Jump to content
MaxCheaters Official Group on Discord
-> Place your ad text here <-
LINEAGE2.GOLD INTERLUDE SERVER ON ESSENCE CLIENT

[Developement] New antihack way.

dEvilKinG
 Share

Recommended Posts

dEvilKinG Newbie

dEvilKinG

Posted
Posted

Hello people, i just started working with l2j server files and i have a suggestion for you..

I was working on MU Online and we used a way to block "hackers", we coded a dll with Bump codes of cheats and the antihack if detects the "illegal prog" just close l2.exe and the hack. The dump code can be taken with a debuger.. E.G. ollydbg

 

{0x40970E, {0x68, 0xB4, 0x98, 0x40, 0x00, 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, 0x50, 0x64, 0x89, 0x25, 0x00, 0x00, 0x00, 0x00, 0x83, 0xEC, 0x68, 0x53, 0x56, 0x57, 0x89, 0x65, 0xE8, 0x33, 0xDB, 0x89, 0x5D}},	// Speed Gear 5

 

 

Take a look

 

// ----------------------------------------------------
// File name: AntiHack.cpp
// Date: 2008-06-26
// Author: f1x / f1ksiu@hotmail.com
// ----------------------------------------------------
#ifndef PDC_ANTIHACK_H
#define PDC_ANTIHACK_H
#define MAX_DUMP_OFFSETS 2
#define MAX_DUMP_SIZE 32
#define MAX_PROCESS_DUMP 2
typedef struct ANITHACK_PROCDUMP {
unsigned int m_aOffset;
unsigned char m_aMemDump[MAX_DUMP_SIZE];
} *PANITHACK_PROCDUMP;
extern ANITHACK_PROCDUMP g_ProcessesDumps[MAX_PROCESS_DUMP];
void SystemProcessesScan();
bool ScanProcessMemory(HANDLE hProcess);

#endif //PDC_ANTIHACK_H
//---------------------------------------------------------------------------------------------
// ----------------------------------------------------
// File name: AntiHack.cpp
// Date: 2008-06-26
// Author: f1x / f1ksiu@hotmail.com
// ----------------------------------------------------
#include "stdafx.h"
#include "AntiHack.h"
#include <windows.h>
#include <tlhelp32.h>
#include <stdlib.h>
ANITHACK_PROCDUMP g_ProcessesDumps[MAX_PROCESS_DUMP] = {
           {0x40970E, {0x68, 0xB4, 0x98, 0x40, 0x00, 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, 0x50, 0x64, 0x89, 0x25, 0x00, 0x00, 0x00, 0x00, 0x83, 0xEC, 0x68, 0x53, 0x56, 0x57, 0x89, 0x65, 0xE8, 0x33, 0xDB, 0x89, 0x5D}},	// Speed Gear 5
               };
void SystemProcessesScan() {
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hProcessSnap != INVALID_HANDLE_VALUE)
{
 PROCESSENTRY32 pe32;
 pe32.dwSize = sizeof(PROCESSENTRY32);
 if(Process32First(hProcessSnap, &pe32))
 {
  do
  {
   HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
   if(hProcess != NULL)
   {
    if(ScanProcessMemory(hProcess))
    {
     MessageBoxA(0, "Found hack software in your system.\n\nHint: Close all illegal programs and run application again.", "Software guard", MB_OK | MB_ICONSTOP);
     ExitProcess(0);
    }
   }
  }
  while(Process32Next(hProcessSnap, &pe32));
 }
}
CloseHandle(hProcessSnap);
}
bool ScanProcessMemory(HANDLE hProcess) {
for(int i = 0; i < MAX_PROCESS_DUMP; i++)
{
 char aTmpBuffer[MAX_DUMP_SIZE];
 SIZE_T aBytesRead = 0;
 ReadProcessMemory(hProcess, (LPCVOID)g_ProcessesDumps[i].m_aOffset, (LPVOID)aTmpBuffer, sizeof(aTmpBuffer), &aBytesRead);
 if(memcmp(aTmpBuffer, g_ProcessesDumps[i].m_aMemDump, MAX_DUMP_SIZE) == 0)
 {
  return true;
  break;
 }
}
return false;
}

So when this will detect running speedgear 5 it will close the l2.exe..

 

I don't have VC++ knowledge so i cannot develop it for l2...

 

*** THIS CODE IS FOR MU ONLINE Client so you will have to change some little variables. ***

 

 

FULL ANTIHACK SOURCE

 

EDIT: Changed [sUGGESTION] Tag to [Developement]

dEvilKinG Newbie

dEvilKinG

Posted
  • Author
Posted

If i will do it with Setekh i will talk with him about sharing, i don't have any prob to share it but i will not be alone so if he want it private i cannot do nothing, i just gave the source... its almost ready. :)

 

By the way you should add this in the code, to check always for running programs because without this it will check only on running of client.

void MainThread()
{
again:
   SystemProcessesScan();
   Sleep(50);
   goto again;
}

 

And in:

extern  "C"  __declspec(dllexport) void Main() {

 

Add this:

CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(MainThread),NULL,0,0);

 

Alexi Newbie

Alexi

Posted
Posted

If i will do it with Setekh i will talk with him about sharing, i don't have any prob to share it but i will not be alone so if he want it private i cannot do nothing, i just gave the source... its almost ready. :)

 

By the way you should add this in the code, to check always for running programs because without this it will check only on running of client.

void MainThread()
{
again:
    SystemProcessesScan();
    Sleep(50);
    goto again;
}

 

And in:

extern  "C"  __declspec(dllexport) void Main() {

 

Add this:

CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(MainThread),NULL,0,0);

 

I understand that and as i see you have talent,like johnie says,"keep walking" , good luck ;)
3xpl0it3R Newbie

3xpl0it3R

Posted
Posted

This code is old... there are many ways to by-pass this protection... also create a exploit for this code is very good.. i already create this code but in Perl....

Horus Newbie

Horus

Posted
Posted

lool.

Savor (savormix) will committ the new Anti-Noobish tools (L2jAttacker,L2j Killer,Ultimate Flooder,etc) in a few hours.A few MMOCore changes and that will do it.

Just wait for it , there's no need for this ^^

 

Besides, all the wannabe-packs (Basically, all Interlude Packs) will leech it from Jfree so don't worry, protection will come soon.

3xpl0it3R Newbie

3xpl0it3R

Posted
Posted

lool.

Savor (savormix) will committ the new Anti-Noobish tools (L2jAttacker,L2j Killer,Ultimate Flooder,etc) in a few hours.A few MMOCore changes and that will do it.

Just wait for it , there's no need for this ^^

 

Besides, all the wannabe-packs (Basically, all Interlude Packs) will leech it from Jfree so don't worry, protection will come soon.

 

Thats why L2JFree's packs are the safest packs on the world ! .This code is only for MU.. not for Lineage... so is better to move it... here is Lineage Section.. not MU

 

 

 

*** THIS CODE IS FOR MU ONLINE Client so you will have to change some little variables. ***

 

 

FiX Newbie

FiX

Posted
Posted

w8ing for this protect.

if you will block some hacks like l2-j attacker it's will be perfect

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


×
×
  • Create New...

AdBlock Extension Detected!

Our website is made possible by displaying online advertisements to our members.

Please disable AdBlock browser extension first, to be able to use our community.

I've Disabled AdBlock