Archive for July, 2009

In this sample, we check if a module has a base image address as 0x00000000 more than once. The default executable will be set to that number; some modules attempt to hide by erasing their information from the _MODULEINFO structure, thus, GetModuleInformation would return 0x00000000 for the base address of such a module; in the […]

I found this under an old collection files; it’s a cheat for god mode in IJJI Gunz, using AT&T inline ASM. #include <windows.h> BYTE gdmeCheck = 0; BYTE tglCheck = 1; DWORD WINAPI GetKey ( LPVOID lpParam ); DWORD WINAPI GdMde ( LPVOID lpParam ); DWORD WINAPI GetZChar ( ); BOOL APIENTRY DllMain ( HINSTANCE […]

I know it’s a terrible idea, but, somebody had to do it! #include <tlhelp32.h> #include <windows.h> #define WIN32_LEAN_AND_MEAN #define VC_EXTRALEAN #define CODEBEGIN 0x00401000 #define CODEEND 0x004019FE #define modAllowedSize 11 const char modAllowedArray[][255] = { “ADVAPI32.DLL”, “ntdll.dll”, “RPCRT4.dll”, “Secur32.dll”, “PSAPI.DLL”, “kernel32.dll”, “USER32.dll”, “GDI32.dll”, “MSVCR90.dll”, “IMM32.DLL”, “Killing Bad Threads.exe” }; int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, […]

Just another idea I had for killing foreign threads 😉 #include <windows.h> #include <tlhelp32.h> #define CODEBEGIN 0x00401000 #define CODEEND 0x004019FE DWORD WINAPI GetThreadStartAddress( HANDLE hThread ) { NTSTATUS ntStatus; HANDLE hDupHandle; DWORD dwStartAddress; typedef NTSTATUS ( WINAPI *NQIT )( HANDLE, LONG, PVOID, ULONG, PULONG ); NQIT NtQueryInformationThread = ( NQIT )GetProcAddress( GetModuleHandle( “ntdll.dll” ), “NtQueryInformationThread” […]

Originally published around 2007, the vulnerability pertaining to removing the questiontype field on the “My Account” page has finally been patched. I guess account security isn’t something IJJI cares about all that much.

While this method is very old, I still find it necessary to be known. GameGuard’s hooks are a 5-byte JMP overwritten at the beginning of most functions. Considering most functions first 5 bytes are “MOV EDI, EDI”, “PUSH EBP”, and “MOV EBP, ESP”, you can write a generic layer for repairing functions: #include <windows.h> int […]

I don’t even know why I start on some of these projects.. <?php class MSSQL { private $link; public function Connect( $host, $user, $pass ) { return( $this->$link = mssql_connect( $host, $user, $pass ) ); } public function Disconnect( ) { return( mssql_close( $this->$link ) ); } public function Select( $database ) { return( mssql_select_db( […]