So wie ich das sehe hilft nicht richtig, man hat immer irgendwo ein gewisses Risiko doch was zählt ist "wie mache ich das Risiko möglichst gerin"? Naja ich will eigentlich mit solchen Dingen nichts mehr zu tun haben, habe es schon einmal mit Rootkits gewissermasen ausprobiert aber ich kann es nicht weiterempfehlen. Schade das ich den Link von neji nicht fürher angeklickt habe^^
Blizzard scan hack
02/10/2007 01:39
Bloodhand#61
02/15/2007 14:31
GrimReaper91#62
This is nice very nice +k
<hr>Append on Feb 15 2007, 14:47<hr> Scan taken on 15 Feb 2007 13:35:37 (GMT)
AntiVir
Found BDS/Hupigon.Gen backdoor
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
O_o
<hr>Append on Feb 15 2007, 14:47<hr> Scan taken on 15 Feb 2007 13:35:37 (GMT)
AntiVir
Found BDS/Hupigon.Gen backdoor
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
O_o
05/20/2007 20:35
ensar#63
where hack char link? and where ss?
05/27/2007 06:53
Rawrimatrex#64
Danke!
<hr>Append on May 27 2007, 06:54<hr> Second Post! +K for you
<hr>Append on May 27 2007, 06:54<hr> Second Post! +K for you
05/30/2007 16:26
hal#65
Back on this post don't really know since i don't do reverse since daoc, but api use to scan process and dll are in psapi.dll (nt) or toolhelp32.dll (98) search into microsoft developper web site.
If you hook those functions to hide your process and the module injected into wow process area virtually warden can't detect this process.
But there are other way to detect if a process try to invade your process area
- tracking system ressource
- hooking functions
and more
For example :
- first way go to elitepvpers.com forum download hidex
- scan for particular ressource this file
- ie hooked function base adresse (like CreateSnapshoot or other)
- read some code signature
- scan where in memory the parameters myapp.exe is
- and without walking process list you can say if hidex is load and witch app is load.
The best way as somebody say upper to hide your bot it's to write it by yourself. And never give it to somebody.
If you hook those functions to hide your process and the module injected into wow process area virtually warden can't detect this process.
But there are other way to detect if a process try to invade your process area
- tracking system ressource
- hooking functions
and more
For example :
- first way go to elitepvpers.com forum download hidex
- scan for particular ressource this file
- ie hooked function base adresse (like CreateSnapshoot or other)
- read some code signature
- scan where in memory the parameters myapp.exe is
- and without walking process list you can say if hidex is load and witch app is load.
The best way as somebody say upper to hide your bot it's to write it by yourself. And never give it to somebody.
02/27/2008 12:22
lonbi#66
Hmm tread ist von jahre 2005.... ob da überhaupt noch was klapt? (hab keine zeit um 6 seiten zu lesen^^)
02/28/2008 15:41
Jayolino#67
komisch backdoor prog Oo
02/29/2008 11:25
FUKOS#68
darauf freu ich mich schon ;)Quote:
das sollten sich auch mal die neocron'ler angucken, vll. wird dadurch mein wh undetected
werd ich vll. in der nächsten release mitliefern
03/03/2008 05:29
BaGGy#69
So how exactly was this made? It sounds like you are creating a detour or a portal for the application.
Theoretically the best way for hacking would be to create a virtual machine, or abuse other virtual machines. Like creating a hack that hooks Java Virtual Machine, and then using whatever you want from it. Because JVM has complete access to everything and the capabilities to do so...
Theoretically the best way for hacking would be to create a virtual machine, or abuse other virtual machines. Like creating a hack that hooks Java Virtual Machine, and then using whatever you want from it. Because JVM has complete access to everything and the capabilities to do so...
03/08/2008 00:17
DesperadoStrike#70
wieso pusht ihr eigentlich immer wieder diesen uralten post?
03/08/2008 23:23
hans henrik#71
well nice 1 neji, id call this a rootkit thought :p (btw, i managed to find the process hidex itself after execution, not in any process with a name but i found it anyhow in processexp)
"not existing process" (wtf??) handle: \BaseNamedObjects\hideFile
and future more, it hides it (aparently) from all the processes currently running, it does not update, continue to hide from newly started processes
easy fix for that thought (bat):
whould constantly update the hiding to new processes to :p
and... was running pEiD and... why the heck do it says that its 6 diffrent "encryption signatures" in the program? o.0 ADLER32/Base64 (x3)/BLOWFISH/CRC32/PI fraction/ZLIB (x3)/ ??? ??? just some wirdo false-result, or?
"not existing process" (wtf??) handle: \BaseNamedObjects\hideFile
and future more, it hides it (aparently) from all the processes currently running, it does not update, continue to hide from newly started processes
easy fix for that thought (bat):
Code:
@echo off begin hideX TheFileToHideHere hideX TheSecoundFileToHideHere (or whatever) goto begin
and... was running pEiD and... why the heck do it says that its 6 diffrent "encryption signatures" in the program? o.0 ADLER32/Base64 (x3)/BLOWFISH/CRC32/PI fraction/ZLIB (x3)/ ??? ??? just some wirdo false-result, or?
03/15/2008 00:48
bizeps#72
ich will ja nix sagen aber das is nicht so clean is ein backdoor oben also lieber die finger davon lassen...nur ein wohlgemeinter ratschlag......
03/15/2008 01:27
Syne#73
sag lieber nichts, ist besser...
04/19/2008 12:45
xXinsaneKXx#74
WoW KEwLZ!
04/22/2008 23:21
coke100#75
i reckon