Byapass

**demtrios** · 10-20-2012

Code:

HINSTANCE lGetModuleHandle(CHAR *szModule)
{
	HINSTANCE hModule = NULL;
	if(!(hModule = GetModuleHandle(szModule)))
	{
		hModule = LoadLibrary(szModule);
	}
	return hModule;
}

INT Memcpy(VOID *lpMem, VOID *lpSrc, size_t len)
{
	DWORD flNewProtect = PAGE_READWRITE, lpflOldProtect;
	unsigned char *pDst = (unsigned char *)lpMem, *pSrc = (unsigned char *)lpSrc;

	if(VirtualProtect(lpMem, len, flNewProtect, &lpflOldProtect))
	{
		while(len-- > 0) *pDst++ = *pSrc++;
		return 0;
	}

	return 1;
}



#define EhsvcSelfCrC	    0x00799EC 
#define Detection	        0x0009F10 
#define NanoCheck1 		    0x003C4BE 
#define NanoCheck2	        0x00398FF 
#define NanoCheck3		    0x003B976 
#define AsmDetection		0x002BBC1
#define HSAntiCrash		    0x003C52E

DWORD WINAPI Bypass(LPVOID)
{
	DWORD dwHackshield = NULL;
	do
	{
		Sleep(100);
		dwHackshield = (DWORD)GetModuleHandle(STRING_EHSVC);
	} while(!dwHackshield);

	BYTE HSB1[1] = {0x74};
	BYTE HSB2[1] = {0xD2};
	BYTE HSB3[3] = {0xC2, 0x04, 0x00};
	BYTE HSB4[1] = {0x31};
	BYTE HSB5[2] = {0x90, 0x90};

	Memcpy((VOID *)(dwHackshield + NanoCheck2),	        HSB4, 1);
	Memcpy((VOID *)(dwHackshield + Detection),	        HSB3, 3);
	Memcpy((VOID *)(dwHackshield + NanoCheck3),	        HSB4, 1);
	Memcpy((VOID *)(dwHackshield + AsmDetection),	    HSB5, 2);
	Memcpy((VOID *)(dwHackshield + EhsvcSelfCrC),	    HSB3, 3);
	Memcpy((VOID *)(dwHackshield + NanoCheck1 ),	    HSB4, 1);
	Memcpy((VOID *)(dwHackshield + HSAntiCrash ),       HSB4, 1);

	return NULL;
}

Credits

@luizimloko ->Byapass
@demtrios ->adresses

**Intellectual** · 10-20-2012

Originally Posted by demtrios

Code:
HINSTANCE lGetModuleHandle(CHAR *szModule)
{
HINSTANCE hModule = NULL;
if(!(hModule = GetModuleHandle(szModule)))
{
hModule = LoadLibrary(szModule);
}

good job as always ....

**[MPGH]Flengo** · 10-20-2012

This is detected for NA. We're on a higher HS version.

**demtrios** · 10-20-2012

Originally Posted by Flengo

This is detected for NA. We're on a higher HS version.

I tested was running now

**[MPGH]Flengo** · 10-20-2012

Originally Posted by demtrios

I tested was running now

Interesting.

**luizimloko** · 10-20-2012

Originally Posted by demtrios

I tested was running now

try use DIP Hook 82

**Templar** · 10-21-2012

English, Brazilians don't know how to speak...

**arun823** · 10-21-2012

Originally Posted by Element™

English, Brazilians don't know how to speak...

Basically this bypass is old and won't work for DIP Hooks, you will crash after a few minutes or so.

**pDevice** · 10-21-2012

BlackLegend EHSVC Logger ?

**EnergizerBunnyyy** · 10-21-2012

Good job xD

**wraithkilla** · 10-22-2012

lol you dont even need a bypass for any hooks in that game ...

**arun823** · 10-22-2012

Originally Posted by wraithkilla

lol you dont even need a bypass for any hooks in that game ...

If you use DIP hook and texture chams you do, but with DIP hook by itself, you're fine.

**wraithkilla** · 10-22-2012

Originally Posted by arun823

If you use DIP hook and texture chams you do, but with DIP hook by itself, you're fine.

no you dont

i use ms detours v3 and it works fine without any bypass

**[MPGH]Flengo** · 10-22-2012

Originally Posted by wraithkilla

no you dont

i use ms detours v3 and it works fine without any bypass

Where'd you get that shit from?

**demtrios** · 10-22-2012

Originally Posted by Flengo

Where'd you get that shit from?

I have this Detours may also be posting

Thread: Byapass

Thread Tools

Display

Byapass

The Following 2 Users Say Thank You to demtrios For This Useful Post:

The Following User Says Thank You to luizimloko For This Useful Post: