Tweek Posted May 23, 2009 Share Posted May 23, 2009 expandcollapse popup#include "stdafx.h" #include "FFF_ACC.h" #include "socket.h" #include <AtlBase.h> #include <windows.h> #include <iostream> #include <conio.h> #include <tlhelp32.h> #include <tchar.h> using namespace std; HWND MainWindowHandle = 0; bool InitWindowApp(HINSTANCE instanceHandle, int Show); BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } bool check_user(){ bool result; // Firewall Check Removed For Security Purposes // return result; } void ban_user(char *handler){ // Ban Function Removed For Security Purposes // } void wconsole(const char *text,char *color){ if(color == "white"){ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY | FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE); } if(color == "green"){ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY | FOREGROUND_GREEN); } if(color == "red"){ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY | FOREGROUND_RED); } char consoleStringBuffer[2000]; HANDLE hOut = GetStdHandle(STD_OUTPUT_HANDLE); DWORD dwChars; sprintf(consoleStringBuffer, text); WriteConsole(hOut, consoleStringBuffer, (DWORD)strlen(consoleStringBuffer), &dwChars, NULL); } void wconsole_prox(const char *text, char *color){ wconsole("[","white"); wconsole("ACC","green"); wconsole("]: ","white"); wconsole(text,color); wconsole("\r\n","white"); } void reset_method(){ wconsole_prox("Attempting to reset connection to anti-cheat system!","red"); wconsole_prox("Please standby...","white"); // Reset Method Removed For Security Purposes // } void acc_connect(){ wconsole_prox("The AntiHack system will now attempt to connect to the server side.","white"); wconsole_prox("Please standby...","white"); // Connect Method Removed For Security Purposes // } DWORD WINAPI ThreadFunc( LPVOID lpParam ) { AllocConsole(); SetConsoleTitle("FlyForFame Anti-Hack Beta 0.2 | Status Window"); char text[255]; sprintf(text,"Calling: %s", reinterpret_cast<const char*>(lpParam)); wconsole_prox("FlyForFame Anti-Hack System(Beta 0.2), Successfully Loaded!","white"); wconsole_prox(text,"white"); if(strstr(reinterpret_cast<const char*>(lpParam),"acc_connect")){ acc_connect(); }else{ if(strstr(reinterpret_cast<const char*>(lpParam),"CheckUser")){ check_user(); } if(strstr(reinterpret_cast<const char*>(lpParam),"Ban0E1")){ ban_user("E01"); } if(strstr(reinterpret_cast<const char*>(lpParam),"Ban0E2")){ ban_user("E02"); } if(strstr(reinterpret_cast<const char*>(lpParam),"Ban0E3")){ ban_user("E03"); } if(strstr(reinterpret_cast<const char*>(lpParam),"Ban0E4")){ ban_user("E04"); } if(strstr(reinterpret_cast<const char*>(lpParam),"Ban0E5")){ ban_user("E05"); }else{ acc_connect(); } } return 0; } void automaton_registry(int level) { // Automaton Registry Check // // When Automaton is installed the path to FlyFF is set here. // // If Automaton is run the Teleport keys are stored here. // // Detection Method: 0E1 // if(level == 1){ CRegKey key; long nError = key.Open(HKEY_CURRENT_USER, "Software\\FlyFF Automaton", MB_OK); if(nError == ERROR_SUCCESS) { DWORD dwThreadId; char dwThrdParam[7] = "Ban0E1"; HANDLE hThread; hThread = CreateThread(NULL,0,ThreadFunc,&dwThrdParam,0,&dwThreadId); MessageBox(NULL, "FlyFF Automaton has been detected!\n\nYou've now been IP/Account Banned.\n\nThe detection does not mean you were running Automaton currently.\nIt could mean it used to be on your system or still resides on your system.\n\nPrivate Message: AntiHack\nOn the forums for information on getting unbanned or why you got this message.\n\n\nDetection Method: 0E1", "FlyForFame Anti-Cheat(Beta 0.1)", MB_OK); exit(0); } } // GameGuard Down // // If any application ever loads the gameguard down service it should popup here. // // I'd asume it's simply used to bypass game guard, but still can be used as a detection method. // // Detection Method: E02 // if(level == 2){ CRegKey key; long nError = key.Open(HKEY_LOCAL_MACHINE, "SYSTEM\\ControlSet001\\Enum\\Root\\LEGACY_GAMEGUARDDOWN", KEY_READ); if(nError == ERROR_SUCCESS) { DWORD dwThreadId; char dwThrdParam[16] = "Ban0E2"; HANDLE hThread; hThread = CreateThread(NULL,0,ThreadFunc,&dwThrdParam,0,&dwThreadId); MessageBox(NULL, "GameGuard Down(FlyFF Automaton Module) has been detected!\n\nYou've now been IP/Account Banned.\n\nThe detection does not mean you were running Automaton currently.\nIt could mean it used to be on your system or still resides on your system.\n\nPrivate Message: AntiHack\nOn the forums for information on getting unbanned or why you got this message.\n\n\nDetection Method: 0E2", "FlyForFame Anti-Cheat(Beta 0.1)", MB_OK); exit(0); } } // GameGuard Down // // I'm certain that any application that loads gameguard down would create this key. // // Windows uses registry in order to store services and system drivers. // // The catch is windows never removes these registry keys even when the service, or driver is unloaded the key remains. // // Detection Method: 0E3 // if(level == 3){ CRegKey key; long nError = key.Open(HKEY_LOCAL_MACHINE, "SYSTEM\\ControlSet001\\Services\\GameGuardDown", KEY_READ); if(nError == ERROR_SUCCESS) { DWORD dwThreadId; char dwThrdParam[16] = "Ban0E3"; HANDLE hThread; hThread = CreateThread(NULL,0,ThreadFunc,&dwThrdParam,0,&dwThreadId); MessageBox(NULL, "GameGuard Down(FlyFF Automaton Module) has been detected!\n\nYou've now been IP/Account Banned.\n\nThe detection does not mean you were running Automaton currently.\nIt could mean it used to be on your system or still resides on your system.\n\nPrivate Message: AntiHack\nOn the forums for information on getting unbanned or why you got this message.\n\n\nDetection Method: 0E3", "FlyForFame Anti-Cheat(Beta 0.1)", MB_OK); exit(0); } } // Detection Method: 0E4 // if(level == 4){ CRegKey key; long n1Error = key.Open(HKEY_LOCAL_MACHINE, "SYSTEM\\ControlSet003\\Services\\GameGuardDown", KEY_READ); if(n1Error == ERROR_SUCCESS) { DWORD dwThreadId; char dwThrdParam[16] = "Ban0E4"; HANDLE hThread; hThread = CreateThread(NULL,0,ThreadFunc,&dwThrdParam,0,&dwThreadId); MessageBox(NULL, "GameGuard Down(FlyFF Automaton Module) has been detected!\n\nYou've now been IP/Account Banned.\n\nThe detection does not mean you were running Automaton currently.\nIt could mean it used to be on your system or still resides on your system.\n\nPrivate Message: AntiHack\nOn the forums for information on getting unbanned or why you got this message.\n\n\nDetection Method: 0E4", "FlyForFame Anti-Cheat(Beta 0.1)", MB_OK); exit(0); } } // Detection Method: 0E5 // if(level == 5){ CRegKey key; long n2Error = key.Open(HKEY_LOCAL_MACHINE, "SYSTEM\\ControlSet003\\Enum\\Root\\LEGACY_GAMEGUARDDOWN", KEY_READ); if(n2Error == ERROR_SUCCESS) { DWORD dwThreadId; char dwThrdParam[16] = "Ban0E5"; HANDLE hThread; hThread = CreateThread(NULL,0,ThreadFunc,&dwThrdParam,0,&dwThreadId); MessageBox(NULL, "GameGuard Down(FlyFF Automaton Module) has been detected!\n\nYou've now been IP/Account Banned.\n\nThe detection does not mean you were running Automaton currently.\nIt could mean it used to be on your system or still resides on your system.\n\nPrivate Message: AntiHack\nOn the forums for information on getting unbanned or why you got this message.\n\n\nDetection Method: 0E5", "FlyForFame Anti-Cheat(Beta 0.1)", MB_OK); exit(0); } } } void antihack_connect() { DWORD dwThreadId; char dwThrdParam[12] = "acc_connect"; HANDLE hThread; hThread = CreateThread(NULL,0,ThreadFunc,&dwThrdParam,0,&dwThreadId); } void _stdcall check() { // Automaton/GameGuard Down Checks // automaton_registry(1); automaton_registry(2); automaton_registry(3); automaton_registry(4); automaton_registry(5); // Connection to the anticheat server // antihack_connect(); } Dear user, you can what I write in AutoIt you convert does it work? Because if you create juhu then I become a warrior, the Karma is a hack shield but does not Tu'm sorry for my bad English>. < Link to comment Share on other sites More sharing options...
monoceres Posted May 23, 2009 Share Posted May 23, 2009 Not possible. AutoIt cannot compile into dynamic link libraries. Broken link? PM me and I'll send you the file! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now