Hackshield Bypass
I've been working on a full blown hackshield bypass for a few days now and I'm having trouble understanding what to do exactly. At first I tried a trial and error of nulling random Eagle.sys functions;
** ** ** ** ** ** ** ** //ZwAllocateVirtualMemory
** ** ** ** ** ** ** ** //NtQueryInformationProcess
** ** ** ** ** ** ** ** //NTWriteVirtualMemory
** ** ** ** ** ** ** ** //ZwReadVirtualMemory
** ** ** ** ** ** ** ** //ZwTerminateProcess
** ** ** ** ** ** ** ** //ZwProtectVirtualMemory
** ** ** ** ** ** ** ** //ZwTerminateThread
Etc.
My results were that when I NOP'd then in certain orders and groups I'd get general HS errors such as;
Cannot Update Hackshield
Cannot Execute Hackshield
Cannot Terminate Hackshield
I then went on to try and detour the system functions with what little knowledge I had at the time and it resulted in the client instantly crashing. After some more research I understood that the Eagle.sys functions were called by EHSVC ( I already knew of it but didn't put to much mind to it ), ultimately causing them to function as such. My current question standing is :
What should I detour? Which EHSVC function's correspond to what? Is there a analysis of them anywhere?
IE ;
jg EHSvc.dll+E879D
EHSvc.dll+E87BF
I know those jump to certain addresses but what am I supposed to do with what? The game I'm working with has a fairly simple HS so I can read the clients memory flawlessly.
PS : I've tried having HS simply not run with the client but after a minute or so I'm kicked from the server ( disconnected ), I've tried searching for the command/function causing that but my results were nothing. I've also tried just going for a CRC bypass but I again don't understand what to modify or how to even find the CRC addresses.