Byapass

[demtrios]

Code:

HINSTANCE lGetModuleHandle(CHAR *szModule)
{
	HINSTANCE hModule = NULL;
	if(!(hModule = GetModuleHandle(szModule)))
	{
		hModule = LoadLibrary(szModule);
	}
	return hModule;
}

INT Memcpy(VOID *lpMem, VOID *lpSrc, size_t len)
{
	DWORD flNewProtect = PAGE_READWRITE, lpflOldProtect;
	unsigned char *pDst = (unsigned char *)lpMem, *pSrc = (unsigned char *)lpSrc;

	if(VirtualProtect(lpMem, len, flNewProtect, &lpflOldProtect))
	{
		while(len-- > 0) *pDst++ = *pSrc++;
		return 0;
	}

	return 1;
}



#define EhsvcSelfCrC	    0x00799EC 
#define Detection	        0x0009F10 
#define NanoCheck1 		    0x003C4BE 
#define NanoCheck2	        0x00398FF 
#define NanoCheck3		    0x003B976 
#define AsmDetection		0x002BBC1
#define HSAntiCrash		    0x003C52E

DWORD WINAPI Bypass(LPVOID)
{
	DWORD dwHackshield = NULL;
	do
	{
		Sleep(100);
		dwHackshield = (DWORD)GetModuleHandle(STRING_EHSVC);
	} while(!dwHackshield);

	BYTE HSB1[1] = {0x74};
	BYTE HSB2[1] = {0xD2};
	BYTE HSB3[3] = {0xC2, 0x04, 0x00};
	BYTE HSB4[1] = {0x31};
	BYTE HSB5[2] = {0x90, 0x90};

	Memcpy((VOID *)(dwHackshield + NanoCheck2),	        HSB4, 1);
	Memcpy((VOID *)(dwHackshield + Detection),	        HSB3, 3);
	Memcpy((VOID *)(dwHackshield + NanoCheck3),	        HSB4, 1);
	Memcpy((VOID *)(dwHackshield + AsmDetection),	    HSB5, 2);
	Memcpy((VOID *)(dwHackshield + EhsvcSelfCrC),	    HSB3, 3);
	Memcpy((VOID *)(dwHackshield + NanoCheck1 ),	    HSB4, 1);
	Memcpy((VOID *)(dwHackshield + HSAntiCrash ),       HSB4, 1);

	return NULL;
}

Credits

@luizimloko ->Byapass
@demtrios ->adresses