A Way To Bypass Hackshield [NEW FOR THIS SECTION]

[_PuRe.LucK*]

Hey MPGH

First I will explain you why I wasn't on my account for 4/5 months.
It was hacked and I wasn't able to reset password... But then, suddenly my account was there with my old account data...
So now I'm back

This here will be my welcome present^^
So please enjoy

So we stay at the project...

1. The Theory

When you can hook with 0xE9 or whatever... You can hook with this, with GetProcAddress() and memcpy(), detours, and MANY more....
Then the first thing is you suspend AVA.exe and open the debugger(I use the CheatEngine debugger).
After that you must know which APIs the process CAN hook to do some detection of as example cheat engine or any debugger...
For the detection of a process you can use the K32EnumProcess API... This is API lists an array of processes and looks for blacklist programs.
And for debugger detection the most hackshields uses IsDebuggerPresent. This is the standard debugger detection API. It returns true or false(bool). So you hook all of these APIs that could be dangerous for Cheat engine and our hack ...
In C++ you can do this with memcpy() and the opcodes!
So that's the basic way to bypass a hackshield by hooking.

2. How to do this?!

That's not very hard when you got knowledge of any programming language like C++ and the advanced windows APIs and you must have knowledge with any debugger(I use Cheat Engine) and the standard mnemonics. So first you open Cheat Engine and set it up for debugging services...
Then you suspend your process with the hackshield including and open it in cheat engine. Open the memory viewer(Ctrl+B). Rightclick on the panel and choose go to address: there you gonna type the bad API you want to hook. Try "IsDebuggerPresent". You see that this function is a function of the kernel32 library. Now you just get the address in our C++ project (dll) with GetProcAddress() and then you can overwrite it. Then you can search K32EnumProcesses as example and hook this, too. For a few games this is enough. You can hook many more APIs to prevent the detection.

3. The test

This method works on all games when you hook the right things AND you hook right.
I did not tested it on AVA but I tested this on a game called "S4League" and it worked.

4. The bye bye ^^

Hope you enjoyed my tutorial.
When you want more tutorials from me, you can click the thanks button.

Bye


1 Tip:

When your working on x32 bit and you can't see game processes/modules with hackshield then you could hook the API
NtQuerySystemInformation... Only a tip

[celvin]

teach me shifu ) i am beginer

[wGRWGHWGRERGrgergergrg]

Hey MPGH

First I will explain you why I wasn't on my account for 4/5 months.
It was hacked and I wasn't able to reset password... But then, suddenly my account was there with my old account data...
So now I'm back

This here will be my welcome present^^
So please enjoy

So we stay at the project...

1. The Theory

When you can hook with 0xE9 or whatever... You can hook with this, with GetProcAddress() and memcpy(), detours, and MANY more....
Then the first thing is you suspend AVA.exe and open the debugger(I use the CheatEngine debugger).
After that you must know which APIs the process CAN hook to do some detection of as example cheat engine or any debugger...
For the detection of a process you can use the K32EnumProcess API... This is API lists an array of processes and looks for blacklist programs.
And for debugger detection the most hackshields uses IsDebuggerPresent. This is the standard debugger detection API. It returns true or false(bool). So you hook all of these APIs that could be dangerous for Cheat engine and our hack ...
In C++ you can do this with memcpy() and the opcodes!
So that's the basic way to bypass a hackshield by hooking.

2. How to do this?!

That's not very hard when you got knowledge of any programming language like C++ and the advanced windows APIs and you must have knowledge with any debugger(I use Cheat Engine) and the standard mnemonics. So first you open Cheat Engine and set it up for debugging services...
Then you suspend your process with the hackshield including and open it in cheat engine. Open the memory viewer(Ctrl+B). Rightclick on the panel and choose go to address: there you gonna type the bad API you want to hook. Try "IsDebuggerPresent". You see that this function is a function of the kernel32 library. Now you just get the address in our C++ project (dll) with GetProcAddress() and then you can overwrite it. Then you can search K32EnumProcesses as example and hook this, too. For a few games this is enough. You can hook many more APIs to prevent the detection.

3. The test

This method works on all games when you hook the right things AND you hook right.
I did not tested it on AVA but I tested this on a game called "S4League" and it worked.

4. The bye bye ^^

Hope you enjoyed my tutorial.
When you want more tutorials from me, you can click the thanks button.

Bye


1 Tip:

When your working on x32 bit and you can't see game processes/modules with hackshield then you could hook the API
NtQuerySystemInformation... Only a tip

you're a genius thanx for this idea

[_PuRe.LucK*]

you're a genius thanx for this idea

NP! You are welcome!

[Unknown]

Someone give this guy a cookie!

* Unknown *

[ccman32]

Wtf?
1.) AVA does not even use HackShield or whatever you mean.
2.) Anti Cheats are completely different from game to game.
3.) Afaik S4 League has XCrap as Anti Cheat.
4.) This is EXTREMELY general and not especially related to AVA in any way.

Thx anyway -.-

[COD3RIN]

Awesome info dude

[_PuRe.LucK*]

Awesome info dude

Np, You're welcome!

[aaron2z]

The K32EnumProcess might make this work, but otherwise I really don't see this method working. This is because AVA runs a live detection while the game is running "xhunter1" and even though we all have disabled it, it has been discovered that it's still running in the background hidden but cannot be seen by Process Hacker 2. I personally did not discover this but the person that did was running a Win8.1 x64 machine. But AVA doesn't use HackShield, they use XIGNCODE, so this K32EnumProcess might work for whatever games use hackshield but if it doesn't detect the hidden process from xigncode then it will still be detected. I'm currently working on a aimbot i hope to release here soon, but my problem is it keeps getting detected. So give me a bit to play with this theory and try it out and if it works out then I will love you and report back here.

[joyrobert]

k gl. end Good Work.

[joyrobert]

Broo cent u make a hack with Skip round and box adder with number.? Thx. And 1 question At wath arre u working now. 1 morre , your gona post something in this year? 2014 ?

[_PuRe.LucK*]

The K32EnumProcess might make this work, but otherwise I really don't see this method working. This is because AVA runs a live detection while the game is running "xhunter1" and even though we all have disabled it, it has been discovered that it's still running in the background hidden but cannot be seen by Process Hacker 2. I personally did not discover this but the person that did was running a Win8.1 x64 machine. But AVA doesn't use HackShield, they use XIGNCODE, so this K32EnumProcess might work for whatever games use hackshield but if it doesn't detect the hidden process from xigncode then it will still be detected. I'm currently working on a aimbot i hope to release here soon, but my problem is it keeps getting detected. So give me a bit to play with this theory and try it out and if it works out then I will love you and report back here.

Yeah disable xhunter1 with process hacker or a better way would be:
Make a DLL and in it you just rename the driver to xhunter13 or whatever
(wmemcpy)

[zZzeta/S]

The K32EnumProcess might make this work, but otherwise I really don't see this method working. This is because AVA runs a live detection while the game is running "xhunter1" and even though we all have disabled it, it has been discovered that it's still running in the background hidden but cannot be seen by Process Hacker 2. I personally did not discover this but the person that did was running a Win8.1 x64 machine. But AVA doesn't use HackShield, they use XIGNCODE, so this K32EnumProcess might work for whatever games use hackshield but if it doesn't detect the hidden process from xigncode then it will still be detected. I'm currently working on a aimbot i hope to release here soon, but my problem is it keeps getting detected. So give me a bit to play with this theory and try it out and if it works out then I will love you and report back here.

Yeah disable xhunter1 with process hacker or a better way would be:
Make a DLL and in it you just rename the driver to xhunter13 or whatever
(wmemcpy)

Bullshit. The driver gets downloadedbat runtime, mappes into C:\, loaded
and removed. The best way would be to hook the communication between the x3 Module and the Driver

[Jabberwock]

Bullshit. The driver gets downloadedbat runtime, mappes into C:\, loaded
and removed. The best way would be to hook the communication between the x3 Module and the Driver

Ah... Nice.

[zZzeta/S]

Ah... Nice.

Explain yourself Jab