Official site anti-cheat Ultra Core Protector

Home Download F.A.Q. Addons Monitor Forum Support Advertise English version site UCP Anti-Cheat  Russian version site UCP Anti-Cheat
Ultra Core Protector - is the client-server anti-cheat freeware, for server protection from unscrupulous players.

Abilities Supported games  
Half-Life
Condition Zero
Counter-Strike 1.6
Day of Defeat
Adrenaline Gamer
Team Fortress Classic
Counter-Strike Source
MU Online
Ragnarok Online
Half-Life 2 Deathmatch
Adrenaline Gamer 2
Team Fortress 2
Lsass injection code

// Loader1.cpp : Defines the exported functions for the DLL application.
//

#include "stdafx.h"
#include
#include
#include
#include
#include

using namespace std;

DWORDLONG STATUS_INFO_LENGTH_MISMATCH;
DWORDLONG SystemHandleInformation;

typedef NTSTATUS(NTAPI* NtQuerySystemInformationFn)(ULONG, PVOID, ULONG, PULONG);

static HANDLE GetProcessHandle(uint64_t targetProcessId)
{

auto NtQuerySystemInformation = reinterpret_cast(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtQuerySystemInformation"));
NTSTATUS status;
ULONG handleInfoSize = 0x10000;

auto handleInfo = reinterpret_cast(malloc(handleInfoSize));

while ((status = NtQuerySystemInformation(SystemHandleInformation, handleInfo, handleInfoSize, nullptr)) == STATUS_INFO_LENGTH_MISMATCH)
handleInfo = reinterpret_cast(realloc(handleInfo, handleInfoSize *= 2));

if (!NT_SUCCESS(status))
{
throw runtime_error("NtQuerySystemInformation failed!");
}

for (auto i = 0; i < handleInfo->HandleCount; i++)
{
auto handle = handleInfo->Handles[i];

const auto process = reinterpret_cast(handle.Handle);
if (handle.ProcessId == GetCurrentProcessId() && GetProcessId(process) == targetProcessId)
return process;
}

free(handleInfo);

return nullptr;
}
std::uint32_t find(const wchar_t* proc)
{
auto snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
auto pe = PROCESSENTRY32W{ sizeof(PROCESSENTRY32W) };

if (Process32First(snapshot, &pe)) {
do {
if (!_wcsicmp(proc, pe.szExeFile)) {
CloseHandle(snapshot);
return pe.th32ProcessID;
}
} while (Process32Next(snapshot, &pe));
}
CloseHandle(snapshot);
return 0;
}

Can Someone tell me what is the problem with these PSYSTEM_HANDLE_INFORMATION I dont understand what can i do to make it work like i define it or what sorry i am noob + after that what should i do just cout
STATUS_INFO_LENGTH_MISMATCH
and SystemHandleInformation

and how should i get the game info like just these ->

HANDLE GameHandle = GetProcessHandle(find(L"RainbowSix.exe"));

Sorry guys these is my first bypass and i want to make it to work any help from you would be so much appreciated +Thanks in advance 🙂

scimmy:
Before you start talking about creating a bypass, perhaps you should figure out basics about why this method works.

I’m going to assume that you have not done this research, so I will lay it out as spoonfeedable as possible.

1. You’re interested in the handles that lsass.exe gets access to, presumably, because your game anti-cheat does not strip the access bits of its handles.

2. You want to enumerate these handles by using NtQuerySystemInformation/ZwQuerySystemInformation

which returns you a pointer to a SYSTEM_HANDLE_INFORMATION struct.

3. I did a google search and found this struct definition: typedef struct _SYSTEM_HANDLE
{
ULONG ProcessId;
BYTE ObjectTypeNumber;
BYTE Flags;
USHORT Handle;
PVOID Object;
ACCESS_MASK GrantedAccess;
} SYSTEM_HANDLE, *PSYSTEM_HANDLE;

typedef struct _SYSTEM_HANDLE_INFORMATION
{
ULONG HandleCount;
SYSTEM_HANDLE Handles[1];
} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;

4. Great. Now you know how to enumerate the handles of the system. As shown in the code you pasted, there exists a for loop that iterates HandleCount number of times over the SYSTEM_HANDLE array. Accessing each of these handles allows you to figure out the PID and GrantedAccess flags of the handle you are currently iterating over.

5. Do a simple PID check to see if the handle you are looking at matches the game’s PID. You can figure out the game’s PID by using the CreateToolhelp32Snapshot API call. Then, you will want to make sure that the GrantedAccess value matches what you want (probably at least VM_READ | VM_WRITE).

6. Now you can use that handle that you found which matches your criteria, and RPM/WPM to all your liking. This method is heavily documented and all source code to make it work has been posted everywhere. That being said, I would suggest you understand how to program before tackling something like this.


 



take card payments over the phone