ini apa ADR_HSCallBack1 0x7907a // BYTE To Use 0xC3 ADR_HSCallBack2 0x09fa8 // BYTE To Use 0x74 ADR_HSNanoScan1 0x96863 // BYTE To Use 0x03,0xD2 ADR_HSNanoScan2 0x9457F // BYTE To Use 0xB8,0x00,0x00,0x00,0x00 void DetouringHackShield (void) { DWORD hEhSvc = (DWORD)GetModuleHandle(EhSvc.dll); if ( hEhSvc !=0 ) { DWORD ADR_HSCallBack1 = Tools.SearchPattern(hEhSvc,0x11E000,558BEC83EC??535657894DE0,ASM,0); DWORD ADR_HSCallBack2 = Tools.SearchPattern(hEhSvc,0x11E000,83C4??85DB75??55E8????????83C4??33??,ASM,5); DWORD ADR_HSNanoScan1 = Tools.SearchPattern(hEhSvc,0x11E000,8B45??03C28945??837DDC??,ASM,3); DWORD ADR_HSNanoScan2 = Tools.SearchPattern(hEhSvc,0x11E000,8B55??52E8????????83C4148945??837DE400,ASM,4); BYTE bpJe [1] = { 0x74 }; BYTE bpRetnA [1] = { 0xC3 }; Tools.BPPatching((void*)(ADR_HSCallBack2),bpJe,1); //EhSvc.dll CRC Check new actualy working Tools.BPPatching((void*)(ADR_HSCallBack1),bpRetnA,1); //EhSvc.dll Main EhSvc.dll Kill all HS ERROR bool FirstLog = true; bool SecondLog = false; do{ DWORD Pointer = *(DWORD*)ADR_ServerPTR; if ( Pointer != 0 && FirstLog && !SecondLog ) { BYTE bpAddEdx [2]= { 0x03,0xD2 }; BYTE bpMovEax [5]= { 0xB8,0x00,0x00,0x00,0x00 }; Tools.BPPatching((void*)(ADR_HSNanoScan1),bpAddEdx,2); // HS Sub Main Forcing Detection 1 Tools.BPPatching((void*)(ADR_HSNanoScan2),bpMovEax,5); // HS Sub Call Forcing Detection 2 Sleep(5000); BYTE NanoScan1OFF [2]= { 0x03,0xC2 }; Tools.BPPatching((void*)(ADR_HSNanoScan1),NanoScan1OFF,2); // Restoring after 5 second inside server FirstLog = false; SecondLog = true; } if ( Pointer == 0 && SecondLog ) { BYTE BTOFFanoScan2 [5] = { 0xE8,0xFE,0x17,0x00,0x00 }; // Restoing if server is == 0 Tools.BPPatching((void*)(ADR_HSNanoScan2),BTOFFanoScan2,5); FirstLog = true; SecondLog = false; } Sleep(20); }while(TRUE); }else{ Tools.AddLog(%s - Error: HackShield module not found!\n,Tools.AddTime()); ExitProcess(TRUE); } }
Posted on: Thu, 30 Oct 2014 12:09:27 +0000
Trending Topics
Recently Viewed Topics
© 2015