[Tutorial] Hackshields mit AutoIt bypassen

Page 2 of 2 1 2
05/25/2013 15:18 K1ramoX#16
Quote:
Originally Posted by carlox02 View Post
So the number 90, is every asm nop function, and all you have to do is change the number 90 in the script, to the one that has nop?
like if the nop's were on 96, I had to change it to 96 on the script?
90 is the byte for nop (no operation), you dont have to change it. but you can change the bytes to:

Code:
55 8B EC 8B 45 10 C7 00 00 00 00 00 B8 01 00 00 00 5D C2 0C 00
you get this asm code:

Code:
push ebp
mov ebp,esp
mov eax,[ebp+10]
mov [eax],00000000
mov eax,00000001
pop ebp
ret 000C
wich is the same like this c++ code:

Code:
*pBytesReturned = 0;
return TRUE;
but i think many hackshields will detect this. more infos about the api you can get [Only registered and activated users can see links. Click Here To Register...]

If this all is detected go to the K32EnumProcesses api (at enumprocesses + 7 is a jmp to this api) and do the same there. maybe there isnt a check.
05/25/2013 21:49 carlox02#17
I wanna know only for xtrap, S4 League for the change, on the autoIt script, there's the 90 byte witch is nop(no operation), that byte is the one that detects, or is it the enum?
05/31/2013 00:22 OoS4KingoO#18
das dauert zu lange Könnt ihr nicht einfach nen Bypass Erstellen ?!?!?
Page 2 of 2 1 2