zerograve00 (09-08-2012)
Hello guys,
Since I started trying to bypass the XCrap I was thinking: So if we use normal bypass we get hack tool... so we know that it is not coused by xtrap bcs it is not running... it is not the crossfire.exe... the only one left is HGWC ! so if we suspend it before cf starts and add fake xtrapva.dll cf will load with it and we wont get detected file changing... I am not at home for this and next week so i wanted to disscuss with you... is XTrap bypass with no problems still possable ?
zerograve00 (09-08-2012)
I tried this before ,I Suspend HGWC after the game starts crossfire and it gives hack tool detected.. i think that hack tool is server sided error
@NanoGold you should release hgwc after replacing
I dumped @Code64 's Code64 Hack [4-CF] v0.2 & i see XTrapVa.dll inside:
Like hackshield, patching some bytes in EHSvc.dll can make your base undetected.Code:65612094 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8] 65612097 68 58816165 PUSH Code64Dump.65618158 ; ASCII "XTrapVa.dll" 6561209C 53 PUSH EBX 6561209D FF15 B4806165 CALL DWORD PTR DS:[656180B4] ; msvcr100.strstr 656120A3 83C4 08 ADD ESP,8 656120A6 85C0 TEST EAX,EAX 656120A8 74 52 JE SHORT Code64Dump.656120FC 656120AA 56 PUSH ESI 656120AB 57 PUSH EDI 656120AC 68 64816165 PUSH Code64Dump.65618164 ; ASCII "LoadLibraryA" 656120B1 68 74816165 PUSH Code64Dump.65618174 ; ASCII "kernel32.dll" 656120B6 FF15 08806165 CALL DWORD PTR DS:[65618008] ; kernel32.GetModuleHandleA 656120BC 50 PUSH EAX 65612140 68 94816165 PUSH Code64Dump.65618194 ; ASCII "XtrapVa.dll" 65612145 FFD6 CALL ESI 65612147 85C0 TEST EAX,EAX 65612149 74 19 JE SHORT Code64Dump.65612164 6561214B E8 F0510000 CALL Code64Dump.65617340 65612150 53 PUSH EBX 65612151 E8 AAFEFFFF CALL Code64Dump.65612000 65612156 83C4 04 ADD ESP,4 65612159 5E POP ESI 6561215A B8 01000000 MOV EAX,1 6561215F 5B POP EBX 65612160 5D POP EBP 65612161 C2 0C00 RETN 0C 65612164 57 PUSH EDI 65612165 68 64816165 PUSH Code64Dump.65618164 ; ASCII "LoadLibraryA" 6561216A 68 74816165 PUSH Code64Dump.65618174 ; ASCII "kernel32.dll" 6561216F FFD6 CALL ESI 65612171 50 PUSH EAX 65612172 FF15 40806165 CALL DWORD PTR DS:[65618040] ; apphelp.7210FFF6 65612178 8B3D 10806165 MOV EDI,DWORD PTR DS:[65618010] ; kernel32.VirtualProtect 6561217E 8D70 02 LEA ESI,DWORD PTR DS:[EAX+2] 65612181 8B06 MOV EAX,DWORD PTR DS:[ESI] 65612183 8D55 0C LEA EDX,DWORD PTR SS:[EBP+C] 65612186 52 PUSH EDX 65612187 6A 40 PUSH 40
Are you using MakeCall function ?
why do u ask some questions ending with "is possible?" instead of trying yourself?
[img]https://i43.photobucke*****m/albums/e367/DeteSting/Steam-update.gif[/img]
try to bypass the x-trap and HGWC
only crossfire.exe run with out x-trap and HGWC!!!
Coming Soon,
There are some method:
XTrap & HGWC still a****** Hooking APIs - Unlimited time
HGWC still alive + suspend: 10 min + Hooking API
HGWC still alive + suspend: 10 min + 2 Hooking APIs
You can patch HGWC without suspend and can work 10 min.
To make it work for unlimited time, you must search the connection between XTrap -> Keep alive.
I've already did it for S4League but It's boring to do alawys detouring functions, I want search addys on XTrapVa.dll like time ago :C
I've never played crossfire but exist a method to remove HGWC and playing. I must see the game :C
EDIT: I'm downloading it to see C:
EDIT2: Yes, my bypass work :c
Last edited by Andrea1234567890; 09-06-2012 at 03:25 AM.
bcs i am not at home for 1 week and could not w8
---------- Post added at 01:54 PM ---------- Previous post was at 01:52 PM ----------
PS... so if i find the ip that xtrap sends packets to... and start pinging it with CMD and start the game with no xtrap we could possably make some bypass correct ?
kmanev073 signature:
On 27.09.2011 one great man with nickname kmanev073 siad: You don't need to be pro to be one from the best but you can't be the best if you are not pro so Never say Never ! Dont give up ! And live untill you are able !
"siad", yeah should be an awsome man.
kmanev073 (09-06-2012)
[WPGH]Infinity (09-07-2012)