Hackshield bypass {Source code}

**jmlendez14** · 11-08-2009

again not ours its from ucforum

**brett22278** · 11-14-2009

I was wandering about this C++ stuff I am taking a class in school for C++ do you think its useful for me to stay in it, can it even help me learn how to do this or is this something you learn with countless hours of reading and working on??

**Jesus Farted {Mezo}** · 11-14-2009

Originally Posted by brett22278

I was wandering about this C++ stuff I am taking a class in school for C++ do you think its useful for me to stay in it, can it even help me learn how to do this or is this something you learn with countless hours of reading and working on??

Stick to C++ in school if you enjoy it, dont just take the class to be able to understand what the bypass does. Take C++ so you would be able to make your own stuff (hacking or non hacking related).

**randomnamekabe** · 11-14-2009

I wish I was good enough in C++ to finish coding this.

**jahsha9907** · 11-15-2009

lol i didnt understand s single thing in this source code, guess its time to learn C++ Coding

**Bombsaway707** · 11-15-2009

hmm, i understand the jist of it, ill go try and make a bypass now

**homeyG75** · 11-30-2009

Did you actually prove to anyone that your script works?

**lolmao39** · 12-30-2009

Originally Posted by headsup

Ok listen, I did not make this, I found from acid burn and changed a few details, And now im letting all you people know about it. This is not 100%, And will require some coding and changed value's; Since this is old and hackshield updated..[SIZE="5"]Anyway here it is and thanks me.

Code:

#define HS_JMP            0x63B31D
#define HS_JMP2            0x63B323

typedef int            (__cdecl *HS_GetProcAddress_t)( int hModule, int a2 );
typedef int            (__stdcall *HackshieldComm_t )( int, void*, void* );
typedef signed int    (__stdcall *KickProc_t)( int a1, int a2, int a3 );

HS_GetProcAddress_t                pHS_GetProcAddress        = NULL;
HackshieldComm_t                pHackshieldComm            = NULL;
KickProc_t                        pKickProc                = NULL;

signed int __stdcall new_KickProc( int a1, int a2, int a3 )
{
    return 1;
}

int __stdcall new_HackshieldComm( int hsCommCode, void *Param1, void *Param2 )
{
    if( hsCommCode == 4 || hsCommCode == 5 || hsCommCode == 13 ) //kill!
    {
        if( hsCommCode == 4 ) //replace kick proc
        {
            DWORD *dwParam1 = (DWORD *)Param1;

            pKickProc    = (KickProc_t)*dwParam1;
            *dwParam1    = (DWORD)new_KickProc;
        }

        int iReturn = pHackshieldComm( hsCommCode, Param1, Param2 );

        return 1;
    }

    int iReturn = pHackshieldComm( hsCommCode, Param1, Param2 );

    return iReturn;
}

void HookCommunication( EXCEPTION_POINTERS* pExceptionInfo )
{
    DWORD dwEbp        = pExceptionInfo->ContextRecord->Ebp;
    DWORD dwParam2    = 0;

    __asm
    {
        push eax;
        push edx;
        mov eax, dwEbp;
        mov edx, [eax+0xC];
        mov dwParam2, edx;
        pop edx;
        pop eax;
    }

    if( dwParam2 == 0xA ) //this is the ordinal of some export...hmm..
    {
        pHackshieldComm                        = (HackshieldComm_t)pExceptionInfo->ContextRecord->Eax;
        pExceptionInfo->ContextRecord->Eax    = (DWORD)new_HackshieldComm;
    }

    pExceptionInfo->ContextRecord->Eip        = HS_JMP2;

    return;
}

PVOID pContextHandler = NULL;

LONG WINAPI ***ExceptionHandler( EXCEPTION_POINTERS* pExceptionInfo )
{
    if( pExceptionInfo->ExceptionRecord->ExceptionCode != EXCEPTION_SINGLE_STEP )
    {
        return EXCEPTION_CONTINUE_SEARCH;
    }

    if( pExceptionInfo->ExceptionRecord->ExceptionAddress == (PVOID)HS_JMP ) 
    {
        HookCommunication( pExceptionInfo );
        return EXCEPTION_CONTINUE_EXECUTION;
    }

    return EXCEPTION_CONTINUE_SEARCH;
}

void InitContextHook()
{
    pContextHandler = AddVectoredExceptionHandler( 0x50BE17, ***ExceptionHandler );

    CONTEXT Context;
    Contex*****ntextFlags = CONTEXT_DEBUG_REGISTERS;
    GetThreadContext(GetCurrentThread(), &Context);
    Context.Dr0 = HS_JMP;
    Context.Dr7 = (1<<0)|(1<<2)|(1<<4)|(1<<6);
    SetThreadContext(GetCurrentThread(), &Context);

Do not reply, With spam , flame, Just don't reply at all.. Pm me with any question's as i Willl Be able to give you help!!.. Thank's

Here is a simple script i wrote up, But got leeched all over.. This is a bypass but will require you to add in a code to pass cshell also.. But hey this is half way done. Do not reply it doesn't work i know it does.. I am using the old RK Aimbot with TnT chams..
You need to work with this as i am not just going to pass cshell for you for the fact of choobs.. Sooooo.. Have fun And thank's me!!

Code:

/*-----------------------------------------------------------------Bypass---------------------------------------------------------*/
{
for (;;){
int EhSvc = (long)GetModuleHandleA("EhSvc.dll");
if(EhSvc !=0){
DWORD OldProtect;

int EhPtr   = 0xAF590;//Constant
int Memory1 =(EhSvc+0xB1D6C);//HS-Addy
int Memory2 =(EhSvc+0xB1D70);//Hs-Addy-Jump
int Memory3 =(EhSvc+0xB1D90);//Hs-Addy-Jump
int Memory4 =(EhSvc+0xB186C);//Hs-Addy-Jump
int Memory5 =(EhSvc+0xBE338);//Hs-Addy-Jump
int Memory6 =(EhSvc+0xBE3A4);//Hs-Addy-Jump
int Memory7 =(EhSvc+0xBE478);//Hs-Addy-Jump
int Memory8 =(EhSvc+0xBE480);//Hs-Addy-Jump
int Memory9 = (EhSvc+0xBEC90);//Hs-Addy-Jump
int Memory10 =(EhSvc+0xB9E54);//Hs-Addy-Jump
int Memory11 =(EhSvc+0xB9E48);//Hs-Addy-Jump
int Memory12 =(EhSvc+0xB9E38);//Hs-Addy-Jump
int Memory13 =(EhSvc+0xB9E04);//Hs-Addy-Jump
int Memory14 =(EhSvc+0xB9DD0);//Hs-Addy-Jump
int Memory15 =(EhSvc+0xBEC74);//Hs-Addy-Jump
int Memory16 =(EhSvc+0xB9DC8);//Hs-Addy-Jump
int Memory17 =(EhSvc+0xB9E84);//Hs-Addy-Jump
int Memory18 =(EhSvc+0xB9858);//Hs-Addy-Jump
int Memory19 =(EhSvc+0xB9888);//Hs-Addy-Jump
int Memory20 =(EhSvc+0xB98B8);//Hs-Addy-Jump
int Memory21 =(EhSvc+0xB98E8);//Hs-Addy-Jump
int Memory22 =(EhSvc+0xB1674);//Hs-Addy-Jump
int Memory23 =(EhSvc+0xB1724);//Hs-Addy-Jump
int Memory24 =(EhSvc+0xB9C54);//Hs-Addy-Jump
int Memory25 =(EhSvc+0xB16F8);//Hs-Addy-Jump
int Memory26 =(EhSvc+0xB16CC);//Hs-Addy-Jump
int Memory27 =(EhSvc+0xB16A0);//Hs-Addy-Jump
int Memory28 =(EhSvc+0xB1794);//Hs-Addy-Jump
int EhY = (EhSvc+EhPtr-0x20);//Constant
int Eh0 = (EhSvc+EhPtr-0x44);//Constant
int EhX = (EhSvc+EhPtr-0x40);//Constant

VirtualProtect((void*)(Memory1),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory1) = 4; 
VirtualProtect((void*)(Memory2),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory2) = 4; 
VirtualProtect((void*)(Memory3),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory3) = 4; 
VirtualProtect((void*)(Memory4),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory4) = 4; 
VirtualProtect((void*)(Memory5),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory5) = 4; 
VirtualProtect((void*)(Memory6),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory6) = 4; 
VirtualProtect((void*)(Memory7),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory7) = 4; 
VirtualProtect((void*)(Memory8),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory8) = 4;
VirtualProtect((void*)(Memory9),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory9) = 4; 
VirtualProtect((void*)(Memory10),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory10) = 4; 
VirtualProtect((void*)(Memory11),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory11) = 4; 
VirtualProtect((void*)(Memory12),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory12) = 4; 
VirtualProtect((void*)(Memory13),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory13) = 4; 
VirtualProtect((void*)(Memory14),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory14) = 4; 
VirtualProtect((void*)(Memory15),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory15) = 4; 
VirtualProtect((void*)(Memory16),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory16) = 4;
VirtualProtect((void*)(Memory17),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory17) = 4; 
VirtualProtect((void*)(Memory18),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory18) = 4; 
VirtualProtect((void*)(Memory19),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory19) = 4; 
VirtualProtect((void*)(Memory20),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory20) = 4; 
VirtualProtect((void*)(Memory21),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory21) = 4; 
VirtualProtect((void*)(Memory22),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory22) = 4;
VirtualProtect((void*)(Memory23),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory23) = 4; 
VirtualProtect((void*)(Memory24),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory24) = 4; 
VirtualProtect((void*)(Memory25),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory25) = 4; 
VirtualProtect((void*)(Memory26),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory26) = 4; 
VirtualProtect((void*)(Memory27),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory27) = 4; 
VirtualProtect((void*)(Memory28),0x6,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Memory28) = 4;
VirtualProtect((void*)(Eh0),0x14,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(Eh0) = 4; 
VirtualProtect((void*)(EhX),0x14,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(EhX) = 4;
VirtualProtect((void*)(EhY),0x14,PAGE_EXECUTE_READWRITE,&OldProtect); 
*(DWORD*)(EhY) = 4;
}

Sleep(5);
}
}
/*-----------------------------------------------------------------Bypass---------------------------------------------------------*/

Alwayz remember to Thank's

This needs a hell of a lot if editing...

Thread: Hackshield bypass {Source code}

Thread Tools

Display

Similar Threads

X-Trap Bypass Source Code

Bypass Source Code

[Release] I Bring you.. A HACKSHIELD BYPASS Source Code

[Release] ****** DLL Source Code

HALO 2 (XBOX) Source Code

Tags for this Thread