Undetected Endscene Hook [ GAMEGUARD ]

On miércoles, 27 de abril de 2011 0 comentarios

1. ] Some Says Hooking vtables are now detected, can i still Hook it withouth being kicked..??

2. ] Does GameGuard Scan The Whole d3d functions or just the modified vtable??



BTW im Hooking The Endscene of " Special Force [ soldierfront ] " but Gameguard always Kick Me Off..
Read more ...»

Undetected directx hook

On 0 comentarios

So, first of all, I am using Windows7 Build 7100, and XP is NOT supported by this method, since the driver model only applies to vista and above.

I was wondering how I could make a undetected directx hook, and I was searching some subfunctions. Eventually I came out by a function called pfnPresentCb. This is documented by microsoft: http://msdn.microsoft.com/en-us/library/ms791726.aspx

In Windows vista + windows 7, you can use this function to hook undetected. The reason why it still allows drawing, is because the buffer hasnt been flipped yet(there is also a pfnRender function, and that doesnt work because of this( tnx roverturbo ^^ ) ). So, it will look like this:

Code:
HRESULT APIENTRY npfnPresentCb( HANDLE pDevice, LPVOID pData )//remember that pDevice is not the d3d device :p
{
 _asm pushad;
 
 RenderFrame();

 _asm popad;

 HRESULT hRet = ppfnPresentCb( pDevice, pData ); 
 return hRet; 
}
Since this is a kernel usermode driver function( if you'll follow the calls, you'll see this calls the driver functions ), pb doesnt scan it( prolly gameguard/hackshield doesnt as well ).

The function is located @ d3d9 + 0x7B3F in windows7, build 7100. I am just giving you some ideas, since some of you around here are having a hard time with anti-cheat. This is why they fail

You can also hook gdi functions or so, or hook even deeper, or even hook the drivers.

This is very OS dependent, and wont even work on xp. Thats why I am releasing it, so pays*tes cant use it

Have fun,

R4z8r
Read more ...»

Xtrap bypass

On 1 comentarios

To Game: S4League

PHP Code:
#include 

#define HackDetect1 0x00435FA6
BYTE HD1[] = {0xEB0x35}; #define HackDetect2 0x0043CE36 BYTE HD2[] = {0xEB0x35}; #define HackDetect3 0x0043DCF0 BYTE HD3[] = {0xEB0x35}; #define HackDetect4 0x0043DCD1 BYTE HD4[] = {0xEB0x1F}; #define HackDetect5 0x0043DCE9 BYTE HD5[] = {0xEB0x07}; #define IsDebuggerPresent 0x00499517 BYTE IDP[] = {0x90}; #define ZCheckHackProcess1 0x00441E35 BYTE ZCHP1[] = {0xEB0x34}; #define ZCheckHackProcess2 0x00441E62 BYTE ZCHP2[] = {0xEB0x2C}; #define ZCheckHackProcess3 0x00441EBD BYTE ZCHP3[] = {0xEB0x09}; #define AbnormalBehavior 0x00440353 BYTE AB[] = {0xE90x8A0x000x000x00}; DWORD OldProtection; void WriteToMemory(DWORD OffsetDWORD PointerDWORD Length){ VirtualProtect((void *)OffsetLengthPAGE_EXECUTE_READWRITE, &OldProtection); RtlMoveMemory((void *)Offset, (const void*)PointerLength); VirtualProtect((void *)OffsetLengthOldProtection, &OldProtection);
}
void ModifyMemoryBYTE *OffsetBYTE *ByteArrayDWORD Length){
for(
DWORD i 0Lengthi++) WriteToMemory((DWORD)Offset i, (DWORD)ByteArray i1);
}
void Bypass()
{
ModifyMemory((BYTE*)HackDetect1HD12); ModifyMemory((BYTE*)HackDetect2HD22); ModifyMemory((BYTE*)HackDetect4HD42); ModifyMemory((BYTE*)HackDetect5HD52); ModifyMemory((BYTE*)AbnormalBehaviorAB5);
}
bool APIENTRY DllMain(HMODULE hModuleDWORD dwReasonLPVOID lpvReserved){
if(
dwReason == DLL_PROCESS_ATTACH){ DisableThreadLibraryCalls(hModule); Bypass();
return 
true;
}
return 
true;
Read more ...»

[C++]X-Trap Bypass

On 2 comentarios

Simply compile in C++ as a DLL and inject.

Source:

Code:
/*********************************************************************
** XTrap Bypass                      **
**********************************************************************
** Hacking Detected             **
** ----------------             **
** 00435FA6 EB 35 All referenced text string, 'Hacking detected' **
**      One line, up, change JNZ to JMP     **
** 0043CE36 EB 35 All referenced text string, 'Hacking detected' **
**      One line, up, change JNZ to JMP     **
** 0043DCF0 EB 35 All referenced text string, 'Hacking detected' **
**      One line, up, change JNZ to JMP     **
** 0043DCD1 EB 1F All referenced text string, 'Hacking detected' **
**      Jump #1 change JNZ to JMP       **
** 0043DCE9 EB 07 All referenced text string, 'Hacking detected' **
**      Jump #2 change JNZ to JMP       **
**                 **
** IsDebuggerPresent            **
** -----------------            **
** 00499517 90 Go to IsDebuggerPresent, do down and NOP first JNZ **
**                 **
** ZCheckHackProcess            **
** -----------------            **
** 00441E35 EB 34 All referenced text string, 'Hacking Detected' **
**      go up till start of function (PUSH -1),   **
**      go to the local call, under it theres a   **
**      TEST AL,AL, go down one more line, (JNZ) change **
**      it to JMP (Do this for all 3 'Hacking Detected' **
** 00441E62 EB 2C             **
** 00441EBD EB 09             **
**                 **
** Abnormal Behavior            **
** -----------------            **
** 00440353 E9 8A 00 00 00 All referenced text strings,    **
**         'An abnormal behavior is detected.',  **
**         go up 2 lines, change the JE to JMP  **
*********************************************************************/

#include 

#define HackDetect1 0x00435FA6
BYTE HD1[] = {0xEB, 0x35};
#define HackDetect2 0x0043CE36
BYTE HD2[] = {0xEB, 0x35};
#define HackDetect3 0x0043DCF0
BYTE HD3[] = {0xEB, 0x35};
#define HackDetect4 0x0043DCD1
BYTE HD4[] = {0xEB, 0x1F};
#define HackDetect5 0x0043DCE9
BYTE HD5[] = {0xEB, 0x07};
#define IsDebuggerPresent 0x00499517
BYTE IDP[] = {0x90};
#define ZCheckHackProcess1 0x00441E35
BYTE ZCHP1[] = {0xEB, 0x34};
#define ZCheckHackProcess2 0x00441E62
BYTE ZCHP2[] = {0xEB, 0x2C};
#define ZCheckHackProcess3 0x00441EBD
BYTE ZCHP3[] = {0xEB, 0x09};
#define AbnormalBehavior 0x00440353
BYTE AB[] = {0xE9, 0x8A, 0x00, 0x00, 0x00};

//Write To Memory
DWORD OldProtection;
void WriteToMemory(DWORD Offset, DWORD Pointer, DWORD Length){
    VirtualProtect((void *)Offset, Length, PAGE_EXECUTE_READWRITE, &OldProtection);
    RtlMoveMemory((void *)Offset, (const void*)Pointer, Length);
    VirtualProtect((void *)Offset, Length, OldProtection, &OldProtection);
}
void ModifyMemory( BYTE *Offset, BYTE *ByteArray, DWORD Length){
    for(DWORD i = 0; i < Length; i++)
        WriteToMemory((DWORD)Offset + i, (DWORD)ByteArray + i, 1);
}

void Bypass()
{
 ModifyMemory((BYTE*)HackDetect1, HD1, 2);
 ModifyMemory((BYTE*)HackDetect2, HD2, 2);
 //ModifyMemory((BYTE*)HackDetect3, HD3, 2);
 ModifyMemory((BYTE*)HackDetect4, HD4, 2);
 ModifyMemory((BYTE*)HackDetect5, HD5, 2);
 //ModifyMemory((BYTE*)IsDebuggerPresent, IDP, 1);
 //ModifyMemory((BYTE*)ZCheckHackProcess1, ZCHP1, 2);
 //ModifyMemory((BYTE*)ZCheckHackProcess2, ZCHP2, 2);
 //ModifyMemory((BYTE*)ZCheckHackProcess3, ZCHP3, 2);
 ModifyMemory((BYTE*)AbnormalBehavior, AB, 5);
}

bool APIENTRY DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpvReserved){
 if(dwReason == DLL_PROCESS_ATTACH){
  DisableThreadLibraryCalls(hModule);
  Bypass();
  return true;
 }
 return true;
}
Don't ask how to compile it. If you can't compile it you don't deserve it.
Works for all versions of xtrap to date.

Edit: Posted in the wrong section..Someone can move it if needed =)
Read more ...»

[Tutorial] How to make an Crosshair

On 1 comentarios

FIRST:I ONLY COPIED THE WHOLEN THREAD BECAUSE IT WILL HELP SOME CROSSFIRE CODER.

How To make You First CrossHair hack
This Tutorial will show you how to make begginer , crosshair hack . The program am using is called Visual Studio C++ [2010] , you can download 30day trial .
The SourceCode am using is not made by me , its made by some other guy am just using it to show you guys how to use SourceCodes [ if you know this dont post any crap comments ]
thanks .
{ i will include the source code here ]
This CrossHair only works in Window Mode
Works for any Game :P
Press Numpad0 to turn it on / off

TUTORIAL IS MADE BY LoveKiss
thanks to him
Source Code :

Code:
#include 
#include 
#include 
using namespace std;

bool crosshairon=false;
HDC ragedc = NULL;
int crosshairsize=0;
int cx=0;
int cy=0;

void CrossThread(void)
{
    while(1)
    {
        if(GetAsyncKeyState(VK_NUMPAD0)&1)
        {
            crosshairon=!crosshairon;
            ragedc = GetDC(HWND_DESKTOP);
            cx=GetSystemMetrics(SM_CXSCREEN)/2-((crosshairsize-1)/2);
            cy=GetSystemMetrics(SM_CYSCREEN)/2-((crosshairsize-1)/2);
        }
        Sleep(1);
    }
}

int main()
{
    cout<<"Crosshair size in pixels:\n";
    cin>>crosshairsize;
    if(crosshairsize%2==0)
    {
        crosshairsize+=1; 
    }
    system("cls"); 
    cout<<"Press numpad0 to toggle the crosshair on and off\n";
    CreateThread(0,0,(LPTHREAD_START_ROUTINE)CrossThread,0,0,0);
    while(1)
    {
        if(crosshairon==true)
        {
            for(int i=0;i
            {
                SetPixel(ragedc, cx+i, cy+((crosshairsize-1)/2), RGB(255,0,0));
                SetPixel(ragedc, cx+((crosshairsize-1)/2), cy+i, RGB(0,0,255));
            }

            if(crosshairon==false)
        
            for(int i=1;i
            {
                SetPixel(ragedc, cx+i, cy+((crosshairsize-1)/2), RGB(0,0,0));
                SetPixel(ragedc, cx+((crosshairsize-1)/2), cy+i, RGB(0,0,0));
            }
        }
        Sleep(33);
    }
}
Thank LoveKiss - Not Me
Read more ...»

[Tutorial] How to make a Addy Logger

On 0 comentarios

Today I'm showing you guys how to create your own addie logger!
CREDITZ: Dean-Wingess and NeoI.I.I - I only fixed some function errors
First of all create a normal project in C++.
Make it Win32 Dll without precompiled headers.

First of all we create the Functions!

We need to create a Header called: Log.h

Create it and paste:


Code:
char *GetDirectoryFile(char *filename);
void __cdecl Writelog (const char * fmt, ...);
void logging(HMODULE hDll);
#pragma message("master.h : Building Addylogger. Credits:Dean-Wingess, Neo I.I.I")
Save it

Then we need the Find pattern function!
create a header called: Pattern.h
And Paste:

Code:
DWORD dwSize;
DWORD dwStartAddress;

BOOL bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
{
if(*szMask == 'x' && *pData != *bMask)
return 0;
}
return (*szMask)==NULL;
}


DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
for(DWORD i=0; i < dwLen; i++)
if( bCompare( (BYTE*)( dwAddress+i ),bMask,szMask) )
return (DWORD)(dwAddress+i);
return 0;
}
After that we finished on creating the functions.

Create the Cpp Files:
Log.cpp

Paste:

Code:
#include 
#include 
#include 
#include 
#include 


using namespace std;

ofstream ofile;
char dlldirectory[320];

char *GetDirectoryFile(char *filename)
{
static char path[320];
strcpy(path, dlldirectory);
strcat(path, filename);
return path;
}

void __cdecl Writelog(const char *fmt, ...)
{
if(ofile != NULL)
{
if(!fmt) { return; }
va_list va_alist;
char logbuf[256] = {0};
va_start (va_alist, fmt);
_vsnprintf (logbuf+strlen(logbuf), sizeof(logbuf) - strlen(logbuf), fmt, va_alist);
va_end (va_alist);
ofile << logbuf << endl;
}}

void logging(HMODULE hDll){
DisableThreadLibraryCalls(hDll);
GetModuleFileName(hDll, dlldirectory, 512);
for(int i = strlen(dlldirectory); i > 0; i--) { if(dlldirectory[i] == '\\') { dlldirectory[i+1] = 0; break; } }
ofile.open(GetDirectoryFile("Adresses.txt"), ios::app); // here put the output filename
}
Main.cpp
paste:

Code:
#include 
#include 
#include "Log.h"
#include "Pattern.h"

bool IsGameReadyForHook()
{
if( GetModuleHandleA( "ClientFX.fxd" ) != NULL 
&& GetModuleHandleA( "CShell.dll" ) != NULL )
return true;

return false;
}

void SearchPatterns(void)
{
while (!IsGameReadyForHook()){
Sleep(50);
}
while(true){
dwSize = 0x500000; 

//Example DWORD dwPlayerPointer = FindPattern((PBYTE)"\x00\x00\x00\x00\x00\x00\x00};", "x????xxxx", 1, true);

DWORD nametags1 = FindPattern((DWORD)GetModuleHandleA("CShell.dll"), 0x9c0000, (PBYTE)"\x75\x21\x80\x7B\x00\x00", "xxxx??");
DWORD nametags2 = FindPattern((DWORD)GetModuleHandleA("CShell.dll"), 0x9c0000, (PBYTE)"\x75\x05\xBD\x00\x00\x00\x00\x8B\x17", "xxx????xx");
//-------------------------------------------------------------//
Writelog("//==============Dean-Wingess N3x0n Logger==============\\");
Writelog("//==============Created and developed by:==============\\");
Writelog("//======================Dean-Wingess===================\\");
Writelog("//====================== Neo I.I.I ===================\\");
Writelog("//====================== FlaVour ===================\\");
Writelog("");
Writelog("#define NoReload 0x%X",NoReload);
Writelog("#define FallDamage 0x%X",FallDamage);


Writelog("");
Writelog("//*************************Next log*********************************");



ExitProcess(0);
}
}

BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
DisableThreadLibraryCalls(hDll);
if (dwReason==DLL_PROCESS_ATTACH)
{
logging(hDll);
ShellExecuteA(0,"open","http://mpgh.net",0,0,SW_MINIMIZE);
CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)SearchPatterns, NULL, NULL, NULL);
}
return TRUE;
}
WARNING:THE PATTERN ARE OLD - IAM TO LAZY TO GET THE NEWEST

Please dont ask questions like "what i have to do with it."
its for people,who understand c++!
Read more ...»

[Source]Crossfire Speed Hack

On 0 comentarios

[Source] Crossfire Speed Hack Code:
#include
#include

int Speedhack=0;

DWORD CShellBase = (DWORD) GetModuleHandle("cshell.dll");
DWORD SpeedHack = CShellBase + 0x5BE458;

void Speed()
{
while(1){
if(GetAsyncKeyState(VK_NUMPAD1)&1){
Speedhack++;
if(Speedhack > 2){Speedhack=1;};
}
if (Speedhack==1){ // Faster
*(DWORD*)(*(DWORD*)SpeedHack) = 0x46A29CE8;
*(DWORD*)((*(DWORD*)SpeedHack) + 0x20) = 0x46A29CE8;
}
if(Speedhack==2){ // Normal Speed Value
*(DWORD*)(*(DWORD*)SpeedHack) = 0x45938DF8;
*(DWORD*)((*(DWORD*)SpeedHack) + 0x20) = 0x45938DF8;
}
Sleep(100);
}
}

BOOL WINAPI DllMain(HINSTANCE module, DWORD dwReason, LPVOID lpvReserved)
{
if(dwReason == DLL_PROCESS_ATTACH)
{
CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)Speed, NULL, NULL, NULL);
}
return TRUE;
}

Credits To Zackth14 And Me For Posting Here
Rep And Thanks
Read more ...»

here's my implementation: (modified md5 & aes libs and ollydbg lib is missing):

On 0 comentarios

HShieldEmu.h 
#ifndef __HACKSHIELDEMU_H
#define __HACKSHIELDEMU_H

#include "global.h"
struct hshield_packet_ack_server {
  
DWORD IntegrityCheck1_offset_ragII_exe;
  
DWORD IntegrityCheck1_size_ragII_exe;
  
DWORD VerfiyCheck_data;
  
DWORD enabled_checks;
  
DWORD MemoryCheck_function_adresses[32];
};
struct hshield_packet_ack_client {
  
DWORD VerifyCheck_checksum[2];
  
BYTE IntegrityCheck1_checksum[16];
  
BYTE MemoryCheck_checksum[16];
  
BYTE IntegrityCheck2_checksum[16];
  
BYTE IntegrityCheck3_checksum[16];
};


static class 
HackShieldEmu {

    
enum doHShieldCheckFlags {
      
doMemoryCheck 1,     // calculate checksums of function addresses given by the server
      
doIntegrityCheck1 2// calculate checksum of RagII.exe
      
doIntegrityCheck2 4// calculate checksum of Ehsvc.dll and EGRNAP.dll
      
doIntegrityCheck3 8// calculate checksum of v3warpds.v3d and v3warpns.v3d
    
};


    
// hshield MakeGUIDAckMsg() and MakeGUIDAck() functions
    //

    // calculates the GUIDAck answer for given challenge input (20 bytes)
    // output is 20 bytes
    // reuturns 0 if successful
    
int MakeGUIDAckMsg(unsigned char *inputunsigned char *ack_answer);

    
// input: 160 bytes from server->client ack packet
    // ack_answer: 72 bytes for the client->server packet
    // returns 0 if succesful
    
int MakeAckMSG(unsigned char *inputunsigned char *ack_answer);


    
// input: the first 16 bytes from hshield server packet
    // output: 16 bytes aes key
    
void calculate_hshield_aeskey(unsigned charinputunsigned charoutput)
   
    
// internal functions, not documented here
    
int GetCustumMD5OfFile(char *filename,DWORD offsetDWORD sizeBYTE *output);

    
int GetMemoryCheckData(hshield_packet_ack_server *ackData,hshield_packet_ack_client *ackAnswer);
    
int GetIntegrityCheck1Data(hshield_packet_ack_server *ackData,hshield_packet_ack_client *ackAnswer);
    
int GetIntegrityCheck2Data(hshield_packet_ack_server *ackData,hshield_packet_ack_client *ackAnswer);
    
int GetIntegrityCheck3Data(hshield_packet_ack_server *ackData,hshield_packet_ack_client *ackAnswer);



    
// hshield.log de-/encryption functions
    //
    // format of a hshield.log file:
    //
    // struct hshield_log_file {
    //   hshield_log_entry entries[x];
    // };   
    //
    // struct hshield_log_entry {
    //   int log_size;
    //   unsigned char log_data[log_size];
    // };
    //

    // output: pointer to the output buffer (must have same size as input buffer)
    // input: pointer to the input buffer
    // sizeInput: size of the input buffer (in bytes)
    // key: key used for de-/encryption (RO2 default key is 1252)
    
int encrypt_logfile_data(unsigned char *outputunsigned char *inputint sizeInput,DWORD key 1252);
    
int decrypt_logfile_data(unsigned char *outputunsigned char *inputint sizeInput,DWORD key 1252);

};
#endif  


HShieldEmu.cpp
#include "HackShieldEmu.h"
int HackShieldEmu::MakeGUIDAckMsg(unsigned char *inputunsigned char *ack_answer)
{
   
unsigned char *encryption_key = new unsigned char[16];
   
calculate_hshield_aeskey(&input[0],encryption_key);

   
unsigned char guid_of_EhSvc_dll[]= { 0xF6 0x33 0x08 0x58 0x90 0x28 0x80 0x44 0x81 0xDF 0xA5 0xC9 0x19 0x6D 0x46 0xF7 };

   
memcpy(&guid_answer[4],guid_of_EhSvc_dll,16);

   
unsigned char *decrypted_input = new unsigned char[4];
   
Decrypt(&input[16],4decrypted_inputencryption_key);

   
DWORD *a1 = (DWORD*)&decrypted_input[0];
   
DWORD *a2 = (DWORD*)&guid_answer[0];
    *
a2 = -1658038656 & (((*a1 >> 11) ^ *a1) << 7) ^ (*a1 >> 11) ^ *a1;

   
Encrypt(ack_answer,20,guid_answer,encryption_key);

   
delete[] encryption_key;
   
delete[] decrypted_input;

   return 
0;
}

int HackShieldEmu::MakeAckMSG(unsigned char *inputunsigned char *ack_answer)
{
   
hshield_packet_ack_client *ackAnswer = (hshield_packet_ack_client*)ack_answer;
   
memset(ackAnswer,0,72);

   
unsigned char *encryption_key = new unsigned char[16];
   
calculate_hshield_aeskey(&input[0],encryption_key);

   
hshield_packet_ack_server *ackData = new hshield_packet_ack_server();
   
Decrypt(&input[16],144, (BYTE*)ackDataencryption_key);

   
// always do VerifyCheck
   
ackAnswer->VerifyCheck_checksum[0] = -1658038656 & (((ackData->VerfiyCheck_data >> 11) ^ ackData->VerfiyCheck_data) << 7) ^ (ackData->VerfiyCheck_data >> 11) ^ ackData->VerfiyCheck_data;
   
ackAnswer->VerifyCheck_checksum[1] = ackData->VerfiyCheck_data ^ (ackData->VerfiyCheck_data << 15);
 
   
// do MemoryCheck if requested
   
if(ackData->enabled_checks doMemoryCheck) {
     if(
GetMemoryCheckData(ackData,ackAnswer)) return 1;
   }

   
// do IntegrityCheck1 if requested
   
if(ackData->enabled_checks doIntegrityCheck1) {
     if(
GetIntegrityCheck1Data(ackData,ackAnswer)) return 2;
   }

   
// do IntegrityCheck2 if requested
   
if(ackData->enabled_checks doIntegrityCheck2) {
     if(
GetIntegrityCheck2Data(ackData,ackAnswer)) return 3;
   }

   
// do IntegrityCheck3 if requested
   
if(ackData->enabled_checks doIntegrityCheck3) {
     if(
GetIntegrityCheck3Data(ackData,ackAnswer)) return 4;
   }

   
Encrypt((BYTE*)ackAnswer,72,(BYTE*)ackAnswer,encryption_key);

   
delete[] encryption_key;
   
delete ackData;

   return 
0;
}

int HackShieldEmu::GetCustumMD5OfFile(char *filename,DWORD offsetDWORD sizeBYTE *output)
{
  
ifstream file (filenameios::in|ios::binary|ios::ate);
  if (
file.is_open())
  {
    
ifstream::pos_type fsize file.tellg();
    
DWORD ifsize = (DWORD)fsize;
    
BYTE *filebuf = new unsigned char [fsize];
    
file.seekg (0ios::beg);
      
file.read((char*)filebuffsize);
    
file.close();

    
md5_state_t state;
    
md5_init(&state);
      
    if(
offset || size) {
        
md5_append_hshield(&state, &filebuf[offset], size);
        
md5_append_hshield(&state, &filebuf[0], ifsize);

    }
    else {
        
md5_append_hshield(&state, &filebuf[0], 40);
        
md5_append_hshield(&state, &filebuf[60], ifsize-60);
    }

    
md5_finish_hshield(&stateoutput);


    
delete[] filebuf;

    return 
0;
  }

  return 
1;
}
int HackShieldEmu::GetMemoryCheckData(hshield_packet_ack_server *ackData,hshield_packet_ack_client *ackAnswer)
{
    
md5_state_t state;
    
md5_init(&state);
   
    for(
int i=0i<32i++) {
       if(
ackData->MemoryCheck_function_adresses[i] == 0) break;
     
       
DWORD pointer =  ackData->MemoryCheck_function_adresses[i];
       
DWORD len 0;

       while(
true) {
           
t_disasm da;
           
pointer += Disasm((char*)pointer,MAXCMDSIZE,0x400000,&da,DISASM_SIZE);

       if(*(
BYTE*)pointer == 0xC2 ) break;      // ret value
           
else if(*(BYTE*)pointer == 0xC3 ) break; // ret
           
else if(*(BYTE*)pointer == 0xCA ) break; // retf value
           
else if(*(BYTE*)pointer == 0xCB ) break; // retf
       
}

       
DWORD length pointer ackData->MemoryCheck_function_adresses[i];

       if(
length 0) {
          
unsigned char md5_buffer[16];
          
md5_get_hshield(&md5_buffer[0], (BYTE*)ackData->MemoryCheck_function_adresses[i], length);
          
md5_append_hshield(&state, &md5_buffer[0], 16);
       }

    }

    
md5_finish_hshield(&state, &ackAnswer->MemoryCheck_checksum[0]);

    return 
0;
}
int HackShieldEmu::GetIntegrityCheck1Data(hshield_packet_ack_server *ackData,hshield_packet_ack_client *ackAnswer)
{
    return 
GetCustumMD5OfFile("..\\checksum_files\\RagII.exe"ackData->IntegrityCheck1_offset_ragII_exeackData->IntegrityCheck1_size_ragII_exe, &ackAnswer->IntegrityCheck1_checksum[0]);
}
int HackShieldEmu::GetIntegrityCheck2Data(hshield_packet_ack_server *ackData,hshield_packet_ack_client *ackAnswer)
{
    
md5_state_t state;
    
md5_init(&state);

    
unsigned char temp_md5[16];
      
    if(
GetCustumMD5OfFile("..\\checksum_files\\Ehsvc.dll"00, &temp_md5[0])) return 1;
    
md5_append_hshield(&state, &temp_md5[0], 16);

    if(
GetCustumMD5OfFile("..\\checksum_files\\EGRNAP.dll"00, &temp_md5[0])) return 2;
    
md5_append_hshield(&state, &temp_md5[0], 16);

    
md5_finish_hshield(&state, &ackAnswer->IntegrityCheck2_checksum[0]);

    return 
0;
}
int HackShieldEmu::GetIntegrityCheck3Data(hshield_packet_ack_server *ackData,hshield_packet_ack_client *ackAnswer)
{
    
md5_state_t state;
    
md5_init(&state);

    
unsigned char temp_md5[16];
      
    if(
GetCustumMD5OfFile("..\\checksum_files\\v3warpds.v3d"00, &temp_md5[0])) return 1;
    
md5_append_hshield(&state, &temp_md5[0], 16);

    if(
GetCustumMD5OfFile("..\\checksum_files\\v3warpns.v3d"00, &temp_md5[0])) return 2;
    
md5_append_hshield(&state, &temp_md5[0], 16);

    
md5_finish_hshield(&state, &ackAnswer->IntegrityCheck3_checksum[0]);

    return 
0;
}


void HackShieldEmu::calculate_hshield_aeskey(unsigned charinputunsigned charoutput)
{
    
unsigned char *temp = new unsigned char[20];
    
memcpy(tempinput16);
   

    for(
int i=0;i<5;i++)
    {
       
md5_state_t state;
       
md5_init(&state);
       
md5_append_hshield(&statetemp16);
       
md5_finish_hshield(&statetemp);
       for(
int i=0i<8;i++) temp[i] =  temp[i] ^ temp[i+8];
    }
   

    
unsigned char *temp2 = new unsigned char[20];

    for(
int i=0;i<4;i++)
    {
       
DWORD *dtemp1 = (DWORD*)&temp[i*4];
       
DWORD *dtemp2 = (DWORD*)&temp2[i*4];

       *
dtemp2 =  *dtemp1 0xFFFF0000;

       *
dtemp1 =  (*dtemp1 69069 ) + 1;

       *
dtemp2 |= ( *dtemp1 0xFFFF0000 ) >> 16;
    }

    
memcpy(outputtemp216);

    
delete[] temp;
      
delete[] temp2;

    for(
int i=016i++)
    {
         if(
output[i] & 1output[i] ^= 0xDF ^ (output[i] >> 1);
         else 
output[i] ^= output[i] >> 1;
      }

}

int HackShieldEmu::encrypt_logfile_data(unsigned char *outputunsigned char *inputint sizeInput,DWORD key)
{

  if ( 
output && input && sizeOutput &&  sizeInput )
  {  
       
    
memset(output0sizeInput);
    
    if ( 
sizeInput )
    {   
      
unsigned char *v8 = new unsigned char[4];
      
DWORD *dword_v8 = (DWORD*)v8;
      *
v8 0x00000000;
     
      
unsigned char *temp_key = new unsigned char[4];
      
DWORD *dword_temp_key = (DWORD*)temp_key;
      *
dword_temp_key key;

      for(
int i 0sizeInputi++)
      {
            
v8[1] = temp_key[1] ^ input[i]; // encrypt the input byte
       
        
output[i] = v8[1]; // write the encrypted input byte to the output
       
        
*dword_v8 12691 * (*dword_temp_key v8[1]); // update v8
       
        
*dword_temp_key 22719 - *dword_v8// update tempkey
      
}
         
      
delete[] v8;
      
delete[] temp_key;
    }
    return 
0;
  }

  return -
1;
}
int HackShieldEmu::decrypt_logfile_data(unsigned char *outputunsigned char *inputint sizeInput,DWORD key 1252)
{

  if ( 
output && input && sizeOutput &&  sizeInput )
  {  
       
    
memset(output0sizeInput);
    
    if ( 
sizeInput )
    {   
      
unsigned char *v8 = new unsigned char[4];
      
DWORD *dword_v8 = (DWORD*)v8;
      *
v8 0x00000000;
     
      
unsigned char *temp_key = new unsigned char[4];
      
DWORD *dword_temp_key = (DWORD*)temp_key;
      *
dword_temp_key key;

      for(
int i 0sizeInputi++)
      {
            
v8[1] = temp_key[1] ^ input[i]; // encrypt the input byte
       
        
output[i] = v8[1]; // write the encrypted input byte to the output
           
        
*dword_v8 12691 * (*dword_temp_key input[i]); // update v8
       
        
*dword_temp_key 22719 - *dword_v8// update tempkey
   
      
}
         
      
delete[] v8;
      
delete[] temp_key;
    }
    return 
0;
  }

  return -
1;
}  

Read more ...»