here's my old xc3 bypass source code , all patterns + addies and 2 crc's/detects are removed , only offsets included in the source
this works for CF BR too , if u still have the old few patterns i posted u should be able to make it work
the bypass works fine , u can use any cheat engine as you like and do breakpoints..etc
Code:
void After()
{
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
WriteProcessMemory(hProcess, (LPVOID)(xem_base + 0x00000), "\x00\x00\x00\x00\x00\x00", 6, NULL);
WriteProcessMemory(hProcess, (LPVOID)(xem_base + 0x000000), "\x00\x00\x00", 3, NULL);
int v_size = (int)Results.size();
for (int i = 0; i < v_size; i++)
{
DWORD *Result32 = Results[i];
if (i == 0)
{
for (int j = 0; j < v_size_s[i]; j++)
{
if (Result32[j] << 20 >> 20 == 0x5CC)
{
printf("check 3\n");
//removed , show me ur skills son : )
printf("writing_1...\n");
}
}
printf("\n");
}
if (i == 1)
{
for (int j = 0; j < v_size_s[i]; j++)
{
if (Result32[j] << 20 >> 20 == 0xAC5)
{
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
WriteProcessMemory(hProcess, (LPVOID)(Result32[j] + 0xF), "\x00\x00\x00\x00\x00\x00", 6, NULL);
DWORD calling_addr = mem->GetCall(Result32[j] + 0x126);
calling_addr = mem->GetCall(calling_addr + 6);
WriteProcessMemory(hProcess, (LPVOID)(calling_addr + 6), "\x00\x00\x00", 3, NULL);
count2++;
printf("writing_2...\n");
}
}
printf("\n");
}
if (i == 2)
{
for (int j = 0; j < v_size_s[i]; j++)
{
if (Result32[j] << 20 >> 20 == 0x255)
{
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
printf("writing_4...\n");
count2++;
}
}
printf("\n");
}
if (i == 3)
{
for (int j = 0; j < v_size_s[i]; j++)
{
if (Result32[j] << 20 >> 20 == 0xDC5)
{
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
printf("writing_5...\n");
count2++;
}
}
printf("\n");
}
if (i == 4)
{
for (int j = 0; j < v_size_s[i]; j++)
{
if (Result32[j] << 20 >> 20 == 0x537)
{
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
printf("writing_6...\n");
count2++;
}
}
}
if (i == 5)
{
for (int j = 0; j < v_size_s[i]; j++)
{
if (Result32[j] << 20 >> 20 == 0x462)
{
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
WriteProcessMemory(hProcess, (LPVOID)Result32[j], "\x00\x00\x00\x00\x00\x00\x00\x00", 8, NULL);
WriteProcessMemory(hProcess, (LPVOID)(Result32[j] - 9), "\x00\x00\x00\x00\x00", 5, NULL);
printf("detect_1...\n");
count2++;
}
}
}
if (i == 6)
{
for (int j = 0; j < v_size_s[i]; j++)
{
if (Result32[j] << 20 >> 20 == 0x92)
{
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
printf("detect_2...\n");
count2++;
}
}
}
if (i == 8)
{
for (int j = 0; j < v_size_s[i]; j++)
{
if (Result32[j] << 20 >> 20 == 0x471)
{
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
printf("detect_3 %X...\n", Result32[j]);
count2++;
}
}
}
}
}
void Bypass()
{
//use ur own memory template/patterns
mem->FindPatten32("crossfire", 0x0, 100, "\x00\x00\x00", 3);
for (;;)
{
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
mem->Suspend(true);
//crc_1
mem->FindPatten32("crossfire", 0x04000000, 0x10000000, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9);
for (int i = 0; i < mem->v_size; i++)
{
if (mem->Result32[i] << 20 >> 20 == 0x5CC)
{
if (ft == 0)
{
ft = 1;
mem->Suspend(false);
Sleep(6550);
mem->Suspend(true);
printf("start to find patterns\n");
}
i = 0;
mem->FindPatten32("crossfire", 0x04000000, 0x10000000, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9);
Results.push_back(mem->Result32);
v_size_s[0] = mem->v_size;
kissmyass = 1;
break;
}
}
//crc_2
//removed , do it by urself and stop leeching
//crc_4
//removed , do it by urself and stop leeching
mem->FindPatten32("crossfire", 0x04000000, 0x10000000, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 18);
Results.push_back(mem->Result32);
v_size_s[3] = mem->v_size;
mem->FindPatten32("crossfire", 0x04000000, 0x10000000, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 10);
Results.push_back(mem->Result32);
v_size_s[4] = mem->v_size;
//detect_1
mem->FindPatten32("crossfire", 0x04000000, 0x10000000, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 11);
Results.push_back(mem->Result32);
v_size_s[5] = mem->v_size;
//detect_2
//removed , do it by urself and stop leeching
//detect_3
mem->FindPatten32("crossfire", 0x0A000000, 0x10000000, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 10);
Results.push_back(mem->Result32);
v_size_s[7] = mem->v_size;
if (kissmyass == 1)
{
mem->Suspend(false);
Sleep(2320);
mem->Suspend(true);
printf("Starting ! \n");
After();
printf("Bypassed !\n");
mem->FindPatten32("crossfire", 0x0A000000, 0x10000000, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 15);
for (int i = 0; i < mem->v_size; i++)
{
if (mem->Result32[i] << 20 >> 20 == 0xD8A)
{
}
}
//u can use it to inject ur dll too ex : Inject(PID, "D:\\my_hack.dll");
mem->Suspend(false);
Sleep(-1);
exit(0);
break;
}
mem->Suspend(false);
Sleep(100);
}
}