sbtoonz

## gist:7fdf67ebcf941e057836165cf1acf734
# List distributed by iblocklist.com

China Internet Information Center (CNNIC):1.2.4.0-1.2.4.255
China Internet Information Center (CNNIC):1.2.8.0-1.2.8.255
Botnet on Telekom Malaysia:1.9.96.105-1.9.96.105
Botnet on Telekom Malaysia:1.9.102.251-1.9.102.251
Botnet on Telekom Malaysia:1.9.106.186-1.9.106.186
Korea Internet & Security Agency (KISA) - IPv6 Policy:1.16.0.0-1.19.255.255
Botnet on FPT Telecom:1.55.241.140-1.55.241.140
AP2P on China Unicom Heilongjiang proxy:1.58.181.97-1.58.181.97

## detect_dll_hijack.cpp

#include <Windows.h>
#include <stdio.h>
#include <iostream>
LPVOID  original_func = NULL;
PIMAGE_IMPORT_DESCRIPTOR import_descriptor = NULL;
const wchar_t* back = L"\\";
wchar_t current_directory[MAX_PATH];
typedef HMODULE(WINAPI  * loadlibrary_def)(
	LPCWSTR lpLibFileName

## block_create_process.cpp
#include <ntddk.h>
#define BLOCK_PROCESS "notepad.exe"
static OB_CALLBACK_REGISTRATION obcallback_registration;
static OB_OPERATION_REGISTRATION oboperation_callback;
#define PROCESS_CREATE_THREAD  (0x0002)
#define PROCESS_CREATE_PROCESS (0x0080)
#define PROCESS_TERMINATE      (0x0001)
#define PROCESS_VM_WRITE       (0x0020)
#define PROCESS_VM_READ        (0x0010)
#define PROCESS_VM_OPERATION   (0x0008)

## [1] Description
// The ObRegisterCallbacks routine registers a list of callback routines for thread, process, and desktop handle operations.
// This function is a most public method used by anti cheat / anti virus software.

// Offical document:
// https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-obregistercallbacks

// Function syntax:
// NTSTATUS ObRegisterCallbacks(
//  POB_CALLBACK_REGISTRATION CallbackRegistration,
//  PVOID                     *RegistrationHandle

## ARK Signatures
bool InitSdk()
    {
        //E8 ? ? ? ? 48 89 1D ? ? ? ? 48 8B C3 48 8B 5C 24 ? 48 83 C4 28 C3 48 8B 5C 24 ?
        auto GNamePat = FindPattern("E8 ? ? ? ? 48 89 1D ? ? ? ? 48 8B C3 48 8B 5C 24 ? 48 83 C4 28 C3 48 8B 5C 24 ?");
        if (GNamePat == nullptr)return false;
        auto GNamesAddress = *reinterpret_cast<uint32_t*>(GNamePat + 8);
        uintptr_t GName = (DWORD64)(GNamePat + 12 + GNamesAddress);
        FName::GNames = reinterpret_cast<CG::TNameEntryArray*>(GName);

        auto GObjectPat = FindPattern("48 89 74 24 ? 48 89 74 24 ? E8 ? ? ? ? 48 8B 4C 24 ? F2 0F 10 05 ? ? ? ? F2 0F 11 01 8B 05 ? ? ? ? 89 41 08 0F B7 05 ? ? ? ?");

## ConsoleToGui.cs
using UnityEngine;

namespace Closure
{
    public class ConsoleToGui : MonoBehaviour
    {
        //#if !UNITY_EDITOR
        static string myLog = "";
        private string output;
        private string stack;

## HitData.cs
using System;
using UnityEngine;

namespace Closure.Hit_Hurtbox {
    [Serializable]
    public class HitData
    {
        public int damage;
        public Vector3 hitPoint;
        public Vector3 hitNormal;

## ShaderScraper.cs
using System;
using BepInEx;
using HarmonyLib;
using UnityEngine;
using System.Linq;
using System.Collections.Generic;

namespace ShaderAnalysis
{
    [BepInPlugin(ID, title, version)]
	# List distributed by iblocklist.com

	China Internet Information Center (CNNIC):1.2.4.0-1.2.4.255
	China Internet Information Center (CNNIC):1.2.8.0-1.2.8.255
	Botnet on Telekom Malaysia:1.9.96.105-1.9.96.105
	Botnet on Telekom Malaysia:1.9.102.251-1.9.102.251
	Botnet on Telekom Malaysia:1.9.106.186-1.9.106.186
	Korea Internet & Security Agency (KISA) - IPv6 Policy:1.16.0.0-1.19.255.255
	Botnet on FPT Telecom:1.55.241.140-1.55.241.140
	AP2P on China Unicom Heilongjiang proxy:1.58.181.97-1.58.181.97

	#include <Windows.h>
	#include <stdio.h>
	#include <iostream>
	LPVOID original_func = NULL;
	PIMAGE_IMPORT_DESCRIPTOR import_descriptor = NULL;
	const wchar_t* back = L"\\";
	wchar_t current_directory[MAX_PATH];
	typedef HMODULE(WINAPI * loadlibrary_def)(
	LPCWSTR lpLibFileName
	#include <ntddk.h>
	#define BLOCK_PROCESS "notepad.exe"
	static OB_CALLBACK_REGISTRATION obcallback_registration;
	static OB_OPERATION_REGISTRATION oboperation_callback;
	#define PROCESS_CREATE_THREAD (0x0002)
	#define PROCESS_CREATE_PROCESS (0x0080)
	#define PROCESS_TERMINATE (0x0001)
	#define PROCESS_VM_WRITE (0x0020)
	#define PROCESS_VM_READ (0x0010)
	#define PROCESS_VM_OPERATION (0x0008)
	// The ObRegisterCallbacks routine registers a list of callback routines for thread, process, and desktop handle operations.
	// This function is a most public method used by anti cheat / anti virus software.

	// Offical document:
	// https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-obregistercallbacks

	// Function syntax:
	// NTSTATUS ObRegisterCallbacks(
	// POB_CALLBACK_REGISTRATION CallbackRegistration,
	// PVOID *RegistrationHandle
	bool InitSdk()
	{
	//E8 ? ? ? ? 48 89 1D ? ? ? ? 48 8B C3 48 8B 5C 24 ? 48 83 C4 28 C3 48 8B 5C 24 ?
	auto GNamePat = FindPattern("E8 ? ? ? ? 48 89 1D ? ? ? ? 48 8B C3 48 8B 5C 24 ? 48 83 C4 28 C3 48 8B 5C 24 ?");
	if (GNamePat == nullptr)return false;
	auto GNamesAddress = reinterpret_cast<uint32_t>(GNamePat + 8);
	uintptr_t GName = (DWORD64)(GNamePat + 12 + GNamesAddress);
	FName::GNames = reinterpret_cast<CG::TNameEntryArray*>(GName);

	auto GObjectPat = FindPattern("48 89 74 24 ? 48 89 74 24 ? E8 ? ? ? ? 48 8B 4C 24 ? F2 0F 10 05 ? ? ? ? F2 0F 11 01 8B 05 ? ? ? ? 89 41 08 0F B7 05 ? ? ? ?");
	using UnityEngine;

	namespace Closure
	{
	public class ConsoleToGui : MonoBehaviour
	{
	//#if !UNITY_EDITOR
	static string myLog = "";
	private string output;
	private string stack;
	using System;
	using UnityEngine;

	namespace Closure.Hit_Hurtbox {
	[Serializable]
	public class HitData
	{
	public int damage;
	public Vector3 hitPoint;
	public Vector3 hitNormal;
	using System;
	using BepInEx;
	using HarmonyLib;
	using UnityEngine;
	using System.Linq;
	using System.Collections.Generic;

	namespace ShaderAnalysis
	{
	[BepInPlugin(ID, title, version)]