Ai đang tập làm hack Au hay nghiên cứu về các vấn đề hack thì cứ Pót lên đây thảo luận nhé!
Code:
// test.cpp : Defines the entry point for the DLL application.
//
#include "stdafx.h"
#include <Windows.h>
//
void HideModule(HINSTANCE hModule)
{
DWORD dwPEB_LDR_DATA = 0;
_asm
{
pushad;
pushfd;
mov eax, fs:[30h] // PEB
mov eax, [eax+0Ch] // PEB->ProcessModuleInfo
mov dwPEB_LDR_DATA, eax // Save ProcessModuleInfo
InLoadOrderModuleList:
mov esi, [eax+0Ch] // ProcessModuleInfo->InLoadOrderModuleList[FORWARD]
mov edx, [eax+10h] // ProcessModuleInfo->InLoadOrderModuleList[BACKWARD]
LoopInLoadOrderModuleList:
lodsd // Load First Module
mov esi, eax // ESI points to Next Module
mov ecx, [eax+18h] // LDR_MODULE->BaseAddress
cmp ecx, hModule // Is it Our Module ?
jne SkipA // If Not, Next Please (@f jumps to nearest Unamed Lable @@
mov ebx, [eax] // [FORWARD] Module
mov ecx, [eax+4] // [BACKWARD] Module
mov [ecx], ebx // Previous Module's [FORWARD] Notation, Points to us, Replace it with, Module++
mov [ebx+4], ecx // Next Modules, [BACKWARD] Notation, Points to us, Replace it with, Module--
jmp InMemoryOrderModuleList // Hidden, so Move onto Next Set
SkipA:
cmp edx, esi // Reached End of Modules ?
jne LoopInLoadOrderModuleList // If Not, Re Loop
InMemoryOrderModuleList:
mov eax, dwPEB_LDR_DATA // PEB->ProcessModuleInfo
mov esi, [eax+14h] // ProcessModuleInfo->InMemoryOrderModuleList[START]
mov edx, [eax+18h] // ProcessModuleInfo->InMemoryOrderModuleList[FINISH]
LoopInMemoryOrderModuleList:
lodsd
mov esi, eax
mov ecx, [eax+10h]
cmp ecx, hModule
jne SkipB
mov ebx, [eax]
mov ecx, [eax+4]
mov [ecx], ebx
mov [ebx+4], ecx
jmp InInitializationOrderModuleList
SkipB:
cmp edx, esi
jne LoopInMemoryOrderModuleList
InInitializationOrderModuleList:
mov eax, dwPEB_LDR_DATA // PEB->ProcessModuleInfo
mov esi, [eax+1Ch] // ProcessModuleInfo->InInitializationOrderModuleList[START]
mov edx, [eax+20h] // ProcessModuleInfo->InInitializationOrderModuleList[FINISH]
LoopInInitializationOrderModuleList:
lodsd
mov esi, eax
mov ecx, [eax+08h]
cmp ecx, hModule
jne SkipC
mov ebx, [eax]
mov ecx, [eax+4]
mov [ecx], ebx
mov [ebx+4], ecx
jmp Finished
SkipC:
cmp edx, esi
jne LoopInInitializationOrderModuleList
Finished:
popfd;
popad;
}
}
DWORD WINAPI StartAddress(LPVOID lpArgs)
{
DWORD value1 = 0x90;
DWORD value2 = 0x3F7F;
DWORD value3 = 0x90;
long t=3;
unsigned long Protection;
while(1)
{
if(GetAsyncKeyState(VK_SHIFT))
{
BYTE value[] = {0x90, 0x90, 0x90, 0x90, 0x90};
VirtualProtect((void*)0x83cb98, sizeof(value), PAGE_READWRITE, &Protection);
memcpy((void*)0x83cb98, value, sizeof(t));
VirtualProtect((void*)0x83cb98, sizeof(value), Protection, 0);
}
if(GetAsyncKeyState(VK_SPACE))
{
BYTE value[] = {0xEE, 0x7C, 0x7F, 0x3F, 0xA4};
VirtualProtect((void*)0x83cb98, sizeof(value), PAGE_READWRITE, &Protection);
memcpy((void*)0x83cb98, value, sizeof(t));
VirtualProtect((void*)0x83cb98, sizeof(value), Protection, 0);
}
Sleep(100);
}
return 0;
}
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
if (ul_reason_for_call == DLL_PROCESS_ATTACH)
{
// MessageBoxA(NULL,GetCurrentProcess() , "Injection Successful", MB_OK); //Message Box.
CreateThread(NULL, NULL, StartAddress, NULL, NULL, NULL);
HideModule((HMODULE)hModule);
}
return TRUE;
}
// test.cpp : Defines the entry point for the DLL application.
//
#include "stdafx.h"
#include
//
DWORD WINAPI StartAddress(LPVOID lpArgs)
{
long t = 8 ;
unsigned long Protection;
while(1)
{
if(GetAsyncKeyState(VK_F11)) // on per beatup
{
BYTE value[] = {0x00,0x01};
VirtualProtect((void*)0x8C3796, sizeof(value), PAGE_READWRITE, &Protection);
memcpy((void*)0x8C3796, value, sizeof(t));
VirtualProtect((void*)0x8C3796, sizeof(value), Protection, 0);
MessageBeep(MB_ICONINFORMATION);
}
if(GetAsyncKeyState(VK_F12)) // off per beat up
{
BYTE value[] = {0x00,0x00};
VirtualProtect((void*)0x8C3796, sizeof(value), PAGE_READWRITE, &Protection);
memcpy((void*)0x8C3796, value, sizeof(t));
VirtualProtect((void*)0x8C3796, sizeof(value), Protection, 0);
MessageBeep(MB_ICONINFORMATION);
}
if(GetAsyncKeyState(VK_F11)) // on per one two
{
BYTE value[] = {0x8B,0x00,0x00,0x1F};
VirtualProtect((void*)0x8C3CA5, sizeof(value), PAGE_READWRITE, &Protection);
memcpy((void*)0x8C3CA5, value, sizeof(t));
VirtualProtect((void*)0x8C3CA5, sizeof(value), Protection, 0);
MessageBeep(MB_ICONINFORMATION);
}
if(GetAsyncKeyState(VK_F12)) // off per one two
{
BYTE value[] = {0x8B,0x5E,0x3F,0x1F};
VirtualProtect((void*)0x8C3CA5, sizeof(value), PAGE_READWRITE, &Protection);
memcpy((void*)0x8C3CA5, value, sizeof(t));
VirtualProtect((void*)0x8C3CA5, sizeof(value), Protection, 0);
MessageBeep(MB_ICONINFORMATION);
}
if(GetAsyncKeyState(VK_F11)) // on per beat rush
{
BYTE value[] = {0x99,0x99,0x99,0x99};
VirtualProtect((void*)0x8C437A, sizeof(value), PAGE_READWRITE, &Protection);
memcpy((void*)0x8C437A, value, sizeof(t));
VirtualProtect((void*)0x8C437A, sizeof(value), Protection, 0);
MessageBeep(MB_ICONINFORMATION);
}
if(GetAsyncKeyState(VK_F12)) // off per beat riush
{
BYTE value[] = {0x01,0x00,0x01,0x02};
VirtualProtect((void*)0x8C437A, sizeof(value), PAGE_READWRITE, &Protection);
memcpy((void*)0x8C437A, value, sizeof(t));
VirtualProtect((void*)0x8C437A, sizeof(value), Protection, 0);
MessageBeep(MB_ICONINFORMATION);
}
{
BYTE value[16] = {0x4B, 0x44, 0x4D, 0x6F};// quang cao KDMod
VirtualProtect((void*)0x902298, sizeof(value), PAGE_READWRITE, &Protection);
memcpy((void*)0x902298, value, sizeof(t));
VirtualProtect((void*)0x902298, sizeof(value), Protection, 0);
}
{
BYTE value[16] = {0x64,0x2D,0x2D,0x4B};
VirtualProtect((void*)0x90229C, sizeof(value), PAGE_READWRITE, &Protection);
memcpy((void*)0x90229C, value, sizeof(t));
VirtualProtect((void*)0x90229C, sizeof(value), Protection, 0);
}
{
BYTE value[16] = {0x44,0x4E,0x6F,0x31};
VirtualProtect((void*)0x9022A0, sizeof(value), PAGE_READWRITE, &Protection);
memcpy((void*)0x9022A0, value, sizeof(t));
VirtualProtect((void*)0x9022A0, sizeof(value), Protection, 0);
}
Sleep(100);
}
return 0;
}
bool APIENTRY DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpvReserved){
if (dwReason == DLL_PROCESS_ATTACH){
DisableThreadLibraryCalls(hModule);
}
CreateThread(0, 0, StartAddress, 0, 0, 0);
{
}
return TRUE;
}
Code:
[code]BYTE value[] = {0x00,0x01};
VirtualProtect((void*)0x8C3796, sizeof(value), PAGE_READWRITE, &Protection);
memcpy((void*)0x8C3796, value, sizeof(t));
VirtualProtect((void*)0x8C3796, sizeof(value), Protection, 0);
MessageBeep(MB_ICONINFORMATION);
BYTE value[]: giá trị cần đổi
VirtualProtect((void*): address của HEX cần chỉnh
MessageBeep(MB_ICONINFORMATION);: âm thanh khi kick[/code] hoạt.
MaxModz đã viết:cái này AD nên thành lập 1 đội huấn luyện viết Tools cho 4 forum biết cái gì chỉ cái đó may ra có cơ hội AE phát triển 4forum tốt dk
|
|