Emektar Üye
[font='Trebuchet MS', Helvetica, Arial, sans-serif]Arkadaşlar [font=Arial, Helvetica, 'Helvetica Neue', Verdana, sans-serif]Xtrap Bypass[/FONT] Sourcesini Sizlerle Paylaşmaktan Gurur Duyarım.[/FONT]
[font='Trebuchet MS', Helvetica, Arial, sans-serif][HIDE][/HIDE][HIDE][/FONT][/hide][HIDE][/hide][HIDE][/hide]
[HIDE]main.cpp
Kod:
#include "Bypass.h"
DWORD WINAPI InitializeXTrapBypass() {
DWORD nBase;
while(1)
{
nBase = (DWORD)GetModuleHandleA("XTrapVa.dll");
if(nBase){
Sleep(500);
BYPASS bypass;
bypass.Driver64();
bypass.ProcessDetection();
break;
}
}
return 0;
}
BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
DisableThreadLibraryCalls(hDll);
if( dwReason == DLL_PROCESS_ATTACH)
{
_beginthread((void(*)(void*))InitializeXTrapBypass,sizeof(&InitializeXTrapBypass),0);
}
return TRUE;
}main.h
Kod:
#include <Windows.h>
#include <tlhelp32.h>
#include <process.h>
#include <wchar.h>
class BYPASS
{
public:
int BYPASS::ProcessDetection();
int BYPASS::Driver64();
};
int BYPASS::ProcessDetection()
{
DWORD K32EnumAddr = (DWORD)GetProcAddress(LoadLibraryA("Kernel32.dll"),"K32EnumProcesses");
//DWORD EnumAddr = (DWORD)GetProcAddress(LoadLibraryA("Psapi.dll"),"EnumProcesses");
DWORD old;
VirtualProtect((LPVOID)K32EnumAddr,sizeof(K32EnumAddr),PAGE_EXECUTE_READWRITE,&old);
//VirtualProtect((LPVOID)EnumAddr,sizeof(EnumAddr),PAGE_EXECUTE_READWRITE,&old);
memcpy((LPVOID)K32EnumAddr,(LPVOID)"\xC2\x0C\x00",3);
//memcpy((LPVOID)EnumAddr,(LPVOID)"\xC2\x0C\x00",3);
return 0;
}
int BYPASS::Driver64()
{
wmemcpy((wchar_t*)0x405D0C24,(const wchar_t*)"X6va01",6);
return 0;
}[/HIDE]
