bool Verified() { DWORD nSize;DWORD nSize2;int nSize3;DWORD lVolSerialNbr=0; char cUsername[255] = "";char cComputername[255] = "";char cComputerhost[255] = "";char sHDSerial[255] = ""; nSize = sizeof( cUsername );nSize2 = sizeof( cComputername );nSize3 = sizeof( cComputerhost ); GetUserName( cUsername, &nSize ); GetComputerName( cComputername, &nSize2); GetVolumeInformation( "C:\\", 0, 0, &lVolSerialNbr, 0, 0, 0, 0); ultoa(lVolSerialNbr, sHDSerial, 10); DWORD crcComputerName = crc32(cComputername); DWORD crcUserName = crc32(cUsername); DWORD crcHDSer = crc32(sHDSerial); DWORD HardWareID = crcComputerName+crcUserName+crcHDSer; int asdf = HardWareID; #define AddUser( HWID , Name ) \ if (HardWareID == HWID) \ { \ return true; \ } //------------------------------------- //------------------------------------- //------------------------------------- AddUser(2678293199, Wakka);//Me //AddUser(3704215055, Wakkaa);//Me //AddUser(3627626398, Skittles);//danny //AddUser(749159897, Jaybento);//Jayb //AddUser(1031561783, chemical);//chemical return false; }
if(!Verified()) FatalAppExit( NULL, "Skyh4x priv8 antileak:\n\nNOT VERIFIED!" );
Now if i start my hack obviously skyh0oks private antileak tells me that im not verified o0
Thank god every noob is so dumb to use apis soo blatant:
GetUserName( cUsername, &nSize ); GetComputerName( cComputername, &nSize2); GetVolumeInformation( "C:\\", 0, 0, &lVolSerialNbr, 0, 0, 0, 0);
Ok, open up olly, attach to CSS, open up the Executable Window , click on kernel32.dll. Open up the Names Window ( CTRL + N ) and search for GetVolumeInformation! You will find two, *A and *W, breakpoint both just to be sure. You breakpoint both by clicking at them and clicking F2!
Now let CSS run by clicking on the "Play" sign at ollydbg taskbar and attach your favourite VIP H0ok.
Now your game should stop and your Olly should show PAUSED in the left upper corner. Now go to DEBUG -> Execute till User Code. Go to Execute till User Code again, don't ask me why. :D
Now we are in the anti leak.
0FCA1F58 FF15 3840CA0F CALL DWORD PTR DS:[<&KERNEL32.GetVolumeInf>; kernel32.GetVolumeInformationA 0FCA1F5E 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+C] 0FCA1F62 6A 0A PUSH 0A 0FCA1F64 8D9424 1C020000 LEA EDX,DWORD PTR SS:[ESP+21C] 0FCA1F6B 52 PUSH EDX 0FCA1F6C 50 PUSH EAX 0FCA1F6D FF15 DC40CA0F CALL DWORD PTR DS:[<&MSVCR90._ultoa>] 0FCA1F73 83C4 0C ADD ESP,0C 0FCA1F76 8D4424 18 LEA EAX,DWORD PTR SS:[ESP+18] 0FCA1F7A E8 E1FEFFFF CALL XACESP.0FCA1E60 ; CRC 0FCA1F7F 8BF0 MOV ESI,EAX 0FCA1F81 8D8424 18010000 LEA EAX,DWORD PTR SS:[ESP+118] 0FCA1F88 E8 D3FEFFFF CALL XACESP.0FCA1E60 0FCA1F8D 8BF8 MOV EDI,EAX 0FCA1F8F 8D8424 18020000 LEA EAX,DWORD PTR SS:[ESP+218] 0FCA1F96 E8 C5FEFFFF CALL XACESP.0FCA1E60 0FCA1F9B 8B8C24 18030000 MOV ECX,DWORD PTR SS:[ESP+318] 0FCA1FA2 03C7 ADD EAX,EDI ; ADD 0FCA1FA4 03C6 ADD EAX,ESI 0FCA1FA6 5F POP EDI ; 00202680 0FCA1FA7 3D CF82A39F CMP EAX,9FA382CF ; COMPARE 0FCA1FAC 5E POP ESI ; 00202680 0FCA1FAD 0F94C0 SETE AL ; SET RETURN VALUE BASED ON CMP-RESULT! 0FCA1FB0 5B POP EBX ; 00202680 0FCA1FB1 33CC XOR ECX,ESP 0FCA1FB3 E8 93080000 CALL XACESP.0FCA284B 0FCA1FB8 81C4 10030000 ADD ESP,310 0FCA1FBE C3 RETN
Okay, we just handle this one easy, we place a
MOV AL, 1 RETN
Or nop the call to FatalAppExit,
Or place your own HWID in the CMP,
Or patch the jump that jumps over the FatalAppExit:
0FCA1FD2 E8 D9FEFFFF CALL XACESP.0FCA1EB0 ; AntiLeak 0FCA1FD7 84C0 TEST AL,AL ; return value 0FCA1FD9 75 0D JNZ SHORT XACESP.0FCA1FE8 ; if verified, jump over it, PATCH THIS TO A NORMAL JMP SO IT ALWAYS JUMPS 0FCA1FDB 68 A443CA0F PUSH XACESP.0FCA43A4 ; ASCII "Skyh4x priv8 antileak:\n\nNOT VERIFIED!" 0FCA1FE0 6A 00 PUSH 0 0FCA1FE2 FF15 3C40CA0F CALL DWORD PTR DS:[<&KERNEL32.FatalAppExit>; kernel32.FatalAppExitA
Oh well, you see there are alot of ways..
Comment