Sign in to follow this  
Followers 0
Caiol

Get Modules - Compile

2 posts in this topic

Hello everyone...

I'm having a problem related by the compile of the script..

The program is a anti cheating/hacking and I've used _ProcessGetLoadedModules to get the modules of the game and compare with some arrays.

If a module is considerated "cheat", the script make an alert and close the game.

The think is after compile the script, it isn't doing this alert, and I don't know what is the error.

I observe that the $leituradll, that is the module read, is returning "0"...

Function _ProcessGetLoadedModules:

#Include <WinAPI.au3>

; #FUNCTION#;===============================================================================
;
; Name...........: _ProcessGetLoadedModules
; Description ...: Returns an array containing the full path of the loaded modules
; Syntax.........: _ProcessGetLoadedModules($iPID)
; Parameters ....:
; Return values .: Success - An array with all the paths
;               : Failure - -1 and @error=1 if the specified process couldn't be opened.
; Author ........: Andreas Karlsson (monoceres) & ProgAndy
; Modified.......:
; Remarks .......:
; Related .......: 
; Link ..........;
; Example .......; No
;
;;==========================================================================================
Func _ProcessGetLoadedModules($iPID)
    Local Const $PROCESS_QUERY_INFORMATION=0x0400
    Local Const $PROCESS_VM_READ=0x0010
    Local $aCall, $hPsapi=DllOpen("Psapi.dll")
    Local $hProcess, $tModulesStruct
    $tModulesStruct=DllStructCreate("hwnd [200]")
    Local $SIZEOFHWND = DllStructGetSize($tModulesStruct)/200
    $hProcess=_WinAPI_OpenProcess(BitOR($PROCESS_QUERY_INFORMATION,$PROCESS_VM_READ),False,$iPID)
    If Not $hProcess Then Return SetError(1,0,-1)
    $aCall=DllCall($hPsapi,"int","EnumProcessModules","ptr",$hProcess,"ptr",DllStructGetPtr($tModulesStruct),"dword",DllStructGetSize($tModulesStruct),"dword*","")
    
    If $aCall[4]>DllStructGetSize($tModulesStruct) Then
        $Dimensions = $aCall[4] / $SIZEOFHWND
        If $Dimensions <= 0 Then $Dimensions = 1    ;just an example
;~      Local $aReturn[$Dimensions] ;This way, you will not get an error
        $tModulesStruct=DllStructCreate("hwnd ["&$dimensions&"]")
        $aCall=DllCall($hPsapi,"int","EnumProcessModules","ptr",$hProcess,"ptr",DllStructGetPtr($tModulesStruct),"dword",$aCall[4],"dword*","")
    EndIf
    $Dimensions = $aCall[4] / $SIZEOFHWND
    If $Dimensions <= 0 Then $Dimensions = 1    ;just an example
    Local $aReturn[$Dimensions] ;This way, you will not get an error
    For $i=0 To Ubound($aReturn)-1
        
$aCall=DllCall($hPsapi,"dword","GetModuleFileNameExW","ptr",$hProcess,"ptr",DllStructGetData($tModulesStruct,1,$i+1),"wstr","","dword",65536)
$aReturn[$i]=$aCall[3]
    
Next
    _WinAPI_CloseHandle($hProcess)
    DllClose($hPsapi)
    Return $aReturn
EndFunc

While that plays the script while game is open:

Dim $szDrive, $szDir, $szFName, $szExt
Dim $dllnormal[92]
$i = 0
$i2 = 0

$dllnormal[0] = "msskn.exe"
$dllnormal[1] = "ntdll.dll"
$dllnormal[2] = "kernel32.dll"
$dllnormal[3] = "KERNELBASE.dll"
$dllnormal[4] = "USER32.dll"
$dllnormal[5] = "GDI32.dll"
$dllnormal[6] = "LPK.dll"
$dllnormal[7] = "USP10.dll"
$dllnormal[8] = "msvcrt.dll"
$dllnormal[9] = "IMM32.DLL"
$dllnormal[10] = "MSCTF.dll"
$dllnormal[11] = "ADVAPI32.dll"
$dllnormal[12] = "sechost.dll"
$dllnormal[13] = "RPCRT4.dll"
$dllnormal[14] = "shell32.dll"
$dllnormal[15] = "SHLWAPI.dll"
$dllnormal[16] = "dsound.dll"
$dllnormal[17] = "ole32.dll"
$dllnormal[18] = "WINMM.dll"
$dllnormal[19] = "POWRPROF.dll"
$dllnormal[20] = "SETUPAPI.dll"
$dllnormal[21] = "CFGMGR32.dll"
$dllnormal[22] = "OLEAUT32.dll"
$dllnormal[23] = "DEVOBJ.dll"
$dllnormal[24] = "ddraw.dll"
$dllnormal[25] = "DCIMAN32.dll"
$dllnormal[26] = "dwmapi.dll"
$dllnormal[27] = "wininet.dll"
$dllnormal[28] = "Normaliz.dll"
$dllnormal[29] = "urlmon.dll"
$dllnormal[30] = "CRYPT32.dll"
$dllnormal[31] = "MSASN1.dll"
$dllnormal[32] = "iertutil.dll"
$dllnormal[33] = "wsock32.dll"
$dllnormal[34] = "WS2_32.dll"
$dllnormal[35] = "NSI.dll"
$dllnormal[36] = "CRYPTBASE.dll"
$dllnormal[37] = "CLBCatQ.DLL"
$dllnormal[38] = "MMDevApi.dll"
$dllnormal[39] = "PROPSYS.dll"
$dllnormal[40] = "AUDIOSES.DLL"
$dllnormal[41] = "uxtheme.dll"
$dllnormal[42] = "mswsock.dll"
$dllnormal[43] = "nvd3dum.dll"
$dllnormal[44] = "D3DIM.DLL"
$dllnormal[45] = "WINTRUST.dll"
$dllnormal[46] = "CRYPTSP.dll"
$dllnormal[47] = "rsaenh.dll"
$dllnormal[48] = "bcrypt.dll"
$dllnormal[49] = "bcryptprimitives.dll"
$dllnormal[50] = "ncrypt.dll"
$dllnormal[51] = "USERENV.dll"
$dllnormal[52] = "profapi.dll"
$dllnormal[53] = "GPAPI.dll"
$dllnormal[54] = "cryptnet.dll"
$dllnormal[55] = "WLDAP32.dll"
$dllnormal[56] = "SensApi.dll"
$dllnormal[57] = "Cabinet.dll"
$dllnormal[58] = "DEVRTL.dll"
$dllnormal[59] = "NLAapi.dll"
$dllnormal[60] = "DNSAPI.dll"
$dllnormal[61] = "winrnr.dll"
$dllnormal[62] = "napinsp.dll"
$dllnormal[63] = "pnrpnsp.dll"
$dllnormal[64] = "mdnsNSP.dll"
$dllnormal[65] = "Iphlpapi.DLL"
$dllnormal[66] = "WINNSI.DLL"
$dllnormal[67] = "fwpuclnt.dll"
$dllnormal[68] = "rasadhlp.dll"
$dllnormal[69] = "avrt.dll"
$dllnormal[70] = "apphelp.dll"
$dllnormal[71] = "AcLayers.dll"
$dllnormal[72] = "SspiCli.dll"
$dllnormal[73] = "winspool.drv"
$dllnormal[74] = "mpr.dll"
$dllnormal[75] = "mzvkbd3.dll"
$dllnormal[76] = "psapi.dll"
$dllnormal[77] = "kloehk.dll"
$dllnormal[78] = "wshtcpip.dll"
$dllnormal[79] = "comctl32.dll"
$dllnormal[80] = "rasapi32.dll"
$dllnormal[81] = "rasman.dll"
$dllnormal[82] = "rtutils.dll"
$dllnormal[83] = "wship6.dll"
$dllnormal[84] = "ntmarta.dll"
$dllnormal[85] = "version.dll"
$dllnormal[86] = "peerdist.dll"
$dllnormal[87] = "authz.dll"
$dllnormal[88] = "mscat32.dll"
$dllnormal[89] = "netprofm.dll"
$dllnormal[90] = "npmproxy.dll"
$dllnormal[91] = "rpcrtremote.dll"

While ProcessExists("msskn.exe")

;DLLS
$iPID = ProcessExists("msskn.exe")
$get = _ProcessGetLoadedModules($iPID)

$max = UBound($get)
$tam = $max-1

if $i >= $tam Then $i = 0

$TestPath = _PathSplit($get[$i], $szDrive, $szDir, $szFName, $szExt)
$leituradll = $TestPath[3] & $TestPath[4]

if $i >= $tam Then
    $i = 0
Else
    $i = $i+1
EndIf

    $max2 = UBound($dllnormal) ;92
    $tam2 = $max2-1 ;91
    
    While $i2 <= $tam2
        
        $max2 = UBound($dllnormal) ;92
        $tam2 = $max2-1 ;91
        
        If $leituradll <> $dllnormal[$i2] Then
            $i2 = $i2+1

            if $i2 >= $tam2 AND $leituradll <> "" Then
                WinClose("Game")
                Close()
            EndIf
        Else
            $i2 = 0
            ExitLoop
        EndIf
        
    WEnd
WEnd

Share this post


Link to post
Share on other sites



Sorry...

I don't know what i've done, but now it's normal...

:)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0