Xtrap Bypass code /2016/08/30

[ltr]#include
#include
#include "detours.h"
#include
#include
#include
#include "tchar.h"
#include "stdio.h"
#include "psapi.h"
#include
#include
#include
using namespace std;
LPCTSTR lpFile_XTRAP;
// Values
typedef HMODULE (WINAPI *tLoadLibraryA)(LPCTSTR);
typedef HMODULE (WINAPI *tLoadLibraryExA)(LPCTSTR, HANDLE, DWORD);
typedef BOOL (WINAPI *tTerminateProcess)(HANDLE, UINT);
typedef VOID (WINAPI *tExitProcess)(UINT);
// Original Functions
tLoadLibraryA m_LoadLibraryAOrig = nullptr;
tLoadLibraryExA m_LoadLibraryExAOrig = nullptr;
tTerminateProcess m_TerminateProcessOrig = nullptr;
tExitProcess m_ExitProcessOrig = nullptr;
// Hooked LoadLibraryA
static HMODULE WINAPI HookedLoadLibraryA(LPCTSTR lpFileName)
{
//cout << "LoadLibraryA : [" << lpFileName << "]" << endl;
if(string(lpFileName).find("XTrapVa.dll") != string::npos)
{
lpFile_XTRAP = lpFileName;
cout << "Blocked LoadLibraryA [" << lpFileName << "]" << endl;
return (HMODULE)0xA0B1C2D3;
}
return m_LoadLibraryAOrig(lpFileName);
}
// Hooked LoadLibraryExA
static HMODULE WINAPI HookedLoadLibraryExA(LPCTSTR lpFileName, HANDLE hHandle, DWORD uk1)
{
cout << "LoadLibraryExA : [" << lpFileName << "]" << endl;
if(string(lpFileName).find("XTrapVa.dll") != string::npos)
{
cout << "Blocked LoadLibraryExA [" << lpFileName << "]" << endl;
return (HMODULE)0xA0B1C2D3;
}
return m_LoadLibraryExAOrig(lpFileName, hHandle, uk1);
}
// Hooked ExitProcess
static BOOL WINAPI HookedTerminateProcess(HANDLE hProcess, UINT uExitCode)
{
cout << "TerminateProcess Was Blocked" << endl;
return false;
}
// Hooked ExitProcess
static VOID WINAPI HookedExitProcess(UINT uExitCode)
{
cout << "ExitProcess Was Blocked : ExitCode = " << uExitCode << endl;
return ;
}
// GetLastError String
// Main Function
void I2()
{
AllocConsole();
freopen("CONIN$", "r", stdin);
freopen("CONOUT$", "w", stdout);

DWORD TerminateProcessAddy = (DWORD)GetProcAddress(GetModuleHandle("Kernel32.dll"), "TerminateProcess");
DWORD ExitProcessAddy = (DWORD)GetProcAddress(GetModuleHandle("Kernel32.dll"), "ExitProcess");
DWORD PostQuitMessageAddy = (DWORD)GetProcAddress(GetModuleHandle("User32.dll"), "PostQuitMessage");
DWORD LoadLibraryAAddy = (DWORD)GetProcAddress(GetModuleHandle("Kernel32.dll"), "LoadLibraryA");
DWORD LoadLibraryExAAddy = (DWORD)GetProcAddress(GetModuleHandle("Kernel32.dll"), "LoadLibraryExA");

cout << "TerminateProcess Addy : " << hex << uppercase << TerminateProcessAddy << endl;
cout << "ExitProcess Addy : " << hex << uppercase << ExitProcessAddy << endl;

m_ExitProcessOrig = (tExitProcess)DetourFunction((BYTE*)ExitProcessAddy, (BYTE*)HookedExitProcess);
cout << " >> Detoured TerminateProcess : [" << hex << uppercase << ExitProcessAddy << "]" << endl;
m_TerminateProcessOrig = (tTerminateProcess)DetourFunction((BYTE*)TerminateProcessAddy, (BYTE*)HookedTerminateProcess);
cout << " >> Detoured ExitProcess : [" << hex << uppercase << TerminateProcessAddy << "]" << endl;
m_LoadLibraryAOrig = (tLoadLibraryA)DetourFunction((BYTE*)LoadLibraryAAddy, (BYTE*)HookedLoadLibraryA);
cout << " >> Detoured LoadLibraryA : [" << hex << uppercase << LoadLibraryAAddy << "]" << endl;
/*m_LoadLibraryExAOrig = (tLoadLibraryExA)DetourFunction((BYTE*)LoadLibraryExAAddy, (BYTE*)HookedLoadLibraryExA);
cout << " >> Detoured LoadLibraryExA : [" << hex << uppercase << LoadLibraryExAAddy << "]" << endl;*/
//
return;
HMODULE XtrapVaDll = m_LoadLibraryAOrig("XTrapVa.dll");
if(XtrapVaDll != NULL)
{
FreeLibraryAndExitThread(XtrapVaDll, 0);
cout << "Just Free Library XTrapVa.dll" << endl;
}
else { cout << "XTrapVa.dll Wasn't Found ..." << endl; }
return;
}
// Dll Main
extern "C" __declspec(dllexport)BOOL WINAPI DllMain (HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls(hinstDLL);
CreateThread(0, 0, (LPTHREAD_START_ROUTINE)I2, 0, 0, 0);
break;
}
return true;
}






Dont copy this one
You need Detour 1.5
Credits to I2espect
[/ltr]