Results 1 to 2 of 2
  1. 12-18-2013 #1
    trane25
    trane25 is offline
    New Member
    trane25's Avatar
    Join Date
    Aug 2011
    Gender
    male
    Posts
    4
    Reputation
    10
    Thanks
    0
    My Mood
    Aggressive
    Send a message via Birdie™ to trane25 United States

    Question AntiBlackCipher SourceCode (Pretty sure it's outdated. Founded in OldHardDrive

    Moarr!
    AntiBlackCipher
    Code:
    //08/10/2013

#include "stdafx.h"
#include <TlHelp32.h>

BOOL isRunning( const CHAR *name )
{
    HANDLE SnapShot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );

    if( SnapShot == INVALID_HANDLE_VALUE )
        return FALSE;

    PROCESSENTRY32 procEntry;
    procEntry.dwSize = sizeof( PROCESSENTRY32 );

    if( !Process32First( SnapShot, &procEntry ) )
        return FALSE;

    do
    {
        if( strcmp( ( const CHAR * )procEntry.szExeFile, name ) == 0 )
            return TRUE;
    }
    while( Process32Next( SnapShot, &procEntry ) );

    return FALSE;
}

DWORD GetProcessID( CHAR *name )
{
    PROCESSENTRY32 pe = { sizeof( PROCESSENTRY32 ) };
    HANDLE hand = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );

    if( Process32First( hand, &pe ) )
    {
        while( Process32Next( hand, &pe ) )
        {
            if( !strcmp( ( const CHAR * )pe.szExeFile, name ) )
                return pe.th32ProcessID;
        }
    }
    CloseHandle( hand );
	return 0;
}

DWORD GetModuleAddress( DWORD proc, const CHAR *modname )
{
    HANDLE snapshot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, proc );

    if( snapshot == INVALID_HANDLE_VALUE )
        return 0;

    MODULEENTRY32 mod;
    mod.dwSize = sizeof( MODULEENTRY32 );

    if( Module32First( snapshot, &mod ) )
    {
        if( strcmp( ( const CHAR * )mod.szModule, modname ) == 0 )
            return ( DWORD )mod.modBaseAddr;

        while( Module32Next( snapshot, &mod ) )
        {
            if( strcmp( ( const CHAR * )mod.szModule, modname ) == 0 )
                return ( DWORD )mod.modBaseAddr;
        }

        return 0;
    }
    else
        return 0;
}

BOOL bBlackCipherProcessOpened = FALSE; HANDLE hCipherInstanceProcess; DWORD dwCipherPID;
void WriteBlackCipherBypass( void )
{
    BYTE MOVAL0RET[6] = { 0xB0, 0x00, 0xC2, 0x04, 0x00 };

    while( TRUE )
    {
        if( !bBlackCipherProcessOpened )
        {
            if( isRunning( "BlackCipher.aes" ) )
            {
                if( !bBlackCipherProcessOpened )
                {
                    dwCipherPID = GetProcessID( "BlackCipher.aes" );
                    hCipherInstanceProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, 0, dwCipherPID );
                    bBlackCipherProcessOpened = TRUE;
                }
            }
        }
        else
        {
            DWORD dwEHSvcModule = GetModuleAddress( dwCipherPID, "EHSvc.dll" );

            if( dwEHSvcModule != 0 )
            {
                WriteProcessMemory( hCipherInstanceProcess, ( LPVOID )0x004212F0, MOVAL0RET, 5, 0 );
                CloseHandle( hCipherInstanceProcess );
                ExitThread( 0 );
            }
        }
        Sleep( 200 );
    }
}
    Not know if works. you may try?
  2. 12-18-2013 #2
    Skaterforeva1
    Skaterforeva1 is offline
    Bobo's Trainer
    MPGH Member
    Skaterforeva1's Avatar
    Join Date
    Apr 2010
    Gender
    male
    Location
    Up your ass
    Posts
    936
    Reputation
    32
    Thanks
    485
    My Mood
    Psychedelic
    Send a message via Birdie™ to Skaterforeva1 United States Skaterforeva Skaterforeva Skaterforeva Skaterforeva1
    Doesn't work, it was patched back in august.




    ^Suck it!
« Previous Thread | Next Thread »

Similar Threads

  1. I'm pretty sure something isn't right
    By Nathan in forum General
    Replies: 9
    Last Post: 09-29-2011, 03:21 PM
  2. I'm pretty sure modloader works with the new update?
    By Ainenbn in forum Call of Duty Modern Warfare 2 Private Servers
    Replies: 7
    Last Post: 07-12-2010, 05:01 AM
  3. rumor corrected (pretty sure)
    By elmokills in forum Combat Arms Hacks & Cheats
    Replies: 2
    Last Post: 03-10-2009, 01:05 PM
  4. mombot is now detected im pretty sure
    By theACEofSP4DES in forum Call of Duty 4 - Modern Warfare (MW) Hacks
    Replies: 13
    Last Post: 02-04-2008, 02:00 PM