Hello. Long time I dont use it. Now I has re-debug and it's changed to new address.
With this Tut, the HGWC.exe's not check your file has been chaged or fake
Here is Address and String of It.
---------HGWC CFNA-----------
Code:
0040DDB3 68 988F4800 PUSH HGWC.00488F98 ; UNICODE "Failed to get to file crc32 : file [%s] error [%d]"
0040DDB8 E8 83C6FFFF CALL HGWC.0040A440
0040DDBD 8B4424 44 MOV EAX,DWORD PTR SS:[ESP+44]
0040DDC1 8B4C24 3C MOV ECX,DWORD PTR SS:[ESP+3C]
0040DDC5 83C4 0C ADD ESP,0C
0040DDC8 50 PUSH EAX
0040DDC9 51 PUSH ECX
0040DDCA E8 65790300 CALL HGWC.00445734
0040DDCF 83C4 08 ADD ESP,8
0040DDD2 85C0 TEST EAX,EAX
0040DDD4 0F84 9D000000 JE HGWC.0040DE77 // Him here, Now change JE to JMP -> JMP HGWC.0040DE77
0040DDDA 3B6B 08 CMP EBP,DWORD PTR DS:[EBX+8]
0040DDDD 72 05 JB SHORT HGWC.0040DDE4
0040DDDF E8 60810300 CALL HGWC.00445F44
0040DDE4 8B5424 38 MOV EDX,DWORD PTR SS:[ESP+38]
0040DDE8 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
0040DDEB 8B08 MOV ECX,DWORD PTR DS:[EAX]
0040DDED 52 PUSH EDX
0040DDEE 51 PUSH ECX
MyCpp.Cpp
Code:
/#include <windows.h>
DWORD HGWC;
BYTE PatchHGWC[] = {0xE9,0x9E,0x00,0x00,0x00,0x90};
void Mains()
{
while(1)
{
if(!HGWC)
{
HGWC = (DWORD)GetModuleHandleA( "HGWC.exe" );
}
else
{
WriteProcessMemory(GetCurrentProcess(),(LPVOID)(HGWC+0xDDD4),&PatchHGWC,6,0);
}
Sleep(10);
}
}
BOOL APIENTRY DllMain( HANDLE hModule,DWORD ul_reason_for_call, LPVOID lpReserved)
{
if (ul_reason_for_call == 1)
{
CreateThread(0, 0, (LPTHREAD_START_ROUTINE)Mains, 0, 0, 0);
}
return TRUE;
}
Code:
FindPattern = 83 C4 ?? 85 C0 ?? ?? ?? ?? ?? ?? 3B 6B ?? ?? ?? E8
FindPattern + 0x5
Good Luck