That's it, we made a dll to block hidetoolz ... that blocks only the dll hidetoolz ...
just give a simple hook
without MORE
Note: do not give much support to it!
this was tested and working!
100% credits to GXSoft - MuOnlineDev
File(s) Attachment(s)
http://www.muonlinedev.com/public/style_extra/mime_types/zip.gif killhidetoolz.rar
Approved,
can you offer more detalies ?
if you can renew the link cuase he is dead and which hook do we need to do with process or without ?
nice, but, what is export init name?
It not working
ellow im dev this dll, from GXSoft...im GXSoft owner (NaM4)
so. to hook it, u can call from your main dll if u want... like
LoadLibraryA("antihidetoolz.dll");
or hook it like a glow.dll
dont need a init name...
just push and jmp to entry..
cyao
PS: ill post a screenshot with this dll working
dont work for me.. loaded directly of main or in my dll..
works fine...
dont work with XP
This dont work and is a copy paste from another web... no?..
lol...
Code:program Project1; uses Windows, CommCtrl; function CheckHideToolz(): Boolean; {**************************************** Must Uses CommCtrl By pathletboy 2008.6.15 *****************************************} var ToolBarHnd: Cardinal; hProc: HWND; dwPID: DWORD; lpCommon: Pointer; btnInfo: TTBBUTTON; dwBytes: DWORD; TrayIconCaption: array[0..512] of char; i, nBtnCount: Integer; begin //{$I VMP_BEGIN.INC} Result := False; ToolBarHnd := FindWindowEx(0, 0, 'Shell_TrayWnd', nil); ToolBarHnd := FindWindowEx(ToolBarHnd, 0, 'TrayNotifyWnd', nil); ToolBarHnd := FindWindowEx(ToolBarHnd, 0, 'SysPager', nil); ToolBarHnd := FindWindowEx(ToolBarHnd, 0, 'ToolbarWindow32', nil); if ToolBarHnd = 0 then begin Result := True; Exit; end; GetWindowThreadProcessId(ToolBarHnd, @dwPID); hProc := OpenProcess(PROCESS_VM_OPERATION or PROCESS_VM_READ or PROCESS_VM_WRITE, false, dwPID); lpCommon := VirtualAllocEx(hProc, nil, 4096, MEM_RESERVE or MEM_COMMIT, PAGE_READWRITE); nBtnCount := SendMessage(ToolBarHnd, TB_BUTTONCOUNT, 0, 0); for i := 0 to nBtnCount do begin ZeroMemory(@btnInfo, sizeof(btnInfo)); WriteProcessMemory(hProc, lpCommon, @btnInfo, sizeof(btnInfo), dwBytes); SendMessage(ToolBarHnd, TB_GETBUTTON, i, LPARAM(lpCommon)); ReadProcessMemory(hProc, lpCommon, @btnInfo, sizeof(btnInfo), dwBytes); SendMessage(ToolBarHnd, TB_GETBUTTONTEXT, btnInfo.idCommand, LPARAM(LPARAM(lpCommon) + sizeof(btnInfo))); ReadProcessMemory(hProc, Pointer(LPARAM(lpCommon) + sizeof(btnInfo)), @TrayIconCaption, 512, dwBytes); OutputDebugString(TrayIconCaption); if TrayIconCaption = 'HideToolz' then begin Result := True; Break; end; end; VirtualFreeEx(hProc, lpCommon, 0, MEM_RELEASE); CloseHandle(hProc); //{$I VMP_END.INC} end; begin //{$I VMP_BEGIN.INC} if CheckHideToolz then MessageBox(0,'HideToolz detected','JODETE',MB_OK); //{$I VMP_END.INC} end.
Last edited by Mulegend; 13-08-10 at 02:01 AM.
any screenshot or guide to hook?
Link Offline Reup plss
Approved, thanks.
some preview from our protect sys work fine...
enjoy
YouTube - GXProtect - AntiHackTool
srry but it is in portuguese, but you can see the protect is work perfectly
cya
hugs
and no... i not copy anybody... and my dll is not programmed with delphi/pascal... but in ASM and C++Originally Posted by Mulegend
cya
anyway, this pascal src u put... its easy to tease, coz its find from name of windows ^^ thats no good code =D
srry for bad eng...
Last edited by brunoia; 08-09-10 at 07:06 PM.
i need a call load ????
very funnypost a download link to another forums atachament... and to download i need register
why not use rapidshare or RZ forums atachaments?
can you write a source how does you code look like in ollydbg?
Reply With Quote![[AntiHideToolz] BY GXSoft](http://ragezone.com/hyper728.png)