[Release]ManualMap.cpp - Even more protection. ;)

[Velvet]

couldnt we just make a .exe that runs this file maybe off a server so the .dll wouldnt be loaded into the memory into the first place?

 

[Andrewp30]

uummm. i would have to think of a way that i could use autoit to load the .dll file then at the press of a button execute the file.

i don't know nething about C++. so will it show the whole map when it opens the .dll?

if it does reviel the whole map by just opening the .dll. i can easily make a program that executes it.

and i do have a C++ compiler sitting around somewhere on my computer. but i don't feel like re-installing my compiler... especialy since i never used it.

can some1 post the script as a .dll file for me?

 

[Forged]

The program is not a ****ing maphack. It has already been explained to you...

 

[Andrewp30]

ok. now that i read back i see that. it could be used to hide a mh tho.

just chill dude.

 

[Dark_Mage-]

Netter has included this (as ManualLoad) into EasyMap v3.0c ...

 

[newbiemc]

Netter has included this (as ManualLoad) into EasyMap v3.0c ...

Post a link to it

 

[R1CH]

Does this handle exports? Or will it even be possible for it to do so?

 

[Andrewp30]

wierd ho netter has all these maphacks out and mousepad still doesn't have his out.

and it is also wierd that he hasn't stolen every1's acount yet.

i can't wait untill BOOM "NETTER STOLE MY F*CKING ACOUNT!!!""AND THIS TIME I KNOW IT ISN'T A BAN!!!"

about thousands of those i am expecting some time soon

 

[Dark_Mage-]

//			GetProcAddress2 - by Darawk
//	
//	GetProcAddress2 is essentially identical to the
//	windows API function GetProcAddress, with one
//	key difference.  GetProcAddress2 does not check
//	to make sure the module handle that's passed to
//	it is in the loaded modules list.  GetProcAddress2
//	is designed to be used in conjunction with ManualMap
//	or CloakDll.  It allows you to access functions that
//	have been exported from a dll loaded by ManualMap or
//	cloaked by CloakDll.  This functionality is necessary
//	for plugin-based applications and late-binding functions.
#include <windows.h>

#define IMAGE_DIRECTORY_ENTRY_EXPORT 0

//	Pietrek's macro
//
//	MakePtr is a macro that allows you to easily add to values (including
//	pointers) together without dealing with C's pointer arithmetic.  It
//	essentially treats the last two parameters as DWORDs.  The first
//	parameter is used to typecast the result to the appropriate pointer type.
#define MakePtr( cast, ptr, addValue ) (cast)( (DWORD_PTR)(ptr) + (DWORD_PTR)(addValue))

//	This one is mine, but obviously..."adapted" from matt's original idea =p
#define MakeDelta(cast, x, y) (cast) ( (DWORD_PTR)(x) - (DWORD_PTR)(y))

//	My modified version of pietrek's function, to work with PE files that have
//	already been mapped into memory.
LPVOID GetPtrFromRVA( DWORD, IMAGE_NT_HEADERS *, PBYTE, bool);

FARPROC GetProcAddress2(HMODULE hMod, char *func)
{
	IMAGE_DOS_HEADER *dosHd;
	IMAGE_NT_HEADERS *ntHd;
	IMAGE_EXPORT_DIRECTORY *ied;
	char **names;
	unsigned short *ordinals;
	FARPROC *funcs;

	//	Make sure we got a valid pointer
	if(!hMod || hMod == INVALID_HANDLE_VALUE)
		return NULL;

	dosHd = (IMAGE_DOS_HEADER *)hMod;

    //	Verify the DOS header
	if(dosHd->e_magic != IMAGE_DOS_SIGNATURE)
		return NULL;

	ntHd = MakePtr(IMAGE_NT_HEADERS *, hMod, dosHd->e_lfanew);

	//	Verify the NT header
	if(ntHd->Signature != IMAGE_NT_SIGNATURE)
		return NULL;

    ied = (IMAGE_EXPORT_DIRECTORY *)GetPtrFromRVA((DWORD)(ntHd->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress),
		ntHd,
		(PBYTE)hMod, true);
	
	names = (char **)GetPtrFromRVA(ied->AddressOfNames, ntHd, (PBYTE)hMod, true);
	ordinals = (unsigned short *)GetPtrFromRVA(ied->AddressOfNameOrdinals, ntHd, (PBYTE)hMod, true);
	funcs = (FARPROC *)GetPtrFromRVA(ied->AddressOfFunctions, ntHd, (PBYTE)hMod, true);

	unsigned int i;
	for(i = 0; i < ied->NumberOfNames; i++)
		if(!stricmp((char *)GetPtrFromRVA((DWORD)names[i], ntHd, (PBYTE)hMod, true), func))
			break;

	if(i >= ied->NumberOfNames)
		return NULL;

    return MakePtr(FARPROC, hMod, funcs[ordinals[i]]);
}

//	Matt Pietrek's function
PIMAGE_SECTION_HEADER GetEnclosingSectionHeader(DWORD rva, PIMAGE_NT_HEADERS pNTHeader) 
{
    PIMAGE_SECTION_HEADER section = IMAGE_FIRST_SECTION(pNTHeader);
    unsigned int i;
    
    for ( i = 0; i < pNTHeader->FileHeader.NumberOfSections; i++, section++ )
    {
		// This 3 line idiocy is because Watcom's linker actually sets the
		// Misc.VirtualSize field to 0.  (!!! - Retards....!!!)
		DWORD size = section->Misc.VirtualSize;
		if ( 0 == size )
			size = section->SizeOfRawData;
			
        // Is the RVA within this section?
        if ( (rva >= section->VirtualAddress) && 
             (rva < (section->VirtualAddress + size)))
            return section;
    }
    
    return 0;
}

unsigned long GetMappedSectionOffset(IMAGE_NT_HEADERS *ntHd, IMAGE_SECTION_HEADER *seHd, void *base)
{
	IMAGE_SECTION_HEADER *section = IMAGE_FIRST_SECTION(ntHd);
	unsigned int i;
	unsigned long offset = MakeDelta(unsigned long, section, base);

	for(i = 0; i < ntHd->FileHeader.NumberOfSections; i++, section++)
	{
		if(section->Name == seHd->Name)
		{
			offset = MakeDelta(unsigned long, section->VirtualAddress, section->PointerToRawData);
			break;
		}

		//offset += (section->SizeOfRawData > ntHd->OptionalHeader.SectionAlignment ? 
		//	section->SizeOfRawData - ntHd->OptionalHeader.SectionAlignment :
		//	ntHd->OptionalHeader.SectionAlignment - section->SizeOfRawData);
	}

	return offset;
}

//	This function is also Pietrek's
LPVOID GetPtrFromRVA( DWORD rva, IMAGE_NT_HEADERS *pNTHeader, PBYTE imageBase, bool mapped )
{
	PIMAGE_SECTION_HEADER pSectionHdr;
	INT delta;
	unsigned long offset = 0;

	pSectionHdr = GetEnclosingSectionHeader( rva, pNTHeader );

	if(mapped)
		offset = GetMappedSectionOffset(pNTHeader, pSectionHdr, imageBase);

	if ( !pSectionHdr )
		return 0;
 
	delta = (INT)(pSectionHdr->VirtualAddress-pSectionHdr->PointerToRawData);
	return (PVOID) ( imageBase + rva - delta + offset);
}

 

[R1CH]

Well that answers that . Now to see how much work would be involved to hack D2Loader plugin loading system to cloak all plugins by default...

 

[wasup999999]

uummm. i would have to think of a way that i could use autoit to load the .dll file then at the press of a button execute the file.

i don't know nething about C++. so will it show the whole map when it opens the .dll?

if it does reviel the whole map by just opening the .dll. i can easily make a program that executes it.

and i do have a C++ compiler sitting around somewhere on my computer. but i don't feel like re-installing my compiler... especialy since i never used it.

can some1 post the script as a .dll file for me?

Andrew, the way you thinks will not work. To "open" the dll, you would have to load it into the memory of either yours of another program, which i do not believe autoit can do. What happens when you "open" the dll, is when it is hooked, it will run a function that is hardcoded into the dll, which will in our case of our maphacks, wait for the - key to be hit. This will then do whatever the dll needs to to show the rest of the map.

Even if autoit did have a function to load it into the memory, it would be totally detectable and would get you banned.

 

[Dark_Mage-]

The code has been updated.
http://www.realmgx.com/phpBB2/viewtopic.php?t=4399

Also, I probably won't be posting much here anymore, so keep checking there for updates.