Results 1 to 1 of 1
  1. #1
    Asskiller
    Asskiller is offline
    New member
    Join Date
    2011 Mar
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    X-Trap Cloak Help C++ to Delphi

    I'm trying to pass a C + + code to Delphi, already spent half of it, but am having difficulty in one part, the objective and the dll loadar after the PEB, making a cloak for the x-trap does not catch.

    Code:
    The modules are run in user-mod and removed the inforamacoes here.
    http://undocumented.ntinternals.net/UserMode/Structures/PEB_LDR_DATA.html
    http://undocumented.ntinternals.net/UserMode/Structures/LDR_MODULE.html
    
    function PEB_LDR_DATA(uLong : integer ; Initialized : Boolean ;
    SsHandle : Pointer ; InLoadOrderModuleList :
    Pointer; InMemoryOrderModuleList : pointer ;
    InInitializationOrderModuleList : Pointer): Dword;stdcall; external 'ntdll.DLL' name 'PEB_LDR_DATA';
    
    function PEB(InheritedAddressSpace : Boolean ; ReadImageFileExecOptions : BOOLEAN ;
    BeingDebugged : Thandle ; Spare : BOOLEAN; Mutant : THandle ; ImageBaseAddress : Pointer ; LoaderData :
    Pointer): boolean;stdcall; external 'ntdll.DLL' name 'PEB';
    
    
    
    library Game;
    
    
    uses
      SysUtils,
      Classes,
      windows,
      messages,
      forms,
      tlhelp32,
      uPB in 'uPB.pas' {Form1};
    
    {$R *.res}
    
    function PEB_LDR_DATA(uLong : integer ; Initialized : Boolean ;
    SsHandle : Pointer ; InLoadOrderModuleList :
    Pointer; InMemoryOrderModuleList : pointer ;
    InInitializationOrderModuleList : Pointer): Dword;stdcall; external 'ntdll.DLL' name 'PEB_LDR_DATA';
    
    
    function PEB(InheritedAddressSpace : Boolean ; ReadImageFileExecOptions : BOOLEAN ;
    BeingDebugged : Thandle ; Spare : BOOLEAN; Mutant : THandle ; ImageBaseAddress : Pointer ; LoaderData :
    Pointer): boolean;stdcall; external 'ntdll.DLL' name 'PEB';
    
    
    {typedef struct _ModuleInfoNode
    {
       LIST_ENTRY LoadOrder;
       LIST_ENTRY InitOrder;
       LIST_ENTRY MemoryOrder;
       HMODULE baseAddress;      //   Base address AKA module handle
       unsigned long entryPoint;
       unsigned int size;         //   Size of the modules image
       UNICODE_STRING fullPath;
       UNICODE_STRING name;
       unsigned long flags;
       unsigned short LoadCount;
       unsigned short TlsIndex;
       LIST_ENTRY HashTable;   //   A linked list of any other modules that have the same first letter
       unsigned long timestamp;
     ModuleInfoNode, *pModuleInfoNode;
     
    typedef struct _ProcessModuleInfo
    
       unsigned int size;         //   Size of a ModuleInfo node?
       unsigned int initialized;
       HANDLE SsHandle;
       LIST_ENTRY LoadOrder;
       LIST_ENTRY InitOrder;
       LIST_ENTRY MemoryOrder;
     ProcessModuleInfo, *pProcessModuleInfo; }
    
    
    var
    Thread : dword;
    
    Function ReadyGame() : boolean; // Idenfiticar o jogo , e o momento
    // de injecao...
    begin
    repeat
    Application.Initialize;
    Application.CreateForm(TForm1, Form1);
    Application.Run;
    Sleep(1);
    freeandnil(form1);
    until 1=2;
    end;
    end;
    
    Function GetPID(Proc: String): Dword;
    Var
    Snap: THandle;
    PE: TProcessEntry32;
    begin
    Snap:= CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
    Result:= 0;
    If Snap <> Invalid_Handle_Value Then
     Begin
    Pe.dwSize:= SizeOf(ProcessEntry32);
      If Process32First(Snap,Pe) Then
       Begin
        Repeat
         If Proc = PE.szExeFile Then
          Begin
    Result:= PE.th32ProcessID;
           Break;
          End;
        Until Not Process32Next(Snap,pe);
       End;
     End;
    End;
    
    function GetRemoteModuleHandle(proc : DWORD ; name : PChar): HMODULE; stdcall;
    var
    Snap2 : THandle;
    modentry : MODULEENTRY32;
    begin
    Snap2:= CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,proc);
    modentry.dwSize := sizeof(MODULEENTRY32);
    tlhelp32.Module32First(snap2,modentry);
    if (StrComp(modentry.szModule,name)) <> 0 then  begin
    Result := modentry.hmodule;
    modentry.dwSize := sizeof(MODULEENTRY32);
    end;
    while (Module32Next(snap2,modEntry)) do begin
    result := 0;
    end;
    end;
    
           //Falta apenas a funcao do CLOAK , que e o mais importante....
    Procedure CloakDLL(); //Faz a pausa e deixa a dll invisivel....
    var
    hModule : THandle;
    pebLdrData : dword;
    begin
    //pebldrdata := PEB_LDR_DATA
    asm
    mov eax, fs:[30h]        //get PEB ADDR
    add eax, 0Ch
    mov eax, [eax]            //get LoaderData ADDR
    //mov pebLdrData, eax
    end;
    end;
    
    procedure DLLHack(reason : integer);
    var
    hOpen : THandle;
    procId : dword;
    len : LongInt;
    hMod : Cardinal;
    stubaddr : pointer;
    dllname : string;
    begin
    case reason of
    DLL_PROCESS_ATTACH :
    begin
    dllname := 'Game.dll';
    procid := GetPID('Game.exe'); // captura o processo alvo
    hOpen := OpenProcess(PROCESS_ALL_ACCESS,false,prociD); // abre ele e passa os paraemtros para hOpen
    stubaddr := VirtualAllocEx(hOpen,nil,len,MEM_RESERVE + MEM_COMMIT,PAGE_EXECUTE_READWRITE);  // Aloca na variavel
    
    //WriteProcessMemory(hOpen,stubaddr,CloakDLL,len,nil); // I Have error HERE.
    
    hMod := GetRemoteModuleHandle(procId,pChar(dllname));
    CreateRemoteThread(hOpen,nil,0,@stubaddr,@hMod,0,Thread); // cria thread nela...
    VirtualFreeex(hOpen,stubaddr,len,MEM_RELEASE); // libera....
    end;
    DLL_PROCESS_DETACH:
    begin
      if Thread <> 0 then
    CloseHandle(Thread);
    end;
    
    end;
    end;
    
    begin
    DisableThreadLibraryCalls(hInstance);
    DLLproc := @DLLHack;
    Dllproc(DLL_PROCESS_ATTACH);
    end.

Similar Threads

  1. [Delphi] Dll Injection functions
    By Dwar in forum Delphi
    Replies: 3
    Last Post: 2016-06-17, 11:18 PM
  2. Disable X-trap (partially) Desabilitar X-trap (parcialmente)
    By eduardowgt in forum Aika Bots, Hacks, Cheats
    Replies: 9
    Last Post: 2011-12-19, 06:28 PM
  3. can someone convert that? c to delphi ?
    By kofmaster in forum Delphi
    Replies: 3
    Last Post: 2011-08-22, 01:39 AM
  4. [Delphi] Delphi Training Video
    By Dwar in forum Programming Tutorials
    Replies: 0
    Last Post: 2010-11-29, 04:10 PM
  5. [Delphi] Creating DLLs
    By Dwar in forum Delphi
    Replies: 0
    Last Post: 2010-11-04, 09:58 AM
Visitors found this page by searching for:

C Dll Cloaking

anti xtrap.dll

anti xtrap

delphi anti cheat

anti-xtrap.dll

xTRAp delphi

delphi xtrap

anti-x trap.dll

anti anticheat c

how to write a Anti-Cheat Systems c

delphi cloak dll

delphi anti inject

Xtrap delphi threadanti inject dll delphianti dll injection Delphipeb_ldr_data c thread in dll delphicomo bloquear createremotethread delphithreads xtrap delphitform1.create(nil) xtrapdelphi anti exit threaddelphi thread to xtrapcloak thread c delphi GetRemoteModuleHandleantiinject delphi

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •