Something similar happent to me before well i made a couple sources for Blackops and mw2 and were crashing everytime wich made me depressed since i checked my code 100 times and everything was perfect i even tried bypassing stuff and nothing worked packers injectors even different sources from other peoples o: (SAD) and yeah nothing helped and the problem for me was visualstudio2010 compiler idk why i compiled my source with 2008 version and it worked ^^ that saved me from quiting hacking
Start by injecting a empty dll into the process, if this does not dc you then add creation of a thread in your dll, then if this still does not DC you then add pert of your detour but don't initialize it.. then add the rest of your detour, finally initialize your detour if it does not DC then then add bit by bit back to your dll until you get a disconnection, Only problem using this method is detection are not always just one thing, It could be a multiple of things that make a detection, just like an antivirus works, Antivirus wont detect API creatremotethread for example and wont detect CreateFile for example... but when both APIs are in the same process the antivirus would detect it.
There seems to be a very big misconception about packing the exe. You guys do realize what packing an exe is right? because for those who know what packing is they would also know the original bytes are in memory once unpacked by the stub(which means there is no difference in memory), this about double packing and crap is a load of shit. Its the same bytes being placed into memory if you pack it or not. The only thing that going to make slightly different is a "Protector" which will have stolen bytes and only call the bytes as needed in memory and not the whole thing.
Start by injecting a empty dll into the process, if this does not dc you then add creation of a thread in your dll...
Not sure who this guy is, but who ever he is. He's absolutely right.
The first step is to isolate the problem. I'm fairly certain its the detour, trying new bases are not going to help if the fundamental hooking is done the same way if that's what is being detected.
Secondly what he said about packing is true as well. I've disassembled a lot of code, though I may not be particularly good at unpacking the newer stuff, I can tell you anti-cheats are detecting the actual hooks and procedures used, packing will not help. packers, must by definition unpack themselves into the same or very similar binary image at runtime, which is one of the reasons dumping works so easily. Unless your "packer" uses vm's in which case it is more likely a "protector" there will be little difference, and even then the vm must call those same libraries that are probably being monitored by anti-cheats.
The good thing is there is a million and one ways to hook something, exceptions, detours, debugging, shimming and even then there are many different levels those functions can be hooked on.
Last edited by why06; 04-13-2011 at 06:15 PM.
"Every gun that is made, every warship launched, every rocket fired signifies, in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. This world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children. The cost of one modern heavy bomber is this: a modern brick school in more than 30 cities. It is two electric power plants, each serving a town of 60,000 population. It is two fine, fully equipped hospitals. It is some fifty miles of concrete pavement. We pay for a single fighter plane with a half million bushels of wheat. We pay for a single destroyer with new homes that could have housed more than 8,000 people. This is, I repeat, the best way of life to be found on the road the world has been taking. This is not a way of life at all, in any true sense. Under the cloud of threatening war, it is humanity hanging from a cross of iron."