Hackshield Bypass

**Banana** · 01-22-2014

This should help you guys and the coders

Thanks and +Rep are appreciated!

Code:

#ifndef _ANTIHACKSHIELD_H
#define _ANTIHACKSHIELD_H

#include "xorstr.h"

typedef LONG (WINAPI* tZwSetEvent)(HANDLE EventHandle, PLONG PreviousState);
tZwSetEvent oZwSetEvent;

bool bThreadTerminate = false;

DWORD dwMAIN_THREAD;
DWORD dwLMP_HACKSHIELD_THREAD;
DWORD dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1;
DWORD dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2;
DWORD dwCHECK_INTEGRITY_HACKSHIELD_THREAD;
DWORD dwKDTRACE_HACKSHIELD_THREAD;

DWORD dwLMP_HACKSHIELD_THREAD_EVENT;
DWORD dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1_EVENT;
DWORD dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT;
DWORD dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT;

DWORD dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL;
DWORD dwHACKSHIELD_CALL_TO_CREATE_THREAD;

MODULEINFO mEngine, mEhSvc;

#define INRANGE(x,a,b)  (x >= a && x <= b) 
#define getBits( x )    (INRANGE((x&(~0x20)),'A','F') ? ((x&(~0x20)) - 'A' + 0xa) : (INRANGE(x,'0','9') ? x - '0' : 0))
#define getByte( x )    (getBits(x[0]) << 4 | getBits(x[1]))
DWORD FindPattern( DWORD rangeStart, DWORD rangeEnd, const char* pattern )
{
    const char* pat = pattern;
    DWORD firstMatch = 0;
    for( DWORD pCur = rangeStart; pCur < rangeEnd; pCur++ )
    {
        if( !*pat ) return firstMatch;
        if( *(PBYTE)pat == '\?' || *(BYTE*)pCur == getByte( pat ) ) {
            if( !firstMatch ) firstMatch = pCur;
            if( !pat[2] ) return firstMatch;
            if( *(PWORD)pat == '\?\?' || *(PBYTE)pat != '\?' ) pat += 3;
            else pat += 2;  

        } else {
            pat = pattern;
            firstMatch = 0;
        }
    }
    return NULL;
}

struct sHackShieldThreadParams
{
    char _pad1[0x48];
    DWORD param1;
    DWORD param2;
};


#pragma optimize("", off)
void FakeASMCheck()
{
    VIRTUALIZER1_START
    oZwSetEvent((HANDLE) *(DWORD *)dwLMP_HACKSHIELD_THREAD_EVENT, 0);
    VIRTUALIZER1_END

    while(bThreadTerminate == false)
        Sleep(1000);
}

void FakeHeuristicScanThread()
{
    VIRTUALIZER1_START
    dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1_EVENT = *(DWORD *
LD_THREAD_1_EVENT, 0);
    VIRTUALIZER1_END
    while(bThreadTerminate == false)
        Sleep(1000);
}

void FakeHeuristicModulesScanThread()
{
    VIRTUALIZER1_START
    dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT = *(DWORD *)(dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT + 1);
    dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT = *(DWORD *)(dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT);
    dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT = *(DWORD *)(dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT + 0xB98);

    oZwSetEvent((HANDLE)dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT, 0);
    VIRTUALIZER1_END
    while(bThreadTerminate == false)
        Sleep(1000);
}


void FakeHackShieldIntegrityChecks()
{
    VIRTUALIZER1_START
    dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT = **(DWORD **)(dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT + 2);
    oZwSetEvent((HANDLE) dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT, 0);
    VIRTUALIZER1_END
    while(bThreadTerminate == false)
        Sleep(1000);
}

void FakeKernelTraceThread()
{
    while(bThreadTerminate == false)
        Sleep(1000);
}


typedef HANDLE(WINAPI* tCreateThread)(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId);
tCreateThread oCreateThread;
HANDLE WINAPI hkCreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId)
{
    VIRTUALIZER1_START
    __asm pushad;

    if(lpStartAddress == (LPTHREAD_START_ROUTINE)dwMAIN_THREAD )
    {
        sHackShieldThreadParams * pHackShieldThreadParams = (sHackShieldThreadParams *)lpParameter;

        if(pHackShieldThreadParams->param1 == dwLMP_HACKSHIELD_THREAD )
            pHackShieldThreadParams->param1 = (DWORD)FakeASMCheck;
        
        if(pHackShieldThreadParams->param1 == dwCHECK_INTEGRITY_HACKSHIELD_THREAD ) 
            pHackShieldThreadParams->param1 = (DWORD)FakeHackShieldIntegrityChecks;

        if(pHackShieldThreadParams->param1 == dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1 ) 
            pHackShieldThreadParams->param1 = (DWORD)FakeHeuristicScanThread;
            
        if(pHackShieldThreadParams->param1 == dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2 )
            pHackShieldThreadParams->param1 = (DWORD)FakeHeuristicModulesScanThread;

        if(pHackShieldThreadParams->param1 == dwKDTRACE_HACKSHIELD_THREAD ) 
            pHackShieldThreadParams->param1 = (DWORD)FakeKernelTraceThread;

        lpParameter = (LPVOID)pHackShieldThreadParams;
    }

    __asm popad;

    return oCreateThread(lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpThreadId);
    VIRTUALIZER1_END
}


MODULEINFO GetModuleInfo ( LPCTSTR lpModuleName )
{
    
    MODULEINFO miInfos = { NULL };

    HMODULE hPSAPI_module;

    if(!GetModuleHandleA(/*psapi.dll*/XorStr<0x83,10,0x958DA3D8>("\xF3\xF7\xE4\xF6\xEE\xA6\xED\xE6\xE7"+0x958DA3D8).s))
    {
        VIRTUALIZER1_START
        char szSystemPath[MAX_PATH];
        GetWindowsDirectory(szSystemPath, MAX_PATH);
        char szPSAPIDLLPath[MAX_PATH];
        sprintf(szPSAPIDLLPath, /*%s\\system32\\psapi.dll*/XorStr<0x36,22,0x2421358F>("\x13\x44\x64\x4A\x43\x48\x48\x58\x53\x0C\x72\x1D\x32\x30\x25\x35\x2F\x69\x2C\x25\x26"+0x2421358F).s, szSystemPath);
        //char *szSystemPath = new char[MAX_PATH] = getenv(/*SystemRoot*/XorStr<0x7F,11,0xFE364ABD>("\x2C\xF9\xF2\xF6\xE6\xE9\xD7\xE9\xE8\xFC"+0xFE364ABD).s);
        //sprintf(szSystemPath, /*%s\\system32\\psapi.dll*/XorStr<0xD9,22,0xFE6A7D9B>("\xFC\xA9\x87\xAF\xA4\xAD\xAB\x85\x8C\xD1\xD1\xB8\x95\x95\x86\x98\x80\xC4\x8F\x80\x81"+0xFE6A7D9B).s, szSystemPath);
        hPSAPI_module =  LoadLibrary(szPSAPIDLLPath);
        VIRTUALIZER1_END
    }
    else
        hPSAPI_module = GetModuleHandleA(/*psapi.dll*/XorStr<0xC0,10,0xF54899B1>("\xB0\xB2\xA3\xB3\xAD\xEB\xA2\xAB\xA4"+0xF54899B1).s);

    if (!hPSAPI_module)
        return miInfos;

    HMODULE hmModule = GetModuleHandle(lpModuleName); 

    typedef DWORD ( __stdcall *tGetModuleInformation)( HANDLE, HMODULE, LPMODULEINFO, DWORD );
    tGetModuleInformation oGetModuleInformation = (tGetModuleInformation) (GetProcAddress(hPSAPI_module, /*GetModuleInformation*/XorStr<0x51,21,0x2BAEFCCD>("\x16\x37\x27\x19\x3A\x32\x22\x34\x3C\x13\x35\x3A\x32\x2C\x32\x01\x15\x0B\x0C\x0A"+0x2BAEFCCD).s));
    oGetModuleInformation(GetCurrentProcess(), hmModule, &miInfos, sizeof ( MODULEINFO ));

    return miInfos;

    
}

#pragma optimize("", on)
typedef int(__cdecl* tSecureFunctionCall)(int a1, int a2, int a3);
tSecureFunctionCall oSecureFunctionCall;
int hk_secureFunctionCall(int a1, int a2, int a3)
{
    __asm pushad;
    VIRTUALIZER1_START
    if(a1 == 6) 
        bThreadTerminate = true;
    VIRTUALIZER1_END
    __asm popad;
    return oSecureFunctionCall(a1,a2,a3);
}


#pragma optimize("", off)
void InitializeHSBypass(void)
{
    while(!GetModuleHandleA(/*EhSvc.dll*/XorStr<0x68,10,0x6EB6F07E>("\x2D\x01\x39\x1D\x0F\x43\x0A\x03\x1C"+0x6EB6F07E).s) )
    Sleep(100);

    mEngine = GetModuleInfo(0);
    mEhSvc = GetModuleInfo(/*EhSvc.dll*/XorStr<0x52,10,0x1A77CE04>("\x17\x3B\x07\x23\x35\x79\x3C\x35\x36"+0x1A77CE04).s);

    dwMAIN_THREAD = (DWORD) FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC ?? 53 56 57 89 65 ?? FF 35*/XorStr<0x21,120,0x2DDE4771>("\x14\x17\x03\x1C\x67\x06\x62\x6B\x09\x1C\x6A\x0C\x6B\x68\x0F\x06\x09\x12\x0C\x0B\x15\x09\x08\x18\x06\x05\x1B\x03\x02\x1E\x09\x78\x61\x7D\x7C\x64\x7A\x79\x67\x77\x76\x6A\x74\x73\x6D\x78\x7B\x70\x10\x63\x73\x64\x65\x76\x67\x68\x79\x6A\x6B\x7C\x6D\x6E\x7F\x55\x51\x42\x55\x50\x45\x5E\x5E\x48\x5B\x5F\x4B\x5C\x5D\x4E\x5F\x40\x51\x42\x43\x54\x45\x46\x57\x40\x4A\x5A\x3E\x3F\x5D\x41\x40\xA0\xB4\xB1\xA3\xB1\xB3\xA6\xB2\xBF\xA9\xB2\xB2\xAC\xBB\xBB\xAF\xAF\xAE\xB2\xD5\xD2\xB5\xA5\xA2"+0x2DDE4771).s);

    dwLMP_HACKSHIELD_THREAD = (DWORD) FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC 53 56 57 E9*/XorStr<0x65,21,0x321AD150>("\x50\x53\x47\x50\x2B\x4A\x2E\x2F\x4D\x5B\x5C\x50\x44\x44\x53\x41\x42\x56\x32\x41"+0x321AD150).s );
    dwLMP_HACKSHIELD_THREAD = dwLMP_HACKSHIELD_THREAD + 0x1;
    dwLMP_HACKSHIELD_THREAD = (DWORD) FindPattern( (DWORD)dwLMP_HACKSHIELD_THREAD, (DWORD)dwLMP_HACKSHIELD_THREAD + (DWORD)mEhSvc.SizeOfImage, /*55 8B EC 53 56 57 E9*/XorStr<0x65,21,0x321AD150>("\x50\x53\x47\x50\x2B\x4A\x2E\x2F\x4D\x5B\x5C\x50\x44\x44\x53\x41\x42\x56\x32\x41"+0x321AD150).s);

    dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1 = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*8B 4C 24 04 E8*/XorStr<0x3B,15,0xFE4FC9CF>("\x03\x7E\x1D\x0A\x7C\x60\x73\x76\x63\x74\x71\x66\x02\x70"+0xFE4FC9CF).s );
    dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2 = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 81 EC ?? ?? ?? ?? 53 56 57 89 65 ?? C6 45 ?? ?? C6*/XorStr<0x0E,138,0xA52699E6>("\x3B\x3A\x30\x29\x50\x33\x51\x56\x36\x21\x59\x39\x5C\x5D\x3C\x2B\x26\x3F\x1F\x1E\x02\x1C\x1B\x05\x19\x18\x08\x16\x15\x0B\x1A\x15\x0E\x10\x0F\x11\x0D\x0C\x14\x0A\x09\x17\x07\x06\x1A\x0D\x08\x1D\x7F\x0E\x60\x71\x72\x63\x74\x75\x66\x77\x78\x69\x7A\x7B\x6C\x78\x7E\x6F\x66\x65\x72\x6B\x6D\x75\x64\x62\x78\x69\x6A\x7B\x6C\x6D\x7E\x6F\x50\x41\x52\x53\x44\x5D\x57\x47\x2D\x2A\x4A\x54\x53\x4D\x51\x50\x50\x4E\x4D\x53\x4B\x4A\x56\x42\x4B\x59\x4F\x4D\x5C\x48\x49\x5F\xB8\xB8\xA2\xB5\xB1\xA5\xB9\xB8\xA8\xCA\xBC\xAB\xB8\xB8\xAE\xB0\xAF\xB1\xAD\xAC\xB4\xD6\xA0"+0xA52699E6).s );
    dwCHECK_INTEGRITY_HACKSHIELD_THREAD = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, ( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC B8*/XorStr<0xB9,12,0xE4296250>("\x8C\x8F\x9B\x84\xFF\x9E\xFA\x83\xE1\x80\xFB"+0xE4296250).s );
    dwKDTRACE_HACKSHIELD_THREAD = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 81 C4 ?? ?? ?? ?? 53 56 57 89 65 ?? C7 45 ?? ?? ?? ?? ?? C7 45 ?? ?? ?? ?? ?? C7 45 ?? ?? ?? ?? ?? FF*/XorStr<0x90,189,0x9E605CC7>("\xA5\xA4\xB2\xAB\xD6\xB5\xD3\xD4\xB8\xAF\xDB\xBB\xDA\xDB\xBE\xA9\x98\x81\x9D\x9C\x84\x9A\x99\x87\x97\x96\x8A\x94\x93\x8D\x98\x97\x90\x8E\x8D\x93\x8B\x8A\x96\x88\x87\x99\x85\x84\x9C\x8B\x8A\x9F\x81\xF0\xE2\xF3\xF4\xE5\xF6\xF7\xE8\xF9\xFA\xEB\xFC\xFD\xEE\xFA\xE0\xF1\xE4\xE7\xF4\xED\xEF\xF7\xEA\xEC\xFA\xEB\xEC\xFD\xEE\xEF\xC0\xD1\xD2\xC3\xD4\xD5\xC6\xDF\xD9\xC9\xA9\xDF\xCC\xD2\xD1\xCF\xCF\xCE\xD2\xCC\xCB\xD5\xC9\xC8\xD8\xCC\xC9\xDB\xC9\xCB\xDE\xCA\x37\x21\x3A\x3A\x24\x33\x33\x27\x37\x36\x2A\x48\x3B\x2D\x3A\x3A\x30\x2E\x2D\x33\x2B\x2A\x36\x28\x27\x39\x25\x24\x3C\x22\x21\x3F\x63\x16\x02\x17\x11\x05\x19\x18\x08\x16\x15\x0B\x13\x12\x0E\x10\x0F\x11\x0D\x0C\x14\x76\x01\x17\x0C\x0C\x1A\x04\x03\x1D\x01\x00\x60\x7E\x7D\x63\x7B\x7A\x66\x78\x77\x69\x0C\x0D"+0x9E605CC7).s);
 
    dwLMP_HACKSHIELD_THREAD_EVENT = ( (DWORD)mEhSvc.lpBaseOfDll + 0x130CA8);
    dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1_EVENT = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*B9 ?? ?? ?? ?? E8 ?? ?? ?? ?? 5D C3*/XorStr<0x1C,36,0x0FA547FD>("\x5E\x24\x3E\x20\x1F\x01\x1D\x1C\x04\x1A\x19\x07\x17\x16\x0A\x6E\x14\x0D\x11\x10\x10\x0E\x0D\x13\x0B\x0A\x16\x08\x07\x19\x0F\x7F\x1C\x7E\x0D"+0x0FA547FD).s );
    dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*A1 ?? ?? ?? ?? 53 56 33 F6 57 3B C6 89 65 ?? 75*/XorStr<0xDF,48,0x4944DE25>("\x9E\xD1\xC1\xDD\xDC\xC4\xDA\xD9\xC7\xD7\xD6\xCA\xD4\xD3\xCD\xDB\xDC\xD0\xC4\xC4\xD3\xC7\xC6\xD6\xB1\xCE\xD9\xCF\xCC\xDC\xCE\xBC\xDF\x43\x37\x22\x3B\x3D\x25\x30\x32\x28\x36\x35\x2B\x3B\x38"+0x4944DE25).s );
    
    dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*8B 0D ?? ?? ?? ?? 51 FF 15 ?? ?? ?? ?? 8B 55*/XorStr<0x15,45,0x216E426F>("\x2D\x54\x37\x28\x5D\x3A\x24\x23\x3D\x21\x20\x00\x1E\x1D\x03\x1B\x1A\x06\x12\x19\x09\x6C\x6D\x0C\x1C\x1B\x0F\x0F\x0E\x12\x0C\x0B\x15\x09\x08\x18\x06\x05\x1B\x04\x7F\x1E\x0A\x75"+0x216E426F).s );

    dwHACKSHIELD_CALL_TO_CREATE_THREAD = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD) ( (DWORD)mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*FF 15 ?? ?? ?? ?? 85 C0 75 ?? FF 15 ?? ?? ?? ?? 8B F8 56*/XorStr<0x82,57,0xBCA0FCCB>("\xC4\xC5\xA4\xB4\xB3\xA7\xB7\xB6\xAA\xB4\xB3\xAD\xB1\xB0\xB0\xAE\xAD\xB3\xAC\xA0\xB6\xD4\xA8\xB9\xAD\xAE\xBC\xA2\xA1\xBF\xE6\xE7\x82\x92\x91\x85\x99\x98\x88\x96\x95\x8B\x93\x92\x8E\x90\x8F\x91\x8A\xF1\x94\xF3\x8E\x97\x8D\x8F"+0xBCA0FCCB).s);
    dwHACKSHIELD_CALL_TO_CREATE_THREAD = *(DWORD *)(dwHACKSHIELD_CALL_TO_CREATE_THREAD + 2);

    dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL = (DWORD)FindPattern( (DWORD)mEngine.lpBaseOfDll, (DWORD) ( (DWORD)mEngine.lpBaseOfDll + (DWORD)mEngine.SizeOfImage), /*89 0D ?? ?? ?? ?? 8B 55 E8*/XorStr<0x57,27,0xD71F02EA>("\x6F\x61\x79\x6A\x1F\x7C\x62\x61\x7F\x5F\x5E\x42\x5C\x5B\x45\x59\x58\x48\x51\x28\x4B\x59\x58\x4E\x2A\x48"+0xD71F02EA).s);
    dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL = *(DWORD *)(dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL + 2);


    VIRTUALIZER1_START

    oZwSetEvent = (tZwSetEvent)GetProcAddress( GetModuleHandle(/*ntdll.dll*/XorStr<0x89,10,0x1E870C7A>("\xE7\xFE\xEF\xE0\xE1\xA0\xEB\xFC\xFD"+0x1E870C7A).s), /*ZwSetEvent*/XorStr<0x34,11,0xCB9D323B>("\x6E\x42\x65\x52\x4C\x7C\x4C\x5E\x52\x49"+0xCB9D323B).s);

    DWORD oldProtect;

    VirtualProtect((void *)mEhSvc.lpBaseOfDll, mEhSvc.SizeOfImage, PAGE_EXECUTE_READWRITE, &oldProtect);
    oCreateThread = (tCreateThread) *(DWORD *)((DWORD)dwHACKSHIELD_CALL_TO_CREATE_THREAD);
    *(DWORD *)(dwHACKSHIELD_CALL_TO_CREATE_THREAD) = (DWORD)hkCreateThread;
    VirtualProtect((void *)mEhSvc.lpBaseOfDll, mEhSvc.SizeOfImage, oldProtect, &oldProtect);

    VirtualProtect((void *)mEngine.lpBaseOfDll, mEngine.SizeOfImage, PAGE_EXECUTE_READWRITE, &oldProtect);
    oSecureFunctionCall = (tSecureFunctionCall)*(DWORD*)dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL;
    *(DWORD *)(dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL) = (DWORD)hk_secureFunctionCall;
    VirtualProtect((void *)mEngine.lpBaseOfDll, mEngine.SizeOfImage, oldProtect, &oldProtect);

    VIRTUALIZER1_END
}
#pragma optimize("", on)
#endif

**YanivLess** · 01-24-2014

Thanks you , looks good

**Jew** · 01-27-2014

you make me want to learn the language you are using to code this.

**Airdraw** · 01-29-2014

Originally Posted by Ex0rPl4net

you make me want to learn the language you are using to code this.

Same thing there

**organicjello** · 01-30-2014

This just looks like a repost of a thread started in Aug. 7th on ************* forum.
Doesn't even look changed...Doubt this works.

From what I can tell, and I'm not even a good coder, this is just C++ code that hooks certain calls in Hackshield and sends fake positive checks so .dlls or whatever remain undetected. Not sure if OP actually updated the code to work, but I doubt it, and it seems that people here have no idea how to use it.

Granted, I could be entirely wrong, so there's that.

Also, this code is C++ and it's not really that difficult. The hardest part of all that code is just finding the addresses and functions Maplestory uses to check for 3rd party programs. In essence, coding is not what you want. You want to learn reverse engineering, and that will take you months to grasp the concept with no background in any of this stuff. In my opinion, it's not worth it unless you really want to become an engineer.

**Dons12** · 01-31-2014

This code is made by donoob at UC.
And yes this code works but only for a certain version of hackshield.

And it only works once you unvirtualized it ( the source code i mean )

**chanhee7** · 01-31-2014

what do i do with this? sorry for nobo question

**organicjello** · 01-31-2014

Originally Posted by chanhee7

what do i do with this? sorry for nobo question

Use this bypass from an older version of Hackshield and create the new public bypass for Maplestory, because you are totally capable!

/sarcasm

**chanhee7** · 02-01-2014

can anyone make a tut for this? really need bypass and dont know how to do it... TT^TT

**Vague** · 02-01-2014

Originally Posted by chanhee7

can anyone make a tut for this? really need bypass and dont know how to do it... TT^TT

I'm pretty sure you could work around with this code, but it does need a good bit of editing. Hackshield has changed a lot lately, that's why AP is currently not working because it doesn't have a proper bypass.

**[D] escended** · 12-10-2014

Pretty nice thread dude much cheeros!

Thread: Hackshield Bypass

Thread Tools

Display

Hackshield Bypass

The Following 3 Users Say Thank You to Banana For This Useful Post:

Similar Threads

[Info] DN Hackshield Bypass

Bypass for Hackshield?

hackshield bypass

HOW TO BYPASS IN HACKSHIELD

My Hackshield Bypass