PHP Code:
#include "stdafx.h"
#include "FFF_ACC.h"
#include "socket.h"
#include <AtlBase.h>
#include <windows.h>
#include <iostream>
#include <conio.h>
#include <tlhelp32.h>
#include <tchar.h>
using namespace std;
HWND MainWindowHandle = 0;
bool InitWindowApp(HINSTANCE instanceHandle, int Show);
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
bool check_user(){
bool result;
// Firewall Check Removed For Security Purposes //
return result;
}
void ban_user(char *handler){
// Ban Function Removed For Security Purposes //
}
void wconsole(const char *text,char *color){
if(color == "white"){
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY | FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
}
if(color == "green"){
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY | FOREGROUND_GREEN);
}
if(color == "red"){
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY | FOREGROUND_RED);
}
char consoleStringBuffer[2000];
HANDLE hOut = GetStdHandle(STD_OUTPUT_HANDLE);
DWORD dwChars;
sprintf(consoleStringBuffer, text);
WriteConsole(hOut, consoleStringBuffer,
(DWORD)strlen(consoleStringBuffer), &dwChars, NULL);
}
void wconsole_prox(const char *text, char *color){
wconsole("[","white");
wconsole("ACC","green");
wconsole("]: ","white");
wconsole(text,color);
wconsole("\r\n","white");
}
void reset_method(){
wconsole_prox("Attempting to reset connection to anti-cheat system!","red");
wconsole_prox("Please standby...","white");
// Reset Method Removed For Security Purposes //
}
void acc_connect(){
wconsole_prox("The AntiHack system will now attempt to connect to the server side.","white");
wconsole_prox("Please standby...","white");
// Connect Method Removed For Security Purposes //
}
DWORD WINAPI ThreadFunc( LPVOID lpParam )
{
AllocConsole();
SetConsoleTitle("FlyForFame Anti-Hack Beta 0.2 | Status Window");
char text[255];
sprintf(text,"Calling: %s", reinterpret_cast<const char*>(lpParam));
wconsole_prox("FlyForFame Anti-Hack System(Beta 0.2), Successfully Loaded!","white");
wconsole_prox(text,"white");
if(strstr(reinterpret_cast<const char*>(lpParam),"acc_connect")){
acc_connect();
}else{
if(strstr(reinterpret_cast<const char*>(lpParam),"CheckUser")){
check_user();
}
if(strstr(reinterpret_cast<const char*>(lpParam),"Ban0E1")){
ban_user("E01");
}
if(strstr(reinterpret_cast<const char*>(lpParam),"Ban0E2")){
ban_user("E02");
}
if(strstr(reinterpret_cast<const char*>(lpParam),"Ban0E3")){
ban_user("E03");
}
if(strstr(reinterpret_cast<const char*>(lpParam),"Ban0E4")){
ban_user("E04");
}
if(strstr(reinterpret_cast<const char*>(lpParam),"Ban0E5")){
ban_user("E05");
}else{
acc_connect();
}
}
return 0;
}
void automaton_registry(int level)
{
// Automaton Registry Check //
// When Automaton is installed the path to FlyFF is set here. //
// If Automaton is run the Teleport keys are stored here. //
// Detection Method: 0E1 //
if(level == 1){
CRegKey key;
long nError = key.Open(HKEY_CURRENT_USER, "Software\\FlyFF Automaton", MB_OK);
if(nError == ERROR_SUCCESS)
{
DWORD dwThreadId;
char dwThrdParam[7] = "Ban0E1";
HANDLE hThread;
hThread = CreateThread(NULL,0,ThreadFunc,&dwThrdParam,0,&dwThreadId);
MessageBox(NULL, "FlyFF Automaton has been detected!\n\nYou've now been IP/Account Banned.\n\nThe detection does not mean you were running Automaton currently.\nIt could mean it used to be on your system or still resides on your system.\n\nPrivate Message: AntiHack\nOn the forums for information on getting unbanned or why you got this message.\n\n\nDetection Method: 0E1", "FlyForFame Anti-Cheat(Beta 0.1)", MB_OK);
exit(0);
}
}
// GameGuard Down //
// If any application ever loads the gameguard down service it should popup here. //
// I'd asume it's simply used to bypass game guard, but still can be used as a detection method. //
// Detection Method: E02 //
if(level == 2){
CRegKey key;
long nError = key.Open(HKEY_LOCAL_MACHINE, "SYSTEM\\ControlSet001\\Enum\\Root\\LEGACY_GAMEGUARDDOWN", KEY_READ);
if(nError == ERROR_SUCCESS)
{
DWORD dwThreadId;
char dwThrdParam[16] = "Ban0E2";
HANDLE hThread;
hThread = CreateThread(NULL,0,ThreadFunc,&dwThrdParam,0,&dwThreadId);
MessageBox(NULL, "GameGuard Down(FlyFF Automaton Module) has been detected!\n\nYou've now been IP/Account Banned.\n\nThe detection does not mean you were running Automaton currently.\nIt could mean it used to be on your system or still resides on your system.\n\nPrivate Message: AntiHack\nOn the forums for information on getting unbanned or why you got this message.\n\n\nDetection Method: 0E2", "FlyForFame Anti-Cheat(Beta 0.1)", MB_OK);
exit(0);
}
}
// GameGuard Down //
// I'm certain that any application that loads gameguard down would create this key. //
// Windows uses registry in order to store services and system drivers. //
// The catch is windows never removes these registry keys even when the service, or driver is unloaded the key remains. //
// Detection Method: 0E3 //
if(level == 3){
CRegKey key;
long nError = key.Open(HKEY_LOCAL_MACHINE, "SYSTEM\\ControlSet001\\Services\\GameGuardDown", KEY_READ);
if(nError == ERROR_SUCCESS)
{
DWORD dwThreadId;
char dwThrdParam[16] = "Ban0E3";
HANDLE hThread;
hThread = CreateThread(NULL,0,ThreadFunc,&dwThrdParam,0,&dwThreadId);
MessageBox(NULL, "GameGuard Down(FlyFF Automaton Module) has been detected!\n\nYou've now been IP/Account Banned.\n\nThe detection does not mean you were running Automaton currently.\nIt could mean it used to be on your system or still resides on your system.\n\nPrivate Message: AntiHack\nOn the forums for information on getting unbanned or why you got this message.\n\n\nDetection Method: 0E3", "FlyForFame Anti-Cheat(Beta 0.1)", MB_OK);
exit(0);
}
}
// Detection Method: 0E4 //
if(level == 4){
CRegKey key;
long n1Error = key.Open(HKEY_LOCAL_MACHINE, "SYSTEM\\ControlSet003\\Services\\GameGuardDown", KEY_READ);
if(n1Error == ERROR_SUCCESS)
{
DWORD dwThreadId;
char dwThrdParam[16] = "Ban0E4";
HANDLE hThread;
hThread = CreateThread(NULL,0,ThreadFunc,&dwThrdParam,0,&dwThreadId);
MessageBox(NULL, "GameGuard Down(FlyFF Automaton Module) has been detected!\n\nYou've now been IP/Account Banned.\n\nThe detection does not mean you were running Automaton currently.\nIt could mean it used to be on your system or still resides on your system.\n\nPrivate Message: AntiHack\nOn the forums for information on getting unbanned or why you got this message.\n\n\nDetection Method: 0E4", "FlyForFame Anti-Cheat(Beta 0.1)", MB_OK);
exit(0);
}
}
// Detection Method: 0E5 //
if(level == 5){
CRegKey key;
long n2Error = key.Open(HKEY_LOCAL_MACHINE, "SYSTEM\\ControlSet003\\Enum\\Root\\LEGACY_GAMEGUARDDOWN", KEY_READ);
if(n2Error == ERROR_SUCCESS)
{
DWORD dwThreadId;
char dwThrdParam[16] = "Ban0E5";
HANDLE hThread;
hThread = CreateThread(NULL,0,ThreadFunc,&dwThrdParam,0,&dwThreadId);
MessageBox(NULL, "GameGuard Down(FlyFF Automaton Module) has been detected!\n\nYou've now been IP/Account Banned.\n\nThe detection does not mean you were running Automaton currently.\nIt could mean it used to be on your system or still resides on your system.\n\nPrivate Message: AntiHack\nOn the forums for information on getting unbanned or why you got this message.\n\n\nDetection Method: 0E5", "FlyForFame Anti-Cheat(Beta 0.1)", MB_OK);
exit(0);
}
}
}
void antihack_connect()
{
DWORD dwThreadId;
char dwThrdParam[12] = "acc_connect";
HANDLE hThread;
hThread = CreateThread(NULL,0,ThreadFunc,&dwThrdParam,0,&dwThreadId);
}
void _stdcall check()
{
// Automaton/GameGuard Down Checks //
automaton_registry(1);
automaton_registry(2);
automaton_registry(3);
automaton_registry(4);
automaton_registry(5);
// Connection to the anticheat server //
antihack_connect();
}
Es Ist Ein Anit Hack Schild Für ein Flyff
Comment