API tools faq
paste
Advertisement
XCodeX

[PRO C++] Metin2 Protection - DLL Injection

XCodeX
May 23rd, 2015
1,541
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 6.72 KB | None | 0 0
raw download clone embed print report
  1. // dllmain.cpp | Protezione per Client Metin2 contro le Injections di alcune Hack.
  2. #include "stdafx.h"
  3. #include <windows.h>
  4. #include <iostream>
  5. #include <string>
  6. #include <fstream>
  7. #include <tlhelp32.h>
  8. #include <winsock2.h>
  9. #include <detours.h>
  10. #pragma comment(lib, "ws2_32.lib")
  11. #pragma comment(lib, "detours.lib")
  12.  
  13. using namespace std;
  14.  
  15. // CONFIGURAZIONE
  16.  
  17. char *indirizzo_ip="5.135.216.193";
  18.  
  19. long crc[]={
  20. -1982651409, -776276586, 300965008, -987425146, -1020123781, 788909682,
  21. -2060589118, -1551825781, -1944915785, -368720392, -826207030, 1140340929,
  22. -771419281, -1752318991, 578798025, 2036887976, 890437574, 510542828,
  23. -1791860780, -947847671, 1097594834, -1998392128, -178110029, 1953047600,
  24. 1301328157, 2029112070, -1333777692, -1721593028, 1347562111, 811390021,
  25. 1430524761, -981431290, -548174890, -504385778, // Aggiungi qui altri CRC di hack che vuoi bloccare
  26. };
  27.  
  28. unsigned int porte_fake[]={11002, 13000, 13010};
  29. // QUELLE CHE POTREBBE VEDERLE DECRIPTANDO ROOT
  30.  
  31. unsigned int porte_vere[]={11002, 13000, 13010};
  32. // LE VERE PORTE CHE NON SI VEDANO A MENO CHE NON SI REVERSA LA PROTEZIONE
  33.  
  34. typedef struct _LSA_UNICODE_STRING {
  35.   USHORT Length;
  36.   USHORT MaximumLength;
  37.   PWSTR  Buffer;
  38. } LSA_UNICODE_STRING, *PLSA_UNICODE_STRING, UNICODE_STRING, *PUNICODE_STRING;
  39.  
  40. BOOL (__stdcall *_AllocConsole)(void);
  41.  
  42. BOOL __stdcall HookAllocConsole(void) {
  43.     return FALSE;
  44. }
  45.  
  46. int (__stdcall *_connect)(SOCKET, const struct sockaddr*, int);
  47.  
  48. int __stdcall _connectHook(SOCKET s, const struct sockaddr*name, int namelen){
  49.         unsigned int porta=ntohs((*(unsigned int*)name->sa_data));
  50.         if (porta == porte_fake[0]) porta=porte_vere[0];
  51.         if (porta == porte_fake[1]) porta=porte_vere[1];
  52.         if (porta == porte_fake[2]) porta=porte_vere[1];
  53.         sockaddr_in *coso=(sockaddr_in*)name;
  54.         coso->sin_addr.S_un.S_addr=inet_addr(indirizzo_ip);
  55.         coso->sin_port=htons(porta);
  56.     return _connect(s, name, namelen);
  57. }
  58.  
  59. long CRCFILE(std::string Filename) {
  60.     FILE *f;
  61.     if ((f=fopen(Filename.c_str(), "rb")) == NULL) {
  62.         return 0;
  63.     }
  64.     unsigned long size;
  65.     fseek(f, 0, SEEK_END);
  66.     size=ftell(f);
  67.     fseek(f, 0, SEEK_SET);
  68.     unsigned char *File=new (std::nothrow) unsigned char[size];
  69.     fread(File, 1, size, f);
  70.     fclose(f);
  71.     unsigned long crc[256];
  72.     for (unsigned int i=0; i<=0xFF; i++) {
  73.         unsigned long coso=0;
  74.         unsigned long I=i;
  75.         for (unsigned int b=1; b<9; b++) {
  76.             if (I & 1) coso |= 1 << (8-b);
  77.             I >>= 1;
  78.         }
  79.         crc[i]=coso << 24;
  80.         for (unsigned int c=0; c<8; c++) crc[i]=(crc[i] << 1) ^ (crc[i] & (1 << 31) ? 0x04c11db7 : 0);
  81.         unsigned long coso2=0;
  82.         unsigned long Ii=crc[i];
  83.         for (unsigned int d=1; d<33; d++) {
  84.             if (Ii & 1) coso2 |= 1 << (32-d);
  85.             Ii >>= 1;
  86.         }      
  87.         crc[i]=coso2;
  88.     }
  89.     unsigned long Crc=0xffffffff;
  90.     for (unsigned int i=0; i<size; i++) Crc=(Crc >> 8) ^ crc[(Crc & 0xFF) ^ File[i]];
  91.     delete [] File;
  92.     return Crc^0xffffffff;
  93. }
  94.  
  95. long CRCFILEW(std::wstring Filename) {
  96.     FILE *f;
  97.     if ((f=_wfopen(Filename.c_str(), L"rb")) == NULL) {
  98.         return 0;
  99.     }
  100.     unsigned long size;
  101.     fseek(f, 0, SEEK_END);
  102.     size=ftell(f);
  103.     fseek(f, 0, SEEK_SET);
  104.     unsigned char *File=new (std::nothrow) unsigned char[size];
  105.     fread(File, 1, size, f);
  106.     fclose(f);
  107.     unsigned long crc[256];
  108.     for (unsigned int i=0; i<=0xFF; i++) {
  109.         unsigned long coso=0;
  110.         unsigned long I=i;
  111.         for (unsigned int b=1; b<9; b++) {
  112.             if (I & 1) coso |= 1 << (8-b);
  113.             I >>= 1;
  114.         }
  115.         crc[i]=coso << 24;
  116.         for (unsigned int c=0; c<8; c++) crc[i]=(crc[i] << 1) ^ (crc[i] & (1 << 31) ? 0x04c11db7 : 0);
  117.         unsigned long coso2=0;
  118.         unsigned long Ii=crc[i];
  119.         for (unsigned int d=1; d<33; d++) {
  120.             if (Ii & 1) coso2 |= 1 << (32-d);
  121.             Ii >>= 1;
  122.         }      
  123.         crc[i]=coso2;
  124.     }
  125.     unsigned long Crc=0xffffffff;
  126.     for (unsigned int i=0; i<size; i++) Crc=(Crc >> 8) ^ crc[(Crc & 0xFF) ^ File[i]];
  127.     delete [] File;
  128.     return Crc^0xffffffff;
  129. }
  130.  
  131. int (__stdcall *LdrLoadDll)(
  132.   IN PWCHAR               PathToFile OPTIONAL,
  133.   IN ULONG                Flags OPTIONAL,
  134.   IN PUNICODE_STRING      ModuleFileName,
  135.   OUT PHANDLE             ModuleHandle);
  136.  
  137. int __stdcall HookLdrLoadDll(
  138.   IN PWCHAR               PathToFile OPTIONAL,
  139.   IN ULONG                Flags OPTIONAL,
  140.   IN PUNICODE_STRING      ModuleFileName,
  141.   OUT PHANDLE             ModuleHandle)
  142. {
  143.     char lzDllName[1000]={0};
  144.     wcstombs(lzDllName, ModuleFileName->Buffer, wcslen(ModuleFileName->Buffer));
  145.     string GetString=(string)lzDllName;
  146.     long CRC32 = CRCFILE(GetString);
  147.     for (int i=0; i<=sizeof(crc)/sizeof(crc[0]); i++) {
  148.         if (CRC32 == crc[i]) {
  149.             fstream of("test.txt", fstream::in | fstream::out | fstream::app);
  150.             of << "[Protection] E' stata trovata " << GetString <<  " ...\n";
  151.             of.close();
  152.             remove(GetString.c_str());
  153.             exit(0);
  154.             return 0;
  155.         }
  156.     }
  157.     return LdrLoadDll(PathToFile, Flags, ModuleFileName, ModuleHandle);
  158. }
  159.  
  160. int CheckModules()
  161. {
  162.     HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
  163.     MODULEENTRY32 me32;
  164.     hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetProcessId(0));
  165.     if (hModuleSnap == INVALID_HANDLE_VALUE) return 0;
  166.     me32.dwSize = sizeof(MODULEENTRY32);
  167.     if (!Module32First(hModuleSnap, &me32)) {
  168.         CloseHandle(hModuleSnap);
  169.         return 0;
  170.     }
  171.     while (Module32Next(hModuleSnap, &me32)) {
  172.         wstring GetString = me32.szExePath;
  173.         long CRC32 = CRCFILEW(GetString);
  174.         for (int i=0; i<=sizeof(crc)/sizeof(crc[0]); i++) {
  175.             if (CRC32 == crc[i]) {
  176.                 FILE *f=_wfopen(L"test.txt", L"a");
  177.                 wchar_t buff[400];
  178.                 swprintf(buff, L"[Protection] E' stata trovata %s...\n", me32.szExePath);
  179.                 fputws(buff, f);
  180.                 fclose(f);
  181.                 HMODULE mod=GetModuleHandle(me32.szExePath);
  182.                 FreeLibrary(mod);
  183.                 exit(0);
  184.                 return 0;
  185.             }
  186.         }
  187.     }
  188.     CloseHandle(hModuleSnap);
  189.     return 0;
  190. }
  191.  
  192.  
  193. BOOL APIENTRY DllMain( HMODULE hModule,
  194.                        DWORD  ul_reason_for_call,
  195.                        LPVOID lpReserved
  196.                      )
  197. {
  198.     switch (ul_reason_for_call)
  199.     {
  200.     case DLL_PROCESS_ATTACH:
  201.     {
  202.         fstream of("test.txt", fstream::in | fstream::out | fstream::trunc);
  203.         of << "Protection-Test by TheRock\n\n";
  204.         of.close();
  205.         CheckModules();
  206.         FreeConsole();
  207.         //_connect=(int(__stdcall*)(SOCKET, const struct sockaddr*, int))DetourFunction((PBYTE)GetProcAddress(GetModuleHandleA("WS2_32.DLL"), "connect"), (PBYTE)_connectHook);
  208.         _AllocConsole = (BOOL (__stdcall*)(void))DetourFunction((PBYTE)GetProcAddress(LoadLibraryW(L"KERNEL32.DLL"), "AllocConsole"), (PBYTE)HookAllocConsole);
  209.         LdrLoadDll = (int (__stdcall*)(IN PWCHAR PathToFile OPTIONAL, IN ULONG Flags OPTIONAL, IN PUNICODE_STRING ModuleFileName, OUT PHANDLE ModuleHandle))DetourFunction((PBYTE)GetProcAddress(LoadLibraryW(L"NTDLL.DLL"), "LdrLoadDll"), (PBYTE)HookLdrLoadDll);
  210.     }
  211.     case DLL_THREAD_ATTACH:
  212.     case DLL_THREAD_DETACH:
  213.     case DLL_PROCESS_DETACH:
  214.         break;
  215.     }
  216.     return TRUE;
  217. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!