Results 1 to 13 of 13
  1. #1
    HLBOT's Avatar
    Join Date
    May 2011
    Gender
    male
    Location
    HCM City
    Posts
    533
    Reputation
    36
    Thanks
    1,355
    My Mood
    Amazed

    How To Bypass File Changed at HGWC

    Hello. Long time I dont use it. Now I has re-debug and it's changed to new address.
    With this Tut, the HGWC.exe's not check your file has been chaged or fake
    Here is Address and String of It.

    ---------HGWC CFNA-----------
    Code:
    0040DDB3   68 988F4800      PUSH HGWC.00488F98                       ; UNICODE "Failed to get to file crc32 : file [%s] error [%d]"
    0040DDB8   E8 83C6FFFF      CALL HGWC.0040A440
    0040DDBD   8B4424 44        MOV EAX,DWORD PTR SS:[ESP+44]
    0040DDC1   8B4C24 3C        MOV ECX,DWORD PTR SS:[ESP+3C]
    0040DDC5   83C4 0C          ADD ESP,0C
    0040DDC8   50               PUSH EAX
    0040DDC9   51               PUSH ECX
    0040DDCA   E8 65790300      CALL HGWC.00445734
    0040DDCF   83C4 08          ADD ESP,8
    0040DDD2   85C0             TEST EAX,EAX
    0040DDD4   0F84 9D000000    JE HGWC.0040DE77 // Him here, Now change JE to JMP -> JMP HGWC.0040DE77
    0040DDDA   3B6B 08          CMP EBP,DWORD PTR DS:[EBX+8]
    0040DDDD   72 05            JB SHORT HGWC.0040DDE4
    0040DDDF   E8 60810300      CALL HGWC.00445F44
    0040DDE4   8B5424 38        MOV EDX,DWORD PTR SS:[ESP+38]
    0040DDE8   8B45 00          MOV EAX,DWORD PTR SS:[EBP]
    0040DDEB   8B08             MOV ECX,DWORD PTR DS:[EAX]
    0040DDED   52               PUSH EDX
    0040DDEE   51               PUSH ECX
    MyCpp.Cpp
    Code:
    /#include <windows.h>
    DWORD HGWC;	
    BYTE PatchHGWC[] = {0xE9,0x9E,0x00,0x00,0x00,0x90};
    void Mains()
    {
    	while(1)
    	{
    	    if(!HGWC)
    	    {
    	         HGWC	= (DWORD)GetModuleHandleA( "HGWC.exe" );
    	    }
        	    else
    	    {
                    WriteProcessMemory(GetCurrentProcess(),(LPVOID)(HGWC+0xDDD4),&PatchHGWC,6,0);
    	    }
    	    Sleep(10);
    	}
    }
    BOOL APIENTRY DllMain( HANDLE hModule,DWORD  ul_reason_for_call, LPVOID lpReserved)
    {
    	if (ul_reason_for_call == 1)
    	{
    	
    		CreateThread(0, 0, (LPTHREAD_START_ROUTINE)Mains, 0, 0, 0);
    			
    	}
        return TRUE;
    }
    Code:
    FindPattern = 83 C4 ?? 85 C0 ?? ?? ?? ?? ?? ?? 3B 6B ?? ?? ?? E8
    FindPattern + 0x5
    Good Luck
    It's finally Over!

  2. The Following 8 Users Say Thank You to HLBOT For This Useful Post:

    6ixth (03-19-2014),cmc5414 (03-19-2014),dreek1 (04-10-2015),giniyat101 (03-19-2014),kjbmarr (03-20-2014),mamo007 (03-20-2014),NIgga* (03-19-2014),ramo. (03-19-2014)

  3. #2
    Zacherl's Avatar
    Join Date
    May 2009
    Gender
    male
    Posts
    150
    Reputation
    10
    Thanks
    42
    My Mood
    Aggressive
    Good find, but why the hell are you using WriteProcessMemory within your "own" process?
    + You should end the thread after patching the value once.

  4. The Following 2 Users Say Thank You to Zacherl For This Useful Post:

    cmc5414 (03-19-2014),giniyat101 (03-19-2014)

  5. #3
    giniyat101's Avatar
    Join Date
    Sep 2011
    Gender
    male
    Location
    Not telling.
    Posts
    1,935
    Reputation
    130
    Thanks
    1,380
    My Mood
    Dead
    Quote Originally Posted by Zacherl View Post
    Good find, but why the hell are you using WriteProcessMemory within your "own" process?
    + You should end the thread after patching the value once.
    i saw that and started to wonder : why its even a dll?


     



    [img]https://i43.photobucke*****m/albums/e367/DeteSting/Steam-update.gif[/img]

  6. #4
    WhiteHat PH's Avatar
    Join Date
    Aug 2012
    Gender
    male
    Location
    Some Where I Belong
    Posts
    1,350
    Reputation
    25
    Thanks
    3,097
    My Mood
    Aggressive
    Very Nice Share ^^






    When Im gone dont forget me cause I will come back someday.



    Youtube Channel


     


  7. The Following User Says Thank You to WhiteHat PH For This Useful Post:

    googleer88 (03-21-2014)

  8. #5
    mamo007's Avatar
    Join Date
    Apr 2012
    Gender
    male
    Location
    Behind You !
    Posts
    1,655
    Reputation
    216
    Thanks
    15,607
    My Mood
    Amazed
    Can you now post a topic of how easy to bypass the program called "MOSS"? So all cheat, even the "legit" players? =)
    [Source Code] Present Hooks Win 7/8 .. 8.1/10


    - removed youtube video as it had an outside link


  9. #6
    -[I]fLuX's Avatar
    Join Date
    Apr 2012
    Gender
    male
    Posts
    342
    Reputation
    112
    Thanks
    3,923
    My Mood
    Bored
    Quote Originally Posted by mamo007 View Post
    Can you now post a topic of how easy to bypass the program called "MOSS"? So all cheat, even the "legit" players? =)
    what you want to bypass in this programm?
    •Contributor: June, 29th 2013


    My Sources:
    Injector
    Memory Base
    D3D9 Hook
    Hooked Memory Base




  10. #7
    XarutoUsoCrack's Avatar
    Join Date
    Apr 2011
    Gender
    male
    Location
    CFAL Honra & Glória Server
    Posts
    1,087
    Reputation
    51
    Thanks
    2,543
    My Mood
    Relaxed
    why the fuck you need bypass MOSS ?

  11. #8
    mamo007's Avatar
    Join Date
    Apr 2012
    Gender
    male
    Location
    Behind You !
    Posts
    1,655
    Reputation
    216
    Thanks
    15,607
    My Mood
    Amazed
    Because then no one will be able to play, haw haw.
    [Source Code] Present Hooks Win 7/8 .. 8.1/10


    - removed youtube video as it had an outside link


  12. #9
    kmanev073's Avatar
    Join Date
    Feb 2011
    Gender
    male
    Location
    Bulgaria
    Posts
    2,400
    Reputation
    97
    Thanks
    2,537
    My Mood
    Cool
    MOSS is easy to bypass

  13. #10
    kmanev073's Avatar
    Join Date
    Feb 2011
    Gender
    male
    Location
    Bulgaria
    Posts
    2,400
    Reputation
    97
    Thanks
    2,537
    My Mood
    Cool
    I have easier way to bypass this by just chaning one byte

  14. #11
    UltraPGNoob's Avatar
    Join Date
    May 2010
    Gender
    male
    Posts
    671
    Reputation
    15
    Thanks
    611
    My Mood
    Fine
    same here
    /msgtoshort
    My Threads:

    - CrossFire Mods:
    Wooden Knife

    - CrossFire Tutorials:
    How to make a logger
    Total number of guns in weaponmgr

    - CrossFire NA Addies:
    Video Settings (not useful but just wanted to share) OUTDATED

    - CrossFire NA Hacks:
    UltraPGNoob Public Hack v1 DETECTED (02-24-2011)
    UltraPGNoob Public Hack v2 DETECTED (06-22-2011)
    UltraPGNoob Public Hack v3 DETECTED (07-04-2011)

    - CrossFire EU Hacks:
    UltraPGNoob Public Hack - Special Edition (Knife Weapon Hack) DETECTED (02-26-2012)

  15. #12
    zZzeta/S's Avatar
    Join Date
    Apr 2012
    Gender
    male
    Location
    Germany
    Posts
    1,061
    Reputation
    43
    Thanks
    2,100
    MOSS is the biggest fail ever. Made a callback system that triggers on ss and disables visuals until the frame is clean again. That was for another game tho.
    Quote Originally Posted by Jabberwo0ck View Post
    Quote Originally Posted by uNrEaL View Post
    Cool, thanks!
    Ccman has gone too low. I've known for a long time he was sneaky.
    >top lel much crack many get so download wow

  16. #13
    I2espect's Avatar
    Join Date
    Aug 2013
    Gender
    male
    Location
    On Other Planet
    Posts
    641
    Reputation
    28
    Thanks
    870
    My Mood
    Devilish
    Quote Originally Posted by kmanev073 View Post
    I have easier way to bypass this by just chaning one byte
    Quote Originally Posted by UltraPGNoob View Post
    same here
    /msgtoshort
    [ 1 Byte ] :P
    Code:
    memcpy((LPVOID)0x0040DDD2 ,(LPVOID)"\x3B",1);

Similar Threads

  1. [Info] I already know now, how to bypass X-Trap and HGWC
    By Pronome191 in forum CrossFire Discussions
    Replies: 22
    Last Post: 01-11-2013, 11:24 AM
  2. [Solved] ./HGWC File Change Detected
    By Xayer in forum CrossFire Help
    Replies: 6
    Last Post: 10-12-2011, 07:18 PM
  3. [Solved] File Changed~/HGWC
    By ~dody~ in forum CrossFire Help
    Replies: 13
    Last Post: 10-01-2011, 05:05 PM
  4. [Help Request] HGWC File Changed [ while Playing Error ]
    By shefoalaao in forum CrossFire Help
    Replies: 12
    Last Post: 09-03-2011, 07:46 AM
  5. [Help Request] Detcting file-changeing .\HGWC
    By hitmix24 in forum CrossFire Help
    Replies: 2
    Last Post: 08-31-2011, 05:39 PM