Hello people, i just started working with l2j server files and i have a suggestion for you..
I was working on MU Online and we used a way to block "hackers", we coded a dll with Bump codes of cheats and the antihack if detects the "illegal prog" just close l2.exe and the hack. The dump code can be taken with a debuger.. E.G. ollydbg
{0x40970E, {0x68, 0xB4, 0x98, 0x40, 0x00, 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, 0x50, 0x64, 0x89, 0x25, 0x00, 0x00, 0x00, 0x00, 0x83, 0xEC, 0x68, 0x53, 0x56, 0x57, 0x89, 0x65, 0xE8, 0x33, 0xDB, 0x89, 0x5D}}, // Speed Gear 5
Take a look
// ----------------------------------------------------
// File name: AntiHack.cpp
// Date: 2008-06-26
// Author: f1x / f1ksiu@hotmail.com
// ----------------------------------------------------
#ifndef PDC_ANTIHACK_H
#define PDC_ANTIHACK_H
#define MAX_DUMP_OFFSETS 2
#define MAX_DUMP_SIZE 32
#define MAX_PROCESS_DUMP 2
typedef struct ANITHACK_PROCDUMP {
unsigned int m_aOffset;
unsigned char m_aMemDump[MAX_DUMP_SIZE];
} *PANITHACK_PROCDUMP;
extern ANITHACK_PROCDUMP g_ProcessesDumps[MAX_PROCESS_DUMP];
void SystemProcessesScan();
bool ScanProcessMemory(HANDLE hProcess);
#endif //PDC_ANTIHACK_H
//---------------------------------------------------------------------------------------------
// ----------------------------------------------------
// File name: AntiHack.cpp
// Date: 2008-06-26
// Author: f1x / f1ksiu@hotmail.com
// ----------------------------------------------------
#include "stdafx.h"
#include "AntiHack.h"
#include <windows.h>
#include <tlhelp32.h>
#include <stdlib.h>
ANITHACK_PROCDUMP g_ProcessesDumps[MAX_PROCESS_DUMP] = {
{0x40970E, {0x68, 0xB4, 0x98, 0x40, 0x00, 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, 0x50, 0x64, 0x89, 0x25, 0x00, 0x00, 0x00, 0x00, 0x83, 0xEC, 0x68, 0x53, 0x56, 0x57, 0x89, 0x65, 0xE8, 0x33, 0xDB, 0x89, 0x5D}}, // Speed Gear 5
};
void SystemProcessesScan() {
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hProcessSnap != INVALID_HANDLE_VALUE)
{
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
if(Process32First(hProcessSnap, &pe32))
{
do
{
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
if(hProcess != NULL)
{
if(ScanProcessMemory(hProcess))
{
MessageBoxA(0, "Found hack software in your system.\n\nHint: Close all illegal programs and run application again.", "Software guard", MB_OK | MB_ICONSTOP);
ExitProcess(0);
}
}
}
while(Process32Next(hProcessSnap, &pe32));
}
}
CloseHandle(hProcessSnap);
}
bool ScanProcessMemory(HANDLE hProcess) {
for(int i = 0; i < MAX_PROCESS_DUMP; i++)
{
char aTmpBuffer[MAX_DUMP_SIZE];
SIZE_T aBytesRead = 0;
ReadProcessMemory(hProcess, (LPCVOID)g_ProcessesDumps[i].m_aOffset, (LPVOID)aTmpBuffer, sizeof(aTmpBuffer), &aBytesRead);
if(memcmp(aTmpBuffer, g_ProcessesDumps[i].m_aMemDump, MAX_DUMP_SIZE) == 0)
{
return true;
break;
}
}
return false;
}
So when this will detect running speedgear 5 it will close the l2.exe..
I don't have VC++ knowledge so i cannot develop it for l2...
*** THIS CODE IS FOR MU ONLINE Client so you will have to change some little variables. ***
FULL ANTIHACK SOURCE
EDIT: Changed [sUGGESTION] Tag to [Developement]