General
ernaernayue (10-05-2011)
Thread: Bypass the limitations of
Results 1 to 3 of 3
-
03-10-2011 #1New Member
- Join Date
- Mar 2011
- Gender
- Posts
- 5
- Reputation
10- Thanks
- 3
- My Mood
-
★ Bypass help me ★
Bypass the limitations of
Somebody help me.
After five minutes will be detected.
S.u.d.d.e.n.a.t.t.a.c.k
-- Detected sources --
-- Please write me as someone replies. --
switch(iPatchType)
{
case DETOUR_TYPE_JMP:
pPatchBuf[0] = '\xB1';
*(DWORD*)&pPatchBuf[1] = (DWORD)(det - orig) - 5;
break;
case DETOUR_TYPE_PUSH_RET:
pPatchBuf[0] = '\x68';
*(DWORD*)&pPatchBuf[1] = (DWORD)det;
pPatchBuf[5] = '\xC3';
break;
case DETOUR_TYPE_NOP_JMP:
pPatchBuf[0] = '\x90';
pPatchBuf[1] = '\xB1';
*(DWORD*)&pPatchBuf[2] = (DWORD)(det - orig) - 6;
break;
case DETOUR_TYPE_NOP_NOP_JMP:
pPatchBuf[0] = '\x90';
pPatchBuf[1] = '\x90';
pPatchBuf[2] = '\xB1';
*(DWORD*)&pPatchBuf[3] = (DWORD)(det - orig) - 7;
break;
case DETOUR_TYPE_STC_JC:
pPatchBuf[0] = '\xF9';
pPatchBuf[1] = '\x0F';
pPatchBuf[2] = '\x82';
*(DWORD*)&pPatchBuf[3] = (DWORD)(det - orig) - 7;
break;
case DETOUR_TYPE_CLC_JNC:
pPatchBuf[0] = '\xF8';
pPatchBuf[1] = '\x0F';
pPatchBuf[2] = '\x83';
*(DWORD*)&pPatchBuf[3] = (DWORD)(det - orig) - 7;
break;
case DETOUR_TYPE_OBS_ADD:
pPatchBuf[0] = '\xB8'; //mov eax
*(DWORD*)&pPatchBuf[1] = iTmpRnd;
pPatchBuf[5] = '\x05'; //add eax
*(int*)&pPatchBuf[6] = (DWORD)det - iTmpRnd;
pPatchBuf[10] = '\xFF'; //jmp eax
pPatchBuf[11] = '\xE0';
break;
case DETOUR_TYPE_OBS_XOR:
pPatchBuf[0] = '\x33'; //xor eax, eax
pPatchBuf[1] = '\xC0';
pPatchBuf[2] = '\x2D'; //sub eax
*(int*)&pPatchBuf[3] = (int)iTmpRnd;
pPatchBuf[7] = '\x35'; //xor eax
*(DWORD*)&pPatchBuf[8] = (DWORD)det ^ (-iTmpRnd);
pPatchBuf[12] = '\xFF'; //jmp eax
pPatchBuf[13] = '\xE0';
break;
case DETOUR_TYPE_OBS_STACKADD:
pPatchBuf[0] = '\x68'; //push
*(DWORD*)&pPatchBuf[1] = (DWORD)iTmpRnd;
pPatchBuf[5] = '\x81'; //xor dword ptr [esp]
pPatchBuf[6] = '\x34';
pPatchBuf[7] = '\x24';
*(DWORD*)&pPatchBuf[8] = (DWORD)det ^ iTmpRnd;
pPatchBuf[12] = '\xC3'; //ret
break;
case DETOUR_TYPE_HACKSHIELD:
pPatchBuf[0] = 0x50; //push eax
pPatchBuf[1] = 0x58; //pop eax
pPatchBuf[2] = 0xE9;
*(DWORD*)&pPatchBuf[3] = (DWORD)(det - orig) - 7;
break;
case DETOUR_TYPE_OBS_ROR:
while(!(bTmpRnd % 32))
bTmpRnd = (BYTE)rand();
__asm{
pushad
mov cl, bTmpRnd
mov eax, det
rol eax, cl
mov dword ptr det, eax
popad
}
pPatchBuf[0] = '\x51'; //push ecx
pPatchBuf[1] = '\xB1'; //mov cl,
pPatchBuf[2] = bTmpRnd;
pPatchBuf[3] = '\xB8'; //mov eax
*(DWORD*)&pPatchBuf[4] = (DWORD)det;
pPatchBuf[8] = '\xD3'; //ror eax, cl
pPatchBuf[9] = '\xC8';
pPatchBuf[10] = '\x59'; //pop ecx
pPatchBuf[11] = '\xFF'; //jmp eax
pPatchBuf[12] = '\xE0';
break;
case DETOUR_TYPE_OBS_ADDNOT:
pPatchBuf[0] = '\xB8'; //mov eax
*(DWORD*)&pPatchBuf[1] = iTmpRnd;
pPatchBuf[5] = '\x05'; //add eax
*(int*)&pPatchBuf[6] = (~(DWORD)det) - iTmpRnd;
pPatchBuf[10] = '\xF7'; //not eax
pPatchBuf[11] = '\xD0';
pPatchBuf[12] = '\xFF'; //jmp eax
pPatchBuf[13] = '\xE0'; // 이 부분 테두리 검은색
break;
default:
return false;
}
// Write the detour
for(i=0; i<len; i++)
orig[i] = pPatchBuf[i];
// Put the old page protection flags back
VirtualProtect( mbi.BaseAddress, mbi.RegionSize, mbi.Protect, &mbi.Protect );
FlushInstructionCache( GetCurrentProcess( ), orig, len );
return true;
[html]<img src="https://www.mpgh.net/forum/attachments/187-sudden-attack-hacks/48013d1299753820-bypass-limitations-2011-03-10-17-51-54.bmp"></a> [/html]Last edited by DESIGNBABY; 03-10-2011 at 03:54 AM.
-
The Following User Says Thank You to DESIGNBABY For This Useful Post:
-
03-11-2011 #2Leecher
- Join Date
- Mar 2011
- Gender
- Posts
- 9
- Reputation
- 10
- Thanks
- 0
where do I put this ? :s
Originally Posted by DESIGNBABY
Bypass the limitations of
Somebody help me.
After five minutes will be detected.
S.u.d.d.e.n.a.t.t.a.c.k
-- Detected sources --
-- Please write me as someone replies. --
switch(iPatchType)
{
case DETOUR_TYPE_JMP:
pPatchBuf[0] = '\xB1';
*(DWORD*)&pPatchBuf[1] = (DWORD)(det - orig) - 5;
break;
case DETOUR_TYPE_PUSH_RET:
pPatchBuf[0] = '\x68';
*(DWORD*)&pPatchBuf[1] = (DWORD)det;
pPatchBuf[5] = '\xC3';
break;
case DETOUR_TYPE_NOP_JMP:
pPatchBuf[0] = '\x90';
pPatchBuf[1] = '\xB1';
*(DWORD*)&pPatchBuf[2] = (DWORD)(det - orig) - 6;
break;
case DETOUR_TYPE_NOP_NOP_JMP:
pPatchBuf[0] = '\x90';
pPatchBuf[1] = '\x90';
pPatchBuf[2] = '\xB1';
*(DWORD*)&pPatchBuf[3] = (DWORD)(det - orig) - 7;
break;
case DETOUR_TYPE_STC_JC:
pPatchBuf[0] = '\xF9';
pPatchBuf[1] = '\x0F';
pPatchBuf[2] = '\x82';
*(DWORD*)&pPatchBuf[3] = (DWORD)(det - orig) - 7;
break;
case DETOUR_TYPE_CLC_JNC:
pPatchBuf[0] = '\xF8';
pPatchBuf[1] = '\x0F';
pPatchBuf[2] = '\x83';
*(DWORD*)&pPatchBuf[3] = (DWORD)(det - orig) - 7;
break;
case DETOUR_TYPE_OBS_ADD:
pPatchBuf[0] = '\xB8'; //mov eax
*(DWORD*)&pPatchBuf[1] = iTmpRnd;
pPatchBuf[5] = '\x05'; //add eax
*(int*)&pPatchBuf[6] = (DWORD)det - iTmpRnd;
pPatchBuf[10] = '\xFF'; //jmp eax
pPatchBuf[11] = '\xE0';
break;
case DETOUR_TYPE_OBS_XOR:
pPatchBuf[0] = '\x33'; //xor eax, eax
pPatchBuf[1] = '\xC0';
pPatchBuf[2] = '\x2D'; //sub eax
*(int*)&pPatchBuf[3] = (int)iTmpRnd;
pPatchBuf[7] = '\x35'; //xor eax
*(DWORD*)&pPatchBuf[8] = (DWORD)det ^ (-iTmpRnd);
pPatchBuf[12] = '\xFF'; //jmp eax
pPatchBuf[13] = '\xE0';
break;
case DETOUR_TYPE_OBS_STACKADD:
pPatchBuf[0] = '\x68'; //push
*(DWORD*)&pPatchBuf[1] = (DWORD)iTmpRnd;
pPatchBuf[5] = '\x81'; //xor dword ptr [esp]
pPatchBuf[6] = '\x34';
pPatchBuf[7] = '\x24';
*(DWORD*)&pPatchBuf[8] = (DWORD)det ^ iTmpRnd;
pPatchBuf[12] = '\xC3'; //ret
break;
case DETOUR_TYPE_HACKSHIELD:
pPatchBuf[0] = 0x50; //push eax
pPatchBuf[1] = 0x58; //pop eax
pPatchBuf[2] = 0xE9;
*(DWORD*)&pPatchBuf[3] = (DWORD)(det - orig) - 7;
break;
case DETOUR_TYPE_OBS_ROR:
while(!(bTmpRnd % 32))
bTmpRnd = (BYTE)rand();
__asm{
pushad
mov cl, bTmpRnd
mov eax, det
rol eax, cl
mov dword ptr det, eax
popad
}
pPatchBuf[0] = '\x51'; //push ecx
pPatchBuf[1] = '\xB1'; //mov cl,
pPatchBuf[2] = bTmpRnd;
pPatchBuf[3] = '\xB8'; //mov eax
*(DWORD*)&pPatchBuf[4] = (DWORD)det;
pPatchBuf[8] = '\xD3'; //ror eax, cl
pPatchBuf[9] = '\xC8';
pPatchBuf[10] = '\x59'; //pop ecx
pPatchBuf[11] = '\xFF'; //jmp eax
pPatchBuf[12] = '\xE0';
break;
case DETOUR_TYPE_OBS_ADDNOT:
pPatchBuf[0] = '\xB8'; //mov eax
*(DWORD*)&pPatchBuf[1] = iTmpRnd;
pPatchBuf[5] = '\x05'; //add eax
*(int*)&pPatchBuf[6] = (~(DWORD)det) - iTmpRnd;
pPatchBuf[10] = '\xF7'; //not eax
pPatchBuf[11] = '\xD0';
pPatchBuf[12] = '\xFF'; //jmp eax
pPatchBuf[13] = '\xE0'; // 이 부분 테두리 검은색
break;
default:
return false;
}
// Write the detour
for(i=0; i<len; i++)
orig[i] = pPatchBuf[i];
// Put the old page protection flags back
VirtualProtect( mbi.BaseAddress, mbi.RegionSize, mbi.Protect, &mbi.Protect );
FlushInstructionCache( GetCurrentProcess( ), orig, len );
return true;
[html]<img src="https://www.mpgh.net/forum/attachments/187-sudden-attack-hacks/48013d1299753820-bypass-limitations-2011-03-10-17-51-54.bmp"></a> [/html]
-
03-12-2011 #3
ThreadstarterNew Member
- Join Date
- Mar 2011
- Gender
- Posts
- 5
- Reputation
- 10
- Thanks
- 3
- My Mood
-
Thanks for replies.
Sudden Attack is part of the patch. Damachin now part of the patch status, and
Modify the menu background, and select the portion of the border, despite the absence will be detected.
What'll we do?Last edited by DESIGNBABY; 03-12-2011 at 01:46 AM.