Results 1 to 2 of 2
  1. 06-26-2007 #1
    llvengancell
    llvengancell is offline
    Banned
    BANNED!
    llvengancell's Avatar
    Join Date
    May 2007
    Posts
    390
    Reputation
    12
    Thanks
    5
    Send a message via Birdie™ to llvengancell

    Lightbulb bypass punkbuster whitelist tut 3

    [Tutorial] - Defeating punkbuster whitelist detection
    Hi,

    Here is a way of not being detected by the PB whitelist checks.

    You have to hook FindFirstFileA and FindNextFileA ( kernel32.dll exports ), and find the size of your pbcl.dll.

    Here are the hooked functions:
    PHP Code:
    // Credits: phrak, Game Deception

    typedef BOOL ( WINAPI *FindNextFileA_t )( HANDLE hFindFile, LPWIN32_FIND_DATA lpFindFileData );
    typedef HMODULE ( WINAPI *FindFirstFileA_t )( LPCTSTR lpFileName, LPWIN32_FIND_DATA lpFindFileData );

    FindFirstFileA_t pFindFirstFileA = 0;
    FindNextFileA_t pFindNextFileA = 0;

    char *g_pszFileName = "Whatever"; // replace it by your file name

    DWORD g_dwPbclBase; // = ( DWORD )GetModuleHandle( "pbcl.dll" );
    DWORD g_dwPbclSize = 0x84000; // replace it by the correct pbcl.dll size

    extern "C" void *_ReturnAddress( void );

    //================================================== ======================


    HANDLE WINAPI _FindFirstFileA( LPCTSTR lpFileName, LPWIN32_FIND_DATA lpFindFileData )
    {
    DWORD dwReturnAddress = PtrToUlong( _ReturnAddress( ) );

    int iLoop = 1;

    HANDLE hReturn = pFindFirstFileA( lpFileName, lpFindFileData );

    if( dwReturnAddress >= g_dwPbclBase && dwReturnAddress <= ( g_dwPbclBase+g_dwPbclSize ) )
    {
    while( iLoop && !_strnicmp( lpFindFileData->cFileName, g_pszFileName, strlen( g_pszFileName ) ) )
    iLoop = pFindNextFileA( hReturn, lpFindFileData );

    if( !iLoop )
    hReturn = INVALID_HANDLE_VALUE;
    }

    return hReturn;
    }

    //================================================== ======================

    BOOL WINAPI _FindNextFileA( HANDLE hFindFile, LPWIN32_FIND_DATA lpFindFileData )
    {
    DWORD dwReturnAddress = PtrToUlong( _ReturnAddress( ) );

    BOOL bReturn = FindNextFileACall( hFindFile, lpFindFileData );

    if( dwReturnAddress >= g_dwPbclBase && dwReturnAddress <= ( g_dwPbclBase+g_dwPbclSize ) )
    {
    do
    {
    bReturn = FindNextFileACall( hFindFile, lpFindFileData );
    } while( !_strnicmp( lpFindFileData->cFileName, g_pszFileName, strlen( g_pszFileName ) ) && bReturn );

    if( !bReturn )
    memset( lpFindFileData, 0, sizeof( LPWIN32_FIND_DATA ) );
    }

    return bReturn;
    }
    now your custom file shouldn't been detected anymore by PB whitelist checks, this code is 100% working for up to date FarCry 1.4 punkbuster client

    Regards.
    __________________
  2. 06-26-2007 #2
    Design
    Design is offline
    Banned
    BANNED!
    Design's Avatar
    Join Date
    Jun 2007
    Posts
    31
    Reputation
    10
    Thanks
    0
    Send a message via Birdie™ to Design
    Huh...? i don't understand this srry
« Previous Thread | Next Thread »

Similar Threads

  1. bypass punkbuster
    By mopo in forum Assembly
    Replies: 0
    Last Post: 10-02-2007, 04:32 AM
  2. UCE capable of bypassing Punkbuster
    By castaway in forum Game Hacking Tutorials
    Replies: 149
    Last Post: 08-29-2007, 09:55 PM
  3. bypassing punkbuster
    By platinum92 in forum WarRock - International Hacks
    Replies: 12
    Last Post: 08-04-2007, 11:36 PM
  4. bypass or a tut? trade if u want
    By shadowsecret in forum WarRock - International Hacks
    Replies: 6
    Last Post: 04-19-2007, 11:59 PM
  5. Any way to bypass Punkbuster?
    By metal42 in forum WarRock - International Hacks
    Replies: 4
    Last Post: 04-11-2007, 08:51 PM