The loading of CShell.dll is blocked via GetModuleHandleA / GetModuleHandleW from outside of an allowed thread.. Easy ways around this (: ( What I mean by this is that they block calls to GetModuleHandleA / GetModuleHandleW from outside of the allowed threads ) XTrap probably placed a ring0 hook on the NT Equivalent or something that the NT Equivalent calls ( Another ring0 function ) so either unhook or trace back or find a way around it (:
---------- Post added at 04:53 PM ---------- Previous post was at 04:52 PM ----------
ring0 I like Glad to see you're getting a hold of it. If you need help don't be afraid to hit me up bro.
Last edited by ~FALLEN~; 04-18-2012 at 07:05 PM.
~FALLEN~ (04-18-2012)
WTF Crossfire no longer loads CShell ? Strange fucking game hahaha it always has before, this means new bases which means less detectable !
Fuck xtrap and z8
Just install a LoadLibraryA hook and get the handle from this.
so why just dont make a function that create thread and use hide module (so it wont be detected)... and actully i create my Dll main function...
BTW i cant test now...
Thats why i love rez hacks ;D
cfrez ftw