GunZ Protect

[gazettefan]

This is not really useful for me so if you want to make your own dll to protect your runnable against injectors/debuggers/shotbot etc.etc... you can use this on your project

Code:

#include <windows.h>
#include <stdio.h>
#include <iostream.h>
#include <tlhelp32.h>
#include "vsBuffer.h"
void Yanaah()
{
while(true)
{
      HANDLE hProcessSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);
      PROCESSENTRY32 ProcessEntry = {0};
      ProcessEntry.dwSize = sizeof(ProcessEntry);
      BOOL Return = FALSE;
      Return = Process32First(hProcessSnapShot,&ProcessEntry);
      do
      {	
        HANDLE hProcess = OpenProcess(PROCESS__VM_READ,FALSE,ProcessEntry.th32ProcessID);
	    if(!hProcess)
	    {
		Beep(100,100);
	    }else{
          int dwBuffer;
	      BOOL check = ReadProcessMemory(hProcess,(void *)ADRESS,&dwBuffer,4,NULL);
		  if(dwBuffer == DATA)
		   {
               HANDLE hPFinish = OpenProcess(PROCESS_TERMINATE,ProcessEntry.th32ProcessID);
TerminateProcess(hPFinish);
CloseHandle(hPFinish);
           }
		  }CloseHandle(hProcess);
	       }while(Process32Next(hProcessSnapShot,&ProcessEntry));
    CloseHandle(hProcessSnapShot); 
}
}
extern "C"
{
    __declspec(dllexport) BOOL __stdcall DllMain(HINSTANCE hInst,DWORD reason,LPVOID lpv)
    {
        DisableThreadLibraryCalls(hInst);
        if (reason == DLL_PROCESS_ATTACH)
        {
         //  MessageBox(NULL, "whocaresaboutmsgbox?","nanimonai", MB_OK);
            CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&Yanaah, NULL, 0, NULL); 
		}
        return true;
	}
}

DATA = Change to your data
ADRESS = Change to your adress

I'm also releasing with this an analyzer, "Vanitas"
(download avaliable down there)

Step 1: Make sure the process you want to block is running
Step 2: Find the adress of your process on ollydbg
Step 3: Input your process name with .exe (ex: "explorer.exe")
Step 4: Input the adress of your process with 0x (ex: 0x00478C74)

Change the source to the adress you have specified at the program
here:

Code:

	      BOOL check = ReadProcessMemory(hProcess,(void *)ADRESS,&dwBuffer,4,NULL);

The program will process the data you need to input at

Code:

if(dwBuffer == DATA) << here

Ex:

Code:

	      BOOL check = ReadProcessMemory(hProcess,(void *)0x00478C74,&dwBuffer,4,NULL);
		  if(dwBuffer == - -2142260117)
		   {
                cout << "Process has been found on memory" << endl;

If your adress doesnt exists or the program isn't running you'll receive an error message. =(

This will end lifetime of doing kernel drivers or terminating process by their names.
THE IMAGE BELOW IS AN EXAMPLE MAKE SURE THE ADRESS EXISTS ON THE PROGRAM RUNNABLE

It's a bit simple but I hope it helps^^

Example:

[MentaL]

[Forean]

#include "vsBuffer.h"?

So it wasnt included?

or is this a build your own type of vsbuffer.

[Joe9099]

Very nice... good job

[yawamo]

nice release i use it already

[TheCodeOfGunz]

nc some one starting to be a pro like #1 Lambda xD jacob linear and the others

[GzCaptain]

One of the first anti-hacks released in a long time. Thanks for this release. :)

[gazettefan]

vsBuffer.h is nothing >_< just take it off from the code ^^ and it'll compile anyways
if you want to close the duel use this:

Code:

if(dwBuffer == DATA) // if hacking has been found
{
int terminate = strcmp(ProcessEntry.szExeFile,"theduel.exe");; //or the name of ur runnable
if(terminate == 0)
{
HANDLE hProcess = OpenProcess(PROCESS_TERMINATE,ProcessEntry.th32ProcessID);
TerminateProcess(hProcess)
}
}

[Forean]

Sweet, thanks!

Finally starting to have great releases!

[dacharles]

Just check if an address on a process can be readed? if not, the process is not running? ammm okey. But finding hacks by signatures is kind of old...