TryCheatMe/Main.cpp at main · clarity-start/TryCheatMe · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#include <Windows.h>
#include <iostream>
typedef HMODULE(WINAPI* tLoadLibraryA)(LPCSTR);
tLoadLibraryA OriginalLoadLibraryA = nullptr;

HMODULE WINAPI HookedLoadLibraryA(LPCSTR lpLibFileName)
{
    std::cout << "[BLOCK DLL] " << lpLibFileName<< std::endl;
    return NULL;
}
bool IsRunningAsAdmin() {
    BOOL isAdmin = FALSE;
    PSID adminGroup = NULL;

    SID_IDENTIFIER_AUTHORITY ntAuthority = SECURITY_NT_AUTHORITY;
    if (AllocateAndInitializeSid(&ntAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID,
        DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &adminGroup)) {
        if (!CheckTokenMembership(NULL, adminGroup, &isAdmin)) {
            isAdmin = FALSE;
        }
        FreeSid(adminGroup);
    }
    return isAdmin == TRUE;
}
int GetAdmin() {
    if (IsRunningAsAdmin()) {
        return 0;
    }
    char path[MAX_PATH];
    GetModuleFileNameA(NULL, path, MAX_PATH);

    SHELLEXECUTEINFOA sei = { sizeof(sei) };
    sei.lpVerb = "runas";
    sei.lpFile = path;
    sei.lpParameters = "";
    sei.hwnd = NULL;
    sei.nShow = SW_NORMAL;

    if (ShellExecuteExA(&sei)) {
        ExitProcess(0);
        return 0;
    }
    else {
        MessageBoxA(NULL, "You've revoked admin rights, which means the protection will be weaker", "Info", MB_OK | MB_ICONINFORMATION);
        return -1;
    }
}
int main()
{
    GetAdmin();
    int Money = 100;
    int* pMoney = &Money;
    std::cout << "Welcome to TryCheatMe\n";
	  std::cout << "In this challenge you will need to embed a DLL into the program or replace a number, but this is difficult\n";
    std::cout << "Pointer Money: " << pMoney << std::endl;

    while (true) {
        std::cout << "You now have Money: " << Money << " Prest Enter for show money" << std::endl;
        std::cin.get();
    }
    return 0;
}