PByte - Bypass [12/02/2015]

02/12/2015 22:17 Rutherfordio#1
What do you need?
  • S4 Dump
  • IDA/Olly
  • C++

Module of hs is EHSvc.dll
Pattern of bypass
Code:
.rdata:10024A38 aX?xxxxxxxx     db 'x?xxxxxxxx',0       ; DATA XREF: sub_100018E0+146o
.rdata:10024A43                 align 4
.rdata:10024A44 aU              db 'u',0                ; DATA XREF: sub_100018E0+14Bo
.rdata:10024A46                 db  8Bh ; ï
.rdata:10024A47                 db  46h ; F
.rdata:10024A48                 db  0Ch
.rdata:10024A49                 db  8Bh ; ï
.rdata:10024A4A                 db  7Fh ; 
.rdata:10024A4B                 db    4
.rdata:10024A4C                 db  83h ; â
.rdata:10024A4D                 db 0F8h ; °
.rdata:10024A4E                 db    0
.rdata:10024A4F                 db    0
.rdata:10024A50 aXxxxxxxx????xx db 'xxxxxxxx????xxxx',0 ; DATA XREF: sub_100018E0+169o
.rdata:10024A61                 align 4
.rdata:10024A64 unk_10024A64    db  8Bh ; ï             ; DATA XREF: sub_100018E0+16Eo
.rdata:10024A65                 db  41h ; A
.rdata:10024A66                 db  3Ch ; <
.rdata:10024A67                 db  8Bh ; ï
.rdata:10024A68                 db  50h ; P
.rdata:10024A69                 db  1Ch
.rdata:10024A6A                 db  52h ; R
.rdata:10024A6B                 db 0E8h ; Þ
.rdata:10024A6C                 db    0
.rdata:10024A6D                 db    0
.rdata:10024A6E                 db    0
.rdata:10024A6F                 db    0
.rdata:10024A70                 db  8Bh ; ï
.rdata:10024A71                 db  4Ch ; L
.rdata:10024A72                 db  24h ; $
So make the code like this:

Code:
WriteMemory((LPVOID)(dwEHSVC12022015 + 0x00ADDRESS), (LPVOID)"\x00\xAA", 2);
(Example)

Make address, mask (xxx?), main.cpp, brain.h, and enjoy.
;)
02/12/2015 22:22 sososoma#2
Well. Can you make it a dll File?
That would help alot of ppl ^^
02/12/2015 22:24 Lofiele#3
So to better understand making a bypass file, you'd need to learn some c++ correct?
02/12/2015 22:37 Rutherfordio#4
Quote:
Originally Posted by Lofiele View Post
So to better understand making a bypass file, you'd need to learn some c++ correct?
Read: Make address, mask (xxx?), main.cpp, brain.h, and enjoy.
02/12/2015 22:41 Lofiele#5
Quote:
Originally Posted by Rutherfordio View Post
Read: Make address, mask (xxx?), main.cpp, brain.h, and enjoy.
Well, let's say you wanted to do it without having someone tell you exactly how to and learn for yourself.
02/12/2015 22:45 MaxChri#6
Hahaha what you post here for crap? Delete your brain.exe
02/13/2015 15:37 Rutherfordio#7
I'm not a teacher bro, learn yourself.

It's the new PBYTE Bypass source.
02/13/2015 18:59 Neyil#8
You also need to make new threads(emulated), emulate hs packets, you need to prevent hackshield from reading your thread plus many more stuffs...
02/13/2015 19:03 Cyrex'#9
Quote:
Originally Posted by Lofiele View Post
So to better understand making a bypass file, you'd need to learn some c++ correct?
Well, yes. You need to know RE.