|
25.05.2014, 15:44
|
#1
|
|
|
|
Сержант
|
Регистрация: 11.11.2011
Сообщений: 98
Популярность: 33905
Золото Zhyk.Ru: 70
Сказал(а) спасибо: 792
Поблагодарили 342 раз(а) в 205 сообщениях
|
Простой EAC WallHack + код AntiScreenShot источников (для NVIDIA)
Код:
#include "stdafx.h"
#include "EasyDetour.h"
HMODULE hOpenGL=NULL;
PBYTE pglBegin;
PBYTE pglDisable;
PBYTE pglReadPixels;
DWORD dwTlsIndex;
DWORD pglTable;
DWORD FSEntry;
DWORD pglBegin_entry;
DWORD pglDisable_entry;
DWORD pglReadPixels_entry;
DWORD GetThreadSafeSection(HANDLE hThread)
{
CONTEXT tRegister;
LDT_ENTRY ldt; tRegister.ContextFlags = CONTEXT_ALL;
if(GetThreadContext(hThread,&tRegister))
{
if(GetThreadSelectorEntry(hThread,tRegister.SegFs,&ldt))
{
return (DWORD)ldt.BaseLow | (DWORD)(ldt.HighWord.Bits.BaseMid << 16) | (DWORD)(ldt.HighWord.Bits.BaseHi << 24);
}
return 0;
}
BOOL EnableDebugPrivilege(BOOL bEnable)
{ BOOL fOK = FALSE; HANDLE hToken; if (OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES, &hToken))
{ TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid);
tp.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;
AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
fOK = (GetLastError() == ERROR_SUCCESS);
CloseHandle(hToken);
}
return fOK;}DWORD GetRemoteTls(HANDLE hProcess,HANDLE hThread,DWORD tlsindex)
{
DWORD dwSafeSelector = GetThreadSafeSection(hThread);
DWORD TlsInfo1;
DWORD TlsValue;
if(ReadProcessMemory(hProcess,(PVOID)(dwSafeSelector+0xF94),(PVOID)&TlsInfo1,4,NULL))
{
TlsInfo1 += ((tlsindex*4) - 0x100);
if(ReadProcessMemory(hProcess,(PVOID)TlsInfo1,(PVOID)&TlsValue,4,NULL))
{
return TlsValue;
}
}
return NULL;
}
DWORD GetEntryAddress(PBYTE pEntry)
{ PDWORD pFSPointer = (PDWORD)&pEntry[2];
if(pEntry[6] == 0xFF && pEntry[7] == 0x20)
{ return **(DWORD**)(FSEntry + *pFSPointer);
} if(pEntry[6] == 0xFF && pEntry[7] == 0xA0)
{ DWORD pdwVirtualList = *(PDWORD)(FSEntry + *pFSPointer);
return *(DWORD*)(pdwVirtualList + *(PDWORD)&pEntry[8]);
} if(pEntry[6] == 0x8B) { if(pEntry[7] == 0)
{ DWORD pdwVirtualList = **(DWORD**)(FSEntry + *pFSPointer);
return *(DWORD*)(pdwVirtualList + *(PDWORD)&pEntry[10]);
} if(pEntry[7] == 0x40)
{ DWORD pdwVirtualList = *(PDWORD)((*(DWORD*)(FSEntry + *pFSPointer))+4);
return *(DWORD*)(pdwVirtualList); }
} return 0;
}
void (WINAPI * oglBegin)(int mode);
void WINAPI newglBegin(int mode){ if(mode == 5 || mode ==6) { ((void (WINAPI *)(DWORD))pglDisable_entry)(0x0B71);
} return oglBegin(mode);
}__declspec(naked)void _fkglReadPixels(){ __asm ret 0x1C}DWORD WINAPI StartThread(void*){ HWND hWnd=NULL;
DWORD processid,threadid;
HANDLE hThread;
PBYTE pglViewport;
while((hOpenGL = GetModuleHandle("opengl32.dll")) == NULL){Sleep(20);};
while((hWnd = FindWindow("Valve001",NULL)) == NULL){Sleep(20);};
threadid = GetWindowThreadProcessId(hWnd,&processid);
hThread = OpenThread(THREAD_ALL_ACCESS,FALSE,threadid);
if(hThread != INVALID_HANDLE_VALUE) { FSEntry = (DWORD)GetThreadSafeSection(hThread);
if(FSEntry) { pglBegin = (PBYTE)*(DWORD*)(FSEntry + 0x7CC);
pglDisable = (PBYTE)*(DWORD*)(FSEntry + 0x994);
pglViewport = (PBYTE)GetProcAddress(hOpenGL,"glViewport");
if(**(DWORD**)&pglViewport[9] <= 0x40) { pglTable = *(DWORD*)(FSEntry + (**(DWORD**)&pglViewport[20]));
}
else{ dwTlsIndex = **(DWORD**)((DWORD)pglViewport + 0x22); pglTable = GetRemoteTls(GetCurrentProcess(),hThread,dwTlsIndex);
} pglReadPixels = (PBYTE)*(DWORD*)(pglTable + 0x400);
if(pglBegin[0] == 0x64 && pglBegin[1] == 0xA1 && pglDisable[0] == 0x64 && pglDisable[1] == 0xA1 && pglReadPixels[0] == 0x64 && pglReadPixels[1] == 0xA1)
{
pglBegin_entry = GetEntryAddress(pglBegin);
pglDisable_entry = GetEntryAddress(pglDisable);
pglReadPixels_entry = GetEntryAddress(pglReadPixels);
oglBegin = (void (WINAPI*)(int))pglBegin_entry;
DetourHook((void**)&oglBegin,newglBegin);
DetourHook((void**)&pglReadPixels_entry,_fkglReadPixels);
}
PBYTE m_glReadPixels = (PBYTE)*(DWORD*)(pglTable + 0x400);
while(true) { DWORD m_glBegin_entry;
DWORD m_glDisable_entry;
DWORD m_glReadPixels_entry;
m_glReadPixels = (PBYTE)*(DWORD*)(pglTable + 0x400);
if(pglBegin[0] == 0x64 && pglBegin[1] == 0xA1 && pglDisable[0] == 0x64 && pglDisable[1] == 0xA1 && pglReadPixels[0] == 0x64 && pglReadPixels[1] == 0xA1)
{
m_glBegin_entry = GetEntryAddress(pglBegin);
m_glDisable_entry = GetEntryAddress(pglDisable);
m_glReadPixels_entry = GetEntryAddress(pglReadPixels);
if(m_glDisable_entry != pglDisable_entry) { pglDisable_entry = m_glDisable_entry;
}
if(((PBYTE)m_glBegin_entry)[0] != 0xE9) { DetourUnHook((void**)&oglBegin,newglBegin);
oglBegin = (void (WINAPI*)(int))m_glBegin_entry;
DetourHook((void**)&oglBegin,newglBegin);
}
if(((PBYTE)m_glReadPixels_entry)[0] != 0xE9) { pglReadPixels_entry = m_glReadPixels_entry; DetourHook((void**)&pglReadPixels_entry,_fkglReadPixels);
}
} Sleep(100);
}
}
} return 0;
}
BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ){ if(ul_reason_for_call==DLL_PROCESS_ATTACH) { EnableDebugPrivilege(TRUE);
CreateThread(NULL,NULL,StartThread,NULL,NULL,NULL);
} return TRUE;}
|
|
|
01.02.2015, 22:13
|
#2
|
|
|
|
Разведчик
|
Регистрация: 29.07.2012
Сообщений: 12
Популярность: 231
Сказал(а) спасибо: 0
Поблагодарили 0 раз(а) в 0 сообщениях
|
Re: Простой EAC WallHack + код AntiScreenShot источников (для NVIDIA)
я конечно извиняюсь, но вроде EAC WallHack тут нет или ошибаюсь?
|
|
|
Ваши права в разделе
|
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения
HTML код Выкл.
|
|
|
Заявление об ответственности / Список мошенников
Часовой пояс GMT +4, время: 17:20.
|
|