HS bypass

04/06/2014 03:01 i.like.potatoes#1
is there any working HS bypass at the moment?
thanks:handsdown:
04/06/2014 06:07 Domino™#2
Not for you. I don't want to just give you the code and the includes. But here you go.

Code:
DWORD dwMAIN_THREAD;
DWORD dwLMP_HACKSHIELD_THREAD;
DWORD dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1;
DWORD dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2;
DWORD dwCHECK_INTEGRITY_HACKSHIELD_THREAD;
DWORD dwKDTRACE_HACKSHIELD_THREAD;

DWORD dwLMP_HACKSHIELD_THREAD_EVENT;
DWORD dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1_EVENT;
DWORD dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT;
DWORD dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT;

DWORD dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL;
DWORD dwHACKSHIELD_CALL_TO_CREATE_THREAD;


#define INRANGE(x,a,b)  (x >= a && x <= b) 
#define getBits( x )    (INRANGE((x&(~0x20)),'A','F') ? ((x&(~0x20)) - 'A' + 0xa) : (INRANGE(x,'0','9') ? x - '0' : 0))
#define getByte( x )    (getBits(x[0]) << 4 | getBits(x[1]))

    VIRTUALIZER1_START
    dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT = **(DWORD **)(dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT + 2);
    oZwSetEvent((HANDLE) dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT, 0);
    VIRTUALIZER1_END
    while(bThreadTerminate == false)
        Sleep(1000);
}

MODULEINFO GetModuleInfo ( LPCTSTR lpModuleName )
{
    
    MODULEINFO miInfos = { NULL };

    HMODULE hPSAPI_module;

    if(!GetModuleHandleA(/*psapi.dll*/XorStr<0x83,10,0x958DA3D8>("\xF3\xF7\xE4\xF6\xEE\xA6\xED\xE6\xE7"+0x958DA3D8).s))
    {
        VIRTUALIZER1_START
        char szSystemPath[MAX_PATH];
        GetWindowsDirectory(szSystemPath, MAX_PATH);
        char szPSAPIDLLPath[MAX_PATH];
        sprintf(szPSAPIDLLPath, /*%s\\system32\\psapi.dll*/XorStr<0x36,22,0x2421358F>("\x13\x44\x64\x4A\x43\x48\x48\x58\x53\x0C\x72\x1D\x32\x30\x25\x35\x2F\x69\x2C\x25\x26"+0x2421358F).s, szSystemPath);
        //char *szSystemPath = new char[MAX_PATH] = getenv(/*SystemRoot*/XorStr<0x7F,11,0xFE364ABD>("\x2C\xF9\xF2\xF6\xE6\xE9\xD7\xE9\xE8\xFC"+0xFE364ABD).s);
        //sprintf(szSystemPath, /*%s\\system32\\psapi.dll*/XorStr<0xD9,22,0xFE6A7D9B>("\xFC\xA9\x87\xAF\xA4\xAD\xAB\x85\x8C\xD1\xD1\xB8\x95\x95\x86\x98\x80\xC4\x8F\x80\x81"+0xFE6A7D9B).s, szSystemPath);
        hPSAPI_module =  LoadLibrary(szPSAPIDLLPath);
        VIRTUALIZER1_END
    }
    else
        hPSAPI_module = GetModuleHandleA(/*psapi.dll*/XorStr<0xC0,10,0xF54899B1>("\xB0\xB2\xA3\xB3\xAD\xEB\xA2\xAB\xA4"+0xF54899B1).s);

    if (!hPSAPI_module)
        return miInfos;

    HMODULE hmModule = GetModuleHandle(lpModuleName); 

    typedef DWORD ( __stdcall *tGetModuleInformation)( HANDLE, HMODULE, LPMODULEINFO, DWORD );
    tGetModuleInformation oGetModuleInformation = (tGetModuleInformation) (GetProcAddress(hPSAPI_module, /*GetModuleInformation*/XorStr<0x51,21,0x2BAEFCCD>("\x16\x37\x27\x19\x3A\x32\x22\x34\x3C\x13\x35\x3A\x32\x2C\x32\x01\x15\x0B\x0C\x0A"+0x2BAEFCCD).s));
    oGetModuleInformation(GetCurrentProcess(), hmModule, &miInfos, sizeof ( MODULEINFO ));

    return miInfos;

    
}

void InitializeHSBypass(void)
{
    while(!GetModuleHandleA(/*EhSvc.dll*/XorStr<0x68,10,0x6EB6F07E>("\x2D\x01\x39\x1D\x0F\x43\x0A\x03\x1C"+0x6EB6F07E).s) )
    Sleep(100);

    mEngine = GetModuleInfo(0);
    mEhSvc = GetModuleInfo(/*EhSvc.dll*/XorStr<0x52,10,0x1A77CE04>("\x17\x3B\x07\x23\x35\x79\x3C\x35\x36"+0x1A77CE04).s);

    dwMAIN_THREAD = (DWORD) FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC ?? 53 56 57 89 65 ?? FF 35*/XorStr<0x21,120,0x2DDE4771>("\x14\x17\x03\x1C\x67\x06\x62\x6B\x09\x1C\x6A\x0C\x6B\x68\x0F\x06\x09\x12\x0C\x0B\x15\x09\x08\x18\x06\x05\x1B\x03\x02\x1E\x09\x78\x61\x7D\x7C\x64\x7A\x79\x67\x77\x76\x6A\x74\x73\x6D\x78\x7B\x70\x10\x63\x73\x64\x65\x76\x67\x68\x79\x6A\x6B\x7C\x6D\x6E\x7F\x55\x51\x42\x55\x50\x45\x5E\x5E\x48\x5B\x5F\x4B\x5C\x5D\x4E\x5F\x40\x51\x42\x43\x54\x45\x46\x57\x40\x4A\x5A\x3E\x3F\x5D\x41\x40\xA0\xB4\xB1\xA3\xB1\xB3\xA6\xB2\xBF\xA9\xB2\xB2\xAC\xBB\xBB\xAF\xAF\xAE\xB2\xD5\xD2\xB5\xA5\xA2"+0x2DDE4771).s);

    dwLMP_HACKSHIELD_THREAD = (DWORD) FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC 53 56 57 E9*/XorStr<0x65,21,0x321AD150>("\x50\x53\x47\x50\x2B\x4A\x2E\x2F\x4D\x5B\x5C\x50\x44\x44\x53\x41\x42\x56\x32\x41"+0x321AD150).s );
    dwLMP_HACKSHIELD_THREAD = dwLMP_HACKSHIELD_THREAD + 0x1;
    dwLMP_HACKSHIELD_THREAD = (DWORD) FindPattern( (DWORD)dwLMP_HACKSHIELD_THREAD, (DWORD)dwLMP_HACKSHIELD_THREAD + (DWORD)mEhSvc.SizeOfImage, /*55 8B EC 53 56 57 E9*/XorStr<0x65,21,0x321AD150>("\x50\x53\x47\x50\x2B\x4A\x2E\x2F\x4D\x5B\x5C\x50\x44\x44\x53\x41\x42\x56\x32\x41"+0x321AD150).s);

    dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1 = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*8B 4C 24 04 E8*/XorStr<0x3B,15,0xFE4FC9CF>("\x03\x7E\x1D\x0A\x7C\x60\x73\x76\x63\x74\x71\x66\x02\x70"+0xFE4FC9CF).s );
    dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2 = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 81 EC ?? ?? ?? ?? 53 56 57 89 65 ?? C6 45 ?? ?? C6*/XorStr<0x0E,138,0xA52699E6>("\x3B\x3A\x30\x29\x50\x33\x51\x56\x36\x21\x59\x39\x5C\x5D\x3C\x2B\x26\x3F\x1F\x1E\x02\x1C\x1B\x05\x19\x18\x08\x16\x15\x0B\x1A\x15\x0E\x10\x0F\x11\x0D\x0C\x14\x0A\x09\x17\x07\x06\x1A\x0D\x08\x1D\x7F\x0E\x60\x71\x72\x63\x74\x75\x66\x77\x78\x69\x7A\x7B\x6C\x78\x7E\x6F\x66\x65\x72\x6B\x6D\x75\x64\x62\x78\x69\x6A\x7B\x6C\x6D\x7E\x6F\x50\x41\x52\x53\x44\x5D\x57\x47\x2D\x2A\x4A\x54\x53\x4D\x51\x50\x50\x4E\x4D\x53\x4B\x4A\x56\x42\x4B\x59\x4F\x4D\x5C\x48\x49\x5F\xB8\xB8\xA2\xB5\xB1\xA5\xB9\xB8\xA8\xCA\xBC\xAB\xB8\xB8\xAE\xB0\xAF\xB1\xAD\xAC\xB4\xD6\xA0"+0xA52699E6).s );
    dwCHECK_INTEGRITY_HACKSHIELD_THREAD = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, ( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC B8*/XorStr<0xB9,12,0xE4296250>("\x8C\x8F\x9B\x84\xFF\x9E\xFA\x83\xE1\x80\xFB"+0xE4296250).s );
    dwKDTRACE_HACKSHIELD_THREAD = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 81 C4 ?? ?? ?? ?? 53 56 57 89 65 ?? C7 45 ?? ?? ?? ?? ?? C7 45 ?? ?? ?? ?? ?? C7 45 ?? ?? ?? ?? ?? FF*/XorStr<0x90,189,0x9E605CC7>("\xA5\xA4\xB2\xAB\xD6\xB5\xD3\xD4\xB8\xAF\xDB\xBB\xDA\xDB\xBE\xA9\x98\x81\x9D\x9C\x84\x9A\x99\x87\x97\x96\x8A\x94\x93\x8D\x98\x97\x90\x8E\x8D\x93\x8B\x8A\x96\x88\x87\x99\x85\x84\x9C\x8B\x8A\x9F\x81\xF0\xE2\xF3\xF4\xE5\xF6\xF7\xE8\xF9\xFA\xEB\xFC\xFD\xEE\xFA\xE0\xF1\xE4\xE7\xF4\xED\xEF\xF7\xEA\xEC\xFA\xEB\xEC\xFD\xEE\xEF\xC0\xD1\xD2\xC3\xD4\xD5\xC6\xDF\xD9\xC9\xA9\xDF\xCC\xD2\xD1\xCF\xCF\xCE\xD2\xCC\xCB\xD5\xC9\xC8\xD8\xCC\xC9\xDB\xC9\xCB\xDE\xCA\x37\x21\x3A\x3A\x24\x33\x33\x27\x37\x36\x2A\x48\x3B\x2D\x3A\x3A\x30\x2E\x2D\x33\x2B\x2A\x36\x28\x27\x39\x25\x24\x3C\x22\x21\x3F\x63\x16\x02\x17\x11\x05\x19\x18\x08\x16\x15\x0B\x13\x12\x0E\x10\x0F\x11\x0D\x0C\x14\x76\x01\x17\x0C\x0C\x1A\x04\x03\x1D\x01\x00\x60\x7E\x7D\x63\x7B\x7A\x66\x78\x77\x69\x0C\x0D"+0x9E605CC7).s);
 
    dwLMP_HACKSHIELD_THREAD_EVENT = ( (DWORD)mEhSvc.lpBaseOfDll + 0x130CA8);
    dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1_EVENT = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*B9 ?? ?? ?? ?? E8 ?? ?? ?? ?? 5D C3*/XorStr<0x1C,36,0x0FA547FD>("\x5E\x24\x3E\x20\x1F\x01\x1D\x1C\x04\x1A\x19\x07\x17\x16\x0A\x6E\x14\x0D\x11\x10\x10\x0E\x0D\x13\x0B\x0A\x16\x08\x07\x19\x0F\x7F\x1C\x7E\x0D"+0x0FA547FD).s );
    dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*A1 ?? ?? ?? ?? 53 56 33 F6 57 3B C6 89 65 ?? 75*/XorStr<0xDF,48,0x4944DE25>("\x9E\xD1\xC1\xDD\xDC\xC4\xDA\xD9\xC7\xD7\xD6\xCA\xD4\xD3\xCD\xDB\xDC\xD0\xC4\xC4\xD3\xC7\xC6\xD6\xB1\xCE\xD9\xCF\xCC\xDC\xCE\xBC\xDF\x43\x37\x22\x3B\x3D\x25\x30\x32\x28\x36\x35\x2B\x3B\x38"+0x4944DE25).s );
    
    dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*8B 0D ?? ?? ?? ?? 51 FF 15 ?? ?? ?? ?? 8B 55*/XorStr<0x15,45,0x216E426F>("\x2D\x54\x37\x28\x5D\x3A\x24\x23\x3D\x21\x20\x00\x1E\x1D\x03\x1B\x1A\x06\x12\x19\x09\x6C\x6D\x0C\x1C\x1B\x0F\x0F\x0E\x12\x0C\x0B\x15\x09\x08\x18\x06\x05\x1B\x04\x7F\x1E\x0A\x75"+0x216E426F).s );

    dwHACKSHIELD_CALL_TO_CREATE_THREAD = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD) ( (DWORD)mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*FF 15 ?? ?? ?? ?? 85 C0 75 ?? FF 15 ?? ?? ?? ?? 8B F8 56*/XorStr<0x82,57,0xBCA0FCCB>("\xC4\xC5\xA4\xB4\xB3\xA7\xB7\xB6\xAA\xB4\xB3\xAD\xB1\xB0\xB0\xAE\xAD\xB3\xAC\xA0\xB6\xD4\xA8\xB9\xAD\xAE\xBC\xA2\xA1\xBF\xE6\xE7\x82\x92\x91\x85\x99\x98\x88\x96\x95\x8B\x93\x92\x8E\x90\x8F\x91\x8A\xF1\x94\xF3\x8E\x97\x8D\x8F"+0xBCA0FCCB).s);
    dwHACKSHIELD_CALL_TO_CREATE_THREAD = *(DWORD *)(dwHACKSHIELD_CALL_TO_CREATE_THREAD + 2);

    dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL = (DWORD)FindPattern( (DWORD)mEngine.lpBaseOfDll, (DWORD) ( (DWORD)mEngine.lpBaseOfDll + (DWORD)mEngine.SizeOfImage), /*89 0D ?? ?? ?? ?? 8B 55 E8*/XorStr<0x57,27,0xD71F02EA>("\x6F\x61\x79\x6A\x1F\x7C\x62\x61\x7F\x5F\x5E\x42\x5C\x5B\x45\x59\x58\x48\x51\x28\x4B\x59\x58\x4E\x2A\x48"+0xD71F02EA).s);
    dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL = *(DWORD *)(dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL + 2);


    VIRTUALIZER1_START

    oZwSetEvent = (tZwSetEvent)GetProcAddress( GetModuleHandle(/*ntdll.dll*/XorStr<0x89,10,0x1E870C7A>("\xE7\xFE\xEF\xE0\xE1\xA0\xEB\xFC\xFD"+0x1E870C7A).s), /*ZwSetEvent*/XorStr<0x34,11,0xCB9D323B>("\x6E\x42\x65\x52\x4C\x7C\x4C\x5E\x52\x49"+0xCB9D323B).s);

    DWORD oldProtect;

    VirtualProtect((void *)mEhSvc.lpBaseOfDll, mEhSvc.SizeOfImage, PAGE_EXECUTE_READWRITE, &oldProtect);
    oCreateThread = (tCreateThread) *(DWORD *)((DWORD)dwHACKSHIELD_CALL_TO_CREATE_THREAD);
    *(DWORD *)(dwHACKSHIELD_CALL_TO_CREATE_THREAD) = (DWORD)hkCreateThread;
    VirtualProtect((void *)mEhSvc.lpBaseOfDll, mEhSvc.SizeOfImage, oldProtect, &oldProtect);

    VirtualProtect((void *)mEngine.lpBaseOfDll, mEngine.SizeOfImage, PAGE_EXECUTE_READWRITE, &oldProtect);
    oSecureFunctionCall = (tSecureFunctionCall)*(DWORD*)dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL;
    *(DWORD *)(dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL) = (DWORD)hk_secureFunctionCall;
    VirtualProtect((void *)mEngine.lpBaseOfDll, mEngine.SizeOfImage, oldProtect, &oldProtect);

    VIRTUALIZER1_END
}
But I'm pretty sure there's more than one.. as said I don't want to give all the code, but have fun. You can find it some where else, but it needs heavy tweaks. Try to work with that. Otherwise, people won't just give something they worked easily on. Learn yourself. hard hackshield.. pfft at least they said it was. *-*

Code:
void FakeHackShieldIntegrityChecks()
{
    VIRTUALIZER1_START
    dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT = **(DWORD **)(dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT + 2);
    oZwSetEvent((HANDLE) dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT, 0);
    VIRTUALIZER1_END
    while(bThreadTerminate == false)
        Sleep(1000);
}
^ Reason why people can't get a bypass. Figure it out.
04/06/2014 13:10 Krenk#3
Hack-/Bypass-requests aren't allowed here. Next time please search in the hack-section (Link:[Only registered and activated users can see links. Click Here To Register...]) or just wait.
04/06/2014 13:40 Shawak#4
#closed