Bypass Source Code

**Trunky** · 09-24-2009

haha Noone Cares

**broly7** · 09-24-2009

Information inside unpacked EHSCV.DLL:

Text strings referenced in Ehsvc: (I have not paste all the strings, just understanding string)

100090CE PUSH Ehsvc.100B05DC ASCII "AhnLab HackShield Pro"
100090D3 PUSH Ehsvc.100B0578 ASCII "You are running HackShield Pro Trial version.\r\nYou may not distribute this version for commercial."
1000A8F2 PUSH Ehsvc.100B03F4 ASCII "SeDebugPrivilege"
1000B6C6 PUSH Ehsvc.100B10DC ASCII "\\drivers"
1000B6D8 PUSH Ehsvc.100B10D0 ASCII "EagleNt.sys"
1000B6E4 PUSH Ehsvc.100AE7D0 ASCII "%s\\%s"
1000B705 PUSH Ehsvc.100B10C4 ASCII "Eagle9x.vxd"
1000B711 PUSH Ehsvc.100AE7D0 ASCII "%s\\%s"
1000B7D8 PUSH Ehsvc.100B1094 ASCII "{863E8351-3955-4f20-9762-4D9E8CE5C945} %d, %d"
1000B81C PUSH Ehsvc.100B1068 ASCII "{79615F3B-0F40-4dd1-96C9-2B50299EDB10} %d"
1000B83F PUSH Ehsvc.100B10D0 ASCII "EagleNt.sys"
1000B84B PUSH Ehsvc.100AE7D0 ASCII "%s\\%s"
1000B8B2 PUSH Ehsvc.100B1038 ASCII "{12B164DE-01EC-4c30-A589-AF9CCED1DB7B}_a, %s"
1000BD4B MOV EDI,Ehsvc.100B10DC ASCII "\\drivers"
1000BD7F PUSH Ehsvc.100B10D0 ASCII "EagleNt.sys"
1000BD8B PUSH Ehsvc.100AE7D0 ASCII "%s\\%s"
1000BDA1 PUSH Ehsvc.100B10C4 ASCII "Eagle9x.vxd"
1000BDAD PUSH Ehsvc.100AE7D0 ASCII "%s\\%s"
1000BE39 PUSH Ehsvc.100B13E0 ASCII "{29A3130D-7CC8-48de-B85D-6B9F6FD8D9F3} %d, %d"
1000BE7D PUSH Ehsvc.100B13B4 ASCII "{5460DC2F-E80C-40e9-91A8-408C75B27F8B} %d"
1000BE91 PUSH Ehsvc.100B10D0 ASCII "EagleNt.sys"
1000BE9D PUSH Ehsvc.100AE7D0 ASCII "%s\\%s"
1000BF2C PUSH Ehsvc.100B1380 ASCII "{FD95D2E6-171D-4b81-BBBD-B071ADB0D572} %d, %x, %s"
1000CF96 PUSH Ehsvc.100B1874 ASCII "\\HsLogMgr.exe"
1000CFA0 PUSH Ehsvc.100B186C ASCII "%s%s"
1000CFB6 PUSH Ehsvc.100B1874 ASCII "\\HsLogMgr.exe"
1000CFBF PUSH Ehsvc.100B186C ASCII "%s%s"
1000CFE2 PUSH Ehsvc.100B1850 ASCII "/ec:%08x /gc:%08x /id:%s"
1000EA07 PUSH Ehsvc.100B2874 ASCII "\\VarFileInfo\\Translation"
1000EA32 PUSH Ehsvc.100B284C ASCII "\\StringFileInfo\\%04hX%04hX\\FileVersion"
1000EEFF PUSH Ehsvc.100B28D0 ASCII "_AHNPRODUCTID="
1000EF29 PUSH Ehsvc.100B28C0 ASCII "_SERVER ="
1000EF53 PUSH Ehsvc.100B28B0 ASCII "_PROTOCOL ="
1000EF91 PUSH Ehsvc.100B28A0 ASCII "_FTPUSERID ="
1000EFB7 PUSH Ehsvc.100B2890 ASCII "_FTPUSERPASS ="
1000F5CD PUSH Ehsvc.100B28B0 ASCII "_PROTOCOL ="
1000F615 PUSH Ehsvc.100B28D0 ASCII "_AHNPRODUCTID="
1000F645 PUSH Ehsvc.100B28F4 ASCII "_ADDRESS ="
1000F6D2 PUSH Ehsvc.100B28C0 ASCII "_SERVER ="
1000F702 PUSH Ehsvc.100B28E0 ASCII "_PORT ="
1000F744 PUSH Ehsvc.100B28A0 ASCII "_FTPUSERID ="
1000F777 PUSH Ehsvc.100B2890 ASCII "_FTPUSERPASS ="
1000FC1A PUSH Ehsvc.100B28B0 ASCII "_PROTOCOL ="
1000FC26 PUSH Ehsvc.100B2904 ASCII "%08x%s"
1000FC6C PUSH Ehsvc.100B28D0 ASCII "_AHNPRODUCTID="
1000FC78 PUSH Ehsvc.100B2904 ASCII "%08x%s"
1000FCBE PUSH Ehsvc.100B28F4 ASCII "_ADDRESS ="
1000FCCA PUSH Ehsvc.100B2904 ASCII "%08x%s"
1000FD16 PUSH Ehsvc.100B28C0 ASCII "_SERVER ="
1000FD22 PUSH Ehsvc.100B2904 ASCII "%08x%s"
1000FD6B PUSH Ehsvc.100B28E0 ASCII "_PORT ="
1000FD77 PUSH Ehsvc.100B2904 ASCII "%08x%s"
1000FDC3 PUSH Ehsvc.100B28A0 ASCII "_FTPUSERID ="
1000FDCF PUSH Ehsvc.100B2904 ASCII "%08x%s"
1000FE1B PUSH Ehsvc.100B2890 ASCII "_FTPUSERPASS ="
1000FE27 PUSH Ehsvc.100B2904 ASCII "%08x%s"
10010042 PUSH Ehsvc.100B186C ASCII "%s%s"
10010151 PUSH Ehsvc.100B290C ASCII "%s%d"
10011358 MOV ESI,Ehsvc.100B292C ASCII "TnRRdWVyeVN5c3RlbUluZm9ybWF0aW9u"
10011369 MOV ESI,Ehsvc.100B2914 ASCII
100126A3 PUSH Ehsvc.100B2B64 ASCII "ModName: %s(Addr:%ph)"
100126B8 PUSH Ehsvc.100B2B58 ASCII "Addr:%ph"
100126E1 PUSH Ehsvc.100B2B14 ASCII "{D525E898-C445-4338-940F-5B37198BE97F}(ModName: %s(%ph) :(Addr:%ph)"
10012895 PUSH Ehsvc.100B2BA8 ASCII "{736D770F-9E6A-4ced-A9DD-BA0C82E41585}(%d)"
10014A61 PUSH Ehsvc.100B2EF8 ASCII "kernel32.dll"
10014B3F PUSH Ehsvc.100B2F38 ASCII "NUL"
10014B63 PUSH Ehsvc.100B2F30 ASCII "\"%s\""
10014B8E PUSH Ehsvc.100B2F30 ASCII "\"%s\""
10014BB1 PUSH Ehsvc.100B2F24 ASCII "%hs=%hs\r\n"
10014C09 PUSH Ehsvc.100B2F08 ASCII "\\WinInit.Ini"
10014CAB PUSH Ehsvc.100AF060 ASCII "%s"
10014D98 PUSH Ehsvc.100B3008 ASCII "v3pro32s.dll"
10014DB0 PUSH Ehsvc.100B3008 ASCII "v3pro32s.dll"
10014DD9 PUSH Ehsvc.100B2FF8 ASCII "AhnGetVirusName"
10014E02 PUSH Ehsvc.100B2FE4 ASCII "AhnGetEngineDate"
10014E3A PUSH Ehsvc.100B2FD4 ASCII "AhnCheckFile"
10014E64 PUSH Ehsvc.100B2FC4 ASCII "AhnCheckProcess"
10014E8D PUSH Ehsvc.100B2FB4 ASCII "AhnRepairFile"
10014EB7 PUSH Ehsvc.100B2F9C ASCII "AhnInitVaccineEngine"
10014EE1 PUSH Ehsvc.100B2F80 ASCII "AhnCheckDefaultExtensions"
10014F0A PUSH Ehsvc.100B2F68 ASCII "AhnGetVirusFileCureData"
10014F34 PUSH Ehsvc.100B2F50 ASCII "AhnGetExtRepairStatus"
10014F81 PUSH Ehsvc.100B2F44 ASCII "ehsvc.dll"
10014FC7 PUSH Ehsvc.100B2F3C ASCII "TEMP"
100163A0 PUSH Ehsvc.100B3260 ASCII "{B472C364-F9B8-4c78-9776-8CB9CBDBF278}"
10017C4B MOV EDX,Ehsvc.100B3748 ASCII "3N.mhe"
10017D8B PUSH Ehsvc.100B3718 ASCII "{97AD253A-34C7-4666-B730-A736CE3C5DD4} %d, %s"
1001DB43 PUSH Ehsvc.100B4468 ASCII "exhackLst.dat"
1001DB55 PUSH Ehsvc.100B4468 ASCII "exhackLst.dat"
1001DB82 PUSH Ehsvc.100B4460 ASCII "evtEHSS"
1001DB8E PUSH Ehsvc.100B4458 ASCII "%s_%X"
10020913 PUSH Ehsvc.100B4B34 ASCII "NTDLL.DLL"
100209D1 MOV EAX,Ehsvc.100B4B20 ASCII "L%L{A&s8b_:{@!.."
100209EE PUSH Ehsvc.100B4B10 ASCII "Kernel32.dll"
10020CA5 PUSH Ehsvc.100B4B40 ASCII "h&I_1_?[ch/8A[K[1=h[c2H8l(K[1}h$"
10020CC7 PUSH Ehsvc.100B4B34 ASCII "NTDLL.DLL"
10020CEB PUSH Ehsvc.100B4B20 ASCII "L%L{A&s8b_:{@!.."
10020D03 PUSH Ehsvc.100B4B10 ASCII "Kernel32.dll"
10020F92 PUSH Ehsvc.100B4B64 ASCII "{4BF8602F-2AAA-4ae2-ACB5-BAA54E8FA070} %s"
10024313 MOV EDI,Ehsvc.100B5838 ASCII "WIN95"
10024327 PUSH Ehsvc.100B5838 ASCII "WIN95"
10024339 PUSH Ehsvc.100B5810 ASCII "{DA5787D9-1992-4453-BBBF-D297572207B9}"
10024352 MOV EDI,Ehsvc.100B5808 ASCII "WIN98"
10024368 PUSH Ehsvc.100B5808 ASCII "WIN98"
1002437A PUSH Ehsvc.100B57E0 ASCII "{8320EF11-6D0A-49f3-922C-897643CE6363}"
100243A7 MOV EDI,Ehsvc.100B57D8 ASCII "NT4SP5"
100243BD PUSH Ehsvc.100B57D8 ASCII "NT4SP5"
100243CF PUSH Ehsvc.100B57B0 ASCII "{5189EA1C-8C1A-4f36-8D7A-046C1C65FD9A}"
100243E8 MOV EDI,Ehsvc.100B57A8 ASCII "WIN2000"
100243FE PUSH Ehsvc.100B57A8 ASCII "WIN2000"
10024410 PUSH Ehsvc.100B5780 ASCII "{5FB3A95F-8489-4d88-8D27-F871D8100109}"
1002442C MOV EDI,Ehsvc.100B5778 ASCII "WINXP"
10024442 PUSH Ehsvc.100B5778 ASCII "WINXP"
10024454 PUSH Ehsvc.100B5750 ASCII "{DDFFF35B-FEF5-4f5b-8483-124E8985CA88}"
1002445E MOV EDI,Ehsvc.100B5744 ASCII "WINXPSP2"
10024474 PUSH Ehsvc.100B5744 ASCII "WINXPSP2"
10024486 PUSH Ehsvc.100B5750 ASCII "{DDFFF35B-FEF5-4f5b-8483-124E8985CA88}"
100244A2 MOV EDI,Ehsvc.100B573C ASCII "WIN2003"
100244B8 PUSH Ehsvc.100B573C ASCII "WIN2003"
100244CA PUSH Ehsvc.100B5714 ASCII "{8EC207D8-1648-43bd-ACCA-800E09DF8E07}"
100244E6 MOV EDI,Ehsvc.100B5708 ASCII "WINSRV03SP1"
100244FC PUSH Ehsvc.100B5708 ASCII "WINSRV03SP1"
1002450E PUSH Ehsvc.100B5714 ASCII "{8EC207D8-1648-43bd-ACCA-800E09DF8E07}"
100246AE PUSH Ehsvc.100B58C8 ASCII "Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Layers"
100246C8 PUSH Ehsvc.100B589C ASCII "{9ADA4A17-7DDE-4a16-8EA0-09A1F4691D90} %d"
10024A44 PUSH Ehsvc.100B5AF4 ASCII "AdvApi32.dll"
10024A58 PUSH Ehsvc.100B5ACC ASCII "{5D937A3D-D2A7-4ee0-B5DF-1DF74B7E87FC}"
10024A7D PUSH Ehsvc.100B5AB4 ASCII "ImpersonateLoggedOnUser"
10024A8D PUSH Ehsvc.100B5A8C ASCII "{BA33E6AB-534F-49a7-98B3-55FBC7D075A7}"
10024AC5 PUSH Ehsvc.100B5A60 ASCII "{667C300D-48E4-48d3-BC2F-3E3CD4D9AC99} %d"
10024AE4 PUSH Ehsvc.100B5A38 ASCII "{C7234DC8-420B-4d6e-B0DB-13A566A53557}"
10024BB0 PUSH Ehsvc.100B5BB8 ASCII "{65F5EB48-04F5-419a-A7E9-16EC111EEDBC}"
10024BD3 PUSH Ehsvc.100B5AF4 ASCII "AdvApi32.dll"
10024BE7 PUSH Ehsvc.100B5B90 ASCII "{5110EF6B-AEAF-4ab9-8C8A-792FCAE9CD82}"
10024C0C PUSH Ehsvc.100B5B80 ASCII "RevertToSelf"
10024C1C PUSH Ehsvc.100B5B58 ASCII "{8EFE6219-FFB2-4237-B6DC-0620A8503AEE}"
10024C50 PUSH Ehsvc.100B5B2C ASCII "{241DBB25-8B52-4070-8C1F-36B56B2CF55B} %d"
10024D61 PUSH Ehsvc.100B5BE0 ASCII "{CE40E99A-19CD-4044-B6B0-E496F984C87C} %d"
10024E9A PUSH Ehsvc.100B5AF4 ASCII "AdvApi32.dll"
10024EAC PUSH Ehsvc.100B5D2C ASCII "{0407AAFD-72A3-4f86-8EC4-6D9CFCC5B15A}"
10024ED7 PUSH Ehsvc.100B5D18 ASCII "OpenProcessToken"
10024EE6 PUSH Ehsvc.100B5CF0 ASCII "{45627561-F3EF-4b94-A777-13E8DC0D2554}"
10024F0E PUSH Ehsvc.100B5CDC ASCII "GetTokenInformation"
10024F1D PUSH Ehsvc.100B5CB4 ASCII "{C6448B80-20D2-4026-8CCF-57B45F161020}"
10024F45 PUSH Ehsvc.100B5C98 ASCII "AllocateAndInitializeSid"
10024F54 PUSH Ehsvc.100B5C70 ASCII "{F93194B6-095A-4126-8BF5-E24DAC396ED4}"
10024F7C PUSH Ehsvc.100B5C64 ASCII "EqualSid"
10024F8B PUSH Ehsvc.100B5C3C ASCII "{9FAEA6E5-0AFF-4164-B455-7FDAAC15EF7D}"
10024FB3 PUSH Ehsvc.100B5C34 ASCII "FreeSid"
10024FC2 PUSH Ehsvc.100B5C0C ASCII "{90A458ED-64BB-484c-BE09-B5681D717E34}"
100251F7 PUSH Ehsvc.100B5DF8 ASCII "{898AAF8C-71B2-473d-B954-C662F566F5E1} %d"
1002524F MOV EDI,Ehsvc.100B5DEC ASCII "HSInfo.dat"
100252A3 PUSH Ehsvc.100B5DC0 ASCII "{809A5385-EC12-4bb7-AF1A-B2234CDAC7D4} %d"
100252F1 PUSH Ehsvc.100B5D94 ASCII "{1769CA7B-5321-4925-854D-4EB621E76912} %d"
10025461 PUSH Ehsvc.100B5D54 ASCII "{96C7AB42-0741-4e2c-AAC3-6F75D8088483} ID:%s PWD:%s gentime:%s."
100254C6 PUSH Ehsvc.100B5AF4 ASCII "AdvApi32.dll"
100254DA PUSH Ehsvc.100B5E88 ASCII "{424844CF-0AFD-4996-ADC2-9849CD324197}"
100254FF PUSH Ehsvc.100B5E7C ASCII "LogonUserA"
1002550F PUSH Ehsvc.100B5E54 ASCII "{5A31DC7B-CF4F-490b-92E2-09B011EE5F31}"
10025557 PUSH Ehsvc.100B5E24 ASCII "{037A4F8B-4682-409c-9AFA-30DB919317D7} %d"
1002588D PUSH Ehsvc.100B612C ASCII "{F93773C0-425A-4f33-9B0C-FC1BF9341BDA}"
100258AC PUSH Ehsvc.100B5AF4 ASCII "AdvApi32.dll"
100258BE PUSH Ehsvc.100B6104 ASCII "{EF0F93A8-E7D6-45ee-9752-4A27536E90CF}"
100258E9 PUSH Ehsvc.100B60F4 ASCII "LsaOpenPolicy"
100258F7 PUSH Ehsvc.100B60CC ASCII "{B2A89811-D9C1-464c-AABA-446111C4C747}"
1002591F PUSH Ehsvc.100B60B4 ASCII "LsaNtStatusToWinError"
1002592D PUSH Ehsvc.100B608C ASCII "{7FA392D4-DCE6-497d-970C-B49E46F65448}"
10025955 PUSH Ehsvc.100B6078 ASCII "LsaAddAccountRights"
10025964 PUSH Ehsvc.100B6050 ASCII "{11604283-569F-44bf-8765-3B376079C57E}"
1002598C PUSH Ehsvc.100B6044 ASCII "LsaClose"
1002599B PUSH Ehsvc.100B601C ASCII "{891102DF-5878-4fc6-B0F5-9B9F5D02BB9B}"
100259C0 PUSH Ehsvc.100B600C ASCII "NetApi32.dll"
100259D2 PUSH Ehsvc.100B5FE4 ASCII "{29FDD353-D7F2-4e82-80C6-89395E69B76F}"
100259FA PUSH Ehsvc.100B5FD0 ASCII "NetLocalGroupEnum"
10025A09 PUSH Ehsvc.100B5FA8 ASCII "{87D07C1A-07C7-47db-9ED2-8431B343F4F1}"
10025A31 PUSH Ehsvc.100B5F94 ASCII "NetApiBufferFree"
10025A40 PUSH Ehsvc.100B5F6C ASCII "{A96E1DB8-D223-43b2-BF7F-51148984EF2C}"
10025A68 PUSH Ehsvc.100B5F48 UNICODE "SeDebugPrivilege"
10025A7A PUSH Ehsvc.100B5F20 ASCII "{671F0FA2-3A5D-49d9-B522-936EB3A86F60}"
10025AB9 PUSH Ehsvc.100B5EF8 ASCII "{F3B662D1-91DB-460c-B1CC-3C5FF99F3436}"
10025B00 PUSH Ehsvc.100B5ED0 ASCII "{1CB13E56-F1CF-491f-ADB3-C7A426384EF9}"
10025B29 PUSH Ehsvc.100B5EB0 UNICODE "Administrators"
10025CFE PUSH Ehsvc.100B6244 ASCII "LookupAccountNameA"
10025D11 PUSH Ehsvc.100B621C ASCII "{A48114A9-648E-4c04-A0A8-50C1AF264904}"
10026D66 PUSH Ehsvc.100B691C ASCII "PlatformId=%d "
10026DB7 PUSH Ehsvc.100B6908 ASCII "Windows NT %d.%d "
10026DDF PUSH Ehsvc.100B68F8 ASCII "Windows 2000 "
10026DFE PUSH Ehsvc.100B68E8 ASCII "Windows .NET "
10026E09 PUSH Ehsvc.100B68DC ASCII "Windows XP "
10026E1F PUSH Ehsvc.100B68C4 ASCII "Windows Server 2003 R2 "
10026E38 PUSH Ehsvc.100B68DC ASCII "Windows XP "
10026E43 PUSH Ehsvc.100B68AC ASCII "Windows Server 2003 "
10026E6C PUSH Ehsvc.100B689C ASCII "Windows Vista "
10026E78 PUSH Ehsvc.100B6884 ASCII "Windows Server 2008 "
10026E93 PUSH Ehsvc.100B6878 ASCII "Windows 7 "
10026E9E PUSH Ehsvc.100B6860 ASCII "Windows Server 2008 R2 "
10026EB8 PUSH Ehsvc.100B684C ASCII "Windows 7 or later "
10026EC0 PUSH Ehsvc.100B6830 ASCII "Windows Longhorn or later "
10026ED0 PUSH Ehsvc.100B6820 ASCII "GetProductInfo"
10026ED5 PUSH Ehsvc.100B4B10 ASCII "Kernel32.dll"
10026F53 PUSH Ehsvc.100B6814 ASCII "Business "
10026F61 PUSH Ehsvc.100B6808 ASCII "Business N "
10026F70 PUSH Ehsvc.100B67F8 ASCII "Cluster Server "
10026F7B PUSH Ehsvc.100B67EC ASCII "Datacenter "
10026F89 PUSH Ehsvc.100B67D8 ASCII "Datacenter (core) "
10026F98 PUSH Ehsvc.100B67CC ASCII "Enterprise "
10026FA3 PUSH Ehsvc.100B67CC ASCII "Enterprise "
10026FB1 PUSH Ehsvc.100B67B8 ASCII "Enterprise (core) "
10026FC0 PUSH Ehsvc.100B67A0 ASCII "Enterprise for IA64 "
10026FCB PUSH Ehsvc.100B6794 ASCII "Home Basic "
10026FD9 PUSH Ehsvc.100B6784 ASCII "Home Basic N "
10026FE8 PUSH Ehsvc.100B6774 ASCII "Home Premium "
10026FF3 PUSH Ehsvc.100B6764 ASCII "Home Server "
10027001 PUSH Ehsvc.100B674C ASCII "Small Business Server "
10027010 PUSH Ehsvc.100B6740 ASCII "Standard "
1002701B PUSH Ehsvc.100B672C ASCII "Standard (core) "
10027029 PUSH Ehsvc.100B6720 ASCII "Starter "
10027038 PUSH Ehsvc.100B6714 ASCII "Ultimate "
10027043 PUSH Ehsvc.100B6708 ASCII "Web Server "
10027051 PUSH Ehsvc.100B66F4 ASCII "(Unknown product) "
10027060 PUSH Ehsvc.100B66DC ASCII "Storage Server Express "
1002708D PUSH Ehsvc.100B66CC ASCII "Enterprise N "
1002709B PUSH Ehsvc.100B66BC ASCII "Home Premium N "
100270AA PUSH Ehsvc.100B66A0 ASCII "Server for Small Business "
100270B5 PUSH Ehsvc.100B6680 ASCII "Small Business Server Premium "
100270C3 PUSH Ehsvc.100B6664 ASCII "Storage Server Enterprise "
100270D2 PUSH Ehsvc.100B6648 ASCII "Storage Server Standard "
100270DD PUSH Ehsvc.100B662C ASCII "Storage Server Workgroup "
100270EB PUSH Ehsvc.100B6620 ASCII "Ultimate N "
100270FA PUSH Ehsvc.100B660C ASCII "Web Server (core) "
10027105 PUSH Ehsvc.100B65D4 ASCII "Windows Essential Business Server Management Server "
1002712D PUSH Ehsvc.100B65B8 ASCII "Datacenter without Hyper-V "
1002713C PUSH Ehsvc.100B6584 ASCII "Windows Essential Business Server Messaging Server "
10027147 PUSH Ehsvc.100B6550 ASCII "Windows Essential Business Server Security Server "
10027155 PUSH Ehsvc.100B6534 ASCII "Standard without Hyper-V "
10027164 PUSH Ehsvc.100B6518 ASCII "Enterprise without Hyper-V "
10027180 PUSH Ehsvc.100B64F4 ASCII "Standard without Hyper-V (core) "
1002718E PUSH Ehsvc.100B64D0 ASCII "Datacenter without Hyper-V (core) "
1002719D PUSH Ehsvc.100B64AC ASCII "Enterprise without Hyper-V (core) "
100271B7 PUSH Ehsvc.100B6494 ASCII "Unknown Edition (0x%x) "
100271D7 PUSH Ehsvc.100B6484 ASCII "(Unlicensed) "
10027208 PUSH Ehsvc.100B6470 ASCII "Workstation 4.0 "
10027227 PUSH Ehsvc.100B6460 ASCII "Professional "
1002723A PUSH Ehsvc.100B6448 ASCII "Media Center Edition "
10027250 PUSH Ehsvc.100B6434 ASCII "Tablet PC Edition "
10027267 PUSH Ehsvc.100B6420 ASCII "Starter Edition "
1002727D PUSH Ehsvc.100B6414 ASCII "Embedded "
10027294 PUSH Ehsvc.100B6404 ASCII "Home Edition "
100272C1 PUSH Ehsvc.100B63E4 ASCII "Server 4.0, Enterprise Edition "
100272CF PUSH Ehsvc.100B63D8 ASCII "Server 4.0 "
100272F9 PUSH Ehsvc.100B63C4 ASCII "DataCenter Server "
10027310 PUSH Ehsvc.100B63BC ASCII "Server "
1002732A PUSH Ehsvc.100B63A8 ASCII "Datacenter Edition "
10027339 PUSH Ehsvc.100B6394 ASCII "Enterprise Edition "
1002734C PUSH Ehsvc.100B6384 ASCII "Web Edition "
1002735B PUSH Ehsvc.100B6370 ASCII "Standard Edition "
1002738A PUSH Ehsvc.100B6364 ASCII "ProductType"
1002738F PUSH Ehsvc.100B6334 ASCII "SYSTEM\\CurrentControlSet\\Control\\ProductOption s"
100273AB PUSH Ehsvc.100B632C ASCII "WINNT"
100273C1 PUSH Ehsvc.100B6460 ASCII "Professional "
100273D5 PUSH Ehsvc.100B6320 ASCII "LANMANNT"
100273EB PUSH Ehsvc.100B63BC ASCII "Server "
100273FF PUSH Ehsvc.100B6314 ASCII "SERVERNT"
10027411 PUSH Ehsvc.100B6300 ASCII "Advanced Server "
1002743F PUSH Ehsvc.100B62EC ASCII "GetNativeSystemInfo"
10027444 PUSH Ehsvc.100B2EF8 ASCII "kernel32.dll"
10027494 PUSH Ehsvc.100B62D8 ASCII "(Processor:0x%x) "
100274BA PUSH Ehsvc.100B62D0 ASCII "(x64) "
100274CB PUSH Ehsvc.100B62C8 ASCII "(ia64) "
100274DC PUSH Ehsvc.100B62C0 ASCII "(x86) "
10027529 PUSH Ehsvc.100B62B4 ASCII "Windows 98 "
1002753B PUSH Ehsvc.100B62B0 ASCII "SE "
1002754E PUSH Ehsvc.100B62A4 ASCII "Windows ME"
1002755C PUSH Ehsvc.100B628C ASCII "Windows ME or later "
10027570 PUSH Ehsvc.100B6280 ASCII "Windows 95 "
10027587 PUSH Ehsvc.100B6278 ASCII "OSR 2"
100275DB PUSH Ehsvc.100B6268 ASCII "%s%s (%d.%d.%d)"
100276A5 PUSH Ehsvc.100B6954 ASCII "Version"
100276AA PUSH Ehsvc.100B692C ASCII "SOFTWARE\\Microsoft\\Internet Explorer"
10027729 PUSH Ehsvc.100B69BC ASCII "HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\ %d"
10027745 PUSH Ehsvc.100B69B0 ASCII "Identifier"
1002775D PUSH Ehsvc.100B6998 ASCII "Identifier not found"
10027774 PUSH Ehsvc.100B6984 ASCII "ProcessorNameString"
1002778E PUSH Ehsvc.100B6964 ASCII "ProcessorNameString not found"
100277AD PUSH Ehsvc.100B695C ASCII "%s(%s)"
10027802 PUSH Ehsvc.100B69EC ASCII "%.1fMB"
100278CC PUSH Ehsvc.100B69FC ASCII ", "
100278E8 PUSH Ehsvc.100B69F4 ASCII "%c(%s)"
100279C6 MOV EAX,Ehsvc.100B6A1C ASCII "Yes"
100279CD MOV EAX,Ehsvc.100B6A18 ASCII "No"
100279E7 PUSH Ehsvc.100B6A00 ASCII "%s %s Administrator:%s"
10027CFF PUSH Ehsvc.100AE7D0 ASCII "%s\\%s"
10027E3C PUSH Ehsvc.100B6A28 ASCII "%uMB"
10027E6D PUSH Ehsvc.100B6A20 ASCII "%.2fGB"
10027E96 PUSH Ehsvc.100B6A28 ASCII "%uMB"
10027ECA PUSH Ehsvc.100B6A20 ASCII "%.2fGB"
10027F82 PUSH Ehsvc.100B2EF8 ASCII "kernel32.dll"
10027F95 PUSH Ehsvc.100B6A3C ASCII "GetDiskFreeSpaceExA"
10028082 PUSH Ehsvc.100B6A30 ASCII "%s (%s/%s)"
10028102 PUSH Ehsvc.100B6A94 ASCII "<(S{@&H1l)I{c>18@!.."
10028150 PUSH Ehsvc.100B6A7C ASCII "l)I{c|/a@lH$c>18@!.."
1002819E PUSH Ehsvc.100B6A6C ASCII "<ln~}lA{10I."
100281DD PUSH Ehsvc.100B6A54 ASCII "l~Ha@^:{b~saA&AaD;9-"
10028A92 PUSH Ehsvc.100B6D30 ASCII "HSUpdate.env"
10028AD7 PUSH Ehsvc.100B6D08 ASCII "{7455FFE7-629C-4b29-BF88-A499C8F53C2D}"
10028D40 PUSH Ehsvc.100B6DF0 ASCII "HackShield"
10028D5C PUSH Ehsvc.100B6DC4 ASCII "{EA788BB3-DDFD-4f2b-800F-DACBCE233473} %d"
10028DA2 PUSH Ehsvc.100B6D98 ASCII "{75BCB491-C1EA-40ce-837A-13C16D2BF200} %d"
10028EFE PUSH Ehsvc.100B7004 ASCII "{6FA6EEB3-4078-4d65-A92F-7027197309E8} %d"
10028F21 PUSH Ehsvc.100B6FEC ASCII "V3Net_GetUpdateData2"
10028F2F PUSH Ehsvc.100B6FC4 ASCII "{64A1DBC5-7207-4b0c-8E8A-75E9671F304C}"
10028F4C PUSH Ehsvc.100B6FB4 ASCII "V3Net_GetCount"
10028F5A PUSH Ehsvc.100B6F8C ASCII "{E50A8EFF-3F7F-416a-B9C9-285BDA4A2416}"
10028F77 PUSH Ehsvc.100B6F80 ASCII "V3Net_GetAt"
10028F87 PUSH Ehsvc.100B6F58 ASCII "{8D4603C5-1054-43a8-B316-E91FF2B6B161}"
10028FA4 PUSH Ehsvc.100B6F40 ASCII "V3Net_SetDestFullPath"
10028FB4 PUSH Ehsvc.100B6F18 ASCII "{CB9FDC63-6FFC-4e51-8511-BBB1F85E046D}"
10028FD1 PUSH Ehsvc.100B6F04 ASCII "V3Net_CheckFileCRC"
10028FE1 PUSH Ehsvc.100B6EDC ASCII "{A7105F50-71C6-4808-BA59-BEA6BF2E5E44}"
10028FFE PUSH Ehsvc.100B6EC4 ASCII "V3Net_CompareFileInfo"
1002900E PUSH Ehsvc.100B6E9C ASCII "{3F786D2B-F86D-4927-AD7B-3B229884E0C3}"
1002902B PUSH Ehsvc.100B6E88 ASCII "V3Net_CloseHandle"
1002903B PUSH Ehsvc.100B6E60 ASCII "{DFE4CEFE-286B-448b-8BA7-B877959196E7}"
10029068 PUSH Ehsvc.100B6E54 ASCII "EagleHorn"
10029127 PUSH Ehsvc.100B6E28 ASCII "{B2072E82-BA16-4c31-8961-A995526BB02C} %s"
1002914E PUSH Ehsvc.100B6DFC ASCII "{C5E8ADF9-9D2C-4383-BE39-52FB25CE66DD} %s"
10029266 PUSH Ehsvc.100B703C ASCII "ftp://%s:%s@%s"
10029283 PUSH Ehsvc.100B7030 ASCII "ftp://%s"
100293D7 PUSH Ehsvc.100B704C ASCII "\\Program Files"
1002968E PUSH Ehsvc.100B705C ASCII "0X"
100296A2 MOV EDI,Ehsvc.100B705C ASCII "0X"
10029832 PUSH Ehsvc.100B7128 ASCII "a2VybmVsMzI="
10029843 PUSH Ehsvc.100B7128 ASCII "a2VybmVsMzI="
10029848 PUSH Ehsvc.100B70FC ASCII "{1C96629B-7DB5-4c67-B637-23366C5BF29F} %s"
10029879 PUSH Ehsvc.100B70D0 ASCII "{2D6AEBBE-7BD9-44bc-BFFD-395A8A3F851C} %d"
100298A2 PUSH Ehsvc.100B70B8 ASCII "SXNXb3c2NFByb2Nlc3M="
100298B5 PUSH Ehsvc.100B7128 ASCII "a2VybmVsMzI="
100298BA PUSH Ehsvc.100B70FC ASCII "{1C96629B-7DB5-4c67-B637-23366C5BF29F} %s"
10029E29 PUSH Ehsvc.100B71CC ASCII "YmV0YQ=="
10029E35 PUSH Ehsvc.100B71C0 ASCII "YWxwaGE="
10029E4E PUSH Ehsvc.100B71B8 ASCII "ZGV2"
10029E78 PUSH Ehsvc.100B7194 ASCII "JWQuJWQuJWQuJXMlZChCdWlsZCAlZCk="
1002A2F8 PUSH Ehsvc.100B7288 ASCII "1;L{b;9-"
1002A314 PUSH Ehsvc.100B7278 ASCII "4<?[A<h89)&."
1002A32A PUSH Ehsvc.100B7268 ASCII "c#A[c!Ia9)&."
1002A341 PUSH Ehsvc.100B29BC ASCII "z;I{zlHw@#S8"
1002A358 PUSH Ehsvc.100B725C ASCII "A&L$@&C."
1002A372 PUSH Ehsvc.100B7248 ASCII "L+h[l=?~@_o[b~K["
1002A394 PUSH Ehsvc.100B7234 ASCII "<0L{c#L{_$L{A&Is"
1002A3F2 PUSH Ehsvc.100B7208 ASCII "{6E8F912F-41C1-439e-903F-2FD70E04D555} a %d"
10070A2F PUSH Ehsvc.100A5A30 ASCII "Microsoft Visual C++ Runtime Library"
100724BD MOV EAX,Ehsvc.100C2CDA UNICODE " ((((( H"
10072B96 PUSH Ehsvc.100A6128 ASCII "ACP"
10072BA7 PUSH Ehsvc.100A6124 ASCII "OCP"
10072D15 ADD EAX,Ehsvc.100C3154 ASCII "1252"
10072D35 ADD EAX,Ehsvc.100C314C ASCII "850"
10072D3F ADD EAX,Ehsvc.100C3148 ASCII "ESP"
10072D49 ADD EAX,Ehsvc.100C3140 ASCII "ESP"
10072D53 ADD EAX,Ehsvc.100C3134 ASCII "040a"
1007343A CMP ECX,10000 UNICODE "=::=::\\"
10073DF2 PUSH Ehsvc.100A615C ASCII "user32.dll"
10073E09 PUSH Ehsvc.100A6150 ASCII "MessageBoxA"
10073E1A PUSH Ehsvc.100A6140 ASCII "GetActiveWindow"
10073E22 PUSH Ehsvc.100A612C ASCII "GetLastActivePopup"
10074E22 PUSH Ehsvc.100A6290 ASCII "am/pm"
10074E38 PUSH Ehsvc.100A628C ASCII "a/p"
10075D0C PUSH Ehsvc.100A62C8 ASCII "1#SNAN"
10075D26 PUSH Ehsvc.100A62C0 ASCII "1#IND"
10075D37 PUSH Ehsvc.100A62B8 ASCII "1#INF"
10075D54 PUSH Ehsvc.100A62B0 ASCII "1#QNAN"
1007601A MOV DWORD PTR SS:[ESP],Ehsvc.100A6 ASCII "TZ"
1007718F MOV ESI,Ehsvc.100A6360 ASCII "string too long"
100773BB MOV ESI,Ehsvc.100A6390 ASCII "invalid string position"
10077561 MOV ESI,Ehsvc.100A63E4 ASCII "ios::badbit set"
1007756B MOV ESI,Ehsvc.100A63D0 ASCII "ios::failbit set"
10077572 MOV ESI,Ehsvc.100A63C0 ASCII "ios::eofbit set"
100778AE MOV ESI,Ehsvc.100A640C ASCII "invalid ios::iword/pword index"
1007807E MOV ESI,Ehsvc.100A6444 ASCII "bad locale name"
100781BF MOV ESI,Ehsvc.100A6444 ASCII "bad locale name"
10079438 PUSH Ehsvc.100A64F4 ASCII "0123456789abcdefABCDEF"
100799CD PUSH Ehsvc.100B7F74 ASCII "false"
100799DC PUSH Ehsvc.100B7F6C ASCII "true"
10079BF1 MOV DWORD PTR SS:[EBP+10],Ehsvc.10 ASCII "missing locale facet"
10079CCD MOV DWORD PTR SS:[EBP+10],Ehsvc.10 ASCII "missing locale facet"
10079DA9 MOV DWORD PTR SS:[EBP+10],Ehsvc.10 ASCII "missing locale facet"
10079E6D MOV DWORD PTR SS:[EBP+10],Ehsvc.10 ASCII "missing locale facet"
10079F31 MOV DWORD PTR SS:[EBP+10],Ehsvc.10 ASCII "missing locale facet"
1007B32D PUSH Ehsvc.100A6650 ASCII "bad allocation"
1007BD1A MOV ESI,Ehsvc.100A67FC ASCII "!%x"
1007C8EA PUSH Ehsvc.100B7F60 ASCII "%p"
1007CE48 PUSH Ehsvc.100A680C ASCII "%.0Lf"
1007D920 PUSH Ehsvc.100A64F4 ASCII "0123456789abcdefABCDEF"
1007E4EB PUSH Ehsvc.100B7F74 ASCII "false"
1007E4FA PUSH Ehsvc.100B7F6C ASCII "true"
1007E517 PUSH Ehsvc.100A6858 ASCII "no"
1007E523 PUSH Ehsvc.100A6854 ASCII "yes"
1007F505 MOV EAX,Ehsvc.100A685C ASCII ":Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday: Thu:Thursday:Fri:Friday:Sat:Saturday"
1007F54C MOV EAX,Ehsvc.100A68B4 ASCII ":Jan:January:Feb:February:Mar:March:Apr:April:May :May:Jun:June:Jul:July:Aug:August:Sep:September:Oc t:October:Nov:November:Dec:December"
1007FE44 MOV EAX,Ehsvc.100A6940 ASCII "$+vx"
10083E71 PUSH Ehsvc.100A6858 ASCII "no"
10083E81 PUSH Ehsvc.100A6854 ASCII "yes"
10084D42 PUSH Ehsvc.100A6AC0 ASCII ".exe"
10084D53 PUSH Ehsvc.100A6AB8 ASCII ".cmd"
10084D64 PUSH Ehsvc.100A6AB0 ASCII ".bat"
10084D75 PUSH Ehsvc.100A6AA8 ASCII ".com"
10084DAF PUSH Ehsvc.100A6ACC ASCII "?*"
10084E1F PUSH Ehsvc.100A6AC8 ASCII "./\\"
10087902 PUSH 6E32B50 (Initial CPU selection)
10088021 IMUL EBP,DWORD PTR DS:[ESI+67],Ehs ASCII 07,"TObject"
10089810 PUSH Ehsvc.10089890 ASCII "SOFTWARE\\Borland\\Delphi\\RTL"
10089844 PUSH Ehsvc.100898AC ASCII "FPUMaskValue"
1008A2DB MOV ESI,Ehsvc.100CA05C ASCII "Runtime error at 00000000"
1008A396 PUSH Ehsvc.100CA05C ASCII "Runtime error at 00000000"
1008A3B1 PUSH Ehsvc.1008A3EC ASCII "\r\n"
1008A3D0 PUSH Ehsvc.100CA054 ASCII "Error"
1008A3D5 PUSH Ehsvc.100CA05C ASCII "Runtime error at 00000000"
100AE5D0 SUB EAX,43333441 ASCII "EntryInfoW"
100AFC65 SUB EAX,43333332 ASCII "ieveUrlCacheEntryFileA"
100B060C SUB EAX,43374330 ASCII "application/x-zip-compressed"
100B1FDF CMP EAX,7E392F2A UNICODE "10412"
100B221F CMP EAX,7E392F2A UNICODE "10412"
100B8DA0 SUB EAX,43374343 ASCII "ompressed"
100B92D7 SUB EAX,43333541 ASCII "ntryStream"
100BDA20 SUB EAX,43333433 ASCII "oA"

**2698500** · 09-24-2009

i knew it was patched but he said to post it anyway. If anyone finds a bypass and it can just bypass that section if this is turned off then u can use anything. =p O well i knew it wouldnt lol.

**FORCE™** · 09-25-2009

Originally Posted by broly7

Information inside unpacked EHSCV.DLL:

Text strings referenced in Ehsvc: (I have not paste all the strings, just understanding string)

fuck me how did u get all that, anyone got a working bypass yet???

**whitten** · 09-25-2009

I did not make this at all. This is "so be it" source code for a bypass.
After he stoped hacking CA he released it publicly.
This will take some editing to get this working.
So coders feel free to take your shot

Code:

#define HS_JMP            0x63B31D
#define HS_JMP2            0x63B323

typedef int            (__cdecl *HS_GetProcAddress_t)( int hModule, int a2 );
typedef int            (__stdcall *HackshieldComm_t )( int, void*, void* );
typedef signed int    (__stdcall *KickProc_t)( int a1, int a2, int a3 );

HS_GetProcAddress_t                pHS_GetProcAddress        = NULL;
HackshieldComm_t                pHackshieldComm            = NULL;
KickProc_t                        pKickProc                = NULL;

signed int __stdcall new_KickProc( int a1, int a2, int a3 )
{
    return 1;
}

int __stdcall new_HackshieldComm( int hsCommCode, void *Param1, void *Param2 )
{
    if( hsCommCode == 4 || hsCommCode == 5 || hsCommCode == 13 ) //kill!
    {
        if( hsCommCode == 4 ) //replace kick proc
        {
            DWORD *dwParam1 = (DWORD *)Param1;

            pKickProc    = (KickProc_t)*dwParam1;
            *dwParam1    = (DWORD)new_KickProc;
        }

        int iReturn = pHackshieldComm( hsCommCode, Param1, Param2 );

        return 1;
    }

    int iReturn = pHackshieldComm( hsCommCode, Param1, Param2 );

    return iReturn;
}

void HookCommunication( EXCEPTION_POINTERS* pExceptionInfo )
{
    DWORD dwEbp        = pExceptionInfo->ContextRecord->Ebp;
    DWORD dwParam2    = 0;

    __asm
    {
        push eax;
        push edx;
        mov eax, dwEbp;
        mov edx, [eax+0xC];
        mov dwParam2, edx;
        pop edx;
        pop eax;
    }

    if( dwParam2 == 0xA ) //this is the ordinal of some export...hmm..
    {
        pHackshieldComm                        = (HackshieldComm_t)pExceptionInfo->ContextRecord->Eax;
        pExceptionInfo->ContextRecord->Eax    = (DWORD)new_HackshieldComm;
    }

    pExceptionInfo->ContextRecord->Eip        = HS_JMP2;

    return;
}

PVOID pContextHandler = NULL;

LONG WINAPI ***ExceptionHandler( EXCEPTION_POINTERS* pExceptionInfo )
{
    if( pExceptionInfo->ExceptionRecord->ExceptionCode != EXCEPTION_SINGLE_STEP )
    {
        return EXCEPTION_CONTINUE_SEARCH;
    }

    if( pExceptionInfo->ExceptionRecord->ExceptionAddress == (PVOID)HS_JMP )
    {
        HookCommunication( pExceptionInfo );
        return EXCEPTION_CONTINUE_EXECUTION;
    }

    return EXCEPTION_CONTINUE_SEARCH;
}

void InitContextHook()
{
    pContextHandler = AddVectoredExceptionHandler( 0x50BE17, ***ExceptionHandler );

    CONTEXT Context;
    Contex*****ntextFlags = CONTEXT_DEBUG_REGISTERS;
    GetThreadContext(GetCurrentThread(), &Context);
    Context.Dr0 = HS_JMP;
    Context.Dr7 = (1<<0)|(1<<2)|(1<<4)|(1<<6);
    SetThreadContext(GetCurrentThread(), &Context);
}

Also here is a simple tut for this i found by novasynth.
Have fun...

C+ is for .dll programming, and C++ is for application programming. This is in C+ format, therefore it is a Dynamic Link Library (.dll file for short). If you have a proper compiler, basically all you need to do is compile this script into a main .dll file, and then save it. Afterwards, you can inject the .dll file into combat arms or such and such and you should be able to attach a cheat engine or something to hack away at the same, finding proper hex addresses and compiling scripts. Most of the hacks now-a-days are just C+ scripts made with cheat engine, compiled with another program (god knows what) and then injected into the game as a .dll file. its the simplest and most effective way to hack these games now. ITs not that hard really, all you need to do is understand it

^^Not sure how much that helped.
But take a stab at it.

**User1** · 09-25-2009

Isn't this stuff REALLY old?

**whitten** · 09-25-2009

Originally Posted by User1

Isn't this stuff REALLY old?

not super old.
like month ago im assuming.
ik for sure the addies aren't right although the over all structure looks good.

epic fail with my merge.
oh well.

**broly7** · 09-25-2009

Thanks whitten

**lolz2much** · 09-30-2009

more files to add

screenie

virus scan
Virustotal. MD5: 4c3e0d8be223b9979d66bc070478988d

this is updated after patch

i will add in the info from the .dll files later

**Scruffy** · 09-30-2009

MPGH never ceases to amaze me.

**lolz2much** · 09-30-2009

Code:

1	0x1000d260	0x0000d260	1 (0x1)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
10	0x1000f5f0	0x0000f5f0	10 (0xa)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
12	0x1000f5b0	0x0000f5b0	12 (0xc)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
13	0x1000cfe0	0x0000cfe0	13 (0xd)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
14	0x1000f1a0	0x0000f1a0	14 (0xe)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
15	0x1000ae40	0x0000ae40	15 (0xf)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
16	0x1000f220	0x0000f220	16 (0x10)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
17	0x1000cce0	0x0000cce0	17 (0x11)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
18	0x1000f5d0	0x0000f5d0	18 (0x12)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
19	0x1000ee00	0x0000ee00	19 (0x13)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
2	0x1000f4a0	0x0000f4a0	2 (0x2)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
20	0x1000f900	0x0000f900	20 (0x14)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
21	0x1000fc10	0x0000fc10	21 (0x15)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
22	0x1000fa00	0x0000fa00	22 (0x16)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
23	0x1000da80	0x0000da80	23 (0x17)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
24	0x1000d410	0x0000d410	24 (0x18)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
25	0x1000fc40	0x0000fc40	25 (0x19)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
26	0x1000fa20	0x0000fa20	26 (0x1a)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
3	0x1000c8b0	0x0000c8b0	3 (0x3)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
4	0x1000efd0	0x0000efd0	4 (0x4)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
5	0x1000c8e0	0x0000c8e0	5 (0x5)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
6	0x1000a7c0	0x0000a7c0	6 (0x6)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
7	0x1000c900	0x0000c900	7 (0x7)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
8	0x1000f590	0x0000f590	8 (0x8)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function	
9	0x1000ce80	0x0000ce80	9 (0x9)	EHSvc.dll	D:\Nexon\Combat Arms\HShield\EHSvc.dll	Exported Function

Code:

V3Net_AddArray	0x10002d4d	0x00002d4d	1 (0x1)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_CheckFileCRC	0x10002dd8	0x00002dd8	2 (0x2)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_CloseHandle	0x10002d5d	0x00002d5d	3 (0x3)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_CompareFileInfo	0x10002d68	0x00002d68	4 (0x4)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_CompareFileInfo2	0x10002d78	0x00002d78	5 (0x5)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_CompareFileVersion2	0x10002e13	0x00002e13	6 (0x6)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_GetAt	0x10002d28	0x00002d28	7 (0x7)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_GetCount	0x10002d08	0x00002d08	8 (0x8)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_GetEngineDate	0x10002cf3	0x00002cf3	9 (0x9)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_GetFileCRC	0x10002dc3	0x00002dc3	10 (0xa)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_GetFileTime	0x10002e3c	0x00002e3c	11 (0xb)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_GetFileVersion	0x10002e23	0x00002e23	12 (0xc)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_GetLastErrorMessage	0x10002b96	0x00002b96	13 (0xd)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_GetUpdateCfg	0x10001000	0x00001000	14 (0xe)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_GetUpdateData	0x10002ccc	0x00002ccc	15 (0xf)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_GetUpdateData2	0x10002caa	0x00002caa	16 (0x10)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_IsFileEqual	0x10002d97	0x00002d97	17 (0x11)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_IsFileEqual2	0x10002da7	0x00002da7	18 (0x12)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_IsFileValid	0x10002ded	0x00002ded	19 (0x13)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_RemoveAt	0x10002d3d	0x00002d3d	20 (0x14)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_RemoveFileCRC	0x10002dfd	0x00002dfd	21 (0x15)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_SetAt	0x10002d13	0x00002d13	22 (0x16)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_SetDestFullPath	0x10002cd7	0x00002cd7	23 (0x17)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_UpdateFromFolder	0x100013a9	0x000013a9	24 (0x18)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_UpdateFromNT	0x1000178f	0x0000178f	25 (0x19)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function	
V3Net_WriteFileCRC	0x10002e08	0x00002e08	26 (0x1a)	V3Hunt.dll	D:\Nexon\Combat Arms\HShield\V3Hunt.dll	Exported Function

Code:

AhnBootInformation	0x1000b16f	0x0000b16f	1 (0x1)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnCheckBootSector	0x1000b177	0x0000b177	2 (0x2)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnCheckDefaultExtensions	0x1000124a	0x0000124a	3 (0x3)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnCheckFile	0x1000ba5e	0x0000ba5e	4 (0x4)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnCheckMemory	0x1000b160	0x0000b160	5 (0x5)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnCheckProcess	0x1000b79d	0x0000b79d	6 (0x6)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnGetBootRepairStatus	0x1000b5b9	0x0000b5b9	7 (0x7)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnGetDefaultExtensions	0x1000126b	0x0000126b	8 (0x8)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnGetEngineDate	0x100013fd	0x000013fd	9 (0x9)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnGetEngineDateString	0x1000145c	0x0000145c	10 (0xa)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnGetEngineDateValue	0x10001449	0x00001449	11 (0xb)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnGetExtRepairStatus	0x1000b287	0x0000b287	12 (0xc)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnGetRepairStatus	0x1000b1b4	0x0000b1b4	13 (0xd)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnGetVersion	0x100014f7	0x000014f7	14 (0xe)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnGetVirusFileCureData	0x1000120b	0x0000120b	15 (0xf)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnGetVirusName	0x100010d1	0x000010d1	16 (0x10)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnGetVirusName32	0x1000108c	0x0000108c	17 (0x11)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnGetVirusNameStr	0x1000116c	0x0000116c	18 (0x12)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnGetVirusNameStr32	0x100010ab	0x000010ab	19 (0x13)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnInitVaccineEngine	0x1000b600	0x0000b600	20 (0x14)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnRepairBootSector	0x1000b17e	0x0000b17e	21 (0x15)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnRepairFile	0x1000eea0	0x0000eea0	22 (0x16)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnRepairMemory	0x1000b167	0x0000b167	23 (0x17)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnSetDefaultOption	0x1000ba89	0x0000ba89	24 (0x18)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
AhnSetExtensions	0x10001295	0x00001295	25 (0x19)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
PV3CALGetInfoAddr	0x1000a0fe	0x0000a0fe	26 (0x1a)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
V3CALGetInfo	0x1000a0c2	0x0000a0c2	27 (0x1b)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
V3CALGetShowInfo	0x1000a080	0x0000a080	28 (0x1c)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
V3CALGetTotalInfoCount	0x1000a0b9	0x0000a0b9	29 (0x1d)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function	
_AhnGetFileEntry	0x1000bb9c	0x0000bb9c	30 (0x1e)	v3pro32s.dll	D:\Nexon\Combat Arms\HShield\v3pro32s.dll	Exported Function

Code:

SetMasterDatabase	0x004f8f10	0x000d8f10	1 (0x1)	CShell.dll	D:\Nexon\Combat Arms\Game\CShell.dll	Exported Function

brolly try to unpack cshell

**riceking** · 10-20-2009

I'm pretty sure detouring using ollydbg to make some functions jmp is patched, correct me if I'm wrong, and Engine.exe seems to be hard to unpack now T.T

**Azathᴏth** · 10-20-2009

Well, this is pretty effing leet, this will be very helpful when I actually START learning C++ XD

**lolz2much** · 11-19-2009

anyone ever do something with this, i didnt ave internet fr a while and just got it back

gota love wireless,

dual antena wifi card + 2 old sat tv dishes + 2 biquad antenas = one kick ass wifi system

lol im on my neibors wifi and his house is 2 miles away !!

**ROUGHS3X** · 11-19-2009

/Moved

Continue.. lol

Thread: Bypass Source Code

Thread Tools

Display

Bypass Source Code

The Following User Says Thank You to lolz2much For This Useful Post:

The Following User Says Thank You to lolz2much For This Useful Post:

The Following User Says Thank You to ROUGHS3X For This Useful Post:

Similar Threads

X-Trap Bypass Source Code

Hackshield bypass {Source code}

[Release] I Bring you.. A HACKSHIELD BYPASS Source Code

[Release] ****** DLL Source Code

HALO 2 (XBOX) Source Code

Tags for this Thread