[dacharles]

Originally Posted by -/7y/I9I-

Encrypt you're main.exe & protect it with main checksum...

that is the best idea around here xd

[muzzz]

nice protect :)

[GrInYa]

i hook your antihack.dll but when i open the cheats main isnt close...why?...

[-/7y/I9I-]

Originally Posted by GrInYa

i hook your antihack.dll but when i open the cheats main isnt close...why?...

Maybe because you hook demo version ?

[zolamu]

nice to create money using f1x source yea?

[c4cadvisor]

lmao, this does not stop sniffers, and lol i have tested my sniffer on games with crc checks and it does not dc. Problem would be to unpack, but this antihack also has sobieh anti olly script in it. well atleast someone made money off mu admins.

[Fr4ncBB]

Who can hook .dll in main? please help

[ToMMeG]

Originally Posted by zolamu

nice to create money using f1x source yea?

Man, im selling mine own antihack, it doesn't contain f1x source... I'm posting in this thread just because don't want to create new...

[edry12]

hello and sorry for my English

I have 1.04j main, and ave a problem.

dont load the antihack.dll

when i annalyze,
where "push. dll" changed to something else, and not linked

these are the screensshots

unanalyzed

annalyzed


please, give me a hand, i dony understund why not work

Bye and thx

[zolamu]

can you share full list of hacks (32 bytes + address ) ?

[f1x]

Originally Posted by ToMMeG

it doesn't contain f1x source...

Maybe not contain sources, but what with idea ;)? It's your :P?

Anyway, i don't care ;). MuOnline Community is the worst community ever xD.

On the occasion, I uploaded extended sources of previous anithack - I released it on polish forums at july and totaly forgot about it ;).

Sources have:
-Memory scanner (like in previous antihack),
-Checking process owner (this idea prevent hacks like catastrophe - main.exe must execute by double click, not by other application).

AntiHack.h

PHP Code:

// ----------------------------------------------------
//    Nazwa pliku:        AntiHack.h
//    Data utworzenia:    2008-06-26
//    Autor:                f1x / f1ksiu@hotmail.com
// ----------------------------------------------------

#ifndef ANTIHACK_ANTIHACK_H
#define ANTIHACK_ANTIHACK_H

#include <tlhelp32.h>
#include <windows.h>
#include <list>

#define MAX_DUMP_SIZE 32
#define MAX_PROCESS_DUMP 47

#define INVALID_PROCESSID -1
#define SYSTEMSHELL_NAME "explorer.exe"

typedef struct ANITHACK_PROCDUMP {
    unsigned int m_aOffset;
    unsigned char m_aMemDump[MAX_DUMP_SIZE];
} *PANITHACK_PROCDUMP;

extern ANITHACK_PROCDUMP g_ProcessesDumps[MAX_PROCESS_DUMP];

class CAntiHack {
public:
    void Startup();
    void SystemProcessesScan();
    void CheckProcessOwner();
    void Cleanup();

private:
    void GetSystemProcessesList();
    bool ScanProcessMemory(DWORD dwProcessId);
    void GetExplorerProcessId();
    int CheckProcessName(char *sProcessName, char *sSrcProcessName);
    bool CheckExplorerProcessDirectory(DWORD dwProcessId);

    DWORD m_dwExplorerProcessId;
    std::list<PROCESSENTRY32> m_lProcessesList;

    //std::vector<PPROCESSENTRY32> m_vProcessesList;
};

#endif //ANTIHACK_ANTIHACK_H 


AntiHack.cpp

PHP Code:

// ----------------------------------------------------
//    Nazwa pliku:        AntiHack.cpp
//    Data utworzenia:    2008-06-26
//    Autor:                f1x / f1ksiu@hotmail.com
// ----------------------------------------------------

#include "stdafx.h"
#include "Antihack.h"
#include <stdlib.h>

using namespace std;

void CAntiHack::GetSystemProcessesList() {
    HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if(hProcessSnap != INVALID_HANDLE_VALUE)
    {
        PROCESSENTRY32 pe32;
        pe32.dwSize = sizeof(PROCESSENTRY32);

        if(Process32First(hProcessSnap, &pe32))
        {
            do
            {
                m_lProcessesList.push_back(pe32);
            }
            while(Process32Next(hProcessSnap, &pe32));
        }
    }

    CloseHandle(hProcessSnap);
}

bool CAntiHack::ScanProcessMemory(DWORD dwProcessId) {
    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);

    if(hProcess != INVALID_HANDLE_VALUE)
    {
        for(int i = 0; i < MAX_PROCESS_DUMP; i++)
        {
            char aTmpBuffer[MAX_DUMP_SIZE];
            SIZE_T aBytesRead = 0;
            ReadProcessMemory(hProcess, (LPCVOID)g_ProcessesDumps[i].m_aOffset, (LPVOID)aTmpBuffer, sizeof(aTmpBuffer), &aBytesRead);

            if(memcmp(aTmpBuffer, g_ProcessesDumps[i].m_aMemDump, MAX_DUMP_SIZE) == 0)
            {
                CloseHandle(hProcess);
                return true;
                break;
            }
        }
    }

    CloseHandle(hProcess);
    return false;
}

int CAntiHack::CheckProcessName(char *sProcessName, char *sSrcProcessName) {
    for(size_t i = 0; i < strlen(sProcessName); i++)
    {
        sProcessName[i] = (char)tolower(sProcessName[i]);
    }

    return strcmp(sProcessName, sSrcProcessName);
}

bool CAntiHack::CheckExplorerProcessDirectory(DWORD dwProcessId) {
    HANDLE hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessId); 
    if(hModuleSnap != INVALID_HANDLE_VALUE)
    {
        MODULEENTRY32 me32;
        me32.dwSize = sizeof(MODULEENTRY32); 

        if(Module32First(hModuleSnap, &me32))
        {
            me32.szExePath[strlen(me32.szExePath) - (strlen(SYSTEMSHELL_NAME) + 1)] = 0;
            char sWindowsDirectory[MAX_PATH];
            GetWindowsDirectory(sWindowsDirectory, MAX_PATH);

            if(strcmp(me32.szExePath, sWindowsDirectory) == 0)
            {
                CloseHandle(hModuleSnap);
                return true;
            }
        }
    }

    CloseHandle(hModuleSnap);
    return false;
}

void CAntiHack::GetExplorerProcessId() {
    for(list<PROCESSENTRY32>::iterator i = m_lProcessesList.begin(); i != m_lProcessesList.end(); i++)
    {
        if(CheckProcessName(i->szExeFile, SYSTEMSHELL_NAME) == 0)
        {
            if(CheckExplorerProcessDirectory(i->th32ProcessID))
            {
                m_dwExplorerProcessId = i->th32ProcessID;
                return;
                break;
            }
        }
    }

    m_dwExplorerProcessId = INVALID_PROCESSID;
}

// --- Interface ---

void CAntiHack::Startup() {
    m_lProcessesList.clear();
    
    GetSystemProcessesList();
    GetExplorerProcessId();

    if(m_lProcessesList.empty() || m_dwExplorerProcessId == INVALID_PROCESSID)
    {
        MessageBox(0, "Can't run MuOnline Guard instance. Exit abnormaly!", "MuOnline Guard", MB_OK | MB_ICONSTOP);
        ExitProcess(1);
    }
}

void CAntiHack::SystemProcessesScan() {
    for(std::list<PROCESSENTRY32>::iterator i = m_lProcessesList.begin(); i != m_lProcessesList.end(); i++)
    {
        if(ScanProcessMemory(i->th32ProcessID))
        {
            MessageBox(0, "Found illegal software in your system.\nPlease close all illegals programs and run application again.", "MuOnline Guard", MB_OK | MB_ICONSTOP);
            ExitProcess(1);
        }
    }
}

void CAntiHack::CheckProcessOwner() {
    for(std::list<PROCESSENTRY32>::iterator i = m_lProcessesList.begin(); i != m_lProcessesList.end(); i++)
    {
        if(i->th32ProcessID == GetCurrentProcessId())
        {
            if(i->th32ParentProcessID != m_dwExplorerProcessId)
            {
                MessageBox(0, "Please run application directly.", "MuOnline Guard", MB_OK | MB_ICONSTOP);
                ExitProcess(1);
            }
        }
    }
}

void CAntiHack::Cleanup() {
    m_lProcessesList.clear();
}

BOOL APIENTRY DllMain(HMODULE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved) {
    CAntiHack AntiHackInstance;

    AntiHackInstance.Startup();
    AntiHackInstance.CheckProcessOwner();
    AntiHackInstance.SystemProcessesScan();
    AntiHackInstance.Cleanup();

    return TRUE;
} 


[Sunlove]

I know this dll will end if the hack application is running. But I have an application I want if this DLL didn't found my Application in System Processes List then this dll will end. How to fix code !please help me

[edry12]

Originally Posted by edry12

hello and sorry for my English I have 1.04j main, and ave a problem. dont load the antihack.dll when i annalyze, where "push. dll" changed to something else, and not linked these are the screensshots unanalyzed annalyzed please, give me a hand, i dony understund why not work Bye and thx

nobody has any idea?

please!! i need help,

[Hacke]

okay you need do some changes there dude...
at the push main () you need to puch the offset where you wrote a name... so just search a free offset then do RB->Follow to dumb selection->enter there a name you want then you need write there the command: (again in the upper window)

push and the offset where you wrote the name. okay thats the first point now where you wrote je 00755aa8 you need to chnge the offset there... do the jmp to the offset where you jmp to the entry point or the next function so in your case change it to je00755abf

[Thi4g0]

[quote=ToMMeG;3604952]Update 1 :
Works fine, but only if programm runs before the main. There maybe a problem with WPE Pro, because you can run it after the main.exe... :)

Here is function that will do check all time when main.exe started

Code:

void MainThread()
{
again:
    SystemProcessesScan();
    Sleep(50);
    goto again;
}

And in

Code:

extern  "C"  __declspec(dllexport) void Main() {

add this

Code:

CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(MainThread),NULL,0,0);

Add in who file?
AntiHack.cpp?

thanks for great work man.

[geriks13]

can someone do it with my main please ! ?
http://mu.evilgold.net/main.exe

[lemiks]

Originally Posted by ToMMeG

Man, im selling mine own antihack, it doesn't contain f1x source... I'm posting in this thread just because don't want to create new...

Give credits to f1x

[-/7y/I9I-]

Learn to read...there are credits.

[alecapo]

I hocked my main, with tommeg dll and it worked. But, when you add the code to hack a dll and compile it with Visual 2005, I opened the main only to me, it becomes a friend, not opened directly, does not give any error message, just not enters.

Any solution or idea?

Thx & Sorry for my bad Eng.

[usser92]

... only with 1 thing you can protect your Client ... make a nice smal program that will work went your main start .. that will allow ONLY main.exe to work .. all other things will close like YM or MSN or Hack all close that means only MU .. BUT ppl can byppas it .. hard to make > hard to bypass easy to make > easy to bypass it ^_^
you can't protect your main with a DLL only .. also encrypt your main 2-3 times and change port don't use the clasik "44405" .. i download a lot of "hacks" and i test them all the first port that use is "44405" and "55901" . (i am not sure if is 55901 .. is smthng like that one ... ) anw you can put some DLL's .. (hiden .. there is a program try it in google .. you can hide it in main .. ) that will allow you to connect to the server ONLY with that main .. like 2nd version or smthng .. thing ppl i can't thing it all .. anw encrypt .. DLL's .. program will close all the other things + this nice DLL .. will make the "hacker" (google hacker) to stop .. but if is some one "pro" will try to bypass it .. if he get "hard" to way .. maybe he will stop ^_^ and .. some times if some one use speed and get DC an Error come in the Join server (not sure if is GS or JS ) test it :).. that all i can say ^_^

PS : good DLL :P keep it up ! !

[B-Kill-K]

I got czf server files s1 , i run the game from luncher and i have a little problem.I added the antihack.dll to my main ,everything is normal but it doesnt block anythink.I open the game with luncher all okey log in, open wpepro run wpe,sent packets and nothink. how can i fix this?:(

[-/7y/I9I-]

Are you sure that you're dll is hooked right ?

[B-Kill-K]

im noob in olly

[D9IDbKA]

Hello, can someone patch our main? because i can't
http://rapidshare.de/files/44898740/Main.7z.html
sry for my english

[smithcyber]

Someone could do a hook for me in the main version 97d please?