Tyrar

There wasn't any Pseudocode used.

Pseudocode is first: bad practice, second: harder to understand than Assembler.

Why do you think that's Pseudocode?

This code is found in Extern/YmirBase/AntiAccess.h!

Yes.

The first Extractor was made this way, someone copied the decryption and decompression code out of OllyDBG.

#include <YmirBase/AntiAccess.h>

...
EL_DenyProcessAccess();

You should call the Function as fast as possible. It's not very effective against Cheat Engine or OllyDBG, but a few injectors won't work anymore.

I've found a File (AntiAccess.h) in Extern/include/YmirBase and I was wondering whats inside.

It's content is pretty small and simple, the following Function will disable every write access to the current process.

Of course it's not all you have to do for a fully working protection, but i thought this Function in addition with another good anti cheat will work very good.

BOOL EL_FORCEINLINE EL_DenyProcessAccess( void )
{
	BYTE	abyBuffer[0x200];
	PACL	pACL;
	SID_IDENTIFIER_AUTHORITY stIdentifierAuthority = SECURITY_WORLD_SID_AUTHORITY;
	PSID pSid = NULL;
	BOOL bRet = FALSE;
	DWORD dwSize = 0;
	HANDLE hToken = NULL;
	HANDLE hProcess = ::GetCurrentProcess();
	PTOKEN_USER pUserInfo = NULL;

 	if( ::AllocateAndInitializeSid( &stIdentifierAuthority, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pSid ) == FALSE )
		goto Cleanup;
	if( ::OpenProcessToken( hProcess, TOKEN_QUERY, &hToken ) == FALSE )
		goto Cleanup;
	::GetTokenInformation( hToken, TokenUser, NULL, NULL, &dwSize );
	if( dwSize > 1024 )
		goto Cleanup;
	pUserInfo = (PTOKEN_USER) ::GlobalAlloc( GPTR, dwSize );
	if( pUserInfo == NULL )
		goto Cleanup;
	if( ::GetTokenInformation( hToken, TokenUser, pUserInfo, dwSize, &dwSize ) == FALSE )
		goto Cleanup;
	pACL = (PACL) &abyBuffer;
	if( ::InitializeAcl( pACL, 0x200, ACL_REVISION ) == FALSE )
		goto Cleanup;
	// Deny except PROCESS_TERMINATE and PROCESS_SET_SESSIONID
	if( ::AddAccessDeniedAce( pACL, ACL_REVISION, PROCESS_CREATE_PROCESS | PROCESS_DUP_HANDLE | PROCESS_VM_WRITE | PROCESS_VM_READ | PROCESS_VM_OPERATION | PROCESS_CREATE_THREAD, pSid ) == FALSE )
		goto Cleanup;
	// Allow SYNCHRONIZE, PROCESS_QUERY_INFORMATION, PROCESS_SET_INFORMATION, PROCESS_SET_QUOTA and PROCESS_TERMINATE
	if( ::AddAccessAllowedAce( pACL, ACL_REVISION, SYNCHRONIZE | PROCESS_QUERY_INFORMATION | PROCESS_SET_INFORMATION | PROCESS_SET_QUOTA | PROCESS_TERMINATE, pUserInfo->User.Sid ) == FALSE )
		goto Cleanup;
	if( ::SetSecurityInfo( hProcess, SE_KERNEL_OBJECT, PROTECTED_DACL_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, 0, 0, pACL, 0 ) != ERROR_SUCCESS )
		goto Cleanup;
	bRet = TRUE;
Cleanup:
	if ( hToken )
		::CloseHandle( hToken );
	if ( pSid )
		::FreeSid( pSid );
	return bRet;
}

Existing mismatch errors won't be fixed by using this.

You have to apply dif files on both (unpacked) files.

There is no offset used to finde the sequence table, the tool will automatically search for the default table!

You can change the sequence.cpp but i would not recommend that. My tool will generate a FULLY NEW sequence table.