HideToolz... I made that over 10 years ago, people still use it?
anyway, detection was always really trivial...
Code:
if ( FindWindowExW(NULL, NULL, L"obj", NULL) ) //hidetoolz found, do something
- - - Updated - - -
seen this repackaged several times... did this a million years ago;
Code:
PIMAGE_NT_HEADERS NtHeaders = (PIMAGE_NT_HEADERS)(pGame + ((PIMAGE_DOS_HEADER)pGame)->e_lfanew);
NtHeaders->Signature == IMAGE_NT_SIGNATURE && NtHeaders->FileHeader.NumberOfSections;
ImageSize = pGame + NtHeaders->OptionalHeader.SizeOfImage;
CodeSize = pGame + NtHeaders->OptionalHeader.SizeOfCode;
// locate game server encryption key, and modify it.
unsigned char* GSKeyAddr = FindPattern( pGame, ImageSize, GSEncryptionKey, GSEncryptionPattern );
Scramble((PBYTE)GSKeyAddr, ((PBYTE)GSKeyAddr), 16 );
// locate RT blowfish key gen function, and RET the function start.
unsigned char* BlowfishGenFunc = FindPattern(pGame, ImageSize, "\x0F\xB6\xD0\x81\xF2\xB9\x00\x00\x00", "xxxxxxxxx");
*((unsigned short *)BlowfishGenFunc + 0) = 0x90C3;
// find the default blowfish key in memory....
unsigned char* BlowfishKeyAddr = FindPattern(pGame, ImageSize, BlowfishKey, BlowfishKeyLength);
PVOID bfKey = 0;
bfKey = (PVOID)BlowfishKeyAddr;
Scramble((PBYTE)bfKey, ((PBYTE)bfKey), 16);
// and change the key to ours...
//*((unsigned long *)bfKey + 0) ^= 74;
//*((unsigned long *)bfKey + 1) ^= 291;
//*((unsigned long *)bfKey + 2) ^= 34;
//*((unsigned long *)bfKey + 3) ^= 91;
// to fix the private server IP verification issue, we change conditional je(0x74)
// instruction in verification function. byte signature... 0x33 0xC2 0x74 0xC7
unsigned char* Jxx2Patch = FindPattern(pGame, CodeSize, "\x33\xC2\x74\xC7", "xxxx");
*((unsigned char *)Jxx2Patch + 2) = 0xEB;