Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // dllmain.cpp | Protezione per Client Metin2 contro le Injections di alcune Hack.
- #include "stdafx.h"
- #include <windows.h>
- #include <iostream>
- #include <string>
- #include <fstream>
- #include <tlhelp32.h>
- #include <winsock2.h>
- #include <detours.h>
- #pragma comment(lib, "ws2_32.lib")
- #pragma comment(lib, "detours.lib")
- using namespace std;
- // CONFIGURAZIONE
- char *indirizzo_ip="5.135.216.193";
- long crc[]={
- -1982651409, -776276586, 300965008, -987425146, -1020123781, 788909682,
- -2060589118, -1551825781, -1944915785, -368720392, -826207030, 1140340929,
- -771419281, -1752318991, 578798025, 2036887976, 890437574, 510542828,
- -1791860780, -947847671, 1097594834, -1998392128, -178110029, 1953047600,
- 1301328157, 2029112070, -1333777692, -1721593028, 1347562111, 811390021,
- 1430524761, -981431290, -548174890, -504385778, // Aggiungi qui altri CRC di hack che vuoi bloccare
- };
- unsigned int porte_fake[]={11002, 13000, 13010};
- // QUELLE CHE POTREBBE VEDERLE DECRIPTANDO ROOT
- unsigned int porte_vere[]={11002, 13000, 13010};
- // LE VERE PORTE CHE NON SI VEDANO A MENO CHE NON SI REVERSA LA PROTEZIONE
- typedef struct _LSA_UNICODE_STRING {
- USHORT Length;
- USHORT MaximumLength;
- PWSTR Buffer;
- } LSA_UNICODE_STRING, *PLSA_UNICODE_STRING, UNICODE_STRING, *PUNICODE_STRING;
- BOOL (__stdcall *_AllocConsole)(void);
- BOOL __stdcall HookAllocConsole(void) {
- return FALSE;
- }
- int (__stdcall *_connect)(SOCKET, const struct sockaddr*, int);
- int __stdcall _connectHook(SOCKET s, const struct sockaddr*name, int namelen){
- unsigned int porta=ntohs((*(unsigned int*)name->sa_data));
- if (porta == porte_fake[0]) porta=porte_vere[0];
- if (porta == porte_fake[1]) porta=porte_vere[1];
- if (porta == porte_fake[2]) porta=porte_vere[1];
- sockaddr_in *coso=(sockaddr_in*)name;
- coso->sin_addr.S_un.S_addr=inet_addr(indirizzo_ip);
- coso->sin_port=htons(porta);
- return _connect(s, name, namelen);
- }
- long CRCFILE(std::string Filename) {
- FILE *f;
- if ((f=fopen(Filename.c_str(), "rb")) == NULL) {
- return 0;
- }
- unsigned long size;
- fseek(f, 0, SEEK_END);
- size=ftell(f);
- fseek(f, 0, SEEK_SET);
- unsigned char *File=new (std::nothrow) unsigned char[size];
- fread(File, 1, size, f);
- fclose(f);
- unsigned long crc[256];
- for (unsigned int i=0; i<=0xFF; i++) {
- unsigned long coso=0;
- unsigned long I=i;
- for (unsigned int b=1; b<9; b++) {
- if (I & 1) coso |= 1 << (8-b);
- I >>= 1;
- }
- crc[i]=coso << 24;
- for (unsigned int c=0; c<8; c++) crc[i]=(crc[i] << 1) ^ (crc[i] & (1 << 31) ? 0x04c11db7 : 0);
- unsigned long coso2=0;
- unsigned long Ii=crc[i];
- for (unsigned int d=1; d<33; d++) {
- if (Ii & 1) coso2 |= 1 << (32-d);
- Ii >>= 1;
- }
- crc[i]=coso2;
- }
- unsigned long Crc=0xffffffff;
- for (unsigned int i=0; i<size; i++) Crc=(Crc >> 8) ^ crc[(Crc & 0xFF) ^ File[i]];
- delete [] File;
- return Crc^0xffffffff;
- }
- long CRCFILEW(std::wstring Filename) {
- FILE *f;
- if ((f=_wfopen(Filename.c_str(), L"rb")) == NULL) {
- return 0;
- }
- unsigned long size;
- fseek(f, 0, SEEK_END);
- size=ftell(f);
- fseek(f, 0, SEEK_SET);
- unsigned char *File=new (std::nothrow) unsigned char[size];
- fread(File, 1, size, f);
- fclose(f);
- unsigned long crc[256];
- for (unsigned int i=0; i<=0xFF; i++) {
- unsigned long coso=0;
- unsigned long I=i;
- for (unsigned int b=1; b<9; b++) {
- if (I & 1) coso |= 1 << (8-b);
- I >>= 1;
- }
- crc[i]=coso << 24;
- for (unsigned int c=0; c<8; c++) crc[i]=(crc[i] << 1) ^ (crc[i] & (1 << 31) ? 0x04c11db7 : 0);
- unsigned long coso2=0;
- unsigned long Ii=crc[i];
- for (unsigned int d=1; d<33; d++) {
- if (Ii & 1) coso2 |= 1 << (32-d);
- Ii >>= 1;
- }
- crc[i]=coso2;
- }
- unsigned long Crc=0xffffffff;
- for (unsigned int i=0; i<size; i++) Crc=(Crc >> 8) ^ crc[(Crc & 0xFF) ^ File[i]];
- delete [] File;
- return Crc^0xffffffff;
- }
- int (__stdcall *LdrLoadDll)(
- IN PWCHAR PathToFile OPTIONAL,
- IN ULONG Flags OPTIONAL,
- IN PUNICODE_STRING ModuleFileName,
- OUT PHANDLE ModuleHandle);
- int __stdcall HookLdrLoadDll(
- IN PWCHAR PathToFile OPTIONAL,
- IN ULONG Flags OPTIONAL,
- IN PUNICODE_STRING ModuleFileName,
- OUT PHANDLE ModuleHandle)
- {
- char lzDllName[1000]={0};
- wcstombs(lzDllName, ModuleFileName->Buffer, wcslen(ModuleFileName->Buffer));
- string GetString=(string)lzDllName;
- long CRC32 = CRCFILE(GetString);
- for (int i=0; i<=sizeof(crc)/sizeof(crc[0]); i++) {
- if (CRC32 == crc[i]) {
- fstream of("test.txt", fstream::in | fstream::out | fstream::app);
- of << "[Protection] E' stata trovata " << GetString << " ...\n";
- of.close();
- remove(GetString.c_str());
- exit(0);
- return 0;
- }
- }
- return LdrLoadDll(PathToFile, Flags, ModuleFileName, ModuleHandle);
- }
- int CheckModules()
- {
- HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
- MODULEENTRY32 me32;
- hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetProcessId(0));
- if (hModuleSnap == INVALID_HANDLE_VALUE) return 0;
- me32.dwSize = sizeof(MODULEENTRY32);
- if (!Module32First(hModuleSnap, &me32)) {
- CloseHandle(hModuleSnap);
- return 0;
- }
- while (Module32Next(hModuleSnap, &me32)) {
- wstring GetString = me32.szExePath;
- long CRC32 = CRCFILEW(GetString);
- for (int i=0; i<=sizeof(crc)/sizeof(crc[0]); i++) {
- if (CRC32 == crc[i]) {
- FILE *f=_wfopen(L"test.txt", L"a");
- wchar_t buff[400];
- swprintf(buff, L"[Protection] E' stata trovata %s...\n", me32.szExePath);
- fputws(buff, f);
- fclose(f);
- HMODULE mod=GetModuleHandle(me32.szExePath);
- FreeLibrary(mod);
- exit(0);
- return 0;
- }
- }
- }
- CloseHandle(hModuleSnap);
- return 0;
- }
- BOOL APIENTRY DllMain( HMODULE hModule,
- DWORD ul_reason_for_call,
- LPVOID lpReserved
- )
- {
- switch (ul_reason_for_call)
- {
- case DLL_PROCESS_ATTACH:
- {
- fstream of("test.txt", fstream::in | fstream::out | fstream::trunc);
- of << "Protection-Test by TheRock\n\n";
- of.close();
- CheckModules();
- FreeConsole();
- //_connect=(int(__stdcall*)(SOCKET, const struct sockaddr*, int))DetourFunction((PBYTE)GetProcAddress(GetModuleHandleA("WS2_32.DLL"), "connect"), (PBYTE)_connectHook);
- _AllocConsole = (BOOL (__stdcall*)(void))DetourFunction((PBYTE)GetProcAddress(LoadLibraryW(L"KERNEL32.DLL"), "AllocConsole"), (PBYTE)HookAllocConsole);
- LdrLoadDll = (int (__stdcall*)(IN PWCHAR PathToFile OPTIONAL, IN ULONG Flags OPTIONAL, IN PUNICODE_STRING ModuleFileName, OUT PHANDLE ModuleHandle))DetourFunction((PBYTE)GetProcAddress(LoadLibraryW(L"NTDLL.DLL"), "LdrLoadDll"), (PBYTE)HookLdrLoadDll);
- }
- case DLL_THREAD_ATTACH:
- case DLL_THREAD_DETACH:
- case DLL_PROCESS_DETACH:
- break;
- }
- return TRUE;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement