Code:HINSTANCE lGetModuleHandle(CHAR *szModule) { HINSTANCE hModule = NULL; if(!(hModule = GetModuleHandle(szModule))) { hModule = LoadLibrary(szModule); } return hModule; } INT Memcpy(VOID *lpMem, VOID *lpSrc, size_t len) { DWORD flNewProtect = PAGE_READWRITE, lpflOldProtect; unsigned char *pDst = (unsigned char *)lpMem, *pSrc = (unsigned char *)lpSrc; if(VirtualProtect(lpMem, len, flNewProtect, &lpflOldProtect)) { while(len-- > 0) *pDst++ = *pSrc++; return 0; } return 1; } #define EhsvcSelfCrC 0x00799EC #define Detection 0x0009F10 #define NanoCheck1 0x003C4BE #define NanoCheck2 0x00398FF #define NanoCheck3 0x003B976 #define AsmDetection 0x002BBC1 #define HSAntiCrash 0x003C52E DWORD WINAPI Bypass(LPVOID) { DWORD dwHackshield = NULL; do { Sleep(100); dwHackshield = (DWORD)GetModuleHandle(STRING_EHSVC); } while(!dwHackshield); BYTE HSB1[1] = {0x74}; BYTE HSB2[1] = {0xD2}; BYTE HSB3[3] = {0xC2, 0x04, 0x00}; BYTE HSB4[1] = {0x31}; BYTE HSB5[2] = {0x90, 0x90}; Memcpy((VOID *)(dwHackshield + NanoCheck2), HSB4, 1); Memcpy((VOID *)(dwHackshield + Detection), HSB3, 3); Memcpy((VOID *)(dwHackshield + NanoCheck3), HSB4, 1); Memcpy((VOID *)(dwHackshield + AsmDetection), HSB5, 2); Memcpy((VOID *)(dwHackshield + EhsvcSelfCrC), HSB3, 3); Memcpy((VOID *)(dwHackshield + NanoCheck1 ), HSB4, 1); Memcpy((VOID *)(dwHackshield + HSAntiCrash ), HSB4, 1); return NULL; }