Stop bitching at each other or else.
What's that make you then? super rager skid? I have more skill in my thumb than you do all together. If you knew anything about me you wouldn't assume such things. As you can very well see I have already beat XignCode
https://i.imgur.com/AJVo8.jpg
https://i.imgur.com/4VVQl.jpg
but okay, continue to live in your land of make believe where you're better than me and the sky is red. You have no idea who I am.
Last edited by ~FALLEN~; 12-31-2012 at 04:28 PM.
Stop bitching at each other or else.
You aren't fooling anyone kid, those are old pictures from a vip hack and anyone can put a date on a picture with mspaint.
Why do you feel like you have to prove yourself to random people on the internet. Are you that much a tool?
I'm sorry that you have no friends, but this is the internet. Nobody cares about you or even wants you here.
Not even worth trying to reason with someone this retarded, so we're just going to pretend you don't exist kid.
Last edited by CyanideC00kies; 12-31-2012 at 10:24 PM.
lol... It's my vip? derp... I have the menu, It's my code, I have the sdk generated... like I said kid you have no idea who I am.
https://i.imgur.com/muKtv.png
Go on UC click the top banner, good fight scrub.
Last edited by ~FALLEN~; 12-31-2012 at 10:38 PM.
If i coded a bypass why would i share it ? so ppl can give credits for them self ? , oh btw that make it get patched alot faster dont u think , something else he have right to not share camon guys he spend all time on something and easly give it to All ? its kinda hard .. and look at way ur talking to him if ur mad u couldn't hook the game or the method didnt work move on ..
the cool part u call him nob while u dont know who he is or what could he do oh he is way better than u .. thats not really cool the guy tryed to help and ur like ungreat full :s , he is nice guy i sow his work on many forums he hookedblots of game ( hard ones ) , if u want something he would be happy to help but ask on the correct way ..
On topic :
Hardware breakpoints would probably work
Good job
~FALLEN~ (01-01-2013)
Also for those who are talking about manual mapping their modules, you can do this, but you don't have to. You can still use LoadLibrary, I do for testing. An overview on manual mapping : load module into memory -> map sections -> walk import table -> if module exits rebuild import / if module does not exist -> load module -> rebuild import -> handle relocations if needed -> ( if there is an exception table rebuild it ) -> call entry point w/ DLL_PROCESS_ATTACH. Note. Everything has to be relative when manually mapping a module. If you're a beginner I don't recommend it, however there are various ways to do manual mapping, all manual mapping is ( is what the name sugests ) mapping a module into memory manually with your own code instead of mapping it with the windows PE loader. Anyways, best of luck with xigncode everybody
R3d_L1n3 (01-01-2013)
CyanideC00kies, I don't see your point here. You are just misunderstanding things here.
What do you mean? I have a manual mapper but it can't really map some dependency DLLs. Like WINNM.dll. But since the game already loaded that module I'm lucky.
Also for hardware breakpoints, I think they are checking for them with the API IsDebuggerPresent but I haven't tested.
Even familiar landscapes will
reveal a different kind of beauty
if you change your viewpoint.
Where these new encounters
and new bonds will lead you...
Such dazzling golden days.
I, too, look forward to
what I might behold.
Hardware breakpoints aren't detected by IsDebuggerPresent, if they were to be detected the anticheat probably is scanning them via GetThreadContext / NTGetThreadContext. There are other ways to detect them of course, but I haven't seen an anticheat detect them any other way as of yet.
As far as your question about the import table, your manual mapper needs to call loadlibrary on winmm.dll and get the relative virtual address of the functions you need and rebuild the imports for the module by doing such.
Yes it is done like that. I thought you said something else. But there is a problem with a dependency of WINNM.dll, don't remember its name. Also when packing my dll with themida, the packer adds other dependencies to the dll that wasn't in it before. So I can't pack with it.
Even familiar landscapes will
reveal a different kind of beauty
if you change your viewpoint.
Where these new encounters
and new bonds will lead you...
Such dazzling golden days.
I, too, look forward to
what I might behold.
The reason you can't pack your module with Themida isn't because it has additional dependencies ( because it doesn't, Themida embeds a stub into your module ) but is more than likely because Themida isn't being unpacked ( which it naturally does at runtime ) and also your entrypoint probably isn't being called. You could easily allocate your loader code into the remote process and have it take care of it, but than they could do a byte signature scan on it and detect you like that. You could make it metamorphic I guess. Up to you (:
But I do call the entry point of the DLL. This is the error message:
---------------------------
Themida
---------------------------
An internal exception occured (Address: 0x7ff2964)
Please, contact support@oreans.com. Thank you!
---------------------------
OK
---------------------------
And what do you mean metamorphic. If ill cast the function as virtual it'll give them some kind of protection?
Wait, I think I misunderstood that part. You mean to avoid their signature scan I should insert NOP like opcodes...
But that's a lot of work...
Last edited by Jabberwock; 01-01-2013 at 08:09 AM.
Even familiar landscapes will
reveal a different kind of beauty
if you change your viewpoint.
Where these new encounters
and new bonds will lead you...
Such dazzling golden days.
I, too, look forward to
what I might behold.
hmm I would look at oreans support documents, as far as "metamorphism" goes, it means to take parts of code and mutate them at runtime. It works on the principal of computations. e.g. CALL 0x12345678 -> MOV EDX, 0x12345678 CALL EDX -> MOV EDX 0x13245677 ADD EDX, 1 CALL EDX, etc.
Why Injection? Why not External?
Good External hack on ring0 canīt be detected, because the Anti-Cheat programs
donīt "look" at this level..
Maybe Injection works on ring0 too, but I donīt know this :/
And I donīt know how you can program an ring0 cheat....
But ring0 is best way for any chear I think
To enter kenel mode you need to have your code signed with microsoft authenticode so unless you have 200 - 500 usd a year to spare there really isn't a point.
Externals are slow by the way. So why not Injection? You have direct memory access, it's faster, just as easy to maintain, etc.
FantaWauWau (01-06-2013)