apezwijn (11-10-2009),bradb2k9 (11-06-2009),imhacked.exe (11-08-2009),pop25 (11-06-2009),reaper (11-09-2009)
I think that this is very usefull and anyone is free to copy any of this information for your own uses enjoy!
PUNKBUSTER
It is attached to the game as pbcl.dll. It reads game memory directly.
Next time that make hashes of scanned memory. It generates few hashes
and next it hashes all generated hashes to and sends to game server.
Server compare hash and select game violation from database. Once
if you changed d3d8 you should be kicked for Dissalowed Program/Driver.
It don't hooks any api functions that you can normally write to game memory.
That uses server to check memory
HACKSHIELDby AhnLab
It is attached to the game as ehsvc.dll and may loads other modules
like hsupdate.dll. It scans memory directly like pb and compares that
on client . So you can simply edit the compare from jne to jmp
and you got memory scan bypassed.
It hooks low-level memory manipulation functions and some process-functions
with kernelmode via EagleNT.sys : NtOpenProcess, NtWriteVirtualMemory
NtTerminateProcess, NtReadVirtualMemory, NtMapViewOfSection.
It injects dll into all processes: ERGNAPX2.DLL and hooks some function from that.
Note: When i tried to hook Direct3DCreate8 thats alllow me to hack lol.
That not using server to check memory
XTRAPby WiseLogic
It is working with external process Xtrap.xt what controls the game.
It hooks low-level memory manipulation functions and some process-functions
with kernelmode via XDva.sys : NtOpenProcess, NtWriteVirtualMemory
NtTerminateProcess, NtReadVirtualMemory, NtMapViewOfSection.
It injects dll into all processes: XTrapVa.DLL and hooks some function from that.
GAMEGUARDby INCA
It is working with external process GameMon.des what controls the game.
Idk more about it. I know that scans memory through the driver.
It hooks all memory manipulation functions, keattachprocess and
some GUI functions like GetPixel, FindWindow, GetWindowThreadProcessID
with kernelmode and usermode. It generate hashes and sends to ggserver
what compare that with hashes stored in GameGuard database.
It injects dll into all processes: npggNT.des (ON NT SYSTEMs) and
npgg9x.des (ON 9x kernel based systems) and hooks some function from that.
That uses server to check memory
apezwijn (11-10-2009),bradb2k9 (11-06-2009),imhacked.exe (11-08-2009),pop25 (11-06-2009),reaper (11-09-2009)
Sorry if this i nub question, but what is "jne" and "jmp" in the hackshield?
Lol nice, but i already knew that :P
If This Wasn't A Copy And Paste I Would Say You Just Gave A VERY Detailed Description
This is fuck off.
nice copy + paste
i always wanted to know how hackshield worked
your welcome people and dont you love the option when you press ctrl+A and ctrl+C
Then you make a post and press ctrl+V but you gotta admit I still found them and put my time into postin them so your welcome and no trash comments
does it matter if he copy and paste? was this info here before he "copy and paste" no it wasnt, so be happy he got it dang you people are wierd...