[HELP]Bypassing PunkBuster

[*Marneus901*]

Hey; its been a couple months sense I had last logged on here.
Just wondering how we bypass WarRock for memory editing now. I was working on a bypass awhile ago, but then I got a new full-time job, and forget everything that I worked on.

If someone could just post if its public; or if private, then contact me privately. It would help alot.

Thanks
-Marneus901

[IIDracula]

you can find it just look at the topics !

[*Marneus901*]

you can find it just look at the topics !

Dont talk to me that way, provide a link if you think theres one about it that actually works.
I fucking checked over 10 pages asshole >_>

[juppeli]

a) Scan Redirection
b) "Turn off hack before scanning" which is idiotic
c) Patch md5 in strings before output encryption
d) Handle all data sent through sendto
e) Handle all data sent through _vsnprintf
f) Do VEH/SEH on data when it gets scanned and return X, Y, or Z for data
g) Redirect function calls of the game itself
h) Forge the entire client, and handle everything (Global PB hack really)

Scan1: Base + 0x40276
Scan2: Base + 0x21C1

Something you should try out, credits to uNrEaL. I think I may also try this, I'll contact you if I get anything ready

E: Yeah, and I think for a start I'm gonna try it with patching those pbcl calls. It seems easy enough

Code:

void __declspec( naked ) new_pbMemScan ( int a1 ,int a2 )
{
    _asm
    {
        MOV dwSaved, EAX        // Preserve EAX
        POP EAX                    // POP EAX, now EAX contains the return address
        MOV dwReturn, EAX        // Sets dwReturn to hold the return address
        CALL ReStore            // Restore Hacks
        MOV EAX, dwSaved        // Restores EAX to the origional value before we popped it
        JMP dwReturn            // We jump back to the address which we saved earlier
    }
}

Something what you should look at, still not working properly
credits to *** cobra

And no, there is no topics at MPGH about bypassing after you left

You got Xfire?

[olie122333]

you can find it just look at the topics !

no there isn't. this is private knowledge.



hey add me on MSN:
olie122333@dutchonline****************

or xfire:
olie122333

I will teach you (AND ONLY YOU) how to bypass.

NO ONE ELSE CONTACT ME THROUGH THIS OR THE PM SYSTEM ASKING TO KNOW HOW, OR I WILL REPORT YOU FOR HURASSMENT!

[*Marneus901*]

Something you should try out, credits to uNrEaL. I think I may also try this, I'll contact you if I get anything ready

E: Yeah, and I think for a start I'm gonna try it with patching those pbcl calls. It seems easy enough

Code:

void __declspec( naked ) new_pbMemScan ( int a1 ,int a2 )
{
    _asm
    {
        MOV dwSaved, EAX        // Preserve EAX
        POP EAX                    // POP EAX, now EAX contains the return address
        MOV dwReturn, EAX        // Sets dwReturn to hold the return address
        CALL ReStore            // Restore Hacks
        MOV EAX, dwSaved        // Restores EAX to the origional value before we popped it
        JMP dwReturn            // We jump back to the address which we saved earlier
    }
}

Something what you should look at, still not working properly
credits to *** cobra

And no, there is no topics at MPGH about bypassing after you left

You got Xfire?

Yea i got XFire - marneus901
But dont you still have my MSN? I jsut forget whos who in over 1,000 contacts adding me >_<
And yea, figured nothing popped up T.T

When i left, i remember leaving with knowing that there were 2 PBCheck functions, one was the original one, and another that also checked that one...
Ive been working on antihack security for LegendGamers Gunz, and an XTRAP Bypass for iGunz (SO DAM CLOSE TOO!). I am almost able to login, but a weird window popsup ;p

@ oli122333, i added you via both xfire and MSN.

[juppeli]

Yea i got XFire - marneus901
But dont you still have my MSN? I jsut forget whos who in over 1,000 contacts adding me >_<
And yea, figured nothing popped up T.T

When i left, i remember leaving with knowing that there were 2 PBCheck functions, one was the original one, and another that also checked that one...
Ive been working on antihack security for LegendGamers Gunz, and an XTRAP Bypass for iGunz (SO DAM CLOSE TOO!). I am almost able to login, but a weird window popsup ;p

@ oli122333, i added you via both xfire and MSN.

Yeah I do but I prefer Xfire over MSN (I added yo btw). Yep there was at least 2 functions, and punkbuster updated and PB_P method won't work anymore. With this call technique, as I understood it, there is no need to patch the check that checks the check. But lets continue in private so those punkbuster fagots won't find out

[Gordon`]

KEEP IT SECRET!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
omfg, every who can use a disassembler can bypass pb

[olie122333]

Yea i got XFire - marneus901
But dont you still have my MSN? I jsut forget whos who in over 1,000 contacts adding me >_<
And yea, figured nothing popped up T.T

When i left, i remember leaving with knowing that there were 2 PBCheck functions, one was the original one, and another that also checked that one...
Ive been working on antihack security for LegendGamers Gunz, and an XTRAP Bypass for iGunz (SO DAM CLOSE TOO!). I am almost able to login, but a weird window popsup ;p

@ oli122333, i added you via both xfire and MSN.

Yeh, accepted.

My way to bypass PB is not with 2 functions though, we have to NOP 5 addies.
Hope you don't mind ?


AND FUCKING NUBS, I TOLD YOU NOT TO ADD ME UNLESS YOUR NAME IS *Marneus901*, SO STOP ADDING ME!!!

[*Marneus901*]

KEEP IT SECRET!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
omfg, every who can use a disassembler can bypass pb

Gordon, stfu. You cant even use my GetByte function correctly, so how can you use OllyDBG correctly? >_>

@Olie
And NOP? That just sounds so simple. Ide like to see how, then try another way... NOP is so old to me LOL =P
But yea, pulling an all nighter tonight, gf's coming over tommorrow night, so ill be on for a couple hours to catch ya.

[juppeli]

Gordon, stfu. You cant even use my GetByte function correctly, so how can you use OllyDBG correctly? >_>

@Olie
And NOP? That just sounds so simple. Ide like to see how, then try another way... NOP is so old to me LOL =P
But yea, pulling an all nighter tonight, gf's coming over tommorrow night, so ill be on for a couple hours to catch ya.

He could nop scan function calls, I just don't know is punkbuster stupid enough for that

[Gordon`]

Gordon, stfu. You cant even use my GetByte function correctly, so how can you use OllyDBG correctly? >_>

@Olie
And NOP? That just sounds so simple. Ide like to see how, then try another way... NOP is so old to me LOL =P
But yea, pulling an all nighter tonight, gf's coming over tommorrow night, so ill be on for a couple hours to catch ya.

why do you say stfu to me? how old are you please?
ive bypassed pb successfully, and you? just phail attempts?

[*Marneus901*]

LOL ive tried bypassing PB once using detours; i go in blindly, and i do make a good hook, just didnt have the correct scan function, well at the time, it was private (meaning no one knew were the new function is). Im 18, got a full-time job. Had to focus on that rather than PB. Its been awhile, dunno how PB evolved. So yea, stfu like i said.

@juppeli
if PB is really that stupid, then ill cut myself. XTRAP is alot harder to bypass then PB if thats all it takes... >_>

[juppeli]

LOL ive tried bypassing PB once using detours; i go in blindly, and i do make a good hook, just didnt have the correct scan function, well at the time, it was private (meaning no one knew were the new function is). Im 18, got a full-time job. Had to focus on that rather than PB. Its been awhile, dunno how PB evolved. So yea, stfu like i said.

@juppeli
if PB is really that stupid, then ill cut myself. XTRAP is alot harder to bypass then PB if thats all it takes... >_>

Don't forget your gf (which requires a lot of your free time). Come to X-fire so we could smack pb together?

[Gordon`]

im using 1 jmp detour to bypass pb. also im using the string patch methode. the problem is you have to find the function where the full string is stored. hook it and patch the strings

took about 2(?) hours