hL,"WSAProviderCompleteAsyncCall");
p[67] = GetProcAddress(hL,"WSAProviderConfigChange");
p[68] = GetProcAddress(hL,"WSARecv");
p[69] = GetProcAddress(hL,"WSARecvDisconnect");
p[70] = GetProcAddress(hL,"WSARecvFrom");
p[71] = GetProcAddress(hL,"WSARemoveServiceClass");
p[72] = GetProcAddress(hL,"WSAResetEvent");
p[73] = GetProcAddress(hL,"WSASend");
p[74] = GetProcAddress(hL,"WSASendDisconnect");
p[75] = GetProcAddress(hL,"WSASendMsg");
p[76] = GetProcAddress(hL,"WSASendTo");
p[77] = GetProcAddress(hL,"WSASetBlockingHook");
p[78] = GetProcAddress(hL,"WSASetEvent");
p[79] = GetProcAddress(hL,"WSASetLastError");
p[80] = GetProcAddress(hL,"WSASetServiceA");
p[81] = GetProcAddress(hL,"WSASetServiceW");
p[82] = GetProcAddress(hL,"WSASocketA");
p[83] = GetProcAddress(hL,"WSASocketW");
p[84] = GetProcAddress(hL,"WSAStartup");
p[85] = GetProcAddress(hL,"WSAStringToAddressA");
p[86] = GetProcAddress(hL,"WSAStringToAddressW");
p[87] = GetProcAddress(hL,"WSAUnadvertiseProvider");
p[88] = GetProcAddress(hL,"WSAUnhookBlockingHook");
p[89] = GetProcAddress(hL,"WSAWaitForMultipleEvents");
p[90] = GetProcAddress(hL,"WSApSetPostRoutine");
p[91] = GetProcAddress(hL,"WSCDeinstallProvider");
p[92] = GetProcAddress(hL,"WSCEnableNSProvider");
p[93] = GetProcAddress(hL,"WSCEnumProtocols");
p[94] = GetProcAddress(hL,"WSCGetApplicationCategory");
p[95] = GetProcAddress(hL,"WSCGetProviderInfo");
p[96] = GetProcAddress(hL,"WSCGetProviderPath");
p[97] = GetProcAddress(hL,"WSCInstallNameSpace");
p[98] = GetProcAddress(hL,"WSCInstallNameSpaceEx");
p[99] = GetProcAddress(hL,"WSCInstallProvider");
p[100] = GetProcAddress(hL,"WSCInstallProviderAndChains");
p[101] = GetProcAddress(hL,"WSCSetApplicationCategory");
p[102] = GetProcAddress(hL,"WSCSetProviderInfo");
p[103] = GetProcAddress(hL,"WSCUnInstallNameSpace");
p[104] = GetProcAddress(hL,"WSCUpdateProvider");
p[105] = GetProcAddress(hL,"WSCWriteNameSpaceOrder");
p[106] = GetProcAddress(hL,"WSCWriteProviderOrder");
p[107] = GetProcAddress(hL,"WahCloseApcHelper");
p[108] = GetProcAddress(hL,"WahCloseHandleHelper");
p[109] = GetProcAddress(hL,"WahCloseNotificationHandleHelper");
p[110] = GetProcAddress(hL,"WahCloseSocketHandle");
p[111] = GetProcAddress(hL,"WahCloseThread");
p[112] = GetProcAddress(hL,"WahCompleteRequest");
p[113] = GetProcAddress(hL,"WahCreateHandleContextTable");
p[114] = GetProcAddress(hL,"WahCreateNotificationHandle");
p[115] = GetProcAddress(hL,"WahCreateSocketHandle");
p[116] = GetProcAddress(hL,"WahDestroyHandleContextTable");
p[117] = GetProcAddress(hL,"WahDisableNonIFSHandleSupport");
p[118] = GetProcAddress(hL,"WahEnableNonIFSHandleSupport");
p[119] = GetProcAddress(hL,"WahEnumerateHandleContexts");
p[120] = GetProcAddress(hL,"WahInsertHandleContext");
p[121] = GetProcAddress(hL,"WahNotifyAllProcesses");
p[122] = GetProcAddress(hL,"WahOpenApcHelper");
p[123] = GetProcAddress(hL,"WahOpenCurrentThread");
p[124] = GetProcAddress(hL,"WahOpenHandleHelper");
p[125] = GetProcAddress(hL,"WahOpenNotificationHandleHelper");
p[126] = GetProcAddress(hL,"WahQueueUserApc");
p[127] = GetProcAddress(hL,"WahReferenceContextByHandle");
p[128] = GetProcAddress(hL,"WahRemoveHandleContext");
p[129] = GetProcAddress(hL,"WahWaitForNotification");
p[130] = GetProcAddress(hL,"WahWriteLSPEvent");
p[131] = GetProcAddress(hL,"__WSAFDIsSet");
p[132] = GetProcAddress(hL,"accept");
p[133] = GetProcAddress(hL,"bind");
p[134] = GetProcAddress(hL,"closesocket");
p[135] = GetProcAddress(hL,"connect");
p[136] = GetProcAddress(hL,"freeaddrinfo");
p[137] = GetProcAddress(hL,"getaddrinfo");
p[138] = GetProcAddress(hL,"gethostbyaddr");
p[139] = GetProcAddress(hL,"gethostbyname");
p[140] = GetProcAddress(hL,"gethostname");
p[141] = GetProcAddress(hL,"getnameinfo");
p[142] = GetProcAddress(hL,"getpeername");
p[143] = GetProcAddress(hL,"getprotobyname");
p[144] = GetProcAddress(hL,"getprotobynumber");
p[145] = GetProcAddress(hL,"getservbyname");
p[146] = GetProcAddress(hL,"getservbyport");
p[147] = GetProcAddress(hL,"getsockname");
p[148] = GetProcAddress(hL,"getsockopt");
p[149] = GetProcAddress(hL,"htonl");
p[150] = GetProcAddress(hL,"htons");
p[151] = GetProcAddress(hL,"inet_addr");
p[152] = GetProcAddress(hL,"inet_ntoa");
p[153] = GetProcAddress(hL,"inet_ntop");
p[154] = GetProcAddress(hL,"inet_pton");
p[155] = GetProcAddress(hL,"ioctlsocket");
p[156] = GetProcAddress(hL,"listen");
p[157] = GetProcAddress(hL,"ntohl");
p[158] = GetProcAddress(hL,"ntohs");
p[159] = GetProcAddress(hL,"recv");
p[160] = GetProcAddress(hL,"recvfrom");
p[161] = GetProcAddress(hL,"select");
p[162] = GetProcAddress(hL,"send");
p[163] = GetProcAddress(hL,"sendto");
p[164] = GetProcAddress(hL,"setsockopt");
p[165] = GetProcAddress(hL,"shutdown");
p[166] = GetProcAddress(hL,"socket");
//install load hook !!
//Intercept(INST_CALL,0x005A74A5,(DWORD)MyLoadHook,5);
}
if (reason == DLL_PROCESS_DETACH)
{
FreeLibrary(hL);
}
return 1;
}
// FreeAddrInfoEx
extern "C" __declspec(naked) void __stdcall __E__0__()
{
__asm
{
jmp p[0*4];
}
}
// FreeAddrInfoExW
extern "C" __declspec(naked) void __stdcall __E__1__()
{
__asm
{
jmp p[1*4];
}
}
// FreeAddrInfoW
extern "C" __declspec(naked) void __stdcall __E__2__()
{
__asm
{
jmp p[2*4];
}
}
// GetAddrInfoExA
extern "C" __declspec(naked) void __stdcall __E__3__()
{
__asm
{
jmp p[3*4];
}
}
// GetAddrInfoExW
extern "C" __declspec(naked) void __stdcall __E__4__()
{
__asm
{
jmp p[4*4];
}
}
// GetAddrInfoW
extern "C" __declspec(naked) void __stdcall __E__5__()
{
__asm
{
jmp p[5*4];
}
}
// GetNameInfoW
extern "C" __declspec(naked) void __stdcall __E__6__()
{
__asm
{
jmp p[6*4];
}
}
// InetNtopW
extern "C" __declspec(naked) void __stdcall __E__7__()
{
__asm
{
jmp p[7*4];
}
}
// InetPtonW
extern "C" __declspec(naked) void __stdcall __E__8__()
{
__asm
{
jmp p[8*4];
}
}
// SetAddrInfoExA
extern "C" __declspec(naked) void __stdcall __E__9__()
{
__asm
{
jmp p[9*4];
}
}
// SetAddrInfoExW
extern "C" __declspec(naked) void __stdcall __E__10__()
{
__asm
{
jmp p[10*4];
}
}
// WEP
extern "C" __declspec(naked) void __stdcall __E__11__()
{
__asm
{
jmp p[11*4];
}
}
// WPUCompleteOverlappedRequest
extern "C" __declspec(naked) void __stdcall __E__12__()
{
__asm
{
jmp p[12*4];
}
}
// WSAAccept
extern "C" __declspec(naked) void __stdcall __E__13__()
{
__asm
{
jmp p[13*4];
}
}
// WSAAddressToStringA
extern "C" __declspec(naked) void __stdcall __E__14__()
{
__asm
{
jmp p[14*4];
}
}
// WSAAddressToStringW
extern "C" __declspec(naked) void __stdcall __E__15__()
{
__asm
{
jmp p[15*4];
}
}
// WSAAdvertiseProvider
extern "C" __declspec(naked) void __stdcall __E__16__()
{
__asm
{
jmp p[16*4];
}
}
// WSAAsyncGetHostByAddr
extern "C" __declspec(naked) void __stdcall __E__17__()
{
__asm
{
jmp p[17*4];
}
}
// WSAAsyncGetHostByName
extern "C" __declspec(naked) void __stdcall __E__18__()
{
__asm
{
jmp p[18*4];
}
}
// WSAAsyncGetProtoByName
extern "C" __declspec(naked) void __stdcall __E__19__()
{
__asm
{
jmp p[19*4];
}
}
// WSAAsyncGetProtoByNumber
extern "C" __declspec(naked) void __stdcall __E__20__()
{
__asm
{
jmp p[20*4];
}
}
// WSAAsyncGetServByName
extern "C" __declspec(naked) void __stdcall __E__21__()
{
__asm
{
jmp p[21*4];
}
}
// WSAAsyncGetServByPort
extern "C" __declspec(naked) void __stdcall __E__22__()
{
__asm
{
jmp p[22*4];
}
}
// WSAAsyncSelect
extern "C" __declspec(naked) void __stdcall __E__23__()
{
__asm
{
jmp p[23*4];
}
}
// WSACancelAsyncRequest
extern "C" __declspec(naked) void __stdcall __E__24__()
{
__asm
{
jmp p[24*4];
}
}
// WSACancelBlockingCall
extern "C" __declspec(naked) void __stdcall __E__25__()
{
__asm
{
jmp p[25*4];
}
}
// WSACleanup
extern "C" __declspec(naked) void __stdcall __E__26__()
{
__asm
{
jmp p[26*4];
}
}
// WSACloseEvent
extern "C" __declspec(naked) void __stdcall __E__27__()
{
__asm
{
jmp p[27*4];
}
}
void DUMPIT()
{
DWORD exe_size=5718016 ;
DWORD i=0;
ofstream file2 ("engine_dump.exe", ios::out|ios::binary|ios::ate);
while (i<5718016)
{
char Buffer[65535]={0};
MemcpyEx((DWORD)&Buffer,(DWORD)(0x00400000+i),sizeof(Buffer));
file2.write (&Buffer[0], sizeof(Buffer));
i+=sizeof(Buffer);
}
file2.close();
}
// WSAConnect
extern "C" __declspec(naked) void __stdcall __E__28__()
{
//DUMP ENGINE.EXE
{
DUMPIT();
}
__asm
{
jmp p[28*4];
}
}
// WSAConnectByList
extern "C" __declspec(naked) void __stdcall __E__29__()
{
__asm
{
jmp p[29*4];
}
}
// WSAConnectByNameA
extern "C" __declspec(naked) void __stdcall __E__30__()
{
__asm
{
jmp p[30*4];
}
}
// WSAConnectByNameW
extern "C" __declspec(naked) void __stdcall __E__31__()
{
__asm
{
jmp p[31*4];
}
}
// WSACreateEvent
extern "C" __declspec(naked) void __stdcall __E__32__()
{
__asm
{
jmp p[32*4];
}
}
// WSADuplicateSocketA
extern "C" __declspec(naked) void __stdcall __E__33__()
{
__asm
{
jmp p[33*4];
}
}
// WSADuplicateSocketW
extern "C" __declspec(naked) void __stdcall __E__34__()
{
__asm
{
jmp p[34*4];
}
}
// WSAEnumNameSpaceProvidersA
extern "C" __declspec(naked) void __stdcall __E__35__()
{
__asm
{
jmp p[35*4];
}
}
// WSAEnumNameSpaceProvidersExA
extern "C" __declspec(naked) void __stdcall __E__36__()
{
__asm
{
jmp p[36*4];
}
}
// WSAEnumNameSpaceProvidersExW
extern "C" __declspec(naked) void __stdcall __E__37__()
{
__asm
{
jmp p[37*4];
}
}
// WSAEnumNameSpaceProvidersW
extern "C" __declspec(naked) void __stdcall __E__38__()
{
__asm
{
jmp p[38*4];
}
}
// WSAEnumNetworkEvents
extern "C" __declspec(naked) void __stdcall __E__39__()
{
__asm
{
jmp p[39*4];
}
}
// WSAEnumProtocolsA
extern "C" __declspec(naked) void __stdcall __E__40__()
{
__asm
{
jmp p[40*4];
}
}
// WSAEnumProtocolsW
extern "C" __declspec(naked) void __stdcall __E__41__()
{
__asm
{
jmp p[41*4];
}
}
// WSAEventSelect
extern "C" __declspec(naked) void __stdcall __E__42__()
{
__asm
{
jmp p[42*4];
}
}
// WSAGetLastError
extern "C" __declspec(naked) void __stdcall __E__43__()
{
__asm
{
jmp p[43*4];
}
}
// WSAGetOverlappedResult
extern "C" __declspec(naked) void __stdcall __E__44__()
{
__asm
{
jmp p[44*4];
}
}
// WSAGetQOSByName
extern "C" __declspec(naked) void __stdcall __E__45__()
{
__asm
{
jmp p[45*4];
}
}
// WSAGetServiceClassInfoA
extern "C" __declspec(naked) void __stdcall __E__46__()
{
__asm
{
jmp p[46*4];
}
}
// WSAGetServiceClassInfoW
extern "C" __declspec(naked) void __stdcall __E__47__()
{
__asm
{
jmp p[47*4];
}
}
// WSAGetServiceClassNameByClassIdA
extern "C" __declspec(naked) void __stdcall __E__48__()
{
__asm
{
jmp p[48*4];
}
}
// WSAGetServiceClassNameByClassIdW
extern "C" __declspec(naked) void __stdcall __E__49__()
{
__asm
{
jmp p[49*4];
}
}
// WSAHtonl
extern "C" __declspec(naked) void __stdcall __E__50__()
{
__asm
{
jmp p[50*4];
}
}
// WSAHtons
extern "C" __declspec(naked) void __stdcall __E__51__()
{
__asm
{
jmp p[51*4];
}
}
// WSAInstallServiceClassA
extern "C" __declspec(naked) void __stdcall __E__52__()
{
__asm
{
jmp p[52*4];
}
}
// WSAInstallServiceClassW
extern "C" __declspec(naked) void __stdcall __E__53__()
{
__asm
{
jmp p[53*4];
}
}
// WSAIoctl
extern "C" __declspec(naked) void __stdcall __E__54__()
{
__asm
{
jmp p[54*4];
}
}
// WSAIsBlocking
extern "C" __declspec(naked) void __stdcall __E__55__()
{
__asm
{
jmp p[55*4];
}
}
// WSAJoinLeaf
extern "C" __declspec(naked) void __stdcall __E__56__()
{
__asm
{
jmp p[56*4];
}
}
// WSALookupServiceBeginA
extern "C" __declspec(naked) void __stdcall __E__57__()
{
__asm
{
jmp p[57*4];
}
}
// WSALookupServiceBeginW
extern "C" __declspec(naked) void __stdcall __E__58__()
{
__asm
{
jmp p[58*4];
}
}
// WSALookupServiceEnd
extern "C" __declspec(naked) void __stdcall __E__59__()
{
__asm
{
jmp p[59*4];
}
}
// WSALookupServiceNextA
extern "C" __declspec(naked) void __stdcall __E__60__()
{
__asm
{
jmp p[60*4];
}
}
// WSALookupServiceNextW
extern "C" __declspec(naked) void __stdcall __E__61__()
{
__asm
{
jmp p[61*4];
}
}
// WSANSPIoctl
extern "C" __declspec(naked) void __stdcall __E__62__()
{
__asm
{
jmp p[62*4];
}
}
// WSANtohl
extern "C" __declspec(naked) void __stdcall __E__63__()
{
__asm
{
jmp p[63*4];
}
}
// WSANtohs
extern "C" __declspec(naked) void __stdcall __E__64__()
{
__asm
{
jmp p[64*4];
}
}
// WSAPoll
extern "C" __declspec(naked) void __stdcall __E__65__()
{
__asm
{
jmp p[65*4];
}
}
// WSAProviderCompleteAsyncCall
extern "C" __declspec(naked) void __stdcall __E__66__()
{
__asm
{
jmp p[66*4];
}
}
// WSAProviderConfigChange
extern "C" __declspec(naked) void __stdcall __E__67__()
{
__asm
{
jmp p[67*4];
}
}
// WSARecv
extern "C" __declspec(naked) void __stdcall __E__68__()
{
__asm
{
jmp p[68*4];
}
}
// WSARecvDisconnect
extern "C" __declspec(naked) void __stdcall __E__69__()
{
__asm
{
jmp p[69*4];
}
}
// WSARecvFrom
extern "C" __declspec(naked) void __stdcall __E__70__()
{
__asm
{
jmp p[70*4];
}
}
// WSARemoveServiceClass
extern "C" __declspec(naked) void __stdcall __E__71__()
{
__asm
{
jmp p[71*4];
}
}
// WSAResetEvent
extern "C" __declspec(naked) void __stdcall __E__72__()
{
__asm
{
jmp p[72*4];
}
}
// WSASend
extern "C" __declspec(naked) void __stdcall __E__73__()
{
__asm
{
jmp p[73*4];
}
}
// WSASendDisconnect
extern "C" __declspec(naked) void __stdcall __E__74__()
{
__asm
{
jmp p[74*4];
}
}
// WSASendMsg
extern "C" __declspec(naked) void __stdcall __E__75__()
{
__asm
{
jmp p[75*4];
}
}
// WSASendTo
extern "C" __declspec(naked) void __stdcall __E__76__()
{
__asm
{
jmp p[76*4];
}
}
// WSASetBlockingHook
extern "C" __declspec(naked) void __stdcall __E__77__()
{
__asm
{
jmp p[77*4];
}
}
// WSASetEvent
extern "C" __declspec(naked) void __stdcall __E__78__()
{
__asm
{
jmp p[78*4];
}
}
// WSASetLastError
extern "C" __declspec(naked) void __stdcall __E__79__()
{
__asm
{
jmp p[79*4];
}
}
// WSASetServiceA
extern "C" __declspec(naked) void __stdcall __E__80__()
{
__asm
{
jmp p[80*4];
}
}
// WSASetServiceW
extern "C" __declspec(naked) void __stdcall __E__81__()
{
__asm
{
jmp p[81*4];
}
}
// WSASocketA
extern "C" __declspec(naked) void __stdcall __E__82__()
{
__asm
{
jmp p[82*4];
}
}
// WSASocketW
extern "C" __declspec(naked) void __stdcall __E__83__()
{
__asm
{
jmp p[83*4];
}
}
// WSAStartup
extern "C" __declspec(naked) void __stdcall __E__84__()
{
__asm
{
jmp p[84*4];
}
}
// WSAStringToAddressA
extern "C" __declspec(naked) void __stdcall __E__85__()
{
__asm
{
jmp p[85*4];
}
}
// WSAStringToAddressW
extern "C" __declspec(naked) void __stdcall __E__86__()
{
__asm
{
jmp p[86*4];
}
}
// WSAUnadvertiseProvider
extern "C" __declspec(naked) void __stdcall __E__87__()
{
__asm
{
jmp p[87*4];
}
}
// WSAUnhookBlockingHook
extern "C" __declspec(naked) void __stdcall __E__88__()
{
__asm
{
jmp p[88*4];
}
}
// WSAWaitForMultipleEvents
extern "C" __declspec(naked) void __stdcall __E__89__()
{
__asm
{
jmp p[89*4];
}
}
// WSApSetPostRoutine
extern "C" __declspec(naked) void __stdcall __E__90__()
{
__asm
{
jmp p[90*4];
}
}
// WSCDeinstallProvider
extern "C" __declspec(naked) void __stdcall __E__91__()
{
__asm
{
jmp p[91*4];
}
}
// WSCEnableNSProvider
extern "C" __declspec(naked) void __stdcall __E__92__()
{
__asm
{
jmp p[92*4];
}
}
// WSCEnumProtocols
extern "C" __declspec(naked) void __stdcall __E__93__()
{
__asm
{
jmp p[93*4];
}
}
// WSCGetApplicationCategory
extern "C" __declspec(naked) void __stdcall __E__94__()
{
__asm
{
jmp p[94*4];
}
}
// WSCGetProviderInfo
extern "C" __declspec(naked) void __stdcall __E__95__()
{
__asm
{
jmp p[95*4];
}
}
// WSCGetProviderPath
extern "C" __declspec(naked) void __stdcall __E__96__()
{
__asm
{
jmp p[96*4];
}
}
// WSCInstallNameSpace
extern "C" __declspec(naked) void __stdcall __E__97__()
{
__asm
{
jmp p[97*4];
}
}
// WSCInstallNameSpaceEx
extern "C" __declspec(naked) void __stdcall __E__98__()
{
__asm
{
jmp p[98*4];
}
}
// WSCInstallProvider
extern "C" __declspec(naked) void __stdcall __E__99__()
{
__asm
{
jmp p[99*4];
}
}
// WSCInstallProviderAndChains
extern "C" __declspec(naked) void __stdcall __E__100__()
{
__asm
{
jmp p[100*4];
}
}
// WSCSetApplicationCategory
extern "C" __declspec(naked) void __stdcall __E__101__()
{
__asm
{
jmp p[101*4];
}
}
// WSCSetProviderInfo
extern "C" __declspec(naked) void __stdcall __E__102__()
{
__asm
{
jmp p[102*4];
}
}
// WSCUnInstallNameSpace
extern "C" __declspec(naked) void __stdcall __E__103__()
{
__asm
{
jmp p[103*4];
}
}
// WSCUpdateProvider
extern "C" __declspec(naked) void __stdcall __E__104__()
{
__asm
{
jmp p[104*4];
}
}
// WSCWriteNameSpaceOrder
extern "C" __declspec(naked) void __stdcall __E__105__()
{
__asm
{
jmp p[105*4];
}
}
// WSCWriteProviderOrder
extern "C" __declspec(naked) void __stdcall __E__106__()
{
__asm
{
jmp p[106*4];
}
}
// WahCloseApcHelper
extern "C" __declspec(naked) void __stdcall __E__107__()
{
__asm
{
jmp p[107*4];
}
}
// WahCloseHandleHelper
extern "C" __declspec(naked) void __stdcall __E__108__()
{
__asm
{
jmp p[108*4];
}
}
// WahCloseNotificationHandleHelper
extern "C" __declspec(naked) void __stdcall __E__109__()
{
__asm
{
jmp p[109*4];
}
}
// WahCloseSocketHandle
extern "C" __declspec(naked) void __stdcall __E__110__()
{
__asm
{
jmp p[110*4];
}
}
// WahCloseThread
extern "C" __declspec(naked) void __stdcall __E__111__()
{
__asm
{
jmp p[111*4];
}
}
// WahCompleteRequest
extern "C" __declspec(naked) void __stdcall __E__112__()
{
__asm
{
jmp p[112*4];
}
}
// WahCreateHandleContextTable
extern "C" __declspec(naked) void __stdcall __E__113__()
{
__asm
{
jmp p[113*4];
}
}
// WahCreateNotificationHandle
extern "C" __declspec(naked) void __stdcall __E__114__()
{
__asm
{
jmp p[114*4];
}
}
// WahCreateSocketHandle
extern "C" __declspec(naked) void __stdcall __E__115__()
{
__asm
{
jmp p[115*4];
}
}
// WahDestroyHandleContextTable
extern "C" __declspec(naked) void __stdcall __E__116__()
{
__asm
{
jmp p[116*4];
}
}
// WahDisableNonIFSHandleSupport
extern "C" __declspec(naked) void __stdcall __E__117__()
{
__asm
{
jmp p[117*4];
}
}
// WahEnableNonIFSHandleSupport
extern "C" __declspec(naked) void __stdcall __E__118__()
{
__asm
{
jmp p[118*4];
}
}
// WahEnumerateHandleContexts
extern "C" __declspec(naked) void __stdcall __E__119__()
{
__asm
{
jmp p[119*4];
}
}
// WahInsertHandleContext
extern "C" __declspec(naked) void __stdcall __E__120__()
{
__asm
{
jmp p[120*4];
}
}
// WahNotifyAllProcesses
extern "C" __declspec(naked) void __stdcall __E__121__()
{
__asm
{
jmp p[121*4];
}
}
// WahOpenApcHelper
extern "C" __declspec(naked) void __stdcall __E__122__()
{
__asm
{
jmp p[122*4];
}
}
// WahOpenCurrentThread
extern "C" __declspec(naked) void __stdcall __E__123__()
{
__asm
{
jmp p[123*4];
}
}
// WahOpenHandleHelper
extern "C" __declspec(naked) void __stdcall __E__124__()
{
__asm
{
jmp p[124*4];
}
}
// WahOpenNotificationHandleHelper
extern "C" __declspec(naked) void __stdcall __E__125__()
{
__asm
{
jmp p[125*4];
}
}
// WahQueueUserApc
extern "C" __declspec(naked) void __stdcall __E__126__()
{
__asm
{
jmp p[126*4];
}
}
// WahReferenceContextByHandle
extern "C" __declspec(naked) void __stdcall __E__127__()
{
__asm
{
jmp p[127*4];
}
}
// WahRemoveHandleContext
extern "C" __declspec(naked) void __stdcall __E__128__()
{
__asm
{
jmp p[128*4];
}
}
// WahWaitForNotification
extern "C" __declspec(naked) void __stdcall __E__129__()
{
__asm
{
jmp p[129*4];
}
}
// WahWriteLSPEvent
extern "C" __declspec(naked) void __stdcall __E__130__()
{
__asm
{
jmp p[130*4];
}
}
// __WSAFDIsSet
extern "C" __declspec(naked) void __stdcall __E__131__()
{
__asm
{
jmp p[131*4];
}
}
// accept
extern "C" __declspec(naked) void __stdcall __E__132__()
{
__asm
{
jmp p[132*4];
}
}
// bind
extern "C" __declspec(naked) void __stdcall __E__133__()
{
__asm
{
jmp p[133*4];
}
}
// closesocket
extern "C" __declspec(naked) void __stdcall __E__134__()
{
__asm
{
jmp p[134*4];
}
}
// connect
extern "C" __declspec(naked) void __stdcall __E__135__()
{
__asm
{
jmp p[135*4];
}
}
// freeaddrinfo
extern "C" __declspec(naked) void __stdcall __E__136__()
{
__asm
{
jmp p[136*4];
}
}
// getaddrinfo
extern "C" __declspec(naked) void __stdcall __E__137__()
{
__asm
{
jmp p[137*4];
}
}
// gethostbyaddr
extern "C" __declspec(naked) void __stdcall __E__138__()
{
__asm
{
jmp p[138*4];
}
}
// gethostbyname
extern "C" __declspec(naked) void __stdcall __E__139__()
{
__asm
{
jmp p[139*4];
}
}
// gethostname
extern "C" __declspec(naked) void __stdcall __E__140__()
{
__asm
{
jmp p[140*4];
}
}
// getnameinfo
extern "C" __declspec(naked) void __stdcall __E__141__()
{
__asm
{
jmp p[141*4];
}
}
// getpeername
extern "C" __declspec(naked) void __stdcall __E__142__()
{
__asm
{
jmp p[142*4];
}
}
// getprotobyname
extern "C" __declspec(naked) void __stdcall __E__143__()
{
__asm
{
jmp p[143*4];
}
}
// getprotobynumber
extern "C" __declspec(naked) void __stdcall __E__144__()
{
__asm
{
jmp p[144*4];
}
}
// getservbyname
extern "C" __declspec(naked) void __stdcall __E__145__()
{
__asm
{
jmp p[145*4];
}
}
// getservbyport
extern "C" __declspec(naked) void __stdcall __E__146__()
{
__asm
{
jmp p[146*4];
}
}
// getsockname
extern "C" __declspec(naked) void __stdcall __E__147__()
{
__asm
{
jmp p[147*4];
}
}
// getsockopt
extern "C" __declspec(naked) void __stdcall __E__148__()
{
__asm
{
jmp p[148*4];
}
}
// htonl
extern "C" __declspec(naked) void __stdcall __E__149__()
{
__asm
{
jmp p[149*4];
}
}
// htons
extern "C" __declspec(naked) void __stdcall __E__150__()
{
__asm
{
jmp p[150*4];
}
}
// inet_addr
extern "C" __declspec(naked) void __stdcall __E__151__()
{
__asm
{
jmp p[151*4];
}
}
// inet_ntoa
extern "C" __declspec(naked) void __stdcall __E__152__()
{
__asm
{
jmp p[152*4];
}
}
// inet_ntop
extern "C" __declspec(naked) void __stdcall __E__153__()
{
__asm
{
jmp p[153*4];
}
}
// inet_pton
extern "C" __declspec(naked) void __stdcall __E__154__()
{
__asm
{
jmp p[154*4];
}
}
// ioctlsocket
extern "C" __declspec(naked) void __stdcall __E__155__()
{
__asm
{
jmp p[155*4];
}
}
// listen
extern "C" __declspec(naked) void __stdcall __E__156__()
{
__asm
{
jmp p[156*4];
}
}
// ntohl
extern "C" __declspec(naked) void __stdcall __E__157__()
{
__asm
{
jmp p[157*4];
}
}
// ntohs
extern "C" __declspec(naked) void __stdcall __E__158__()
{
__asm
{
jmp p[158*4];
}
}
// recv
extern "C" __declspec(naked) void __stdcall __E__159__()
{
__asm
{
jmp p[159*4];
}
}
// recvfrom
extern "C" __declspec(naked) void __stdcall __E__160__()
{
__asm
{
jmp p[160*4];
}
}
// select
extern "C" __declspec(naked) void __stdcall __E__161__()
{
__asm
{
jmp p[161*4];
}
}
// send
extern "C" __declspec(naked) void __stdcall __E__162__()
{
__asm
{
jmp p[162*4];
}
}
// sendto
extern "C" __declspec(naked) void __stdcall __E__163__()
{
__asm
{
jmp p[163*4];
}
}
// setsockopt
extern "C" __declspec(naked) void __stdcall __E__164__()
{
__asm
{
jmp p[164*4];
}
}
// shutdown
extern "C" __declspec(naked) void __stdcall __E__165__()
{
__asm
{
jmp p[165*4];
}
}
// socket
extern "C" __declspec(naked) void __stdcall __E__166__()
{
__asm
{
jmp p[166*4];
}
}
Code:
// Source für HackShield Killn... (c) by BakaBug BYTE Replacer=0x85; DWORD Virutal_add=0x00504DBF-0x00104DBF; MemcpyEx(Virutal_add+0x00104DBF,(DWORD)&Replacer,1); Replacer=0x75; MemcpyEx(Virutal_add+0x00104F66,(DWORD)&Replacer,1); MemcpyEx(Virutal_add+0x0010DB66,(DWORD)&Replacer,1); Replacer=0x61; MemcpyEx(Virutal_add+0x002A2A6D,(DWORD)&Replacer,1);
Code:
//mein aller erster source... habe das speed,lvl mal rausgenommen
#include "HackMe.h"
#include "Hook_until.h"
#include <iostream>
#include <fstream>
#include <stdio.h>
#include <fcntl.h>
#include <io.h>
#include <process.h>
#include <windows.h>
using namespace std;
//Farben
void farbe(WORD color)
{
SetConsoleTextAttribute(::GetStdHandle(STD_OUTPUT_HANDLE), color);
}
#define BLAU 0x0001
#define GRUEN 0x0002
#define ROT 0x0004
#define NORMAL 0x0007
#define HELLBLAU 0x0009
#define GELB 0x000e
#define BG_BLAU_ROT 0x00014
#define BG_BLAU_NORMAL 0x00017
#define BG_GELB_SCHWARZ 0x000e0
//Farben ende
void IntDEBUG()
{
int hCrtIn, hCrtOut;
FILE *conIn, *conOut;
AllocConsole();
hCrtIn = _open_osfhandle ((intptr_t) GetStdHandle(STD_INPUT_HANDLE), _O_TEXT);
hCrtOut = _open_osfhandle ((intptr_t) GetStdHandle(STD_OUTPUT_HANDLE), _O_TEXT);
conIn = _fdopen( hCrtIn, "r" );
conOut = _fdopen( hCrtOut, "w" );
*stdin = *conIn;
*stdout = *conOut;
}
//Main
void MyThread(void* pParams)
{
farbe(GRUEN);
printf("------------>Killing HackShield Started ;)<------------n");
BYTE Replacer=0x85;
DWORD Virutal_add=0x00504DBF-0x00104DBF;
MemcpyEx(Virutal_add+0x00104DBF,(DWORD)&Replacer,1);
Replacer=0x75;
MemcpyEx(Virutal_add+0x00104F66,(DWORD)&Replacer,1);
MemcpyEx(Virutal_add+0x0010DB66,(DWORD)&Replacer,1);
Replacer=0x61;
MemcpyEx(Virutal_add+0x002A2A6D,(DWORD)&Replacer,1);
while( 0 < 1 )
{
farbe(GELB);
printf( "Enter command: " );
farbe(HELLBLAU);
char command[255]={0};
scanf("%s%*c",&command);
if (strcmp( command, "xxx" ) == 0)
printf("^^");
}
}
//Hack Start
void HackMeNow()
{
IntDEBUG();
farbe(ROT);
fprintf (stdout, "---PsErver Hackit Started... by Bloodx---");
_beginthread(MyThread,0,NULL);
}
//Hack start end
oder mache ich bei der injection was falsch?
