How To Bypass HS ?

[otocu]

I have a few questions about hackshield.
First:
I have been looking in a dumped ehsvc.dll. I found some interesting things. xD
I saw that a lot of functions jmp to a function with the same structure.

just a random Example(I dont think it is important to bypass this function, but this is just for example) :

[IMG]https://i946.photobucke*****m/albums/ad303/BoerTim/function.png[/IMG]

LOC_1006FEA9 :

[IMG]https://i946.photobucke*****m/albums/ad303/BoerTim/detected.png[/IMG]


My question: Is this sort off hackdetection/ crash where LOC_1006FD3A to jmp's?

If yes it is, we need to prevent it. Then we need to prevent

that:

Code:

___:1006FD32                 jz      short loc_1006FD3A ;

Goes to:

Code:

___:1006FD3A loc_1006FD3A:                           ; CODE XREF: sub_1006FCF4+3Ej
___:1006FD3A                 xor     eax, eax
___:1006FD3C                 jmp     loc_1006FEA9    ;

So (what I think xD) :

1006FD32 Need to jmp to --> 1006FD38

Am I correct (this is just what I came up to with my brains, Im new to ASM and how to work with IDA. lol )
Or must I jmp over the whole function?

If im wrong please try to explain it to me.

My second question:
How can I figure out which bytes I need to use to jump to the Address I want to?
In the example:

1006FD32 (bytes: 74 06) ---> 1006FD38 (bytes: 75 07)


Thanks in advance.

[Rasta]

Nice now just need to make Bypass