turning off the kernel is way to sophisticated. as well us building up a HS that wont inject the DLL of RF.
bypassing new RFPH is very easy just do some experiment inside the
hackshield folder and thats it! nasa en-ph ^^
1st, method sa BIN. edit nyo. hanapin nyo yung "Declaration na" "Game Hack Ditected"
2nd, wag nlng kayu mag tanong kung pano. C++ gamitin nyo.
"UPX" ang pag pack nila sa RF exe. nandun lahat kailangan nyo. enjoy.
as you notice inside the hackshield folder may mga
nadagdag na files just do something to this new 3 folder...
and xmpre sa files na psapi.dll and EHsvc.dll.. i know u knew it...
what i did is to make a dummy files or to fool the game that it really uses the real hackshield.
Let's start with the files that come along with hackshield, these are:
- EhSvc.dll
the main Hackshield file, contains the HackShield class used by Engine.dll,
does the basic functions like loading/unloading its kernel mode driver, file integrity scanning,
memory integrity scanning. the checksum generated by the
integrity scans are used to authenticate with the game-server
- v3warpns.v3d and v3warpds.v3d
contain each a kernel mode driver (.sys file) in encrypted from, one v3d contains a
win9x driver the other a winNT driver.
once the driver has been loaded it will protect the ro process from being accessed
(read/write) by every non-kernel mode programm
(example: taskmanager)
- v3pro32s.dll
i didn't look at it yet, but i suspect it to be the loader for the .sys driver files (.v3d files)
maybe not written by Hackshield creators
- EGRNAP.dll and EGRNAPX2.dll
ahhnlab "anti-virus" scanning libs, probably used to scann for programms like packet sniffers,
memory editors etc
- Hshield.log
produced by EhSvc.dll, its encrypted with an evolving XOR key, i've reversed that algo,
its included in my hackshield emu source & there's a ready to use decryption tool in SagaTools,
however it doesn't contain much useful info
(basically logs detections/checksum errors for gravity/hackshield to investigate)
- psapi.dll
a proccess helper library by Microsoft, nothing special
clue :
1. bypass HS.
2.edit rf bin. (EHSvc.dll related)
3.edit rf.exe using XVI32 [launcher] (edit it so the patcher wont patch your edited HS folder)
Check nio ha sa en-ph folder ng rf eh may mga hidden files which is a process status helper.
Hindi katulad dati na 3 lang ang DLL, ngaun more than 10 na. CCR put it there for a reason.
Hindi lang psapi.dll ang tumatakbo ngaun madami pa.
Ung iba naddc kahit ma bypass pa nila kasi ngaun may server side checks na ginagawa ang server ng LU
per client na nakakonek sa kanila so if 1 of the DLL's doesn't respond, disconnected kayo.
ALL THOSE THINGS WAS IDEAS COMBINED IM THIS FORUM....
PAG USAPAN NATIN PARA MAGAWA NA