Page 1 of 2 12 LastLast
Results 1 to 15 of 25
  1. #1
    I'm not lazy, I just really enjoy doing nothing.
    Donator
    _PuRe.LucK*'s Avatar
    Join Date
    Apr 2013
    Gender
    male
    Location
    idk bruh.
    Posts
    521
    Reputation
    71
    Thanks
    5,188
    My Mood
    Bored

    A Way To Bypass Hackshield [NEW FOR THIS SECTION]

    Hey MPGH

    First I will explain you why I wasn't on my account for 4/5 months.
    It was hacked and I wasn't able to reset password... But then, suddenly my account was there with my old account data...
    So now I'm back

    This here will be my welcome present^^
    So please enjoy

    So we stay at the project...

    1. The Theory

    When you can hook with 0xE9 or whatever... You can hook with this, with GetProcAddress() and memcpy(), detours, and MANY more....
    Then the first thing is you suspend AVA.exe and open the debugger(I use the CheatEngine debugger).
    After that you must know which APIs the process CAN hook to do some detection of as example cheat engine or any debugger...
    For the detection of a process you can use the K32EnumProcess API... This is API lists an array of processes and looks for blacklist programs.
    And for debugger detection the most hackshields uses IsDebuggerPresent. This is the standard debugger detection API. It returns true or false(bool). So you hook all of these APIs that could be dangerous for Cheat engine and our hack ...
    In C++ you can do this with memcpy() and the opcodes!
    So that's the basic way to bypass a hackshield by hooking.

    2. How to do this?!

    That's not very hard when you got knowledge of any programming language like C++ and the advanced windows APIs and you must have knowledge with any debugger(I use Cheat Engine) and the standard mnemonics. So first you open Cheat Engine and set it up for debugging services...
    Then you suspend your process with the hackshield including and open it in cheat engine. Open the memory viewer(Ctrl+B). Rightclick on the panel and choose go to address: there you gonna type the bad API you want to hook. Try "IsDebuggerPresent". You see that this function is a function of the kernel32 library. Now you just get the address in our C++ project (dll) with GetProcAddress() and then you can overwrite it. Then you can search K32EnumProcesses as example and hook this, too. For a few games this is enough. You can hook many more APIs to prevent the detection.

    3. The test

    This method works on all games when you hook the right things AND you hook right.
    I did not tested it on AVA but I tested this on a game called "S4League" and it worked.

    4. The bye bye ^^

    Hope you enjoyed my tutorial.
    When you want more tutorials from me, you can click the thanks button.

    Bye



    1 Tip:

    When your working on x32 bit and you can't see game processes/modules with hackshield then you could hook the API
    NtQuerySystemInformation... Only a tip
    Last edited by Hunter; 02-02-2016 at 09:56 AM.

  2. The Following 3 Users Say Thank You to _PuRe.LucK* For This Useful Post:

    EdoppelR (12-09-2013),MarvLie (12-14-2013),thezzari (01-03-2014)

  3. #2
    celvin's Avatar
    Join Date
    Dec 2013
    Gender
    male
    Posts
    4
    Reputation
    10
    Thanks
    0
    My Mood
    Aggressive
    teach me shifu ) i am beginer

  4. #3
    MarvLie's Avatar
    Join Date
    Jun 2012
    Gender
    female
    Posts
    494
    Reputation
    16
    Thanks
    1,303
    My Mood
    Tired
    Quote Originally Posted by Nik0815 View Post
    Hey MPGH

    First I will explain you why I wasn't on my account for 4/5 months.
    It was hacked and I wasn't able to reset password... But then, suddenly my account was there with my old account data...
    So now I'm back

    This here will be my welcome present^^
    So please enjoy

    So we stay at the project...

    1. The Theory

    When you can hook with 0xE9 or whatever... You can hook with this, with GetProcAddress() and memcpy(), detours, and MANY more....
    Then the first thing is you suspend AVA.exe and open the debugger(I use the CheatEngine debugger).
    After that you must know which APIs the process CAN hook to do some detection of as example cheat engine or any debugger...
    For the detection of a process you can use the K32EnumProcess API... This is API lists an array of processes and looks for blacklist programs.
    And for debugger detection the most hackshields uses IsDebuggerPresent. This is the standard debugger detection API. It returns true or false(bool). So you hook all of these APIs that could be dangerous for Cheat engine and our hack ...
    In C++ you can do this with memcpy() and the opcodes!
    So that's the basic way to bypass a hackshield by hooking.

    2. How to do this?!

    That's not very hard when you got knowledge of any programming language like C++ and the advanced windows APIs and you must have knowledge with any debugger(I use Cheat Engine) and the standard mnemonics. So first you open Cheat Engine and set it up for debugging services...
    Then you suspend your process with the hackshield including and open it in cheat engine. Open the memory viewer(Ctrl+B). Rightclick on the panel and choose go to address: there you gonna type the bad API you want to hook. Try "IsDebuggerPresent". You see that this function is a function of the kernel32 library. Now you just get the address in our C++ project (dll) with GetProcAddress() and then you can overwrite it. Then you can search K32EnumProcesses as example and hook this, too. For a few games this is enough. You can hook many more APIs to prevent the detection.

    3. The test

    This method works on all games when you hook the right things AND you hook right.
    I did not tested it on AVA but I tested this on a game called "S4League" and it worked.

    4. The bye bye ^^

    Hope you enjoyed my tutorial.
    When you want more tutorials from me, you can click the thanks button.

    Bye



    1 Tip:

    When your working on x32 bit and you can't see game processes/modules with hackshield then you could hook the API
    NtQuerySystemInformation... Only a tip
    you're a genius thanx for this idea

  5. #4
    Threadstarter
    I'm not lazy, I just really enjoy doing nothing.
    Donator
    _PuRe.LucK*'s Avatar
    Join Date
    Apr 2013
    Gender
    male
    Location
    idk bruh.
    Posts
    521
    Reputation
    71
    Thanks
    5,188
    My Mood
    Bored
    Quote Originally Posted by MarvLie View Post
    you're a genius thanx for this idea
    NP! You are welcome!

  6. #5
    Unknown's Avatar
    Join Date
    Oct 2013
    Gender
    male
    Location
    Classified
    Posts
    1,055
    Reputation
    396
    Thanks
    334
    My Mood
    Mellow
    Someone give this guy a cookie!

    * Unknown *

  7. #6
    ccman32's Avatar
    Join Date
    Oct 2010
    Gender
    male
    Location
    Germany
    Posts
    1,266
    Reputation
    325
    Thanks
    21,619
    My Mood
    Devilish
    Wtf?
    1.) AVA does not even use HackShield or whatever you mean.
    2.) Anti Cheats are completely different from game to game.
    3.) Afaik S4 League has XCrap as Anti Cheat.
    4.) This is EXTREMELY general and not especially related to AVA in any way.

    Thx anyway -.-
    Last edited by ccman32; 12-16-2013 at 10:39 AM.

  8. The Following 2 Users Say Thank You to ccman32 For This Useful Post:

    Berliner19962 (01-09-2014),Elidonn (12-16-2013)

  9. #7
    COD3RIN's Avatar
    Join Date
    May 2013
    Gender
    male
    Location
    Posts
    4,942
    Reputation
    315
    Thanks
    22,161
    My Mood
    Busy
    Awesome info dude


    Love you.
    ~Kenshit13
    Quote Originally Posted by cheaterman26 View Post
    COD3RIN PUT A BACKDOOR ON HIS OWN CHEAT HE HACK MY COMPUTER AND MY STEAM, DON'T TRUST THIS GUYS !

  10. #8
    Threadstarter
    I'm not lazy, I just really enjoy doing nothing.
    Donator
    _PuRe.LucK*'s Avatar
    Join Date
    Apr 2013
    Gender
    male
    Location
    idk bruh.
    Posts
    521
    Reputation
    71
    Thanks
    5,188
    My Mood
    Bored
    Quote Originally Posted by COD3RIN View Post
    Awesome info dude
    Np, You're welcome!

  11. #9
    aaron2z's Avatar
    Join Date
    Dec 2012
    Gender
    male
    Location
    United States
    Posts
    8
    Reputation
    10
    Thanks
    3
    My Mood
    Twisted
    The K32EnumProcess might make this work, but otherwise I really don't see this method working. This is because AVA runs a live detection while the game is running "xhunter1" and even though we all have disabled it, it has been discovered that it's still running in the background hidden but cannot be seen by Process Hacker 2. I personally did not discover this but the person that did was running a Win8.1 x64 machine. But AVA doesn't use HackShield, they use XIGNCODE, so this K32EnumProcess might work for whatever games use hackshield but if it doesn't detect the hidden process from xigncode then it will still be detected. I'm currently working on a aimbot i hope to release here soon, but my problem is it keeps getting detected. So give me a bit to play with this theory and try it out and if it works out then I will love you and report back here.

  12. #10
    joyrobert's Avatar
    Join Date
    Oct 2012
    Gender
    male
    Location
    Romania , Bacau
    Posts
    118
    Reputation
    10
    Thanks
    16
    My Mood
    Aggressive
    k gl. end Good Work.

  13. #11
    joyrobert's Avatar
    Join Date
    Oct 2012
    Gender
    male
    Location
    Romania , Bacau
    Posts
    118
    Reputation
    10
    Thanks
    16
    My Mood
    Aggressive
    Broo cent u make a hack with Skip round and box adder with number.? Thx. And 1 question At wath arre u working now. 1 morre , your gona post something in this year? 2014 ?

  14. #12
    Threadstarter
    I'm not lazy, I just really enjoy doing nothing.
    Donator
    _PuRe.LucK*'s Avatar
    Join Date
    Apr 2013
    Gender
    male
    Location
    idk bruh.
    Posts
    521
    Reputation
    71
    Thanks
    5,188
    My Mood
    Bored
    Quote Originally Posted by aaron2z View Post
    The K32EnumProcess might make this work, but otherwise I really don't see this method working. This is because AVA runs a live detection while the game is running "xhunter1" and even though we all have disabled it, it has been discovered that it's still running in the background hidden but cannot be seen by Process Hacker 2. I personally did not discover this but the person that did was running a Win8.1 x64 machine. But AVA doesn't use HackShield, they use XIGNCODE, so this K32EnumProcess might work for whatever games use hackshield but if it doesn't detect the hidden process from xigncode then it will still be detected. I'm currently working on a aimbot i hope to release here soon, but my problem is it keeps getting detected. So give me a bit to play with this theory and try it out and if it works out then I will love you and report back here.
    Yeah disable xhunter1 with process hacker or a better way would be:
    Make a DLL and in it you just rename the driver to xhunter13 or whatever
    (wmemcpy)

  15. #13
    zZzeta/S's Avatar
    Join Date
    Apr 2012
    Gender
    male
    Location
    Germany
    Posts
    1,061
    Reputation
    43
    Thanks
    2,082
    Quote Originally Posted by NIK! View Post
    Quote Originally Posted by aaron2z View Post
    The K32EnumProcess might make this work, but otherwise I really don't see this method working. This is because AVA runs a live detection while the game is running "xhunter1" and even though we all have disabled it, it has been discovered that it's still running in the background hidden but cannot be seen by Process Hacker 2. I personally did not discover this but the person that did was running a Win8.1 x64 machine. But AVA doesn't use HackShield, they use XIGNCODE, so this K32EnumProcess might work for whatever games use hackshield but if it doesn't detect the hidden process from xigncode then it will still be detected. I'm currently working on a aimbot i hope to release here soon, but my problem is it keeps getting detected. So give me a bit to play with this theory and try it out and if it works out then I will love you and report back here.
    Yeah disable xhunter1 with process hacker or a better way would be:
    Make a DLL and in it you just rename the driver to xhunter13 or whatever
    (wmemcpy)
    Bullshit. The driver gets downloadedbat runtime, mappes into C:\, loaded
    and removed. The best way would be to hook the communication between the x3 Module and the Driver
    Quote Originally Posted by Jabberwo0ck View Post
    Quote Originally Posted by uNrEaL View Post
    Cool, thanks!
    Ccman has gone too low. I've known for a long time he was sneaky.
    >top lel much crack many get so download wow

  16. The Following User Says Thank You to zZzeta/S For This Useful Post:

    oXParadoxXo (01-09-2014)

  17. #14
    Jabberwock's Avatar
    Join Date
    Jun 2012
    Gender
    male
    Posts
    1,655
    Reputation
    191
    Thanks
    14,466
    My Mood
    Relaxed
    Quote Originally Posted by zZzeta/S View Post


    Bullshit. The driver gets downloadedbat runtime, mappes into C:\, loaded
    and removed. The best way would be to hook the communication between the x3 Module and the Driver
    Ah... Nice.

  18. #15
    zZzeta/S's Avatar
    Join Date
    Apr 2012
    Gender
    male
    Location
    Germany
    Posts
    1,061
    Reputation
    43
    Thanks
    2,082
    Quote Originally Posted by Jabberwo0ck View Post


    Ah... Nice.
    Explain yourself Jab

Page 1 of 2 12 LastLast

Similar Threads

  1. Another way to bypass Hackshield
    By celtixx in forum Vindictus Tutorials
    Replies: 15
    Last Post: 02-29-2012, 09:48 AM
  2. [Help] Finding ways to "bypass" hackshield or anti-cheats*
    By kevinbizzi in forum Combat Arms Hack Coding / Programming / Source Code
    Replies: 14
    Last Post: 01-18-2011, 08:31 PM
  3. If you want a moderator for this section...
    By arunforce in forum Combat Arms Europe Hacks
    Replies: 42
    Last Post: 03-01-2009, 02:50 PM
  4. Any Moderators For This Section?
    By Cataldo in forum WarRock Korea Hacks
    Replies: 31
    Last Post: 05-24-2007, 09:27 AM