[Developement] New antihack way.

[dEvilKinG]

Hello people, i just started working with l2j server files and i have a suggestion for you..

I was working on MU Online and we used a way to block "hackers", we coded a dll with Bump codes of cheats and the antihack if detects the "illegal prog" just close l2.exe and the hack. The dump code can be taken with a debuger.. E.G. ollydbg

 

{0x40970E, {0x68, 0xB4, 0x98, 0x40, 0x00, 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, 0x50, 0x64, 0x89, 0x25, 0x00, 0x00, 0x00, 0x00, 0x83, 0xEC, 0x68, 0x53, 0x56, 0x57, 0x89, 0x65, 0xE8, 0x33, 0xDB, 0x89, 0x5D}},	// Speed Gear 5

 

 

Take a look

 

// ----------------------------------------------------
// File name: AntiHack.cpp
// Date: 2008-06-26
// Author: f1x / f1ksiu@hotmail.com
// ----------------------------------------------------
#ifndef PDC_ANTIHACK_H
#define PDC_ANTIHACK_H
#define MAX_DUMP_OFFSETS 2
#define MAX_DUMP_SIZE 32
#define MAX_PROCESS_DUMP 2
typedef struct ANITHACK_PROCDUMP {
unsigned int m_aOffset;
unsigned char m_aMemDump[MAX_DUMP_SIZE];
} *PANITHACK_PROCDUMP;
extern ANITHACK_PROCDUMP g_ProcessesDumps[MAX_PROCESS_DUMP];
void SystemProcessesScan();
bool ScanProcessMemory(HANDLE hProcess);

#endif //PDC_ANTIHACK_H
//---------------------------------------------------------------------------------------------
// ----------------------------------------------------
// File name: AntiHack.cpp
// Date: 2008-06-26
// Author: f1x / f1ksiu@hotmail.com
// ----------------------------------------------------
#include "stdafx.h"
#include "AntiHack.h"
#include <windows.h>
#include <tlhelp32.h>
#include <stdlib.h>
ANITHACK_PROCDUMP g_ProcessesDumps[MAX_PROCESS_DUMP] = {
           {0x40970E, {0x68, 0xB4, 0x98, 0x40, 0x00, 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, 0x50, 0x64, 0x89, 0x25, 0x00, 0x00, 0x00, 0x00, 0x83, 0xEC, 0x68, 0x53, 0x56, 0x57, 0x89, 0x65, 0xE8, 0x33, 0xDB, 0x89, 0x5D}},	// Speed Gear 5
               };
void SystemProcessesScan() {
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hProcessSnap != INVALID_HANDLE_VALUE)
{
 PROCESSENTRY32 pe32;
 pe32.dwSize = sizeof(PROCESSENTRY32);
 if(Process32First(hProcessSnap, &pe32))
 {
  do
  {
   HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
   if(hProcess != NULL)
   {
    if(ScanProcessMemory(hProcess))
    {
     MessageBoxA(0, "Found hack software in your system.\n\nHint: Close all illegal programs and run application again.", "Software guard", MB_OK | MB_ICONSTOP);
     ExitProcess(0);
    }
   }
  }
  while(Process32Next(hProcessSnap, &pe32));
 }
}
CloseHandle(hProcessSnap);
}
bool ScanProcessMemory(HANDLE hProcess) {
for(int i = 0; i < MAX_PROCESS_DUMP; i++)
{
 char aTmpBuffer[MAX_DUMP_SIZE];
 SIZE_T aBytesRead = 0;
 ReadProcessMemory(hProcess, (LPCVOID)g_ProcessesDumps[i].m_aOffset, (LPVOID)aTmpBuffer, sizeof(aTmpBuffer), &aBytesRead);
 if(memcmp(aTmpBuffer, g_ProcessesDumps[i].m_aMemDump, MAX_DUMP_SIZE) == 0)
 {
  return true;
  break;
 }
}
return false;
}

So when this will detect running speedgear 5 it will close the l2.exe..

 

I don't have VC++ knowledge so i cannot develop it for l2...

 

*** THIS CODE IS FOR MU ONLINE Client so you will have to change some little variables. ***

 

 

FULL ANTIHACK SOURCE

 

EDIT: Changed [sUGGESTION] Tag to [Developement]

[Setekh]

if u can get me the integers with a debuger, i can make the rest of the code :P

[GoodT]

Very nice idea, I something try ;).

[dEvilKinG]

add me in msn. i can do it.

 

devilking@**.com

[Alexi]

If u can do something like that it would be great and plz share it....:P

[dEvilKinG]

If i will do it with Setekh i will talk with him about sharing, i don't have any prob to share it but i will not be alone so if he want it private i cannot do nothing, i just gave the source... its almost ready. :)

 

By the way you should add this in the code, to check always for running programs because without this it will check only on running of client.

void MainThread()
{
again:
   SystemProcessesScan();
   Sleep(50);
   goto again;
}

 

And in:

extern  "C"  __declspec(dllexport) void Main() {

 

Add this:

CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(MainThread),NULL,0,0);

 

[Alexi]

If i will do it with Setekh i will talk with him about sharing, i don't have any prob to share it but i will not be alone so if he want it private i cannot do nothing, i just gave the source... its almost ready. :)

 

By the way you should add this in the code, to check always for running programs because without this it will check only on running of client.

void MainThread()
{
again:
    SystemProcessesScan();
    Sleep(50);
    goto again;
}

 

And in:

extern  "C"  __declspec(dllexport) void Main() {

 

Add this:

CreateThread(NULL,NULL,LPTHREAD_START_ROUTINE(MainThread),NULL,0,0);

 

I understand that and as i see you have talent,like johnie says,"keep walking" , good luck ;)

[3xpl0it3R]

This code is old... there are many ways to by-pass this protection... also create a exploit for this code is very good.. i already create this code but in Perl....

[leoadrian]

mmm i cant make it work :(

[3xpl0it3R]

mmm i cant make it work :(

 

Cuz you dont know how yo use it..

[kosker]

i cant understand it. plz explain it to me

[dEvilKinG]

You need VC++ knowledge, so don't try if you don't have it.

[Horus]

lool.

Savor (savormix) will committ the new Anti-Noobish tools (L2jAttacker,L2j Killer,Ultimate Flooder,etc) in a few hours.A few MMOCore changes and that will do it.

Just wait for it , there's no need for this ^^

 

Besides, all the wannabe-packs (Basically, all Interlude Packs) will leech it from Jfree so don't worry, protection will come soon.

[3xpl0it3R]

lool.

Savor (savormix) will committ the new Anti-Noobish tools (L2jAttacker,L2j Killer,Ultimate Flooder,etc) in a few hours.A few MMOCore changes and that will do it.

Just wait for it , there's no need for this ^^

 

Besides, all the wannabe-packs (Basically, all Interlude Packs) will leech it from Jfree so don't worry, protection will come soon.

 

Thats why L2JFree's packs are the safest packs on the world ! .This code is only for MU.. not for Lineage... so is better to move it... here is Lineage Section.. not MU

 

 

 

*** THIS CODE IS FOR MU ONLINE Client so you will have to change some little variables. ***

 

 

[FiX]

w8ing for this protect.

if you will block some hacks like l2-j attacker it's will be perfect