Source discussion..

**debohax** · 10-27-2009

Hey coders can you use this to make some nice publics :Wink:

Windows XP___

Code:

#define HS_JMP            0x63B31D
#define HS_JMP2            0x63B323

typedef int            (__cdecl *HS_GetProcAddress_t)( int hModule, int a2 );
typedef int            (__stdcall *HackshieldComm_t )( int, void*, void* );
typedef signed int    (__stdcall *KickProc_t)( int a1, int a2, int a3 );

HS_GetProcAddress_t                pHS_GetProcAddress        = NULL;
HackshieldComm_t                pHackshieldComm            = NULL;
KickProc_t                        pKickProc                = NULL;

signed int __stdcall new_KickProc( int a1, int a2, int a3 )
{
    return 1;
}

int __stdcall new_HackshieldComm( int hsCommCode, void *Param1, void *Param2 )
{
    if( hsCommCode == 4 || hsCommCode == 5 || hsCommCode == 13 ) //kill!
    {
        if( hsCommCode == 4 ) //replace kick proc
        {
            DWORD *dwParam1 = (DWORD *)Param1;

            pKickProc    = (KickProc_t)*dwParam1;
            *dwParam1    = (DWORD)new_KickProc;
        }

        int iReturn = pHackshieldComm( hsCommCode, Param1, Param2 );

        return 1;
    }

    int iReturn = pHackshieldComm( hsCommCode, Param1, Param2 );

    return iReturn;
}

void HookCommunication( EXCEPTION_POINTERS* pExceptionInfo )
{
    DWORD dwEbp        = pExceptionInfo->ContextRecord->Ebp;
    DWORD dwParam2    = 0;

    __asm
    {
        push eax;
        push edx;
        mov eax, dwEbp;
        mov edx, [eax+0xC];
        mov dwParam2, edx;
        pop edx;
        pop eax;
    }

    if( dwParam2 == 0xA ) //this is the ordinal of some export...hmm..
    {
        pHackshieldComm                        = (HackshieldComm_t)pExceptionInfo->ContextRecord->Eax;
        pExceptionInfo->ContextRecord->Eax    = (DWORD)new_HackshieldComm;
    }

    pExceptionInfo->ContextRecord->Eip        = HS_JMP2;

    return;
}

PVOID pContextHandler = NULL;

LONG WINAPI ***ExceptionHandler( EXCEPTION_POINTERS* pExceptionInfo )
{
    if( pExceptionInfo->ExceptionRecord->ExceptionCode != EXCEPTION_SINGLE_STEP )
    {
        return EXCEPTION_CONTINUE_SEARCH;
    }

    if( pExceptionInfo->ExceptionRecord->ExceptionAddress == (PVOID)HS_JMP ) 
    {
        HookCommunication( pExceptionInfo );
        return EXCEPTION_CONTINUE_EXECUTION;
    }

    return EXCEPTION_CONTINUE_SEARCH;
}

void InitContextHook()
{
    pContextHandler = AddVectoredExceptionHandler( 0x50BE17, ***ExceptionHandler );

    CONTEXT Context;
    Contex*****ntextFlags = CONTEXT_DEBUG_REGISTERS;
    GetThreadContext(GetCurrentThread(), &Context);
    Context.Dr0 = HS_JMP;
    Context.Dr7 = (1<<0)|(1<<2)|(1<<4)|(1<<6);
    SetThreadContext(GetCurrentThread(), &Context);

Windows Vista 64_____

Code:

#pragma once
#define WIN32_LEAN_AND_MEAN
#include <windows.h>

#if !defined(_M_IX86) && !defined(_M_X64)
	#error Unsupported platform: build for X86 or X64 only.
#endif

/* Update these offsets.. */
#ifdef _M_IX86
	#define HS_JMP 0x63B31D
	#define HS_JMP2 0x63B323
#elif _M_X64
	#define HS_JMP 0x123456789ABCDEF
	#define HS_JMP2 0xFEDCBA987654321
#endif

typedef int ( *hsGetProcAddress_t )( int Module, int a2 );
typedef int ( WINAPI *HackshieldComm_t )( int, PVOID, PVOID );
typedef signed int ( WINAPI *KickProc_t )( int a1, int a2, int a3 );

hsGetProcAddress_t hsGetProcAddress = 0;
HackshieldComm_t HackshieldComm = 0;
KickProc_t KickProc = 0;

HANDLE vehContextHandler;

WORD WINAPI new_KickProc( int a1, int a2, int a3 )
{
	return( TRUE );
}

int WINAPI new_HackshieldComm( int hsCommCode, PVOID a2, PVOID a3 )
{
	/* Kill message */
	if( hsCommCode == 4 || hsCommCode == 5 || hsCommCode == 13 )
	{
		/* Replace the kick procedure */
		if( hsCommCode == 4 )
		{
			KickProc = ( KickProc_t ) *( ( DWORD_PTR * ) a2 );
			*( ( DWORD_PTR * ) a2 ) = ( DWORD_PTR ) new_KickProc;
		}

		HackshieldComm( hsCommCode, a2, a3 );
		return( TRUE );
	}

	return( HackshieldComm( hsCommCode, a2, a3 ) );
}

void HookCommunication( EXCEPTION_POINTERS* ExceptionInfo )
{
	DWORD Param2;
	#ifdef _M_IX86
		Param2 = *( ( DWORD_PTR * ) ExceptionInfo->ContextRecord->Ebp + 12 );
	#elif _M_X64
		Param2 = *( ( DWORD_PTR * ) ExceptionInfo->ContextRecord->Rbp + 24 );
	#endif

	/* This is the ordinal of a specific export.. */
	if( Param2 == 0xA )
	{
		#ifdef _M_IX86
			HackshieldComm = ( HackshieldComm_t ) ExceptionInfo->ContextRecord->Eax;
			ExceptionInfo->ContextRecord->Eax = ( DWORD_PTR ) new_HackshieldComm;
		#elif _M_X64
			HackshieldComm = ( HackshieldComm_t ) ExceptionInfo->ContextRecord->Rax;
			ExceptionInfo->ContextRecord->Rax = ( DWORD_PTR ) new_HackshieldComm;
		#endif
	}

	#ifdef _M_IX86
		ExceptionInfo->ContextRecord->Eip = HS_JMP2;
	#elif _M_X64
		ExceptionInfo->ContextRecord->Rip = HS_JMP2;
	#endif
}

LONG WINAPI ***ExceptionHandler( EXCEPTION_POINTERS* ExceptionInfo )
{
	if( ExceptionInfo->ExceptionRecord->ExceptionCode != EXCEPTION_SINGLE_STEP )
	{
		return( EXCEPTION_CONTINUE_SEARCH );
	}

	if( ExceptionInfo->ExceptionRecord->ExceptionAddress == ( PVOID ) HS_JMP ) 
	{
		HookCommunication( ExceptionInfo );
		return( EXCEPTION_CONTINUE_EXECUTION );
	}

	return( EXCEPTION_CONTINUE_SEARCH );
}

void InitContextHook( )
{
	CONTEXT ctx;

	vehContextHandler = AddVectoredExceptionHandler( 0x50BE17, ***ExceptionHandler );

	ct*****ntextFlags = CONTEXT_DEBUG_REGISTERS;
	GetThreadContext( GetCurrentThread( ), &ctx );

	ctx.Dr0 = HS_JMP;
	ctx.Dr7 = 0x55;

	SetThreadContext( GetCurrentThread( ), &ctx );

Well???

Credits to: sobiets btw

**juanrineytor** · 10-27-2009

There's a source code section now... You should ask in there, but first, Where did you get the code? and for what is it? Bypass, aimbot? what?!

**debohax** · 10-27-2009

Originally Posted by juanrineytor

There's a source code section now... You should ask in there, but first, Where did you get the code? and for what is it? Bypass, aimbot? what?!

Its a Hook and bypass for hackshield (to use any hack). Just needs the detected strings edited out. Takes about a day for a coder to do.

And I said credit to- sobiet

**JIGS4W** · 10-27-2009

I appreciate the idea but next time don't do it here plox

**debohax** · 10-27-2009

well If it is in the wrong section could a mod/admin move pls I apoligize I dont wanna double post tho.

**headsup** · 10-27-2009

Guys look .,,,, He just copied my thread in here and made a new thread and posted my shit!! wtf Ban him or sumthing???????????????

**why06** · 10-27-2009

Hmmm... I was wondering if anyone noticed that... except he included the one for Vista too. And since it is ******'s bypass I wouldn't get to worked up =/...

**debohax** · 10-27-2009

Originally Posted by headsup

Guys look .,,,, He just copied my thread in here and made a new thread and posted my shit!! wtf Ban him or sumthing???????????????

Ok first off I didnt copy nothin I didnt even know yall had a source section in this forum thats why they had to move it here I posted this in the hacks section. So get off my nutz..

And your thread didnt have a copy of this re wrote in 64 bit I just read it. I wasnt copying your post period. Also you didnt give proper credits for the source in your post This was writen by sobiet

He was the head coder for one of the unspeakable forums. I figured I would post this to see if a coder could edit out the detected strings and make it work again this is 5 month old source but it has the basic constuction of what we need.

Thats all I didnt know you already posted the xp version or I wouldnt have added it here.

Well anyways thats all I have to say about that any coders gonna give this a try or what?

**[MPGH]Liz** · 10-27-2009

fuck ******

Thread: Source discussion..

Thread Tools

Display

Source discussion..

Similar Threads

CS Source Clan/Server

Signature of the Week #3 Discussion

Signature of the Week #2 Discussion

Counter Strike: Source

Tags for this Thread