Code:
/*
Stealth.h
Created by Robotnik
www.b0ts.org
Description: Base loader for 0001.sys driver (coded by Robotnik), which allows the
user to link and unlink a thread from a process, allowing more stealth and bypassing
the latest rev of GameGuard's thread detection.
Usage for Unlinking:
DWORD dwThreadID;
loadDriver("\\0001.sys",true,"0001","0001 Driver");
CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)MainLoop,0,NULL,&dwThreadID);
if(unlinkThread((int)dwThreadID))
{
// Thread Hidden
}
Usage for Linking:
if(linkThread((int)dwThreadID))
{
// Thread relinked
}
MAJOR ISSUES:
It's only been tested on XP. If Vista offsets dont work and you get BSOD, don't blame me.
Also,
If the linking doesnt work properly then the process will not close unless the thread closes.
So you must check to see if the user closed the window of the process and do an ExitThread(0);
or else the process will not close.
The reason for this is because, for a process to close it requires all threads to be shut down.
And if a thread is unlinked from a process, it cannot be shut down, therefore not allowing the
process to be killed. That's why ExitThread(0) is necessary if linkThread() does not work.
*/
This uses a kernel driver to unlink thread from process.
Comes with header and example dll.
Also with the kernel driver and source code to the driver so you can use with your dlls.
The VISTA OFFSETs ARE NOT TESTED... Its only been tested on XP. So dont blame me if you BSOD.
If all offsets are correct, it should support XP, Vista and 2000.
*Note, everything is prepared in stealth.h, however, if you wanna use another loader, be my guest
http://b0ts.org/forums/showthread.php?t=704 (CDriver by Frawley) Is a good one too.
Comes with header and example dll.
Also with the kernel driver and source code to the driver so you can use with your dlls.
The VISTA OFFSETs ARE NOT TESTED... Its only been tested on XP. So dont blame me if you BSOD.
If all offsets are correct, it should support XP, Vista and 2000.
*Note, everything is prepared in stealth.h, however, if you wanna use another loader, be my guest
http://b0ts.org/forums/showthread.php?t=704 (CDriver by Frawley) Is a good one too.
0 comentarios:
Publicar un comentario