This is a bypass for aIW's new ban mechanism. It includes both binary and source releases (this thread). If you're a nub, change your MAC address, and your IP (there are other threads around for such). If you know what you're doing and just need a binary, extract the archive and run faiw.exe and it will inject the faiw.dll as soon as possible. The source code is pretty self explanatory and is follows:
[php]
#include <windows.h>
#include <tchar.h>
#include <wchar.h>
#include "detours.h"
#pragma comment(lib, "detours.lib")
typedef LONG (WINAPI* RegEnumValueW_Proto)(HKEY, DWORD, LPWSTR, LPDWORD, LPDWORD, LPDWORD, LPBYTE, LPDWORD);
typedef LONG (WINAPI* RegQueryValueExW_Proto)(HKEY, LPCWSTR, LPDWORD, LPDWORD, LPBYTE, LPDWORD);
RegEnumValueW_Proto RegEnumValueW_Pointer;
RegQueryValueExW_Proto RegQueryValueExW_Pointer;
LONG WINAPI RegEnumValueW_Detour(HKEY hKey, DWORD dwIndex, LPWSTR lpValueName, LPDWORD lpcbValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData);
LONG WINAPI RegQueryValueExW_Detour(HKEY hKey, LPCWSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData);
BOOL WINAPI DllMain(_In_ HANDLE _HDllHandle, _In_ DWORD _Reason, _In_opt_ LPVOID _Reserved)
{
DisableThreadLibraryCalls((HMODULE)_HDllHandle);
if (_Reason == DLL_PROCESS_ATTACH)
{
RegEnumValueW_Pointer = (RegEnumValueW_Proto)DetourFunction((PBYTE)GetProc Address(GetModuleHandle(_T("advapi32")), "RegEnumValueW"), (PBYTE)RegEnumValueW_Detour);
RegQueryValueExW_Pointer = (RegQueryValueExW_Proto)DetourFunction((PBYTE)GetP rocAddress(GetModuleHandle(_T("advapi32")), "RegQueryValueExW"), (PBYTE)RegQueryValueExW_Detour);
TCHAR filePath[256];
ExpandEnvironmentStrings(_T("%AppData%\\steam_md2. dat"), filePath, 256);
if (GetFileAttributes(filePath) != 0xFFFFFFFF)
{
DeleteFile(filePath);
MessageBeep(MB_OK);
}
}
else if (_Reason = DLL_PROCESS_DETACH)
{
}
return TRUE;
}
LONG WINAPI RegEnumValueW_Detour(HKEY hKey, DWORD dwIndex, LPWSTR lpValueName, LPDWORD lpcbValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)
{
if (wcscmp(lpValueName, _T("NetworkAddress")) == 0)
{
MessageBeep(MB_OK);
return ERROR_NO_MORE_ITEMS;
}
return RegEnumValueW_Pointer(hKey, dwIndex, lpValueName, lpcbValueName, lpReserved, lpType, lpData, lpcbData);
}
LONG WINAPI RegQueryValueExW_Detour(HKEY hKey, LPCWSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)
{
if (wcscmp(lpValueName, _T("NetworkAddress")) == 0)
{
MessageBeep(MB_OK);
return ERROR_FILE_NOT_FOUND;
}
return RegQueryValueExW_Pointer(hKey, lpValueName, lpReserved, lpType, lpData, lpcbData);
}
[/php]
P.S: If you really want to have fun, change your aIW username to:
to show these ******s that you can't be banned. :)
Oh, and if you're in need of a hack to use, here's my modified Wieter20 public hook without the spam, just run mw2pp.exe and it'll autoinject.
gg,
req0
Links:
FaIW Bypass - Attached (
Virus Scan)
No-Spam Wieter20 Hook - Attached (
Virus Scan)
NOTE: Menu key changed from DELETE to BACKSPACE. My bad, ya'll.
Related aIW.net Cheat Report (Funny ass video within)
@Credits:
Wieter20: For the public hook I nop'd. Pretty good 180 degree aimbot. Pretty easy to figure out how to make it 360 degrees, but left it as an RE exercise for the user.