Jump to content
gunnapong

Anti Wpe pro

Recommended Posts

On 7/16/2021 at 8:53 AM, gunnapong said:

I want Anti WPE PRO !

I make no can !!  Help me plz

Hello!

 

WPE Pro changes bytes of 'send' and 'recv' functions from ws2_32.dll library in game client memory. So you can check if bytes were changed, it will mean that someone attached WPE Pro to the game process.

 

You can write, for example, a DLL and attach it to the game process If you are familiar with C++. When someone attaches WPE Pro to the client protcess, the game is closed.

#include <windows.h>
#include <cstdio>
 
// Pointer to send() function
DWORD dwSendAddress  = 0x0060094C;

// A thread which will protect client against WPE Pro
DWORD WINAPI ShieldThread(LPVOID);
 
 
// Our entry point
int WINAPI DllEntryPoint(HINSTANCE hinst, unsigned long reason, void* lpReserved)
{
    switch (reason)
    {
        case DLL_PROCESS_ATTACH:
 
            // Starting the thread . . .
            DWORD thID;
            CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)ShieldThread, 0, 0, &thID);
 
            break;
    }
 
    return 1;
}
 
 
// A thread which will protect client against WPE Pro
DWORD WINAPI ShieldThread(LPVOID)
{
    // Amount of bytes of send() function to check
    const int n = 8;
	
    // send() function address
    DWORD dwSend = 0;
	
    // A buffer for reference send() bytes
    char OriginalCode[n];
	
    // A buffer for current send() bytes 
    char CheckCode[n];
 
 
    // Getting send() function address
    memcpy((char *)&dwSend, (char *)dwSendAddress, sizeof(dwSend));
	
    // Getting reference send() bytes
    memcpy(OriginalCode, (char *)dwSend, n);
 
 
    // Checking if send() functions bytes were changed in a loop
    while (true)
    {
        // Getting current send() bytes
        memcpy((char *)&CheckCode, (char *)dwSend, n);
 
        // Comparing them with reference bytes. . . 
        if (memcmp(OriginalCode, CheckCode, n))
        {
            // Looks like WPE Pro is attached! Do something . . .
            exit(EXIT_FAILURE); // Close the game
        }
 
        // Waiting for a second...
        Sleep(1000);
    }
 
    return 0;
}

 

You also need to take care of protection against WPE Pro on the server side. You can think about some new encryption for the protocol and other protection mechanisms that will only be known to you. Note: All this requires extensive programming and reverse engineering skills.

  • Like 1

Share this post


Link to post
Share on other sites

in which void/ Thread this address in source if you remember?

DWORD dwSendAddress  = 0x0060094C;

and as additional help to avoid people using debug in your client can use 
 

IsDebuggerPresent();

from windows header to close the client if attached to debugger 

  • Thanks 1

Share this post


Link to post
Share on other sites
9 hours ago, mkhzaleh said:

in which void/ Thread this address in source if you remember?


DWORD dwSendAddress  = 0x0060094C;

 

This address is taken from Game.exe functions import table

  • Like 1

Share this post


Link to post
Share on other sites
2 hours ago, V3ct0r said:

This address is taken from Game.exe functions import table

thanks, just to make it clear for others
you can use CFF EXPLOLER AND select import directory -->>ws2_32.dll
unknown.png

Share this post


Link to post
Share on other sites
On 19/7/2564 at 5 นาฬิกา 29 นาที, mkhzaleh said:

ขอบคุณ เพื่อให้ชัดเจนสำหรับผู้อื่น
คุณสามารถใช้ CFF EXPLOLER และเลือกไดเรกทอรีนำเข้า -->>ws2_32.dll
ไม่รู้จัก.png

how to write code I have written the code according to the picture, but it doesn't work.

Edited by gunnapong

Share this post


Link to post
Share on other sites
On 1/11/2022 at 12:45 PM, flamyman1412 said:

I've tried searching but can't find it.

For your Game.exe, which you sent in this thread today, the address will be:

DWORD dwSendAddress = 0x00617914;

 


Share this post


Link to post
Share on other sites

Hello @gunnapong,

 

What have you tried so far? Where did you get stuck?


Share this post


Link to post
Share on other sites
4 hours ago, V3ct0r said:

Hello @gunnapong,

 

What have you tried so far? Where did you get stuck?

I tried build but it didn't work.I don't have any knowledge of c++ either.

Edited by gunnapong

Share this post


Link to post
Share on other sites
On 4/25/2022 at 12:56 PM, gunnapong said:

I tried build but it didn't work.I don't have any knowledge of c++ either.

"Didn't work". What does it mean? Errors, logs, other things to understand what is the problem?


Share this post


Link to post
Share on other sites
On 18.07.2021 at 14:42, V3ct0r said:

Hello!

 

WPE Pro changes bytes of 'send' and 'recv' functions from ws2_32.dll library in game client memory. So you can check if bytes were changed, it will mean that someone attached WPE Pro to the game process.

 

You can write, for example, a DLL and attach it to the game process If you are familiar with C++. When someone attaches WPE Pro to the client protcess, the game is closed.


#include <windows.h>
#include <cstdio>
 
// Pointer to send() function
DWORD dwSendAddress  = 0x0060094C;

// A thread which will protect client against WPE Pro
DWORD WINAPI ShieldThread(LPVOID);
 
 
// Our entry point
int WINAPI DllEntryPoint(HINSTANCE hinst, unsigned long reason, void* lpReserved)
{
    switch (reason)
    {
        case DLL_PROCESS_ATTACH:
 
            // Starting the thread . . .
            DWORD thID;
            CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)ShieldThread, 0, 0, &thID);
 
            break;
    }
 
    return 1;
}
 
 
// A thread which will protect client against WPE Pro
DWORD WINAPI ShieldThread(LPVOID)
{
    // Amount of bytes of send() function to check
    const int n = 8;
	
    // send() function address
    DWORD dwSend = 0;
	
    // A buffer for reference send() bytes
    char OriginalCode[n];
	
    // A buffer for current send() bytes 
    char CheckCode[n];
 
 
    // Getting send() function address
    memcpy((char *)&dwSend, (char *)dwSendAddress, sizeof(dwSend));
	
    // Getting reference send() bytes
    memcpy(OriginalCode, (char *)dwSend, n);
 
 
    // Checking if send() functions bytes were changed in a loop
    while (true)
    {
        // Getting current send() bytes
        memcpy((char *)&CheckCode, (char *)dwSend, n);
 
        // Comparing them with reference bytes. . . 
        if (memcmp(OriginalCode, CheckCode, n))
        {
            // Looks like WPE Pro is attached! Do something . . .
            exit(EXIT_FAILURE); // Close the game
        }
 
        // Waiting for a second...
        Sleep(1000);
    }
 
    return 0;
}

 

You also need to take care of protection against WPE Pro on the server side. You can think about some new encryption for the protocol and other protection mechanisms that will only be known to you. Note: All this requires extensive programming and reverse engineering skills.

I tried copying this text into vs2019 and it builds some error, I don't know what's wrong. I'm sorry English. @V3ct0r

Share this post


Link to post
Share on other sites
On 4/30/2022 at 2:57 AM, gunnapong said:

I tried copying this text into vs2019 and it builds some error, I don't know what's wrong. I'm sorry English. @V3ct0r

Do you can explain in more details what you did? Step by step. What specific compilation errors did you get?

 

Note: To compile this code you should create 'Dynamic Link Library' project, not 'Console Application' one.


Share this post


Link to post
Share on other sites
В 05.05.2022 в 11:29, V3ct0r сказал:

Можете ли вы объяснить более подробно, что вы сделали? Шаг за шагом. Какие конкретно ошибки компиляции вы получили?

 

Примечание. Чтобы скомпилировать этот код, вы должны создать проект « Библиотека динамических ссылок », а не « Консольное приложение ».

A very interesting topic, thank you for your help, I have a question how did you find out the address of the table DWORD dwSendAddress = 0x0060094C ; ??

Share this post


Link to post
Share on other sites
On 5/5/2022 at 3:29 PM, V3ct0r said:

Do you can explain in more details what you did? Step by step. What specific compilation errors did you get?

 

Note: To compile this code you should create 'Dynamic Link Library' project, not 'Console Application' one.

I have no knowledge of C++, I can't build it successfully with an error.

1.PNG

2.PNG

Share this post


Link to post
Share on other sites

Hello @Сухарик,

 

CFF send imp.png

 

 

Hello @gunnapong,

 

Add the following line into the beginning:

#include "pch.h"

or:

Quote

Visual Studio: Disable Precompiled Headers

Open your project, then select “Project” > “appname Properties…“.

Expand “Configuration Properties” > “C/C++” > “Precompiled Headers“.

Set “Precompiled Header” to “Not Using Precompiled Headers“.

 


Share this post


Link to post
Share on other sites

огромное спасибо. 

3 часа назад, V3ct0r сказал:

Привет@Сухарик,

 

CFF отправить имп.png

 

 

Привет@gunnapong,

 

Добавьте в начало следующую строку:


или:

 

Огромное спасибо. где-то полгода назад закрыл сервер старенькой игры на движке vEngine, из-за частых проблем с недобросовестными игроками пришлось прикрыть лавку, проблема с подменами пакетов в плоть до падения мира. Сейчас пытаюсь найти способы защиты, все никак не могу найти разбирающегося человека в шифровании и защиты от программ заменяющих байты

Share this post


Link to post
Share on other sites
7 hours ago, Сухарик said:

огромное спасибо. 

Огромное спасибо. где-то полгода назад закрыл сервер старенькой игры на движке vEngine, из-за частых проблем с недобросовестными игроками пришлось прикрыть лавку, проблема с подменами пакетов в плоть до падения мира. Сейчас пытаюсь найти способы защиты, все никак не могу найти разбирающегося человека в шифровании и защиты от программ заменяющих байты

На самом деле, код который я скинул выше не защищает игру в полной мере, поскольку предназначен для обнаружения программ типа WPE Pro на стороне клиента. При некоторых знаниях пользователь может самостоятельно отключить такую защиту и продолжить пользоваться вредоносной программой. То есть, этот код просто отсеивает некоторую часть недобросовестных игроков. Выше я упоминал, что вся защита от недобросовестных игроков должна находиться только на стороне сервера. Например, можно шифровать сетевой трафик, помещать в него контрольные суммы пакетов, либо добавлять счетчик пакетов - все то, что позволит серверу "понять", что пакет был изменен пользователем и такой пакет не подлежит обработке.


Share this post


Link to post
Share on other sites
3 hours ago, gunnapong said:

I've compiled successfully, but I can't add it to game.exe. @V3ct0r

4.PNG

Add following lines:

// Dummy function for export to executable file (Game.exe/GameServer.exe/GateServer.exe)
__declspec(dllexport) void __cdecl ExportedFunction() {}

Before:

// Our entry point
int WINAPI DllEntryPoint(HINSTANCE hinst, unsigned long reason, void* lpReserved)

 


Share this post


Link to post
Share on other sites
On 16/5/2565 at 16 นาฬิกา 10 นาที, V3ct0r said:

เพิ่มบรรทัดต่อไปนี้:



 

ก่อน:



 

 

ฉันฉีดไฟล์ .dll เปิด WPE ทดสอบ และ game.exe ไม่ปิด @V3ct0r

Edited by gunnapong

Share this post


Link to post
Share on other sites

Hello @gunnapong,

 

Sorry, I don't understand your comment.


Share this post


Link to post
Share on other sites
5 hours ago, V3ct0r said:

Hello @gunnapong,

 

Sorry, I don't understand your comment.

it doesn't workI tried injecting the file I compiled.It doesn't work.Can't protect wpe.

Edited by gunnapong

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...