HackShield Bypass (EhSvc.dll version 5.6.28.404)
#include <windows.h>
BOOL MemoryEdit(VOID *lpMem, VOID *lpSrc, DWORD len)
{
DWORD lpflOldProtect, flNewProtect = PAGE_READWRITE;
unsigned char * pDst = (unsigned char *)lpMem,
*pSrc = (unsigned char *)lpSrc;
if (VirtualProtect(lpMem, len, flNewProtect, &lpflOldProtect))
{
while (len-- > 0) *pDst++ = *pSrc++;
return(0);
}
return(1);
}
// EhSvc.dll version 5.6.28.404
DWORD WINAPI CrippleHackShield()
{
DWORD dwEhSvc = 0;
do
{
dwEhSvc = (DWORD)GetModuleHandleA("EhSvc.dll");
Sleep(1000);
} while (!dwEhSvc);
// HS_Call_Back_2
MemoryEdit((void *)(dwEhSvc + 0xAC28), (void *)"\x90\x90", 2);
// HS_Call_Back_1
MemoryEdit((void *)(dwEhSvc + 0x90AB0), (void *)"\xC3", 1);
// HS_Detection
MemoryEdit((void *)(dwEhSvc + 0xAB90), (void *)"\xC2\x04\x00", 3);
// HS_Assembly
MemoryEdit((void *)(dwEhSvc + 0x34F4D), (void *)"\x90\x90", 2);
// HS_Anti_Crash
MemoryEdit((void *)(dwEhSvc + 0x464AE), (void *)"\x90\x90", 2);
return 0;
}
BOOL WINAPI DllMain(HINSTANCE, DWORD r, LPVOID)
{
if (r == DLL_PROCESS_ATTACH)
{
//AllocConsole();
CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)CrippleHackShield, NULL, NULL, NULL);
}
else if (r == DLL_PROCESS_DETACH)
{
FreeConsole();
}
return TRUE;
}
沒有留言:
張貼留言