OldSchoolHack

Registrieren / Anmelden Deutsch
deutschDeutsch
englishEnglish
Neue Beiträge Erweiterte Suche

ProcessProtector Src v1.0

not available
  • Kategorie: Sourcecode
  • Entwickler:
  • Hochgeladen von: KN4CK3R
  • Hinzugefügt am:
  • System: Windows
Download (1.28 MB)

VirusTotal Ergebnis: 0/49

virustotal

Beschreibung
Bei Problemen mit einem Hack hilft
ein Blick in die FAQ!
This application will guard itself from being accessed by the OpenProcess API using the CE driver. It is written in a form that makes it easy to be bundled with external hacks.

The EPROCESS structures were extracted from the Um Links zu sehen, musst du dich registrieren using a pdb ripper and wrapped in their own namespace so they can be included at the same time. (The structure itself might be aligned different though, I recommend using the offsets in the comments).

This is how the protection works:
  1. First lock the file of the hack by opening a handle without the share flag, additionally use LockFile (Thanks to Forza). Optionally you can use "CHandleSweeper::LockUntilReboot" to duplicate the handle to the game or the explorer.exe process - this will make sure the hack keeps locked until the game starts or the os reboots.
  2. Check if the OS supports protected processes by trying to open the "audiodg.exe" process with "PROCESS_QUERY_INFORMATION | PROCESS_VM_READ" (should be denied).
  3. (Optionally again) Rename the file of the hack if it is named RENAME_ME, issue an error if the hack name is found in the path (as this is potentially detectable).
  4. Extract CE (from a resource) to the temporary folder, start it and obtain a handle on it.
  5. Use CE to set the EPROCESS protected flag.
  6. Close CE, make sure the driver is unloaded.
  7. Remove CE from the temporary folder, remove CE registry keys.
  8. Close all handles on the system pointing to your process - they could be hijacked to access the process.
  9. Launch a thread that keeps checking if the protection is intact (by trying to access the file and checking the protection of the process).
  10. (Optionally) Clear the USN journal, so that the file won't be found later.
  11. Use the acccess control list to further protect the process.
Download ProcessProtector Src v1.0