Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Hooking check + Detect / Scan for UC & OC tools

sahar042

sahar042

duck Army.
500 Posts 10 Happy Years
Joined
Jul 9, 2009
Messages
716
Reaction score
324
Hi there, well I am sharing a simple hooking check and OC & UC detecting example with this function.
*Make sure the OC & UC scan is only against softwares, like xSpeed and etc. (Not Hardware detect)

Code: 
DWORD getDwordFromBytes(byte *b)
{
	return (b[0]) | (b[1] << 8) | (b[2] << 16) | (b[3] << 24);
}

void GetModulePos(DWORD dwAddr)
{
	HMODULE hMods[1024];
	DWORD cbNeeded;
	unsigned int i;
	TCHAR szModName[MAX_PATH];
	HANDLE hMyHandle = GetCurrentProcess();

	if (EnumProcessModules(hMyHandle, hMods, sizeof(hMods), &cbNeeded))
	{
		for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++)
		{
			MODULEINFO mi;
			//Get Module Information
			GetModuleInformation(hMyHandle, hMods[i], &mi, sizeof(mi));
			if ((DWORD)mi.lpBaseOfDll <= dwAddr && dwAddr <= ((DWORD)mi.lpBaseOfDll + mi.SizeOfImage))
			{
				// Get the full path to the module's file.

				if (GetModuleFileNameEx(hMyHandle, hMods[i], szModName,
					sizeof(szModName) / sizeof(TCHAR)))
				{
					// Print the module name and handle value.				
					break;
				}
			}
		}
	}
}
bool IsHooked(BYTE* pbtArray, DWORD dwAddress)
{
	DWORD dwJmpAddr = 0;
	BYTE btJmp[4];
	for (int i = 0; i < 7; i++)
	{
		if (pbtArray[i] == 0xE9)
		{
			btJmp[0] = pbtArray[i + 1];
			btJmp[1] = pbtArray[i + 2];
			btJmp[2] = pbtArray[i + 3];
			btJmp[3] = pbtArray[i + 4];
			dwJmpAddr = getDwordFromBytes(btJmp);
			if (dwJmpAddr>0x80000000)
			{
				dwJmpAddr = 0xFFFFFFFF - dwJmpAddr + 1;
			}
			dwJmpAddr = dwAddress + i + 4 - dwJmpAddr;
			break;
		}
	}
	if (dwJmpAddr)
	{
		GetModulePos(dwJmpAddr);
		return true;
	}
	return false;
}
Call:

Code: 
HMODULE hKenlDll = GetModuleHandleA("kernel32.dll");
DWORD dwAddr = (DWORD)GetProcAddress(hKenlDll, "GetTickCount");

BYTE curTick[7];
memcpy(curTick, (LPVOID)dwAddr, 7);
if (IsHooked(curTick, dwAddr))
{
 //Your crash
 //Don't be stupid and use ExitProcess or any Windows API function.
 //make your own crash code.
}

dwAddr = (DWORD)GetProcAddress(hKenlDll, "QueryPerformanceCounter"); //Please encrypt QueryPerformanceCounter string
memcpy(curTick, (LPVOID)dwAddr, 7);
if (IsHooked(curTick, dwAddr))
{
 //Your crash
 //Don't be stupid and use ExitProcess or any Windows API function.
 //make your own crash code.
}
Peace.
 
Last edited:
The Best DDoS Protected Servers
You must log in or register to reply here.

About Us

RaGEZONE® is a website dedicated to the development of massively multiplayer online role-playing games (MMORPGs).

Online statistics

Members online
255
Guests online
3,038
Total visitors
3,293
Totals may include hidden visitors.

Forum statistics

Threads
429,125
Messages
4,590,488
Members
280,814
Latest member
peteL
Most visitors online was 10613 , on 26 Apr 2024

RaGEZONE Sponsor

    HyperFilter
Back
Top