Originally Posted by
abhishekv
the only possible way is to tweak it at the kernel level and that is to un hook the anti cheat log reader from the api ......and like i said i already have the code for a undetected injection ......
way to inject a dll undetected :- this might be a breakthrough guys this code is undetected
// To Inject a DLL, we need three steps in APIHandler side.
// Allocate memory in the remote process for our library
// with write permission using the below mentioned WINAPI.
HANDLE hProc;
pLibRemote = ::VirtualAllocEx( hProcess,
NULL, sizeof(szLibPath), MEM_COMMIT, PAGE_READWRITE );
// This API writes the library path name to third party process.
::WriteProcessMemory( hProcess, pLibRemote, (void*)szLibPath,
sizeof( szLibPath ), NULL );
// Load the DLL to third party process by creating a thread in that
// process, using the below mentioned WIN API, this API enable
hThread = ::CreateRemoteThread( hProcess, NULL, 0,
(LPTHREAD_START_ROUTINE)::GetProcAddress( hKernel32,"LoadLibraryA" ),
pLibRemote,0,NULL );
// Once address is found, we have to redirect using the VirtualProtect WinAPI
// that enables write permission to third party EXE.
bool ChangeAddress(DWORD* dwOldAddress,DWORD dwNewAddress)
{
// Change the old address of the function with the new address.
// Firstly this address is changed.
DWORD dwOld;
if (!(VirtualProtect(dwOldAddress,4,PAGE_READWRITE,&d wOld)))
{
return false;
}
*dwOldAddress = dwNewAddress;
// Once changed it updated in the executable.
if (!(VirtualProtect(dwOldAddress,4,PAGE_EXECUTE,&dwO ld)))
{
return false;
}
else
{
OutputDebugString( "Change Address Final.." );
return true;
}
}
give me a few more hours ill be done with this injector.......;)
---------- Post added at 09:46 PM ---------- Previous post was at 09:42 PM ----------
see encryption has nothing to do with detection like i figured out the crash is triggered out by an task called CRC and the only way to inject undetectedly is t o stop the CRC task or by masking the .dll processes as an common process like internet explorer, Microsoft api etc.....
---------- Post added at 09:48 PM ---------- Previous post was at 09:46 PM ----------
i dont know whats dumb about this revelation but what i only know is that ur eccentric ..it would be better if u let people do there job to crack the anti-cheat soon..