Ok so here's an update, I finally bypassed HS and this is my source :
Code:
//======================================================================================//
//================================ Hackshield Addys ====================================//
//======================================================================================//
#define EhsvcSelfCrC 0x00F36109FC
#define Detection 0x00097D0
#define HSAntiCrash 0x00F35D455E
#define AsmDetection 0x00EFFFFFFE
#define NanoCheck1 0x00344EE
#define NanoCheck2 0x00F35D1B2F
#define NanoCheck3 0x00F35D3A2B
//#define HackMalfunction1 0x0043EE3D
//#define HackMalfunction2 0x0068D605
//======================================================================================//
//=================================== Bypass Function ==================================//
//======================================================================================//
INT BypassMain() {
//New Method
DWORD dwEhSvc;
do{
dwEhSvc = (DWORD)GetModuleHandleA("EhSvc.dll");
Sleep(100);
}while(!dwEhSvc);
MEMwrite((VOID*)(dwEhSvc+NanoCheck1),(PBYTE)"\xB8\x01\x00\x00\x00\xC3",6); //EHSVC NANO CHECK
MEMwrite((VOID*)(dwEhSvc+NanoCheck2),(PBYTE)"\xB8\x01\x00\x00\x00\xC3",6); //EHSVC NANO CHECK
MEMwrite((VOID*)(dwEhSvc+NanoCheck3),(PBYTE)"\xB8\x01\x00\x00\x00\xC3",6); //EHSVC NANO CHECK
MEMwrite((VOID*)(dwEhSvc+EhsvcSelfCrC),(PBYTE)"\xC2\x04\x00",3); // CRC CHECK
MEMwrite((VOID*)(dwEhSvc+Detection),(PBYTE)"\x90\x90",2); // ASM DETECTION CHECK
MEMwrite((VOID*)(dwEhSvc+AsmDetection),(PBYTE)"\x90\x90",2); // ASM DETECTION CHECK
MEMwrite((VOID*)(dwEhSvc+HSAntiCrash),(PBYTE)"\x90\x90",2); // ANTI CRASH
//MEMwrite((VOID*)0x0043EE40,(PBYTE)"\x90\x90",2); // MALFUNCTION2
//MEMwrite((VOID*)(HackMalfunction1),(PBYTE)"\x7F\x34\x50\x68\x68\xD5\x68\x00\xEB\xA4\x56\x68\xA0\xD5\x68\x00",16) ; // MALFUNCTION1
return (1);
}
Thats what I have right now, but everytime I boot the client it initializes and I get
Hacking Protection Has Some Malfunctions ( Code: 10703 )
Program Will Be Terminated
Am I missing anything? I did use a public EHSVC logger to get my addies, but thats only because I understand how to extract specific addresses from the module itself. I dumped it, but seeing as to it can't possible attach to load-dll, I can't do aything in olly. If anyone can help explain how I'd be grateful, the dumped EHSVC can be downloaded here : https://min.us/mbcBIpnqTx