Undetected Base - Исходник SimpleWH

 #include <windows.h>
#include <iostream>
#include <psapi.h>

using namespace std;

 #define Wallhack 0x7480AC

typedef int (WINAPI* myMsgBox)(HWND,LPSTR,LPSTR,UINT);
typedef SHORT (WINAPI* myGetKeyState)(int);
typedef BOOL (WINAPI* myBeep)(DWORD, DWORD);

 void Wait(int seconds)
{

for(int x = 0; x < seconds * 2500;x++)

{

}
}

struct CDATA
{

char msg[50];

char title[50];

int buttons;

LPVOID msgbox_addr;

LPVOID getkeystate_addr;

LPVOID beep_addr;
};

 DWORD FindCFID( DWORD processID )


{


TCHAR szProcessName[MAX_PATH] = "n\\a";


HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |PROCESS_VM_READ,FALSE, processID );


if (NULL != hProcess )


{


HMODULE hMod;


DWORD cbNeeded;


if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), 


&cbNeeded) )


{


GetModuleBaseName( hProcess, hMod, szProcessName, 


sizeof(szProcessName)/sizeof(TCHAR) );


}


}


if(strcmp(szProcessName, "crossfire.exe") == 0)


{


cout << "Found: " << szProcessName << endl;


int ID = processID;


CloseHandle( hProcess );


return ID;


}


else


{


CloseHandle( hProcess );


return NULL;


}


}

 static DWORD Injected(CDATA* data)


{


myGetKeyState keyState = (myGetKeyState)data->getkeystate_addr;


myBeep beep = (myBeep)data->beep_addr;


myMsgBox MsgBox = (myMsgBox)data->msgbox_addr;


MsgBox(0,data->msg, data->title, data->buttons);


while(TRUE)


{


if(keyState(VK_F10))


{


// Wallhack 0x74703C


memcpy((void*)(Wallhack), (PBYTE)"\x90\x90\x90\x90", 4);


beep(200,200);


}


Wait(1);


}


return 0;


}


static DWORD Empty(){ 


return 0;


}

 void ject(DWORD procID)


{


CDATA cdata;


HANDLE TargetProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, false, procID);


if(TargetProcessHandle)


{


cout << "Process opened: " << procID << endl;


HMODULE user32 = LoadLibrary("User32.dll");


HMODULE kernel = LoadLibrary("Kernel32.dll");


if(!user32 || !kernel) return;


cout << "Kernel.dll loaded..." << endl;


cout << "User32.dll loaded..." << endl;


cdata.buttons = MB_OK;


strcpy_s(cdata.msg, "Press F10 ingame to activate wallhack!");


strcpy_s(cdata.title, "Crossfire Hooked!");


cdata.msgbox_addr = GetProcAddress(user32, "MessageBoxA");


cdata.getkeystate_addr = GetProcAddress(user32, "GetAsyncKeyState");


cdata.beep_addr = GetProcAddress(kernel, "Beep");


cout << " " << endl;


cout << "------------ADDYS------------" << endl;


cout << "MsgBox: " << cdata.msgbox_addr << endl;


cout << "KeyState: " << cdata.getkeystate_addr << endl;


cout <<"Beep: " << cdata.beep_addr << endl;


cout << "------------END ADDYS------------" << endl;


cout << " " << endl;


int szFunctionSize = (DWORD)Empty - (DWORD)Injected;


cout << "Function Size: " << szFunctionSize << endl;


LPVOID szFunctionAddress = VirtualAllocEx(TargetProcessHandle,0,szFunctionSize,MEM_RESERVE|MEM_COMMIT,PAGE_EXECUTE_READWRITE);


cout << "Function addr: " << szFunctionAddress << endl;


int num2 = WriteProcessMemory(TargetProcessHandle,szFunctionAddress,(VOID*)Injected, szFunctionSize,0);


cout << "WriteProcessMemory returned: " << num2 << endl;


if(num2 == 0)


{


DWORD errCode = GetLastError();


char *err;


if (!FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,NULL,errCode,MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),(LPTSTR)&err,0,NULL))


return;


cout << "------> Error: " << err << endl;


return;


}


LPVOID szDataAdress = VirtualAllocEx(TargetProcessHandle,0,sizeof(CDATA),MEM_RESERVE|MEM_COMMIT,PAGE_READWRITE);


cout << "Data addr: " << szDataAdress << endl;


num2 = WriteProcessMemory(TargetProcessHandle,szDataAdress,&cdata,sizeof(CDATA),0);


cout << "WriteProcessMemory returned: " << num2 << endl;


if(num2 == 0)


{


DWORD errCode = GetLastError();


char *err;


if (!FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,NULL,errCode,MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),(LPTSTR)&err,0,NULL))


return;


cout << "------> Error: " << err << endl;


return;


}


DWORD lpNumberOfBytesWritten = 0;


HANDLE hand = CreateRemoteThread(TargetProcessHandle, 0, 0, (LPTHREAD_START_ROUTINE)szFunctionAddress, szDataAdress, 0, (SIZE_T*)&lpNumberOfBytesWritten);


if(hand != NULL)


{


WaitForSingleObject(TargetProcessHandle, 2000);


VirtualFree(szFunctionAddress, 0, MEM_RELEASE);


VirtualFree(szDataAdress, 0, MEM_RELEASE);


CloseHandle(TargetProcessHandle);


CloseHandle(hand);


cout << "Successfully Injected... Byteswritten: " << lpNumberOfBytesWritten << endl;


}


else


cout << "Error creating remote thread..." << endl;


}


else


cout << "Error opening process for injection..." << endl;


}

 int privileges()


{


HANDLE Token;


TOKEN_PRIVILEGES tp;


if(OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&Token))


{


LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid);


tp.PrivilegeCount = 1;


tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;


if (AdjustTokenPrivileges(Token, 0, &tp, sizeof(tp), NULL, NULL)==0)


return 1; 


else


return 0; 


}	 


return 1;


}

 void main()


{


if(privileges() != 0) 


{


cout << "Some kind of priviledge error..." << endl;


return;


}


while(1)


{


DWORD aProcesses[1024], cbNeeded, cProcesses;


unsigned int i;


if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )


{


cout << "Error reading process list..." << endl;


return;


}


cProcesses = cbNeeded / sizeof(DWORD);


DWORD procID = NULL;


bool found = false;


for ( i = 0; i < cProcesses; i++ )


{


if( aProcesses[i] != 0 )


{


procID = FindCFID( aProcesses[i] );


if(procID != NULL)


{


found = true;


break;


}


}


}


if(!found)


cout << "waiting for crossfire.exe" << endl;


else


{


cout << "crossfire.exe found! Injecting..." << endl;


ject(procID);


break;


}


Sleep(1000);


}


}