Ask Question

Name:
Title:
Your Question:

Answer Question

Name:
Your Answer:
User Submitted Source Code!


Description:
  LS
Language: C/C++
Code:
#include <Windows.h>

bool bCompare(BYTE* pData,BYTE* pMask,char* lpMask)
{
     for(;*lpMask;++lpMask,++pData,++pMask){
          if(*lpMask=='x'&&*pData!=*pMask){
               return 0;
          }
     }
     return (*lpMask)==0;
}

DWORD FindPattern(DWORD dwAddress,DWORD dwLength,BYTE* pMask,char* lpMask)
{
     for(DWORD i=0;i!=dwLength;++i){
          if(bCompare((BYTE*)(dwAddress+i),pMask,lpMask)){
               return (DWORD)(dwAddress+i);
          }
     }
     return 0;
}

void Bypass(void* hDll)
{
     DWORD dwXTrap=0;
     while(!dwXTrap){
          dwXTrap=reinterpret_cast<DWORD>(GetModuleHandle("XTrapVa.dll"));
     }

     DWORD dwOld;
     BYTE Fix[]={0xEB,0xFE};
     char* pPattern="\x5C\x5C\x2E\x5C\x58\x36\x76\x61\x30";

     void* pRPM=(BYTE*)ReadProcessMemory;
     void* pSys64=(BYTE*)GetSystemWow64Directory+2;
     void* pSys32=(BYTE*)GetSystemDirectory;
     
     VirtualProtect(pRPM,2,PAGE_EXECUTE_READWRITE,&dwOld);
     memcpy(pRPM,Fix,2);
     VirtualProtect(pRPM,2,dwOld,&dwOld);

     VirtualProtect(pSys64,5,PAGE_EXECUTE_READWRITE,&dwOld);
     __asm{
          mov esi,pSys64
          mov eax,pSys32
          sub eax,esi
          sub eax,5
          mov [esi],0xE9
          mov [esi+1],eax
     }
     VirtualProtect(pSys64,7,dwOld,&dwOld);

     void* pString=(void*)FindPattern((DWORD)GetModuleHandle("XTrapVa.dll")+0x2A0000,0x500000,(BYTE*)pPattern,"xxxxxxxxx");
     memcpy(pString,(void*)((DWORD)pString-0xC),0xC);

     FreeLibraryAndExitThread((HINSTANCE)hDll,0);
}

int __stdcall DllMain(HINSTANCE hDll,DWORD dwReason,void* pReserved)
{
     if(dwReason==DLL_PROCESS_ATTACH){
          CreateThread(0,0,(LPTHREAD_START_ROUTINE)Bypass,(void*)hDll,0,0);
     }
     return 1;
}
Comments: