triggerbot&nametags how2detect

1. #include <Windows.h>
2. #include <Psapi.h>
3. #include <iostream>
4. #include <mutex>
5. #define in_range(x, a, b) (x >= a && x <= b)
6. #define get_bits(x) (in_range((x & (~0x20)), 'A', 'F') ? ((x & (~0x20)) - 'A' + 0xA): (in_range(x, '0', '9') ? x - '0': 0))
7. #define get_byte(x) (get_bits(x[0]) << 4 | get_bits(x[1]))
8. uintptr_t find_pattern(const char* module, const char* pattern){//probably not fastest but its decent a decent pattern scan
9.     MODULEINFO mod;
10.     K32GetModuleInformation(GetCurrentProcess(), GetModuleHandleA(module), &mod, sizeof(MODULEINFO));
11.     uintptr_t start = (uintptr_t)mod.lpBaseOfDll;
12.     uintptr_t end = (uintptr_t)mod.lpBaseOfDll + (uintptr_t)mod.SizeOfImage;
13.     uintptr_t match = (uintptr_t)nullptr;
14.     const char* current = pattern;
15.     for (uintptr_t pCur = start; pCur < end; pCur++) {
16.  
17.         if (!*current)
18.             return match;
19.         if (*(PBYTE)current == ('\?') || *(BYTE*)pCur == get_byte(current)) {
20.             if (!match)
21.                 match = pCur;
22.             if (!current[2])
23.                 return match;
24.             if (*(PWORD)current == ('\?\?') || *(PBYTE)current != ('\?'))
25.                 current += 3;
26.             else
27.                 current += 2;
28.         }
29.         else {
30.             current = pattern;
31.             match = 0;
32.         }
33.     }
34.     return (uintptr_t)nullptr;
35. }
36. std::once_flag nametags_flag, triggerbot_flag;
37. HMODULE module_instance;
38. int ac_thread()
39. {
40.     HANDLE hOut = GetStdHandle(STD_OUTPUT_HANDLE);
41.     DWORD dwMode = 0;
42.     GetConsoleMode(hOut, &dwMode);
43.     dwMode |= ENABLE_VIRTUAL_TERMINAL_PROCESSING;
44.     SetConsoleMode(hOut, dwMode);//not needed, it was just to fix colors on some operating systems for printf
45.  
46.     printf("\x1B[35m[%s]\033[0m \x1B[33m%s\033[0m %s", __TIME__, "[AntiCheat]", "Successfully loaded.\n");
47.     while (true)
48.     {
49.         auto nametags = find_pattern("ToyHeroes.exe", "0f 85 ? ? ? ? e8 ? ? ? ? 8b c8 e8 ? ? ? ? 89 85 94 fc");//searching for nametags
50.         auto triggerbot  = find_pattern("ToyHeroes.exe", "e9 ? ? ? ? 90 89 ? 08");//searching for all public hooks/ce script triggerbot
51.         if (nametags)//checkin' if found nametags patch
52.             std::call_once(nametags_flag, [&] {printf("\x1B[35m[%s]\033[0m \x1B[33m%s\033[0m \x1B[31m%s\033[0m", __TIME__, "[AntiCheat]", "Nametags patch detected.\n"); });
53.  
54.         if (triggerbot)//checkin' if found triggerbot hook/script
55.             std::call_once(triggerbot_flag, [&] {printf("\x1B[35m[%s]\033[0m \x1B[33m%s\033[0m \x1B[31m%s\033[0m", __TIME__, "[AntiCheat]", "Triggerbot detected.\n"); });
56.     }
57. }
58. BOOL WINAPI DllMain(HMODULE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
59. {
60.     if (fdwReason == DLL_PROCESS_ATTACH)
61.     {
62.         module_instance = hinstDLL;
63.         AllocConsole();
64.         freopen("CONOUT$", "wb", stdout);
65.         freopen("CONIN$", "rb", stdin);
66.         SetConsoleTitle("fdp ac framework");
67.         CreateThread(0, 0, (LPTHREAD_START_ROUTINE)ac_thread, 0, 0, 0);
68.         return 1;
69.     }
70.     return 0;
71. }