plz delete thes source, cause the GM-s in the game will repair this and wont work anymore! Thx
[Release]: Hackshield bypass.
08/25/2008 23:54
MADR4T#61
08/26/2008 00:00
Rostix90#62
Yea, del this and help me anyone in hexing russian game .exe))))
08/27/2008 08:30
Rostix90#63
It's a normal error the game works whit it, and it means that hackshield is off
08/27/2008 14:53
MrWise#64
No the game didnt work with it otherwise I obviously wouldnt have bothered making a reply, I just mistyped a byte on one of the offsets-Quote:
It's a normal error the game works whit it, and it means that hackshield is off
when I typed in the proper bytes/offsets it works fine :)
08/27/2008 17:59
Layka0#65
then why dont u just post fixed exe for others to use it too :D?Quote:
08/27/2008 18:56
clearscreen#66
You can easily do it yourself in 2 minutes, just get XVI, Ctrl+G, hexadecimal address, replace the bytes, CTRL + SQuote:
done :)
08/27/2008 20:14
Layka0#67
honestly ive tried to do so , but seems im doing something wrong :(
And i just dont see a problem in posting fixed.exe :)
so if u got it all working , so don't be a **** and share it with others :D
And i just dont see a problem in posting fixed.exe :)
so if u got it all working , so don't be a **** and share it with others :D
08/27/2008 21:03
erniee#68
This is the fixed english client .exe
I wouldn't count on it working after the client update coming up adding the new race.
I wouldn't count on it working after the client update coming up adding the new race.
08/27/2008 21:20
Layka0#69
thx Erniee
So i was doing everything right, but it still creates HackShield Shadow User - and i thought it shoulnd
Anyway it doesnt allow hackshield to work properly - and thats all we need :)
So i was doing everything right, but it still creates HackShield Shadow User - and i thought it shoulnd
Anyway it doesnt allow hackshield to work properly - and thats all we need :)
09/03/2008 03:29
hilete#70
[edited post]
modded russian version, the game starts and runs. with random CTD and disconnects. do you guys have the same results with english version?
some advanced bot would be great, but I'll be satisfied with auto-<tab>-and-<f>-press (then place our char near respawn of a single mob), that works with HS OFF, and doesn't with HS ON.
for those interested, for tabbing (selecting next enemy), I use this code
//for key down
INPUT inp[1];
memset(inp,0,sizeof(INPUT));
inp[0].type = INPUT_KEYBOARD;
inp[0].ki.wScan = 0x040F;
inp[0].ki.wVk = VK_TAB;
SendInput(1, inp, sizeof(INPUT));
//for key up
INPUT inp[1];
memset(inp,0,sizeof(INPUT));
inp[0].type = INPUT_KEYBOARD;
inp[0].ki.dwFlags |= KEYEVENTF_KEYUP;
inp[0].ki.wScan = 0x040F;
inp[0].ki.wVk = VK_TAB;
SendInput(1, inp, sizeof(INPUT));
it's set on WM_TIMER, so every now and then we check for our next enemy to fight with.
to press other keys, check [Only registered and activated users can see links. Click Here To Register...] for scancodes DirectInput needs (DIKEYBOARD_F, for example. but use 2 first bytes, so for autopressing F, use 0x0421, and not 0x81000421). luck.
modded russian version, the game starts and runs. with random CTD and disconnects. do you guys have the same results with english version?
some advanced bot would be great, but I'll be satisfied with auto-<tab>-and-<f>-press (then place our char near respawn of a single mob), that works with HS OFF, and doesn't with HS ON.
for those interested, for tabbing (selecting next enemy), I use this code
//for key down
INPUT inp[1];
memset(inp,0,sizeof(INPUT));
inp[0].type = INPUT_KEYBOARD;
inp[0].ki.wScan = 0x040F;
inp[0].ki.wVk = VK_TAB;
SendInput(1, inp, sizeof(INPUT));
//for key up
INPUT inp[1];
memset(inp,0,sizeof(INPUT));
inp[0].type = INPUT_KEYBOARD;
inp[0].ki.dwFlags |= KEYEVENTF_KEYUP;
inp[0].ki.wScan = 0x040F;
inp[0].ki.wVk = VK_TAB;
SendInput(1, inp, sizeof(INPUT));
it's set on WM_TIMER, so every now and then we check for our next enemy to fight with.
to press other keys, check [Only registered and activated users can see links. Click Here To Register...] for scancodes DirectInput needs (DIKEYBOARD_F, for example. but use 2 first bytes, so for autopressing F, use 0x0421, and not 0x81000421). luck.
09/05/2008 03:57
MrWise#71
lemme look at your requiem.exeQuote:
modded russian version, the game starts and runs. with random CTD and disconnects. do you guys have the same results with english version?
some advanced bot would be great, but I'll be satisfied with auto-<tab>-and-<f>-press (then place our char near respawn of a single mob), that works with HS OFF, and doesn't with HS ON.
for those interested, for tabbing (selecting next enemy), I use this code
//for key down
INPUT inp[1];
memset(inp,0,sizeof(INPUT));
inp[0].type = INPUT_KEYBOARD;
inp[0].ki.wScan = 0x040F;
inp[0].ki.wVk = VK_TAB;
SendInput(1, inp, sizeof(INPUT));
//for key up
INPUT inp[1];
memset(inp,0,sizeof(INPUT));
inp[0].type = INPUT_KEYBOARD;
inp[0].ki.dwFlags |= KEYEVENTF_KEYUP;
inp[0].ki.wScan = 0x040F;
inp[0].ki.wVk = VK_TAB;
SendInput(1, inp, sizeof(INPUT));
it's set on WM_TIMER, so every now and then we check for our next enemy to fight with.
to press other keys, check [Only registered and activated users can see links. Click Here To Register...] for scancodes DirectInput needs (DIKEYBOARD_F, for example. but use 2 first bytes, so for autopressing F, use 0x0421, and not 0x81000421). luck.
09/05/2008 14:39
hilete#72
Requiem.rar:
Upload of file failed. :(
pm your email pls, i'll send it to you right away.
i've more to add, actually. there're plenty of checks in other places (at least 2 more i've found, and a thorough look through code gave a feeling that there are more), except those mentioned above. what's more, i've read that hackshield uses various crc verifications, even sends some data to server. if true, bypassing HS by jmp'ing over some checks isn't a solution. found even some sources emulating HS (need to replace HS with compiled dlls). then, did some research myself. found some hooks on Native APIs, in SSDT and Shadow System Service Table (NtUserSendInput, NtOpenProcess, NtWriteVirtualMemory etc). disabling hooks helps for some time, but looks like there are constant checks, so if done - HS detects it and disconnect occurs. found a solution to alike problem with game guard.
more research is needed. looks like in the end i'll have to write a driver to bypass goddamn hooks.
the question for me right now is "is it possible to call NtUserSendInput bypassing a Hook from ring3". but to solve it - i can't find, which library exports this function? it must be win32k.sys, but it isn't there according to exports table (at least dumpbin.exe says so, dependecies walker says so, and LoadProcAddress() thinks so)!
Upload of file failed. :(
pm your email pls, i'll send it to you right away.
i've more to add, actually. there're plenty of checks in other places (at least 2 more i've found, and a thorough look through code gave a feeling that there are more), except those mentioned above. what's more, i've read that hackshield uses various crc verifications, even sends some data to server. if true, bypassing HS by jmp'ing over some checks isn't a solution. found even some sources emulating HS (need to replace HS with compiled dlls). then, did some research myself. found some hooks on Native APIs, in SSDT and Shadow System Service Table (NtUserSendInput, NtOpenProcess, NtWriteVirtualMemory etc). disabling hooks helps for some time, but looks like there are constant checks, so if done - HS detects it and disconnect occurs. found a solution to alike problem with game guard.
more research is needed. looks like in the end i'll have to write a driver to bypass goddamn hooks.
the question for me right now is "is it possible to call NtUserSendInput bypassing a Hook from ring3". but to solve it - i can't find, which library exports this function? it must be win32k.sys, but it isn't there according to exports table (at least dumpbin.exe says so, dependecies walker says so, and LoadProcAddress() thinks so)!
09/05/2008 16:09
Layka0#73
I have same results with russian server, with original exe and with fixed exe, using same offests as for english version.Quote:
modded russian version, the game starts and runs. with random CTD and disconnects. do you guys have the same results with english version?
I reckon that problem is with russian server itself not with those
offest, offsets do work fine with russian exe.
another problem that server has problem with connection ,ans as u can see a lot of ppl on their unofficial game forum have the same problems -unable to connect to the server and every 5 secs DC.
09/06/2008 03:57
hilete#74
i doubt that it's tech problems, more likely it's HS in work. original exe works fine, very rare CTDs and DCs. hacked exe crashes and disconnects in a few minutes.
09/06/2008 04:20
Layka0#75
of coz u can doubt ,
but myself i have same problems connecting and playing russian server with original exe and with fixed exe.
russian sever is just sucking all the way ,ive tried playing there, i have 26 lvl SH
and i cant play ther even with orig exe same shit happens DC - unable to connect etc
ill repeat myself its just a server, offsets working pretty nice,
but myself i have same problems connecting and playing russian server with original exe and with fixed exe.
russian sever is just sucking all the way ,ive tried playing there, i have 26 lvl SH
and i cant play ther even with orig exe same shit happens DC - unable to connect etc
ill repeat myself its just a server, offsets working pretty nice,