Here the sample bypass code in C++
This for Hackshield bypass
Author: Mafia67
Code:
BOOL WriteMemory (VOID *lpMem, VOID *lpSrc, DWORD len)
{
DWORD lpflOldProtect, flNewProtect = PAGE_READWRITE;
unsigned char *pDst = (unsigned char *)lpMem,
*pSrc = (unsigned char *)lpSrc;
if (VirtualProtect(lpMem,len,flNewProtect,&lpflOldProtect))
{
while(len-- >0) *pDst++ = *pSrc++;
VirtualProtect(lpMem,len, lpflOldProtect,&lpflOldProtect);
FlushInstructionCache(GetCurrentProcess(), lpMem, len);
return 1;
}
return 0;
}
void HSBypass (void)
{
DWORD dwEHSVC = 0;
do
{
dwEHSVC = (DWORD)GetModuleHandle("EhSvc.dll");
Sleep(250);
}while(!dwEHSVC);
WriteMemory((LPVOID)(dwEHSVC + 0x003D67F), (LPVOID)"\x03\xD2", 2);
WriteMemory((LPVOID)(dwEHSVC + 0x003F77D), (LPVOID)"\xB8\x00\x00\x00\x00", 5);
WriteMemory((LPVOID)(dwEHSVC + 0x000A1A0), (LPVOID)"\xC2\x04\x00", 3);
WriteMemory((LPVOID)(dwEHSVC + 0x0085B43), (LPVOID)"\xC3", 1);
WriteMemory((LPVOID)(dwEHSVC + 0x000A238), (LPVOID)"\x74", 1);
WriteMemory((LPVOID)(dwEHSVC + 0x008523E), (LPVOID)"\xC2\x04\x00", 3);
WriteMemory((LPVOID)(dwEHSVC + 0x00A5EBA), (LPVOID)"\xD2", 1);
}
This for Xtrap Bypass
Author: Slicktor
Main.cpp
Code:
#include "Bypass.h"
DWORD WINAPI InitializeXTrapBypass() {
DWORD nBase;
while(1)
{
nBase = (DWORD)GetModuleHandleA("XTrapVa.dll");
if(nBase){
Sleep(500);
BYPASS bypass;
bypass.Driver64();
bypass.ProcessDetection();
break;
}
}
return 0;
}
BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
DisableThreadLibraryCalls(hDll);
if( dwReason == DLL_PROCESS_ATTACH)
{
_beginthread((void(*)(void*))InitializeXTrapBypass,sizeof(&InitializeXTrapBypass),0);
}
return TRUE;
}
Main.h
Code:
#include <Windows.h>
#include <tlhelp32.h>
#include <process.h>
#include <wchar.h>
class BYPASS
{
public:
int BYPASS::ProcessDetection();
int BYPASS::Driver64();
};
int BYPASS::ProcessDetection()
{
DWORD K32EnumAddr = (DWORD)GetProcAddress(LoadLibraryA("Kernel32.dll"),"K32EnumProcesses");
//DWORD EnumAddr = (DWORD)GetProcAddress(LoadLibraryA("Psapi.dll"),"EnumProcesses");
DWORD old;
VirtualProtect((LPVOID)K32EnumAddr,sizeof(K32EnumAddr),PAGE_EXECUTE_READWRITE,&old);
//VirtualProtect((LPVOID)EnumAddr,sizeof(EnumAddr),PAGE_EXECUTE_READWRITE,&old);
memcpy((LPVOID)K32EnumAddr,(LPVOID)"\xC2\x0C\x00",3);
//memcpy((LPVOID)EnumAddr,(LPVOID)"\xC2\x0C\x00",3);
return 0;
}
int BYPASS::Driver64()
{
wmemcpy((wchar_t*)0x405D0C24,(const wchar_t*)"X6va01",6);
return 0;
}