Codex anti-hack system - V4 (C++ Source code)

=========================================
Codex.dll v4 (C++ Source code) - by VertexBrasil


V4 Anti-hack features:


=========================================


- Easy ON/OFF switch to all features on START.cpp


- Splash Screen on start.


- Hack detect splash screen = english, portuguese, silent, or browser website that register user IP


- Server name easy configuration for all splash messages


- Hack detect Log generation = Gameguard/Log.txt (For configuration purposes only)


=========================================


Load external files:


- Minimizer.dll (Shortcut: F9)


- Glow.dll Mu v97


=========================================


- Protected mxmain.exe serial, version, ip and data using realloc and memoryset.


=========================================


All Functionality programs are included:


- Minimizer.dll
- HTTP and FTP Server side stuff
- Kill Me (Full system working for test only)
- Codex.dll ready to use with some detectors active (English and Portuguese splash)


Applications:


- CRC Generator (portable)
- Dll hooker (portable)
- Dump generator (portable)
- Security packer (portable)
- Handler / GetWindowText (portable)


=========================================


Hack detection:


- WN-Scan - Window Title scan. This one close Game window.
- WN-Close - Same detection as WN-Scan (empty hack database). This one close hack window silently, if can't close hack window, close game.
- CN-Scan - Class window scan close Game window
- CN-Close - Same detection as CN-Scan (empty hack database), this one close Hack window silently, if can't close hack window, close game.
- D-Scan - Dump - Entrypoint + 8 hex Dump
- PID-Scan - Process ID
- H-Scan - Heuristic - Bad Words
- HW-Scan - Heuristic - Windowtext Bad Words, Detect any "bad word" on WindowName, object and parent.
- HC-Scan - Heuristic - Classwindow Bad Words, Detect any "bad word" on WindowClass, detect any "generic" WindowsForms
- HNC-Scan - Heuristic - Bad Words Non-case sensitive
- HT-Scan - Hide tools - Detect generic Hide Tools like Cheat engine, Hide Toolz, etc.
- VM-Scan - Virtual memory - Detect virtual memory code changes
=========================================


Speed detection:
- ST-Scan - Detect game speed and system freeze by Tickcount
- SP-Scan - Detect game speed by hardware performance
=========================================


Injection:
- I-Scan - Detect dll injection using dll illegal names blacklist
- API Injection protection - Silently detector, protect API entry from code injection. [Don't work for some applications, including MU Online main.exe]
- Delete ModuleHandle - Silently detector, delete ModuleHandle after loading, protect from code injection. [Don't work for some applications, including MU Online main.exe]
=========================================


Anti-Kill:
- Launcher / Main active protection - Uses your launcher to protect system from kill or freeze
- AKS-Scan - Protect system from kill by Scanner count
- AKT-Scan - Protect system from kill or inject code by process thread count. [Don't work for some applications, including MU Online main.exe. Don't work with some detectors active]
- Rebuild main data - Allow destroy Main.exe hexadecimal data sections and rebuild it again on virtual memory with Memset. [Main don't work without Codex.dll]
- Main.exe one single instance - If Launcher / Main active protection are active, just one main instance are alowed at time.
=========================================


Ban:
- Hardware Ban (FTP) - Server side blacklist that ban Users hardware: Mac adress, hard drive serial, computer name or computer user name
- Hack detection log file upload (FTP) - Upload file when size are more than "x" lines
- Server Ban (PHP) - Server side protection, ban user account or character using SQL database. Protect Anti-Hack from bypass or kill process [Mu Server "ConnectStat" need to work withowt bugs]
=========================================


Files protection:
- L-Scan - Launcher alwais ON check
- FN-Scan - File name Scan - Check file folder names existence and check file Handler for dlls (Launcher/Codex) and exe files (Main/Launcher) Game only start with correct name.
- CRC-Scan - CRC files scan protection:
-Launcher.exe
-Protect.bmp file
-Player.bmd
-WebZenLogo.OZJ
-Terrain 1 to 7


=========================================


Tanks to:


f1x = Dump codes
Suzana ADM = Heuristic codes
ARIES (Dark Crow) = HeuristicNC codes


RaGEZONE - MMO development community
RaGEZONE foruns users




=========================================


Download Codex V4:
https://www.youtube.com/watch?v=y55_Mg7VQOw

https://www.youtube.com/watch?v=qRYPEVbhDS8
I have a problem , How can i fix?

Anti-Kill
Game Over And Close

First thing, disable this message on START.cpp adding lines intersection: this way:

Code:

---

carrega.Log_Txt_Hack    = 1;  // On/Off = Creates a hack log ("GameGuard/Log.txt")

//if (carrega.Log_Txt_Hack == 1){
//MessageBoxA(NULL,"Public HACK DETECTION LOG are active in START.cpp!\n\nWARNING! .....

---

This is just an alert for the first start, it causes i time delay on Main.exe, i think this is your problem.

If this don't work, try to find problem using lines intersection, add and remove then, also, try to start detectors one by one, from bottom to top utill find problem.

Try to get original files, and start from this. Also, start detectors one by one, make configuration step by step, if you have some problem you will know is there in that place you have started.

If someone are having problems with windows text names on fake files, i think a good idea enable this lines (removing lines intersection) on START.cpp, do it for both files, Codex and Launcher:

Launcher:

Code:

---

string title = _T("Launcher");
SetConsoleTitle(title.c_str());

---

Codex:

Code:

---

//string title = _T("Mxmain"); 
//SetConsoleTitle(title.c_str());



---

This will set window text name for fake files. But don't forget to disable that before configuration, Game Main and Launcher have your own window text names, this are just for fake files.

I trying for this But still not fix and i still another trying

I will try to help you grim

Thanks I'll be waiting

Detecta_Heuristica_Win.cpp
Detecta_Heuristica_Class.cpp

Two new fucking crazy detectors ! ! ! !

- HW-Scan - Heuristic - Windowtext Bad Words:
Detect any "bad word (full or partial)" on WindowName, object and parent.

- HC-Scan - Heuristic - Classwindow Bad Words:
Detect any "bad word (full or partial)" on WindowClass, detect any "generic" WindowsForms

This detectors are realy awesome.

Link updated ! ! ! !

Support RF Online ?

Interview, i think there is no problem. A dll file can be hooked in any windows aplication, and also, you can easy turn on and off all features Make any code changes you wish and add your own hack database.

- - - Updated - - -

Someone try to use Virtual memory protect to block [Mu graphical Speed]?

This feature (Virtual Memory Protection) are made to do that... watch video tutorial, are the same thing!

Replace Main.exe serial, version and IP with memset
https://www.youtube.com/watch?v=Y0MjSu2s3oo
or
Protect Codex.dll from unload / break
https://www.youtube.com/watch?v=hKRRLfeJKYQ

I don't have any client where this cheat works to get buffer value for you. But is so simple to do.

START.cpp

Code:

---

carrega.Virtual_Memory_Protect        = 1;

---

Detecta_Virtual_Memory.cpp

Code:

---

(*(unsigned short*)0x4E9B6E != xxxxx)){ //buffer

---

To easy find adrees to get buffer value to protect:

Start Main.exe > Start HxD.exe > open Main.exe (HxD virtual memory) > ctrl+F (search) > ctrl+G (Go to...) >> 004E9B6E >> buffer

can you please me how to get virtual memory of this? Attachment 150582
then what to change in source thanks

i don't understand what you mean. You wanto to block this file?

I got that error on this file: MFC71.DLL is missing from your computer.

Quote:

---

Originally Posted by Cogito Ergo Sum

i don't understand what you mean. You wanto to block this file?

I got that error on this file: MFC71.DLL is missing from your computer.

---

I want to hex this file and make it as a sample program..how do i get virtual memory of that file

Please Help this error

[IMG]http://i.imgur.com/rTzEzNm.jpg?1[/IMG]

Please Help this error

Disable all detectors, enable aks-scan, start detectors one by one untill find problem.

You can use this codes below on Detecta_AntiKill_Scans.cpp with mxmain fake to find problem

removeve: /* */

Code:

---

cout << "DAka1:            "<<DAka1<<endl;   
    cout << "DAkb1:            "<<DAkb1<<endl;
    cout << "DKill_t1:          "<<DKill_t1<<endl;
    cout << "CloseClas1:        "<<CloseClas1<<endl;
    cout << "CloseWin1:        "<<CloseWin1<<endl;
    cout << "DClass1:          "<<DClass1<<endl;
    cout << "DDump1:            "<<DDump1<<endl;
    cout << "DHeuri1:          "<<DHeuri1<<endl;
    cout << "DHeuriWin1:        "<<DHeuriWin1<<endl;
    cout << "DHeuriNC1:        "<<DHeuriNC1<<endl; 
    cout << "DHeuriClass1:      "<<DHeuriClass1<<endl;
    cout << "DHide1:            "<<DHide1<<endl;
    cout << "DInject1:          "<<DInject1<<endl;
    cout << "Dname1:            "<<Dname1<<endl;
    cout << "DProcID1:          "<<DProcID1<<endl;
    cout << "DSpeed1:          "<<DSpeed1<<endl;
    cout << "DWin1:            "<<DWin1<<endl;
    cout << "DHard1:            "<<DHard1<<endl;
    cout << "DLauncher1:        "<<DLauncher1<<endl;
    cout << "DBan1:            "<<DBan1<<endl;
    cout << "DVirtualM1:        "<<DVirtualM1<<endl;
    cout << "DSPerf1:          "<<DSPerf1<<endl;
    cout << "DAntiInject1:      "<<DAntiInject1<<endl;
    cout << "DVirtualMLauncher1:"<<DVirtualMLauncher1<<endl;   
    cout << "DTxtFileSize1:    "<<DTxtFileSize1<<endl;
    cout << "Dpipe1:              "<<Dpipe1<<endl;
    cout <<"AntiKill Scans = Antikill: "<<Antikill<<"  Soma: "<<Soma<<endl<<endl; */

---

- - - Updated - - -

Send me yourr: CODEX_V4 DLL and LAUNCHER_V4 DLLGrim, i will try to run with your configurations, remove ipch and debug folder content to reduce size

problem Is My Custom Source Code
My Code Remove and Work! Thanks

can you upto mega plz.thx

Cogito Ergo Sum, any idea about how i can detect main.exe alteration in memory? , with this hack ( MUAutoClicker ) ( http://prntscr.com/69j1yb ) , you can launch main.exe or launcher.exe and this work in memory , then you can execute commands in game , you can download and test it here:


https://mega.co.nz/#!DMwCERIT!Y_Zln5...8ywwQwLFfDhN8c

Commands info:

http://muautoclicker.fr.yuku.com/top...n#.VO1DhvmG9-F

adryus_DW:

START.cpp

Code:

---

carrega.Virtual_Memory_Protect        = 0;    // On/Off = protect code from alteration on virtual memory (need be configured) on [Virtual_Memory.cpp]

---

Use this tutorial to see how Virtual Memory Protection works, configuration are very similar.
https://www.youtube.com/watch?v=NNJVNnuKBFk

You can add how many "memory protection points" you want, just copy and paste this code:

Detecta_Virtual_Memory.cpp

Code:

---

//cout << *(unsigned short*)0x449081 << endl;
if((*(unsigned short*)0x449081 != 29537) ||

---

- - - Updated - - -

[can you upto mega plz.thx]

Link are mega, goto to my chanell and scrow page down, link to download are there. I made this way to easy update links when needed.

Codex Anti-hack System (c++ Source code) - Download

https://www.youtube.com/watch?v=y55_Mg7VQOw

I think some people have problems to get buffer for virtual memory protection, so, i add an new feature that make it easy to do.

Video Tutorial:
https://www.youtube.com/watch?v=S-H9...ature=youtu.be

CodexV4 link are updated!

Codes for that dont want to download it again:

START.ccp

Code:

---

    carrega.Launcher_Mem_Protection    = 0;    // On/Off This is an active memory protection from Launcher, if launcher are not running and if ther signature are not ok, main closes.
//Add this line below:   
        carrega.Memory_Buffer_L            = 0;    // On/Off Message box with address buffer for configuration! Need to configure values on: Detecta_Virtual_Memory.cpp


    carrega.Virtual_Memory_Protect        = 0;    // On/Off = protect code from auteration on virtual memory (need be configured) on [Virtual_Memory.cpp]
 //Add this line below:       
        carrega.Memory_Buffer_P            = 0;    // On/Off Message box with address buffer for configuration! Need to configure values on: Detecta_Virtual_Memory.cpp

---

Classe.h

Code:

---

int Memory_Buffer_L;
 int Memory_Buffer_P;

---

Detecta_Virtual_Memory.cpp

Code:

---

// Video tutorial: http://www.youtube.com/user/vertexbrasil
#include "stdafx.h"
//VM-Scan splash////////////////////////////////////////////////////////////
void Msg_VM_Br(){
    MessageBoxA(NULL,"VM-Scan\n\nConte˙do suspeito detectado!", carrega.Nome_das_Janelas, MB_SERVICE_NOTIFICATION | MB_ICONWARNING);
    }
void Msg_VM_En(){
    MessageBoxA(NULL,"VM-Scan\n\nAn illegal choice haas been detected!", carrega.Nome_das_Janelas, MB_SERVICE_NOTIFICATION | MB_ICONWARNING);
    }


void Msg_VM_Page(){
    Sleep (4000);
    ShellExecute(NULL, "open", carrega.HackSplash_WebSite, NULL, NULL, SW_SHOWNORMAL);
    }


void Attack_Value(){
    if (carrega.Log_Txt_Hack == 1){
ofstream out("GameGuard/Log.txt", ios::app);
out << "\n VM-Scan:  ", out <<  "Virtual memory Value changed!";
out.close();
}
    if (carrega.Message_Warning_En == 1){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_VM_En),NULL,0,0);
    Sleep(5000);
    ExitProcess(0);   
}
    if (carrega.Message_Warning_En == 2){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_VM_Br),NULL,0,0);
    Sleep(5000);
    ExitProcess(0);   
    }
    if (carrega.Message_Warning_En == 3){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_VM_Page),NULL,0,0);
    Sleep(5000);
    ExitProcess(0);   
    }
    if (carrega.Message_Warning_En == 0){
    ExitProcess(0);
    }
    else
    ExitProcess(0);
}


//VML-Scan splash////////////////////////////////////////////////////////////
void Msg_VML_Br(){
    MessageBoxA(NULL,"VML-Scan\n\nConte˙do suspeito detectado!", carrega.Nome_das_Janelas, MB_SERVICE_NOTIFICATION | MB_ICONWARNING);
    }
void Msg_VML_En(){
    MessageBoxA(NULL,"VML-Scan\n\nAn illegal choice haas been detected!", carrega.Nome_das_Janelas, MB_SERVICE_NOTIFICATION | MB_ICONWARNING);
    }


void Msg_VML_Page(){
    Sleep (4000);
    ShellExecute(NULL, "open", carrega.HackSplash_WebSite, NULL, NULL, SW_SHOWNORMAL);
    }


void Attack_Value2(){
    if (carrega.Log_Txt_Hack == 1){
ofstream out("GameGuard/Log.txt", ios::app);
out << "\n VML-Scan:  ", out <<  "Virtual memory value changed!";
out.close();
}
    if (carrega.Message_Warning_En == 1){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_VML_En),NULL,0,0);
    Sleep(5000);
    ExitProcess(0);   
}
    if (carrega.Message_Warning_En == 2){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_VML_Br),NULL,0,0);
    Sleep(5000);
    ExitProcess(0);   
    }
    if (carrega.Message_Warning_En == 3){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_VML_Page),NULL,0,0);
    Sleep(5000);
    ExitProcess(0);   
    }
    if (carrega.Message_Warning_En == 0){
    ExitProcess(0);
    }
    else
    ExitProcess(0);
}


void Msg_VML3_Br(){
    MessageBoxA(NULL,"VML-Scan\n\nLauncher n„o encontrado!", carrega.Nome_das_Janelas, MB_SERVICE_NOTIFICATION | MB_ICONWARNING);
    }
void Msg_VML3_En(){
    MessageBoxA(NULL,"VML-Scan\n\nLauncher not found!", carrega.Nome_das_Janelas, MB_SERVICE_NOTIFICATION | MB_ICONWARNING);
    }
 
void Msg_VML3_Page(){
    Sleep (4000);
    ShellExecute(NULL, "open", carrega.HackSplash_WebSite, NULL, NULL, SW_SHOWNORMAL);
    }


void Attack_Value3(){
    if (carrega.Log_Txt_Hack == 1){
ofstream out("GameGuard/Log.txt", ios::app);
out << "\n VML-Scan:  ", out <<  "Launcher not found!";
out.close();
}
    if (carrega.Message_Warning_En == 1){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_VML3_En),NULL,0,0);
    Sleep(5000);
    ExitProcess(0);   
}
    if (carrega.Message_Warning_En == 2){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_VML3_Br),NULL,0,0);
    Sleep(5000);
    ExitProcess(0);   
    }
    if (carrega.Message_Warning_En == 3){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_VML3_Page),NULL,0,0);
    Sleep(5000);
    ExitProcess(0);   
    }
    if (carrega.Message_Warning_En == 0){
    ExitProcess(0);
    }
    else
    ExitProcess(0);
}


////////////////////////////////////////////////////////////////////////////////////////////////
// Virtual Memory protection - VM-Scan


//How to:
// Use HxD.exe to get address that you want to protect
// For example, run mxmain(fake).exe, open mxmain(fake).exe with HxD (virtual memory), search for string Gasmask, or important value that need be protected on virtual memory. 
// Select G, press CTRL+E (or right click) Select bloc.  That is your addrees. 0x449081
// Turn On carrega.Memory_Buffer_L on START.cpp to get address buffer, add buffer on detector, turn off carrega.Memory_Buffer_L.
// Change values on memory with HxD to test. (unsigned short) protect 5 hex from start point adrees
////////////////////////////////////////////////////////////////////////////////////////////////




// CHECK LAUNCHER VIRTUAL MEMORY ////////////////////////////////////////////////////////////////////////////////////////////////////////////////
HANDLE GetProcessHandle(const char *procName);
void Memory_by_window()
{ 
 HWND handle = FindWindow(0 ,TEXT(carrega.Launcher_Window));
      if(handle == 0)
      {
      Attack_Value3();  // If not find Window, closes!
      //cout << "VM-Scan failed to find window: "<<carrega.Launcher_Window<<endl;
      }
      else
      {
  DWORD ID;
  GetWindowThreadProcessId(handle,&ID); 
  HANDLE hProcess = OpenProcess( PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION , FALSE, ID);
      if(!hProcess)
      {
      Attack_Value3();  // If not find Window, closes!
      }
      else
      {
      int buffer;
      char cbuffer[12];
      if (ReadProcessMemory(hProcess,(void *)0x449080,&buffer,4,NULL)){ //ADRESS HERE!       
      if (carrega.Memory_Buffer_L == 1){
        sprintf (cbuffer, "%d", buffer);
        MessageBoxA(NULL,(LPCSTR) cbuffer, "Memory_Buffer_L",  MB_ICONWARNING);
        CloseHandle(hProcess);
        ExitProcess(0);
}
            else
            {
            //cout<<"Main buffer: "<<buffer<<endl;     
            if (buffer != 1191182336){  //BUFFER HERE!
            Attack_Value2(); 
            CloseHandle(hProcess);
      }   
    }
}
}
}
}






void Launcher_Pro_Start(){
    DVirtualMLauncher(); // Antikill
    if (carrega.Anti_Kill_Scans == 1)
    {
again:
    DVirtualMLauncher(); //Antikill
    Memory_by_window(); 
    Sleep (carrega.Virtual_Mem_occours); 
    goto again;
    }
    else
    {
again2:
    Memory_by_window(); 
    Sleep (carrega.Virtual_Mem_occours); 
    goto again2;
    }
}
   
    void Mem_Launcher_Protection(){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Launcher_Pro_Start),NULL,0,0);
}








////////////////////////////////////////////////////////////////////////////////////////////////
// Virtual Memory protection - VM-Scan


//How to:
// Use HxD.exe to get address that you want to protect
// For example, run mxmain(fake).exe, open mxmain(fake).exe with HxD (virtual memory), search for string Gasmask, or important value that need be protected on virtual memory. 
// Select G, press CTRL+E (or right click) Select bloc.  That is your addrees. 0x449081
// Turn On carrega.Memory_Buffer_L on START.cpp to get address buffer, add buffer on detector, turn off carrega.Memory_Buffer_L.
// Change values on memory with HxD to test. (unsigned short) protect 5 hex from start point adrees
////////////////////////////////////////////////////////////////////////////////////////////////


// PROTECT MAIN VIRTUAL MEMORY ///////////////////////////////////////
bool Virt()
{
// GET BUFFER MESSAGE
if (carrega.Memory_Buffer_P == 1){
char cbuffer[10];


//WARNING!  Add an address that not exist on Mxmain.exe will crash Mxmain.exe


sprintf (cbuffer, "%d", (*(unsigned short*)0x449081));  //Put ADDRESS here, this is for [carrega.Memory_Buffer_P]                   
MessageBoxA(NULL,(LPCSTR) cbuffer, "Memory_Buffer_P___",MB_ICONWARNING);
ExitProcess(0);   
}


//WARNING!  Add an address that not exist on Mxmain.exe will crash Mxmain.exe
   
//DETECTOR - Protect 5 hex from address start point
  //((*(unsigned short*)0xADDRESS != BUFFER)
if ((*(unsigned short*)0x449081 != 29537) ||
 // (*(unsigned short*)0x449081 != 29537) ||
 // (*(unsigned short*)0x449081 != 29537) ||
 //    (*(unsigned short*)0x449081 != 29537) ||
 //    (*(unsigned short*)0x449081 != 29537) ||
    (*(unsigned short*)0x449081 != 29537)){
   
        Attack_Value();  //ExitProcess(0);
        return true;   
    }
    else
    {
        return false;   
    }
}




void VirtA(){   
    if (carrega.Anti_Kill_Scans == 1)
    {
again:
    DVirtualM(); //Antikill
    Virt();
    Sleep (carrega.Virtual_Mem_occours); 
    goto again;
    }
    else
    {
again2:
    Virt();
      Sleep (carrega.Virtual_Mem_occours); 
    goto again2;
    }
}
   
void Virtual_Attack(){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(VirtA),NULL,0,0);
}

---

Cogito Ergo Sum,

I can see on your video this:

Quote:

---

//DETECTOR - Protect 5 hex from address start point
//((*(unsigned short*)0xADDRESS != BUFFER)
if ((*(unsigned short*)0x449081 != 29537) ||
// (*(unsigned short*)0x449081 != 29537) ||
// (*(unsigned short*)0x449081 != 29537) ||
// (*(unsigned short*)0x449081 != 29537) ||
// (*(unsigned short*)0x449081 != 29537) ||
(*(unsigned short*)0x449081 != 29537)){

Attack_Value(); //ExitProcess(0);
return true;
}
else
{
return false;
}
}

---

Why need to check two times the same address and buffer? is necessary to check two times all buffers and addresses?

Quote:

---

if ((*(unsigned short*)0x449081 != 29537) || (*(unsigned short*)0x449081 != 29537)){

---

------------

Another question, how the system know that need to scan under main and not under launcher?


Thanks!

Why need to check two times the same address and buffer? is necessary to check two times all buffers and addresses?

you dont need, i repeat address / buffer just for convenience, i think are a good idea let more than one memory block checker, some people may need that... And using operator (or) i need to use two addresses, i just repeat first one for convenience.

Another question, how the system know that need to scan under main and not under launcher?

START.cpp switch, turn on only detector you need, are two different detectors in the same cpp file.

Guys, what do you think about add an http auto-updater for anti-hack?

Very simple, we just put file into a website folder and change a value on an update.txt inside this folder....

Quote:

---

Originally Posted by Cogito Ergo Sum

Guys, what do you think about add an http auto-updater for anti-hack?

Very simple, we just put file into a website folder and change a value on an update.txt inside this folder....

---

make it with online database.. for exaple dll will check the cheatlist.txt file uploaded on aaaa.com/codex/ so we can add/remove dumb codes/class codes/cheats everytime we want it easily..
AND something like checksum? for example to join that server you must have this dll run on your main.exe
for example make the DLL send something like ping on serversided .exe if the .exe receive that ping then ok if server sided .exe doesnt receive that ping command then disconnect the users ip?

Do you have codes for all that thing karipidis? Cus i dont...

Someone?

What can i do for now are check a website text file value and make a dll (or main) update using http.

Quote:

---

Originally Posted by Cogito Ergo Sum

Do you have codes for all that thing karipidis? Cus i dont...

Someone?

What can i do for now are check a website text file value and make a dll (or main) update using http.

---

TS can you please provide link of your VS coz i use VS2012 and some client need to install some VSC++2012

Visual Studio 10 - Microsoft downloader:
https://mega.co.nz/#!B9UxGLRQ!dxzEX3...5thdfB3UPcNmIs

This will download something about 2 gigabites

Hello Cogito Ergo Sum !

I made some tests to get the buffer , can you read my pm please?

Thanks!

Quote:

---

Originally Posted by Cogito Ergo Sum

Visual Studio 10 - Microsoft downloader:
https://mega.co.nz/#!B9UxGLRQ!dxzEX3...5thdfB3UPcNmIs

This will download something about 2 gigabites

---

thanks
btw can you make your source compatible to VS2003? coz some of users here in PH use old version of WIN OS like WIN XP it is hesitate to install required environtment

@Cogito Ergo Sum how about disable main sir they need to go thru Launcher click start and main will appear ,if they open main they cant open. need launcher, do have that feature?

Yes Titansmu, Launcher always on, and anti-kill: pipe /size/Launcher virtual memory check, require Launcher always on. If you dont like someone start your main without Launcher just clicking on that, you can change main extension and change your launcher (hex) to load thane new extension.

Exemple: Change main extension from .exe to .dll (find main.exe) in your launcher and update (hex) to main.dll, are simple, but works.

Hola hay un error con algunos paneles cpanel: Estos no permiten crear una carpeta ftp con espacios para el Hardware Ban, tendria que llamarse como HardwareBan, y no veo donde puedo configurar esto, me podrias indicar donde cambiar el espacio en el source? gracias


http://prntscr.com/6bz4y1

Donde se puede editar el Hardware Ban?

Link for source please ....

Caron22
Estos no permiten crear una carpeta con espacios


BenQ
Codex Anti-hack System (c++ Source code) - Download
https://www.youtube.com/watch?v=y55_Mg7VQOw

Para los que quieran ejecutarlo local para test pueden configurarlo de la siguiente manera:
http://prntscr.com/6ce21t
Luego crean un index.php con su IP.
http://prntscr.com/6ce2x9
De esta manera podran usar la dll localmente sin problemas

Quote:

---

Originally Posted by cogito ergo sum

guys, what do you think about add an http auto-updater for anti-hack?

Very simple, we just put file into a website folder and change a value on an update.txt inside this folder....

---

yes i need this!

An Anti-inject that a working for some time, this codes create a load dll whitelist with patch/name/exetension.

This codes don't will be added to the source, becouse i think this don't works fine for most exe files, and also, dll names change every operational system are running. This don't works for dll "unload" conference too. Dll still there (on list) after be unload (killed).

For those who wanna to get some fun with this, a log file are generate to easy get this dll list. Use some text editor to "clean" log file. Im using Notepad++ for that.

Code:

---

// Video tutorial: http://www.youtube.com/user/vertexbrasil
#include "StdAfx.h"


#include <psapi.h>
#pragma comment (lib, "psapi.lib")


int i34;
int main(int argc, _TCHAR* argv[])
{
HWND WinTitle = FindWindowA(NULL,"Mxmain");  //carrega.MainWindowName
cout << "Handle: " << WinTitle << endl;
DWORD cbNeeded;
DWORD processID;
GetWindowThreadProcessId(WinTitle, &processID);
cout << "Process ID: " << processID << endl;
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, TRUE, processID);
cout << "Process Handle: " << handle << endl;
HMODULE hMods[1024];
if (EnumProcessModules(handle, hMods, sizeof(hMods), &cbNeeded))
{
for (i34 = 0; i34 < (cbNeeded / sizeof(WinTitle)); i34++)
{
TCHAR szModName[MAX_PATH];
if (GetModuleFileNameEx(handle, hMods[i34], szModName, sizeof(szModName) / sizeof(TCHAR))){


cout << szModName<<endl; // Wide string char thing
//cout << "Entry Number: " << hMods[i34]<<endl; // hMods may be wide string, too, IDK, I didn't use it yet.


//Create Log////////////////////////////////////////////////////////////
int turn_Log_on = 0;
if (turn_Log_on == 1){
ofstream out("GameGuard/szModName.txt", ios::app);
out <<"(strstr(szModName, "<<szModName<<" )) ||"<<endl;
out.close();
}
else
{
if
////////////////////////////////////////////////////////////////////////
(strstr(szModName, "Mxmain.exe") ||
(strstr(szModName, "ntdll.dll")) ||
(strstr(szModName, "kernel32.dll")) ||
(strstr(szModName, "KERNELBASE.dll")) ||
(strstr(szModName, "msvcrt.dll")) ||
(strstr(szModName, "Codex.dll")) ||
(strstr(szModName, "USER32.dll")) ||
(strstr(szModName, "GDI32.dll")) ||
(strstr(szModName, "LPK.dll")) ||
(strstr(szModName, "USP10.dll")) ||
(strstr(szModName, "ADVAPI32.dll")) ||
(strstr(szModName, "sechost.dll")) ||
(strstr(szModName, "RPCRT4.dll")) ||
(strstr(szModName, "SHELL32.dll")) ||
(strstr(szModName, "SHLWAPI.dll")) ||
(strstr(szModName, "IPHLPAPI.DLL")) ||
(strstr(szModName, "NSI.dll")) ||
(strstr(szModName, "WINNSI.DLL")) ||
(strstr(szModName, "WININET.dll")) ||
(strstr(szModName, "urlmon.dll")) ||
(strstr(szModName, "ole32.dll")) ||
(strstr(szModName, "OLEAUT32.dll")) ||
(strstr(szModName, "CRYPT32.dll")) ||
(strstr(szModName, "MSASN1.dll")) ||
(strstr(szModName, "iertutil.dll")) ||
(strstr(szModName, "PSAPI.DLL")) ||
(strstr(szModName, "IMM32.DLL")) ||
(strstr(szModName, "MSCTF.dll"))){
/////////////////////////////////////////
    //cout <<"existe"<<endl;
    }
    else
    {
    cout <<"nao existe"<<endl;
    cout << szModName<<endl; // Wide string char thing
    MessageBoxA(NULL,"NEW Scan\n\nInjection!", carrega.Nome_das_Janelas, MB_SERVICE_NOTIFICATION | MB_ICONWARNING);   
    CloseHandle(handle);
return 0;
    }
}
}
}
}
}


void mainx (){
    again:
    main(0,0);
    Sleep (1000);
    goto again;
}


void  TESTES(){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(mainx),NULL,0,0);
}

---

@Cogito Ergo Sum how about i want to load library for vcorp.dll how can i do it ? like insania have a vcorp on it

[yes i need this!]

i will try to make hardban and log file work with http and add an autoupdate too.

how about i want to load library for vcorp.dll how can i do it ? like insania have a vcorp on it

Maybe > Properties > linker > additional library directories? I don't know what vcorp or insania is...

Gente tengo estos 3 cheats para agregar pero el dump me da 00 00 00 00 00 00 00
Alguien podria pasar el codigo o pasar las herramientas con las que se saca este codigo?
http://www.mediafire.com/download/fx...yam/CHEATS.rar

3 cheats

This ones are using ASLR, dump detector can't read entrypoint address.

just add this lines on your db, this will get a huge amount of this "generic" hacks.

Detecta_Heuristica_Class.cpp

_tcsstr(y,"WindowsForms10") ||

Detecta_Heuristica_Win.cpp

_tcsstr(x,"autopot") ||
_tcsstr(x,"Optimus Prime") ||
_tcsstr(x,"H4ck3ker") ||
_tcsstr(x,"privado") ||

@Cogito Ergo Sum this antihack have anti suspend? cuz ive seen some comments that they say can easily bypass just suspend the antihack they said how to prevent this :)

Guys, do you wanna codes to DISABLE windows ASLR (Address space layout randomization) on your clients computers?

This way, DUMP detector will be able to read address and detect this cheats that was created with ASLR anabled.

I don't think thats a good idea... Something like: [Use at your own risk!]

- - - Updated - - -

Quote:

---

Originally Posted by titansmu

@Cogito Ergo Sum this antihack have anti suspend? cuz ive seen some comments that they say can easily bypass just suspend the antihack they said how to prevent this :)

---

On V4, Launcher protect main.

Test it: CODEX ANTIHACK V4\CONTENTS\Kill Me (For crack attempt)

How to configure that:

Codex - anti-hack system - Launcher Anti-kill protection (File Names) 1 / 3
https://www.youtube.com/watch?v=HJ8GdJ0PZaQ&list=UUa3JU6i4MjC3_DfQdLsg-lA

how to add Black Box hack protection?

Quote:

---

Originally Posted by fabiann1

how to add Black Box hack protection?

---

Easy:

Detecta_Heuristica_Class.cpp
_tcsstr(y,"WindowsForms10") ||

Detecta_Heuristica_Win.cpp
_tcsstr(x,"Black Box") ||

Detecta_Heuristica.cpp
strstr(t,"[F?Ø???] [???]") || //Black box

But you can add detection for this on another detectors: heuristic nc, window, class, etc.

use

CODEX ANTIHACK V4\CONTENTS\Utilities\Handler portable ( ClassName detector )

GetWindowText or handler to get windows

cogito ergo sum maybe u can help me to block autobot ??? dunno some code or where to modify
thx and waiting for u reply

Many people talk about Dump problems to detect some hacks, this occours becouse some hacks are build with Address space layout randomization (ASLR) active...


Description: Address space layout randomization (ASLR) is a memory-protection process for operating systems (OSes) that guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory.


So, i realy don't think that is necessary, becouse we have many detectors to to that. But, here are codes to disable ASLR on HKEY_LOCAL_MACHINE registry for client computers... This way, Dump will be able to read hack addres that was created with ASLR.


[ ATENTION! Use at your own risk! ]


For test purposes only:

Download: AutoPot (With ASLR active):
https://mega.co.nz/#!19cwBJKI!cAdL2d...a9AsBpQ1VHmsqE


AutoPot Dump for Dump detector:
{0x40BD6E, {0xFF, 0x25, 0x00, 0x20, 0x40, 0x00, 0x00, 0x00}}, // #### Privado #### AutoPot #### With ASLR active


You can use Process explorer > image > to check if program have Address space layout randomization (ASLR) active!

You can use CODEX ANTIHACK V4\CONTENTS\Utilities\Dump generator.exe (Run as Adiministrator) to get dump codes for detector.

How to make some tests to be sure that works?

1 - Add Autopot dump lines on detectors, and try to detect it berore activate [carrega.Disable_Windows_ASLR]

2 - activate [carrega.Disable_Windows_ASLR] This only change registry when have admin privileges, so, it will ask permission (just for one time) to do that.

3 - [Atention!] Changes only became active after computer reestart.


Codes:


START.cpp

Code:

---

carrega.Detecta_Dump            = 0; 
//ADD THIS RED LINE BELOW: 
carrega.Disable_Windows_ASLR        = 1;    // On/Off = Disable windows ASLR for ALL computer users.  [ ATENTION! Use at your own risk! ] This feature allow dump to read hacks that was created with ASLR, description: Address space layout randomization (ASLR) is a memory-protection process for operating systems (OSes) that guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory.
carrega.Token_Privileges        = 0;

---

and

Code:

---

//ADD THIS RED LINEs BELOW:
 if(carrega.Disable_Windows_ASLR == 1)
{
DisableASLR();
}

if(carrega.LA_Detecta_ByFileSize == 1)
{
ExeByFileSize();
}

---

Start.h

Code:

---

int DisableASLR();

---

Classe.h

Code:

---

int Disable_Windows_ASLR;

---

Dump.cpp (Add this code below all dump stuff)

Code:

---

//DISABLE WINDOWS ASLR FOR ALL USER COMPUTERS [Use at your own risk!]


void AskforUserPermission(){
    if (carrega.Message_Warning_En == 1){
    MessageBoxA(NULL,"Administrative privileges required!\n\nRight click on application: Run as administrator", carrega.Nome_das_Janelas, MB_SERVICE_NOTIFICATION | MB_ICONWARNING);   
    ExitProcess(0);   
    }   
    if (carrega.Message_Warning_En == 2){
    MessageBoxA(NULL,"Privilegios administrativos requeridos!\n\nClick direito do mouse no aplciativo: Executar como admintrator", carrega.Nome_das_Janelas, MB_SERVICE_NOTIFICATION | MB_ICONWARNING);   
    ExitProcess(0);   
    }
    else
    {
    MessageBoxA(NULL,"Administrative privileges required!\n\nRight click on application: Run as administrator", carrega.Nome_das_Janelas, MB_SERVICE_NOTIFICATION | MB_ICONWARNING);   
    ExitProcess(0);
}
}




#define WIN_32_LEAN_AND_MEAN
int writeToRegistry(void)
{   
    DWORD lRv;
    HKEY hKey;
    DWORD dwDisposition;
    lRv = RegCreateKeyEx(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management", 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey, &dwDisposition);
    DWORD dwValue = 0;
    RegSetValueEx(hKey,"MoveImages", 0, REG_DWORD, reinterpret_cast<BYTE *>(&dwValue), sizeof(dwValue));
    RegCloseKey(hKey);
    return(1);
}




//Check if running with admin privileges (withow it dll can't change HKEY_LOCAL_MACHINE registry)
BOOL IsElevated( ) {
    BOOL fRet = FALSE;
    HANDLE hToken = NULL;
    if( OpenProcessToken( GetCurrentProcess( ),TOKEN_QUERY,&hToken ) ) {
        TOKEN_ELEVATION Elevation;
        DWORD cbSize = sizeof( TOKEN_ELEVATION );
        if( GetTokenInformation( hToken, TokenElevation, &Elevation, sizeof( Elevation ), &cbSize ) ) {
            fRet = Elevation.TokenIsElevated;
        }
    }
    if( hToken )
    {   
    CloseHandle( hToken );
    }
    //cout<< fRet;
    if (fRet == 1){
                //cout <<"Are Admin!";
        writeToRegistry();
        return(1);
        //return fRet;
    }
    else
    {
                //cout <<"Ask Permission!";
    AskforUserPermission();
    return(1);
    //return fRet;   
}
}




int DisableASLR()
{
  HKEY hKey;
  //Check if the registry exists
  DWORD lRv = RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management", 0,KEY_READ, &hKey);
  if (lRv == ERROR_SUCCESS)
  {
    DWORD BufferSize = sizeof(DWORD);
    DWORD dwRet;
    DWORD cbData;
    DWORD cbVal = 0;
    dwRet = RegQueryValueEx(hKey, "MoveImages", NULL, NULL,(LPBYTE)&cbVal, &cbData);
    if( dwRet == ERROR_SUCCESS ){       
    //cout<<"\nDWORD value are: " << cbVal << endl;
    if (cbVal != 0)
    {
    IsElevated();
    return(1);
    }
    else
    {
  }
}
}
return(1);
}

---

- - - Updated - - -

Quote:

---

Originally Posted by Gaudinio

cogito ergo sum maybe u can help me to block autobot ??? dunno some code or where to modify
thx and waiting for u reply

---

Read thread, are some exemples that how it works, is very simple to do.

For another things, watch video tutorials, there you will learn how to add hex dump on detector, add virtual memory protection for your files, make some memset for serial / version or another stuff.

Cagito plz seting end START.cpp
where to put one and where to place 0 please more
Even fail to set it up and stop Auto-BOT.exe
code {0x405B28, {0x45, 0xFC, 0x8B, 0x40, 0x08, 0x8B, 0xE5, 0x5D}}, //Auto-BOT
Inserts into Detecta_Dump have said ok where to work

Quote:

---

Originally Posted by Gaudinio

Cagito plz seting end START.cpp
where to put one and where to place 0 please more
Even fail to set it up and stop Auto-BOT.exe

---

Watch this:
https://www.youtube.com/watch?v=iyPAjCzSr7s

Basicaly, you need turn detector: On ( 1 ) in START.cpp and update detector database.

For exemple, activate Heuristic detector and update database inside [Detecta_Heuristica.cpp] with badwords you need to detect.

For exemple:

strstr(t,"BOT") ||

This will detect any window that have BOT word on name

You can use:

CODEX ANTIHACK V4\CONTENTS\Utilities\Handler portable ( ClassName detector ) Handler.exe to get windowname and windowclass for any hacks that you want to detect.

I did not work that tutorial does not understand why the Codex.dll hac hook in place in main.exe everything goes ok after detecta_huristica and arefac Place 1 to copy the dll in debug give it a customer come in and gives me error can not understand why I really do not know.........I leave that fail

If you want to see teamwiuer give you'm not crazy

@Cogito Ergo Sum
can you please link microsoft c++ needed here

- - - Updated - - -

i got some issue here..computer deepfreeze detected also handycafe client

You need to update your database ace17

For exemple:

heuristic detector search for this badwords, just remove that...

strstr(t,"FREEZE") ||
strstr(t,"Freeze") ||
strstr(t,"freeze") ||

Quote:

---

Originally Posted by Cogito Ergo Sum

You need to update your database ace17

For exemple:

heuristic detector search for this badwords, just remove that...

strstr(t,"FREEZE") ||
strstr(t,"Freeze") ||
strstr(t,"freeze") ||

---

how about needed MS Visual c++? can you provide me a link pls

how about needed MS Visual c++? can you provide me a link pls

I did, do you read thread?

Again:

Visual Studio 10 - Microsoft downloader:
https://mega.co.nz/#!B9UxGLRQ!dxzEX3...5thdfB3UPcNmIs

This will download something about 2 gigabites

Quote:

---

Originally Posted by Cogito Ergo Sum

how about needed MS Visual c++? can you provide me a link pls

I did, do you read thread?

Again:

Visual Studio 10 - Microsoft downloader:
https://mega.co.nz/#!B9UxGLRQ!dxzEX3...5thdfB3UPcNmIs

This will download something about 2 gigabites

---

client side not for the compiler side..

I don't know what you mean, google it.

Quote:

---

Originally Posted by Cogito Ergo Sum

I don't know what you mean, google it.

---

what i mean is
codex.dll dont work on some computer there's something wrong/missing msvcp100.dll do you know what Microsoft Visual C++ REDISTRIBUTE NEEDED?

I'm make some test this days, i was creating win32 aplication console, and i got this MSVCR100 error on my virutal machine Win xp (sp1)


Try to change:

Codex > properties > configuration properties > c / c++ > code generation > runtime library > multi-threaded debug (MTd) to multi-threaded (/MT)

Tell us if it solve your problem please. I have just on computer to make all this things and i don't how it works out of this enviroment.

Cogito please how can I find the name I see here is something else ClasseWindow ("ThunderRT6FormDC"); // find the autoclic Klic0r as it ThunderRT6FormDC

Hi Cogito!

Because of what is this error?

void Injetado(){

if (carrega.Log_Txt_Hack == 1){
ofstream out("GameGuard/Log.txt", ios::app);
out << "\n Error-7: ", out << "File integrity violated!";
out.close();

BTW: I am still working with v3. In next days i will be updating to v4 :blush:

Quote:

---

Originally Posted by Gaudinio

Cogito please how can I find the name I see here is something else ClasseWindow ("ThunderRT6FormDC"); // find the autoclic Klic0r as it ThunderRT6FormDC

---

Open hack that you wanto to detect, open handler 1.5 to get hack windowtext and classname.


Detectors that works with windowtext:
Detecta_window.cpp = detect hack entire name, as you can see on Handler windowtext (Are case sensitive)
This detector close game!


Close_Window .cpp = detect hack entire name, as you can see on Handler windowtext (Are case sensitive)
This detector close hack, if can't close hack, close game!


Detecta_Heuristica = detect window badwords, entire or pieces (Are case sensitive)
Detecta_Heuristica_NC = detect window badwords, entire or pieces (Are NON case sensitive)
This two, detect badwords on window name, message name, or button when mouse hover over it.


Detecta_Heuristica_Win = detect window badwords, entire or pieces (Are case sensitive)
All heuristic detectors close game.




Detectors that works with classname:
Detecta_ClassName.cpp = detect hack entire name, as you can see on Handler classname (Are case sensitive)
This detector close game!

Close_ClassName.cpp = detect hack entire name, as you can see on Handler classname (Are case sensitive)
This detector close hack, if can't close hack, close game!


Detecta_Heuristica_Class = detect className badwords, entire or pieces (Are case sensitive)
This detector close game!




- - - Updated - - -

zacHA, i don't understand what you mean.

But, check if this lines are active:

//(GetModuleHandle("FoxAnti.dll")) || // To tests
//(GetModuleHandle("Codex.dll")) || // To tests

Active i mean: with red collor, without this parallel lines >> // , this two code lines are just for detector test.

Wait V4 update, i will add an auto-updater for Codex.dll.

- - - Updated - - -

That works ace17? I think problem is 64 bits OS incompatibility.

Someone have Codex compatibility problems? like: MSVCR100.dll missing...

ill currently trying

- - - Updated - - -

its now working brother

yes I use the exe MSVCR100.dll as shown in the tutorial I did put
ClasseWindow ("exe XU AutoClicker.v3 Codde name ...."); and TitleWindow ("# 32770"); so given me when I held the mouse handler and I no longer come into play at all Blocking // // ClasseWindow and TitleWindow and give the client debug copiex codex.dll why I come into play?

https://www.youtube.com/watch?v=-8tSy2B1R3s is this work here? or not?

Galdino i don't think a good idea add ("# 32770") on your ClassName database detection, becouse a lot of programs use this name on ClassName, is somekind of "generic" ClassName.


- - - Updated - - -

its now working brother

Great!

is this work here? or not?

I don't understand what you mean, you need be more especific.

Quote:

---

Originally Posted by Cogito Ergo Sum

Galdino i don't think a good idea add ("# 32770") on your ClassName database detection, becouse a lot of programs use this name on ClassName, is somekind of "generic" ClassName.


- - - Updated - - -

its now working brother

Great!

is this work here? or not?

I don't understand what you mean, you need be more especific.

---

try to watch this video https://www.youtube.com/watch?v=-8tSy2B1R3s
he bypass gameguard..is that possible that they can also make it with this gameguard?

he bypass gameguard..is that possible that they can also make it with this gameguard?

If your Client / Server uses webzen checksum autentication i think there is no way to bypass it... I realy can't imagine a way to do that... If you change only a word, a dot in anyplace on your main main.exe, nobody will be able to reproduce that change.

Also, with some work on your main files and codex dll you can improve security.

Watch this tutorials and you will got general idea how it works:

https://www.youtube.com/watch?v=Y0MjSu2s3oo

https://www.youtube.com/watch?v=hKRRLfeJKYQ

And also, you can use ServerBan feature, but your MuServer Connectstat need work 100 % or everyone that leave game and STAY CONNECTED on your sql database ( with Connecstat = 1) will be banned on that.

But you can work with this with a temporary ban, i mean, ban character or account for some hours only. System allow ban and unban char or entire account.

I made this way, flexible, thinking that entire system can be adapted to be used for another games that uses sql databases.

Watch this about Serverban, Part 1 of 3
https://www.youtube.com/watch?v=J_LtbVK7pSE

And also, this one about molebox pack:
https://www.youtube.com/watch?v=bEy0fKbe_sc

- - - Updated - - -

Did you know how webzem checksum conference works? I looking for this and find this video about this.
https://www.youtube.com/watch?v=QSeVRUF5q4Y

can anyone upload the checksum generator ?

Ok Guys, i try some tests to solve Muserver connectstat problem, that one: Users stay connected / your account are connected...

And this way, if it realy works for eveone, we can use BanServer features without any problem to solve any antihack kill / Freeze problem.

It seems to works to me. But i realy can't make real test using just one char... Someone can try to use that? And Tell us if it realy works?


MAKE A DATABASE BACKUP BEFORE!

///////////////// Deleting Procedures and tables


Open enterprise manager (I'm using SQL 2000)


Console Root > Microsoft SQL Servers > SQL Server Group > (local) (Windows NT) > Databases > MuOnline > Stored Procedure:


Delete:
WZ_CONNECT_MEMB
and
WZ_DISCONNECT_MEMB



Console Root > Microsoft SQL Servers > SQL Server Group > (local) (Windows NT) > Databases > MuOnline > Tables:


Delete:
MEMB_STAT


///////////////// creating Procedures and tables


Open SQL Query Analyzer


Select Database: MuOnline


Execute Query, Run this code:

Code:

---


CREATE PROCEDURE WZ_CONNECT_MEMB
@uid varchar(20),  @Server varchar(20),
@uip varchar(20)
AS
Begin
BEGIN TRANSACTION
SET NOCOUNT ON
IF EXISTS ( SELECT memb___id FROM MEMB_STAT WITH (READUNCOMMITTED)
WHERE memb___id = @uid )
Begin
UPDATE MEMB_STAT
SET ip = @uip , connectstat = 1 , servername =  @Server , ConnectTM = (getdate())
WHERE memb___id = @uid
End
ELSE
Begin
INSERT INTO MEMB_STAT ( memb___id,ip,connectstat,servername) valueS (
@uid,
@uip,
1,  @Server
)
End
IF(@@Error <> 0 )
ROLLBACK TRANSACTION
ELSE
COMMIT TRANSACTION
SET NOCOUNT OFF
End
GO
SET QUOTED_IDENTIFIER OFF
GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
SET ANSI_NULLS OFF
GO










CREATE PROCEDURE WZ_DISCONNECT_MEMB
@uid varchar(20)
AS
Begin
BEGIN TRANSACTION
SET NOCOUNT ON
IF EXISTS ( SELECT memb___id FROM MEMB_STAT WITH (READUNCOMMITTED)
WHERE memb___id = @uid )
Begin
UPDATE MEMB_STAT
SET DisConnectTM = (getdate()), connectstat = 0 WHERE memb___id = @uid
End
ELSE
Begin
INSERT INTO MEMB_STAT ( memb___id,DisConnectTM,connectstat) valueS (
@uid,
(getdate()),
0
)
End
IF(@@Error <> 0 )
ROLLBACK TRANSACTION
ELSE
COMMIT TRANSACTION
SET NOCOUNT OFF
End
GO
SET QUOTED_IDENTIFIER OFF
GO
SET ANSI_NULLS ON
GO










CREATE TABLE [dbo].[MEMB_STAT] (
[memb___id] [nvarchar] (10) COLLATE Chinese_PRC_CI_AS NOT NULL ,
[ConnectStat] [tinyint] NULL ,
[ServerName] [nvarchar] (20) COLLATE Chinese_PRC_CI_AS NULL ,
[IP] [nvarchar] (15) COLLATE Chinese_PRC_CI_AS NULL ,
[ConnectTM] [smalldatetime] NULL ,
[DisConnectTM] [smalldatetime] NULL
) ON [PRIMARY]
GO

---

- - - Updated - - -

Lucila, That procedure to disconnect users, that one that guy says... Do you remember?

Don't work for me.

Hi friend,can you explain how this will protect server side?Because as I see there is nothing to hook on gameserver sorry for this very noob question.I am just thinking how this dll will protect lower version server like season 3 because lower version have bypasser.They use other main.exe that is unpack to enter the game without any gameguard hooked.Thank you.

Quote:

---

Originally Posted by DevScript

Hi friend,can you explain how this will protect server side?Because as I see there is nothing to hook on gameserver sorry for this very noob question.I am just thinking how this dll will protect lower version server like season 3 because lower version have bypasser.They use other main.exe that is unpack to enter the game without any gameguard hooked.Thank you.

---

I made it very simple to use on any Muserver. Dll uses a php autentication, if IP (User on that IP) have no autentication after x minutes and user connectstat are equals to (1 connected), it means that user are connected on server without a working dll and that user uses bypass or suspend to kill antihack.

This way, char or acc ( you can choose) that are not autenticated by dll after some time can be banned on sql databases.

Only problem is, as you know, sometimes users stay connected on MuServer after leave it. This means connecstat are equals to 1 and, as expected, this users are banned too...

- - - Updated - - -

MU Server:

-Connectat don't works

-SQL Procedure to disconnect user don't works

-Move char to Map 5 on SQL don't works

Anyone of this solve our problem...

- - - Updated - - -

- - - Updated - - -

If someone, can try...

SQL Procedure to disconnect user:

Run this code just on time on Query Analyser:

Using MuOnline database:

Code:

---

GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE PROCEDURE [dbo].[WZ_DISCONNECT_MEMB]
@uid varchar(20)
AS

Begin

BEGIN TRANSACTION

SET NOCOUNT ON

IF EXISTS ( SELECT memb___id FROM MEMB_STAT WITH (READUNCOMMITTED) WHERE memb___id = @uid )
Begin
UPDATE MEMB_STAT
SET connectstat = 0 , DisConnectTM = (getdate())
WHERE memb___id = @uid
End

IF(@@Error <> 0 )
ROLLBACK TRANSACTION
ELSE
COMMIT TRANSACTION

SET NOCOUNT OFF
End

---

After that, to disconnet any user, you just select user id and run this code below on Query analizer to disconnect this user id:

Code:

---

DECLARE @RC int
DECLARE @uid varchar(20)
set @uid = 'USER ID';
EXECUTE @RC = [MuOnline].[dbo].[WZ_DISCONNECT_MEMB]
@uid

---

To me, this just don't works...

Quote:

---

Originally Posted by Cogito Ergo Sum

I made it very simple to use on any Muserver. Dll uses a php autentication, if IP (User on that IP) have no autentication after x minutes and user connectstat are equals to (1 connected), it means that user are connected on server without a working dll and that user uses bypass or suspend to kill antihack.

This way, char or acc ( you can choose) that are not autenticated by dll after some time can be banned on sql databases.

Only problem is, as you know, sometimes users stay connected on MuServer after leave it. This means connecstat are equals to 1 and, as expected, this users are banned too...

- - - Updated - - -

MU Server:

-Connectat don't works

-SQL Procedure to disconnect user don't works

-Move char to Map 5 on SQL don't works

Anyone of this solve our problem...

- - - Updated - - -

- - - Updated - - -

If someone, can try...

SQL Procedure to disconnect user:

Run this code just on time on Query Analyser:

Using MuOnline database:

Code:

---

GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE PROCEDURE [dbo].[WZ_DISCONNECT_MEMB]
@uid varchar(20)
AS

Begin

BEGIN TRANSACTION

SET NOCOUNT ON

IF EXISTS ( SELECT memb___id FROM MEMB_STAT WITH (READUNCOMMITTED) WHERE memb___id = @uid )
Begin
UPDATE MEMB_STAT
SET connectstat = 0 , DisConnectTM = (getdate())
WHERE memb___id = @uid
End

IF(@@Error <> 0 )
ROLLBACK TRANSACTION
ELSE
COMMIT TRANSACTION

SET NOCOUNT OFF
End

---

After that, to disconnet any user, you just select user id and run this code below on Query analizer to disconnect this user id:

Code:

---

DECLARE @RC int
DECLARE @uid varchar(20)
set @uid = 'USER ID';
EXECUTE @RC = [MuOnline].[dbo].[WZ_DISCONNECT_MEMB]
@uid

---

To me, this just don't works...

---

Thank you! Very clear and very detailed explanation.I might try it now,Can you link the correct video guide how to setup this version 4 sir?Thank you so much.

- - - Updated - - -

Hi Sir Is it necessary to run this query on the database

Quote:

---

GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE PROCEDURE [dbo].[WZ_DISCONNECT_MEMB]
@uid varchar(20)
AS

Begin

BEGIN TRANSACTION

SET NOCOUNT ON

IF EXISTS ( SELECT memb___id FROM MEMB_STAT WITH (READUNCOMMITTED) WHERE memb___id = @uid )
Begin
UPDATE MEMB_STAT
SET connectstat = 0 , DisConnectTM = (getdate())
WHERE memb___id = @uid
End

IF(@@Error <> 0 )
ROLLBACK TRANSACTION
ELSE
COMMIT TRANSACTION

SET NOCOUNT OFF
End

---

To make this simple query to disconnect stock account to work?

Quote:

---

DECLARE @RC int
DECLARE @uid varchar(20)
set @uid = 'USER ID';
EXECUTE @RC = [MuOnline].[dbo].[WZ_DISCONNECT_MEMB]
@uid

---

So it means sir if I didn't replace my old WZ_DISCONNECT_MEMB it means the query to disconnect stock accounts will not work?Thank you for answering because I tried it but it didn't work but I didn't changed my WZ_DISCONNECT_MEMB yet.

Hi Sir Is it necessary to run this query on the database

Are two diferent things Dev, this procedure to disconnect users there is no relation with the fist one codes for connectstat fix.

I'm not sure if that codes to fix connectat realy works, i made some test, but i find no way to reproduce this connectstat error as i need...

About this codes to disconnect users, for me, this just don't work. I have deleted WZ_DISCONNECT_MEMB and after that, run first procedure to creat it again, after that, i run second code to disconnect user, but char disconnection just don't happens.

This codes don't work on my Muserver (1.01e) started to tests, maybe in another Mu server version thath works...

Sorry about my broken english, thats not my native language.

@TS what do you think if we include process hiding?
http://www.rohitab.com/discuss/topic...ormation-hook/
https://www.youtube.com/watch?v=HbD-uoAXs-M

@TS what do you think if we include process hiding?

I will use a .exe hide process to protect main in the future. Tanks!

:thumbup1:



config.cfg

Code:

---

/Codex
Window = Mxmain
Class = ConsoleWindowClass
PID = Mxmain.exe

---

TESTE.cpp

Code:

---

// Video tutorial: http://www.youtube.com/user/vertexbrasil
#include "StdAfx.h"
#include <sstream>


class Convert
{
public:
    template <typename T>
    static std::string T_to_string(T const &val)
    {
        std::ostringstream ostr;
        ostr << val;


        return ostr.str();
    }
       
    template <typename T>
    static T string_to_T(std::string const &val)
    {
        std::istringstream istr(val);
        T returnVal;
        if (!(istr >> returnVal))
            exitWithError("CFG: Not a valid " + (std::string)typeid(T).name() + " received!\n");
        return returnVal;
    }
    template <>
    static std::string string_to_T(std::string const &val)
    {
        return val;
    }
};


void exitWithError(const std::string &error)
{
    std::cout << error;
    std::cin.ignore();
    std::cin.get();
    exit(EXIT_FAILURE);
}


class ConfigFile
{
private:
    std::map<std::string, std::string> contents;
    std::string fName;


    void removeComment(std::string &line) const
    {
        if (line.find('/') != line.npos)
            line.erase(line.find('/'));
    }


    bool onlyWhitespace(const std::string &line) const
    {
        return (line.find_first_not_of(' ') == line.npos);
    }
    bool validLine(const std::string &line) const
    {
        std::string temp = line;
        temp.erase(0, temp.find_first_not_of("\t "));
        if (temp[0] == '=')
            return false;


        for (size_t i = temp.find('=') + 1; i < temp.length(); i++)
            if (temp[i] != ' ')
            return true;
            return false;
    }
    void extractKey(std::string &key, size_t const &sepPos, const std::string &line) const
    {
        key = line.substr(0, sepPos);
        if (key.find('\t') != line.npos || key.find(' ') != line.npos)
            key.erase(key.find_first_of("\t "));
    }
    void extractValue(std::string &value, size_t const &sepPos, const std::string &line) const
    {
        value = line.substr(sepPos + 1);
        value.erase(0, value.find_first_not_of("\t "));
        value.erase(value.find_last_not_of("\t ") + 1);
    }


    void extractContents(const std::string &line)
    {
        std::string temp = line;
        temp.erase(0, temp.find_first_not_of("\t "));
        size_t sepPos = temp.find('=');


        std::string key, value;
        extractKey(key, sepPos, temp);
        extractValue(value, sepPos, temp);


        if (!keyExists(key))
            contents.insert(std::pair<std::string, std::string>(key, value));
        else
            exitWithError("CFG: Can only have unique key names!\n");
    }


    void parseLine(const std::string &line, size_t const lineNo)
    {
        if (line.find('=') == line.npos)
            exitWithError("CFG: Couldn't find separator on line: " + Convert::T_to_string(lineNo) + "\n");


        if (!validLine(line))
            exitWithError("CFG: Bad format for line: " + Convert::T_to_string(lineNo) + "\n");


        extractContents(line);
    }


    void ExtractKeys()
    {
        std::ifstream file;
        file.open(fName.c_str());
        if (!file)
            exitWithError("CFG: File " + fName + " couldn't be found!\n");


        std::string line;
        size_t lineNo = 0;
        while (std::getline(file, line))
        {
            lineNo++;
            std::string temp = line;


            if (temp.empty())
                continue;


            removeComment(temp);
            if (onlyWhitespace(temp))
                continue;


            parseLine(temp, lineNo);
        }


        file.close();
    }
public:
    ConfigFile(const std::string &fName)
    {
        this->fName = fName;
        ExtractKeys();
    }


    bool keyExists(const std::string &key) const
    {
        return contents.find(key) != contents.end();
    }


    template <typename ValueType>
    ValueType getValueOfKey(const std::string &key, ValueType const &defaultValue = ValueType()) const
    {
        if (!keyExists(key))
            return defaultValue;


        return Convert::string_to_T<ValueType>(contents.find(key)->second);
    }
};


int main2()
{
    ConfigFile cfg("config.cfg");


    bool exists = cfg.keyExists("Window");
    //std::cout << "Window: " << std::boolalpha << exists << "\n";
    std::string WindowValue = cfg.getValueOfKey<std::string>("Window");
    std::cout << "value of Window: " << WindowValue << "\n";


    exists = cfg.keyExists("Class");
    //std::cout << "Class: " << exists << "\n";
    std::string ClassValue = cfg.getValueOfKey<std::string>("Class");
    std::cout << "value of Class: " << ClassValue << "\n";


    exists = cfg.keyExists("PID");
    //std::cout << "Class: " << exists << "\n";
    std::string PIDValue = cfg.getValueOfKey<std::string>("PID");
    std::cout << "value of PID: " << PIDValue << "\n";
/////////////////////////////////
std::string str2 = WindowValue;
LPSTR WT = const_cast<char *>(str2.c_str());
HWND WinTitle = FindWindowA(NULL, WT);
if( WinTitle > 0){
SendMessage(WinTitle, WM_CLOSE,0,0);  // Close process
}
/////////////////////////////////
std::string str = ClassValue;
LPSTR CL = const_cast<char *>(str.c_str());
HWND WinClasse = FindWindowExA(NULL,NULL,CL,NULL);
if( WinClasse > 0){   
SendMessage(WinClasse, WM_CLOSE,0,0);  // Close process
}
/////////////////////////////////
std::string str3 = PIDValue;
LPSTR PID = const_cast<char *>(str3.c_str());
    //void GetProcId(char* u);
    PROCESSENTRY32 pe32;
    HANDLE hSnapshot = NULL;
    pe32.dwSize = sizeof( PROCESSENTRY32 );
    hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
    if( Process32First( hSnapshot, &pe32 )){
        do{
            if( strcmp( pe32.szExeFile, PID ) == 0 )
            {
            HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);  // Close process
            TerminateProcess(hProcess,NULL);
            ExitProcess(0);
            }
        }while( Process32Next( hSnapshot, &pe32 ) );
    }
    if( hSnapshot != INVALID_HANDLE_VALUE )
    CloseHandle( hSnapshot );
    return(0);
}


void main(){
    again:
    main2();
    Sleep(1000);
    goto again;
}


 void  TESTES(){
    CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(main),NULL,0,0);
}

---

Hola estube haciendole algunas modificaciones a la dll y ahora me sale este mensaje
http://prntscr.com/6h5cp6
No recuerdo bien que modifique, creo que desde el proyecto toque algo. Como lo podria solucionar?

Quote:

---

Originally Posted by caron22

Hola estube haciendole algunas modificaciones a la dll y ahora me sale este mensaje
http://prntscr.com/6h5cp6
No recuerdo bien que modifique, creo que desde el proyecto toque algo. Como lo podria solucionar?

---

Try: Codex > properties > configuration properties > c / c++ > code generation > runtime library > multi-threaded debug (MTd) to multi-threaded (/MT)

auto update not yet?

updated hack list?

Quote:

---

Originally Posted by tandoh

auto update not yet?

---

use launcher autoupdate

carrega.CRC_Protect = 0x446ea76b; // Protect.BMP v4 = 446ea76b <<< help me new BMP need new 0x

Sorry i noob :(

Codex.dll - anti-hack system - Add CRC conference
https://www.youtube.com/watch?v=bQs75z9pb7g

[auto update not yet?]

V5

Quote:

---

Originally Posted by Cogito Ergo Sum

[auto update not yet?]

V5

---

how about proccess hider?

Cogito, eu coloquei no meu servidor, mas a maioria tem este erro:

HW-Scan: TaskEng - Processo de Mecanismo do Agen
HW-Scan: TaskEng - Processo de Mecanismo do Agen


Como retiro o bloqueio do taskeng?
Ele é nativo do windows, e perdi muito jogador!

Remove Process word from your Heuristic window scan (HW-Scan) database musp2015

Thanks buddy, I have another problem.


(The program can not start because it is missing MSVCP100.dll on your computer. Try reinstalling it to solve this problem)




How can I solve?

http://forum.ragezone.com/images/sty...quote_icon.png Originally Posted by caron22 http://forum.ragezone.com/images/sty...post-right.png
Hola estube haciendole algunas modificaciones a la dll y ahora me sale este mensaje
http://prntscr.com/6h5cp6
No recuerdo bien que modifique, creo que desde el proyecto toque algo. Como lo podria solucionar?



Try: Codex > properties > configuration properties > c / c++ > code generation > runtime library > multi-threaded debug (MTd) to multi-threaded (/MT)

Cogito, how i can add more .att files check?

Cogito, how i can add more .att files check?

Copy and paste codes and change .att file names.To find all references, on START.cpp, right click on: carrega.CRC_Terrain7 >> Find all references

START.cpp
carrega.CRC_Terrain8 = 0x98fb5fca;


Classe.h
long CRC_Terrain8;

CRC.Arquivos.cpp
////////////////////////////////////////////////
if(ter8 != carrega.CRC_Terrain8){
if (carrega.Log_Txt_Hack == 1){
ofstream out("GameGuard/Log.txt", ios::app);
out << "\n CRC-Scan:", out << "Data/World7/EncTerrain8.att";
out.close();
}
if (carrega.Message_Warning_En == 1 || carrega.Message_Warning_En == 3){
CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_T8_En),NULL,0,0);
Sleep(5000);
ExitProcess(0);
}
if (carrega.Message_Warning_En == 2){
CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(Msg_T8_Br),NULL,0,0);
Sleep(5000);
ExitProcess(0);
}
if (carrega.Message_Warning_En == 0){
ExitProcess(0);
}
else
ExitProcess(0);
}
}
}


And Message:

void Msg_T8_En(){
MessageBoxA(NULL, "CRC-Scan\n\n[EncTerrain8.att] Corrupted or missing file!", carrega.Nome_das_Janelas, MB_SERVICE_NOTIFICATION | MB_ICONWARNING);
}

@Cogito Ergo Sum how can i make my launcher not closed and always open because when i click START the launcher will close and main will pop up

Nice project

@Cogito Ergo Sum how can i make my launcher always on. because when i click main.exe the launcher will autoclose. IN launcher when i click game start will autoclose launcher also. how to make launcher not autoclose when main.exe is opened? im using the GMO Launcher and also how to find the important things running on main for virtual memory protection cuz i dont know what will i protect .

Heres my launcher : http://forum.ragezone.com/f197/mu-gl...tomize-650773/

Quote:

---

sprintf (cbuffer, "%d", (*(unsigned short*)0x0E0750)); //Put ADDRESS here, this is for [carrega.Memory_Buffer_P]
MessageBoxA(NULL,(LPCSTR) cbuffer, "Memory_Buffer_P___",MB_ICONWARNING);
ExitProcess(0);
}


//WARNING! Add an address that not exist on Mxmain.exe will crash Mxmain.exe

//DETECTOR - Protect 5 hex from address start point
//((*(unsigned short*)0xADDRESS != BUFFER)
if ((*(unsigned short*)0x0E0750 != 29537) ||
// (*(unsigned short*)0x449081 != 29537) ||
// (*(unsigned short*)0x449081 != 29537) ||
// (*(unsigned short*)0x449081 != 29537) ||
// (*(unsigned short*)0x449081 != 29537) ||
(*(unsigned short*)0x0E0750 != 29537)){

---

When i use offset 0E075, main has been crashed.

Please help me.

Thank you!

@Cogito Ergo Sum i convert it to VS2003 and i got this warning then program doesn't open
LINK : warning LNK4243: DLL containing objects compiled with /clr is not linked with /NOENTRY; image may not run correctly]

@Cogito Ergo Sum i have here source files for my 1.04D chat separation how to add this. please guide me up thankyou https://www.mediafire.com/?c403dxye92sjhrd

When i use offset 0E075, main has been crashed.

Code:

---

//WARNING! Add an address that not exist on Mxmain.exe will crash Mxmain.exe

---

- - - Updated - - -

@Cogito Ergo Sum how can i make my launcher not closed and always open because when i click START the launcher will close and main will pop up

Looks like your launcher work this way, they are white to close before start main.exe

you can use something like this:

goto again:
Sleep (1000);
HWND WinTitle = FindWindowA(NULL, "Launcher window name");
if( WinTitle == 0){ // if launcher window are not running
WinExec("Launcher window.exe", SW_SHOWNORMAL); // Start launcher.exe on folder
again;

Quote:

---

Originally Posted by Cogito Ergo Sum

When i use offset 0E075, main has been crashed.

Code:

---

//WARNING! Add an address that not exist on Mxmain.exe will crash Mxmain.exe

---

- - - Updated - - -

@Cogito Ergo Sum how can i make my launcher not closed and always open because when i click START the launcher will close and main will pop up

Looks like your launcher work this way, they are white to close before start main.exe

you can use something like this:

goto again:
Sleep (1000);
HWND WinTitle = FindWindowA(NULL, "Launcher window name");
if( WinTitle == 0){ // if launcher window are not running
WinExec("Launcher window.exe", SW_SHOWNORMAL); // Start launcher.exe on folder
again;

---

Where can i add this?

goto again:
Sleep (1000);
HWND WinTitle = FindWindowA(NULL, "Launcher window name");
if( WinTitle == 0){ // if launcher window are not running
WinExec("Launcher window.exe", SW_SHOWNORMAL); // Start launcher.exe on folder
[/B][/I]again;[/QUOTE]

v4 version:

START.cpp

Code:

---

carrega.Launcher_Ativo              = 1;

---

Launcher_ativo.cpp

Change this:

Code:

---

void Launcher_Name(){
    HWND WinTitle = FindWindowA(NULL, carrega.Launcher_Window);
    if( WinTitle == 0){
    Fecha_ativa();
    //WinExec(carrega.Nome_do_Main, SW_SHOWNORMAL); // START Mxmain.exe
}
}

---

to this:

Code:

---

void Launcher_Name(){
    HWND WinTitle = FindWindowA(NULL, carrega.Launcher_Window);
    if( WinTitle == 0){
    //Fecha_ativa();
    WinExec(carrega.Nome_do_Launcher, SW_SHOWNORMAL); // START Launcher.exe
}
}

---

I don't make any test, becouse i have no time, but i think this solve your problem. Any time that launcher window are not find running, launcher will be started again...

- - - Updated - - -

Next week i will start to work on a new release. The last one, i think.

@Cogito Ergo Sum Thankyou because some of my players are currently bypassing the GameGuard using a simple programs to bypass DLL