[QUESTION]About Bypass Programming

Hello everybody,
I was working on xtrap bypass development. So I got some results for x64 xtrap bypassing.

I learnt that bypassing in x64 systems has 2 steps:
1-Terminate K32EnumProcesses in kernel32 (I can make it)
2-Change the name of "X6va016" service to "X6va01"

I need help for making the second step. How can I find the address of this service ? Or it has an other way ?

Thanks~

Use Cheat Engine to find X6va016's addy.

For 32 bit, you have to show xtrap that you're using 64 bit OS.

You have to disable the memory detection as well ;)

[Only registered and activated users can see links. Click Here To Register...]

isn't that hard or?

edit:

look at 40546390. you dont need to change the string:

just edit the code here. there is also the load of the second driver:

just sayin

Quote:

Originally Posted by K1ramoX you dont need to change the string:

but its easier ;o
---------------------

[Only registered and activated users can see links. Click Here To Register...]: Just look into ProcessHacker -> Services
[Only registered and activated users can see links. Click Here To Register...]

u see the running driver (X6va017) << you have to search this string in cheatengine. you'll probably find 3/4 statics:

[Only registered and activated users can see links. Click Here To Register...]

~this is done for microvolts, in s4 its the same.. (idk the current driver name ;O)

Quote:

Originally Posted by onomato but its easier ;o --------------------- [Only registered and activated users can see links. Click Here To Register...]: Just look into ProcessHacker -> Services [Only registered and activated users can see links. Click Here To Register...] u see the running driver (X6va017) << you have to search this string in cheatengine. you'll probably find 3/4 statics: [Only registered and activated users can see links. Click Here To Register...] ~this is done for microvolts, in s4 its the same.. (idk the current driver name ;O)

By this way, X6va017 service will be still running. Doesn't it makes problem ?

Just search in memory x6va016 as string that's not that hard, maybe learn how to bypass memory scan after that ?

Quote:

Originally Posted by likapielikapie By this way, X6va017 service will be still running. Doesn't it makes problem ?

No ;o Change it to X6va111 or something idk ^.^

Quote:

Originally Posted by onomato No ;o Change it to X6va111 or something idk ^.^

When I do it, XTrap says "A program is effecting game client"
Help bro :D

Scroll up.


[Only registered and activated users can see links. Click Here To Register...](SC_HANDLE,LPCSTR lpServiceName,DWORD);
ERROR_INVALID_NAME
[Only registered and activated users can see links. Click Here To Register...](LPCTSTR,LPCTSTR,DWORD dwDesiredAccess)
ERROR_ACCESS_DENIED

There are many methods to bypass the 64-bit driver :P

Quote:

Originally Posted by Slicktor Scroll up.  Spoiler [Only registered and activated users can see links. Click Here To Register...](SC_HANDLE,LPCSTR lpServiceName,DWORD); ERROR_INVALID_NAME [Only registered and activated users can see links. Click Here To Register...](LPCTSTR,LPCTSTR,DWORD dwDesiredAccess) ERROR_ACCESS_DENIED There are many methods to bypass the 64-bit driver :P

Give me bro :)

Quote:

Originally Posted by likapielikapie When I do it, XTrap says "A program is effecting game client" Help bro :D

You do it with wich language ?

Quote:

Originally Posted by Forbidi You do it with wich language ?

Trying with AutoIT

Quote:

Originally Posted by likapielikapie Trying with AutoIT

omg. Screw AutoIt.
Learn C++ Basics and code it in C++ ffs.
AutoIT is good for basic and easy shit.

Quote:

Originally Posted by Hybrid~ omg. Screw AutoIt. Learn C++ Basics and code it in C++ ffs. AutoIT is good for basic and easy shit.

[Only registered and activated users can see links. Click Here To Register...]

So this is a shit ?