Jump to content

[C ++] Protecion de Launcher / Sistema de inyección anti Dll y otro)

Randaron

By Randaron
in Programming

 Share

Recommended Posts

Randaron Newbie

Randaron

Posted
Posted 
///////////////////////////////////////////JOHN CENA VS RANDY ORTON???///////////////////////////////////////////////
#include "stdafx.h"
#include <iostream>
#include <fstream>
#include <string>
#include <sstream>
#include <locale>
#include <vector>
#include <array>
#include <ctime>
#include <csignal>
#include <sys/types.h>
#include <sys/stat.h>
#include <windows.h>
#include <Aclapi.h>
#include <tlhelp32.h>
#include <detours.h>
#include <direct.h>
#pragma comment(lib, "detours.lib")
#pragma comment(lib, "advapi32.lib")
#pragma comment(lib, "User32.lib")
#define MYDLL extern "C" __declspec(dllexport)
using namespace std;

string Endl="\n";
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////GALAXYA2 FUTURE OLDSTYLE?////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////JOHN CENA VS RANDY ORTON???///////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////PROTEZIONE IDEATA DA THEROCK (SPACCONE) & [TM]REBY (AURORA BONNY) PER GALAXYA2 - [CONFIGURAZIONE PROTEZIONE]////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
///////////////////// Ext. Epk | Ext. Eix |  Root    | LZO Key  | PONG
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
array<int,6> Offset={ 0x34c518 , 0x34c520 , 0x340c5c , 0x3b2c6c , 0x340a38 }; //DEVI INSERIRE GLI OFFSET GIUSTI DEL TUO LAUNCHER
string Key=\
".EPK=2e 65 69 78" + Endl +\
".EIX=2e 65 70 6b" + Endl +\
"ROOT=69 63 6f 6e" + Endl +\
"LZO1=cc 61 cc 74 cc cc cc cc cc cc cc cc cc cc cc 00" + Endl +\
"PONG=2a 2a 2a 2e 2e 2e 2a 2a 2a 2e 2e 78 72 6f 6f 74" + Endl;
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
///PROTEZIONE IDEATA DA THEROCK (SPACCONE) & [TM]REBY (AURORA BONNY) PER GALAXYA2 - [FINE CONFIGURAZIONE PROTEZIONE]/
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

BYTE Keys[5][16];
HANDLE ProcessHandle=GetCurrentProcess();
DWORD ProcessId=GetCurrentProcessId();
HANDLE Address=GetProcAddress(GetModuleHandleA("Kernel32.dll"), "LoadLibraryA");
HMODULE (__stdcall *Originale)(LPCSTR);
array<string,23>coso={"cheat", "engine", "switch", "inject", "bot", "hack", "m2bob", "ch347", "3ng1n3", "actool", "m2", "archiver", "loader", "dbg", "olly", "ally", "softice", "wpe", "unpublished", "padmack", "extractor", "pythonloader", "packet"};

void SignalHandler(int signum) {
    ExitProcess(0);
}

int HexToDec(string tok2){
    int Dec;
    istringstream iss3("0x"+tok2);
    iss3 >> std::hex >> Dec;
    return Dec;
}

string strtoupper(string String){
    locale Locale;
    string StrIng=String;
    for (unsigned int i=0; i<String.length(); i++) {
        StrIng[i]=toupper(String[i], Locale);
    }
    return StrIng;
}

string strtolower(string String){
    locale Locale;
    string StrIng=String;
    for (unsigned int i=0; i<String.length(); i++) {
        StrIng[i]=tolower(String[i], Locale);
    }
    return StrIng;
}

string zerofill(int mon){
    if (mon < 10) {
        return "0"+to_string(mon);
    }else{
        return to_string(mon);
    }
}

void ExitProc(string lptext, int is){
    time_t t=time(NULL);
    struct tm TM;
    localtime_s(&TM, &t);
    ofstream f("Aurora.txt", ofstream::out | ofstream::app);
    f << "<" << 1900+TM.tm_year << "-" << zerofill(1+TM.tm_mon) << "-" << zerofill(TM.tm_mday) << " " \
        << zerofill(TM.tm_hour) << ":" << zerofill(TM.tm_min) << ":" << zerofill(TM.tm_sec);
    if (is == 0) f << "> E' stato rilevato un " << lptext << "." << endl; else f << "> " << lptext << endl;
    f.close();
    raise(SIGINT);
}

void GetKeys(){
    istringstream iss(Key);
    string tok;
    int is;
    while (getline(iss, tok, '\n')) {
        istringstream iss2(tok);
        string tok2;
        int i=0;
        while (iss2 >> tok2) {
            if (tok2.find("=") != string::npos) {
                if (tok2[0] == '.' && tok2[1] == 'E' && tok2[2] == 'P' && tok2[3] == 'K') {
                    is=0;
                }else if (tok2[0] == '.' && tok2[1] == 'E' && tok2[2] == 'I' && tok2[3] == 'X') {
                    is=1;
                }else if (tok2[0] == 'R' && tok2[1] == 'O' && tok2[2] == 'O' && tok2[3] == 'T') {
                    is=2;
                }else if (tok2[0] == 'L' && tok2[1] == 'Z' && tok2[2] == 'O' && tok2[3] == '1') {
                    is=3;
                }else if (tok2[0] == 'P' && tok2[1] == 'O' && tok2[2] == 'N' && tok2[3] == 'G') {
                    is=4;
                }
                tok2.erase(0, 5);
            }
            Keys[is][i]=HexToDec(tok2);
            i++;
        }
    }
}

//IN QUESTO MODO IL CLIENT NON DA PROBLEMI
//QUESTO SETTAGGIO DELLE CHIAVI FUNZIONA COSI: SE LA CHIAVE NON VIENE SCRITTA LA RISCRIVE
void SetKeys(){
    Eix:
    if (!WriteProcessMemory(ProcessHandle, (LPVOID)(Offset[0]+0x400000), Keys[0], sizeof(Keys[0]), NULL)) {
        goto Eix;
    }
    Epk:
    if (!WriteProcessMemory(ProcessHandle, (LPVOID)(Offset[1]+0x400000), Keys[1], sizeof(Keys[1]), NULL)) {
        goto Epk;
    }
    Root:
    if (!WriteProcessMemory(ProcessHandle, (LPVOID)(Offset[2]+0x400000), Keys[2], sizeof(Keys[2]), NULL)) {
        goto Root;
    }
    LZO:
    if (!WriteProcessMemory(ProcessHandle, (LPVOID)(Offset[3]+0x400000), Keys[3], sizeof(Keys[3]), NULL)) {
        goto LZO;
    }
    PONG:
    if (!WriteProcessMemory(ProcessHandle, (LPVOID)(Offset[4]+0x400000), Keys[4], sizeof(Keys[4]), NULL)) {
        goto PONG;
    }
}

vector<string>Split(char Divisore, wstring StriNg){
    string STriNg(StriNg.begin(), StriNg.end());
    istringstream Iss(STriNg);
    string Tok;
    vector<string>Vettore;
    while(getline(Iss, Tok, Divisore))Vettore.push_back(Tok);
    return Vettore;
}

void Check_Process(){
    HANDLE snapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if (snapshot==INVALID_HANDLE_VALUE) ExitProc("Errore durante l'avvio della protezione", 0);
    PROCESSENTRY32 pe32;
    pe32.dwSize=sizeof(PROCESSENTRY32);
    if (!Process32First(snapshot, &pe32)) {
        CloseHandle(snapshot);
        ExitProc("Errore durante il caricamento della protezione", 0);
    }
    vector<string>casaofcoso;
    casaofcoso=Split('\\', pe32.szExeFile);
    for (string &i : coso) {
        if (strtolower(casaofcoso[casaofcoso.size()-1]).find(i) != string::npos) {
            string I=i;
            I[0]=toupper(I[0]);
            ExitProc(I, 0);
        }
    }
    casaofcoso.clear();
    while (Process32Next(snapshot, &pe32)) {
        casaofcoso=Split('\\', pe32.szExeFile);
        for (string &i : coso) {
            if (strtolower(casaofcoso[casaofcoso.size()-1]).find(i) != string::npos) {
                string I=i;
                I[0]=toupper(I[0]);
                ExitProc(I, 0);
            }
        }     
    }
    CloseHandle(snapshot);
}

void Check_Module(){
    HANDLE snapshot=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessId);
    if (snapshot==INVALID_HANDLE_VALUE) ExitProc("Errore durante l'avvio della protezione", 0);
    MODULEENTRY32 me32;
    me32.dwSize=sizeof(MODULEENTRY32);
    if (!Module32First(snapshot, &me32)) {
        CloseHandle(snapshot);
        ExitProc("Errore durante il caricamento della protezione", 0);
    }
    vector<string>casaofcoso;
    casaofcoso=Split('\\', me32.szModule);
    for (string &i : coso) {
        if (strtolower(casaofcoso[casaofcoso.size()-1]).find(i) != string::npos) {
            string I=i;
            I[0]=toupper(I[0]);
            ExitProc(I, 0);
        }
    }
    casaofcoso.clear();
    while (Module32Next(snapshot, &me32)) {
        casaofcoso=Split('\\', me32.szModule);
        for (string &i : coso) {
            if (strtolower(casaofcoso[casaofcoso.size()-1]).find(i) != string::npos) {
                string I=i;
                I[0]=toupper(I[0]);
                ExitProc(I, 0);
            }
        }     
    }
    CloseHandle(snapshot);
}

HMODULE __stdcall Hookata(LPCSTR lpfilename){
    if (FindWindowA("OLLYDBG", NULL) || FindWindowA("WinDbgFrameClass", NULL)) ExitProc("Debugger", 0);
    if (FindWindowA(NULL, "CH347 3NG1N3 9.9") || FindWindowA(NULL, "Metin2 MultiHack 1.8.5") || \
        FindWindowA(NULL, "Switch-Bot 1.0.0.4 © by Unpublished")) ExitProc("Hack", 0);
    if (FindWindowA("PROCEXPL", NULL) || FindWindowA("TreeListWindowClass", NULL) || FindWindowA("ProcessHacker", NULL) \
        || FindWindowA("PhTreeNew", NULL) || FindWindowA("SysListView32", NULL)) ExitProc("Rilevatore di processi", 0);
    if (FindWindowA(NULL, "OldSchoolInject") || FindWindowA(NULL, "Injector © by Unpublished") \
        || FindWindowA(NULL, "Kernel Detective v1.4.1 :: System Idle Process")) ExitProc("Injector", 0);
    Check_Process();
    Check_Module();
    return Originale(lpfilename);
}

void CloseLauncher(){
    HWND Hwnd;
    if (!(Hwnd=FindWindowA("WindowsForms10.Window.8.app.0.2bf8098_r28_ad1", "  SXXLAUNCHERXSS  "))) ExitProcess(0);
    DWORD ProcessId;
    GetWindowThreadProcessId(Hwnd, &ProcessId);
    HANDLE Process=OpenProcess(PROCESS_TERMINATE, FALSE, (DWORD)ProcessId);
    TerminateProcess(Process, 0xffffffff);
    CloseHandle(Process);
}

long CRCFILE(string Filename) {
    FILE *f;
    if ((f=fopen(Filename.c_str(), "rb")) == NULL) {
        if ((f=fopen(strtoupper(Filename).c_str(), "rb")) == NULL) {
            if ((f=fopen(strtolower(Filename).c_str(), "rb")) == NULL) {
                return 0;
            }
        }
    }
    unsigned long size;
    fseek(f, 0, SEEK_END);
    size=ftell(f);
    fseek(f, 0, SEEK_SET);
    unsigned char *File=new unsigned char[size];
    fread(File, 1, size, f);
    fclose(f);
    unsigned long crc[256];
    for (unsigned int i=0; i<=0xFF; i++) {
        unsigned long coso=0;
        unsigned long I=i;
        for (unsigned int b=1; b<9; b++) {
            if (I & 1) coso |= 1 << (8-b);
            I >>= 1;
        }
        crc[i]=coso << 24;
        for (unsigned int c=0; c<8; c++) crc[i]=(crc[i] << 1) ^ (crc[i] & (1 << 31) ? 0x04c11db7 : 0);
        unsigned long coso2=0;
        unsigned long Ii=crc[i];
        for (unsigned int d=1; d<33; d++) {
            if (Ii & 1) coso2 |= 1 << (32-d);
            Ii >>= 1;
        }     
        crc[i]=coso2;
    }
    unsigned long Crc=0xffffffff;
    for (unsigned int i=0; i<size; i++) Crc=(Crc >> 8) ^ crc[(Crc & 0xFF) ^ File[i]];
    delete [] File;
    return Crc^0xffffffff;
}

inline void Control(){
    unsigned long Flags=0;
    __asm{
            mov eax, fs:[30h]
            mov eax, [eax+68h]
            mov Flags, eax
    }
    if (Flags & 0x70) ExitProc("Debugger", 0);
    char p=0;
    __asm{
            mov eax, fs:[30h]
            mov al, [eax+2h]
            mov p, al
    }
    if (p) ExitProc("Debugger", 0);
}

void SetPermissions(HANDLE ProcessHandle) {
    EXPLICIT_ACCESS denyAccess = {0};
    DWORD dwAccessPermissions = GENERIC_WRITE|PROCESS_ALL_ACCESS|WRITE_DAC|DELETE|WRITE_OWNER|READ_CONTROL;
    BuildExplicitAccessWithName(&denyAccess, TEXT("CURRENT_USER"), dwAccessPermissions, DENY_ACCESS, NO_INHERITANCE);
    PACL Pacl = NULL;
    SetEntriesInAcl(1, &denyAccess, NULL, &Pacl);
    SetSecurityInfo(ProcessHandle, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, Pacl, NULL);
    LocalFree(Pacl);
    CloseHandle(ProcessHandle);
}

void CheckDirectory(string Directory="") {
    if (Directory.length() == 0) Directory="*"; else Directory=Directory+"\\*";
    WIN32_FIND_DATAA FindData;
    HANDLE Find=FindFirstFileA(Directory.c_str(), &FindData);
    int py=0;
    int m3d=0;
    int asi=0;
    int flt=0;
    int mix=0;
    while (FindNextFileA(Find, &FindData) != 0) {
        if (!(FindData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)) {
            if (strtolower(FindData.cFileName).compare("logininfo.py") == 0) {py=1; break;}
            if (strtolower(FindData.cFileName).compare("mssa3d.m3d") != 0 && \
                strtolower(FindData.cFileName).compare("mssds3d.m3d") != 0 && \
                strtolower(FindData.cFileName).compare("mssdx7.m3d") != 0 && \
                strtolower(FindData.cFileName).compare("msseax.m3d") != 0 && \
                strtolower(FindData.cFileName).compare("mssrsx.m3d") != 0 && \
                strtolower(FindData.cFileName).compare("msssoft.m3d") != 0) {
                if (strtolower(FindData.cFileName).find(".m3d") != string::npos) {m3d=1; break;}
            }
            if (strtolower(FindData.cFileName).compare("mssmp3.asi") != 0 && \
                strtolower(FindData.cFileName).compare("mssvoice.asi")) {
                if (strtolower(FindData.cFileName).find(".asi") != string::npos) {asi=1; break;}
            }
            if (strtolower(FindData.cFileName).compare("mssdsp.flt")) {
                if (strtolower(FindData.cFileName).find(".flt") != string::npos) {flt=1; break;}
            }
            if (strtolower(FindData.cFileName).find(".mix") != string::npos) {mix=1; break;}
        }
    }
    if (!(py==0 && m3d==0 && asi==0 && flt==0 && mix==0)) {
        string is;
        if (py==1) is=".py";
        if (m3d==1) is=".m3d";
        if (asi==1) is=".asi";
        if (flt==1) is=".flt";
        if (mix==1) is=".mix";
        ExitProc(is+" file injection", 0);
    }
}

void CheckMss32(){
    if (CRCFILE("mss32.dll") != -374552099) {
        ExitProc("Injector", 0);
    }
}

MYDLL void Main(){
    __asm{
            push ss
            pop ss
            mov eax, 9
            xor edx, edx
    }
    Control();
    OutputDebugString(TEXT("%s%s%s%s%s%s%s%s%s%s%s")TEXT("%s%s%s%s%s%s%s%s%s%s%s%s%s")TEXT("%s%s%s%s%s%s%s%s%s%s%s%s%s")TEXT("%s%s%s%s%s%s%s%s%s%s%s%s%s"));
    //PROTEZIONE ANTIKILL DEL PROCESSO
    SetPermissions(ProcessHandle);
    //PRENDO LE CHIAVI DI CIFRATURA
    GetKeys();
    //SETTO LE CHIAVI DI CIFRATURA
    SetKeys();
    //CLOSE LAUNCHER
    CloseLauncher();
    signal(SIGINT, SignalHandler);
    ofstream f("Aurora.txt", ofstream::out);
    f << "Protection made by [GA]TheRock (Spaccone) & [TM]Reby (Aurora Bonny) (WrestlingMania O.O) ~~~ Compile Date: " << __DATE__ << " " << __TIME__ << endl;
    f.close();
    //CONTROLLO FILE .py, .mix, .m3d, .flt, .asi
    CheckMss32();
    CheckDirectory();
    CheckDirectory("miles");
    Originale=(HMODULE(__stdcall*)(LPCSTR))DetourFunction((PBYTE)Address, (PBYTE)Hookata);
}

BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul, LPVOID lpReserved) {
    switch (ul) {
    case DLL_PROCESS_ATTACH:
        Main();
        break;
    case DLL_PROCESS_DETACH:
        DetourRemove((PBYTE)Address, (PBYTE)Originale);
        break;
    }
    return TRUE;
}

Antes de completar, recuerde incluir Desvíos en sus librerías. 

Para compilarse en Visual C ++ (recomiendo Visual Studio 2013 para Visual C ++), y finalmente crear 1 pequeño patcher / launcher en C ++ que limpia automáticamente el dll antes de que comience el juego, así:
  

string LAUNCHER="MioCoso.bin";
string PROTECTION="MiaCosaCompilata.dll";

int LoadLIBRARY(DWORD Proc_ID, string DLL_NAME){
    char buf[50] = {0};
    LPVOID RemoteString, LoadLibAddy;
    if (!Proc_ID) {
        MessageBoxA(0, "Errore durante l'avvio del gioco!", "Runtime Error", MB_ICONERROR);
        return 0;
    }
    HANDLE Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, Proc_ID);
    if (!Proc) {
        MessageBoxA(0, "Errore durante l'avvio del gioco!", "Runtime Error", MB_ICONERROR);
        return 0;
    }
    LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandleA("Kernel32.dll"), "LoadLibraryA");
    RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME.c_str()), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
    WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME.c_str(), strlen(DLL_NAME.c_str()), NULL);
    CreateRemoteThread(Proc, 0, 0, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, 0, 0);
    CloseHandle(Proc);
    return 0;
}

int StartGame(){
    Sleep(2000);
    STARTUPINFO si = {0};
    PROCESS_INFORMATION pi = {0};
    char path[200];
    _getcwd(path, 200);
    si.cb = sizeof(STARTUPINFO);
    ifstream f(PROTECTION.c_str());
    if (!f) {
        MessageBoxA(0, "Errore durante l'avvio del gioco!", "Runtime Error", MB_ICONERROR);
        return 0;           
    }
    BOOLEAN p = CreateProcessA(NULL, (LPSTR)LAUNCHER.c_str(), NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, path, &si, &pi);
    if (!p) {
        MessageBoxA(0, "Errore durante l'avvio del gioco!", "Runtime Error", MB_ICONERROR);
        return 0;
    }
    LoadLIBRARY(pi.dwProcessId, PROTECTION);
    ResumeThread(pi.hThread);
    return 0;
}
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...