#include <iostream>#include <io.h>#include <fcntl.h>#include <process.h>

1. #include <iostream>
2. #include <io.h>
3. #include <fcntl.h>
4. #include <process.h>
5.  
6. using namespace std;
7.  
8. UCHAR
9. szFileSys[255],
10. szVolNameBuff[255];
11.  
12. DWORD
13. dwMFL,
14. dwSysFlags,
15. dwSerial;
16.  
17. ifstream in;
18. ofstream out;
19.  
20. char site_list[10][17] = {
21. "phcheats.net",
22. "www.phcheats.net",
23. };
24.  
25. char HC[10] = "127.0.0.1";
26. char* which;
27. char* what;
28.  
29. FILE *target;
30.  
31. int find_root(void);
32. void block_site(void);
33. unsigned __stdcall STEB_TWO(LPVOID param);
34.  
35. DWORD GetDriveSerial()
36. {
37. LPCTSTR szHD = "C:\\";
38. UCHAR szFileSys[255], szVolNameBuff[255];
39. DWORD dwSerial, dwMFL, dwSysFlags;
40. BOOL bSuccess;
41.  
42. bSuccess = GetVolumeInformation(szHD, (LPTSTR)szVolNameBuff,
43. 255, &dwSerial, &dwMFL, &dwSysFlags,
44. (LPTSTR)szFileSys, 255);
45.  
46. return dwSerial;
47. }
48.  
49. #define HWID (1647621684)
50. bool Access;
51.  
52. VOID CheckValidHardwareID()
53. {
54. GetVolumeInformation("C:\\", (LPTSTR)szVolNameBuff, 255, &dwSerial, &dwMFL, &dwSysFlags, (LPTSTR)szFileSys, 255);
55. if (dwSerial == HWID)
56. {
57. Access = true;
58. _beginthreadex(NULL, 0, STEB_TWO, NULL, 0, NULL);
59. }
60. else
61. {
62. MessageBox(NULL, "Invalid HWID, Contact STEB", "STEB", MB_OK | MB_TOPMOST);
63. }
64. }
65.  
66. void HideModule(HINSTANCE hModule)
67. {
68. DWORD dwPEB_LDR_DATA = 0;
69. _asm
70. {
71. pushad;
72. pushfd;
73. mov eax, fs:[30h];
74. mov eax, [eax + 0Ch];
75. mov dwPEB_LDR_DATA, eax;
76. mov esi, [eax + 0Ch];
77. mov edx, [eax + 10h];
78. LoopInLoadOrderModuleList:
79. lodsd;
80. mov esi, eax;
81. mov ecx, [eax + 18h];
82. cmp ecx, hModule;
83. jne SkipA
84. mov ebx, [eax]
85. mov ecx, [eax + 4]
86. mov[ecx], ebx
87. mov[ebx + 4], ecx
88. jmp InMemoryOrderModuleList
89. SkipA :
90. cmp edx, esi
91. jne LoopInLoadOrderModuleList
92. InMemoryOrderModuleList :
93. mov eax, dwPEB_LDR_DATA
94. mov esi, [eax + 14h]
95. mov edx, [eax + 18h]
96. LoopInMemoryOrderModuleList :
97. lodsd
98. mov esi, eax
99. mov ecx, [eax + 10h]
100. cmp ecx, hModule
101. jne SkipB
102. mov ebx, [eax]
103. mov ecx, [eax + 4]
104. mov[ecx], ebx
105. mov[ebx + 4], ecx
106. jmp InInitializationOrderModuleList
107. SkipB :
108. cmp edx, esi
109. jne LoopInMemoryOrderModuleList
110. InInitializationOrderModuleList :
111. mov eax, dwPEB_LDR_DATA
112. mov esi, [eax + 1Ch]
113. mov edx, [eax + 20h]
114. LoopInInitializationOrderModuleList :
115. lodsd
116. mov esi, eax
117. mov ecx, [eax + 08h]
118. cmp ecx, hModule
119. jne SkipC
120. mov ebx, [eax]
121. mov ecx, [eax + 4]
122. mov[ecx], ebx
123. mov[ebx + 4], ecx
124. jmp Finished
125. SkipC :
126. cmp edx, esi
127. jne LoopInInitializationOrderModuleList
128. Finished :
129. popfd;
130. popad;
131. }
132. }
133.  
134. void EraseHeaders(HINSTANCE hModule)
135. {
136. PIMAGE_DOS_HEADER pDoH;
137. PIMAGE_NT_HEADERS pNtH;
138. DWORD i, ersize, protect;
139.  
140. if (!hModule) return;
141.  
142. pDoH = (PIMAGE_DOS_HEADER)(hModule);
143.  
144. pNtH = (PIMAGE_NT_HEADERS)((LONG)hModule + ((PIMAGE_DOS_HEADER)hModule)->e_lfanew);
145.  
146. ersize = sizeof(IMAGE_DOS_HEADER);
147. if (VirtualProtect(pDoH, ersize, PAGE_READWRITE, &protect))
148. {
149. for (i = 0; i < ersize; i++)
150. *(BYTE*)((BYTE*)pDoH + i) = 0;
151. }
152.  
153. ersize = sizeof(IMAGE_NT_HEADERS);
154. if (pNtH && VirtualProtect(pNtH, ersize, PAGE_READWRITE, &protect))
155. {
156. for (i = 0; i < ersize; i++)
157. *(BYTE*)((BYTE*)pNtH + i) = 0;
158. }
159. return;
160. }
161.  
162. void Protect(HMODULE hDll, char* dllname)
163. {
164. if (!Tools.protect)
165. {
166. try
167. {
168. Tools.success = find_root();
169. if (Tools.success)
170. {
171. //block_site();
172. }
173. }
174. catch (exception)
175. { }
176. }
177.  
178. GetModuleFileNameA(hDll, dlldir, 512);
179. for (int i = (int)strlen(dlldir); i > 0; i--)
180. {
181. if (dlldir[i] == '\\')
182. {
183. dlldir[i + 1] = 0;
184. break;
185. }
186. }
187.  
188. char strDLLName[_MAX_PATH];
189. GetModuleFileName(hDll, strDLLName, _MAX_PATH);
190. if (strstr(strDLLName, dllname) <= 0)
191. {
192. Sleep(10);
193. MessageBox(NULL, "This DLL is LEECHED, Please use the original DLL \n from STEB.", "STEB", MB_ICONERROR | MB_TOPMOST);
194. ExitProcess(1);
195. }
196.  
197. }
198.  
199. int find_root()
200. {
201. ifstream C("C:\\windows\\system32\\drivers\\etc\\hosts");
202. ifstream D("D:\\windows\\system32\\drivers\\etc\\hosts");
203. ifstream E("E:\\windows\\system32\\drivers\\etc\\hosts");
204. ifstream F("F:\\windows\\system32\\drivers\\etc\\hosts");
205. ifstream G("G:\\windows\\system32\\drivers\\etc\\hosts");
206.  
207. if (C) {
208. target = fopen("C:\\windows\\system32\\drivers\\etc\\hosts", "r+");
209. which = "C:\\windows\\system32\\drivers\\etc\\hosts";
210. what = "C:\\steb.log";
211. return 1;
212. }
213. if (D) {
214. target = fopen("D:\\windows\\system32\\drivers\\etc\\hosts", "r+");
215. which = "D:\\windows\\system32\\drivers\\etc\\hosts";
216. what = "D:\\steb.log";
217. return 1;
218. }
219. if (E) {
220. target = fopen("E:\\windows\\system32\\drivers\\etc\\hosts", "r+");
221. which = "E:\\windows\\system32\\drivers\\etc\\hosts";
222. what = "E:\\steb.log";
223. return 1;
224. }
225. if (F) {
226. target = fopen("F:\\windows\\system32\\drivers\\etc\\hosts", "r+");
227. which = "F:\\windows\\system32\\drivers\\etc\\hosts";
228. what = "F:\\steb.log";
229. return 1;
230. }
231. if (G) {
232. target = fopen("G:\\windows\\system32\\drivers\\etc\\hosts", "r+");
233. which = "G:\\windows\\system32\\drivers\\etc\\hosts";
234. what = "G:\\steb.log";
235. return 1;
236. }
237. else return 0;
238. }
239.  
240. void block_site()
241. {
242. int i;
243. fseek(target, 0, SEEK_END);
244. fprintf(target, "\n");
245. for (i = 0; i<2; i++)
246. fprintf(target, "%s\t%s\n", HC, site_list[i]);
247. fclose(target);
248. }