Codex anti-hack system - V4 (C++ Source code)

[Cogito Ergo Sum]

=========================================
Codex.dll v4 (C++ Source code) - by VertexBrasil


V4 Anti-hack features:


=========================================


- Easy ON/OFF switch to all features on START.cpp


- Splash Screen on start.


- Hack detect splash screen = english, portuguese, silent, or browser website that register user IP


- Server name easy configuration for all splash messages


- Hack detect Log generation = Gameguard/Log.txt (For configuration purposes only)


=========================================


Load external files:


- Minimizer.dll (Shortcut: F9)


- Glow.dll Mu v97


=========================================


- Protected mxmain.exe serial, version, ip and data using realloc and memoryset.


=========================================


All Functionality programs are included:


- Minimizer.dll
- HTTP and FTP Server side stuff
- Kill Me (Full system working for test only)
- Codex.dll ready to use with some detectors active (English and Portuguese splash)


Applications:


- CRC Generator (portable)
- Dll hooker (portable)
- Dump generator (portable)
- Security packer (portable)
- Handler / GetWindowText (portable)


=========================================


Hack detection:


- WN-Scan - Window Title scan. This one close Game window.
- WN-Close - Same detection as WN-Scan (empty hack database). This one close hack window silently, if can't close hack window, close game.
- CN-Scan - Class window scan close Game window
- CN-Close - Same detection as CN-Scan (empty hack database), this one close Hack window silently, if can't close hack window, close game.
- D-Scan - Dump - Entrypoint + 8 hex Dump
- PID-Scan - Process ID
- H-Scan - Heuristic - Bad Words
- HW-Scan - Heuristic - Windowtext Bad Words, Detect any "bad word" on WindowName, object and parent.
- HC-Scan - Heuristic - Classwindow Bad Words, Detect any "bad word" on WindowClass, detect any "generic" WindowsForms
- HNC-Scan - Heuristic - Bad Words Non-case sensitive
- HT-Scan - Hide tools - Detect generic Hide Tools like Cheat engine, Hide Toolz, etc.
- VM-Scan - Virtual memory - Detect virtual memory code changes
=========================================


Speed detection:
- ST-Scan - Detect game speed and system freeze by Tickcount
- SP-Scan - Detect game speed by hardware performance
=========================================


Injection:
- I-Scan - Detect dll injection using dll illegal names blacklist
- API Injection protection - Silently detector, protect API entry from code injection. [Don't work for some applications, including MU Online main.exe]
- Delete ModuleHandle - Silently detector, delete ModuleHandle after loading, protect from code injection. [Don't work for some applications, including MU Online main.exe]
=========================================


Anti-Kill:
- Launcher / Main active protection - Uses your launcher to protect system from kill or freeze
- AKS-Scan - Protect system from kill by Scanner count
- AKT-Scan - Protect system from kill or inject code by process thread count. [Don't work for some applications, including MU Online main.exe. Don't work with some detectors active]
- Rebuild main data - Allow destroy Main.exe hexadecimal data sections and rebuild it again on virtual memory with Memset. [Main don't work without Codex.dll]
- Main.exe one single instance - If Launcher / Main active protection are active, just one main instance are alowed at time.
=========================================


Ban:
- Hardware Ban (FTP) - Server side blacklist that ban Users hardware: Mac adress, hard drive serial, computer name or computer user name
- Hack detection log file upload (FTP) - Upload file when size are more than "x" lines
- Server Ban (PHP) - Server side protection, ban user account or character using SQL database. Protect Anti-Hack from bypass or kill process [Mu Server "ConnectStat" need to work withowt bugs]
=========================================


Files protection:
- L-Scan - Launcher alwais ON check
- FN-Scan - File name Scan - Check file folder names existence and check file Handler for dlls (Launcher/Codex) and exe files (Main/Launcher) Game only start with correct name.
- CRC-Scan - CRC files scan protection:
-Launcher.exe
-Protect.bmp file
-Player.bmd
-WebZenLogZJ
-Terrain 1 to 7


=========================================


Tanks to:


f1x = Dump codes
Suzana ADM = Heuristic codes
ARIES (Dark Crow) = HeuristicNC codes


RaGEZONE - MMO development community
RaGEZONE foruns users




=========================================


Download Codex V4:

You must be registered to see links

 

[grim5]

You must be registered to see links

I have a problem , How can i fix?

Anti-Kill
Game Over And Close

 

[Cogito Ergo Sum]

First thing, disable this message on START.cpp adding lines intersection: this way:

[COLOR=#008000]carrega.Log_Txt_Hack     = 1;  // On/Off = Creates a hack log ("GameGuard/Log.txt")

[/COLOR][B][COLOR=#ff0000]//[/COLOR][/B][COLOR=#008000]if (carrega.Log_Txt_Hack == 1){[/COLOR]
[B][COLOR=#ff0000]//[/COLOR][/B][COLOR=#008000]MessageBoxA(NULL,"Public HACK DETECTION LOG are active in START.cpp!\n\nWARNING! .....[/COLOR]

This is just an alert for the first start, it causes i time delay on Main.exe, i think this is your problem.

If this don't work, try to find problem using lines intersection, add and remove then, also, try to start detectors one by one, from bottom to top utill find problem.

Try to get original files, and start from this. Also, start detectors one by one, make configuration step by step, if you have some problem you will know is there in that place you have started.

If someone are having problems with windows text names on fake files, i think a good idea enable this lines (removing lines intersection) on START.cpp, do it for both files, Codex and Launcher:

Launcher:

[COLOR=#008000]string title = _T("Launcher");[/COLOR]
[COLOR=#008000]SetConsoleTitle(title.c_str());[/COLOR]

Codex:

[COLOR=#008000]//string title = _T("Mxmain");  [/COLOR]
[COLOR=#008000]//SetConsoleTitle(title.c_str());

[/COLOR]

This will set window text name for fake files. But don't forget to disable that before configuration, Game Main and Launcher have your own window text names, this are just for fake files.

 

[grim5]

I trying for this But still not fix and i still another trying

 

[Cogito Ergo Sum]

I will try to help you grim

 

[grim5]

Thanks I'll be waiting

 

[Cogito Ergo Sum]

Detecta_Heuristica_Win.cpp
Detecta_Heuristica_Class.cpp

Two new Ducking crazy detectors ! ! ! !

- HW-Scan - Heuristic - Windowtext Bad Words:
Detect any "bad word (full or partial)" on WindowName, object and parent.

- HC-Scan - Heuristic - Classwindow Bad Words:
Detect any "bad word (full or partial)" on WindowClass, detect any "generic" WindowsForms

This detectors are realy awesome.

Link updated ! ! ! !

 

[Meet Your Maker]

Support RF Online ?

 

[Cogito Ergo Sum]

Interview, i think there is no problem. A dll file can be hooked in any windows aplication, and also, you can easy turn on and off all features Make any code changes you wish and add your own hack database.



Someone try to use Virtual memory protect to block [Mu graphical Speed]?

This feature (Virtual Memory Protection) are made to do that... watch video tutorial, are the same thing!

Replace Main.exe serial, version and IP with memset
https://www.youtube.com/watch?v=Y0MjSu2s3oo
or
Protect Codex.dll from unload / break

You must be registered to see links

I don't have any client where this cheat works to get buffer value for you. But is so simple to do.

START.cpp

carrega.Virtual_Memory_Protect        = 1;

Detecta_Virtual_Memory.cpp

(*(unsigned short*)0x4E9B6E != [SIZE=3][COLOR=#ff0000]xxxxx[/COLOR][/SIZE])){ //[SIZE=2]buffer[/SIZE]

To easy find adrees to get buffer value to protect:

Start Main.exe > Start HxD.exe > open Main.exe (HxD virtual memory) > ctrl+F (search) > ctrl+G (Go to...) >> 004E9B6E >> buffer

 

[Ace17]

can you please me how to get virtual memory of this? View attachment [Edit]TextFile.rar
then what to change in source thanks

 

[Cogito Ergo Sum]

i don't understand what you mean. You wanto to block this file?

I got that error on this file: MFC71.DLL is missing from your computer.

 

[Ace17]

i don't understand what you mean. You wanto to block this file?

I got that error on this file: MFC71.DLL is missing from your computer.

I want to hex this file and make it as a sample program..how do i get virtual memory of that file

 

[darioclu970]

Please Help this error

[/IMG]

 

[Cogito Ergo Sum]

Please Help this error

Disable all detectors, enable aks-scan, start detectors one by one untill find problem.

You can use this codes below on Detecta_AntiKill_Scans.cpp with mxmain fake to find problem

removeve: /* */

cout << "DAka1:             "<<DAka1<<endl;    
    cout << "DAkb1:             "<<DAkb1<<endl; 
    cout << "DKill_t1:          "<<DKill_t1<<endl; 
    cout << "CloseClas1:        "<<CloseClas1<<endl; 
    cout << "CloseWin1:         "<<CloseWin1<<endl; 
    cout << "DClass1:           "<<DClass1<<endl; 
    cout << "DDump1:            "<<DDump1<<endl; 
    cout << "DHeuri1:           "<<DHeuri1<<endl; 
    cout << "DHeuriWin1:        "<<DHeuriWin1<<endl; 
    cout << "DHeuriNC1:         "<<DHeuriNC1<<endl;   
    cout << "DHeuriClass1:      "<<DHeuriClass1<<endl;
    cout << "DHide1:            "<<DHide1<<endl; 
    cout << "DInject1:          "<<DInject1<<endl; 
    cout << "Dname1:            "<<Dname1<<endl; 
    cout << "DProcID1:          "<<DProcID1<<endl; 
    cout << "DSpeed1:           "<<DSpeed1<<endl; 
    cout << "DWin1:             "<<DWin1<<endl; 
    cout << "DHard1:            "<<DHard1<<endl; 
    cout << "DLauncher1:        "<<DLauncher1<<endl; 
    cout << "DBan1:             "<<DBan1<<endl; 
    cout << "DVirtualM1:        "<<DVirtualM1<<endl; 
    cout << "DSPerf1:           "<<DSPerf1<<endl; 
    cout << "DAntiInject1:      "<<DAntiInject1<<endl; 
    cout << "DVirtualMLauncher1:"<<DVirtualMLauncher1<<endl;     
    cout << "DTxtFileSize1:     "<<DTxtFileSize1<<endl; 
    cout << "Dpipe1:               "<<Dpipe1<<endl;
    cout <<"AntiKill Scans = Antikill: "<<Antikill<<"  Soma: "<<Soma<<endl<<endl; */

Send me yourr: CODEX_V4 DLL and LAUNCHER_V4 DLL Grim, i will try to run with your configurations, remove ipch and debug folder content to reduce size

 

[grim5]

problem Is My Custom Source Code
My Code Remove and Work! Thanks

 

[369917363]

can you upto mega plz.thx

 

[andryus_DW]

Cogito Ergo Sum, any idea about how i can detect main.exe alteration in memory? , with this hack ( MUAutoClicker ) (

You must be registered to see links

) , you can launch main.exe or launcher.exe and this work in memory , then you can execute commands in game , you can download and test it here:

You must be registered to see links

Commands info:

You must be registered to see links

 

[Cogito Ergo Sum]

adryus_DW:

START.cpp

carrega.Virtual_Memory_Protect        = 0;     // On/Off = protect code from alteration on virtual memory (need be configured) on [Virtual_Memory.cpp]

Use this tutorial to see how Virtual Memory Protection works, configuration are very similar.

You must be registered to see links

You can add how many "memory protection points" you want, just copy and paste this code:

Detecta_Virtual_Memory.cpp

//cout << *(unsigned short*)0x449081 << endl;
if((*(unsigned short*)0x449081 != 29537) ||

[can you upto mega plz.thx]

Link are mega, goto to my chanell and scrow page down, link to download are there. I made this way to easy update links when needed.

[h=1]Codex Anti-hack System (c++ Source code) - Download[/h]https://www.youtube.com/watch?v=y55_Mg7VQOw

 

[Cogito Ergo Sum]

I think some people have problems to get buffer for virtual memory protection, so, i add an new feature that make it easy to do.

Video Tutorial:

You must be registered to see links

CodexV4 link are updated!

Codes for that dont want to download it again:

START.ccp

    carrega.Launcher_Mem_Protection     = 0;     // On/Off This is an active memory protection from Launcher, if launcher are not running and if ther signature are not ok, main closes.
//Add this line below:    
        carrega.Memory_Buffer_L             = 0;     // On/Off Message box with address buffer for configuration! Need to configure values on: Detecta_Virtual_Memory.cpp


    carrega.Virtual_Memory_Protect        = 0;     // On/Off = protect code from auteration on virtual memory (need be configured) on [Virtual_Memory.cpp]
 //Add this line below:        
        carrega.Memory_Buffer_P             = 0;     // On/Off Message box with address buffer for configuration! Need to configure values on: Detecta_Virtual_Memory.cpp

Classe.h

 int Memory_Buffer_L;
 int Memory_Buffer_P;

Detecta_Virtual_Memory.cpp

// Video tutorial: http://www.youtube.com/user/vertexbrasil
#include "stdafx.h"
//VM-Scan splash////////////////////////////////////////////////////////////
void Msg_VM_Br(){
    MessageBoxA(NULL,"VM-Scan\n\nConte˙do suspeito detectado!", carrega.Nome_das_Janelas, MB_SERVICE_NOTIFICATION | MB_ICONWARNING);
    }
void Msg_VM_En(){
    MessageBoxA(NULL,"VM-Scan\n\nAn illegal choice haas been detected!", carrega.Nome_das_Janelas, MB_SERVICE_NOTIFICATION | MB_ICONWARNING);
    }


void Msg_VM_Page(){
    Sleep (4000);
    ShellExecute(NULL, "open", carrega.HackSplash_WebSite, NULL, NULL, SW_SHOWNORMAL);
    }


void Attack_Value(){
     if (carrega.Log_Txt_Hack == 1){
ofstream out("GameGuard/Log.txt", ios::app);
out << "\n VM-Scan:  ", out <<   "Virtual memory Value changed!"; 
out.close();
}
    if (carrega.Message_Warning_En == 1){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_VM_En),NULL,0,0);
    Sleep(5000); 
    ExitProcess(0);    
}
    if (carrega.Message_Warning_En == 2){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_VM_Br),NULL,0,0);
    Sleep(5000); 
    ExitProcess(0);    
    }
    if (carrega.Message_Warning_En == 3){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_VM_Page),NULL,0,0);
    Sleep(5000); 
    ExitProcess(0);    
    }
    if (carrega.Message_Warning_En == 0){
    ExitProcess(0);
    }
    else
    ExitProcess(0);
}


//VML-Scan splash////////////////////////////////////////////////////////////
void Msg_VML_Br(){
    MessageBoxA(NULL,"VML-Scan\n\nConte˙do suspeito detectado!", carrega.Nome_das_Janelas, MB_SERVICE_NOTIFICATION | MB_ICONWARNING);
    }
void Msg_VML_En(){
    MessageBoxA(NULL,"VML-Scan\n\nAn illegal choice haas been detected!", carrega.Nome_das_Janelas, MB_SERVICE_NOTIFICATION | MB_ICONWARNING);
    }


void Msg_VML_Page(){
    Sleep (4000);
    ShellExecute(NULL, "open", carrega.HackSplash_WebSite, NULL, NULL, SW_SHOWNORMAL);
    }


void Attack_Value2(){
     if (carrega.Log_Txt_Hack == 1){
ofstream out("GameGuard/Log.txt", ios::app);
out << "\n VML-Scan:  ", out <<   "Virtual memory value changed!"; 
out.close();
}
    if (carrega.Message_Warning_En == 1){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_VML_En),NULL,0,0);
    Sleep(5000); 
    ExitProcess(0);    
}
    if (carrega.Message_Warning_En == 2){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_VML_Br),NULL,0,0);
    Sleep(5000); 
    ExitProcess(0);    
    }
    if (carrega.Message_Warning_En == 3){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_VML_Page),NULL,0,0);
    Sleep(5000); 
    ExitProcess(0);    
    }
    if (carrega.Message_Warning_En == 0){
    ExitProcess(0);
    }
    else
    ExitProcess(0);
}


void Msg_VML3_Br(){
    MessageBoxA(NULL,"VML-Scan\n\nLauncher n„o encontrado!", carrega.Nome_das_Janelas, MB_SERVICE_NOTIFICATION | MB_ICONWARNING);
    }
void Msg_VML3_En(){
    MessageBoxA(NULL,"VML-Scan\n\nLauncher not found!", carrega.Nome_das_Janelas, MB_SERVICE_NOTIFICATION | MB_ICONWARNING);
    }
 
void Msg_VML3_Page(){
    Sleep (4000);
    ShellExecute(NULL, "open", carrega.HackSplash_WebSite, NULL, NULL, SW_SHOWNORMAL);
    }


void Attack_Value3(){
     if (carrega.Log_Txt_Hack == 1){
ofstream out("GameGuard/Log.txt", ios::app);
out << "\n VML-Scan:  ", out <<   "Launcher not found!"; 
out.close();
}
    if (carrega.Message_Warning_En == 1){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_VML3_En),NULL,0,0);
    Sleep(5000); 
    ExitProcess(0);    
}
    if (carrega.Message_Warning_En == 2){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_VML3_Br),NULL,0,0);
    Sleep(5000); 
    ExitProcess(0);    
    }
    if (carrega.Message_Warning_En == 3){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_VML3_Page),NULL,0,0);
    Sleep(5000); 
    ExitProcess(0);    
    }
    if (carrega.Message_Warning_En == 0){
    ExitProcess(0);
    }
    else
    ExitProcess(0);
}


////////////////////////////////////////////////////////////////////////////////////////////////
// Virtual Memory protection - VM-Scan 


//How to:
// Use HxD.exe to get address that you want to protect
// For example, run mxmain(fake).exe, open mxmain(fake).exe with HxD (virtual memory), search for string Gasmask, or important value that need be protected on virtual memory.  
// Select G, press CTRL+E (or right click) Select bloc.  That is your addrees. 0x449081
// Turn On carrega.Memory_Buffer_L on START.cpp to get address buffer, add buffer on detector, turn off carrega.Memory_Buffer_L. 
// Change values on memory with HxD to test. (unsigned short) protect 5 hex from start point adrees
////////////////////////////////////////////////////////////////////////////////////////////////




// CHECK LAUNCHER VIRTUAL MEMORY //////////////////////////////////////////////////////////////////////////////////////////////////////////////// 
HANDLE GetProcessHandle(const char *procName);
void Memory_by_window()
{  
 HWND handle = FindWindow(0 ,TEXT(carrega.Launcher_Window));
      if(handle == 0)
      {
      Attack_Value3();  // If not find Window, closes!
      //cout << "VM-Scan failed to find window: "<<carrega.Launcher_Window<<endl;
      }
      else
      {
  DWORD ID;
  GetWindowThreadProcessId(handle,&ID);  
  HANDLE hProcess = OpenProcess( PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION , FALSE, ID);
      if(!hProcess)
      {
      Attack_Value3();  // If not find Window, closes!
      }
      else 
      {
      int buffer;
      char cbuffer[12];
      if (ReadProcessMemory(hProcess,(void *)0x449080,&buffer,4,NULL)){ //ADRESS HERE!        
      if (carrega.Memory_Buffer_L == 1){
        sprintf (cbuffer, "%d", buffer);
        MessageBoxA(NULL,(LPCSTR) cbuffer, "Memory_Buffer_L",  MB_ICONWARNING);
        CloseHandle(hProcess);
        ExitProcess(0);
}
            else
            {
            //cout<<"Main buffer: "<<buffer<<endl;       
            if (buffer != 1191182336){  //BUFFER HERE!
            Attack_Value2();   
            CloseHandle(hProcess);
       }     
    }
}
}
}
}






void Launcher_Pro_Start(){
    DVirtualMLauncher(); // Antikill
    if (carrega.Anti_Kill_Scans == 1)
    {
again:
    DVirtualMLauncher(); //Antikill
    Memory_by_window();  
    Sleep (carrega.Virtual_Mem_occours);   
    goto again;
    }
    else
    {
again2:
    Memory_by_window();  
    Sleep (carrega.Virtual_Mem_occours);   
    goto again2;
    }
}
    
    void Mem_Launcher_Protection(){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Launcher_Pro_Start),NULL,0,0);
}








////////////////////////////////////////////////////////////////////////////////////////////////
// Virtual Memory protection - VM-Scan 


//How to:
// Use HxD.exe to get address that you want to protect
// For example, run mxmain(fake).exe, open mxmain(fake).exe with HxD (virtual memory), search for string Gasmask, or important value that need be protected on virtual memory.  
// Select G, press CTRL+E (or right click) Select bloc.  That is your addrees. 0x449081
// Turn On carrega.Memory_Buffer_L on START.cpp to get address buffer, add buffer on detector, turn off carrega.Memory_Buffer_L. 
// Change values on memory with HxD to test. (unsigned short) protect 5 hex from start point adrees
////////////////////////////////////////////////////////////////////////////////////////////////


// PROTECT MAIN VIRTUAL MEMORY ///////////////////////////////////////
bool Virt()
{
// GET BUFFER MESSAGE
if (carrega.Memory_Buffer_P == 1){
char cbuffer[10];


//WARNING!  Add an address that not exist on Mxmain.exe will crash Mxmain.exe


sprintf (cbuffer, "%d", (*(unsigned short*)0x449081));  //Put ADDRESS here, this is for [carrega.Memory_Buffer_P]                    
MessageBoxA(NULL,(LPCSTR) cbuffer, "Memory_Buffer_P___",MB_ICONWARNING);
ExitProcess(0);    
}


//WARNING!  Add an address that not exist on Mxmain.exe will crash Mxmain.exe
    
//DETECTOR - Protect 5 hex from address start point
  //((*(unsigned short*)0xADDRESS != BUFFER)
if ((*(unsigned short*)0x449081 != 29537) || 
 // (*(unsigned short*)0x449081 != 29537) || 
 // (*(unsigned short*)0x449081 != 29537) || 
 //    (*(unsigned short*)0x449081 != 29537) || 
 //    (*(unsigned short*)0x449081 != 29537) || 
    (*(unsigned short*)0x449081 != 29537)){ 
    
        Attack_Value();  //ExitProcess(0);
        return true;    
    }
    else
    {
        return false;    
    }
}




void VirtA(){    
    if (carrega.Anti_Kill_Scans == 1)
    {
again:
    DVirtualM(); //Antikill
    Virt();
    Sleep (carrega.Virtual_Mem_occours);   
    goto again;
    }
    else
    {
again2:
    Virt();
       Sleep (carrega.Virtual_Mem_occours);   
    goto again2;
    }
}
    
void Virtual_Attack(){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(VirtA),NULL,0,0);
}

 

[andryus_DW]

Cogito Ergo Sum,

I can see on your video this:

//DETECTOR - Protect 5 hex from address start point
//((*(unsigned short*)0xADDRESS != BUFFER)
if ((*(unsigned short*)0x449081 != 29537) ||
// (*(unsigned short*)0x449081 != 29537) ||
// (*(unsigned short*)0x449081 != 29537) ||
// (*(unsigned short*)0x449081 != 29537) ||
// (*(unsigned short*)0x449081 != 29537) ||
(*(unsigned short*)0x449081 != 29537)){

Attack_Value(); //ExitProcess(0);
return true;
}
else
{
return false;
}
}

Why need to check two times the same address and buffer? is necessary to check two times all buffers and addresses?

if ((*(unsigned short*)0x449081 != 29537) || (*(unsigned short*)0x449081 != 29537)){

------------

Another question, how the system know that need to scan under main and not under launcher?


Thanks!