[Source C++ 1.15] Uhack Source code

tarafından **Hello EMO** Perş. Ara. 09, 2010 5:39 am

Thanks to
AgentGod for null timer and download addresses
Mcmike for SEH

Kod:: #define WIN32_LEAN_AND_MEAN #include <windows.h> #include "detours.h" LONG WINAPI UnhandlerExceptionFilter(struct _EXCEPTION_POINTERS* ExceptionInfo); DWORD WINAPI GetTickCount_Detour(void); BOOL WINAPI GetThreadContext_Detour (HANDLE hThread,LPCONTEXT lpContext); DETOUR_TRAMPOLINE(BOOL WINAPI GetThreadContext_Trampoline(HANDLE ,LPCONTEXT) ,GetThreadContext); void Set_SEH_and_BreakPoints(void); LPTOP_LEVEL_EXCEPTION_FILTER oldHandler=NULL; BYTE opcodes[5]; BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) { switch(ul_reason_for_call) { case DLL_PROCESS_ATTACH: DisableThreadLibraryCalls(GetModuleHandle(NULL)); ReadProcessMemory(GetCurrentProcess(),(LPVOID)GetProcAddress(GetModuleHandle("Kernel32"),"GetTickCount"),&opcodes,5,0); DetourFunction((PBYTE)GetTickCount,(PBYTE)GetTickCount_Detour); DetourFunctionWithTrampoline((PBYTE)GetThreadContext_Trampoline,(PBYTE)GetThreadContext_Detour); break; case DLL_PROCESS_DETACH: DetourRemove((PBYTE) GetThreadContext_Trampoline,(PBYTE) GetThreadContext_Detour); WriteProcessMemory(GetCurrentProcess(),(LPVOID)GetProcAddress(GetModuleHandle("Kernel32"),"GetTickCount"),&opcodes,5,0); if (oldHandler) SetUnhandledExceptionFilter(oldHandler); break; } return true; } DWORD WINAPI GetTickCount_Detour() { Set_SEH_and_BreakPoints(); WriteProcessMemory(GetCurrentProcess(),(LPVOID)GetProcAddress(GetModuleHandle("Kernel32"),"GetTickCount"),&opcodes,5,0); return GetTickCount(); } void Set_SEH_and_BreakPoints() { oldHandler=SetUnhandledExceptionFilter(UnhandlerExceptionFilter); CONTEXT ctx = {CONTEXT_DEBUG_REGISTERS}; ctx.Dr6 = 0x00000000; ctx.Dr0 = 0x4A3007; // Null Timer ctx.Dr7 |= 0x00000001; ctx.Dr1=0x450220; // shows 100 for download ctx.Dr7 |= 0x00000004; ctx.Dr2=0x450228; // shows counting to 100 for download ctx.Dr7 |= 0x00000010; SetThreadContext(GetCurrentThread(), &ctx); } LONG WINAPI UnhandlerExceptionFilter(struct _EXCEPTION_POINTERS* ExceptionInfo) { if(ExceptionInfo->ExceptionRecord->ExceptionCode==EXCEPTION_SINGLE_STEP ) { if ((DWORD)ExceptionInfo->ExceptionRecord->ExceptionAddress==0x4A3007) { ExceptionInfo->ContextRecord->Eip+=0x05; // move 5 bytes ExceptionInfo->ContextRecord->Dr0=0x4A3007; ExceptionInfo->ContextRecord->Dr7|=0x00000010; return EXCEPTION_CONTINUE_EXECUTION; } if ((DWORD)ExceptionInfo->ExceptionRecord->ExceptionAddress==0x450220) { ExceptionInfo->ContextRecord->Eip+=0x06; // move 6 bytes ExceptionInfo->ContextRecord->Dr1=0x450220; ExceptionInfo->ContextRecord->Dr7|=0x00000010; return EXCEPTION_CONTINUE_EXECUTION; } if ((DWORD)ExceptionInfo->ExceptionRecord->ExceptionAddress==0x450228) { ExceptionInfo->ContextRecord->Eip+=0x06; // move 6 bytes ExceptionInfo->ContextRecord->Dr2=0x450228; ExceptionInfo->ContextRecord->Dr7|=0x00000010; return EXCEPTION_CONTINUE_EXECUTION; } } return EXCEPTION_CONTINUE_SEARCH; } BOOL WINAPI GetThreadContext_Detour(HANDLE hThread,LPCONTEXT lpContext) { BOOL ret=GetThreadContext_Trampoline( hThread, lpContext); if (lpContext->ContextFlags && CONTEXT_DEBUG_REGISTERS) { lpContext->Dr0=0; lpContext->Dr1=0; lpContext->Dr2=0; lpContext->Dr3=0; lpContext->Dr6=0; lpContext->Dr7=0; } return ret; }