-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathmain.cc
109 lines (90 loc) · 3.54 KB
/
main.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
// bacsable badlion anticheat bypass modified, optimized, and commented cuz i was bored... no idea if this still bypasses
#include <windows.h>
#include <TlHelp32.h>
#include <algorithm>
#include <iostream>
#include <fstream>
#include <psapi.h>
#include <random>
#include <string>
#include "xorstr.hh"
const char in[] = "qwerty1ui2op5asd7fgh8jkl9zx3c4vb6nm";
char out[16];
bool IsParentDebugger() {
DWORD parentProcessId = 0;
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot != INVALID_HANDLE_VALUE)
{
PROCESSENTRY32 pe = { sizeof(pe) };
if (Process32First(hSnapshot, &pe))
{
do
{
if (pe.th32ProcessID == GetCurrentProcessId())
{
parentProcessId = pe.th32ParentProcessID;
break;
}
} while (Process32Next(hSnapshot, &pe));
}
CloseHandle(hSnapshot);
}
if (parentProcessId)
{
HANDLE parentProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, parentProcessId);
if (parentProcess)
{
char processName[MAX_PATH] = { 0 };
DWORD processNameLength = sizeof(processName);
if (QueryFullProcessImageNameA(parentProcess, 0, processName, &processNameLength))
{ // these are just examples and you can obviously replace them with whatever you want
if (strstr(processName, "OllyDbg.exe") != nullptr ||
strstr(processName, "IDA.exe") != nullptr ||
strstr(processName, "x64dbg.exe") != nullptr ||
strstr(processName, "gdb.exe") != nullptr ||
strstr(processName, "windbg.exe") != nullptr)
{
std::cout << xorstr("parent process is a debugger") << std::endl;
CloseHandle(parentProcess);
return true;
}
}
CloseHandle(parentProcess);
}
}
return false;
}
int main() {
if (IsDebuggerPresent() || IsParentDebugger())
{
std::cout << xorstr("debugger detected") << std::endl;
exit(-1);
}
std::cout << xorstr("no debugger detected") << std::endl;
std::sample(std::begin(in), std::end(in) - 1, std::begin(out),
15, std::mt19937{ std::random_device{}() });
out[15] = '\0';
SetConsoleTitleA(out);
std::cout << xorstr("Badlion AntiCheat HWID Spoofer\n\n");
system("pause");
std::cout << xorstr("Clearing display monitor information from the registry...\n");
// save the registry entries before deleting them
std::ofstream reg_file(xorstr("reg_backup.txt"));
if (reg_file)
{
system(xorstr("reg export HKLM\\SYSTEM\\ControlSet001\\Enum\\Display reg_backup.txt"));
system(xorstr("reg export HKLM\\SYSTEM\\CurrentControlSet\\Enum\\Display reg_backup.txt"));
reg_file.close();
}
else
{
std::cout << "failed to open file to save registry entries!" << std::endl;
}
system(xorstr("reg delete HKLM\\SYSTEM\\ControlSet001\\Enum\\Display /f"));
system(xorstr("reg delete HKLM\\SYSTEM\\CurrentControlSet\\Enum\\Display /f"));
std::cout << xorstr("\nSpoofing disk identifiers...\n\n");
system(xorstr("kdmapper.exe spoofer.sys"));
std::cout << xorstr("\nHWID Successfully spoofed!\n");
system("pause > nul");
return 0;
}