Jump to content

[C ++] Protecion de Launcher / Sistema de inyección anti Dll y otro)

Randaron

Por Randaron
en Programación

 Compartir

Mensajes recomendados

Randaron Nuevo

Randaron

Publicado
Publicado 
///////////////////////////////////////////JOHN CENA VS RANDY ORTON???///////////////////////////////////////////////
#include "stdafx.h"
#include <iostream>
#include <fstream>
#include <string>
#include <sstream>
#include <locale>
#include <vector>
#include <array>
#include <ctime>
#include <csignal>
#include <sys/types.h>
#include <sys/stat.h>
#include <windows.h>
#include <Aclapi.h>
#include <tlhelp32.h>
#include <detours.h>
#include <direct.h>
#pragma comment(lib, "detours.lib")
#pragma comment(lib, "advapi32.lib")
#pragma comment(lib, "User32.lib")
#define MYDLL extern "C" __declspec(dllexport)
using namespace std;

string Endl="\n";
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////GALAXYA2 FUTURE OLDSTYLE?////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////JOHN CENA VS RANDY ORTON???///////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////PROTEZIONE IDEATA DA THEROCK (SPACCONE) & [TM]REBY (AURORA BONNY) PER GALAXYA2 - [CONFIGURAZIONE PROTEZIONE]////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
///////////////////// Ext. Epk | Ext. Eix |  Root    | LZO Key  | PONG
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
array<int,6> Offset={ 0x34c518 , 0x34c520 , 0x340c5c , 0x3b2c6c , 0x340a38 }; //DEVI INSERIRE GLI OFFSET GIUSTI DEL TUO LAUNCHER
string Key=\
".EPK=2e 65 69 78" + Endl +\
".EIX=2e 65 70 6b" + Endl +\
"ROOT=69 63 6f 6e" + Endl +\
"LZO1=cc 61 cc 74 cc cc cc cc cc cc cc cc cc cc cc 00" + Endl +\
"PONG=2a 2a 2a 2e 2e 2e 2a 2a 2a 2e 2e 78 72 6f 6f 74" + Endl;
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
///PROTEZIONE IDEATA DA THEROCK (SPACCONE) & [TM]REBY (AURORA BONNY) PER GALAXYA2 - [FINE CONFIGURAZIONE PROTEZIONE]/
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

BYTE Keys[5][16];
HANDLE ProcessHandle=GetCurrentProcess();
DWORD ProcessId=GetCurrentProcessId();
HANDLE Address=GetProcAddress(GetModuleHandleA("Kernel32.dll"), "LoadLibraryA");
HMODULE (__stdcall *Originale)(LPCSTR);
array<string,23>coso={"cheat", "engine", "switch", "inject", "bot", "hack", "m2bob", "ch347", "3ng1n3", "actool", "m2", "archiver", "loader", "dbg", "olly", "ally", "softice", "wpe", "unpublished", "padmack", "extractor", "pythonloader", "packet"};

void SignalHandler(int signum) {
    ExitProcess(0);
}

int HexToDec(string tok2){
    int Dec;
    istringstream iss3("0x"+tok2);
    iss3 >> std::hex >> Dec;
    return Dec;
}

string strtoupper(string String){
    locale Locale;
    string StrIng=String;
    for (unsigned int i=0; i<String.length(); i++) {
        StrIng[i]=toupper(String[i], Locale);
    }
    return StrIng;
}

string strtolower(string String){
    locale Locale;
    string StrIng=String;
    for (unsigned int i=0; i<String.length(); i++) {
        StrIng[i]=tolower(String[i], Locale);
    }
    return StrIng;
}

string zerofill(int mon){
    if (mon < 10) {
        return "0"+to_string(mon);
    }else{
        return to_string(mon);
    }
}

void ExitProc(string lptext, int is){
    time_t t=time(NULL);
    struct tm TM;
    localtime_s(&TM, &t);
    ofstream f("Aurora.txt", ofstream::out | ofstream::app);
    f << "<" << 1900+TM.tm_year << "-" << zerofill(1+TM.tm_mon) << "-" << zerofill(TM.tm_mday) << " " \
        << zerofill(TM.tm_hour) << ":" << zerofill(TM.tm_min) << ":" << zerofill(TM.tm_sec);
    if (is == 0) f << "> E' stato rilevato un " << lptext << "." << endl; else f << "> " << lptext << endl;
    f.close();
    raise(SIGINT);
}

void GetKeys(){
    istringstream iss(Key);
    string tok;
    int is;
    while (getline(iss, tok, '\n')) {
        istringstream iss2(tok);
        string tok2;
        int i=0;
        while (iss2 >> tok2) {
            if (tok2.find("=") != string::npos) {
                if (tok2[0] == '.' && tok2[1] == 'E' && tok2[2] == 'P' && tok2[3] == 'K') {
                    is=0;
                }else if (tok2[0] == '.' && tok2[1] == 'E' && tok2[2] == 'I' && tok2[3] == 'X') {
                    is=1;
                }else if (tok2[0] == 'R' && tok2[1] == 'O' && tok2[2] == 'O' && tok2[3] == 'T') {
                    is=2;
                }else if (tok2[0] == 'L' && tok2[1] == 'Z' && tok2[2] == 'O' && tok2[3] == '1') {
                    is=3;
                }else if (tok2[0] == 'P' && tok2[1] == 'O' && tok2[2] == 'N' && tok2[3] == 'G') {
                    is=4;
                }
                tok2.erase(0, 5);
            }
            Keys[is][i]=HexToDec(tok2);
            i++;
        }
    }
}

//IN QUESTO MODO IL CLIENT NON DA PROBLEMI
//QUESTO SETTAGGIO DELLE CHIAVI FUNZIONA COSI: SE LA CHIAVE NON VIENE SCRITTA LA RISCRIVE
void SetKeys(){
    Eix:
    if (!WriteProcessMemory(ProcessHandle, (LPVOID)(Offset[0]+0x400000), Keys[0], sizeof(Keys[0]), NULL)) {
        goto Eix;
    }
    Epk:
    if (!WriteProcessMemory(ProcessHandle, (LPVOID)(Offset[1]+0x400000), Keys[1], sizeof(Keys[1]), NULL)) {
        goto Epk;
    }
    Root:
    if (!WriteProcessMemory(ProcessHandle, (LPVOID)(Offset[2]+0x400000), Keys[2], sizeof(Keys[2]), NULL)) {
        goto Root;
    }
    LZO:
    if (!WriteProcessMemory(ProcessHandle, (LPVOID)(Offset[3]+0x400000), Keys[3], sizeof(Keys[3]), NULL)) {
        goto LZO;
    }
    PONG:
    if (!WriteProcessMemory(ProcessHandle, (LPVOID)(Offset[4]+0x400000), Keys[4], sizeof(Keys[4]), NULL)) {
        goto PONG;
    }
}

vector<string>Split(char Divisore, wstring StriNg){
    string STriNg(StriNg.begin(), StriNg.end());
    istringstream Iss(STriNg);
    string Tok;
    vector<string>Vettore;
    while(getline(Iss, Tok, Divisore))Vettore.push_back(Tok);
    return Vettore;
}

void Check_Process(){
    HANDLE snapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if (snapshot==INVALID_HANDLE_VALUE) ExitProc("Errore durante l'avvio della protezione", 0);
    PROCESSENTRY32 pe32;
    pe32.dwSize=sizeof(PROCESSENTRY32);
    if (!Process32First(snapshot, &pe32)) {
        CloseHandle(snapshot);
        ExitProc("Errore durante il caricamento della protezione", 0);
    }
    vector<string>casaofcoso;
    casaofcoso=Split('\\', pe32.szExeFile);
    for (string &i : coso) {
        if (strtolower(casaofcoso[casaofcoso.size()-1]).find(i) != string::npos) {
            string I=i;
            I[0]=toupper(I[0]);
            ExitProc(I, 0);
        }
    }
    casaofcoso.clear();
    while (Process32Next(snapshot, &pe32)) {
        casaofcoso=Split('\\', pe32.szExeFile);
        for (string &i : coso) {
            if (strtolower(casaofcoso[casaofcoso.size()-1]).find(i) != string::npos) {
                string I=i;
                I[0]=toupper(I[0]);
                ExitProc(I, 0);
            }
        }     
    }
    CloseHandle(snapshot);
}

void Check_Module(){
    HANDLE snapshot=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessId);
    if (snapshot==INVALID_HANDLE_VALUE) ExitProc("Errore durante l'avvio della protezione", 0);
    MODULEENTRY32 me32;
    me32.dwSize=sizeof(MODULEENTRY32);
    if (!Module32First(snapshot, &me32)) {
        CloseHandle(snapshot);
        ExitProc("Errore durante il caricamento della protezione", 0);
    }
    vector<string>casaofcoso;
    casaofcoso=Split('\\', me32.szModule);
    for (string &i : coso) {
        if (strtolower(casaofcoso[casaofcoso.size()-1]).find(i) != string::npos) {
            string I=i;
            I[0]=toupper(I[0]);
            ExitProc(I, 0);
        }
    }
    casaofcoso.clear();
    while (Module32Next(snapshot, &me32)) {
        casaofcoso=Split('\\', me32.szModule);
        for (string &i : coso) {
            if (strtolower(casaofcoso[casaofcoso.size()-1]).find(i) != string::npos) {
                string I=i;
                I[0]=toupper(I[0]);
                ExitProc(I, 0);
            }
        }     
    }
    CloseHandle(snapshot);
}

HMODULE __stdcall Hookata(LPCSTR lpfilename){
    if (FindWindowA("OLLYDBG", NULL) || FindWindowA("WinDbgFrameClass", NULL)) ExitProc("Debugger", 0);
    if (FindWindowA(NULL, "CH347 3NG1N3 9.9") || FindWindowA(NULL, "Metin2 MultiHack 1.8.5") || \
        FindWindowA(NULL, "Switch-Bot 1.0.0.4 © by Unpublished")) ExitProc("Hack", 0);
    if (FindWindowA("PROCEXPL", NULL) || FindWindowA("TreeListWindowClass", NULL) || FindWindowA("ProcessHacker", NULL) \
        || FindWindowA("PhTreeNew", NULL) || FindWindowA("SysListView32", NULL)) ExitProc("Rilevatore di processi", 0);
    if (FindWindowA(NULL, "OldSchoolInject") || FindWindowA(NULL, "Injector © by Unpublished") \
        || FindWindowA(NULL, "Kernel Detective v1.4.1 :: System Idle Process")) ExitProc("Injector", 0);
    Check_Process();
    Check_Module();
    return Originale(lpfilename);
}

void CloseLauncher(){
    HWND Hwnd;
    if (!(Hwnd=FindWindowA("WindowsForms10.Window.8.app.0.2bf8098_r28_ad1", "  SXXLAUNCHERXSS  "))) ExitProcess(0);
    DWORD ProcessId;
    GetWindowThreadProcessId(Hwnd, &ProcessId);
    HANDLE Process=OpenProcess(PROCESS_TERMINATE, FALSE, (DWORD)ProcessId);
    TerminateProcess(Process, 0xffffffff);
    CloseHandle(Process);
}

long CRCFILE(string Filename) {
    FILE *f;
    if ((f=fopen(Filename.c_str(), "rb")) == NULL) {
        if ((f=fopen(strtoupper(Filename).c_str(), "rb")) == NULL) {
            if ((f=fopen(strtolower(Filename).c_str(), "rb")) == NULL) {
                return 0;
            }
        }
    }
    unsigned long size;
    fseek(f, 0, SEEK_END);
    size=ftell(f);
    fseek(f, 0, SEEK_SET);
    unsigned char *File=new unsigned char[size];
    fread(File, 1, size, f);
    fclose(f);
    unsigned long crc[256];
    for (unsigned int i=0; i<=0xFF; i++) {
        unsigned long coso=0;
        unsigned long I=i;
        for (unsigned int b=1; b<9; b++) {
            if (I & 1) coso |= 1 << (8-b);
            I >>= 1;
        }
        crc[i]=coso << 24;
        for (unsigned int c=0; c<8; c++) crc[i]=(crc[i] << 1) ^ (crc[i] & (1 << 31) ? 0x04c11db7 : 0);
        unsigned long coso2=0;
        unsigned long Ii=crc[i];
        for (unsigned int d=1; d<33; d++) {
            if (Ii & 1) coso2 |= 1 << (32-d);
            Ii >>= 1;
        }     
        crc[i]=coso2;
    }
    unsigned long Crc=0xffffffff;
    for (unsigned int i=0; i<size; i++) Crc=(Crc >> 8) ^ crc[(Crc & 0xFF) ^ File[i]];
    delete [] File;
    return Crc^0xffffffff;
}

inline void Control(){
    unsigned long Flags=0;
    __asm{
            mov eax, fs:[30h]
            mov eax, [eax+68h]
            mov Flags, eax
    }
    if (Flags & 0x70) ExitProc("Debugger", 0);
    char p=0;
    __asm{
            mov eax, fs:[30h]
            mov al, [eax+2h]
            mov p, al
    }
    if (p) ExitProc("Debugger", 0);
}

void SetPermissions(HANDLE ProcessHandle) {
    EXPLICIT_ACCESS denyAccess = {0};
    DWORD dwAccessPermissions = GENERIC_WRITE|PROCESS_ALL_ACCESS|WRITE_DAC|DELETE|WRITE_OWNER|READ_CONTROL;
    BuildExplicitAccessWithName(&denyAccess, TEXT("CURRENT_USER"), dwAccessPermissions, DENY_ACCESS, NO_INHERITANCE);
    PACL Pacl = NULL;
    SetEntriesInAcl(1, &denyAccess, NULL, &Pacl);
    SetSecurityInfo(ProcessHandle, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, Pacl, NULL);
    LocalFree(Pacl);
    CloseHandle(ProcessHandle);
}

void CheckDirectory(string Directory="") {
    if (Directory.length() == 0) Directory="*"; else Directory=Directory+"\\*";
    WIN32_FIND_DATAA FindData;
    HANDLE Find=FindFirstFileA(Directory.c_str(), &FindData);
    int py=0;
    int m3d=0;
    int asi=0;
    int flt=0;
    int mix=0;
    while (FindNextFileA(Find, &FindData) != 0) {
        if (!(FindData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)) {
            if (strtolower(FindData.cFileName).compare("logininfo.py") == 0) {py=1; break;}
            if (strtolower(FindData.cFileName).compare("mssa3d.m3d") != 0 && \
                strtolower(FindData.cFileName).compare("mssds3d.m3d") != 0 && \
                strtolower(FindData.cFileName).compare("mssdx7.m3d") != 0 && \
                strtolower(FindData.cFileName).compare("msseax.m3d") != 0 && \
                strtolower(FindData.cFileName).compare("mssrsx.m3d") != 0 && \
                strtolower(FindData.cFileName).compare("msssoft.m3d") != 0) {
                if (strtolower(FindData.cFileName).find(".m3d") != string::npos) {m3d=1; break;}
            }
            if (strtolower(FindData.cFileName).compare("mssmp3.asi") != 0 && \
                strtolower(FindData.cFileName).compare("mssvoice.asi")) {
                if (strtolower(FindData.cFileName).find(".asi") != string::npos) {asi=1; break;}
            }
            if (strtolower(FindData.cFileName).compare("mssdsp.flt")) {
                if (strtolower(FindData.cFileName).find(".flt") != string::npos) {flt=1; break;}
            }
            if (strtolower(FindData.cFileName).find(".mix") != string::npos) {mix=1; break;}
        }
    }
    if (!(py==0 && m3d==0 && asi==0 && flt==0 && mix==0)) {
        string is;
        if (py==1) is=".py";
        if (m3d==1) is=".m3d";
        if (asi==1) is=".asi";
        if (flt==1) is=".flt";
        if (mix==1) is=".mix";
        ExitProc(is+" file injection", 0);
    }
}

void CheckMss32(){
    if (CRCFILE("mss32.dll") != -374552099) {
        ExitProc("Injector", 0);
    }
}

MYDLL void Main(){
    __asm{
            push ss
            pop ss
            mov eax, 9
            xor edx, edx
    }
    Control();
    OutputDebugString(TEXT("%s%s%s%s%s%s%s%s%s%s%s")TEXT("%s%s%s%s%s%s%s%s%s%s%s%s%s")TEXT("%s%s%s%s%s%s%s%s%s%s%s%s%s")TEXT("%s%s%s%s%s%s%s%s%s%s%s%s%s"));
    //PROTEZIONE ANTIKILL DEL PROCESSO
    SetPermissions(ProcessHandle);
    //PRENDO LE CHIAVI DI CIFRATURA
    GetKeys();
    //SETTO LE CHIAVI DI CIFRATURA
    SetKeys();
    //CLOSE LAUNCHER
    CloseLauncher();
    signal(SIGINT, SignalHandler);
    ofstream f("Aurora.txt", ofstream::out);
    f << "Protection made by [GA]TheRock (Spaccone) & [TM]Reby (Aurora Bonny) (WrestlingMania O.O) ~~~ Compile Date: " << __DATE__ << " " << __TIME__ << endl;
    f.close();
    //CONTROLLO FILE .py, .mix, .m3d, .flt, .asi
    CheckMss32();
    CheckDirectory();
    CheckDirectory("miles");
    Originale=(HMODULE(__stdcall*)(LPCSTR))DetourFunction((PBYTE)Address, (PBYTE)Hookata);
}

BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul, LPVOID lpReserved) {
    switch (ul) {
    case DLL_PROCESS_ATTACH:
        Main();
        break;
    case DLL_PROCESS_DETACH:
        DetourRemove((PBYTE)Address, (PBYTE)Originale);
        break;
    }
    return TRUE;
}

Antes de completar, recuerde incluir Desvíos en sus librerías. 

Para compilarse en Visual C ++ (recomiendo Visual Studio 2013 para Visual C ++), y finalmente crear 1 pequeño patcher / launcher en C ++ que limpia automáticamente el dll antes de que comience el juego, así:
  

string LAUNCHER="MioCoso.bin";
string PROTECTION="MiaCosaCompilata.dll";

int LoadLIBRARY(DWORD Proc_ID, string DLL_NAME){
    char buf[50] = {0};
    LPVOID RemoteString, LoadLibAddy;
    if (!Proc_ID) {
        MessageBoxA(0, "Errore durante l'avvio del gioco!", "Runtime Error", MB_ICONERROR);
        return 0;
    }
    HANDLE Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, Proc_ID);
    if (!Proc) {
        MessageBoxA(0, "Errore durante l'avvio del gioco!", "Runtime Error", MB_ICONERROR);
        return 0;
    }
    LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandleA("Kernel32.dll"), "LoadLibraryA");
    RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME.c_str()), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
    WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME.c_str(), strlen(DLL_NAME.c_str()), NULL);
    CreateRemoteThread(Proc, 0, 0, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, 0, 0);
    CloseHandle(Proc);
    return 0;
}

int StartGame(){
    Sleep(2000);
    STARTUPINFO si = {0};
    PROCESS_INFORMATION pi = {0};
    char path[200];
    _getcwd(path, 200);
    si.cb = sizeof(STARTUPINFO);
    ifstream f(PROTECTION.c_str());
    if (!f) {
        MessageBoxA(0, "Errore durante l'avvio del gioco!", "Runtime Error", MB_ICONERROR);
        return 0;           
    }
    BOOLEAN p = CreateProcessA(NULL, (LPSTR)LAUNCHER.c_str(), NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, path, &si, &pi);
    if (!p) {
        MessageBoxA(0, "Errore durante l'avvio del gioco!", "Runtime Error", MB_ICONERROR);
        return 0;
    }
    LoadLIBRARY(pi.dwProcessId, PROTECTION);
    ResumeThread(pi.hThread);
    return 0;
}
Enlace para comentar
Compartir en otros sitios

Unirse a la conversación

Puedes publicar ahora y registrarte más tarde. Si tienes una cuenta, regístrate para publicar con su cuenta.

Guest
Responder a este tema...

×   Has pegado contenido con formato .   Eliminar formato

  Only 75 emoji are allowed.

×   Tu enlace se ha incorporado automáticamente.   Mostrar un enlace en su lugar

×   Se ha restaurado el contenido anterior. .   Borrar editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Compartir
Ir a la lista de temas

  • Recientemente navegando por este tema   0 miembros

    • No hay usuarios registrados visitando esta página.
×
×
  • Crear nuevo...