HideDLL

[REALITY2alt]

@ REALITY™ Thanks :-) Your DIP hook was also Nice C&P.

Why so retard ? i posted WE11NGTON DIP HOOK which updated ? roflamo

[aladin111]

no downloads ?!

[RobinC]

no downloads ?!

It's a source,not a download.
You need to know C++.

[Rullez]

Nice and Good work

[RobinC]

Nice and Good work

Thanx,but don't try to spam on every thread .

[Zacherl]

Seriously this is still working? I used that PEB unlinking method years ago

[RobinC]

Seriously this is still working? I used that PEB unlinking method years ago

Still working fine for me .

[Snorlxks]

where do i put this coding at? im new >.<

[RobinC]

where do i put this coding at? im new >.<

Learn C++ First .

[~FALLEN~]

REALITY Always cry's when I release something, we are just to sexy for him

---------- Post added at 10:29 PM ---------- Previous post was at 10:28 PM ----------



As long as they put credits @gellin Im okay with it.

They will not credit anyone... they're leach's. Also, this isn't anything new a bunch of people have done it before... for instance, dwark( or however he spells it ), helios, mattdog, etc

Besides there are plenty of better ways to hide your module. Regardless though hopefully some people will learn something with this... For those who don't know what it's doing is removing it from the linked list of modules in the pe loader structure within the PEB.

LIST_ENTRY InLoadOrderModuleList;
LIST_ENTRY InMemoryOrderModuleList;
LIST_ENTRY InInitializationOrderModuleList;

I would also remove it from here too : HashTableEntry : LIST_ENTRY HashTableEntry;

LIST_ENTRY is just a bidirectional linked list...
Thanks for sharing though Robin... hopefully people take the time to LEARN from it and not just copy paste it...
-Pyro

[RobinC]

They will not credit anyone... they're leach's. Also, this isn't anything new a bunch of people have done it before... for instance, dwark( or however he spells it ), helios, mattdog, etc

Besides there are plenty of better ways to hide your module. Regardless though hopefully some people will learn something with this... For those who don't know what it's doing is removing it from the linked list of modules in the pe loader structure within the PEB.

LIST_ENTRY InLoadOrderModuleList;
LIST_ENTRY InMemoryOrderModuleList;
LIST_ENTRY InInitializationOrderModuleList;

I would also remove it from here too : HashTableEntry : LIST_ENTRY HashTableEntry;

LIST_ENTRY is just a bidirectional linked list...
Thanks for sharing though Robin... hopefully people take the time to LEARN from it and not just copy paste it...
-Pyro

You said that nice .
I also hope people will learn BEFORE they use this,but most people will leech it.

[Jhem]

Nice copy and paste skills from Combat arms section

hahah funny not combat sections

this is from WarRock Sections......

here

Code:

void HideModule(HINSTANCE hModule)
{
	DWORD dwPEB_LDR_DATA = 0;
	_asm
	{
		pushad;
		pushfd;
		mov eax, fs:[30h]             
		mov eax, [eax+0Ch]               
		mov dwPEB_LDR_DATA, eax	

		InLoadOrderModuleList:
			mov esi, [eax+0Ch]	     
			mov edx, [eax+10h]	     

		LoopInLoadOrderModuleList: 
		    lodsd		         
			mov esi, eax	
			mov ecx, [eax+18h]  
			cmp ecx, hModule	
			jne SkipA		 
		    mov ebx, [eax]	  
		    mov ecx, [eax+4]  
		    mov [ecx], ebx    
		    mov [ebx+4], ecx	  
			jmp InMemoryOrderModuleList 

		SkipA:
			cmp edx, esi     
			jne LoopInLoadOrderModuleList

		InMemoryOrderModuleList:
			mov eax, dwPEB_LDR_DATA
			mov esi, [eax+14h]
			mov edx, [eax+18h]

		LoopInMemoryOrderModuleList: 
			lodsd
			mov esi, eax
			mov ecx, [eax+10h]
			cmp ecx, hModule
			jne SkipB
			mov ebx, [eax] 
			mov ecx, [eax+4]
			mov [ecx], ebx
			mov [ebx+4], ecx
			jmp InInitializationOrderModuleList

		SkipB:
			cmp edx, esi
			jne LoopInMemoryOrderModuleList

		InInitializationOrderModuleList:
			mov eax, dwPEB_LDR_DATA
			mov esi, [eax+1Ch]	  
			mov edx, [eax+20h]	  

		LoopInInitializationOrderModuleList: 
			lodsd
			mov esi, eax		
			mov ecx, [eax+08h]
			cmp ecx, hModule		
			jne SkipC
			mov ebx, [eax] 
			mov ecx, [eax+4]
			mov [ecx], ebx
			mov [ebx+4], ecx
			jmp Finished

		SkipC:
			cmp edx, esi
			jne LoopInInitializationOrderModuleList

		Finished:
			popfd;
			popad;
	}
}

Code:

void EraseHeaders(HINSTANCE hModule)
{

	PIMAGE_DOS_HEADER pDoH; 
	PIMAGE_NT_HEADERS pNtH;
	DWORD i, ersize, protect;

	if (!hModule) return;
	
	pDoH = (PIMAGE_DOS_HEADER)(hModule);

	pNtH = (PIMAGE_NT_HEADERS)((LONG)hModule + ((PIMAGE_DOS_HEADER)hModule)->e_lfanew);

	ersize = sizeof(IMAGE_DOS_HEADER);
	if (VirtualProtect(pDoH, ersize, PAGE_READWRITE, &protect))
	{
		for ( i=0; i < ersize; i++ )
				*(BYTE*)((BYTE*)pDoH + i) = 0;
	}

	ersize = sizeof(IMAGE_NT_HEADERS);
	if (pNtH && VirtualProtect(pNtH, ersize, PAGE_READWRITE, &protect))
	{
		for (i = 0; i < ersize; i++)
				*(BYTE*)((BYTE*)pNtH + i) = 0;
	}
	return;
}

hahaha

[V I]

hahah funny not combat sections

this is from WarRock Sections......

here

Code:

void HideModule(HINSTANCE hModule)
{
	DWORD dwPEB_LDR_DATA = 0;
	_asm
	{
		pushad;
		pushfd;
		mov eax, fs:[30h]             
		mov eax, [eax+0Ch]               
		mov dwPEB_LDR_DATA, eax	

		InLoadOrderModuleList:
			mov esi, [eax+0Ch]	     
			mov edx, [eax+10h]	     

		LoopInLoadOrderModuleList: 
		    lodsd		         
			mov esi, eax	
			mov ecx, [eax+18h]  
			cmp ecx, hModule	
			jne SkipA		 
		    mov ebx, [eax]	  
		    mov ecx, [eax+4]  
		    mov [ecx], ebx    
		    mov [ebx+4], ecx	  
			jmp InMemoryOrderModuleList 

		SkipA:
			cmp edx, esi     
			jne LoopInLoadOrderModuleList

		InMemoryOrderModuleList:
			mov eax, dwPEB_LDR_DATA
			mov esi, [eax+14h]
			mov edx, [eax+18h]

		LoopInMemoryOrderModuleList: 
			lodsd
			mov esi, eax
			mov ecx, [eax+10h]
			cmp ecx, hModule
			jne SkipB
			mov ebx, [eax] 
			mov ecx, [eax+4]
			mov [ecx], ebx
			mov [ebx+4], ecx
			jmp InInitializationOrderModuleList

		SkipB:
			cmp edx, esi
			jne LoopInMemoryOrderModuleList

		InInitializationOrderModuleList:
			mov eax, dwPEB_LDR_DATA
			mov esi, [eax+1Ch]	  
			mov edx, [eax+20h]	  

		LoopInInitializationOrderModuleList: 
			lodsd
			mov esi, eax		
			mov ecx, [eax+08h]
			cmp ecx, hModule		
			jne SkipC
			mov ebx, [eax] 
			mov ecx, [eax+4]
			mov [ecx], ebx
			mov [ebx+4], ecx
			jmp Finished

		SkipC:
			cmp edx, esi
			jne LoopInInitializationOrderModuleList

		Finished:
			popfd;
			popad;
	}
}

Code:

void EraseHeaders(HINSTANCE hModule)
{

	PIMAGE_DOS_HEADER pDoH; 
	PIMAGE_NT_HEADERS pNtH;
	DWORD i, ersize, protect;

	if (!hModule) return;
	
	pDoH = (PIMAGE_DOS_HEADER)(hModule);

	pNtH = (PIMAGE_NT_HEADERS)((LONG)hModule + ((PIMAGE_DOS_HEADER)hModule)->e_lfanew);

	ersize = sizeof(IMAGE_DOS_HEADER);
	if (VirtualProtect(pDoH, ersize, PAGE_READWRITE, &protect))
	{
		for ( i=0; i < ersize; i++ )
				*(BYTE*)((BYTE*)pDoH + i) = 0;
	}

	ersize = sizeof(IMAGE_NT_HEADERS);
	if (pNtH && VirtualProtect(pNtH, ersize, PAGE_READWRITE, &protect))
	{
		for (i = 0; i < ersize; i++)
				*(BYTE*)((BYTE*)pNtH + i) = 0;
	}
	return;
}

hahaha

Shut up and suck my dick, its already posted on CA sections before and you think i care ?
don't ever try to mention \ quote me , i hate paki people like u.

[zo5097]

Good job contributor leecher

[C++] __asm { pushad; pushfd; mov eax, fs:[30h] mov eax, [eax - Pastebin.com

[MegaMigue]

Is this working?

Regards,
MegaMigue