Codex anti-hack full source code (c++)

[Can you make a option :$security_code on client side and column security_code on SQL server side.]

No, becouse i dont know how to do it.



- - - Updated - - -

CODEX ANTIHACK V3 (update 2)

Added:
New Hack Detect splash sugested by Crosdev

carrega.Message_Warning_En = 3;
carrega.HackSplash_WebSite = "http://10.0.1.40:8090/Codex/HackSplash/Splash.php";



Old:
0 = silent,
1 = Engish,
2 = Portuguese
New:
3 = Open php webpage, show a splash.jpg image and make a Log.txt file with Time and User ip:


Log.txt
12:57:57am, 10.0.1.40


All scanner are tested on this new splash
==================================
CN-Scan: PROCEXPL
D-Scan: MU Window.exe
H-Scan: Address: D:\PROGRAMAS\CODEX ANTIHACK V3\CODEX_V3\Debug\GameGuard
HNC-Scan: hack - notepad
HNC-Scan: process explorer - sysinternals: www.sysinternals.com [codex-pc\codex]
HT-Scan: Hide windows detected!
I-Scan: File integrity violated!
PID-Scan: HxD.exe
S-Scan: Speed Hack detected!
WN-Scan: Cheat Engine 6.4
Hardware Banned: Contact Administrator!
AL-Scan: Start:V
FN-Scan: File Not Found! Launcher.exe
FN-Scan: File Not Found! mxmain.exe
CRC-Scan:GameGuard/Protect.bmp
HTTP - Connection: Server connection fail!
FTP - Connection: Server connection fail!
Hardware Banned: Contact Administrator!
==================================


CRC file check, ban server and hardware Server splahs old Messagebox.


When = 1 or 3 show english splash Messagebox

Aditional files on folder: HTTP and FTP Server side\Codex\HackSplash


Added:
Check update Hardware ban list on server every 5 minutes. User banned get an Exitprocess and canot connect again.

Download link: https://mega.co.nz/#!psFxnDBB!MK03E0...boKbBt8kw6x2HQ

Quote:

---

Originally Posted by Cogito Ergo Sum

[Can you make a option :$security_code on client side and column security_code on SQL server side.]

No, becouse i dont know how to do it.



- - - Updated - - -

CODEX ANTIHACK V3 (update 2)

Added:
New Hack Detect splash sugested by Crosdev

carrega.Message_Warning_En = 3;
carrega.HackSplash_WebSite = "http://10.0.1.40:8090/Codex/HackSplash/Splash.php";



Old:
0 = silent,
1 = Engish,
2 = Portuguese
New:
3 = Open php webpage, show a splash.jpg image and make a Log.txt file with Time and User ip:


Log.txt
12:57:57am, 10.0.1.40


All scanner are tested on this new splash
==================================
CN-Scan: PROCEXPL
D-Scan: MU Window.exe
H-Scan: Address: D:\PROGRAMAS\CODEX ANTIHACK V3\CODEX_V3\Debug\GameGuard
HNC-Scan: hack - notepad
HNC-Scan: process explorer - sysinternals: www.sysinternals.com [codex-pc\codex]
HT-Scan: Hide windows detected!
I-Scan: File integrity violated!
PID-Scan: HxD.exe
S-Scan: Speed Hack detected!
WN-Scan: Cheat Engine 6.4
Hardware Banned: Contact Administrator!
AL-Scan: Start:V
FN-Scan: File Not Found! Launcher.exe
FN-Scan: File Not Found! mxmain.exe
CRC-Scan:GameGuard/Protect.bmp
HTTP - Connection: Server connection fail!
FTP - Connection: Server connection fail!
Hardware Banned: Contact Administrator!
==================================


CRC file check, ban server and hardware Server splahs old Messagebox.


When = 1 or 3 show english splash Messagebox

Aditional files on folder: HTTP and FTP Server side\Codex\HackSplash


Added:
Check update Hardware ban list on server every 5 minutes. User banned get an Exitprocess and canot connect again.

Download link: https://mega.co.nz/#!psFxnDBB!MK03E0...boKbBt8kw6x2HQ

---

Bro... If you can put an ip from client in log.txt webpage... Why not put in File that content the hardware dates?

Get IP:

Code:

---

socketaddr_in struct

Code for exctract:

SOCKADDR_IN client_info = {0};
int addrsize = sizeof(client_info);

// get it during the accept call
SOCKET client_sock = accept(serv, (struct sockaddr*)&client_info, &addrsize);

// or get it from the socket itself at any time
getpeername(client_sock, &client_info, sizeof(client_info));

char *ip = inet_ntoa(client_info.sin_addr);

printf("%s", ip); // Display the ip

---

Will this work in different game?

letiendat287

[Can you make a option :$security_code on client side and column security_code on SQL server side.]


To improve ban system connection security, as they are, at this time:
=======================================================================
1- Personalize entire anti-hack start splash, server name, dll name, etc. Nobody need knows you are using codex antihack. This are an open project, you can change it as you want.
=======================================================================
2- Personalize word: uploadedfile in both files, if word diferent in both files SQL ban update dont work!

Server_Ban.cpp
static TCHAR frmdata[] = "-----------------------------og94kfkldjs7ekk\r\nContent-Disposition: form-data; name="uploadedfile"; filename="Log.txt"\r\nContent-Type: text/plain\r\n\r\nCodex Anti-Hack\r\n-----------------------------og94kfkldjs7ekk--\r\n";
static TCHAR hdrs[] = "Content-Type: multipart/form-data; boundary=---------------------------og94kfkldjs7ekk";


Renew.php
<?php
$uploaddir = 'Log/';
if (is_uploaded_file($_FILES['uploadedfile']['tmp_name'])) {
$uploadfile = $uploaddir . basename($_FILES['uploadedfile']['name']);
echo "File ". $_FILES['uploadedfile']['name'] ." uploaded successfully. ";
if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully moved. ";
=======================================================================
3- Personalize your connection address: www...Codex/ServerSideBan/Renew.php to www.../Something/hide/thing.php
=======================================================================

4- Improve your http server security to avoid directory visualization, like this:
Index of /Codex
NameLast modifiedSizeDescription

---

http://10.0.1.50/icons/folder.gif Parent Directory 22-Nov-2014 07:34 -
http://10.0.1.50/icons/folder.gif Hardware Ban/ 22-Nov-2014 07:33 -
http://10.0.1.50/icons/folder.gif ServerSideBan/ 03-Dec-2014 17:21 -

---

Apache/1.3.34 Server at localhost Port 80
=======================================================================

5- Rename: Log.txt, If you find some file with another name in log folder, it means someone are using another files.

- - - Updated - - -

[Will this work in different game?]

It works in any windows aplication you can hook.

- - - Updated - - -

[Bro... If you can put an ip from client in log.txt webpage... Why not put in File that content the hardware dates?]

PHP page get user, hardware ban uses a FTP server to upload files.

- - - Updated - - -

For you Lucila



int main(int argc, char* argv[])
{
HINTERNET hInternet, hFile;
DWORD rSize;
char buffer[47];


hInternet = InternetOpen(NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
hFile = InternetOpenUrl(hInternet, "http://icanhazip.com/", NULL, 0, INTERNET_FLAG_RELOAD, 0);
InternetReadFile(hFile, &buffer, sizeof(buffer), &rSize);
buffer[rSize] = '\0';


InternetCloseHandle(hFile);
InternetCloseHandle(hInternet);


std::cout << "Your IP Address: " << buffer << "\n";
system("pause");
return 0;
}


void TESTES2(){
CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(main),NULL,0,0);
}

Quote:

---

Originally Posted by Cogito Ergo Sum

letiendat287

[Can you make a option :$security_code on client side and column security_code on SQL server side.]


To improve ban system connection security, as they are, at this time:
=======================================================================
1- Personalize entire anti-hack start splash, server name, dll name, etc. Nobody need knows you are using codex antihack. This are an open project, you can change it as you want.
=======================================================================
2- Personalize word: uploadedfile in both files, if word diferent in both files SQL ban update dont work!

Server_Ban.cpp
static TCHAR frmdata[] = "-----------------------------og94kfkldjs7ekk\r\nContent-Disposition: form-data; name="uploadedfile"; filename="Log.txt"\r\nContent-Type: text/plain\r\n\r\nCodex Anti-Hack\r\n-----------------------------og94kfkldjs7ekk--\r\n";
static TCHAR hdrs[] = "Content-Type: multipart/form-data; boundary=---------------------------og94kfkldjs7ekk";


Renew.php
<?php
$uploaddir = 'Log/';
if (is_uploaded_file($_FILES['uploadedfile']['tmp_name'])) {
$uploadfile = $uploaddir . basename($_FILES['uploadedfile']['name']);
echo "File ". $_FILES['uploadedfile']['name'] ." uploaded successfully. ";
if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully moved. ";
=======================================================================
3- Personalize your connection address: www...Codex/ServerSideBan/Renew.php to www.../Something/hide/thing.php
=======================================================================

4- Improve your http server security to avoid directory visualization, like this:
Index of /Codex
NameLast modifiedSizeDescription

---

http://10.0.1.50/icons/folder.gif Parent Directory 22-Nov-2014 07:34 -
http://10.0.1.50/icons/folder.gif Hardware Ban/ 22-Nov-2014 07:33 -
http://10.0.1.50/icons/folder.gif ServerSideBan/ 03-Dec-2014 17:21 -

---

Apache/1.3.34 Server at localhost Port 80
=======================================================================

5- Rename: Log.txt, If you find some file with another name in log folder, it means someone are using another files.

- - - Updated - - -

[Will this work in different game?]

It works in any windows aplication you can hook.

- - - Updated - - -

[Bro... If you can put an ip from client in log.txt webpage... Why not put in File that content the hardware dates?]

PHP page get user, hardware ban uses a FTP server to upload files.

- - - Updated - - -

For you Lucila



int main(int argc, char* argv[])
{
HINTERNET hInternet, hFile;
DWORD rSize;
char buffer[47];


hInternet = InternetOpen(NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
hFile = InternetOpenUrl(hInternet, "http://icanhazip.com/", NULL, 0, INTERNET_FLAG_RELOAD, 0);
InternetReadFile(hFile, &buffer, sizeof(buffer), &rSize);
buffer[rSize] = '\0';


InternetCloseHandle(hFile);
InternetCloseHandle(hInternet);


std::cout << "Your IP Address: " << buffer << "\n";
system("pause");
return 0;
}


void TESTES2(){
CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(main),NULL,0,0);
}

---

Broooo thanks!! please, read my last MP :)

Lucila

Hardware ban [file] upload to server renamed with user IP

on Hardware_Ban.cpp

Delete this:

//GET PC USER NAME + FTP DATA UPLOAD /////////////////////////////
void Up_Nome_User()
{
char acUserName[100];
DWORD nUserName = sizeof(acUserName);
if (GetUserName(acUserName, &nUserName))
{
//cout << "User name: " << acUserName << endl;
ofstream out("g", ios::app);
out << "\n", out << acUserName;
out.close();
//UPLOAD /////////////////////////////////////
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow);
HINTERNET hInternet;
HINTERNET hFtpSession;
hInternet = InternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
hFtpSession = InternetConnect(hInternet, carrega.IP_Server_and_Hard, INTERNET_DEFAULT_FTP_PORT, carrega.FTP_User, carrega.FTP_Pass, INTERNET_SERVICE_FTP, 0, 0);
if(FtpPutFile(hFtpSession, "g", acUserName, FTP_TRANSFER_TYPE_BINARY, 0)){
// cout << "FTP Upload Ok!" << endl;
InternetCloseHandle(hFtpSession);
InternetCloseHandle(hInternet);
FTP_Download();
}
else
{
remove ("g");
FTP_DC();
}
}
}

/////////////////////////////////////////////////////

Copy and past, this:

//UPLOAD /////////////////////////////////////
void FTP_Upload()
{
HINTERNET hInternet, hFile;
DWORD rSize;
char buffer[47];
hInternet = InternetOpen(NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
hFile = InternetOpenUrl(hInternet, "http://icanhazip.com/", NULL, 0, INTERNET_FLAG_RELOAD, 0);
InternetReadFile(hFile, &buffer, sizeof(buffer), &rSize);
buffer[rSize] = '\2';
InternetCloseHandle(hFile);
//std::cout << "Your IP Address: " << buffer << "\n";
//UPLOAD /////////////////////////////////////
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow);
// HINTERNET hInternet;
HINTERNET hFtpSession;
hInternet = InternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
hFtpSession = InternetConnect(hInternet, carrega.IP_Server_and_Hard, INTERNET_DEFAULT_FTP_PORT, carrega.FTP_User, carrega.FTP_Pass, INTERNET_SERVICE_FTP, 0, 0);
if(FtpPutFile(hFtpSession, "g", buffer, FTP_TRANSFER_TYPE_BINARY, 0)){
// cout << "FTP Upload Ok!" << endl;
InternetCloseHandle(hFtpSession);
InternetCloseHandle(hInternet);
FTP_Download();
}
else
{
remove ("g");
FTP_DC();
}
}




//GET PC USER NAME /////////////////////////////
void Up_Nome_User()
{
char acUserName[100];
DWORD nUserName = sizeof(acUserName);
if (GetUserName(acUserName, &nUserName))
{
//cout << "User name: " << acUserName << endl;
ofstream out("g", ios::app);
out << "\n", out << acUserName;
out.close();
FTP_Upload();
}
}

- - - Updated - - -

Lucila, when [file] without .extension are upload and open with some text editor, the last IP number are assumed as an .extension

To solve this, make this two .bat files to manipulating files inside Hardware Ban folder:


Create a new text file and rename it:

1Delete [files] e [.doc].txt

Code:

---

del *.
del *.doc



---

To this file > Save as... > .bat extension, this way:1Delete [files] e [.doc].bat

And Save!

Same thing to this one to rename all [files]

1Rename [files] to [.doc].bat

Code:

---

ren *.0 *.0.doc
ren *.1 *.1.doc
ren *.2 *.2.doc
ren *.3 *.3.doc
ren *.4 *.4.doc
ren *.5 *.5.doc
ren *.6 *.6.doc
ren *.7 *.7.doc
ren *.8 *.8.doc
ren *.9 *.9.doc


ren *.10 *.10.doc
ren *.11 *.11.doc
ren *.12 *.12.doc
ren *.13 *.13.doc
ren *.14 *.14.doc
ren *.15 *.15.doc
ren *.16 *.16.doc
ren *.17 *.17.doc
ren *.18 *.18.doc
ren *.19 *.19.doc
ren *.20 *.20.doc


ren *.21 *.21.doc
ren *.22 *.22.doc
ren *.23 *.23.doc
ren *.24 *.24.doc
ren *.25 *.25.doc
ren *.26 *.26.doc
ren *.27 *.27.doc
ren *.28 *.28.doc
ren *.29 *.29.doc


ren *.30 *.30.doc
ren *.31 *.31.doc
ren *.32 *.32.doc
ren *.33 *.33.doc
ren *.34 *.34.doc
ren *.35 *.35.doc
ren *.36 *.36.doc
ren *.37 *.37.doc
ren *.38 *.38.doc
ren *.39 *.39.doc


ren *.40 *.40.doc
ren *.41 *.41.doc
ren *.42 *.42.doc
ren *.43 *.43.doc
ren *.44 *.44.doc
ren *.45 *.45.doc
ren *.46 *.46.doc
ren *.47 *.47.doc
ren *.48 *.48.doc
ren *.49 *.49.doc


ren *.50 *.50.doc
ren *.51 *.51.doc
ren *.52 *.52.doc
ren *.53 *.53.doc
ren *.54 *.54.doc
ren *.55 *.55.doc
ren *.56 *.56.doc
ren *.57 *.57.doc
ren *.58 *.58.doc
ren *.59 *.59.doc


ren *.60 *.60.doc
ren *.61 *.61.doc
ren *.62 *.62.doc
ren *.63 *.63.doc
ren *.64 *.64.doc
ren *.65 *.65.doc
ren *.66 *.66.doc
ren *.67 *.67.doc
ren *.68 *.68.doc
ren *.69 *.69.doc


ren *.70 *.70.doc
ren *.71 *.71.doc
ren *.72 *.72.doc
ren *.73 *.73.doc
ren *.74 *.74.doc
ren *.75 *.75.doc
ren *.76 *.76.doc
ren *.77 *.77.doc
ren *.78 *.78.doc
ren *.79 *.79.doc


ren *.80 *.80.doc
ren *.81 *.81.doc
ren *.82 *.82.doc
ren *.83 *.83.doc
ren *.84 *.84.doc
ren *.85 *.85.doc
ren *.86 *.86.doc
ren *.87 *.87.doc
ren *.88 *.88.doc
ren *.89 *.89.doc


ren *.90 *.90.doc
ren *.91 *.91.doc
ren *.92 *.92.doc
ren *.93 *.93.doc
ren *.94 *.94.doc
ren *.95 *.95.doc
ren *.96 *.96.doc
ren *.97 *.97.doc
ren *.98 *.98.doc
ren *.99 *.99.doc


ren *.100 *.100.doc
ren *.101 *.101.doc
ren *.102 *.102.doc
ren *.103 *.103.doc
ren *.104 *.104.doc
ren *.105 *.105.doc
ren *.106 *.106.doc
ren *.107 *.107.doc
ren *.108 *.108.doc
ren *.109 *.109.doc


ren *.110 *.110.doc
ren *.111 *.111.doc
ren *.112 *.112.doc
ren *.113 *.113.doc
ren *.114 *.114.doc
ren *.115 *.115.doc
ren *.116 *.116.doc
ren *.117 *.117.doc
ren *.118 *.118.doc
ren *.119 *.119.doc


ren *.120 *.120.doc
ren *.121 *.121.doc
ren *.122 *.122.doc
ren *.123 *.123.doc
ren *.124 *.124.doc
ren *.125 *.125.doc
ren *.126 *.126.doc
ren *.127 *.127.doc
ren *.128 *.128.doc
ren *.129 *.129.doc


ren *.130 *.130.doc
ren *.131 *.131.doc
ren *.132 *.132.doc
ren *.133 *.133.doc
ren *.134 *.134.doc
ren *.135 *.135.doc
ren *.136 *.136.doc
ren *.137 *.137.doc
ren *.138 *.138.doc
ren *.139 *.139.doc


ren *.140 *.140.doc
ren *.141 *.141.doc
ren *.142 *.142.doc
ren *.143 *.143.doc
ren *.144 *.144.doc
ren *.145 *.145.doc
ren *.146 *.146.doc
ren *.147 *.147.doc
ren *.148 *.148.doc
ren *.149 *.149.doc


ren *.150 *.150.doc
ren *.151 *.151.doc
ren *.152 *.152.doc
ren *.153 *.153.doc
ren *.154 *.154.doc
ren *.155 *.155.doc
ren *.156 *.156.doc
ren *.157 *.157.doc
ren *.158 *.158.doc
ren *.159 *.159.doc


ren *.150 *.150.doc
ren *.151 *.151.doc
ren *.152 *.152.doc
ren *.153 *.153.doc
ren *.154 *.154.doc
ren *.155 *.155.doc
ren *.156 *.156.doc
ren *.157 *.157.doc
ren *.158 *.158.doc
ren *.159 *.159.doc


ren *.160 *.160.doc
ren *.161 *.161.doc
ren *.162 *.162.doc
ren *.163 *.163.doc
ren *.164 *.164.doc
ren *.165 *.165.doc
ren *.166 *.166.doc
ren *.167 *.167.doc
ren *.168 *.168.doc
ren *.169 *.169.doc


ren *.170 *.170.doc
ren *.171 *.171.doc
ren *.172 *.172.doc
ren *.173 *.173.doc
ren *.174 *.174.doc
ren *.175 *.175.doc
ren *.176 *.176.doc
ren *.177 *.177.doc
ren *.178 *.178.doc
ren *.179 *.179.doc


ren *.180 *.180.doc
ren *.181 *.181.doc
ren *.182 *.182.doc
ren *.183 *.183.doc
ren *.184 *.184.doc
ren *.185 *.185.doc
ren *.186 *.186.doc
ren *.187 *.187.doc
ren *.188 *.188.doc
ren *.189 *.189.doc


ren *.190 *.190.doc
ren *.191 *.191.doc
ren *.192 *.192.doc
ren *.193 *.193.doc
ren *.194 *.194.doc
ren *.195 *.195.doc
ren *.196 *.196.doc
ren *.197 *.197.doc
ren *.198 *.198.doc
ren *.199 *.199.doc


ren *.200 *.200.doc
ren *.201 *.201.doc
ren *.202 *.202.doc
ren *.203 *.203.doc
ren *.204 *.204.doc
ren *.205 *.205.doc
ren *.206 *.206.doc
ren *.207 *.207.doc
ren *.208 *.208.doc
ren *.209 *.209.doc


ren *.210 *.210.doc
ren *.211 *.211.doc
ren *.212 *.212.doc
ren *.213 *.213.doc
ren *.214 *.214.doc
ren *.215 *.215.doc
ren *.216 *.216.doc
ren *.217 *.217.doc
ren *.218 *.218.doc
ren *.219 *.219.doc


ren *.220 *.220.doc
ren *.221 *.221.doc
ren *.222 *.222.doc
ren *.223 *.223.doc
ren *.224 *.224.doc
ren *.225 *.225.doc
ren *.226 *.226.doc
ren *.227 *.227.doc
ren *.228 *.228.doc
ren *.229 *.229.doc


ren *.230 *.230.doc
ren *.231 *.231.doc
ren *.232 *.232.doc
ren *.233 *.233.doc
ren *.234 *.234.doc
ren *.235 *.235.doc
ren *.236 *.236.doc
ren *.237 *.237.doc
ren *.238 *.238.doc
ren *.239 *.239.doc


ren *.240 *.240.doc
ren *.241 *.241.doc
ren *.242 *.242.doc
ren *.243 *.243.doc
ren *.244 *.244.doc
ren *.245 *.245.doc
ren *.246 *.246.doc
ren *.247 *.247.doc
ren *.248 *.248.doc
ren *.249 *.249.doc


ren *.250 *.250.doc
ren *.251 *.251.doc
ren *.252 *.252.doc
ren *.253 *.253.doc
ren *.254 *.254.doc
ren *.255 *.255.doc

---

Broooo thanks you!!!! Now im going to dance xD but when im back, i will test thiis!! Thanks.
Ps: i will edit my commen when my test is finish

EDIT: GOOD JOB BROTHER!

[Can you make a option :$security_code on client side and column security_code on SQL server side.]

Im thinking in some improvements... Where is a will, is a way. :)

Sugestões:

Alterador de janelas em 10 em 10 segundos. (Nome da janela quando MU minimiza)
Colocar a detecção por classe pra não fechar o jogo, fechar somente o programa.
Verificação ou até mesmo mover os address usado para fazer speedhack para outro offset vazio.
Seriam esses os utilizados para fazer verificação de alteração na memória ou muda-los para um offset vazio deixando os de antes como NULO.

W7_32bits = &H12D51C
W7_64bits = &H18D51C
W8_32bits = &H12D518
W8_64bits = &H18D518
WXP_32bits = &H12D554

Eu já estou trabalhando nisso também, dando certo coloco aqui.

Alterador de janelas em 10 em 10 segundos.

O tempo o próprio user pode configurar.

(Nome da janela quando MU minimiza)

Esse é com editor de Hex na própria Minimizer.dll que é externa. Preferi deixar a opção do uso de um minimizer do agrado de cada um

Colocar a detecção por classe pra não fechar o jogo, fechar somente o programa.

Pode dar erro e permitir algum hack, melhor não arriscar, seria melhor adicionar apenas o fechamento do programa ao código. Essa é boa!

Verificação ou até mesmo mover os address usado para fazer speedhack para outro offset vazio.
Seriam esses os utilizados para fazer verificação de alteração na memória ou muda-los para um offset vazio deixando os de antes como NULO.

Problema é que quando se abre o executável na memória virtual tudo é montado no seu devido lugar, como o serial por exemplo...

Seriam esses os utilizados para fazer verificação de alteração na memória ou muda-los para um offset vazio deixando os de antes como NULO.

Mostra quando estiver ok.






- - - Updated - - -

Google translator:

Changer windows 10 to 10 seconds.


The the user can set own time.


(Window name when minimizes MU)


This is with Hex editor's own Minimizer.dll that is external. I preferred to leave the option of pleasing use of a minimizer of each


Place the detection class to not close the game, only close the program.


Can you give error and allow some hack, better not risk it would be better to add just the closing of the program code. This is good!


Check or even move the address used to make speedhack to another empty offset.
Could these be used to make changes in memory check or change them to an empty offset before leaving them as NULL.


Problem is that when you open the executable virtual memory everything is mounted in place, such as the serial for example ...


Could these be used to make changes in memory check or change them to an empty offset before leaving them as NULL.


Shows when ok.

Eu um tempo atrás havia feito esse sistema no main versão 1.02 tinha dado certo e consegui minimizar cerca de 90% de speed hack que trabalha nessa forma.

Pode dar erro e permitir algum hack, melhor não arriscar, seria melhor adicionar apenas o fechamento do programa ao código. Essa é boa!

A ideia de não fechar o jogo e somente o programa é de não ter receio em adicionar uma classe na lista de block. Sabemos aqui que a única forma de bloquear hacks codado em VB.NET é por classe e tem classe VB.NET que alguns programas usam também... Não fechar o jogo e fechar o programa é uma boa em questão de compatibilidade...

Eu por exemplo bloquiei todas as classes do VB.NET

//VB.NET CLASSE
ClasseWindow("WindowsForms10.Window.8.app.0.378734a");
//ClasseWindow("WindowsForms10.Window.8.app.0.33c0d9d");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r1_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r2_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r3_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r4_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r5_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r6_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r7_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r8_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r9_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r10_ad1");
//ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r11_ad1"); // Razor Synaspace Mouse
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r12_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r13_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r14_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r15_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r16_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r17_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r18_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r19_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r20_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r21_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r22_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r23_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r24_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r25_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r26_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r27_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r28_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r29_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r30_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r31_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r32_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r33_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r34_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r35_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r36_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r37_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r38_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r39_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r40_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r41_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r42_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r43_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r44_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r45_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r46_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r47_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r48_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r49_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r50_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r51_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r52_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r53_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r54_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r55_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r56_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r57_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r58_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r59_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r60_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r61_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r62_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r63_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r64_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r65_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r66_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r67_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r68_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r69_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r70_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.2bf8098_r71_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r10_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r11_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r12_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r13_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r14_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r15_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r16_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r17_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r18_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r19_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r20_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r21_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r22_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r23_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r24_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r25_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r26_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r27_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r28_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r29_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r30_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r31_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r32_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r33_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r34_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r35_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r36_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r37_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r38_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r39_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r40_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r41_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r42_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r43_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r44_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r45_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r46_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r47_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r48_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r49_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r50_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r51_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r52_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r53_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r54_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.34f5582_r55_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.1ca0192_r10_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.1ca0192_r11_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.1ca0192_r12_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.1ca0192_r13_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.1ca0192_r14_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.1ca0192_r15_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.1ca0192_r16_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.1ca0192_r17_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.1ca0192_r18_ad1");
ClasseWindow("WindowsForms10.Window.8.app.0.1ca0192_r19_ad1");
//FIM VB.NET CLASSE

Me passa um speed em vb para fazer testes?

- - - Updated - - -

[A ideia de não fechar o jogo e somente o programa é de não ter receio em adicionar uma classe na lista de block.]

Done!

detecta_window cpp
bool TitleWindow(LPCSTR WindowTitle){
HWND WinTitle = FindWindowA(NULL,WindowTitle);
if( WinTitle > 0){
SendMessage(WinTitle, WM_CLOSE,0,0); // << ADD THIS LINE, THIS WILL CLOSE HACK
if (carrega.Log_Txt_Hack == 1){


Detecta_ClassName .cpp
void ClasseWindow(LPCSTR WindowClasse){
HWND WinClasse = FindWindowExA(NULL,NULL,WindowClasse,NULL);
if( WinClasse > 0){
SendMessage(WinClasse, WM_CLOSE,0,0); // << ADD THIS LINE, THIS WILL CLOSE HACK
if (carrega.Log_Txt_Hack == 1){


If you dont want your game closes, use the (slash, asterisk) /* */ or (two slashes) // on this lines on your ClassName.cpp:

/*
if (carrega.Message_Warning_En == 1){
CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_CN_En),NULL,0,0);
Sleep(5000);
ExitProcess(0);
}
if (carrega.Message_Warning_En == 2){
CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_CN_Br),NULL,0,0);
Sleep(5000);
ExitProcess(0);
}
if (carrega.Message_Warning_En == 3){
CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_CN_Page),NULL,0,0);
Sleep(5000);
ExitProcess(0);
}
if (carrega.Message_Warning_En == 0){
ExitProcess(0);
}
else
ExitProcess(0);
}
}
*/

- - - Updated - - -

[verificação ou até mesmo mover os address usado para fazer speedhack para outro offset vazio.]

Não adianta só mudar dados de lugar, a main procura e lê os dados nesses offset específicos, se você mudar os offsets de lugar, tem que redirecionar o endereço de leitura de cada um desses offsets pela main.

O que você pode fazer é escrever esse dados em outros endereços vazios da main usando o Ollydbg e depois ainda com o Olly dar JMP (salto) de endereço do lugar antigo para o novo, com o olly isso é possível. Feito isso, quando alguém tentar subscrever dados no endereço "padrão", vai subscrever apenas o endereço do JMP e não os dados necessariamente. Das duas uma, ou speed não funciona ou a main da crash por que teve o código corrompido.

If you want just close just some "special" process silently, add a new and simple detector like this one:

Solution Explorer > Source files > Right click > Add > New item...

Name: Close_ClassName.cpp

Code:

---

#include "StdAfx.h"

#define WinX pHwnd = FindWindow
#define closeX SendMessage(pHwnd,WM_CLOSE,0,0);

////////////////////////////////////////////////////////////////////////////////////////////////
//ClassWindow Close - CN-Close are SILENT
//Are NON Case-sensitive - Find ClassWindow using [Handler 1.5 by Oliver Bock / Classname]
//WinX ("xxxxxxx", NULL); closeX
////////////////////////////////////////////////////////////////////////////////////////////////
void Close_Winclass(){   
HWND pHwnd;
WinX ("WindowsForms10.Window.8.app.0.378734a", NULL); closeX  //Generic windows Form example     
WinX ("PROCEXPL", NULL); closeX                                              //process explorer
WinX ("ProcessHacker", NULL); closeX                                          //Process Hacker
}

void CloseClass(){
  again:
    Close_Winclass();
    Sleep(carrega.DClassName_occours);
    goto again;
}

void Close_Silent(){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(CloseClass),NULL,0,0);
}

---

START.cpp

Code:

---

carrega.Detecta_ClassName      = 0;
carrega.Close_ClassName            = 1;  // << Add this line
carrega.DClassName_occours    = 9000;

//Below: GasMask_3(); Add this:

if(carrega.Close_ClassName == 1)
 {
 Close_Silent();
}

---

Classe.h

Code:

---

    int Close_ClassName; // << Add this line

---

START.h

Code:

---

void Close_Silent(); // << Add this line

---

V4 - Add two new detectors, sugested by shirrimmulp:

carrega.Detecta_Window = 0; // On/Off Close GAME window when detect Hack WindowName
carrega.Close_Window = 0; // On/Off Close HACK WindowName, if fail CLOSE GAME window. << New

carrega.Detecta_ClassName = 0; // On/Off Close GAME window when detect Hack ClassName
carrega.Close_ClassName = 0; // On/Off Close HACK ClassName, if fail CLOSE GAME window. << New

I had a problem after codex.dll compilation.

I opened VStudio 2010. Source Files > START.cpp > Build > Build Solution. Then, i used codex.dll generated on debug folder, but when i tested it, main.exe closed a few seconds after the game launch. I dont know what i did wrong, but i am sure that i am the problem, because i tested "Codex.dll = english splash (minimizer f9)" and worked fine.

[I had a problem after codex.dll compilation. ]

Maybe:

START.cpp

carrega.Message_Warning_En = 0; Need be 1, 2 or 3, anything diferent will cause a silent splash
=========================
carrega.Carrega_serial_versao = 0; Need be 0, without correct configuration this both may crash main.exe
carrega.Entrypoint_Memset = 0;

Turn on:
carrega.Log_Txt_Hack = 1; And check GameGuard/Log.txt.


If problem persist turn off all detectors on START.cpp and try to start one by one.

-Turn on one detector

-Compile DLL

-Try to start Main.exe

Another thing, try to start .dll using mxmain (fake) on Debug folder.

Finally, i found that the problem was that line:

carrega.Dont_kill_yet = 1; // ON/OFF 1 = Turn ON Anti-kill splash (ExitProcess) / 0 = Turn OFF Anti-kill splash (ExitProcess) This allow you count threads without get an Exitprocess();

If i turn off, all works fine.. but i dont know how have to fix it.

Anti-kill thread are the last anti-hack you will configure, you need to start and configure all anti-hack you will use before start it.

This anti-hack had a simple function, they just count dll threads (detectors) are running on your main. If some people kill one of this threads (detectors) using applications like [process explorer], for an example, anti-kill detect close game.

Also, this avoid additional threads too, like dll injections for example.

Video-tutorial: https://www.youtube.com/watch?v=qnwX...jC3_DfQdLsg-lA

Tentei reescrever com olly sem sucesso...

fiz uma verificação do address pra x velocidade... se alterada o jogo fechar... a velocidade em si já era alterada pela função... todavia em alguns PCs ficava muito rápido como se já tivesse usando speedhack e em outros ficando muito lento.


trabalhar em cima de memória destinta é difícil mas da pra fazer algo com mais estudo....

Eu lembro também que tinha um código liberado pelo próprio DarkByte do cheat engine que fazia controle da memória.

Enfim, vamos continuar tentando fazer esse fix.

As atualizações do código ficaram boas outra sugestão seria embaralhar o que está sendo detectado no log.txt
log só o administrador do sistema tem que ficar sabendo do que está se passando...

Mudar dados com o olly é a melhor opção que vejo, não é infalível mas dá um perdido nos mais noobs. Vou fazer o upload do log para o server, mas antes quero encontrar uma maneira de upar dados via http.

Quote:

---

Originally Posted by Cogito Ergo Sum

BRO .

---

Hello bro!
I sendyou my dumps list from cheats that i have in my antihack right now..
LINK: https://www.sendspace.com/file/1by2zf

Please, can you add this to your source code?
o tellme what i need put in:

Code:

---

define MAX_DUMP_OFFSETS 155  // << Atualizar Quantidade de Hacks
#define MAX_DUMP_SIZE 16      // << Quantidade de Hex contados
#define MAX_PROCESS_DUMP 155  // << Atualizar Quantidade de Hacks

---

help me pls

i have problem Hide Window Detected.

i want closed Hide window Detected same Close_ClassName.

sry im bad english T_T

ergo, me adicione no skype, vamos dar uma olhada nisso de enviar dados por http.

skype : mustinhoo

Quote:

---

Originally Posted by Cogito Ergo Sum

Mudar dados com o olly é a melhor opção que vejo, não é infalível mas dá um perdido nos mais noobs. Vou fazer o upload do log para o server, mas antes quero encontrar uma maneira de upar dados via http.

---

você pode criar uma chamada rest, e disparar ela um metodo POST.

O server equivalente que iria receber em JS logo abaixo

====

you can create a rest call, and shoot it a POST method.


The equivalent server that would get is in JS below



Usando o casablanca um exemplo simples seria:

Code:

---

#include <http_client.h>


using namespace utility;
using namespace web::http;
using namespace web::http::client;


int wmain(int argc, wchar_t *args[])
{
    http_client client(L"http://localhost:45678");


    pplx::task<http_response> resp = client.request(methods::POST, L"", L"This is the text that I want to send");
    http_response response = resp.get();
    int stcode = response.status_code();
    stcode;


    return 0;
}

---

Code:

---

var http = require('http');
http.createServer(function (req, res) {
    console.log("[200] " + req.method + " to " + req.url);
    var body = '';
   
    req.on('data', function(chunk) {
        body += chunk.toString();
    });
   
    req.on('end', function() {
        console.log("Received: " + body);
   
      res.writeHead(200, "OK");
      res.end();
    });
}).listen(45678, '127.0.0.1');
console.log('Server running at http://127.0.0.1:45678/');

---