pwprotector.exe

[Deus ex]

Here i made it discussion so you can discus here how much you want i`m done here.
----------------------------------

[MentaL]

[Deus ex]

----------------------------------

[Swoosh91]

Your main problem is that an extra .exe will be terminated.

Write a dll with your antihack stuff (and no, please dont search for names and window titles!).

Import dll to import table.

Find codecave, call createthread there. Edit OEP to JMP to codecave. At end of codecave, JMP back to OEP (rememebr to push ebx!). Find close function of client and detour it to another codecave, where you stop your thread (Exitthread).

Pack this shit up and deploy it with your client, there you have your antihack.

Thats how I did it at least, this saves you an external exe :)

And wtf, why 15 sections on your exe? Did you use GCC?

[das7002]

And wtf, why 15 sections on your exe? Did you use GCC?

Probably did... It can be hard to remember to strip exename.exe

[Deus ex]

----------------------------------

[das7002]

i used codeblocks i have this as dll but i cant find any free bits to hook it can anyone hook it? or do a guide on how to hook it on elementclient.exe?

Or give me the address of some free memory

i uploaded the dll please help me hook it

If you don't mind depending on .NET (or learning how to do it in WinAPI, but honestly .NET has so many hidden gems. I really can't believe I've gone as long in the programming world as I have and never used it until 6ishmonths ago) you can just build a wrapper around elementclient.exe (under itself so it doesn't show up independently in taskmgr) that launches it after getting everything setup

[Deus ex]

----------------------------------

[das7002]

Your not helping....

How is that not helping. (Also, it is You're as in You are)

It is a possible solution to the problem. Wrap your exe AROUND elementclient.exe so it lives inside of your exe. Your exe loads up everything it needs to watch for things you don't want running and when it finds them it kills itself which brings down elementclient...

Was it really that hard to understand (it's also a relatively simple approach too...)

I could've simply linked you to a book on Assembly and that would be "not helping", I've done lots of crazy workarounds to crazy problems if you want a solution I'm good at coming up with one.


In all honesty I do try to help most of the time, if you read any of my snarky replies it is to true idiots who don't even try to learn anything. I don't claim to know everything but don't insult me when you are mad you didn't think of it.

Not providing your source is what is truly not helping. If the people that do know how to get something to work don't even know what you have done to get where you are how are they supposed to help?

[Deus ex]

----------------------------------

[renan7899]

anti chat? >.<

[Deus ex]

----------------------------------

[das7002]

if i show my source what kind of anti-chat will that be? a easy to bypass one

Take a guess as to why every single encryption algorithm that is worth using is open source. There is a reason why they are.

Either way, attempting to do any kind of client side security that does not involve the server in someway can be easily bypassed by a simple client replace and removing your pwprotector.exe.

If you want true security involve the server. Don't let the client talk directly to glinkd and create your very own method of talking to the server. (this doesn't involve any modifications to elementclient at all, tunnel the server connection through hack protection application and let the server undo whatever you did).

Still think people can just easily bypass that? Well sort of, anyone that can figure out what to change to write their own method of talking to your server sided un-tunneler will get around anything you do clientside anyway. If you really want to prevent any kind of hack rewrite the client from the ground up. Start the server from scratch and work security into its very existence. Tacking security on as an after thought is always going to be a deterrent and not an actual method of stopping people. (Think of adding a bunch of locks to a door, but the door is hollow and can easily be kicked through. Real security would've installed a better door and the locks from the start)

[Deus ex]

----------------------------------

[Pilad]

If launch elementclient.exe from PW Launcher.exe - pwprotector.exe not started
And need... If kill process pwprotector.exe in taskmanager , pwprotector.exe kill elementclient.exe
Or pwprotector.exe avtorestart

[das7002]

Bro this is what i want to do.... if you can`t/wont help with this please stay out of my thread thank you.

Well then you need to say so, you aren't particularly great with English it seems. Lack of understanding/communcation skills/ language barrier is where issues stem from. I never said I wouldn't or can't help. You just seemed to not know where you wanted to go.

Seeing as this is the second time you come around to insult me due to your inability to speak proper English and explain what you want done I will not assist in anyway.

[Anghellic]

I am a little skeptic about this. In the case of your typical hacks and whatnot this will work. Autoclickers won't be phased by this. It would be hard to detect a 3rd party program that doesn't necessarily have to "plug in" to PW to work.

Also, is there a rule about one individual holding multiple forum accounts?

[343]

I am a little skeptic about this. In the case of your typical hacks and whatnot this will work. Autoclickers won't be phased by this. It would be hard to detect a 3rd party program that doesn't necessarily have to "plug in" to PW to work.

Also, is there a rule about one individual holding multiple forum accounts?

If you're talking about here, I'm pretty sure there is...

[Anghellic]

I thought so.

[Deus ex]

----------------------------------

[hrace009]

So what are you to talking about???


Like i said earlier if you don`t want to help me see this through please stay out of my thread "grate talkers"

If anyone know how to hook that dll into a elementclient.exe please help.

i tried this:

Code:

0055ffg1 (example of your EP)
0066ffee pwprotector.dll (in dump, write pwprotector.dll )
0066ffaa MainExemple (in dump, write pw)
0066ffb1 PUSH 0066ffee (PUSH "To Dll File")
0066ffb2 CALL DWORD PTR DS:[LoadLibraryA]
0066ffb3 OR EAX,EAX
0066ffb4 JE 0066ffc1 (JE "To ExitProcess" ,, if can't find dll, main don't run)
0066ffb5 PUSH 0066ffaa
0066ffb6 PUSH EAX
0066ffb7 CALL DWORD PTR DS:[GetProcAddress]
0066ffb8 CALL EAX
0066ffb9 JMP 0055ffg1 (JMP "EntryPoint")
0066ffc1 PUSH 0FF
0066ffc2 CALL DWORD PTR DS:[ExitProcess]

how people can help, if you not give a nice talking

[Deus ex]

----------------------------------

[Swoosh91]

I have no clue what you are trying there, you need to push parameters in reverse order, and I cannot see what your trying anyways.

Code:

008219E2                                 > /FF15 C0919600           CALL DWORD PTR DS:[<&PWAH_org.CheckForHacks>]       ;  PWAH_org.CheckForHacks
008219E8                                 . |55                      PUSH EBP
008219E9                                 . |8BEC                    MOV EBP,ESP
008219EB                                 . |EB 06                   JMP SHORT Client.008219F3
008219ED                                   |90                      NOP
008219EE                                   |90                      NOP
008219EF                                   |90                      NOP
008219F0 Client.<ModuleEntryPoint>       $^\EB F0                   JMP SHORT Client.008219E2
008219F2                                    90                      NOP
008219F3                                 >  6A FF                   PUSH -1

And be a little nicer to people. das tried to be of help - thank him, not fuss about the type of help. What he said is probably the easiest way.

If I may add - you seem like an angry 14 year old boy.

Cheers

[Adriana]

++1:))