How to make a process don´t call TerminateProcess API?

Hi people,i have a question.
What can i do to game don´t call API TerminateProcess?
I´m asking this because i found a way disable xtrap loading,i can load game without it,but,a few minutes later game closes itself,what could i do to avoid it?
I was thinking writing a dll that NOP These calls used by game,BUT,i don´t know how to do it exactly and if it it will work.

I'm not sure if you even can... Terminateprocess API is a function made to run the game processes, so you can't do anything about it. Tell me if i'm wrong. I'm new at this shit..

@scodeih: TerminateProcess is not to 'run' but to 'terminate' the process. So the idea of the thread creator is to avoid calls to TerminateProcess so the process won't close, even if XCrap detected a cheat program.

I don't think it will be enough to just avoid TerminateProcess / ExitProcess as this would be way to easy.
Get the address of the function (Exit- or TerminateProcess) via GetProcAddress & GetModuleHandle or hardcode the address (works fine as afaik kernel32 won't change its base address). Now overwrite the first bytes of the function with a 'ret' statement, so that the function will instantly return instead of doing what it should do. But keep in mind that the winapi uses stdcalls, so the ret statement has to clean up the stack. So you have to write 'ret <size of all function params in bytes>', which would be 'ret 4' for ExitProcess and 'ret 8' for TerminateProcess.
In opcodes these statement would be C2 0400 for 'ret 4' and C2 0800 for 'ret 8'.
Of course you could install a hook at the functions instead of simply overwriting the first bytes but this would be more difficult and can't be done from an external process.
Hope it helps and don't hesitate to PM me if you got a question ;)
Jeoni

Thanks for the info ^^
Have a nice day.

Disabling XTrap isn't that easy, the server expects some keep alives packets and if they're not processed & sent after some time (~2 minutes) you'll get a disconnect / ban.
Also there's no point in removing the TerminateProcess function, it's a function that gets called when the server already made his decision about the client..

@Jeoni: Don't know if it's in general but I had to deal with changing kernel32 function addresses recently..

Quote:

Originally Posted by snow911 Disabling XTrap isn't that easy, the server expects some keep alives packets and if they're not processed & sent after some time (~2 minutes) you'll get a disconnect / ban. Also there's no point in removing the TerminateProcess function, it's a function that gets called when the server already made his decision about the client.. @Jeoni: Don't know if it's in general but I had to deal with changing kernel32 function addresses recently..

Hey man,i´m trying this because i have a function which makes my char imortal,(it locks HP,MP,STM)if i run my dll, xtrap detects it on log in screen "abnormal acess memory",but,i have a bypass Xtrap which lets me inject my dll.and i can use it for 1 or 2 minutes and i get kicked of.
the offsets that i have to use in this function i received from a friend that make hacks for priston,but he make his hacks using DELPHI, theses offsets work with Delphi ,(i don´t know why xtrap don´t detect it)but in C++ it gets catched by xtrap,i think maybe i have to inject code before AC loads?
or even if i inject the code before AC loads it will be detected?but how it work with others?And i have other functions on my hack that works normally,teleport,hairstyle,hp,mp,stm regen,but i wanna make that "lock" hp,mp,stm function work .

Pointless. You have to fight the origin of that decision, not the symptom.

Quote:

Originally Posted by MrSm!th Pointless. You have to fight the origin of that decision, not the symptom.

Explain it better.
anyway,cool sign.

EDIT: just read snows post.
Seems like XTrap is sending heartbeats to the server, since you removed it, they wont be sent.
the server notes this and kicks you - you cant prevent this, however you might be able to fake the heartbeats of xtrap or make your code undetected and let xtrap run normally.

Quote:

Originally Posted by Cr4ck3r385 Explain it better. anyway,cool sign.

When TerminateProcess is called the decision to close the game has been made long before.
When you just skip that API function, the game will simply stop working, because it expects the process to be closed.