Bypassing xtrap

[kmanev073]

Hello guys,
Since I started trying to bypass the XCrap I was thinking: So if we use normal bypass we get hack tool... so we know that it is not coused by xtrap bcs it is not running... it is not the crossfire.exe... the only one left is HGWC ! so if we suspend it before cf starts and add fake xtrapva.dll cf will load with it and we wont get detected file changing... I am not at home for this and next week so i wanted to disscuss with you... is XTrap bypass with no problems still possable ?

[NanoGold]

I tried this before ,I Suspend HGWC after the game starts crossfire and it gives hack tool detected.. i think that hack tool is server sided error

[kmanev073]

@NanoGold you should release hgwc after replacing

[Avene]

I tried this before ,I Suspend HGWC after the game starts crossfire and it gives hack tool detected.. i think that hack tool is server sided error

I'm pretty damn sure you need to remove crc checks for hgwc in crossfire.exe.

You better ask HL.BOT about this but doubt he will answer you.

[kmanev073]

I'm pretty damn sure you need to remove crc checks for hgwc in crossfire.exe.

You better ask HL.BOT about this but doubt he will answer you.

he will maybe say he is busy but why guys always want to ask him ?!? there are plenty of other good and skilled guys

+ i think i tried in the past and it didnt detect file change but i didnt login :S i dont remember it was long time ago...

[Avene]

I dumped @Code64 's Code64 Hack [4-CF] v0.2 & i see XTrapVa.dll inside:

Code:

65612094   8B5D 08          MOV EBX,DWORD PTR SS:[EBP+8]
65612097   68 58816165      PUSH Code64Dump.65618158                     ; ASCII "XTrapVa.dll"
6561209C   53               PUSH EBX
6561209D   FF15 B4806165    CALL DWORD PTR DS:[656180B4]             ; msvcr100.strstr
656120A3   83C4 08          ADD ESP,8
656120A6   85C0             TEST EAX,EAX
656120A8   74 52            JE SHORT Code64Dump.656120FC
656120AA   56               PUSH ESI
656120AB   57               PUSH EDI
656120AC   68 64816165      PUSH Code64Dump.65618164                     ; ASCII "LoadLibraryA"
656120B1   68 74816165      PUSH Code64Dump.65618174                     ; ASCII "kernel32.dll"
656120B6   FF15 08806165    CALL DWORD PTR DS:[65618008]             ; kernel32.GetModuleHandleA
656120BC   50               PUSH EAX
65612140   68 94816165      PUSH Code64Dump.65618194                     ; ASCII "XtrapVa.dll"
65612145   FFD6             CALL ESI
65612147   85C0             TEST EAX,EAX
65612149   74 19            JE SHORT Code64Dump.65612164
6561214B   E8 F0510000      CALL Code64Dump.65617340
65612150   53               PUSH EBX
65612151   E8 AAFEFFFF      CALL Code64Dump.65612000
65612156   83C4 04          ADD ESP,4
65612159   5E               POP ESI
6561215A   B8 01000000      MOV EAX,1
6561215F   5B               POP EBX
65612160   5D               POP EBP
65612161   C2 0C00          RETN 0C
65612164   57               PUSH EDI
65612165   68 64816165      PUSH Code64Dump.65618164                     ; ASCII "LoadLibraryA"
6561216A   68 74816165      PUSH Code64Dump.65618174                     ; ASCII "kernel32.dll"
6561216F   FFD6             CALL ESI
65612171   50               PUSH EAX
65612172   FF15 40806165    CALL DWORD PTR DS:[65618040]             ; apphelp.7210FFF6
65612178   8B3D 10806165    MOV EDI,DWORD PTR DS:[65618010]          ; kernel32.VirtualProtect
6561217E   8D70 02          LEA ESI,DWORD PTR DS:[EAX+2]
65612181   8B06             MOV EAX,DWORD PTR DS:[ESI]
65612183   8D55 0C          LEA EDX,DWORD PTR SS:[EBP+C]
65612186   52               PUSH EDX
65612187   6A 40            PUSH 40

Like hackshield, patching some bytes in EHSvc.dll can make your base undetected.

[Hexicidal]

Are you using MakeCall function ?

[giniyat101]

why do u ask some questions ending with "is possible?" instead of trying yourself?

[[MPGH]BACKD00R]

I dumped @Code64 's Code64 Hack [4-CF] v0.2 & i see XTrapVa.dll inside:

Code:

65612094   8B5D 08          MOV EBX,DWORD PTR SS:[EBP+8]
65612097   68 58816165      PUSH Code64Dump.65618158                     ; ASCII "XTrapVa.dll"
6561209C   53               PUSH EBX
6561209D   FF15 B4806165    CALL DWORD PTR DS:[656180B4]             ; msvcr100.strstr
656120A3   83C4 08          ADD ESP,8
656120A6   85C0             TEST EAX,EAX
656120A8   74 52            JE SHORT Code64Dump.656120FC
656120AA   56               PUSH ESI
656120AB   57               PUSH EDI
656120AC   68 64816165      PUSH Code64Dump.65618164                     ; ASCII "LoadLibraryA"
656120B1   68 74816165      PUSH Code64Dump.65618174                     ; ASCII "kernel32.dll"
656120B6   FF15 08806165    CALL DWORD PTR DS:[65618008]             ; kernel32.GetModuleHandleA
656120BC   50               PUSH EAX
65612140   68 94816165      PUSH Code64Dump.65618194                     ; ASCII "XtrapVa.dll"
65612145   FFD6             CALL ESI
65612147   85C0             TEST EAX,EAX
65612149   74 19            JE SHORT Code64Dump.65612164
6561214B   E8 F0510000      CALL Code64Dump.65617340
65612150   53               PUSH EBX
65612151   E8 AAFEFFFF      CALL Code64Dump.65612000
65612156   83C4 04          ADD ESP,4
65612159   5E               POP ESI
6561215A   B8 01000000      MOV EAX,1
6561215F   5B               POP EBX
65612160   5D               POP EBP
65612161   C2 0C00          RETN 0C
65612164   57               PUSH EDI
65612165   68 64816165      PUSH Code64Dump.65618164                     ; ASCII "LoadLibraryA"
6561216A   68 74816165      PUSH Code64Dump.65618174                     ; ASCII "kernel32.dll"
6561216F   FFD6             CALL ESI
65612171   50               PUSH EAX
65612172   FF15 40806165    CALL DWORD PTR DS:[65618040]             ; apphelp.7210FFF6
65612178   8B3D 10806165    MOV EDI,DWORD PTR DS:[65618010]          ; kernel32.VirtualProtect
6561217E   8D70 02          LEA ESI,DWORD PTR DS:[EAX+2]
65612181   8B06             MOV EAX,DWORD PTR DS:[ESI]
65612183   8D55 0C          LEA EDX,DWORD PTR SS:[EBP+C]
65612186   52               PUSH EDX
65612187   6A 40            PUSH 40

Like hackshield, patching some bytes in EHSvc.dll can make your base undetected.

This code is not a bypass!

[Glenox]

try to bypass the x-trap and HGWC

only crossfire.exe run with out x-trap and HGWC!!!

[Andrea1234567890]

There are some method:

XTrap & HGWC still a****** Hooking APIs - Unlimited time
HGWC still alive + suspend: 10 min + Hooking API
HGWC still alive + suspend: 10 min + 2 Hooking APIs

You can patch HGWC without suspend and can work 10 min.
To make it work for unlimited time, you must search the connection between XTrap -> Keep alive.
I've already did it for S4League but It's boring to do alawys detouring functions, I want search addys on XTrapVa.dll like time ago :C
I've never played crossfire but exist a method to remove HGWC and playing. I must see the game :C

EDIT: I'm downloading it to see C:
EDIT2: Yes, my bypass work :c

[kmanev073]

why do u ask some questions ending with "is possible?" instead of trying yourself?

bcs i am not at home for 1 week and could not w8

---------- Post added at 01:54 PM ---------- Previous post was at 01:52 PM ----------

PS... so if i find the ip that xtrap sends packets to... and start pinging it with CMD and start the game with no xtrap we could possably make some bypass correct ?

[[WPGH]Infinity]

kmanev073 signature:

On 27.09.2011 one great man with nickname kmanev073 siad: You don't need to be pro to be one from the best but you can't be the best if you are not pro so Never say Never ! Dont give up ! And live untill you are able !

"siad", yeah should be an awsome man.

[kmanev073]

kmanev073 signature:

On 27.09.2011 one great man with nickname kmanev073 siad: You don't need to be pro to be one from the best but you can't be the best if you are not pro so Never say Never ! Dont give up ! And live untill you are able !

"siad", yeah should be an awsome man.

whats wrong ?!? i was in the bed tying to sleep and... just... said that hehe

PS ehehehheee i have written it wrong

---------- Post added at 09:53 PM ---------- Previous post was at 09:52 PM ----------

PS 2 fixed it thanks for telling me... now please on topic

[justinsswagga]

I can't dump crossfire.