Printable View
That's it, we made a dll to block hidetoolz ... that blocks only the dll hidetoolz ...
just give a simple hook
without MORE
Note: do not give much support to it!
this was tested and working!
100% credits to GXSoft - MuOnlineDev
File(s) Attachment(s)
http://www.muonlinedev.com/public/style_extra/mime_types/zip.gif killhidetoolz.rar
Approved,
can you offer more detalies ?
if you can renew the link cuase he is dead and which hook do we need to do with process or without ?
nice, but, what is export init name?
It not working
ellow im dev this dll, from GXSoft...im GXSoft owner (NaM4)
so. to hook it, u can call from your main dll if u want... like
LoadLibraryA("antihidetoolz.dll");
or hook it like a glow.dll
dont need a init name...
just push and jmp to entry..
cyao
PS: ill post a screenshot with this dll working
dont work for me.. loaded directly of main or in my dll..
works fine...
dont work with XP
This dont work and is a copy paste from another web... no?..
lol...
Code:program Project1;
uses
Windows,
CommCtrl;
function CheckHideToolz(): Boolean;
{****************************************
Must Uses CommCtrl
By pathletboy
2008.6.15
*****************************************}
var
ToolBarHnd: Cardinal;
hProc: HWND;
dwPID: DWORD;
lpCommon: Pointer;
btnInfo: TTBBUTTON;
dwBytes: DWORD;
TrayIconCaption: array[0..512] of char;
i, nBtnCount: Integer;
begin
//{$I VMP_BEGIN.INC}
Result := False;
ToolBarHnd := FindWindowEx(0, 0, 'Shell_TrayWnd', nil);
ToolBarHnd := FindWindowEx(ToolBarHnd, 0, 'TrayNotifyWnd', nil);
ToolBarHnd := FindWindowEx(ToolBarHnd, 0, 'SysPager', nil);
ToolBarHnd := FindWindowEx(ToolBarHnd, 0, 'ToolbarWindow32', nil);
if ToolBarHnd = 0 then
begin
Result := True;
Exit;
end;
GetWindowThreadProcessId(ToolBarHnd, @dwPID);
hProc := OpenProcess(PROCESS_VM_OPERATION or
PROCESS_VM_READ or PROCESS_VM_WRITE, false, dwPID);
lpCommon := VirtualAllocEx(hProc, nil, 4096,
MEM_RESERVE or MEM_COMMIT, PAGE_READWRITE);
nBtnCount := SendMessage(ToolBarHnd, TB_BUTTONCOUNT, 0, 0);
for i := 0 to nBtnCount do
begin
ZeroMemory(@btnInfo, sizeof(btnInfo));
WriteProcessMemory(hProc, lpCommon, @btnInfo, sizeof(btnInfo), dwBytes);
SendMessage(ToolBarHnd, TB_GETBUTTON, i, LPARAM(lpCommon));
ReadProcessMemory(hProc, lpCommon, @btnInfo, sizeof(btnInfo), dwBytes);
SendMessage(ToolBarHnd, TB_GETBUTTONTEXT, btnInfo.idCommand,
LPARAM(LPARAM(lpCommon) + sizeof(btnInfo)));
ReadProcessMemory(hProc, Pointer(LPARAM(lpCommon) + sizeof(btnInfo)),
@TrayIconCaption, 512, dwBytes);
OutputDebugString(TrayIconCaption);
if TrayIconCaption = 'HideToolz' then
begin
Result := True;
Break;
end;
end;
VirtualFreeEx(hProc, lpCommon, 0, MEM_RELEASE);
CloseHandle(hProc);
//{$I VMP_END.INC}
end;
begin
//{$I VMP_BEGIN.INC}
if CheckHideToolz then
MessageBox(0,'HideToolz detected','JODETE',MB_OK);
//{$I VMP_END.INC}
end.
any screenshot or guide to hook?
Link Offline Reup plss
Approved, thanks.