Huh...? i don't understand this srry
[Tutorial] - Defeating punkbuster whitelist detection
Hi,
Here is a way of not being detected by the PB whitelist checks.
You have to hook FindFirstFileA and FindNextFileA ( kernel32.dll exports ), and find the size of your pbcl.dll.
Here are the hooked functions:
PHP Code:
// Credits: phrak, Game Deception
typedef BOOL ( WINAPI *FindNextFileA_t )( HANDLE hFindFile, LPWIN32_FIND_DATA lpFindFileData );
typedef HMODULE ( WINAPI *FindFirstFileA_t )( LPCTSTR lpFileName, LPWIN32_FIND_DATA lpFindFileData );
FindFirstFileA_t pFindFirstFileA = 0;
FindNextFileA_t pFindNextFileA = 0;
char *g_pszFileName = "Whatever"; // replace it by your file name
DWORD g_dwPbclBase; // = ( DWORD )GetModuleHandle( "pbcl.dll" );
DWORD g_dwPbclSize = 0x84000; // replace it by the correct pbcl.dll size
extern "C" void *_ReturnAddress( void );
//================================================== ======================
HANDLE WINAPI _FindFirstFileA( LPCTSTR lpFileName, LPWIN32_FIND_DATA lpFindFileData )
{
DWORD dwReturnAddress = PtrToUlong( _ReturnAddress( ) );
int iLoop = 1;
HANDLE hReturn = pFindFirstFileA( lpFileName, lpFindFileData );
if( dwReturnAddress >= g_dwPbclBase && dwReturnAddress <= ( g_dwPbclBase+g_dwPbclSize ) )
{
while( iLoop && !_strnicmp( lpFindFileData->cFileName, g_pszFileName, strlen( g_pszFileName ) ) )
iLoop = pFindNextFileA( hReturn, lpFindFileData );
if( !iLoop )
hReturn = INVALID_HANDLE_VALUE;
}
return hReturn;
}
//================================================== ======================
BOOL WINAPI _FindNextFileA( HANDLE hFindFile, LPWIN32_FIND_DATA lpFindFileData )
{
DWORD dwReturnAddress = PtrToUlong( _ReturnAddress( ) );
BOOL bReturn = FindNextFileACall( hFindFile, lpFindFileData );
if( dwReturnAddress >= g_dwPbclBase && dwReturnAddress <= ( g_dwPbclBase+g_dwPbclSize ) )
{
do
{
bReturn = FindNextFileACall( hFindFile, lpFindFileData );
} while( !_strnicmp( lpFindFileData->cFileName, g_pszFileName, strlen( g_pszFileName ) ) && bReturn );
if( !bReturn )
memset( lpFindFileData, 0, sizeof( LPWIN32_FIND_DATA ) );
}
return bReturn;
}
now your custom file shouldn't been detected anymore by PB whitelist checks, this code is 100% working for up to date FarCry 1.4 punkbuster client
Regards.
__________________