Xingcode 3 Killer C++ Code

PBYTE FindStartOfFunc(PBYTE Addy)
{
    if (!Addy) return Addy;
    while (true) if (compare((PBYTE)"\x55\x8B\xEC", "xxx", Addy--)) return ++Addy;
}




PBYTE FindPush(PBYTE sig, PCHAR mask, DWORD dwBase, DWORD dwLen)
{
    if (!dwBase) return nullptr;
    BYTE PushSig[5] = { 0x68, 0, 0, 0, 0 };
    *(PDWORD)(&PushSig[1]) = FindSignature(sig, mask, dwBase, dwLen, 0);
    if (*(PDWORD)(&PushSig[1]) == NULL) return NULL;
    return (PBYTE)FindSignature(PushSig, "xxxxx", dwBase, dwLen, 0);
}




bool bTriggered = false, bSuccess = false;
void bypass()
{
    DWORD dwCShell = FindCShell();
    if (dwCShell != NULL)
    {
        PBYTE BypassSig = FindPush((PBYTE)"XIGNCODE", "xxxxxxxxx", dwCShell, 5000000);
        if (BypassSig != nullptr)
        {
            PBYTE BypassFunc = FindStartOfFunc(BypassSig);
            if (BypassFunc && !memcmp(BypassFunc, (PBYTE)"\x55\x8B\xEC", 3))
            {
                Wrt((PBYTE)BypassFunc, (PBYTE)"\xB0\x01\xC3", 3);
                bSuccess = true;
            }
        }
    }
    bTriggered = true;
}
cBreakpoint* bp = NULL;
PBYTE pcheck = 0;
LONG WINAPI ExceptionHandler(EXCEPTION_POINTERS* e)
{
    if (e->ExceptionRecord->ExceptionCode != EXCEPTION_SINGLE_STEP) return EXCEPTION_CONTINUE_SEARCH;
    if (e->ContextRecord->Eip == (DWORD)pcheck)
    {
        e->ContextRecord->Esp -= 4;
        *(PDWORD)(e->ContextRecord->Esp) = e->ContextRecord->Eip + 0x2;




        e->ContextRecord->Eip = e->ContextRecord->Edx;
        bypass();
        return EXCEPTION_CONTINUE_EXECUTION;
    }
    return EXCEPTION_CONTINUE_SEARCH;
}




void Start()
{
    Sleep(1000);
    AntiHWIDBan();
    while (pcheck == nullptr)
    {
        Sleep(30);
        pcheck = FindPush((PBYTE)"DIRECTSHOW\x00", "xxxxxxxxxx", (DWORD)GetModuleHandleA("wolftü.bin"), 5000000);
    }
    pcheck -= 2;
    bp = new cBreakpoint(ExceptionHandler);
    bp->SetBP((DWORD)pcheck);
    while (!bTriggered) Sleep(1000);
    delete bp;
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved)
{
    if (ul_reason_for_call == DLL_PROCESS_ATTACH)
    {
        //int iStaticModule = MessageBoxA(0, "Static CShell/Obj?", "", MB_YESNO);
        //if (iStaticModule == IDYES) Hook((PBYTE)GetProcAddress(GetModuleHandleA("kernel32"), "GetTempFileNameA"), (PBYTE)&xGetTempFileNameA, 5);
        HANDLE hThread = CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)&Start, NULL, NULL, NULL);
        if (hThread != NULL) CloseHandle(hThread);
    }
    return TRUE;
}