Originally Posted by
HOOSIER
I am looking for some help if you know your way around olly dbg and wanna help let me know . I am pretty close but i am tired and have been at this for a while now . I am serious and only will want one experienced person to help . Coding would be a plus . If i find it first i will share with you . And i do think i am very close and will point you in the correct place to look .
Mention me or message me thanks .
[IMG]
[/IMG]
You want bypass coding?
Code:
#include <Windows.h>
#include <iostream>
#include <tlhelp32.h>
#include <stdio.h>
using namespace std;
DWORD GetProcessId(const TCHAR* lpProcessName)
{
DWORD dwProcessId = 0;
PROCESSENTRY32 entry;
entry.dwSize = sizeof(PROCESSENTRY32);
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (snapshot != INVALID_HANDLE_VALUE)
{
if (Process32First(snapshot, &entry))
{
do
{
if (_wcsicmp(entry.szExeFile, lpProcessName) == 0)
{
dwProcessId = entry.th32ProcessID;
break;
}
} while (Process32Next(snapshot, &entry));
}
CloseHandle(snapshot);
}
return dwProcessId;
}
void suspend(DWORD processId)
{
HANDLE hThreadSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
THREADENTRY32 threadEntry;
threadEntry.dwSize = sizeof(THREADENTRY32);
if (hThreadSnapshot != INVALID_HANDLE_VALUE)
{
if (Thread32First(hThreadSnapshot, &threadEntry))
{
do
{
if (threadEntry.th32OwnerProcessID == processId)
{
HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, threadEntry.th32ThreadID);// maybe we required too many accesses THREAD_ALL_ACCESS, or maybe we didnt raise the process's priviliges
if (hThread)
{
SuspendThread(hThread);
CloseHandle(hThread);
}
}
} while (Thread32Next(hThreadSnapshot, &threadEntry));
}
CloseHandle(hThreadSnapshot);
}
}
int main(int argc, TCHAR* argv[])
{
SetConsoleTitle(TEXT("AVA Xigncode3 Bypass"));
cout << "Searching for AVA..." << endl;
DWORD dwProcessId;
while (!(dwProcessId = GetProcessId(TEXT("AVA.exe"))))/
Sleep(1);
cout << "We've found AVA!" << endl;
HANDLE hProcess = OpenProcess(PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, dwProcessId);
if (hProcess)
{
cout << "Trying to get in..." << endl;
const DWORD dwLocationOfFunction = 0x429570; (This is the old address)
BYTE FirstByte;
DWORD dwOldProtection;
while (!ReadProcessMemory(hProcess, (LPVOID)dwLocationOfFunction, &FirstByte, sizeof(FirstByte), NULL) || FirstByte != 0x55)
{
if (GetLastError() == ERROR_ACCESS_DENIED)
cout << "ERROR_ACCESS_DENIED" << endl;
Sleep(1);
}
cout << "Killing Xigncode3" << endl;
const BYTE ByteToWrite = 0xC3;
BOOL bSuccess = VirtualProtectEx(hProcess, (LPVOID)dwLocationOfFunction, sizeof(FirstByte), PAGE_EXECUTE_READWRITE, &dwOldProtection);
if (bSuccess)
bSuccess = WriteProcessMemory(hProcess, (LPVOID)dwLocationOfFunction, &ByteToWrite, sizeof(ByteToWrite), NULL);
CloseHandle(hProcess);
if (bSuccess)
cout << "Bypassed by Haxor" << endl;
}
cin.get();
return 0;
}
It may help you a bit but its the old way and not a scan method.