Hackshield bypass {Source code}

[headsup]

Ok listen, I did not make this, I found from acid burn and changed a few details, And now im letting all you people know about it. This is not 100%, And will require some coding and changed value's; Since this is old and hackshield updated..[SIZE="5"]Anyway here it is and thanks me.

Code:

#define HS_JMP            0x63B31D
#define HS_JMP2            0x63B323

typedef int            (__cdecl *HS_GetProcAddress_t)( int hModule, int a2 );
typedef int            (__stdcall *HackshieldComm_t )( int, void*, void* );
typedef signed int    (__stdcall *KickProc_t)( int a1, int a2, int a3 );

HS_GetProcAddress_t                pHS_GetProcAddress        = NULL;
HackshieldComm_t                pHackshieldComm            = NULL;
KickProc_t                        pKickProc                = NULL;

signed int __stdcall new_KickProc( int a1, int a2, int a3 )
{
    return 1;
}

int __stdcall new_HackshieldComm( int hsCommCode, void *Param1, void *Param2 )
{
    if( hsCommCode == 4 || hsCommCode == 5 || hsCommCode == 13 ) //kill!
    {
        if( hsCommCode == 4 ) //replace kick proc
        {
            DWORD *dwParam1 = (DWORD *)Param1;

            pKickProc    = (KickProc_t)*dwParam1;
            *dwParam1    = (DWORD)new_KickProc;
        }

        int iReturn = pHackshieldComm( hsCommCode, Param1, Param2 );

        return 1;
    }

    int iReturn = pHackshieldComm( hsCommCode, Param1, Param2 );

    return iReturn;
}

void HookCommunication( EXCEPTION_POINTERS* pExceptionInfo )
{
    DWORD dwEbp        = pExceptionInfo->ContextRecord->Ebp;
    DWORD dwParam2    = 0;

    __asm
    {
        push eax;
        push edx;
        mov eax, dwEbp;
        mov edx, [eax+0xC];
        mov dwParam2, edx;
        pop edx;
        pop eax;
    }

    if( dwParam2 == 0xA ) //this is the ordinal of some export...hmm..
    {
        pHackshieldComm                        = (HackshieldComm_t)pExceptionInfo->ContextRecord->Eax;
        pExceptionInfo->ContextRecord->Eax    = (DWORD)new_HackshieldComm;
    }

    pExceptionInfo->ContextRecord->Eip        = HS_JMP2;

    return;
}

PVOID pContextHandler = NULL;

LONG WINAPI ***ExceptionHandler( EXCEPTION_POINTERS* pExceptionInfo )
{
    if( pExceptionInfo->ExceptionRecord->ExceptionCode != EXCEPTION_SINGLE_STEP )
    {
        return EXCEPTION_CONTINUE_SEARCH;
    }

    if( pExceptionInfo->ExceptionRecord->ExceptionAddress == (PVOID)HS_JMP ) 
    {
        HookCommunication( pExceptionInfo );
        return EXCEPTION_CONTINUE_EXECUTION;
    }

    return EXCEPTION_CONTINUE_SEARCH;
}

void InitContextHook()
{
    pContextHandler = AddVectoredExceptionHandler( 0x50BE17, ***ExceptionHandler );

    CONTEXT Context;
    Contex*****ntextFlags = CONTEXT_DEBUG_REGISTERS;
    GetThreadContext(GetCurrentThread(), &Context);
    Context.Dr0 = HS_JMP;
    Context.Dr7 = (1<<0)|(1<<2)|(1<<4)|(1<<6);
    SetThreadContext(GetCurrentThread(), &Context);

Do not reply, With spam , flame, Just don't reply at all.. Pm me with any question's as i Willl Be able to give you help!!.. Thank's


Here is a simple script i wrote up, But got leeched all over.. This is a bypass but will require you to add in a code to pass cshell also.. But hey this is half way done. Do not reply it doesn't work i know it does.. I am using the old RK Aimbot with TnT chams..
You need to work with this as i am not just going to pass cshell for you for the fact of choobs.. Sooooo.. Have fun And thank's me!!

Code:

/*-----------------------------------------------------------------Bypass---------------------------------------------------------*/
{
for (;;){
int EhSvc = (long)GetModuleHandleA("EhSvc.dll");
if(EhSvc !=0){
DWORD OldProtect;

int EhPtr   = 0xAF590;//Constant
int Memory1 =(EhSvc+0xB1D6C);//HS-Addy
int Memory2 =(EhSvc+0xB1D70);//Hs-Addy-Jump
int Memory3 =(EhSvc+0xB1D90);//Hs-Addy-Jump
int Memory4 =(EhSvc+0xB186C);//Hs-Addy-Jump
int Memory5 =(EhSvc+0xBE338);//Hs-Addy-Jump
int Memory6 =(EhSvc+0xBE3A4);//Hs-Addy-Jump
int Memory7 =(EhSvc+0xBE478);//Hs-Addy-Jump
int Memory8 =(EhSvc+0xBE480);//Hs-Addy-Jump
int Memory9 = (EhSvc+0xBEC90);//Hs-Addy-Jump
int Memory10 =(EhSvc+0xB9E54);//Hs-Addy-Jump
int Memory11 =(EhSvc+0xB9E48);//Hs-Addy-Jump
int Memory12 =(EhSvc+0xB9E38);//Hs-Addy-Jump
int Memory13 =(EhSvc+0xB9E04);//Hs-Addy-Jump
int Memory14 =(EhSvc+0xB9DD0);//Hs-Addy-Jump
int Memory15 =(EhSvc+0xBEC74);//Hs-Addy-Jump
int Memory16 =(EhSvc+0xB9DC8);//Hs-Addy-Jump
int Memory17 =(EhSvc+0xB9E84);//Hs-Addy-Jump
int Memory18 =(EhSvc+0xB9858);//Hs-Addy-Jump
int Memory19 =(EhSvc+0xB9888);//Hs-Addy-Jump
int Memory20 =(EhSvc+0xB98B8);//Hs-Addy-Jump
int Memory21 =(EhSvc+0xB98E8);//Hs-Addy-Jump
int Memory22 =(EhSvc+0xB1674);//Hs-Addy-Jump
int Memory23 =(EhSvc+0xB1724);//Hs-Addy-Jump
int Memory24 =(EhSvc+0xB9C54);//Hs-Addy-Jump
int Memory25 =(EhSvc+0xB16F8);//Hs-Addy-Jump
int Memory26 =(EhSvc+0xB16CC);//Hs-Addy-Jump
int Memory27 =(EhSvc+0xB16A0);//Hs-Addy-Jump
int Memory28 =(EhSvc+0xB1794);//Hs-Addy-Jump
int EhY = (EhSvc+EhPtr-0x20);//Constant
int Eh0 = (EhSvc+EhPtr-0x44);//Constant
int EhX = (EhSvc+EhPtr-0x40);//Constant

VirtualProtect((void*)(Memory1),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory1) = 4; 
VirtualProtect((void*)(Memory2),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory2) = 4; 
VirtualProtect((void*)(Memory3),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory3) = 4; 
VirtualProtect((void*)(Memory4),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory4) = 4; 
VirtualProtect((void*)(Memory5),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory5) = 4; 
VirtualProtect((void*)(Memory6),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory6) = 4; 
VirtualProtect((void*)(Memory7),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory7) = 4; 
VirtualProtect((void*)(Memory8),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory8) = 4;
VirtualProtect((void*)(Memory9),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory9) = 4; 
VirtualProtect((void*)(Memory10),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory10) = 4; 
VirtualProtect((void*)(Memory11),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory11) = 4; 
VirtualProtect((void*)(Memory12),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory12) = 4; 
VirtualProtect((void*)(Memory13),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory13) = 4; 
VirtualProtect((void*)(Memory14),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory14) = 4; 
VirtualProtect((void*)(Memory15),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory15) = 4; 
VirtualProtect((void*)(Memory16),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory16) = 4;
VirtualProtect((void*)(Memory17),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory17) = 4; 
VirtualProtect((void*)(Memory18),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory18) = 4; 
VirtualProtect((void*)(Memory19),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory19) = 4; 
VirtualProtect((void*)(Memory20),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory20) = 4; 
VirtualProtect((void*)(Memory21),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory21) = 4; 
VirtualProtect((void*)(Memory22),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory22) = 4;
VirtualProtect((void*)(Memory23),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory23) = 4; 
VirtualProtect((void*)(Memory24),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory24) = 4; 
VirtualProtect((void*)(Memory25),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory25) = 4; 
VirtualProtect((void*)(Memory26),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory26) = 4; 
VirtualProtect((void*)(Memory27),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory27) = 4; 
VirtualProtect((void*)(Memory28),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory28) = 4;
VirtualProtect((void*)(Eh0),0x14,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Eh0) = 4; 
VirtualProtect((void*)(EhX),0x14,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(EhX) = 4;
VirtualProtect((void*)(EhY),0x14,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(EhY) = 4;
}

Sleep(5);
}
}
/*-----------------------------------------------------------------Bypass---------------------------------------------------------*/

Alwayz remember to Thank's

[riceking]

I Loled cuz fyi, thats ******s =D give proper credit, acid burn just leeched it. Never ever give credits to leacher, omnomnomnomnom.

[User1]

in your WHOLE code, you never started a function, nor ended one... -.-X

No code is gona execute unless its in a function.

/Fail

[headsup]

User1 Fyi I will not post this for noob's to just copy and paste.. I figure if you know this you will be able to change.. Duh!!

[Jimmy]

nope u gotta make a video or sumthing dude

[headsup]

Ok to every that don't get it!!!!I am not making a tutorial, I will not post my completed script.Why you ask?? Choob's, Noob's and lechers. You must work with it. Compile (Etc.) I am not posting here anymore, For i have posted to many times here.. I will answer any pm asking for sum help.. Not a completed project.. have fun And don't lech, Shit gets patched faster that way@@@!!!!!!!!!@@@@@ every1

[riceking]

The method was leached so many times overal method will get patched soon

[Bombsaway707]

Hmmm well what was the point of posting a TUT with only half da source code? Also im pretty sure if i looked hard enough i could find the original source

[headsup]

do it up, If you think you can. Pretty hard when i typed this up a couple dayz ago.. Have fun Post with results

[jrp]

Hmm..this seems to make a bit of sense to me..I have only done a bit of C++..and ive worked a bit with olly..so i know a small amount of asm..but unfortunately when i was doing both of those, i was following a rough guide..something to point me in the right direction and actually help me figure out what i was doing..

This is a hacks website, designed and created to distribute knowledge and hacks to anyone and everyone willing to sign up. Please do not force us to feel stupid because we never have the time to learn C++ or how to hack things ourselves.

If you have a working bypass, then please, post it so you can get rid of the majority of the choobs that everybody seems to hate.

[headsup]

lol No but you are close about the choob thing that ius why i aint releasing it fully.. No way it would be patched bye the end of the week!!!!

[debohax]

I have a post Like this one but not the same it has the 64 bit version of this source too.

This source is 5 monthes old and it was made by Sobiet NOT Acid_burn.

And speaking of acid burn I seen him on a few websites usin fake virus scans and passin trojans out to the nubs I even had to write a tutorial on one website to show people how to remove his viruses.

And this isnt a >>>Bypass<<< Its a >>>HOOK<<< That allows you to bypass.

Whats the diffrence?

Bypass simply lets you through a hole in the security. Once used all code is used through that hole.(a bypass is like a exploited glitch)

A hook allows you to control the security's Process changing thier operational status. Sending false process activity to the original process in the security while it turns all defense off allowing any hack to work.

Oh and I didnt copy your dam post. If I did then where did I get the 64 bit version hmm? And next time give proper credit.

[debohax]

LMAO Seriously getting a cramp in my side.. This is SOBIETS HOOK, And it was never VIP . This is what he used for his PUBLICS - And thier website took so much heat from nexon they cant even mention CA on thier forums anymore because nexon made a threat to sue them. Heres the original release of his code since he wasnt aloud to use it anymore and couldnt post it on his forums he put it here.He also Credits -Rajin for helping him with it. Unless your Rajin. Stop with this on goin crap. And nice language btw.

----- This is not advertising its just to prove a point------

Release Hackshiled bypass (Feb-07-09) - ************* - A Development Site for Reverse Engineering

[jrp]

Hold on..think about what you are saying...guaranteed, there is at least 1 nexon employee surfing here already. Now the thing about nexon..is they have more/better coders than what are here. Its gonna take all of 2 minutes for a nexon coder to look at this and patch it, whether you release the whole code or not..

Why dont ya just compile it, encrypt it, and release it..cause if you wont, somebody will..and they will probably take credit for doing so too.

[headsup]

See i don't care because if they do they figured out what i changed and changed it back, Which means i need to talk with them.. And they can't patch this just bye looking at this source code..