» » Release Xtrap-bypass Source V2 (32/64 Bit) Cross Fire
Edit

Release Xtrap-bypass Source V2 (32/64 Bit) Cross Fire

Code:
#include <Windows.h>
#include <process.h>
#include <TlHelp32.h>
#include <Psapi.h>
#include "mHook.h"
 
#pragma comment(lib,"Psapi.lib")
 
// Module to exit
HMODULE hDLL;
 
/* Our hooked-function */
void DefineNothing_CC();
/* Our hooked-function */
void K32Enum_CC();
 
 
 
// Function to begin the hook
void _beginhook(void*){
 
        // our addresses
        DWORD dwAddy;
        DWORD dwDLL;
        DWORD dwXTrap;
        DWORD dwXTrapDriver;
 
 
        // wait for xtrap
        while(1){
                // break
                Sleep(500);
                // get xtrap base
                dwXTrap = (DWORD)GetModuleHandle("XTrapVa.dll");
                // check if it exists
                if(dwXTrap){
                        // leave
                        break;
                }
 
        }
       
 
        if(PSAPI_VERSION == 1){
        // get address
        dwDLL = (DWORD)GetModuleHandle("Psapi.dll");
        // get address
        dwAddy = (DWORD)GetProcAddress((HINSTANCE)dwDLL,"EnumProcesses");
        // Prevent that Xtrap scan processes
        mHook::DetourCodeCave(dwAddy,(DWORD)DefineNothing_CC,19);
 
        // get address
        dwDLL = (DWORD)GetModuleHandle("Kernel32.dll");
        // get address
        dwAddy = (DWORD)GetProcAddress((HINSTANCE)dwDLL,"ExitProcess");
        // Prevent exit then ollydbg was found
        mHook::DetourCodeCave(dwAddy,(DWORD)DefineNothing_CC,27);
        }
        else
        {
        // little break
        Sleep(500);
        // set new dll
        dwDLL = (DWORD)GetModuleHandle("Kernel32.dll");
        // get new addy
        dwAddy = (DWORD)GetProcAddress((HINSTANCE)dwDLL,"K32EnumProcesses");
        // Prevent that Xtrap scan processes
        mHook::DetourCodeCave(dwAddy,(DWORD)K32Enum_CC,3);
 
        // get address
        dwDLL = (DWORD)GetModuleHandle("Kernel32.dll");
        // get address
        dwAddy = (DWORD)GetProcAddress((HINSTANCE)dwDLL,"ExitProcess");
        // Prevent exit then ollydbg was found
        mHook::DetourCodeCave(dwAddy,(DWORD)DefineNothing_CC,27);
 
        }
 
        // Get driver Address
        dwXTrapDriver = 0x406668A0;
        // Change it
        wmemcpy((wchar_t*)dwXTrapDriver,L"X6va01",6);
 
        // Exit
        FreeLibraryAndExitThread(hDLL,8);
 
}
 
 
 
 
/* Main */
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved){
 
 
        if(fdwReason == DLL_PROCESS_ATTACH){
 
               
              
                // set our Module
                hDLL = hinstDLL;
                // begin
                _beginthread(_beginhook,0,0);
 
                // success
                return true;
        }
 
        // fail
        return false;
}
 
 
/* Our hooked-function */
__declspec( naked ) void K32Enum_CC(){
        __asm{
                ret 0x00C
        }
}
 
/* Our hooked-function */
__declspec( naked ) void DefineNothing_CC(){
        __asm{
                mov edi,edi
                push ebp
                mov ebp,esp
                pop ebp
                jmp orig
                nop
                nop
                nop
                nop
                nop
orig:
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
        }
}

HGWC Bypass Function Source Only (64 bit)

Code:
#define TRUE FALSE
class HGWC
{

public:

    int HGWC::FileDetection(int);
    int HGWC::KeepAlive(int);
    int HGWC::Bann(int);
    int HGWC::Thread(int);
}rect;

Related Posts :

0 Response to "Release Xtrap-bypass Source V2 (32/64 Bit) Cross Fire"

Post a Comment

Subscribe to: Post Comments (Atom)