CShell WTF ????

[~FALLEN~]

The loading of CShell.dll is blocked via GetModuleHandleA / GetModuleHandleW from outside of an allowed thread.. Easy ways around this (: ( What I mean by this is that they block calls to GetModuleHandleA / GetModuleHandleW from outside of the allowed threads ) XTrap probably placed a ring0 hook on the NT Equivalent or something that the NT Equivalent calls ( Another ring0 function ) so either unhook or trace back or find a way around it (:

---------- Post added at 04:53 PM ---------- Previous post was at 04:52 PM ----------

maybe.. but it wont kill a NtQueryInformationProcess call as everything uses this.. lol
but this function is not for newbies so no one here can use it

ring0 I like Glad to see you're getting a hold of it. If you need help don't be afraid to hit me up bro.

[bandi12]

The loading of CShell.dll is blocked via GetModuleHandleA / GetModuleHandleW from outside of an allowed thread.. Easy ways around this (:

a litel tutorial or source code how to make it work i mean to not get blocked

[~FALLEN~]

a litel tutorial or source code how to make it work i mean to not get blocked

I already gave you a huge hint...

[giniyat101]

The loading of CShell.dll is blocked via GetModuleHandleA / GetModuleHandleW from outside of an allowed thread.. Easy ways around this (:

---------- Post added at 04:53 PM ---------- Previous post was at 04:52 PM ----------



ring0 I like Glad to see you're getting a hold of it. If you need help don't be afraid to hit me up bro.

okay.. thank you

[{Banned}**HACKER**]

WTF Crossfire no longer loads CShell ? Strange fucking game hahaha it always has before, this means new bases which means less detectable !
Fuck xtrap and z8

[~FALLEN~]

WTF Crossfire no longer loads CShell ? Strange fucking game hahaha it always has before, this means new bases which means less detectable !
Fuck xtrap and z8

They still load it... you just don't have access to it from your thread ^_^

[Zacherl]

Just install a LoadLibraryA hook and get the handle from this.

[DaRk]

WTF Crossfire no longer loads CShell ? Strange fucking game hahaha it always has before, this means new bases which means less detectable !
Fuck xtrap and z8

the game would crash if CShell didn't loadd

[~FALLEN~]

Just install a LoadLibraryA hook and get the handle from this.

ehhh ineffective, they could just put a kernel hook and check the return address for foreign ranges... or start scanning for hooks on the function all together

[giniyat101]

ehhh ineffective, they could just put a kernel hook and check the return address for foreign ranges... or start scanning for hooks on the function all together

i have an idea!
lets stop xtrap driver service!

look at this :
The XDva397 service was successfully sent a start control

haha kidding dont even try

[~FALLEN~]

i have an idea!
lets stop xtrap driver service!

look at this :
The XDva397 service was successfully sent a start control

haha kidding dont even try

Killing XTrap is much easier than that... You would need to emulate the server heartbeat. ( If any )

[kmanev073]

so why just dont make a function that create thread and use hide module (so it wont be detected)... and actully i create my Dll main function...


BTW i cant test now...

[giniyat101]

so why just dont make a function that create thread and use hide module (so it wont be detected)... and actully i create my Dll main function...


BTW i cant test now...

because it will remain detected

[desertflame]

Thats why i love rez hacks ;D
cfrez ftw

[kmanev073]

because it will remain detected

i will use hide module