Simply compile in C++ as a DLL and inject.
Source:
Code:
/********************************************************************* ** XTrap Bypass ** ********************************************************************** ** Hacking Detected ** ** ---------------- ** ** 00435FA6 EB 35 All referenced text string, 'Hacking detected' ** ** One line, up, change JNZ to JMP ** ** 0043CE36 EB 35 All referenced text string, 'Hacking detected' ** ** One line, up, change JNZ to JMP ** ** 0043DCF0 EB 35 All referenced text string, 'Hacking detected' ** ** One line, up, change JNZ to JMP ** ** 0043DCD1 EB 1F All referenced text string, 'Hacking detected' ** ** Jump #1 change JNZ to JMP ** ** 0043DCE9 EB 07 All referenced text string, 'Hacking detected' ** ** Jump #2 change JNZ to JMP ** ** ** ** IsDebuggerPresent ** ** ----------------- ** ** 00499517 90 Go to IsDebuggerPresent, do down and NOP first JNZ ** ** ** ** ZCheckHackProcess ** ** ----------------- ** ** 00441E35 EB 34 All referenced text string, 'Hacking Detected' ** ** go up till start of function (PUSH -1), ** ** go to the local call, under it theres a ** ** TEST AL,AL, go down one more line, (JNZ) change ** ** it to JMP (Do this for all 3 'Hacking Detected' ** ** 00441E62 EB 2C ** ** 00441EBD EB 09 ** ** ** ** Abnormal Behavior ** ** ----------------- ** ** 00440353 E9 8A 00 00 00 All referenced text strings, ** ** 'An abnormal behavior is detected.', ** ** go up 2 lines, change the JE to JMP ** *********************************************************************/ #include#define HackDetect1 0x00435FA6 BYTE HD1[] = {0xEB, 0x35}; #define HackDetect2 0x0043CE36 BYTE HD2[] = {0xEB, 0x35}; #define HackDetect3 0x0043DCF0 BYTE HD3[] = {0xEB, 0x35}; #define HackDetect4 0x0043DCD1 BYTE HD4[] = {0xEB, 0x1F}; #define HackDetect5 0x0043DCE9 BYTE HD5[] = {0xEB, 0x07}; #define IsDebuggerPresent 0x00499517 BYTE IDP[] = {0x90}; #define ZCheckHackProcess1 0x00441E35 BYTE ZCHP1[] = {0xEB, 0x34}; #define ZCheckHackProcess2 0x00441E62 BYTE ZCHP2[] = {0xEB, 0x2C}; #define ZCheckHackProcess3 0x00441EBD BYTE ZCHP3[] = {0xEB, 0x09}; #define AbnormalBehavior 0x00440353 BYTE AB[] = {0xE9, 0x8A, 0x00, 0x00, 0x00}; //Write To Memory DWORD OldProtection; void WriteToMemory(DWORD Offset, DWORD Pointer, DWORD Length){ VirtualProtect((void *)Offset, Length, PAGE_EXECUTE_READWRITE, &OldProtection); RtlMoveMemory((void *)Offset, (const void*)Pointer, Length); VirtualProtect((void *)Offset, Length, OldProtection, &OldProtection); } void ModifyMemory( BYTE *Offset, BYTE *ByteArray, DWORD Length){ for(DWORD i = 0; i < Length; i++) WriteToMemory((DWORD)Offset + i, (DWORD)ByteArray + i, 1); } void Bypass() { ModifyMemory((BYTE*)HackDetect1, HD1, 2); ModifyMemory((BYTE*)HackDetect2, HD2, 2); //ModifyMemory((BYTE*)HackDetect3, HD3, 2); ModifyMemory((BYTE*)HackDetect4, HD4, 2); ModifyMemory((BYTE*)HackDetect5, HD5, 2); //ModifyMemory((BYTE*)IsDebuggerPresent, IDP, 1); //ModifyMemory((BYTE*)ZCheckHackProcess1, ZCHP1, 2); //ModifyMemory((BYTE*)ZCheckHackProcess2, ZCHP2, 2); //ModifyMemory((BYTE*)ZCheckHackProcess3, ZCHP3, 2); ModifyMemory((BYTE*)AbnormalBehavior, AB, 5); } bool APIENTRY DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpvReserved){ if(dwReason == DLL_PROCESS_ATTACH){ DisableThreadLibraryCalls(hModule); Bypass(); return true; } return true; }
Works for all versions of xtrap to date.
Edit: Posted in the wrong section..Someone can move it if needed =)
2 comentarios:
theres a problem on the bool runtime
yes there are a problem , i tryed to fix it and fatal error LNK1169: se encontraron uno o más símbolos definidos simultáneamente , pls cand u fix it and make it work?
Publicar un comentario