hack shield bypass

monster trashed my last post with spam while I was trying to collect information on the hack shield. As far as I can tell one of the main ways the hack shield works is by looking at the processes running on the computer so I have an idea of running the hacks from another computer via a local connection that way when the hack shield looks for the programs or processes it will find nothing but the hacks will still work as long as the computers are connected and turned on.

Ok I have done some research into this and I have found that my initial line of thought although possible is overly complex for the rewards though it would apparently be near impossible to patch however this option seems to have promise

Reflective DLL Injection
Under the Windows platform, library injection techniques both local and remote have been around for many years. Remote library injection as an exploitation technique was introduced in 2004 by Skape and JT. Their technique employs shellcode to patch the host processes ntdll library at run time and forces the native Windows loader to load a Dynamic Link Library (DLL) image from memory. As an alternative to this technique I present Reflective DLL Injection. Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process. As such the library is responsible for loading itself by implementing a minimal Portable Executable (PE) file loader. It can then govern, with minimal interaction with the host system and process, how it will load and interact with the host. Previous work in the security field of building PE file loaders include the bo2k server by DilDog. The main advantage of the library loading itself is that it is not registered in any way with the host system and as a result is largely undetectable at both a system and process level. When employed as an exploitation technique, Reflective DLL Injection requires a minimal amount of shellcode, further reducing its detection footprint against host and network based intrusion detection and prevention systems.

I din't bother to read it all, can you make it shorter and understandable?

lol what is it about anyways ?!

One thing is to ask for improving of text one thing is to being and ass and not being able to read the freaking first line to know what is this about O.o

Yeah, one guy talks serious shit and the morrons came to be smartasses

Ok im going to make this as simple as possible
1. the hack shield mainly works by looking at programs running
2. what I am talking about is making an injector for dll files that doesn’t show up to the hack shield
3. if it works we could use something conceptually similar for things like headshot.exe

In super short the dll files inject themselves so the hack shield can’t see them.

If this pans out our hacks will be unstoppable (evil laugh)

or even better--> code a ring0 hack ring zero hacks looks like a cdrom drive for hackshield so it cant detect a hack only a cdrom drive and thats normal in a pc

I saw something like that a while ago on a different game but it seems that to work properly it needs to be burnt to a disk or it leaves a distinct mark in processes some games have a patch against it so it can be done but I like your idea of covering up the process with a standard operation

Ok I have come up with a very different method here but much simpler to bypass the hack shield.

I am trying to find a way so that if you have a duel core processor you can limit windows to one core then you can run Virtual PC (emulated windows) on the second core. If you also limit engine.exe to the first core it shouldn’t be able to detect any programs started on Virtual PC even if they aren’t limited to one core they won’t show under normal windows processes but they will be able to work with processes on the first core. I should be able to test it very soon if I can find a way to limit windows to one core but until then this is all in theory.

nice and good idea...i have dual core processor. But what do you mean with vitual pc did you mean vmware player? I dont think that you can limit windows to one core

But i have an idea...I heard about Viruses that wont be shown in the taskmanager perhaps hackshield only scan progresses that are in the taskmanager?

Virtual PC is a way of emulating an operating system such as windows allowing you to have two independent operating systems running at once.
As for limiting windows to one core you can turn either core off if you want or limit processes to one of the cores that you choose showing that they can run independently, its just a case of isolating the windows system and confining it to one core but that’s easier said than done, we could limit the windows processes to one core and see if that works or we might have to get new kernel drivers but that would take a long time if it hasn’t already been done.

Ok I have found which processes need to be isolated but the system wont let me its because it wants to stay in control im looking into it further.

System
smss.exe
csrss.exe
winlogon.exe
Services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
explorer.exe
taskmgr.exe

you must not try to isolate System Idle Process or the system will crash

I DON'T UNDERSTAND YOU NERDS!!!!!!!!!!!!!!!!!!!!!!!

I have found all the information and programs I need to begin tests however I am going to be busy for the next few days so I might not get back to you immediately with results, but I will post all relevant information as and when I get the time.

And I hate EVERYONE you need to understand that what we are doing is going to become complicated and that inexperienced users might not understand what we are saying.
When we are done we will make it more user friendly.

Originally Posted by imno1

If you make it happen, I would love you! but not in the creepy way

hack shield bypass

Post a Reply

Similar Threads

Tags for this Thread