Resolved, thanks :D
Xtrap memory protection ?
10/27/2013 15:54
Akius#1
10/27/2013 16:49
snow#2
DWORD Scan = (DWORD)GetProcAddress(GetModuleHandleA("XtrapVa.dl l"), "XtrapVa.dll+3A9A7");
You try to retrieve the exported function XtrapVa.dll+3A9A7 but there is no such function. Therefore the result should be 0 (== nullptr). Detouring 0 will fail.
Apart from that there are other measures to prevent hacking, you'll have to disable them too (thread detection, driver and so on).
You try to retrieve the exported function XtrapVa.dll+3A9A7 but there is no such function. Therefore the result should be 0 (== nullptr). Detouring 0 will fail.
Apart from that there are other measures to prevent hacking, you'll have to disable them too (thread detection, driver and so on).
10/27/2013 17:03
Akius#3
Thanks for you answer, i will see that :) but i already tried by findpattern, i get the same results :SQuote:
DWORD Scan = (DWORD)GetProcAddress(GetModuleHandleA("XtrapVa.dl l"), "XtrapVa.dll+3A9A7");
You try to retrieve the exported function XtrapVa.dll+3A9A7 but there is no such function. Therefore the result should be 0 (== nullptr). Detouring 0 will fail.
Allready bypassed other func, the problem now is the memory protection ^^Quote:
Any other answers ?
10/27/2013 17:31
snow#4
Did you check the addresses? Are they correct? Calling convention should be correct.
This line might be another neckbreaker:
memcpy((void*)&page,(void*)0x00401000,Buffer.Regio nSize);
"page" is already your pointer, you're passing its address and memcpy tries to write to your stack or whatever but not to your allocated memory. reinterpret_cast<LPVOID>(page) should do it. :)
This line might be another neckbreaker:
memcpy((void*)&page,(void*)0x00401000,Buffer.Regio nSize);
"page" is already your pointer, you're passing its address and memcpy tries to write to your stack or whatever but not to your allocated memory. reinterpret_cast<LPVOID>(page) should do it. :)
10/27/2013 20:28
Tension#5
You are able to prevent XTrap from detecting Threads and disable the Driver but you can't create a fake ScanPage function?
btw XtrapVa.dll+3A9A7 => XtrapVa.dll Base Address + 3A9A7
btw XtrapVa.dll+3A9A7 => XtrapVa.dll Base Address + 3A9A7
10/28/2013 14:20
Akius#6
no it's not the base address :facepalm: but the addyQuote:
btw XtrapVa.dll +3A9A7 => XtrapVa.dll Base Address + 3A9A7
And disable terminatethread was just a simple api hook --'
10/28/2013 15:12
Padmak#7
I think you got him wrong, the address for your function should be the base address of XtrapVa.dll + 0x3A9A7
Padmak
Padmak
10/28/2013 23:35
Akius#8
I found the problem, thanks for your answers ^_^