Page 2 of 2 FirstFirst 12
Results 16 to 21 of 21
  1. #16
    Void's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Location
    Inline.
    Posts
    3,193
    Reputation
    205
    Thanks
    1,438
    My Mood
    Mellow
    Quote Originally Posted by Departure View Post
    Undetected injection has nothing to with changing the hash or CRC32 of loaded mapped image which is the reason I bring this up in the first place as I hear people saying that they changed the filename of the dll and it was magically undetected( Personally don't believe this) but I can maybe believe that they use some hashing procedure to get a sum of any attached images to its processes, Which also has been said from the replys changing a single byte has helped them make there hacks undetected again, Also makes no logical sense to use packer as the code is unpacked into memory which would make this useless, but yet people still do... So its only common sense they must be scanning and hashing memory if what others say is true.

    As for the "Undetectable" injection method, This doesn't mean your hack is undetectable, This only means I use a method which has no documentation of its API in use with creating a remote thread, Which means games that hooks "CreateRemoteThread" API wont detect this method as it doesn't use this API. Also what must be noted is the D-Jector is not tied to only combat arms and therefore adding these option can and will be useful for other games.
    No matter how you do it, the processor will execute what you give it, as long as the instruction pointer where HS hooked is pointing to a module it doesn't recognize, it's going to be detected. That's all I'm saying.

  2. #17
    Departure's Avatar
    Join Date
    Nov 2010
    Gender
    male
    Posts
    818
    Reputation
    125
    Thanks
    1,785
    My Mood
    Doh
    Quote Originally Posted by Void View Post
    No matter how you do it, the processor will execute what you give it, as long as the instruction pointer where HS hooked is pointing to a module it doesn't recognize, it's going to be detected. That's all I'm saying.
    I agree with what you say, And this it self is a whole different topic, I only have one problem with this theory... How is it that ever since I have been on this forum the "programmers" are all hooking DirectX function to over come this but yet they still get detected, Doesn't matter if you changed x amount of lines in your hooking method it still hooking a directx function, and still is getting detected after awhile, So with that in mind how come its possible to change a couple of lines yet use the same Directx function and its suddenly undetected, If what you said is 100% true then it makes no sense that the same Hooked Directx function can be undetected after a few byte changes. Why is it detected in the first place? the directx function is a module that it recognize and therefor should not be detected.

    Conclusion, CA uses more than just this to detect if user is hacking or not. I also believe Nexon would not be so stupid to depended on hack shield it self as its only form of protection, Hence the reason for changing image size and hash of dll

  3. #18
    Void's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Location
    Inline.
    Posts
    3,193
    Reputation
    205
    Thanks
    1,438
    My Mood
    Mellow
    Quote Originally Posted by Departure View Post
    I agree with what you say, And this it self is a whole different topic, I only have one problem with this theory... How is it that ever since I have been on this forum the "programmers" are all hooking DirectX function to over come this but yet they still get detected, Doesn't matter if you changed x amount of lines in your hooking method it still hooking a directx function, and still is getting detected after awhile, So with that in mind how come its possible to change a couple of lines yet use the same Directx function and its suddenly undetected, If what you said is 100% true then it makes no sense that the same Hooked Directx function can be undetected after a few byte changes. Why is it detected in the first place? the directx function is a module that it recognize and therefor should not be detected.

    Conclusion, CA uses more than just this to detect if user is hacking or not. I also believe Nexon would not be so stupid to depended on hack shield it self as its only form of protection, Hence the reason for changing image size and hash of dll
    There are other ways of hooking, an easy way to defeat HS ( assuming it works the way I said it to be ) would be either a mid function hook, this way the return address stays the same, or calling the instruction that calls the function you are hooking.

    I.E: 0x10001000 - CALL d3d9.dll.Whatever // hook this

    I have no idea how people are hooking this, I don't see people releasing their hooks here so idk. But afaik, checking the instruction pointer on return is probably the easiest way for an anti cheat to detect cheating..

  4. #19
    Departure's Avatar
    Join Date
    Nov 2010
    Gender
    male
    Posts
    818
    Reputation
    125
    Thanks
    1,785
    My Mood
    Doh
    Yeap those methods you said is what I thought hooking was in terms of hooking a directX function, I personally don't use Device Pointers ect... as I only make simple hotkey hacks without menus, So I just code hook the actual DirectX function I intend to use. I still dont understand why others get there hooks detected, And I do agree with with you say because the simple code hook I use has never been detected so far, and I have used this since end of last year, I Also have a backup hooking procedure if and when this does get detected, But if your correct it should never get detected, Only way I can think of with my hack getting detected it by PTC methods/addresses getting scanned or changed. So lets say Nexon do only rely on HS, Why hasn't anyone made a proxie Dll and hook the functions of HS? this would eliminate HS completely from detecting anything.

    P.s thanks for you input its greatly appreciated.

  5. #20
    Void's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Location
    Inline.
    Posts
    3,193
    Reputation
    205
    Thanks
    1,438
    My Mood
    Mellow
    Quote Originally Posted by Departure View Post
    Yeap those methods you said is what I thought hooking was in terms of hooking a directX function, I personally don't use Device Pointers ect... as I only make simple hotkey hacks without menus, So I just code hook the actual DirectX function I intend to use. I still dont understand why others get there hooks detected, And I do agree with with you say because the simple code hook I use has never been detected so far, and I have used this since end of last year, I Also have a backup hooking procedure if and when this does get detected, But if your correct it should never get detected, Only way I can think of with my hack getting detected it by PTC methods/addresses getting scanned or changed. So lets say Nexon do only rely on HS, Why hasn't anyone made a proxie Dll and hook the functions of HS? this would eliminate HS completely from detecting anything.

    P.s thanks for you input its greatly appreciated.
    Because bypasses aren't easy to make.

    Btw, there are other ways HS detects hooks, earlier, people were hooking DX functions by replacing the address on the virtual table. They fixed that by having a separate table that they were using to compare the real one to.

    In all of what I'm saying.. I'm just trying to tell you that there are tons of ways your shit can get detected, and nothing will stay undetected forever, I'm sure of that.

  6. #21
    Departure's Avatar
    Join Date
    Nov 2010
    Gender
    male
    Posts
    818
    Reputation
    125
    Thanks
    1,785
    My Mood
    Doh
    //Edit

    Removed
    Last edited by Departure; 02-22-2011 at 02:50 AM.

Page 2 of 2 FirstFirst 12