Skip to content

Instantly share code, notes, and snippets.

@Fonger

Fonger/gist:d2e7f8d67292c2d9585e

Created April 4, 2015 07:38
Show Gist options
  • Save Fonger/d2e7f8d67292c2d9585e to your computer and use it in GitHub Desktop.
Save Fonger/d2e7f8d67292c2d9585e to your computer and use it in GitHub Desktop.
Download ZIP
NimoHS.cpp (Deprecated HackShield CRCBypass DLL)
Raw
gistfile1.cpp
// =========================================================
// Name: NimoHS v1.0 Bypass AhnLab HackShield 5.2.8.893
// Date: November 1, 2009
// Author: nimo1993
// =========================================================
#include "stdafx.h"
#include "conio.h"
HANDLE (WINAPI * OrgOpenProcess)(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId) = OpenProcess;
bool SetHook(BOOL bState, PVOID* ppPointer, PVOID pDetour)
{
if (DetourTransactionBegin() == NO_ERROR)
if (DetourUpdateThread(GetCurrentThread()) == NO_ERROR)
if ((bState ? DetourAttach : DetourDetach)(ppPointer, pDetour) == NO_ERROR)
if (DetourTransactionCommit() == NO_ERROR)
return true;
return false;
}
bool IsHackShield(void *CallerAddress)
{
HMODULE hCallerModule = NULL;
if (GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, (LPCTSTR)CallerAddress, &hCallerModule))
{
wchar_t ModuleName[MAX_PATH];
GetModuleBaseName(GetCurrentProcess(), hCallerModule, ModuleName, MAX_PATH);
if (lstrcmpiW(ModuleName, L"EHSvc.dll") == 0)
return true;
}
return false;
}
HANDLE WINAPI OpenProcessHook(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId)
{
//if (GetCurrentProcessId() == dwProcessId)
if (IsHackShield(_ReturnAddress()))
{
SetLastError(ERROR_INVALID_PARAMETER);
return NULL;
}
return OrgOpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId);
}
void HSHook(BOOL state)
{
SetHook(state, (PVOID*)&OrgOpenProcess, (PVOID)OpenProcessHook);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment