.. copyed post from teh uc..
Hi guys,
Got leaked, for the same reason as unlimited ammo.
Here you are:
Code:
...
Tools:
bool isRunning( const char* name )
{
HANDLE SnapShot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
if( SnapShot == INVALID_HANDLE_VALUE )
return false;
PROCESSENTRY32 procEntry;
procEntry.dwSize = sizeof( PROCESSENTRY32 );
if( !Process32First( SnapShot, &procEntry ) )
return false;
do
{
if( strcmp( procEntry.szExeFile, name ) == 0 )
return true;
}
while( Process32Next( SnapShot, &procEntry ) );
return false;
}
DWORD GetProcessID(char* name)
{
PROCESSENTRY32 pe = {sizeof(PROCESSENTRY32)};
HANDLE hand = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(Process32First(hand, &pe))
{
while (Process32Next(hand, &pe))
{
if(!strcmp(pe.szExeFile, name))
return pe.th32ProcessID;
}
}
CloseHandle(hand);
}
DWORD GetModuleAddress(DWORD proc, const char *modname)
{
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, proc);
if( snapshot == INVALID_HANDLE_VALUE )
return 0;
MODULEENTRY32 mod;
mod.dwSize = sizeof(MODULEENTRY32);
if( Module32First(snapshot, &mod) )
{
if( strcmp(mod.szModule, modname) == 0 )
return (unsigned long)mod.modBaseAddr;
while( Module32Next(snapshot, &mod) )
{
if( strcmp(mod.szModule, modname) == 0 )
return (unsigned long)mod.modBaseAddr;
}
return 0;
}
else
return 0;
}
Code:
bool bBlackCipherProcessOpened = false; HANDLE hCipherInstanceProcess; DWORD dwCipherPID;
void WriteBlackCipherBypass()
{
BYTE MOVAL0RET[6] = {0xB0, 0x00, 0xC2, 0x04, 0x00};
while(true)
{
if(!bBlackCipherProcessOpened)
{
if(isRunning(STRING_BLACKCIPHER_MODULE ) )
{
if(!bBlackCipherProcessOpened)
{
dwCipherPID = GetProcessID(STRING_BLACKCIPHER_MODULE);
hCipherInstanceProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, 0, dwCipherPID);
bBlackCipherProcessOpened = true;
}
}
}
else
{
DWORD dwEHSvcModule = GetModuleAddress(dwCipherPID, STRING_EHSVC_MODULE);
if(dwEHSvcModule !=0)
{
WriteProcessMemory(hCipherInstanceProcess, (void *)0x421800, MOVAL0RET, 5, 0);
CloseHandle(hCipherInstanceProcess);
ExitThread(0);
}
}
Sleep(200);
}
}
..
CreateThread(0, 0, (LPTHREAD_START_ROUTINE)WriteBlackCipherBypass, 0, 0, 0);
..
All credits goes to me, I did this find a lot of time ago. Before execute every check, this function is getting called and if AL register is to 0 every check is going to return.