Some hackshield stuff.

[Kallisti]

Facepalm?

msg2short

What's so facepalm about me being a nexon spy?

I sent his code to nexon.

I also send every hack to nexon.

by the way, in your sig, you declared int main as a function prototype which dont have bodies /fail

[freedompeace]

idk where u got this and if u made it probs but i smell a revolition in hacking

Do you know what you're talking about?

I'm fairly sure that HS itself will exit the application too. It doesn't have to return a value, it will just close.

HackShield will try to close the game internally, and if that fails, it will attempt to terminate the process. Again, if that fails, it will try to patch some memory within the game to crash it.

[flameswor10]

I'm a nexon spy for them.

Lol.. See me? I'm the spy here 'ya troll..

And looks nice (I can't do anything though )

[J]

Do you know what you're talking about?



HackShield will try to close the game internally, and if that fails, it will attempt to terminate the process. Again, if that fails, it will try to patch some memory within the game to crash it.

Do you know what you are talking about? O_o

[Gordon`]

It's possible the remove all this messages, but it doesn't really help when you want to use CheatEngine again. If hackshield doesn't detected it, themidalicense will!

[freedompeace]

Do you know what you are talking about? O_o

Indeed I do.

[Yepikiyay]

I bet you are the next Gordon'

HA!

[ppl2pass]

HA!

I bet that you will be the next coryster.

[Tekkn0logik]

The plot thickens! (slightly).

I've found the 3 locations where the function I posted about is called. Here they are:

#1:

Code:

___:005204D8                 push    4
___:005204DA                 push    43083DBEh
___:005204DF                 push    offset a56272884ac87c6 ; some random string of numbers
___:005204E4                 push    26AFh
___:005204E9                 push    offset sub_51FF20 ; THIS IS THE ADDRESS OF THE FUNCTION
___:005204EE                 lea     edx, [esp+4D4h]
___:005204F5                 push    edx
___:005204F6                 call    sub_729662

#2 (almost exactly the same):

Code:

___:0052051C                 push    4
___:0052051E                 push    43083DBEh
___:00520523                 push    offset a56272884ac87c6
___:00520528                 push    26AFh
___:0052052D                 push    offset sub_51FF20 ; Address of function
___:00520532                 lea     edx, [esp+4D4h]
___:00520539                 push    edx
___:0052053A                 call    sub_729662

#3 (This is different and is embedded in some hackshield stuff itself):

Code:

___:0052069A loc_52069A:
___:0052069A                 push    offset sub_51FB00
___:0052069F                 push    offset loc_5200C0
___:005206A4                 push    offset sub_51FF20 ; Our function
___:005206A9                 push    3
___:005206AB                 call    sub_729AA1
___:005206B0                 add     esp, 10h ; I stopped adding NOPs after this
___:005206B3                 push    offset aHackshieldInit ; "Hackshield initialized succeessfully" (!!)
___:005206B8                 mov     byte_806B18, 1
___:005206BF                 call    loc_4612B0
___:005206C4                 push    eax
___:005206C5                 call    sub_461060
___:005206CA                 add     esp, 8

So, I've filled in those 3 spots with NOPs and the game is crashing. Bleh. Are packed addresses different from unpacked ones? (sorry if the answer to this question is painfully obvious, it's not to me)

Edit: by the way the only reason I care about this HS stuff is to make my D3D hooks work, a lot of stuff seems to be detected now.