General
Talvez amanha já esteja detect Essas Detours
so mais a minha detours(CDetours) com umas 40 linhas .
Thread: Opções de Detours Combat Arms
Results 1 to 15 of 15
-
08-13-2014 #1Novice
- Join Date
- Aug 2013
- Gender
- Posts
- 67
- Reputation
10- Thanks
- 34
- My Mood
-
Opções de Detours Combat Arms
Opções de Detours Combat Arms
Com o tamanho do detour "const int len" = 10 é para funcionar em todos os Windows XP, Windows 7 e Windows 8.
Code:void *DetourJMP(BYTE *src, const BYTE *dst, const int len) { BYTE *jmp = (BYTE*)malloc(len + 5); DWORD dwBack; VirtualProtect(src, len, PAGE_READWRITE, &dwBack); memcpy(jmp, src, len); jmp += len; jmp[0] = '\xE9'; *(DWORD*)(jmp + 1) = (DWORD)(src + len - jmp) - 5; src[0] = '\xE9'; *(DWORD*)(&src[1]) = (DWORD)(dst - src) - 5; for (int i = 5; i < len; i++) src[i] = 0x90; VirtualProtect(src, len, dwBack, &dwBack); return (jmp - len); } oPresent = (tPresent)DetourJMP((PBYTE) dwVTablePresent, (PBYTE) &Present, 10);Code:void *DetourNOPJMP(BYTE *src, const BYTE *dst, const int len) { BYTE *jmp = (BYTE*)malloc(len + 5); DWORD dwBack; VirtualProtect(src, len, PAGE_READWRITE, &dwBack); memcpy(jmp, src, len); jmp += len; jmp[0] = '\xE9'; *(DWORD*)(jmp + 1) = (DWORD)(src + len - jmp) - 5; src[0] = '\x90'; src[1] = '\xE9'; *(DWORD*)(&src[2]) = (DWORD)(dst - src) - 6; for (int i = 6; i < len; i++) src[i] = 0x90; VirtualProtect(src, len, dwBack, &dwBack); return (jmp - len); } oPresent = (tPresent)DetourNOPJMP((PBYTE) dwVTablePresent, (PBYTE) &Present, 10);Code:void *DetourPUSHRET(BYTE *src, const BYTE *dst, const int len) { BYTE *jmp = (BYTE*)malloc(len + 5); DWORD dwBack; VirtualProtect(src, len, PAGE_READWRITE, &dwBack); memcpy(jmp, src, len); jmp += len; jmp[0] = '\xE9'; *(DWORD*)(jmp + 1) = (DWORD)(src + len - jmp) - 5; src[0] = '\x68'; *(DWORD*)(&src[1]) = (DWORD)(dst); src[5] = '\xC3'; for (int i = 6; i < len; i++) src[i] = 0x90; VirtualProtect(src, len, dwBack, &dwBack); return (jmp - len); } oPresent = (tPresent)DetourPUSHRET((PBYTE) dwVTablePresent, (PBYTE) &Present, 10);Code:void *DetourNOPNOPJMP(BYTE *src, const BYTE *dst, const int len) { BYTE *jmp = (BYTE*)malloc(len + 5); DWORD dwBack; VirtualProtect(src, len, PAGE_READWRITE, &dwBack); memcpy(jmp, src, len); jmp += len; jmp[0] = '\xE9'; *(DWORD*)(jmp + 1) = (DWORD)(src + len - jmp) - 5; src[0] = '\x90'; src[1] = '\x90'; src[2] = '\xE9'; *(DWORD*)(&src[3]) = (DWORD)(dst - src) - 7; for (int i = 7; i < len; i++) src[i] = 0x90; VirtualProtect(src, len, dwBack, &dwBack); return (jmp - len); } oPresent = (tPresent)DetourNOPNOPJMP((PBYTE) dwVTablePresent, (PBYTE) &Present, 10);Code:void *DetourPUSHPOPJMP(BYTE *src, const BYTE *dst, const int len) { BYTE *jmp = (BYTE*)malloc(len + 5); DWORD dwBack; VirtualProtect(src, len, PAGE_READWRITE, &dwBack); memcpy(jmp, src, len); jmp += len; jmp[0] = '\xE9'; *(DWORD*)(jmp + 1) = (DWORD)(src + len - jmp) - 5; src[0] = '\x50'; src[1] = '\x58'; src[2] = '\xE9'; *(DWORD*)(&src[3]) = (DWORD)(dst - src) - 7; for (int i = 7; i < len; i++) src[i] = 0x90; VirtualProtect(src, len, dwBack, &dwBack); return (jmp - len); } oPresent = (tPresent)DetourPUSHPOPJMP((PBYTE) dwVTablePresent, (PBYTE) &Present, 10);Code:void *DetourSTCJB(BYTE *src, const BYTE *dst, const int len) { BYTE *jmp = (BYTE*)malloc(len + 5); DWORD dwBack; VirtualProtect(src, len, PAGE_READWRITE, &dwBack); memcpy(jmp, src, len); jmp += len; jmp[0] = '\xE9'; *(DWORD*)(jmp + 1) = (DWORD)(src + len - jmp) - 5; src[0] = '\xF9'; src[1] = '\x0F'; src[2] = '\x82'; *(DWORD*)(&src[3]) = (DWORD)(dst - src) - 7; for (int i = 7; i < len; i++) src[i] = 0x90; VirtualProtect(src, len, dwBack, &dwBack); return (jmp - len); } oPresent = (tPresent)DetourSTCJB((PBYTE) dwVTablePresent, (PBYTE) &Present, 10);Code:void *DetourCLCJNB(BYTE *src, const BYTE *dst, const int len) { BYTE *jmp = (BYTE*)malloc(len + 5); DWORD dwBack; VirtualProtect(src, len, PAGE_READWRITE, &dwBack); memcpy(jmp, src, len); jmp += len; jmp[0] = '\xE9'; *(DWORD*)(jmp + 1) = (DWORD)(src + len - jmp) - 5; src[0] = '\xF8'; src[1] = '\x0F'; src[2] = '\x83'; *(DWORD*)(&src[3]) = (DWORD)(dst - src) - 7; for (int i = 7; i < len; i++) src[i] = 0x90; VirtualProtect(src, len, dwBack, &dwBack); return (jmp - len); } oPresent = (tPresent)DetourCLCJNB((PBYTE) dwVTablePresent, (PBYTE) &Present, 10);Code:void *DetourMOVJMP(BYTE *src, const BYTE *dst, const int len) { BYTE *jmp = (BYTE*)malloc(len + 5); DWORD dwBack; VirtualProtect(src, len, PAGE_READWRITE, &dwBack); memcpy(jmp, src, len); jmp += len; jmp[0] = '\xE9'; *(DWORD*)(jmp + 1) = (DWORD)(src + len - jmp) - 5; src[0] = '\xB8'; *(DWORD*)(&src[1]) = (DWORD)(dst); src[5] = '\xFF'; src[6] = '\xE0'; for (int i = 7; i < len; i++) src[i] = 0x90; VirtualProtect(src, len, dwBack, &dwBack); return (jmp - len); } oPresent = (tPresent)DetourMOVJMP((PBYTE) dwVTablePresent, (PBYTE) &Present, 10);Créditos:Code:void *DetourXORTESTJE(BYTE *src, const BYTE *dst, const int len) { BYTE *jmp = (BYTE*)malloc(len + 5); DWORD dwBack; VirtualProtect(src, len, PAGE_READWRITE, &dwBack); memcpy(jmp, src, len); jmp += len; jmp[0] = '\xE9'; *(DWORD*)(jmp + 1) = (DWORD)(src + len - jmp) - 5; src[0] = '\x33'; src[1] = '\xC0'; src[2] = '\x85'; src[3] = '\xC0'; src[4] = '\x0F'; src[5] = '\x84'; *(DWORD*)(&src[6]) = (DWORD)(dst - src) - 10; for (int i = 10; i < len; i++) src[i] = 0x90; VirtualProtect(src, len, dwBack, &dwBack); return (jmp - len); } oPresent = (tPresent)DetourXORTESTJE((PBYTE) dwVTablePresent, (PBYTE) &Present, 10);
Azorbix / Gordon / Patrick / WE11ington[/QUOTE]
-
08-13-2014 #2Member
- Join Date
- Aug 2014
- Gender
- Posts
- 107
- Reputation
- 10
- Thanks
- 39
-
08-13-2014 #3
ThreadstarterNovice
- Join Date
- Aug 2013
- Gender
- Posts
- 67
- Reputation
- 10
- Thanks
- 34
- My Mood
-
Pode até ser, porem com essas detours ae se souber da para criar umas umas 4 ou 5 opções a mais!
Originally Posted by Coder.Hu3
só repostei !
-
The Following User Says Thank You to Cheetara For This Useful Post:
Coder.Hu3 (08-13-2014)
-
08-13-2014 #4Dual-Keyboard Member
- Join Date
- Aug 2011
- Gender
- Posts
- 498
- Reputation
- 23
- Thanks
- 110
- My Mood
-
Interessante, mas é só uma versão simplificada da cDetours(que eu não sei quem criou). Pode ver que tudo isso tem em bases com a do MMBOB (tem muito outros tipos de detours lá). A Detours PUSHRET tem na WhitBase v2 por exemplo.
Mas como vc disse, da pra fazer pequenas alterações nos OPCodes e deixar indetectável.
Poderia explicar por que com len = 10, a detours funciona em todos os SO @Cheetara ?Last edited by New - Hacker; 08-13-2014 at 03:50 PM.
-
08-14-2014 #5
ThreadstarterNovice
- Join Date
- Aug 2013
- Gender
- Posts
- 67
- Reputation
- 10
- Thanks
- 34
- My Mood
-
Não, não poderia! Originally Posted by New - Hacker
-
08-14-2014 #6Advanced Member
- Join Date
- Feb 2014
- Gender
- Posts
- 193
- Reputation
- 10
- Thanks
- 57
- My Mood
-
ñ vi nada de diferente nessas detours "Cheetara"
Good Job
-
08-14-2014 #7Synthetic Hacker
- Join Date
- Feb 2012
- Gender
- Location
- Posts
- 1,306
- Reputation
- 15
- Thanks
- 420
- My Mood
-
Considere-se com problemas Originally Posted by _ReturnsBR_
ñ vi nada de diferente nessas detours "Cheetara" Good Job
-
The Following 5 Users Say Thank You to pDevice For This Useful Post:
bieljtvza (08-15-2014),Cheetara (08-14-2014),Fellas1704 (08-14-2014),iTz.Cheater (08-14-2014),Otaviomorais (08-14-2014)
-
08-14-2014 #8Novice
- Join Date
- Nov 2013
- Gender
- Location
- Posts
- 53
- Reputation
- 10
- Thanks
- 6
- My Mood
-
AHHAHAHAHHAHAHHAHAHAHAHAH
-
08-14-2014 #9New Member
- Join Date
- Jun 2014
- Gender
- Posts
- 10
- Reputation
- 10
- Thanks
- 0
Bem down ... Originally Posted by Fellas1704
AHHAHAHAHHAHAHHAHAHAHAHAH
-
08-14-2014 #10Novice
- Join Date
- Oct 2011
- Gender
- Posts
- 69
- Reputation
- 10
- Thanks
- 26
- My Mood
-
legal fera e as ppekas kkkkkkkkkkkkk belo tópico xD
-
08-15-2014 #11Expert Member
- Join Date
- Jun 2010
- Gender
- Location
- Posts
- 523
- Reputation
- 151
- Thanks
- 1,899
- My Mood
-
MS Detour 3.0
Problem solvedReversing is the only way to move forward.
-
08-17-2014 #12Blackhat Hacker
- Join Date
- Feb 2011
- Gender
- Location
- Posts
- 1,879
- Reputation
- 136
- Thanks
- 10,137
- My Mood
-
Originally Posted by arun823
the remaining 5 cents is for you buy a candy in market.
-
The Following User Says Thank You to luizimloko For This Useful Post:
iTz.Cheater (08-17-2014)
-
08-17-2014 #13New Member
- Join Date
- Feb 2014
- Gender
- Posts
- 24
- Reputation
- 35
- Thanks
- 2
LOL né que é mesmo mais tem um free.. Originally Posted by luizimloko
the remaining 5 cents is for you buy a candy in market.
Last edited by iTz.Cheater; 08-17-2014 at 10:23 AM.
-
08-19-2014 #14Novice
- Join Date
- Oct 2011
- Gender
- Posts
- 69
- Reputation
- 10
- Thanks
- 26
- My Mood
-
Que Treta kkkkkkkkkkkkk Originally Posted by luizimloko
the remaining 5 cents is for you buy a candy in market.
-
08-19-2014 #15Expert Member
- Join Date
- Jun 2010
- Gender
- Location
- Posts
- 523
- Reputation
- 151
- Thanks
- 1,899
- My Mood
-
Stop being poor. Originally Posted by luizimloko
the remaining 5 cents is for you buy a candy in market.
Problem SolvedReversing is the only way to move forward.
Similar Threads
-
[Download] Combat Arms
By Str8Thimo in forum Combat Arms Hacks & CheatsReplies: 28Last Post: 08-05-2008, 08:00 PM -
How do you create an account and download client on Combat arms?
By gtdemon in forum WarRock Korea HacksReplies: 1Last Post: 12-17-2007, 01:52 PM -
nexon's combat arms
By brownsfan91 in forum WarRock Korea HacksReplies: 11Last Post: 12-17-2007, 11:04 AM -
Combat Arms
By Synns in forum WarRock Korea HacksReplies: 0Last Post: 11-21-2007, 09:09 PM -
Combat Arms
By tednugent in forum WarRock Korea HacksReplies: 7Last Post: 07-10-2007, 07:53 AM