Code:
// dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
#include <iostream>
#include <stdlib.h>
#include <fstream>
#include <strsafe.h>
using namespace std;
DWORD OldProtection;
DWORD ProcessID;
void MEMwrite (void *adr, void *ptr, int size)
{
VirtualProtect (adr, size, PAGE_EXECUTE_READWRITE, & OldProtection);
memcpy (adr, ptr, size);
VirtualProtect (adr, size, OldProtection, & OldProtection);
}
void NewDetourhs (long Address, int Size, int Size2)
{
DWORD EhSvc = (DWORD)GetModuleHandle("ehsvc.dll");
DWORD OldProtect;
VirtualProtect ((void *) (EhSvc + Address), Size, PAGE_EXECUTE_READWRITE, & OldProtect);
*(DWORD*)(EhSvc + Address) = Size2;
*(int*)(EhSvc + Address) = Size;
}
void CopyModules(void)
{
DWORD EhSvc = (DWORD)GetModuleHandle("ehsvc.dll");
// Self CRC checks
MEMwrite ((void*)(EhSvc + 0x0FF28), (void *) (PBYTE) "\xB8\x01\x00\x00\x00", 5);
// Anti-asm game client scans
MEMwrite ((void*)(EhSvc + 0x1BC28), (void *) (PBYTE) "\x90\x90", 2);
// Unhook dip & sss 8
MEMwrite ((void*)(EhSvc + 0x650A5), (void *) (PBYTE) "\xEB", 1);
MEMwrite ((void*)(EhSvc + 0x650CF), (void *) (PBYTE) "\xEB", 1);
// Etc code to check jump
MEMwrite ((void*)(EhSvc + 0x66931), (void *) (PBYTE) "\xEB", 1);
MEMwrite ((void*)(EhSvc + 0x66B79), (void *) (PBYTE) "\xEB", 1);
// Anti restore page
MEMwrite ((void*)(EhSvc + 0x5F80E), (void *) (PBYTE) "\xEB", 1);
MEMwrite ((void*)(EhSvc + 0x5F784), (void *) (PBYTE) "\xEB ", 1);
// Processscan, play eagle-detect process callbacks, for cheat engine
MEMwrite ((void*)(EhSvc + 0x54A14), (void *) (PBYTE) "\xE9\x7E\x0A\x00\x00", 5);
// Nano-detect objects
MEMwrite ((void*)(EhSvc + 0x2411B), (void *) (PBYTE) "\xEB", 1);
MEMwrite ((void*)(EhSvc + 0x24265), (void *) (PBYTE) "\xEB", 1);
MEMwrite ((void*)(EhSvc + 0x2435F), (void *) (PBYTE) "\X31", 1);
MEMwrite ((void*)(EhSvc + 0x22556), (void *) (PBYTE) "\X31", 1);
MEMwrite ((void*)(EhSvc + 0x26171), (void *) (PBYTE) "\X31", 1);
MEMwrite ((void*)(EhSvc + 0x25618), (void *) (PBYTE) "\xEB", 1);
MEMwrite ((void*)(EhSvc + 0x2572C), (void *) (PBYTE) "\xEB", 1);
MEMwrite ((void*)(EhSvc + 0x25ADB), (void *) (PBYTE) "\xEB", 1);
int EhPtr = 0x0D0F40;
NewDetourhs ((EhPtr-0x44), 0x8, 4);
NewDetourhs ((EhPtr-0x40), 0x8, 4);
NewDetourhs ((EhPtr-0x20), 0x8, 4);
NewDetourhs (0x0D13F8, 0x8, 4);
NewDetourhs (0x0CD5F8, 0x8, 4);
NewDetourhs (0x0C7570, 0x8, 4);
NewDetourhs (0x0C7754, 0x8, 4);
NewDetourhs (0x0CED40, 0x8, 4);
NewDetourhs (0x0C7739, 0x8, 4);
NewDetourhs (0x0D2E08, 0x8, 4);
NewDetourhs (0x0C7758, 0x8, 4);
NewDetourhs (0x0C62F8, 0x8, 4);
NewDetourhs (0x0C7715, 0x8, 4);
NewDetourhs (0x0D0F40, 0x8, 4);
NewDetourhs (0x0C7719, 0x8, 4);
NewDetourhs (0x0D2E40, 0x8, 4);
NewDetourhs (0x0C62F8, 0x8, 4);
NewDetourhs (0x0CD8FC, 0x8, 4);
NewDetourhs (0x0CD5F8, 0x8, 4);
NewDetourhs (0x0D3DF1, 0x8, 4);
}
void HackShield_Bypass(void)
{
while(1)
{
DWORD EhSvc = (DWORD)GetModuleHandle("ehsvc.dll");
if (EhSvc)
{
CopyModules();
break;
}
Sleep(20);
}
}
BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
AllocConsole();
AttachConsole(GetCurrentProcessId());
freopen("CON","w",stdout);
CreateThread(0, 0, (LPTHREAD_START_ROUTINE)HackShield_Bypass, 0, 0, 0);
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}