Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Vitrix Maggot
    Vitrix Maggot is offline
    Member-in-training Vitrix Maggot's Avatar
    Join Date
    2013 Apr
    Location
    Brasil
    Posts
    58
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    43
    Thanked in
    24 Posts
    Rep Power
    0

    Source Bypass Xtrap (para estudos)

    Ola pessoal, sou novo aqui no fórum meu primeiro post para vocês, sou Programador em Delphi, Assembly e C++, estou aqui pra ajudar vocês com meus conhecimentos e adquirir também conhecimentos com vocês!!!

    Vamos ao que interessa!



    Code:
    #include <stdio.h>
    #include <windows.h>
    #include <tlhelp32.h>
    
    #define NT_SUCCESS(x) ((x) >= 0)
    #define STATUS_INFO_LENGTH_MISMATCH 0xc0000004
    #define SystemHandleInformation 16
    #define ObjectBasicInformation 0
    #define ObjectNameInformation 1
    #define ObjectTypeInformation 2
    #define fcExp            0x4D9480
    #define BaseAddr        0x400000
    
    typedef enum _THREAD_INFORMATION_CLASS {
        ThreadBasicInformation,
        ThreadTimes,
        ThreadPriority,
        ThreadBasePriority,
        ThreadAffinityMask,
        ThreadImpersonationToken,
        ThreadDescriptorTableEntry,
        ThreadEnableAlignmentFaultFixup,
        ThreadEventPair,
        ThreadQuerySetWin32StartAddress,
        ThreadZeroTlsCell,
        ThreadPerformanceCount,
        ThreadAmILastThread,
        ThreadIdealProcessor,
        ThreadPriorityBoost,
        ThreadSetTlsArrayAddress,
        ThreadIsIoPending,
        ThreadHideFromDebugger
    } THREAD_INFORMATION_CLASS, *PTHREAD_INFORMATION_CLASS;
    
    typedef DWORD(NTAPI *_ZwSuspendProcess)(HANDLE hProcess);
    typedef DWORD(NTAPI *_ZwResumeProcess)(HANDLE hProcess);
    typedef DWORD(NTAPI *_ZwQueryInformationThread)(HANDLE ThreadHandle, THREAD_INFORMATION_CLASS ThreadInformationClass, PVOID ThreadInformation, ULONG ThreadInformationLength, PULONG ReturnLength); 
    typedef DWORD(NTAPI *_NtQuerySystemInformation)(ULONG SystemInformationClass,PVOID SystemInformation,ULONG SystemInformationLength,PULONG ReturnLength);
    typedef DWORD(NTAPI *_NtDuplicateObject)(HANDLE SourceProcessHandle,HANDLE SourceHandle,HANDLE TargetProcessHandle,PHANDLE TargetHandle,ACCESS_MASK DesiredAccess,ULONG Attributes,ULONG Options);
    typedef DWORD(NTAPI *_NtQueryObject)(HANDLE ObjectHandle,ULONG ObjectInformationClass,PVOID ObjectInformation,ULONG ObjectInformationLength,PULONG ReturnLength); 
    
    typedef struct _UNICODE_STRING {
        USHORT Length;
        USHORT MaximumLength;
        PWSTR Buffer;
    } UNICODE_STRING, *PUNICODE_STRING;
     
    typedef struct _SYSTEM_HANDLE {
        ULONG ProcessId;
        BYTE ObjectTypeNumber;
        BYTE Flags;
        USHORT Handle;
        PVOID Object;
        ACCESS_MASK GrantedAccess;
    } SYSTEM_HANDLE, *PSYSTEM_HANDLE;
     
    typedef struct _SYSTEM_HANDLE_INFORMATION {
        ULONG HandleCount;
        SYSTEM_HANDLE Handles[1];
    } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
     
    typedef enum _POOL_TYPE {
        NonPagedPool,
        PagedPool,
        NonPagedPoolMustSucceed,
        DontUseThisType,
        NonPagedPoolCacheAligned,
        PagedPoolCacheAligned,
        NonPagedPoolCacheAlignedMustS
    } POOL_TYPE, *PPOOL_TYPE;
     
    typedef struct _OBJECT_TYPE_INFORMATION {
        UNICODE_STRING Name;
        ULONG TotalNumberOfObjects;
        ULONG TotalNumberOfHandles;
        ULONG TotalPagedPoolUsage;
        ULONG TotalNonPagedPoolUsage;
        ULONG TotalNamePoolUsage;
        ULONG TotalHandleTableUsage;
        ULONG HighWaterNumberOfObjects;
        ULONG HighWaterNumberOfHandles;
        ULONG HighWaterPagedPoolUsage;
        ULONG HighWaterNonPagedPoolUsage;
        ULONG HighWaterNamePoolUsage;
        ULONG HighWaterHandleTableUsage;
        ULONG InvalidAttributes;
        GENERIC_MAPPING GenericMapping;
        ULONG ValidAccess;
        BOOLEAN SecurityRequired;
        BOOLEAN MaintainHandleCount;
        USHORT MaintainTypeList;
        POOL_TYPE PoolType;
        ULONG PagedPoolUsage;
        ULONG NonPagedPoolUsage;
    } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
    
    PVOID GetLibraryProcAddress(LPSTR LibraryName, LPSTR ProcName) {
        return (PVOID)GetProcAddress(GetModuleHandleA(LibraryName), ProcName);
    }
    
    
    DWORD GetPIDbyName(char* szProcess)
    {
        HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
        PROCESSENTRY32 PE;
        PE.dwSize = sizeof(PE) ;
        Process32First(hSnap, &PE);
    
        while (Process32Next(hSnap, &PE))
        {
            char Converted[100] = "\0";
            wcstombs(Converted, PE.szExeFile, sizeof(Converted));
            if (strcmp(Converted, szProcess) == 0)
            {
                return PE.th32ProcessID;
            }
        }
        return 0;
    }
    
    int SeDebugPrivilege(void)
    {
        HANDLE hToken;
        LUID Val;
        TOKEN_PRIVILEGES tp;
        OpenProcessToken(HANDLE(-1),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
        LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &Val);
        tp.PrivilegeCount = 1;
        tp.Privileges[0].Luid = Val;
        tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
        AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof (tp), NULL, NULL);
        CloseHandle(hToken);
        return 1;
    }
    
    DWORD GetModuleBaseAddress(DWORD PID, char* szModule)
    {
        MODULEENTRY32 ME;
        ME.dwSize = sizeof(ME);
        HANDLE hSnapy = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, PID);
        Module32First(hSnapy, &ME);
        while (Module32Next(hSnapy, &ME))
        {
            char Converted[100] = "\0";
            wcstombs(Converted, ME.szModule, sizeof(Converted));
            if (strcmp(Converted, szModule) == 0)
            {
                return (DWORD)ME.hModule;
            }
        }
    }
    
    DWORD GetModuleSize(DWORD PID, char* szModule)
    {
        MODULEENTRY32 ME;
        ME.dwSize = sizeof(ME);
        HANDLE hSnapy = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, PID);
        Module32First(hSnapy, &ME);
        while (Module32Next(hSnapy, &ME))
        {
            char Converted[100] = "\0";
            wcstombs(Converted, ME.szModule, sizeof(Converted));
            if (strcmp(Converted, szModule) == 0)
            {
                return ME.modBaseSize;
            }
        }
    }
    
    int CloseHandles(ULONG pid)
    {
    _NtQuerySystemInformation NtQuerySystemInformation = (_NtQuerySystemInformation)GetLibraryProcAddress("ntdll.dll", "NtQuerySystemInformation");
        _NtDuplicateObject NtDuplicateObject = (_NtDuplicateObject)GetLibraryProcAddress("ntdll.dll", "NtDuplicateObject");
        _NtQueryObject NtQueryObject = (_NtQueryObject)GetLibraryProcAddress("ntdll.dll", "NtQueryObject");
     
        DWORD status;
        PSYSTEM_HANDLE_INFORMATION handleInfo;
        ULONG handleInfoSize = 0x10000;
        HANDLE processHandle;
        ULONG i;
        if (!(processHandle = OpenProcess(PROCESS_DUP_HANDLE, FALSE, pid))) {
            printf("Could not open PID %d! (Don't try to open a system process.)\n", pid);
            return 1;
        }
        handleInfo = (PSYSTEM_HANDLE_INFORMATION)malloc(handleInfoSize);
        while ((status = NtQuerySystemInformation(
            SystemHandleInformation,
            handleInfo,
            handleInfoSize,
            NULL
            )) == STATUS_INFO_LENGTH_MISMATCH)
            handleInfo = (PSYSTEM_HANDLE_INFORMATION)realloc(handleInfo, handleInfoSize *= 2);
        if (!NT_SUCCESS(status)) {
            printf("NtQuerySystemInformation failed!\n");
            return 1;
        }
        for (i = 0; i < handleInfo->HandleCount; i++) {
            SYSTEM_HANDLE handle = handleInfo->Handles[i];
            HANDLE dupHandle = NULL;
            POBJECT_TYPE_INFORMATION objectTypeInfo;
            PVOID objectNameInfo;
            UNICODE_STRING objectName;
            ULONG returnLength;
            if (handle.ProcessId != pid)
                continue;
            if (!NT_SUCCESS(NtDuplicateObject(
                processHandle,
                (void*) handle.Handle,
                GetCurrentProcess(),
                &dupHandle,
                0,
                0,
                0
                ))) {
                printf("[%#x] Error!\n", handle.Handle);
                continue;
            }
     
            objectTypeInfo = (POBJECT_TYPE_INFORMATION)malloc(0x1000);
            if (!NT_SUCCESS(NtQueryObject(
                dupHandle,
                ObjectTypeInformation,
                objectTypeInfo,
                0x1000,
                NULL
                ))) {
     
                printf("[%#x] Error!\n", handle.Handle);
                CloseHandle(dupHandle);
                continue;
            }
            if (handle.GrantedAccess == 0x0012019f) {
             
     
                free(objectTypeInfo);
                CloseHandle(dupHandle);
                continue;
            }
     
            objectNameInfo = malloc(0x1000);
            if (!NT_SUCCESS(NtQueryObject(
                dupHandle,
                ObjectNameInformation,
                objectNameInfo,
                0x1000,
                &returnLength
                ))) {
                objectNameInfo = realloc(objectNameInfo, returnLength);
                if (!NT_SUCCESS(NtQueryObject(
                    dupHandle,
                    ObjectNameInformation,
                    objectNameInfo,
                    returnLength,
                    NULL
                    ))) {
                   
                    free(objectTypeInfo);
                    free(objectNameInfo);
                    CloseHandle(dupHandle);
                    continue;
                }
            }
            objectName = *(PUNICODE_STRING)objectNameInfo;
                char Converted[100] = "\0";
                wcstombs(Converted, objectTypeInfo->Name.Buffer, sizeof(Converted));
                if (strcmp((CHAR*)Converted, "Thread") == 0)
                {
                     DuplicateHandle(processHandle, (void*)handle.Handle, NULL, NULL, 0, FALSE, 0x1);
                }
     
            free(objectTypeInfo);
            free(objectNameInfo);
            CloseHandle(dupHandle);
        }
     
        free(handleInfo);
        CloseHandle(processHandle);
        return 0;
    }
    
    int main(int argc, CHAR* argv[])
    {
        SetConsoleTitleA("XTrap Bypass Written by Vitrix Maggot");
        printf("#########################################################\n");
        printf("########### Programacity XTrap Bypass ################\n");
        printf("################################### For Game ######\n");
        printf("Written by Vitrix Maggot, Thanks Lacy ######################\n");
        printf("#########################################################\n\n");
        DWORD PID = GetPIDbyName("Game.exe");
        if (PID == 0)
        {
            printf("Please open Game first and then open me. \n");
            system("PAUSE");
            return 0;
        }
        printf("\nProcess ID: 0x%X [ %d ] \n", PID, PID);
        printf("Suspending process... \n");
        SeDebugPrivilege();
        _ZwSuspendProcess ZwSuspendProcess = (_ZwSuspendProcess)GetProcAddress(GetModuleHandleA("ntdll.dll"), "ZwSuspendProcess");
        HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
        ZwSuspendProcess(hProc);
        printf("Process Suspended succefully!!\nClosing threads...\n");
        _ZwQueryInformationThread ZwQueryInformationThread = (_ZwQueryInformationThread)GetProcAddress(GetModuleHandleA("ntdll.dll"), "ZwQueryInformationThread");
        HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, PID);
        THREADENTRY32 TE;
        TE.dwSize = sizeof(TE);
        Thread32First(hSnap, &TE);
        DWORD BaseAddress = GetModuleBaseAddress(PID, "XTrapVa.dll");
        DWORD BaseSize = GetModuleSize(PID, "XTrapVa.dll");
        printf("XTrap BaseAddress: 0x%X \n", BaseAddress);
        printf("XTrap Size: 0x%X [ %d ] \n", BaseSize);
        while (Thread32Next(hSnap, &TE))
        {
            HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, TE.th32ThreadID);
            DWORD Start;
            ZwQueryInformationThread(hThread, ThreadQuerySetWin32StartAddress, &Start, sizeof(Start), NULL);
            if (Start >= BaseAddress && Start <= BaseAddress+BaseSize)
            {
                TerminateThread(hThread, 8);
            }
            if (Start - (BaseAddr+fcExp) == 0x6110 | Start - (BaseAddr+fcExp) == 0x2190)
            {
                TerminateThread(hThread, 8);
            }
        }
        CloseHandle(hSnap);
        printf("Threads closed succefully! \nClosing handles...\n");
        CloseHandles(PID); 
        printf("Handles closed succefully! \nPlease inject s0beit.dll and NoExit.dll\n");
        CloseHandle(hProc);
        system("PAUSE");
        _ZwResumeProcess ZwResumeProcess = (_ZwResumeProcess)GetProcAddress(GetModuleHandleA("ntdll.dll"), "ZwResumeProcess");
        hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
        ZwResumeProcess(hProc);
        printf("\n\nBye bye XTrap :) \n");
        system("PAUSE");
        return 0;
    }

  2. The Following 5 Users Say Thank You to Vitrix Maggot For This Useful Post:


  3. #2
    crazy
    crazy is offline
    Member-in-training crazy's Avatar
    Join Date
    2012 Jan
    Posts
    62
    Thanks Thanks Given 
    19
    Thanks Thanks Received 
    42
    Thanked in
    19 Posts
    Rep Power
    0
    very good initiative

  4. #3
    Vitrix Maggot
    Vitrix Maggot is offline
    Member-in-training Vitrix Maggot's Avatar
    Join Date
    2013 Apr
    Location
    Brasil
    Posts
    58
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    43
    Thanked in
    24 Posts
    Rep Power
    0
    Quote Originally Posted by crazy View Post
    very good initiative
    Thank you, I have more things to post more to realize that people do not have much interest in the area of programming
    I admire most other programmers not paid any dick!!

    Admiro outros Programadores mais nao pago pau pra nenhum !!


    Skype: Vitor Monteiro

  5. #4
    AikaMaster
    AikaMaster is offline
    Senior Member AikaMaster's Avatar
    Join Date
    2012 May
    Location
    Inside you mind!
    Posts
    245
    Thanks Thanks Given 
    58
    Thanks Thanks Received 
    642
    Thanked in
    68 Posts
    Rep Power
    0
    Quote Originally Posted by Vitrix Maggot View Post
    Thank you, I have more things to post more to realize that people do not have much interest in the area of programming
    Yeah, unluckly most people prefer "ready to use hacks" than learning how make them. It's good to know that there's one more person with knowledge to share with us. By the way this bypass closes Xtrap handles, but I guess in some games (like Aika) it may still have HB (heartbeats), so you may be disconnected after a few minutes.

  6. #5
    Vitrix Maggot
    Vitrix Maggot is offline
    Member-in-training Vitrix Maggot's Avatar
    Join Date
    2013 Apr
    Location
    Brasil
    Posts
    58
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    43
    Thanked in
    24 Posts
    Rep Power
    0
    Quote Originally Posted by AikaMaster View Post
    Yeah, unluckly most people prefer "ready to use hacks" than learning how make them. It's good to know that there's one more person with knowledge to share with us. By the way this bypass closes Xtrap handles, but I guess in some games (like Aika) it may still have HB (heartbeats), so you may be disconnected after a few minutes.
    I'm glad you gostodo really still left something Xtrap more use other method to take, one of them is eliminated in some handles own game, I'll post a source of executable on how to evade Xtrap without disabling it ^^
    I admire most other programmers not paid any dick!!

    Admiro outros Programadores mais nao pago pau pra nenhum !!


    Skype: Vitor Monteiro

  7. #6
    rcandrerc
    rcandrerc is offline
    New member
    Join Date
    2012 Apr
    Location
    nowhere
    Posts
    8
    Thanks Thanks Given 
    6
    Thanks Thanks Received 
    1
    Thanked in
    1 Post
    Rep Power
    0
    I have been watching vitrix threads and they are really good, unfortunately I just started study c++ and sometimes is hard to understand, but its good to see some elements that I learned in functional codes, I hope to catch up with u guys soon!!

  8. #7
    Vitrix Maggot
    Vitrix Maggot is offline
    Member-in-training Vitrix Maggot's Avatar
    Join Date
    2013 Apr
    Location
    Brasil
    Posts
    58
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    43
    Thanked in
    24 Posts
    Rep Power
    0
    Quote Originally Posted by rcandrerc View Post
    I have been watching vitrix threads and they are really good, unfortunately I just started study c++ and sometimes is hard to understand, but its good to see some elements that I learned in functional codes, I hope to catch up with u guys soon!!
    Thank you every day I'll post something different in programming help ^^
    I admire most other programmers not paid any dick!!

    Admiro outros Programadores mais nao pago pau pra nenhum !!


    Skype: Vitor Monteiro

  9. #8
    rokeys
    rokeys is offline
    New member
    Join Date
    2012 Aug
    Posts
    20
    Thanks Thanks Given 
    1
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    nice work,thanks

  10. #9
    Vitrix Maggot
    Vitrix Maggot is offline
    Member-in-training Vitrix Maggot's Avatar
    Join Date
    2013 Apr
    Location
    Brasil
    Posts
    58
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    43
    Thanked in
    24 Posts
    Rep Power
    0
    Quote Originally Posted by rokeys View Post
    nice work,thanks

    ^^ Thank you
    I admire most other programmers not paid any dick!!

    Admiro outros Programadores mais nao pago pau pra nenhum !!


    Skype: Vitor Monteiro

  11. #10
    gunnerp2
    gunnerp2 is offline
    Guest
    Join Date
    2013 Apr
    Posts
    1
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0

    Smile

    Hello Vitrix Maggot,

    It's nice work to suspend and terminate thread of XTrapVa.dll. But game still close even injected noexit.dll (xTrap 6720). How to solve this?

    btw: I try to to use "Code cave" to create some thread. But xtrap close my thread that I was created. Is it possible to protect thread no exit or close?
    Last edited by gunnerp2; 2013-04-24 at 07:26 AM. Reason: fixed some word.

Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 4
    Last Post: 2015-12-03, 09:56 AM
  2. Hackshield Bypass Source
    By Dwar in forum Anti-Cheat Systems
    Replies: 3
    Last Post: 2012-10-22, 07:57 PM
  3. Replies: 11
    Last Post: 2011-09-21, 02:15 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •