Page 1 of 2 12 LastLast
Results 1 to 15 of 24
  1. 08-24-2013 #1
    luizimloko
    luizimloko is offline
    Blackhat Hacker
    MPGH Member
    luizimloko's Avatar
    Join Date
    Feb 2011
    Gender
    male
    Location
    fs:[0]
    Posts
    1,879
    Reputation
    136
    Thanks
    10,137
    My Mood
    Yeehaw
    Send a message via Birdie™ to luizimloko Brazil

    DIP Engine 2 Updated

    The function of DIP Engine has changed then some loggers can't find the address of it.
    This hook is already DETECTED by X-TRAP

    Code:
    004C3432  |. 8B9C24 3C02000>|MOV EBX,DWORD PTR SS:[ESP+23C]
004C3439  |> 8B55 08        |MOV EDX,DWORD PTR SS:[EBP+8]
004C343C  |. 2B5424 10      |SUB EDX,DWORD PTR SS:[ESP+10]
004C3440  |. 0FB74D 00      |MOVZX ECX,WORD PTR SS:[EBP]
004C3444  |. 8B35 E8527200  |MOV ESI,DWORD PTR DS:[7252E8]         => Device Game
004C344A  |. B8 ABAAAAAA    |MOV EAX,AAAAAAAB
004C344F  |. F7E2           |MUL EDX
004C3451  |. 0FB745 02      |MOVZX EAX,WORD PTR SS:[EBP+2]
004C3455  |. 8BFA           |MOV EDI,EDX
004C3457  |. D1EF           |SHR EDI,1
004C3459  |. 894424 24      |MOV DWORD PTR SS:[ESP+24],EAX
004C345D  |. 894C24 20      |MOV DWORD PTR SS:[ESP+20],ECX
004C3461  |. E8 DAA00000    |CALL crossfir.004CD540
004C3466  |. 57             |PUSH EDI
004C3467  |. 8BD6           |MOV EDX,ESI
004C3469  |. 8B02           |MOV EAX,DWORD PTR DS:[EDX]
004C346B  |. 8B5424 14      |MOV EDX,DWORD PTR SS:[ESP+14]
004C346F  |. 8B08           |MOV ECX,DWORD PTR DS:[EAX]
004C3471  |. 52             |PUSH EDX
004C3472  |. 8B5424 2C      |MOV EDX,DWORD PTR SS:[ESP+2C]
004C3476  |. 52             |PUSH EDX
004C3477  |. 8B5424 2C      |MOV EDX,DWORD PTR SS:[ESP+2C]
004C347B  |. 52             |PUSH EDX
004C347C  |. 6A 00          |PUSH 0
004C347E  |. 6A 04          |PUSH 4
004C3480  |. 50             |PUSH EAX
004C3481  |. 8B81 48010000  |MOV EAX,DWORD PTR DS:[ECX+148]
004C3487  |. FFD0           |CALL EAX                               => Return
    Code:
    DWORD DIPEngine = 0x4C3480; // Search the address inside of crossfire.exe, this address is for Crossfire[AL]
DWORD retDIPEngine = ( DIPEngine + 0x7 );

__declspec( naked ) HRESULT WINAPI DIPEngineMidfunction( VOID )
{
	static LPDIRECT3DDEVICE9 pDevice;

	__asm
	{
		PUSH EAX
		MOV DWORD PTR DS:[pDevice], EAX
		MOV EAX, DWORD PTR DS:[ECX + 0x148]
		PUSHAD
	}

	pDevice->SetRenderState( D3DRS_ZENABLE, D3DZB_FALSE );
	
	// Others stuffs here ...

	__asm
	{
		POPAD
		JMP DWORD PTR DS:[retDIPEngine]
	}
}
    Screen Shoot Proof:


    Crédits:
    @Shad0w_ => Midfunction mehtod
    @WE11ington => Posted this method +/- 9-10 months ago
    Last edited by luizimloko; 08-24-2013 at 05:59 PM.

  2. The Following 5 Users Say Thank You to luizimloko For This Useful Post:

    6ixth (08-24-2013),dreek1 (08-25-2013),mamo007 (08-24-2013),remzkee0903 (08-24-2013),The Conjurer (08-24-2013)
  3. 08-24-2013 #2
    6ixth
    6ixth is offline
    Banned
    BANNED!
    6ixth's Avatar
    Join Date
    Dec 2012
    Gender
    male
    Posts
    3,033
    Reputation
    661
    Thanks
    19,904
    Send a message via Birdie™ to 6ixth Brazil
    Nice work.
  4. 08-24-2013 #3
    GoldWhite
    GoldWhite is offline
    Member
    MPGH Member
    GoldWhite's Avatar
    Join Date
    Nov 2012
    Gender
    male
    Posts
    136
    Reputation
    10
    Thanks
    46
    Send a message via Birdie™ to GoldWhite Armenia
    How do this hook undetected?
  5. 08-24-2013 #4
    remzkee0903
    remzkee0903 is offline
    Dual-Keyboard Member
    MPGH Member
    remzkee0903's Avatar
    Join Date
    Aug 2009
    Gender
    male
    Location
    Philippines
    Posts
    294
    Reputation
    11
    Thanks
    368
    My Mood
    Angelic
    Send a message via Birdie™ to remzkee0903 Philippines
    @luizimloko Yes, you're right.. the currently logger I'm using in the DIP Engine 2 becomes 0x00000000. Thanks for this update bro.

    by the way.. do you have the DIP Engine 2 pattern for CFPH? Thanks..
    Last edited by remzkee0903; 08-24-2013 at 02:38 PM. Reason: edit
    -SiLent But DeadLy-
  6. 08-24-2013 #5
    luizimloko
    luizimloko is offline
    Threadstarter
    Blackhat Hacker
    MPGH Member
    luizimloko's Avatar
    Join Date
    Feb 2011
    Gender
    male
    Location
    fs:[0]
    Posts
    1,879
    Reputation
    136
    Thanks
    10,137
    My Mood
    Yeehaw
    Send a message via Birdie™ to luizimloko Brazil
    Quote Originally Posted by remzkee0903 View Post
    @luizimloko Yes, you're right.. the currently logger I'm using in the DIP Engine 2 becomes 0x00000000. Thanks for this update bro.

    by the way.. do you have the DIP Engine 2 pattern for CFPH? Thanks..
    I think it is the same ...

  7. The Following User Says Thank You to luizimloko For This Useful Post:

    remzkee0903 (08-24-2013)
  8. 08-24-2013 #6
    mamo007
    mamo007 is offline
    Do Your Best To Be The Best
    MPGH Member
    mamo007's Avatar
    Join Date
    Apr 2012
    Gender
    male
    Location
    Behind You !
    Posts
    1,655
    Reputation
    216
    Thanks
    15,607
    My Mood
    Amazed
    Send a message via Birdie™ to mamo007 Egypt
    Good Job , But i need Endscence or present hook ..
    [Source Code] Present Hooks Win 7/8 .. 8.1/10


    - removed youtube video as it had an outside link

  9. 08-24-2013 #7
    -[I]fLuX
    -[I]fLuX is offline
    Dual-Keyboard Member
    MPGH Member
    -[I]fLuX's Avatar
    Join Date
    Apr 2012
    Gender
    male
    Posts
    342
    Reputation
    112
    Thanks
    3,923
    My Mood
    Bored
    Send a message via Birdie™ to -[I]fLuX Germany
    I think crossfire is scanning now every hooked thing in crossfire.exe or cshell thats why the dip engine is detected by xtrap^^
    •Contributor: June, 29th 2013


    My Sources:
    Injector
    Memory Base
    D3D9 Hook
    Hooked Memory Base



  10. 08-24-2013 #8
    sabatbatu
    sabatbatu is offline
    Member
    MPGH Member
    sabatbatu's Avatar
    Join Date
    Apr 2013
    Gender
    male
    Posts
    147
    Reputation
    10
    Thanks
    6
    My Mood
    Cold
    Send a message via Birdie™ to sabatbatu Indonesia
    nice work

     

    Project Done 20%



  11. 08-24-2013 #9
    XarutoUsoCrack
    XarutoUsoCrack is offline
    Banned
    BANNED!
    XarutoUsoCrack's Avatar
    Join Date
    Apr 2011
    Gender
    male
    Location
    CFAL Honra & Glória Server
    Posts
    1,087
    Reputation
    51
    Thanks
    2,543
    My Mood
    Relaxed
    Send a message via Birdie™ to XarutoUsoCrack Brazil RicardoxGhost starknock
    Quote Originally Posted by luizimloko View Post
    The function of DIP Engine has changed then some loggers can't find the address of it.
    This hook is already DETECTED by X-TRAP

    Code:
    004C3432  |. 8B9C24 3C02000>|MOV EBX,DWORD PTR SS:[ESP+23C]
004C3439  |> 8B55 08        |MOV EDX,DWORD PTR SS:[EBP+8]
004C343C  |. 2B5424 10      |SUB EDX,DWORD PTR SS:[ESP+10]
004C3440  |. 0FB74D 00      |MOVZX ECX,WORD PTR SS:[EBP]
004C3444  |. 8B35 E8527200  |MOV ESI,DWORD PTR DS:[7252E8]         => Device Game
004C344A  |. B8 ABAAAAAA    |MOV EAX,AAAAAAAB
004C344F  |. F7E2           |MUL EDX
004C3451  |. 0FB745 02      |MOVZX EAX,WORD PTR SS:[EBP+2]
004C3455  |. 8BFA           |MOV EDI,EDX
004C3457  |. D1EF           |SHR EDI,1
004C3459  |. 894424 24      |MOV DWORD PTR SS:[ESP+24],EAX
004C345D  |. 894C24 20      |MOV DWORD PTR SS:[ESP+20],ECX
004C3461  |. E8 DAA00000    |CALL crossfir.004CD540
004C3466  |. 57             |PUSH EDI
004C3467  |. 8BD6           |MOV EDX,ESI
004C3469  |. 8B02           |MOV EAX,DWORD PTR DS:[EDX]
004C346B  |. 8B5424 14      |MOV EDX,DWORD PTR SS:[ESP+14]
004C346F  |. 8B08           |MOV ECX,DWORD PTR DS:[EAX]
004C3471  |. 52             |PUSH EDX
004C3472  |. 8B5424 2C      |MOV EDX,DWORD PTR SS:[ESP+2C]
004C3476  |. 52             |PUSH EDX
004C3477  |. 8B5424 2C      |MOV EDX,DWORD PTR SS:[ESP+2C]
004C347B  |. 52             |PUSH EDX
004C347C  |. 6A 00          |PUSH 0
004C347E  |. 6A 04          |PUSH 4
004C3480  |. 50             |PUSH EAX
004C3481  |. 8B81 48010000  |MOV EAX,DWORD PTR DS:[ECX+148]
004C3487  |. FFD0           |CALL EAX                               => Return
    Code:
    DWORD DIPEngine = 0x4C3480; // Search the address inside of crossfire.exe, this address is for Crossfire[AL]
DWORD retDIPEngine = ( DIPEngine + 0x7 );

__declspec( naked ) HRESULT WINAPI DIPEngineMidfunction( VOID )
{
	static LPDIRECT3DDEVICE9 pDevice;

	__asm
	{
		PUSH EAX
		MOV DWORD PTR DS:[pDevice], EAX
		MOV EAX, DWORD PTR DS:[ECX + 0x148]
		PUSHAD
	}

	pDevice->SetRenderState( D3DRS_ZENABLE, D3DZB_FALSE );
	
	// Others stuffs here ...

	__asm
	{
		POPAD
		JMP DWORD PTR DS:[retDIPEngine]
	}
}
    Crédits:
    @Shad0w_ => Midfunction mehtod
    @WE11ington => Posted this method +/- 1 year ago (for CA 1 year and 5 months, idk....)
    Taked Combat Arms DIP Engine from refference ?
    Last edited by XarutoUsoCrack; 08-24-2013 at 05:39 PM.
  12. 08-24-2013 #10
    luizimloko
    luizimloko is offline
    Threadstarter
    Blackhat Hacker
    MPGH Member
    luizimloko's Avatar
    Join Date
    Feb 2011
    Gender
    male
    Location
    fs:[0]
    Posts
    1,879
    Reputation
    136
    Thanks
    10,137
    My Mood
    Yeehaw
    Send a message via Birdie™ to luizimloko Brazil
    Quote Originally Posted by XarutoUsoCrack View Post
    Taked Combat Arms DIP Engine from refference ?
    no, i find it alone ...
  13. 08-24-2013 #11
    Skaterforeva1
    Skaterforeva1 is offline
    Bobo's Trainer
    MPGH Member
    Skaterforeva1's Avatar
    Join Date
    Apr 2010
    Gender
    male
    Location
    Up your ass
    Posts
    936
    Reputation
    32
    Thanks
    485
    My Mood
    Psychedelic
    Send a message via Birdie™ to Skaterforeva1 United States Skaterforeva Skaterforeva Skaterforeva Skaterforeva1
    Quote Originally Posted by luizimloko View Post


    no, i find it alone ...
    I have been in combat arm section for ever. This is definitely from there, just updated it for crossfire lol.




    ^Suck it!
  14. 08-24-2013 #12
    luizimloko
    luizimloko is offline
    Threadstarter
    Blackhat Hacker
    MPGH Member
    luizimloko's Avatar
    Join Date
    Feb 2011
    Gender
    male
    Location
    fs:[0]
    Posts
    1,879
    Reputation
    136
    Thanks
    10,137
    My Mood
    Yeehaw
    Send a message via Birdie™ to luizimloko Brazil
    Quote Originally Posted by Skaterforeva1 View Post
    I have been in combat arm section for ever. This is definitely from there, just updated it for crossfire lol.
    you think that same pattern scan for CA works on CF ?
  15. 08-25-2013 #13
    ramo
    ramo is offline
    Banned
    BANNED!
    ramo's Avatar
    Join Date
    Sep 2010
    Gender
    male
    Location
    A.R.E
    Posts
    291
    Reputation
    82
    Thanks
    4,076
    My Mood
    Blah
    Send a message via Birdie™ to ramo Egypt
    Quote Originally Posted by luizimloko View Post


    you think that same pattern scan for CA works on CF ?
    You can search for the exactly same hook by asm commands lines
    And i think hooking in crossfire is detected ..
    Anyway thanks
  16. 08-25-2013 #14
    sabatbatu
    sabatbatu is offline
    Member
    MPGH Member
    sabatbatu's Avatar
    Join Date
    Apr 2013
    Gender
    male
    Posts
    147
    Reputation
    10
    Thanks
    6
    My Mood
    Cold
    Send a message via Birdie™ to sabatbatu Indonesia
    Are you there endScene / present hook?

     

    Project Done 20%



  17. 08-25-2013 #15
    Astr3Lune
    Astr3Lune is offline
    Dual-Keyboard Member
    MPGH Member
    Astr3Lune's Avatar
    Join Date
    Apr 2013
    Gender
    male
    Location
    Banten
    Posts
    282
    Reputation
    10
    Thanks
    8
    Send a message via Birdie™ to Astr3Lune Indonesia
    DWORD WINAPI StartRoutine( LPVOID )
    {
    while( TRUE )
    {
    if( memcmp( ( VOID * )DIPEngine, ( VOID * )( PBYTE )"\x8B\x07", 2 ) == 0 ) <=== Right?
    {
    Sleep( 100 );
    DetourCreate( ( PBYTE )DIPEngine, ( PBYTE )DIPEngineMidfunction, 7 ); <== Right?
    }
    Sleep( 50 );
    }

    return 0;
    }
    Last edited by Astr3Lune; 08-25-2013 at 04:11 AM.
Page 1 of 2 12 LastLast
« Previous Thread | Next Thread »

Similar Threads

  1. EndScene Engine + DIP Engine
    By [mi5 in forum CrossFire Hack Coding / Programming / Source Code
    Replies: 11
    Last Post: 10-26-2012, 10:20 PM
  2. [Release] Hook DIP Engine
    By Avene in forum CrossFire Hack Coding / Programming / Source Code
    Replies: 15
    Last Post: 08-29-2012, 03:49 PM
  3. [Release] Hook DIP Engine
    By PikaMucha_Itu in forum Combat Arms BR Hack Coding/Source Code
    Replies: 62
    Last Post: 06-07-2012, 11:10 AM
  4. [Release] Combat Arms EU CBL Player Search Engine[UPDATE]
    By Zoom in forum Combat Arms Europe Hacks
    Replies: 10
    Last Post: 02-25-2010, 07:17 PM
  5. Garena Bypass + Cheat Engine + UPDATED Hacks
    By danlp in forum Blackshot Hacks & Cheats
    Replies: 60
    Last Post: 09-28-2009, 11:41 AM