Page 2 of 7 FirstFirst 1234 ... LastLast
Results 16 to 30 of 97
  1. #16
    diemw34's Avatar
    Join Date
    Sep 2012
    Gender
    male
    Posts
    37
    Reputation
    10
    Thanks
    6
    I saw where this had been done in the past (with other games, same ac though), it was on a different bypass (tried it but it didnt work lol) so i know its possible to do, just need to work it out.... (i suck with coding so im not much help, sry lol)

  2. #17
    Jabberwock's Avatar
    Join Date
    Jun 2012
    Gender
    male
    Posts
    1,655
    Reputation
    191
    Thanks
    14,467
    My Mood
    Relaxed
    The normal injection is detected cause when injecting with LoadLibrary API the module get logged. Like Process Hacker application does.

    The only solution is to inject with a manual mapper.

    Or to make the AC somehow not detect the dll by hooking some of the functions it's using.
    Even familiar landscapes will
    reveal a different kind of beauty
    if you change your viewpoint.
    Where these new encounters
    and new bonds will lead you...
    Such dazzling golden days.
    I, too, look forward to
    what I might behold.

    Everything depends on you friend. Be strong don't give up. Don't let the sadness hurt you. Be strong and prevail!

  3. #18
    Lehsyrus's Avatar
    Join Date
    Aug 2009
    Gender
    male
    Location
    Jersey
    Posts
    10,899
    Reputation
    1281
    Thanks
    3,064
    Quote Originally Posted by Jabberwo0ck View Post
    The normal injection is detected cause when injecting with LoadLibrary API the module get logged. Like Process Hacker application does.

    The only solution is to inject with a manual mapper.

    Or to make the AC somehow not detect the dll by hooking some of the functions it's using.
    Now that I finally understand assembly registers I'll rip the AC apart and see if I can find te specific offsets for the functions that log te modules.

  4. #19
    Jabberwock's Avatar
    Join Date
    Jun 2012
    Gender
    male
    Posts
    1,655
    Reputation
    191
    Thanks
    14,467
    My Mood
    Relaxed
    It is the built in API = EnumProcessModules function (Windows)

    Unless they built something different so someone try to hook that function.
    Even familiar landscapes will
    reveal a different kind of beauty
    if you change your viewpoint.
    Where these new encounters
    and new bonds will lead you...
    Such dazzling golden days.
    I, too, look forward to
    what I might behold.

    Everything depends on you friend. Be strong don't give up. Don't let the sadness hurt you. Be strong and prevail!

  5. #20
    Lehsyrus's Avatar
    Join Date
    Aug 2009
    Gender
    male
    Location
    Jersey
    Posts
    10,899
    Reputation
    1281
    Thanks
    3,064
    Quote Originally Posted by Jabberwo0ck View Post
    It is the built in API = EnumProcessModules function (Windows)

    Unless they built something different so someone try to hook that function.
    You just saved me about 20 minute of work (considering everything I am doing is ASM related). I'll see what I can do.

  6. #21
    Buck88's Avatar
    Join Date
    Jul 2012
    Gender
    male
    Posts
    122
    Reputation
    10
    Thanks
    5
    Quote Originally Posted by Lehsyrus View Post


    You just saved me about 20 minute of work (considering everything I am doing is ASM related). I'll see what I can do.
    thanks i want to troll these kids

  7. #22
    Lehsyrus's Avatar
    Join Date
    Aug 2009
    Gender
    male
    Location
    Jersey
    Posts
    10,899
    Reputation
    1281
    Thanks
    3,064
    @Jabberwo0ck I believe what we need to do is hook that function to replace hprocess that HANDLE is pointing to, to a null process function. I'll need to check in to see what hprocess is in the API itself, to make sure it's hooking into XOGNCODE3. If it is, it possible that the function hprocess represents could be the portion of XIGNCODE3 that talks to the API in AVA itself, and I'd that's the case I should be able to simply change hprocess and that should cut the communications between them off completely. In just worried it will crash the client.

  8. #23
    abhishekv's Avatar
    Join Date
    Oct 2012
    Gender
    male
    Posts
    39
    Reputation
    10
    Thanks
    9
    My Mood
    Angelic
    im trying to to mask the crc check from 3 days and there has been no betterment's can anyone pls help me with this cause if i try to block the crc check it crashes ... im loosing patience and hope ..trust me i have busted punk buster and hackshelid pro this anti-cheat is way above them when it comes to kernel level hooking... damn those noobs who found it :@

  9. #24
    Lehsyrus's Avatar
    Join Date
    Aug 2009
    Gender
    male
    Location
    Jersey
    Posts
    10,899
    Reputation
    1281
    Thanks
    3,064
    You can not block a CRC check, that is what causes the game to crash. Basically, the CRC chek is a consistency check, it makes sure te AC is running and properly connected to the game. You have to spoof it, which is what I am working on myself. Shits hard.

  10. #25
    abhishekv's Avatar
    Join Date
    Oct 2012
    Gender
    male
    Posts
    39
    Reputation
    10
    Thanks
    9
    My Mood
    Angelic
    Quote Originally Posted by Lehsyrus View Post
    You can not block a CRC check, that is what causes the game to crash. Basically, the CRC chek is a consistency check, it makes sure te AC is running and properly connected to the game. You have to spoof it, which is what I am working on myself. Shits hard.
    exactly!!!.. @Lehsyrus please let me know if u have any ideas on spoofing it ...... moreover this anti-cheat is some serious shit man !!!

    ---------- Post added at 02:20 PM ---------- Previous post was at 02:15 PM ----------

    damn this fkin xsherlock.xem this processes is causing a serious amount of problem... how to bust this .. busting this = higher chances of bypassing...

  11. #26
    Lehsyrus's Avatar
    Join Date
    Aug 2009
    Gender
    male
    Location
    Jersey
    Posts
    10,899
    Reputation
    1281
    Thanks
    3,064
    Quote Originally Posted by abhishekv View Post
    exactly!!!.. @Lehsyrus please let me know if u have any ideas on spoofing it ...... moreover this anti-cheat is some serious shit man !!!

    ---------- Post added at 02:20 PM ---------- Previous post was at 02:15 PM ----------

    damn this fkin xsherlock.xem this processes is causing a serious amount of problem... how to bust this .. busting this = higher chances of bypassing...
    My idea was to mimic the function in AVA's API that the CRC check is addressed to, and vice versa. Basically to take the exact same function, though have the offsets that lead to AVA D/C'ing nulled. This way when the CRC check is activated, it still reads that it is connected to AVA properly, and returns that message to AVA itself, even though AVA is technically not connected to the AC.

  12. #27
    Artificial intelligence is no match for natural stupidity
    Premium Member
    Frought's Avatar
    Join Date
    Aug 2012
    Gender
    male
    Location
    In the dark island
    Posts
    3,402
    Reputation
    156
    Thanks
    5,950
    My Mood
    Cool
    Quote Originally Posted by Jabberwo0ck View Post
    The normal injection is detected cause when injecting with LoadLibrary API the module get logged. Like Process Hacker application does.

    The only solution is to inject with a manual mapper.

    Or to make the AC somehow not detect the dll by hooking some of the functions it's using.
    What is the manual mapper?

    I didn't get it , it will help the bypass thread.
    If the facts don't fit the theory, change the facts.
    Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning.
    Try not to become a man of success, but rather try to become a man of value.
    You have to learn the rules of the game. And then you have to play better than anyone else.

    -Albert Einstein



  13. #28
    Lehsyrus's Avatar
    Join Date
    Aug 2009
    Gender
    male
    Location
    Jersey
    Posts
    10,899
    Reputation
    1281
    Thanks
    3,064
    Quote Originally Posted by AeriaAVA View Post


    What is the manual mapper?

    I didn't get it , it will help the bypass thread.
    Manual mapping is when you manually hardcode the dll into the API without actually altering the internal code. Basically, you need to use specific hardware breakpoints to hook into the API itself, however you need to use the same ones that Anti-Virus programs use. You would need to code a polymorphic engine that inserts randomized NOP code in between the actual instructions for the injector/dll. This is what I'm working on st the moment, shit is difficult.

    Basically any tutorial by Darawk will be beneficial, though I can not post links as e is a member on a rival site. He has not posted in about a year though and his personal website has closed down.

  14. #29
    Jabberwock's Avatar
    Join Date
    Jun 2012
    Gender
    male
    Posts
    1,655
    Reputation
    191
    Thanks
    14,467
    My Mood
    Relaxed
    Quote Originally Posted by AeriaAVA View Post


    What is the manual mapper?

    I didn't get it , it will help the bypass thread.
    A manual mapper is a method to inject. For example instead of using the windows's built in API LoadLibrary, you build you own function so the AC wouldn't detect the dll. For example, Injector Gadget's cloak dll feature use his own function.

    Well I tried to use a manual mapper from one here on the forum and it gives me some crashes. So it's not completely good.
    Even familiar landscapes will
    reveal a different kind of beauty
    if you change your viewpoint.
    Where these new encounters
    and new bonds will lead you...
    Such dazzling golden days.
    I, too, look forward to
    what I might behold.

    Everything depends on you friend. Be strong don't give up. Don't let the sadness hurt you. Be strong and prevail!

  15. #30
    Lehsyrus's Avatar
    Join Date
    Aug 2009
    Gender
    male
    Location
    Jersey
    Posts
    10,899
    Reputation
    1281
    Thanks
    3,064
    Quote Originally Posted by Jabberwo0ck View Post


    A manual mapper is a method to inject. For example instead of using the windows's built in API LoadLibrary, you build you own function so the AC wouldn't detect the dll. For example, Injector Gadget's cloak dll feature use his own function.

    Well I tried to use a manual mapper from one here on the forum and it gives me some crashes. So it's not completely good.
    Let me see what I can come up with, I have Darawk's original injector code so I'll see if I can even get it to work. So far his explanations on how to implement manual mapping have been pretty good.

Page 2 of 7 FirstFirst 1234 ... LastLast

Similar Threads

  1. Hack Shield Analysis
    By Yepikiyay in forum HackShield
    Replies: 7
    Last Post: 11-03-2010, 02:52 AM
  2. Hacksheild Analysis
    By why06 in forum Combat Arms Hack Coding / Programming / Source Code
    Replies: 8
    Last Post: 03-03-2010, 12:43 AM
  3. [Help] Xingcode erro
    By ArthurAquino in forum Sudden Attack General
    Replies: 5
    Last Post: 03-02-2010, 08:22 AM
  4. Hacksheild Analysis WTF
    By why06 in forum Combat Arms Hack Coding / Programming / Source Code
    Replies: 20
    Last Post: 11-19-2009, 11:51 PM
  5. MPGH Content Analysis
    By arunforce in forum General
    Replies: 26
    Last Post: 04-14-2008, 05:48 PM