You last visited: Today at 05:51
Advertisement
[C++] Dll Injection Protection
Discussion on [C++] Dll Injection Protection within the Metin2 Hacks, Bots, Cheats, Exploits & Macros forum part of the Metin2 category.
05/23/2015, 15:36
#1
elite*gold: 0
Join Date: Oct 2010
Posts: 43
Received Thanks: 14
[C++] Dll Injection Protection
C++ SOURCE:
How to do?
In the clientside:
Code:
from ctypes import windll;
import os;
if windll.kernel32.GetModuleHandleA("AntiHack.dll") == 0:
windll.kernel32.LoadLibraryA("AntiHack.dll");
if windll.kernel32.GetModuleHandleA("AntiHack.dll") == 0: os._exit(0);
I don't have the module ctypes:
.
Attached Files
AntiHack.rar
(18.4 KB, 974 views)
05/24/2015, 16:38
#2
elite*gold: 0
Join Date: Dec 2014
Posts: 442
Received Thanks: 211
You'll need to make your post visible for everyone else nobody will be able to help you.
And btw isn't this the wrong place for asking such questions?
05/24/2015, 16:52
#3
elite*gold: 405
Join Date: Dec 2007
Posts: 6,615
Received Thanks: 6,356
Quote:
Originally Posted by
_asm
You'll need to make your post visible for everyone else nobody will be able to help you.
And btw isn't this the wrong place for asking such questions?
Where did he ask any questions? This is a release thread.
05/24/2015, 17:00
#4
elite*gold: 0
Join Date: Dec 2014
Posts: 442
Received Thanks: 211
Oops.. I thought he was asking for help "how to do?"
I'm sry...
05/25/2015, 00:15
#5
wild wild son
elite*gold: 0
Join Date: Feb 2011
Posts: 5,830
Received Thanks: 3,369
->
Quote:
Originally Posted by Section Rules
Threads without a virus scan are beeing closed but opened on request once a virus scan is available.
Therefore, scan the file and add the result to the topic, please.
Greetings
05/25/2015, 12:35
#6
elite*gold: 0
Join Date: Feb 2008
Posts: 2,754
Received Thanks: 1,748
Hier, da ist dein Scan:
An sich clean, nur irritiert mich der Import der Winsock32 DLL, die wird normalerweise nur für Networking gebraucht was hier eigentlich nicht vorhanden sein sollte.
Ich hab die Datei auch mal bei Avira zur Analyse eingereicht. Das Ergebnis wird hier zu finden sein, sobald diese abgeschlossen ist:
06/04/2015, 15:28
#7
elite*gold: 1000
Join Date: Jun 2015
Posts: 70
Received Thanks: 26
is it working?
06/12/2015, 04:00
#8
elite*gold: 0
Join Date: Jun 2011
Posts: 98
Received Thanks: 48
is this supposed to stop dll injection? or what? stopping some one from injecting code or a dll will be a really hard thing to do,the code can be injected before any thing else
06/13/2015, 15:26
#9
elite*gold: 0
Join Date: Oct 2010
Posts: 43
Received Thanks: 14
Code:
// dllmain.cpp | Protezione per Client Metin2 contro le Injections di alcune Hack.
#include "stdafx.h"
#include <windows.h>
#include <iostream>
#include <string>
#include <fstream>
#include <tlhelp32.h>
#include <shellapi.h>
#include <winsock2.h>
#include <detours.h>
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "detours.lib")
using namespace std;
// CONFIGURAZIONE
char *indirizzo_ip="5.135.216.193";
wchar_t *Launcher=L"OverKill.exe";
wchar_t *Argument=L"--Start";
long crc[]={
-1982651409, -776276586, 300965008, -987425146, -1020123781, 788909682,
-2060589118, -1551825781, -1944915785, -368720392, -826207030, 1140340929,
-771419281, -1752318991, 578798025, 2036887976, 890437574, 510542828,
-1791860780, -947847671, 1097594834, -1998392128, -178110029, 1953047600,
1301328157, 2029112070, -1333777692, -1721593028, 1347562111, 811390021,
1430524761, -981431290, -548174890, -504385778,
};
unsigned int porte_fake[]={11002, 13000, 13010};
// QUELLE CHE POTREBBE VEDERLE DECRIPTANDO ROOT
unsigned int porte_vere[]={11002, 13000, 13010};
// LE VERE PORTE CHE NON SI VEDANO A MENO CHE NON SI REVERSA LA PROTEZIONE
typedef struct _LSA_UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} LSA_UNICODE_STRING, *PLSA_UNICODE_STRING, UNICODE_STRING, *PUNICODE_STRING;
BOOL (__stdcall *_AllocConsole)(void);
BOOL __stdcall HookAllocConsole(void) {
return FALSE;
}
int (__stdcall *_connect)(SOCKET, const struct sockaddr*, int);
int __stdcall _connectHook(SOCKET s, const struct sockaddr*name, int namelen){
unsigned int porta=ntohs((*(unsigned int*)name->sa_data));
if (porta == porte_fake[0]) porta=porte_vere[0];
if (porta == porte_fake[1]) porta=porte_vere[1];
if (porta == porte_fake[2]) porta=porte_vere[1];
sockaddr_in *coso=(sockaddr_in*)name;
coso->sin_addr.S_un.S_addr=inet_addr(indirizzo_ip);
coso->sin_port=htons(porta);
return _connect(s, name, namelen);
}
long CRCFILE(std::string Filename) {
FILE *f;
if ((f=fopen(Filename.c_str(), "rb")) == NULL) {
return 0;
}
unsigned long size;
fseek(f, 0, SEEK_END);
size=ftell(f);
fseek(f, 0, SEEK_SET);
unsigned char *File=new (std::nothrow) unsigned char[size];
fread(File, 1, size, f);
fclose(f);
unsigned long crc[256];
for (unsigned int i=0; i<=0xFF; i++) {
unsigned long coso=0;
unsigned long I=i;
for (unsigned int b=1; b<9; b++) {
if (I & 1) coso |= 1 << (8-b);
I >>= 1;
}
crc[i]=coso << 24;
for (unsigned int c=0; c<8; c++) crc[i]=(crc[i] << 1) ^ (crc[i] & (1 << 31) ? 0x04c11db7 : 0);
unsigned long coso2=0;
unsigned long Ii=crc[i];
for (unsigned int d=1; d<33; d++) {
if (Ii & 1) coso2 |= 1 << (32-d);
Ii >>= 1;
}
crc[i]=coso2;
}
unsigned long Crc=0xffffffff;
for (unsigned int i=0; i<size; i++) Crc=(Crc >> 8) ^ crc[(Crc & 0xFF) ^ File[i]];
delete [] File;
return Crc^0xffffffff;
}
long CRCFILEW(std::wstring Filename) {
FILE *f;
if ((f=_wfopen(Filename.c_str(), L"rb")) == NULL) {
return 0;
}
unsigned long size;
fseek(f, 0, SEEK_END);
size=ftell(f);
fseek(f, 0, SEEK_SET);
unsigned char *File=new (std::nothrow) unsigned char[size];
fread(File, 1, size, f);
fclose(f);
unsigned long crc[256];
for (unsigned int i=0; i<=0xFF; i++) {
unsigned long coso=0;
unsigned long I=i;
for (unsigned int b=1; b<9; b++) {
if (I & 1) coso |= 1 << (8-b);
I >>= 1;
}
crc[i]=coso << 24;
for (unsigned int c=0; c<8; c++) crc[i]=(crc[i] << 1) ^ (crc[i] & (1 << 31) ? 0x04c11db7 : 0);
unsigned long coso2=0;
unsigned long Ii=crc[i];
for (unsigned int d=1; d<33; d++) {
if (Ii & 1) coso2 |= 1 << (32-d);
Ii >>= 1;
}
crc[i]=coso2;
}
unsigned long Crc=0xffffffff;
for (unsigned int i=0; i<size; i++) Crc=(Crc >> 8) ^ crc[(Crc & 0xFF) ^ File[i]];
delete [] File;
return Crc^0xffffffff;
}
int (__stdcall *LdrLoadDll)(
IN PWCHAR PathToFile OPTIONAL,
IN ULONG Flags OPTIONAL,
IN PUNICODE_STRING ModuleFileName,
OUT PHANDLE ModuleHandle);
int __stdcall HookLdrLoadDll(
IN PWCHAR PathToFile OPTIONAL,
IN ULONG Flags OPTIONAL,
IN PUNICODE_STRING ModuleFileName,
OUT PHANDLE ModuleHandle)
{
char lzDllName[1000]={0};
wcstombs(lzDllName, ModuleFileName->Buffer, wcslen(ModuleFileName->Buffer));
string GetString=(string)lzDllName;
long CRC32 = CRCFILE(GetString);
for (int i=0; i<=sizeof(crc)/sizeof(crc[0]); i++) {
if (CRC32 == crc[i]) {
fstream of("test.txt", fstream::in | fstream::out | fstream::app);
of << "[Protection] E' stata trovata " << GetString << " ...\n";
of.close();
remove(GetString.c_str());
exit(0);
return 0;
}
}
return LdrLoadDll(PathToFile, Flags, ModuleFileName, ModuleHandle);
}
int CheckModules()
{
MODULEENTRY32 me32;
HANDLE hModuleSnap=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetProcessId(0));
me32.dwSize=sizeof(MODULEENTRY32);
Module32First(hModuleSnap, &me32);
while (Module32Next(hModuleSnap, &me32)) {
wstring GetString=me32.szExePath;
long CRC32=CRCFILEW(GetString);
for (int i=0; i<=sizeof(crc)/sizeof(crc[0]); i++) {
if (CRC32 == crc[i]) {
FILE *f=_wfopen(L"test.txt", L"a");
wchar_t buff[400];
swprintf(buff, L"[Protection] E' stata trovata %s...\n", me32.szExePath);
fputws(buff, f);
fclose(f);
HMODULE mod=GetModuleHandle(me32.szExePath);
FreeLibrary(mod);
exit(0);
return 0;
}
}
}
CloseHandle(hModuleSnap);
return 0;
}
bool __CheckWindow(const char *window)
{
if (FindWindowA(NULL, window)) {
fstream of("test.txt", fstream::in | fstream::out | fstream::app);
of << "[Protection] E' stato identificato " << window << "...\n";
of.close();
return TRUE;
}
return FALSE;
}
void CheckWindows()
{
if (
//FINESTRE DELLE HACK CHE SI VOGLIANO BLOCCARE
__CheckWindow("CH347 3NG1N3 9.9") ||
__CheckWindow("Metin2 MultiHack 1.8.5") ||
__CheckWindow("Switch-Bot 1.0.0.4 © by Unpublished") ||
__CheckWindow("M2Bob") ||
__CheckWindow("M2Bob - Version 1.4") ||
__CheckWindow("M2Bob.net - Version 2.0.0") ||
__CheckWindow("M2Bob.net - Version 1.3.1") ||
__CheckWindow("M2Bob.net - Version 1.3.2") ||
__CheckWindow("M2Bob.net - Version 3.0.0") ||
__CheckWindow("M2Bob.net - Version 4.0.0") ||
__CheckWindow("Switch-Bot 1.0.0.4 © by Unpublished") ||
__CheckWindow("Winject") ||
__CheckWindow("OldSchoolInject") ||
__CheckWindow("ZiInjector © by Unpublished") ||
__CheckWindow("Extreme Injector v.3.3 by master131") ||
__CheckWindow("Kernel Detective v1.4.1 :: System Idle Process")
//SE VIENE TROVATA ALMENO UNA DI QUESTE FINESTRE IL CLIENT SI CHIUDERA'
)exit(0);
Sleep(3000);
CheckWindows();
}
void CheckArgument()
{
int i;
LPWSTR *arg=CommandLineToArgvW(GetCommandLineW(), &i);
if (!(wcscmp(arg[0], Launcher) == 0 && wcscmp(arg[1], Argument) == 0)) {
indirizzo_ip="127.0.0.1";
return;
}
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
{
fstream of("test.txt", fstream::in | fstream::out | fstream::trunc);
of << "Protection-Test by TheRock\n\n";
of.close();
CheckArgument();
CheckModules();
FreeConsole();
_connect=(int(__stdcall*)(SOCKET, const struct sockaddr*, int))DetourFunction((PBYTE)GetProcAddress(GetModuleHandleA("WS2_32.DLL"), "connect"), (PBYTE)_connectHook);
_AllocConsole = (BOOL (__stdcall*)(void))DetourFunction((PBYTE)GetProcAddress(LoadLibraryW(L"KERNEL32.DLL"), "AllocConsole"), (PBYTE)HookAllocConsole);
LdrLoadDll = (int (__stdcall*)(IN PWCHAR PathToFile OPTIONAL, IN ULONG Flags OPTIONAL, IN PUNICODE_STRING ModuleFileName, OUT PHANDLE ModuleHandle))DetourFunction((PBYTE)GetProcAddress(LoadLibraryW(L"NTDLL.DLL"), "LdrLoadDll"), (PBYTE)HookLdrLoadDll);
CreateThread(NULL, NULL, LPTHREAD_START_ROUTINE(CheckWindows), NULL, 0, 0);
}
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
06/19/2015, 22:37
#10
elite*gold: 0
Join Date: Feb 2015
Posts: 19
Received Thanks: 2
I do not understand. What exactly is this work? What does it do?
06/19/2015, 22:52
#11
elite*gold: 731
Join Date: Oct 2008
Posts: 6,267
Received Thanks: 1,502
Quote:
Originally Posted by
dreamfancyy
I do not understand. What exactly is this work? What does it do?
I understand that so:
If you want to Inject metin2client.bin, Hackshield will detected the injection or hackshield will detect the hacks you are using at the moment
and dll injection will protect your injection from hackshild also you will get no report message from hackshiled. Do you know what happens when you inject metin2client.bin ?
06/19/2015, 23:33
#12
elite*gold: 405
Join Date: Dec 2007
Posts: 6,615
Received Thanks: 6,356
Quote:
Originally Posted by
Kirmizi Beyaz
and dll injection will protect your injection from hackshild also you will get no report message from hackshiled. Do you know what happens when you inject metin2client.bin ?
That's totally the opposite of what this does.
06/20/2015, 04:29
#13
elite*gold: 0
Join Date: Jun 2015
Posts: 1
Received Thanks: 0
Quote:
Originally Posted by
WarXWar
C++ SOURCE:
How to do?
In the clientside:
Code:
from ctypes import windll;
import os;
if windll.kernel32.GetModuleHandleA("AntiHack.dll") == 0:
windll.kernel32.LoadLibraryA("AntiHack.dll");
if windll.kernel32.GetModuleHandleA("AntiHack.dll") == 0: os._exit(0);
I don't have the module ctypes:
.
thanks for sharing but not compiled
06/20/2015, 15:10
#14
elite*gold: 150
Join Date: Feb 2012
Posts: 95
Received Thanks: 15
Nice release. It works.
06/27/2015, 23:45
#15
elite*gold: 731
Join Date: Oct 2008
Posts: 6,267
Received Thanks: 1,502
Quote:
Originally Posted by
Mi4uric3
That's totally the opposite of what this does.
Ok, sorry then
.
I need more knowledge about dll injection
Similar Threads
Cloud Protection | DDoS Protection For SRO Servers | 300Gbps Protection | Cheap
09/13/2013 - Silkroad Online Trading - 3 Replies
Looks like I can't post images, if you'd like to see the thread design, please Go Here: http://i.imgur.com/IS4q7Kw.png.
Text version
Intoduction:
Features:
[Service]Client protection against DLL injection, special encryption, new algorythms.
11/19/2012 - Metin2 Trading - 4 Replies
Hi, I don't know if I'm in the good section but I don't really know where I have to post that. I think it's a part of release, if you think not you can move it, Thanks.
I'm here to propose you a Protection Package for your client.
Probably the best in the world, for sale.
If you buy, you will have:
An unpacker, a new game file, 2 new launchers, pack root with new protections against cheats, extractor ...
We use your root and can also use your launcher and your game but the packer will...
All times are GMT +2. The time now is 05:51 .