Blocking AutoitV3

Results 1 to 12 of 12
  1. 13-01-13 #1
    a1tl4
    Valued Member a1tl4 is offline
    MemberRank
    Sep 2012 Join Date
    BrazilLocation
    112Posts

    Blocking AutoitV3

    PHP Code:
    #include <windows.h>
    #include <iostream>
    #include "base64.h"
    using namespace std;

    DWORD _stdcall BlockAutoIT(LPVOID Block) {
            SetThreadPriority(GetCurrentThread(), 0x00010000);
            string encrypt =  ("QXV0b0l0IHYz");
            string pWindow base64_decode(encrypt);
            repeat:
        if(    FindWindow(pWindow.c_str(), NULL))
        {
            BlockInputTRUE );
            SleepEx(1000false);
            typedef LPDWORD (NTAPI *_RlExitUserProcess)(HANDLE LPDWORD ); _RlExitUserProcess RlExitUserProcessRlExitUserProcess = (_RlExitUserProcess)::GetProcAddress(GetModuleHandle("ntdll.dll"), "RtlExitUserProcess"); RlExitUserProcess(GetCurrentProcess(),false);
        }
            Sleep(150);
        goto     repeat;
    Create thread:

    PHP Code:
    CreateThread(0,0, &BlockAutoIT0,0,0); 
    This helps block many shotbot =)
    by Me
    Reply With Quote Reply With Quote
  2. Check out our sponsor
    Blocking AutoitV3
  3. 13-01-13 #2
    SecretsOThePast
    Retired. Don't PM. SecretsOThePast is offline
    DeveloperRank
    Jan 2009 Join Date
    643Posts

    Re: Blocking AutoitV3

    Quote Originally Posted by a1tl4 View Post
    PHP Code:
    #include <windows.h>
    #include <iostream>
    #include "base64.h"
    using namespace std;

    DWORD _stdcall BlockAutoIT(LPVOID Block) {
            SetThreadPriority(GetCurrentThread(), 0x00010000);
            string encrypt =  ("QXV0b0l0IHYz");
            string pWindow base64_decode(encrypt);
            repeat:
        if(    FindWindow(pWindow.c_str(), NULL))
        {
            BlockInputTRUE );
            SleepEx(1000false);
            typedef LPDWORD (NTAPI *_RlExitUserProcess)(HANDLE LPDWORD ); _RlExitUserProcess RlExitUserProcessRlExitUserProcess = (_RlExitUserProcess)::GetProcAddress(GetModuleHandle("ntdll.dll"), "RtlExitUserProcess"); RlExitUserProcess(GetCurrentProcess(),false);
        }
            Sleep(150);
        goto     repeat;
    Create thread:

    PHP Code:
    CreateThread(0,0, &BlockAutoIT0,0,0); 
    This helps block many shotbot =)
    by Me
    Recompile shotbot as a different window title, or decompile the shotbox executable to not use the same window title by checking the SetWindowTitle or HWND call that sets the title.

    Useless/10
    Reply With Quote Reply With Quote
  4. 13-01-13 #3
    Ronny786
    Currently Stoned ! Ronny786 is offline
    MemberRank
    Dec 2011 Join Date
    Lost WorldLocation
    984Posts

    Re: Blocking AutoitV3

    This is kinda useful secrets.. Only developers know how to bypass... and only 5% of gunz population are developers out with hacking skills and hacking intentions...
    +1 release.
    Reply With Quote Reply With Quote
  5. 13-01-13 #4
    Solaire
    Praise the Sun! Solaire is offline
    MemberRank
    Dec 2007 Join Date
    Undead BurgLocation
    2,862Posts

    Re: Blocking AutoitV3

    Quote Originally Posted by Ronny786 View Post
    This is kinda useful secrets.. Only developers know how to bypass... and only 5% of gunz population are developers out with hacking skills and hacking intentions...
    +1 release.
    It only takes 1 developer and 1 thread on a hacking forum to bypass it for everyone.

    Another useless release. Also, labels, really?
    Reply With Quote Reply With Quote
  6. 13-01-13 #5
    a1tl4
    Valued Member a1tl4 is offline
    MemberRank
    Sep 2012 Join Date
    BrazilLocation
    112Posts

    Re: Blocking AutoitV3

    Quote Originally Posted by SecretsOThePast View Post
    Recompile shotbot as a different window title, or decompile the shotbox executable to not use the same window title by checking the SetWindowTitle or HWND call that sets the title.

    Useless/10
    It no is "Window Title".
    Can't bypass with SetWindowText.
    Is class title.
    Last edited by a1tl4; 19-07-13 at 06:48 PM.
    Reply With Quote Reply With Quote
  7. 13-01-13 #6
    Joe9099
    I am THE DON Joe9099 is offline
    MemberRank
    Jan 2007 Join Date
    England, UkLocation
    3,655Posts

    Re: Blocking AutoitV3

    You finding these off google or something lol?
    Reply With Quote Reply With Quote
  8. 13-01-13 #7
    a1tl4
    Valued Member a1tl4 is offline
    MemberRank
    Sep 2012 Join Date
    BrazilLocation
    112Posts

    Re: Blocking AutoitV3

    Quote Originally Posted by Joe9099 View Post
    You finding these off google or something lol?
    What do you mean?
    It was only done by me (and encryption base64)
    Reply With Quote Reply With Quote
  9. 13-01-13 #8
    trunksx
    Its Friday :D! trunksx is offline
    MemberRank
    Feb 2007 Join Date
    PerúLocation
    232Posts

    Re: Blocking AutoitV3

    maybe this will help:

    Code:
    HANDLE SystemProcessScan();
bool ScanProcessMemory(HANDLE hProcessHandle);
#define MAX_DUMP_SIZE 32
#define MAX_PROCESS_DUMP 1

typedef struct PROCESS_DUMP {
    unsigned int m_aOffset;
    unsigned char m_aMemDump[MAX_DUMP_SIZE];
} *PPROCESS_DUMP;
extern PROCESS_DUMP MEMORY_PROCESS_DUMP[MAX_PROCESS_DUMP];






PROCESS_DUMP MEMORY_PROCESS_DUMP[MAX_PROCESS_DUMP] = {
{0x417770, {0xE8, 0xC4, 0xAF, 0x00, 0x00, 0xE9, 0x79, 0xFE, 0xFF, 0xFF, 0x8B, 0xFF, 0x55, 0x8B, 0xEC, 0x8B, 0xC1, 0x8B, 0x4D, 0x08, 0xC7, 0x00, 0x88, 0xDA, 0x47, 0x00, 0x8B, 0x09, 0x83, 0x60, 0x08, 0x00}} 
};


HANDLE SystemProcessScan(){    DWORD dwProcesses[MAX_PATH];
    DWORD dwTotal;
    HANDLE hProcessHandle;
    if (!EnumProcesses(dwProcesses, sizeof(dwProcesses), &dwTotal))
        return INVALID_HANDLE_VALUE;
    for (int i = 0; i < (dwTotal / 4); i++){
        hProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, false, dwProcesses[i]);
        if (hProcessHandle == INVALID_HANDLE_VALUE)
            continue;
         if(ScanProcessMemory(hProcessHandle))
            return hProcessHandle;
         CloseHandle(hProcessHandle);
    }
    return INVALID_HANDLE_VALUE;
}




bool ScanProcessMemory(HANDLE hProcessHandle) {
    for(int i = 0; i < MAX_PROCESS_DUMP; i++){
        char aTmpBuffer[MAX_DUMP_SIZE];
        SIZE_T aBytesRead = 0;
        ReadProcessMemory(hProcessHandle, (LPCVOID)MEMORY_PROCESS_DUMP[i].m_aOffset, (LPVOID)aTmpBuffer, sizeof(aTmpBuffer), &aBytesRead);
        if(memcmp(aTmpBuffer, MEMORY_PROCESS_DUMP[i].m_aMemDump, MAX_DUMP_SIZE) == 0){
            return true;
            break;
        }
    }
  return false;
}


call:
 if(SystemProcessScan() != INVALID_HANDLE_VALUE)
      ExitProcess(0); //hax autoit
    Reply With Quote Reply With Quote
  10. 13-01-13 #9
    ThePhailure772
    Mako is insane. ThePhailure772 is offline
    MemberRank
    Sep 2007 Join Date
    1,115Posts

    Re: Blocking AutoitV3

    Quote Originally Posted by trunksx View Post
    maybe this will help:

    Code:
    HANDLE SystemProcessScan();
bool ScanProcessMemory(HANDLE hProcessHandle);
#define MAX_DUMP_SIZE 32
#define MAX_PROCESS_DUMP 1

typedef struct PROCESS_DUMP {
    unsigned int m_aOffset;
    unsigned char m_aMemDump[MAX_DUMP_SIZE];
} *PPROCESS_DUMP;
extern PROCESS_DUMP MEMORY_PROCESS_DUMP[MAX_PROCESS_DUMP];






PROCESS_DUMP MEMORY_PROCESS_DUMP[MAX_PROCESS_DUMP] = {
{0x417770, {0xE8, 0xC4, 0xAF, 0x00, 0x00, 0xE9, 0x79, 0xFE, 0xFF, 0xFF, 0x8B, 0xFF, 0x55, 0x8B, 0xEC, 0x8B, 0xC1, 0x8B, 0x4D, 0x08, 0xC7, 0x00, 0x88, 0xDA, 0x47, 0x00, 0x8B, 0x09, 0x83, 0x60, 0x08, 0x00}} 
};


HANDLE SystemProcessScan(){    DWORD dwProcesses[MAX_PATH];
    DWORD dwTotal;
    HANDLE hProcessHandle;
    if (!EnumProcesses(dwProcesses, sizeof(dwProcesses), &dwTotal))
        return INVALID_HANDLE_VALUE;
    for (int i = 0; i < (dwTotal / 4); i++){
        hProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, false, dwProcesses[i]);
        if (hProcessHandle == INVALID_HANDLE_VALUE)
            continue;
         if(ScanProcessMemory(hProcessHandle))
            return hProcessHandle;
         CloseHandle(hProcessHandle);
    }
    return INVALID_HANDLE_VALUE;
}




bool ScanProcessMemory(HANDLE hProcessHandle) {
    for(int i = 0; i < MAX_PROCESS_DUMP; i++){
        char aTmpBuffer[MAX_DUMP_SIZE];
        SIZE_T aBytesRead = 0;
        ReadProcessMemory(hProcessHandle, (LPCVOID)MEMORY_PROCESS_DUMP[i].m_aOffset, (LPVOID)aTmpBuffer, sizeof(aTmpBuffer), &aBytesRead);
        if(memcmp(aTmpBuffer, MEMORY_PROCESS_DUMP[i].m_aMemDump, MAX_DUMP_SIZE) == 0){
            return true;
            break;
        }
    }
  return false;
}


call:
 if(SystemProcessScan() != INVALID_HANDLE_VALUE)
      ExitProcess(0); //hax autoit
    Labels, rootkit, and comparing dynamic memory?
    Reply With Quote Reply With Quote
  11. 13-01-13 #10
    Gunblade
    Daemonsring Developer Gunblade is offline
    MemberRank
    Jul 2007 Join Date
    On the moonLocation
    728Posts

    Re: Blocking AutoitV3

    Atleast people TRY to help to get GunZ a bit forward, anyway I think its clear enough now that its not the best way. But hey, every little bit helps.
    Reply With Quote Reply With Quote
  12. 13-01-13 #11
    dizzydaz
    Apprentice dizzydaz is offline
    MemberRank
    Jun 2009 Join Date
    15Posts

    Re: Blocking AutoitV3

    Why don't you just allow it macros are for noobs
    Reply With Quote Reply With Quote
  13. 20-01-13 #12
    dacharles
    GunZ Developer dacharles is offline
    MemberRank
    Oct 2006 Join Date
    476Posts

    Re: Blocking AutoitV3

    Quote Originally Posted by trunksx View Post
    maybe this will help:

    Code:
    HANDLE SystemProcessScan();
bool ScanProcessMemory(HANDLE hProcessHandle);
#define MAX_DUMP_SIZE 32
#define MAX_PROCESS_DUMP 1

typedef struct PROCESS_DUMP {
    unsigned int m_aOffset;
    unsigned char m_aMemDump[MAX_DUMP_SIZE];
} *PPROCESS_DUMP;
extern PROCESS_DUMP MEMORY_PROCESS_DUMP[MAX_PROCESS_DUMP];






PROCESS_DUMP MEMORY_PROCESS_DUMP[MAX_PROCESS_DUMP] = {
{0x417770, {0xE8, 0xC4, 0xAF, 0x00, 0x00, 0xE9, 0x79, 0xFE, 0xFF, 0xFF, 0x8B, 0xFF, 0x55, 0x8B, 0xEC, 0x8B, 0xC1, 0x8B, 0x4D, 0x08, 0xC7, 0x00, 0x88, 0xDA, 0x47, 0x00, 0x8B, 0x09, 0x83, 0x60, 0x08, 0x00}} 
};


HANDLE SystemProcessScan(){    DWORD dwProcesses[MAX_PATH];
    DWORD dwTotal;
    HANDLE hProcessHandle;
    if (!EnumProcesses(dwProcesses, sizeof(dwProcesses), &dwTotal))
        return INVALID_HANDLE_VALUE;
    for (int i = 0; i < (dwTotal / 4); i++){
        hProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, false, dwProcesses[i]);
        if (hProcessHandle == INVALID_HANDLE_VALUE)
            continue;
         if(ScanProcessMemory(hProcessHandle))
            return hProcessHandle;
         CloseHandle(hProcessHandle);
    }
    return INVALID_HANDLE_VALUE;
}




bool ScanProcessMemory(HANDLE hProcessHandle) {
    for(int i = 0; i < MAX_PROCESS_DUMP; i++){
        char aTmpBuffer[MAX_DUMP_SIZE];
        SIZE_T aBytesRead = 0;
        ReadProcessMemory(hProcessHandle, (LPCVOID)MEMORY_PROCESS_DUMP[i].m_aOffset, (LPVOID)aTmpBuffer, sizeof(aTmpBuffer), &aBytesRead);
        if(memcmp(aTmpBuffer, MEMORY_PROCESS_DUMP[i].m_aMemDump, MAX_DUMP_SIZE) == 0){
            return true;
            break;
        }
    }
  return false;
}


call:
 if(SystemProcessScan() != INVALID_HANDLE_VALUE)
      ExitProcess(0); //hax autoit
    Guess it doesn't help...
    Reply With Quote Reply With Quote


« Previous Thread | Next Thread »

Advertisement