How I get AbnormalGamePlay
HackShield -> NormalScans on the GamePlay:
- Checking reference strings like "SuperJump", "WallHack", etc..
- Checking if the Game's memory is change
- Other scans
WarRock -> HardScans on himself:
- Checking on Server
- Checking on Game
- Checking if Hackshield is manipulated
- Checking himself
- Sending data to Server (-- Abnormal Game play if returned " x > 0 ")
How I can bypass AbnormalGamePlay Message?
A lot of people make this questions.. How.. the problem is
always how..
Simple ;D
Important Scans in HS:
0x10009B30
//Waiting command from Wr and starting to scan Server
0x10071E7C
//Waiting command from Wr and starting to scan Server
0x1007275D
//Waiting command from Wr and starting to scan Game
0x100724A3
//Waiting command from Wr and starting to scan Game
0x1006B3B2
//One of SummerByte control of HS
Important Scans in WR:
0x004DC76A
//Scanning HS (CRC)
0x00787622
//Starting Scans in Game
0x0078886F
//Starting Scans in Server
0x004558E1
//Starting AbnormalGamePlay Message
0x004DCE2D
//Starting AbnormalGamePlay Message
Now.. I think who I've solved ur question.. obviously these address not enough for bypassing, for finish ur full bypass you need blocking all check!
Why time agoo was very and very easy to bypass.. what they change? The server.
Before:
Just block a stupid address and you bypass all checks.
After:
Code:
HS >> EXE >> SERVER << EXE << HS
Here, you need find all check " >> (Send Data)" and " << (Receive Data)"
How WarRock is sending data? Simple:
Before:
Code:
mov eax, dword ptr ss:[ebp-0x10]
text eax, eax
je Number1
mov edx, dword ptr ds:[0xYYYYYY]
test edx, edx
je Number2
mov ..
add .., 2
//Here, is WARROCK to sending data on Server, the server response and is all OK.
After:
Code:
cmp dword ptr ds:[0xYYYYYY],0
je Numer1
mov edx, dword ptr ds:[0xKKKKKK]
test edx, edx
je Number2
mov ..
add .., 2
//Now is SERVER that request the data of warrock. If "0xYYYYYY" = 0, the connection to server was successfull, if you block this function, make a return on the check, other scans, make a "CRC Protection Scan" on that function. Like:
Code:
//Incremente X
Asm:
JL Np01
Np01:
xor eax, eax
inc dword ptr ds[0xYYYYYY]
mov .. , eax
C:
for(x = 0; x << 2; x++)
ResponseServer++;
Code:
//decremente X
Asm:
JL Np02
Np02:
xor eax, eax
dec dword ptr ds[0xYYYYYY]
mov ... , eax
C:
for(x = 2; x >> 2; x--)
ResponseServer--;
Code:
DWORD npResp;
void ResponseServer( int x, int y, float z, size_t v )
{
...
...
...
npResp = x;
if(SrvConnection(x,v,....,....,....)
{
fsock .. ... ...
//Make all connection with server
}
else
{
//No connection, connection fail
//Starting CRC checking
}
...
...
...
...
}
if(npResp) //No Specific action
npResp = 0;
return;
if X is >= 1 = NoServerConnection, so crash called.
If I block this "INC" and "DEC" can I bypass Abnormal? ...
NO. If you freeze the value on "=0" and you block the function, the server continue to make request to client and make crash application.
//Calling AbnormalMessage
Code:
Abnormal1 Data= 0x008267A7
Abnormal2 Addy= 0x004CE59D
if( ReponseServer == 0 )
{
*(DWORD*)&CreateCrash = Abnormal2 Addy;
CreateCrash npResponse;
npResponse = 1; //Cause Crash
}//Example!
if( ResponseServer != 0 && !< 2 )
{
*(DWORD*)&Control = Abnormal1 Data;
//Calling all BullShit
// + 1 = Sgamed
dwOpen = OpenProcess( (AutoScanClient + 1), all_security, ..)
if(dwOpen)
... //Make all his instance
.. Control = ***
else continue;
}
So.. Bypassing WR is "easy" if you reasons.. You have got all Address for bypass, but you mustn't touch WR/HS.. The question isn't "Can I bypass with only this Address?". The question is:
How I can write Address without HS / WR Detect?
Writing virtual address.. mah.. How is possible? :P Remember, WR and HS make a lot of scans, but if your dll is "invisibile", you have win.
