Code:
//-----------------------------------------HACKSHIELD BYPASS--------------------------------------------
#define HS_JMP 0x4A7372 //As of 24-11 (This Value is also known as the Back addy)
#define HS_JMP2 0x4A736B //As of 24-11
typedef int (__cdecl *HS_GetProcAddress_t)( int hModule, int a2 );
typedef int (__stdcall *HackshieldComm_t )( int, void*, void* );
typedef signed int (__stdcall *KickProc_t)( int a1, int a2, int a3 );
HS_GetProcAddress_t pHS_GetProcAddress = NULL;
HackshieldComm_t pHackshieldComm = NULL;
KickProc_t pKickProc = NULL;
signed int __stdcall new_KickProc( int a1, int a2, int a3 )
{
return 1;
}
int __stdcall new_HackshieldComm( int hsCommCode, void *Param1, void *Param2 )
{
if( hsCommCode == 4 || hsCommCode == 5 || hsCommCode == 13 ) //kill!
{
if( hsCommCode == 4 ) //replace kick proc
{
DWORD *dwParam1 = (DWORD *)Param1;
pKickProc = (KickProc_t)*dwParam1;
*dwParam1 = (DWORD)new_KickProc;
}
int iReturn = pHackshieldComm( hsCommCode, Param1, Param2 );
return 1;
}
int iReturn = pHackshieldComm( hsCommCode, Param1, Param2 );
return iReturn;
}
void HookCommunication( EXCEPTION_POINTERS* pExceptionInfo )
{
DWORD dwEbp = pExceptionInfo->ContextRecord->Ebp;
DWORD dwParam2 = 0;
__asm
{
push eax;
push edx;
mov eax, dwEbp;
mov edx, [eax+0xC];
mov dwParam2, edx;
pop edx;
pop eax;
}
if( dwParam2 == 0xA ) //this is the ordinal of some export...hmm..
{
pHackshieldComm = (HackshieldComm_t)pExceptionInfo->ContextRecord->Eax;
pExceptionInfo->ContextRecord->Eax = (DWORD)new_HackshieldComm;
}
pExceptionInfo->ContextRecord->Eip = HS_JMP2;
return;
}
PVOID pContextHandler = NULL;
LONG WINAPI ***ExceptionHandler( EXCEPTION_POINTERS* pExceptionInfo )
{
if( pExceptionInfo->ExceptionRecord->ExceptionCode != EXCEPTION_SINGLE_STEP )
{
return EXCEPTION_CONTINUE_SEARCH;
}
if( pExceptionInfo->ExceptionRecord->ExceptionAddress == (PVOID)HS_JMP )
{
HookCommunication( pExceptionInfo );
return EXCEPTION_CONTINUE_EXECUTION;
}
return EXCEPTION_CONTINUE_SEARCH;
}
void InitContextHook()
{
pContextHandler = AddVectoredExceptionHandler( 0x50BE17, ***ExceptionHandler );
CONTEXT Context;
Contex*****ntextFlags = CONTEXT_DEBUG_REGISTERS;
GetThreadContext(GetCurrentThread(), &Context);
Context.Dr0 = HS_JMP;
Context.Dr7 = (1<<0)|(1<<2)|(1<<4)|(1<<6);
SetThreadContext(GetCurrentThread(), &Context);
}
//-----------------------------------------END HACKSHIELD BYPASS--------------------------------------------
Is that bypass still working? And if it is, can someone tell me how to get it working, because with the address list, there is only one addie for Hackshield:
Code:
//
#include <stdio.h>
#include <windows.h>
//
// Addresses
#define Playerpointer 0x00CB2EB0
#define Serverpointer 0x00BBC578
#define OFF_NFD 0x00000320
#define OFS_STAMINA 0x0000002C
#define OFS_Z 0x0000025C
// End Addresses
/////////////////
DWORD *ingame= (DWORD*)Playerpointer;
DWORD *megame= (DWORD*)Serverpointer;
////////////////
// Code My Hacks Here //
void Jump()
{
if(GetAsyncKeyState(VK_CONTROL) &1)
{
DWORD dwPlayerPtr = *(DWORD*)Playerpointer;
if(dwPlayerPtr != 0)
{
*(float*)(dwPlayerPtr+OFS_Z) = 2500;
}
}
}
void NFD()
{
DWORD dwPlayerPtr = *(DWORD*)Playerpointer;
if(dwPlayerPtr != 0)
{
*(float*)(dwPlayerPtr+OFF_NFD) = -20000;
}
}
void Stamina()
{
DWORD dwPlayerPtr = *(DWORD*)Playerpointer;
if(dwPlayerPtr != 0)
{
*(float*)(dwPlayerPtr+OFS_STAMINA) = 100;
}
}
void HackThread()
{
for(;;)
{
if(*ingame) //Make sure we're ingame before doing anything
{
NFD();
Jump();
Stamina();
}
if(*megame)
{
// Add to this list when you add a new hack
}
Sleep(200); //DO NOT REMOVE, prevents CPU overload
}
}
BOOL WINAPI DllMain(HINSTANCE hModule, DWORD dwReason, LPVOID lpReserved)
{
if(dwReason == DLL_PROCESS_ATTACH)
{
CreateThread(0, 0, (LPTHREAD_START_ROUTINE)HackThread, 0, 0, 0); //Create Hackthread
}
return TRUE;
}
//Seemliss
That would be awesome.