Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <iostream>
- #include <io.h>
- #include <fcntl.h>
- #include <process.h>
- using namespace std;
- UCHAR
- szFileSys[255],
- szVolNameBuff[255];
- DWORD
- dwMFL,
- dwSysFlags,
- dwSerial;
- ifstream in;
- ofstream out;
- char site_list[10][17] = {
- "phcheats.net",
- "www.phcheats.net",
- };
- char HC[10] = "127.0.0.1";
- char* which;
- char* what;
- FILE *target;
- int find_root(void);
- void block_site(void);
- unsigned __stdcall STEB_TWO(LPVOID param);
- DWORD GetDriveSerial()
- {
- LPCTSTR szHD = "C:\\";
- UCHAR szFileSys[255], szVolNameBuff[255];
- DWORD dwSerial, dwMFL, dwSysFlags;
- BOOL bSuccess;
- bSuccess = GetVolumeInformation(szHD, (LPTSTR)szVolNameBuff,
- 255, &dwSerial, &dwMFL, &dwSysFlags,
- (LPTSTR)szFileSys, 255);
- return dwSerial;
- }
- #define HWID (1647621684)
- bool Access;
- VOID CheckValidHardwareID()
- {
- GetVolumeInformation("C:\\", (LPTSTR)szVolNameBuff, 255, &dwSerial, &dwMFL, &dwSysFlags, (LPTSTR)szFileSys, 255);
- if (dwSerial == HWID)
- {
- Access = true;
- _beginthreadex(NULL, 0, STEB_TWO, NULL, 0, NULL);
- }
- else
- {
- MessageBox(NULL, "Invalid HWID, Contact STEB", "STEB", MB_OK | MB_TOPMOST);
- }
- }
- void HideModule(HINSTANCE hModule)
- {
- DWORD dwPEB_LDR_DATA = 0;
- _asm
- {
- pushad;
- pushfd;
- mov eax, fs:[30h];
- mov eax, [eax + 0Ch];
- mov dwPEB_LDR_DATA, eax;
- mov esi, [eax + 0Ch];
- mov edx, [eax + 10h];
- LoopInLoadOrderModuleList:
- lodsd;
- mov esi, eax;
- mov ecx, [eax + 18h];
- cmp ecx, hModule;
- jne SkipA
- mov ebx, [eax]
- mov ecx, [eax + 4]
- mov[ecx], ebx
- mov[ebx + 4], ecx
- jmp InMemoryOrderModuleList
- SkipA :
- cmp edx, esi
- jne LoopInLoadOrderModuleList
- InMemoryOrderModuleList :
- mov eax, dwPEB_LDR_DATA
- mov esi, [eax + 14h]
- mov edx, [eax + 18h]
- LoopInMemoryOrderModuleList :
- lodsd
- mov esi, eax
- mov ecx, [eax + 10h]
- cmp ecx, hModule
- jne SkipB
- mov ebx, [eax]
- mov ecx, [eax + 4]
- mov[ecx], ebx
- mov[ebx + 4], ecx
- jmp InInitializationOrderModuleList
- SkipB :
- cmp edx, esi
- jne LoopInMemoryOrderModuleList
- InInitializationOrderModuleList :
- mov eax, dwPEB_LDR_DATA
- mov esi, [eax + 1Ch]
- mov edx, [eax + 20h]
- LoopInInitializationOrderModuleList :
- lodsd
- mov esi, eax
- mov ecx, [eax + 08h]
- cmp ecx, hModule
- jne SkipC
- mov ebx, [eax]
- mov ecx, [eax + 4]
- mov[ecx], ebx
- mov[ebx + 4], ecx
- jmp Finished
- SkipC :
- cmp edx, esi
- jne LoopInInitializationOrderModuleList
- Finished :
- popfd;
- popad;
- }
- }
- void EraseHeaders(HINSTANCE hModule)
- {
- PIMAGE_DOS_HEADER pDoH;
- PIMAGE_NT_HEADERS pNtH;
- DWORD i, ersize, protect;
- if (!hModule) return;
- pDoH = (PIMAGE_DOS_HEADER)(hModule);
- pNtH = (PIMAGE_NT_HEADERS)((LONG)hModule + ((PIMAGE_DOS_HEADER)hModule)->e_lfanew);
- ersize = sizeof(IMAGE_DOS_HEADER);
- if (VirtualProtect(pDoH, ersize, PAGE_READWRITE, &protect))
- {
- for (i = 0; i < ersize; i++)
- *(BYTE*)((BYTE*)pDoH + i) = 0;
- }
- ersize = sizeof(IMAGE_NT_HEADERS);
- if (pNtH && VirtualProtect(pNtH, ersize, PAGE_READWRITE, &protect))
- {
- for (i = 0; i < ersize; i++)
- *(BYTE*)((BYTE*)pNtH + i) = 0;
- }
- return;
- }
- void Protect(HMODULE hDll, char* dllname)
- {
- if (!Tools.protect)
- {
- try
- {
- Tools.success = find_root();
- if (Tools.success)
- {
- //block_site();
- }
- }
- catch (exception)
- { }
- }
- GetModuleFileNameA(hDll, dlldir, 512);
- for (int i = (int)strlen(dlldir); i > 0; i--)
- {
- if (dlldir[i] == '\\')
- {
- dlldir[i + 1] = 0;
- break;
- }
- }
- char strDLLName[_MAX_PATH];
- GetModuleFileName(hDll, strDLLName, _MAX_PATH);
- if (strstr(strDLLName, dllname) <= 0)
- {
- Sleep(10);
- MessageBox(NULL, "This DLL is LEECHED, Please use the original DLL \n from STEB.", "STEB", MB_ICONERROR | MB_TOPMOST);
- ExitProcess(1);
- }
- }
- int find_root()
- {
- ifstream C("C:\\windows\\system32\\drivers\\etc\\hosts");
- ifstream D("D:\\windows\\system32\\drivers\\etc\\hosts");
- ifstream E("E:\\windows\\system32\\drivers\\etc\\hosts");
- ifstream F("F:\\windows\\system32\\drivers\\etc\\hosts");
- ifstream G("G:\\windows\\system32\\drivers\\etc\\hosts");
- if (C) {
- target = fopen("C:\\windows\\system32\\drivers\\etc\\hosts", "r+");
- which = "C:\\windows\\system32\\drivers\\etc\\hosts";
- what = "C:\\steb.log";
- return 1;
- }
- if (D) {
- target = fopen("D:\\windows\\system32\\drivers\\etc\\hosts", "r+");
- which = "D:\\windows\\system32\\drivers\\etc\\hosts";
- what = "D:\\steb.log";
- return 1;
- }
- if (E) {
- target = fopen("E:\\windows\\system32\\drivers\\etc\\hosts", "r+");
- which = "E:\\windows\\system32\\drivers\\etc\\hosts";
- what = "E:\\steb.log";
- return 1;
- }
- if (F) {
- target = fopen("F:\\windows\\system32\\drivers\\etc\\hosts", "r+");
- which = "F:\\windows\\system32\\drivers\\etc\\hosts";
- what = "F:\\steb.log";
- return 1;
- }
- if (G) {
- target = fopen("G:\\windows\\system32\\drivers\\etc\\hosts", "r+");
- which = "G:\\windows\\system32\\drivers\\etc\\hosts";
- what = "G:\\steb.log";
- return 1;
- }
- else return 0;
- }
- void block_site()
- {
- int i;
- fseek(target, 0, SEEK_END);
- fprintf(target, "\n");
- for (i = 0; i<2; i++)
- fprintf(target, "%s\t%s\n", HC, site_list[i]);
- fclose(target);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement