Combat Arms HackShield Bypass by xStraquaz, BlackLegend
Code:
BOOL MemoryEdit (VOID *lpMem,VOID *lpSrc,DWORD len)//
{
DWORD lpflOldProtect, flNewProtect = PAGE_READWRITE;
unsigned char * pDst = (unsigned char *)lpMem,
*pSrc = (unsigned char *)lpSrc;
if (VirtualProtect(lpMem,len,flNewProtect,&lpflOldProtect))
{
while(len-- > 0) *pDst++ = *pSrc++;
return (0);
}
return (1);
}
HRESULT __fastcall CombatArms_Bypass()
{
DWORD dwEhSvc;
do
{
dwEhSvc = (DWORD)GetModuleHandleA("Ehsvc.dll");
Sleep(30);
}
while (!dwEhSvc);
MemoryEdit((void *)(dwEhSvc + 0x00737DA), (void *)"\xC3", 1);//HSCallBack1
MemoryEdit((void *)(dwEhSvc + 0x0009BC8), (void *)"\x74",1);//HSCallBack2
MemoryEdit((void *)(dwEhSvc + 0x008FCF8), (void *)"\xD2", 1);//HSNanoScan
MemoryEdit((void *)(dwEhSvc + 0x0072E3C), (void *)"\xC2\x04\x00",3);//EhsvcSelfCrC
MemoryEdit((void *)(dwEhSvc + 0x0009B30), (void *)"\xC2\x04\x00",3);//Detection
return true;
}
}
Code:
ADR_HS_CALLBACK1 0x00737DA ADR_HS_CALLBACK2 0x0009BC8 ADR_HS_NANOSCAN 0x008FCF7 ADR_HS_EHSVCSELFCRC 0x0072E3C ADR_HS_DETECTION 0x0009B30 ADR_HS_NANOCHECK1 0x00368BE ADR_HS_NANOCHECK2 0x0033D5F ADR_HS_HSANTICRASH 0x0036934 ADR_HS_ASMDETECRION 0x0026D6B ADR_HS_NANOCHECK3 0x0035DE6
