Page 7 of 7 FirstFirst ... 567
Results 91 to 97 of 97
  1. #91
    ~FALLEN~'s Avatar
    Join Date
    May 2009
    Gender
    male
    Location
    devenv.exe
    Posts
    529
    Reputation
    23
    Thanks
    326
    My Mood
    Inspired
    Quote Originally Posted by FantaWauWau View Post
    Ok I don´t know much things about the kernel mode, but now I know it Thx

    And Injection is good and maybe faster than External, but External is harder to detect.

    Sorry for bad english :/
    It's okay, and externals are just as easy to detect as not external cheats.

  2. #92
    FantaWauWau's Avatar
    Join Date
    Oct 2012
    Gender
    male
    Location
    Germany
    Posts
    5
    Reputation
    10
    Thanks
    0
    Quote Originally Posted by ~FALLEN~ View Post
    It's okay, and externals are just as easy to detect as not external cheats.
    Mhhh ok in other forums and on other websites, some people said that their cheats never got detected, because they are external

  3. #93
    Jabberwock's Avatar
    Join Date
    Jun 2012
    Gender
    male
    Posts
    1,655
    Reputation
    191
    Thanks
    14,465
    My Mood
    Relaxed
    Well it doesn't matter. Because right now both internal and external cheats are working on the game.
    But there are advantages to internal cheats that don't exist on external ones; It takes less resources to change the game's memory and less lag.
    And there are hooks that only work on internal.
    Even familiar landscapes will
    reveal a different kind of beauty
    if you change your viewpoint.
    Where these new encounters
    and new bonds will lead you...
    Such dazzling golden days.
    I, too, look forward to
    what I might behold.

    Everything depends on you friend. Be strong don't give up. Don't let the sadness hurt you. Be strong and prevail!

  4. The Following User Says Thank You to Jabberwock For This Useful Post:

    FantaWauWau (01-06-2013)

  5. #94
    FantaWauWau's Avatar
    Join Date
    Oct 2012
    Gender
    male
    Location
    Germany
    Posts
    5
    Reputation
    10
    Thanks
    0
    Quote Originally Posted by Jabberwo0ck View Post
    Well it doesn't matter. Because right now both internal and external cheats are working on the game.
    But there are advantages to internal cheats that don't exist on external ones; It takes less resources to change the game's memory and less lag.
    And there are hooks that only work on internal.
    ok thats right

  6. #95
    uNrEaL's Avatar
    Join Date
    Dec 2007
    Gender
    male
    Posts
    16
    Reputation
    15
    Thanks
    17
    Hi,

    I just wanted to say thanks for the laughs, of few of your are so off-base with this that it's not even funny.

    However, to contribute something useful:

    The anti-cheat has levels that you all haven't even encountered yet. Sure, they do work in the kernel, and that's always a pain to deal with. But, if you code efficiently, you won't have to touch anything in ring0, you can let them operate correctly without having any problems with detection. There are no CRC checks to bypass, no APIs to worry about (so long as your module doesn't show in the PEB/TEB linked module list).

    Their only real issue, from what I personally have had to contend with, on a few occurrences, is their ability to nail your injecting process. Quite honestly, if you're using a common packer, or anything that implements a static, and easily identifiable signature into your module as protection, you're leaving yourself very susceptible to their scans.

    Now, I haven't even begun to tear into the anti-cheat, it hasn't really been necessary. But, from what I gather (and can actually prove this, if someone really wants to challenge me on it), is that they're iterating all processes (not even enuming them, they're literally looping from 0 to 65536 and attempting to OpenProcess on all PIDs. If the call is successful, they hold a handle to it, and ReadProcessMemory (yes, using the ring3 API), to compare data. Where they're doing this from will surprise you.

    Let their anti-cheat function, simply evade. If you hide well enough, they'll never find you.

    Anyway, that's all I'm going to share for now, just a few quick thoughts. But again, this thread was an interesting laugh, and to my user who pointed me here, I thank you for the entertainment.

    Cheers,
    uNrEaL

  7. The Following 5 Users Say Thank You to uNrEaL For This Useful Post:

    AVA PlaYe (01-17-2013),InsanityInLife (01-17-2013),Jabberwock (01-14-2013),zZzeta/S (01-13-2013),~FALLEN~ (01-10-2013)

  8. #96
    HaiImBob's Avatar
    Join Date
    Jul 2012
    Gender
    male
    Posts
    197
    Reputation
    10
    Thanks
    9
    Quote Originally Posted by uNrEaL View Post
    Hi,

    I just wanted to say thanks for the laughs, of few of your are so off-base with this that it's not even funny.

    However, to contribute something useful:

    The anti-cheat has levels that you all haven't even encountered yet. Sure, they do work in the kernel, and that's always a pain to deal with. But, if you code efficiently, you won't have to touch anything in ring0, you can let them operate correctly without having any problems with detection. There are no CRC checks to bypass, no APIs to worry about (so long as your module doesn't show in the PEB/TEB linked module list).

    Their only real issue, from what I personally have had to contend with, on a few occurrences, is their ability to nail your injecting process. Quite honestly, if you're using a common packer, or anything that implements a static, and easily identifiable signature into your module as protection, you're leaving yourself very susceptible to their scans.

    Now, I haven't even begun to tear into the anti-cheat, it hasn't really been necessary. But, from what I gather (and can actually prove this, if someone really wants to challenge me on it), is that they're iterating all processes (not even enuming them, they're literally looping from 0 to 65536 and attempting to OpenProcess on all PIDs. If the call is successful, they hold a handle to it, and ReadProcessMemory (yes, using the ring3 API), to compare data. Where they're doing this from will surprise you.

    Let their anti-cheat function, simply evade. If you hide well enough, they'll never find you.

    Anyway, that's all I'm going to share for now, just a few quick thoughts. But again, this thread was an interesting laugh, and to my user who pointed me here, I thank you for the entertainment.

    Cheers,
    uNrEaL
    A real hacker/knowledgeable person on mpgh right here. UnReal atleast knows his shit.

  9. The Following 2 Users Say Thank You to HaiImBob For This Useful Post:

    Jabberwock (01-14-2013),~FALLEN~ (01-10-2013)

  10. #97
    ~FALLEN~'s Avatar
    Join Date
    May 2009
    Gender
    male
    Location
    devenv.exe
    Posts
    529
    Reputation
    23
    Thanks
    326
    My Mood
    Inspired
    Quote Originally Posted by uNrEaL View Post
    Hi,

    I just wanted to say thanks for the laughs, of few of your are so off-base with this that it's not even funny.

    However, to contribute something useful:

    The anti-cheat has levels that you all haven't even encountered yet. Sure, they do work in the kernel, and that's always a pain to deal with. But, if you code efficiently, you won't have to touch anything in ring0, you can let them operate correctly without having any problems with detection. There are no CRC checks to bypass, no APIs to worry about (so long as your module doesn't show in the PEB/TEB linked module list).

    Their only real issue, from what I personally have had to contend with, on a few occurrences, is their ability to nail your injecting process. Quite honestly, if you're using a common packer, or anything that implements a static, and easily identifiable signature into your module as protection, you're leaving yourself very susceptible to their scans.

    Now, I haven't even begun to tear into the anti-cheat, it hasn't really been necessary. But, from what I gather (and can actually prove this, if someone really wants to challenge me on it), is that they're iterating all processes (not even enuming them, they're literally looping from 0 to 65536 and attempting to OpenProcess on all PIDs. If the call is successful, they hold a handle to it, and ReadProcessMemory (yes, using the ring3 API), to compare data. Where they're doing this from will surprise you.

    Let their anti-cheat function, simply evade. If you hide well enough, they'll never find you.

    Anyway, that's all I'm going to share for now, just a few quick thoughts. But again, this thread was an interesting laugh, and to my user who pointed me here, I thank you for the entertainment.

    Cheers,
    uNrEaL
    Hey uNrEaL, didn't know you were still active. Nice to see you around =) To add onto this they have hooks in the ssdt and ssdts. A few of them that I know of are : GetAsyncKeyState, CreateFont( if it was ported from other versions, the version SANA uses does this ), I believe OpenProcess ? @uNrEaL tbh once you figure out XignCode, it's kind of a joke isn't it? I think they were better off with GameGuard as their anticheat lolz =)

Page 7 of 7 FirstFirst ... 567

Similar Threads

  1. Hack Shield Analysis
    By Yepikiyay in forum HackShield
    Replies: 7
    Last Post: 11-03-2010, 02:52 AM
  2. Hacksheild Analysis
    By why06 in forum Combat Arms Hack Coding / Programming / Source Code
    Replies: 8
    Last Post: 03-03-2010, 12:43 AM
  3. [Help] Xingcode erro
    By ArthurAquino in forum Sudden Attack General
    Replies: 5
    Last Post: 03-02-2010, 08:22 AM
  4. Hacksheild Analysis WTF
    By why06 in forum Combat Arms Hack Coding / Programming / Source Code
    Replies: 20
    Last Post: 11-19-2009, 11:51 PM
  5. MPGH Content Analysis
    By arunforce in forum General
    Replies: 26
    Last Post: 04-14-2008, 05:48 PM