[Release]Xtrap bypass

Page 1 of 2 1 2
05/30/2010 00:00 mes10#1
Simply compile in C++ as a DLL and inject.

Source:
Code:

/************************************************** *******************
** XTrap Bypass **
************************************************** ********************
** Hacking Detected **
** ---------------- **
** 00435FA6 EB 35 All referenced text string, 'Hacking detected' **
** One line, up, change JNZ to JMP **
** 0043CE36 EB 35 All referenced text string, 'Hacking detected' **
** One line, up, change JNZ to JMP **
** 0043DCF0 EB 35 All referenced text string, 'Hacking detected' **
** One line, up, change JNZ to JMP **
** 0043DCD1 EB 1F All referenced text string, 'Hacking detected' **
** Jump #1 change JNZ to JMP **
** 0043DCE9 EB 07 All referenced text string, 'Hacking detected' **
** Jump #2 change JNZ to JMP **
** **
** IsDebuggerPresent **
** ----------------- **
** 00499517 90 Go to IsDebuggerPresent, do down and NOP first JNZ **
** **
** ZCheckHackProcess **
** ----------------- **
** 00441E35 EB 34 All referenced text string, 'Hacking Detected' **
** go up till start of function (PUSH -1), **
** go to the local call, under it theres a **
** TEST AL,AL, go down one more line, (JNZ) change **
** it to JMP (Do this for all 3 'Hacking Detected' **
** 00441E62 EB 2C **
** 00441EBD EB 09 **
** **
** Abnormal Behavior **
** ----------------- **
** 00440353 E9 8A 00 00 00 All referenced text strings, **
** 'An abnormal behavior is detected.', **
** go up 2 lines, change the JE to JMP **
************************************************** *******************/

#include <windows.h>

#define HackDetect1 0x00435FA6
BYTE HD1[] = {0xEB, 0x35};
#define HackDetect2 0x0043CE36
BYTE HD2[] = {0xEB, 0x35};
#define HackDetect3 0x0043DCF0
BYTE HD3[] = {0xEB, 0x35};
#define HackDetect4 0x0043DCD1
BYTE HD4[] = {0xEB, 0x1F};
#define HackDetect5 0x0043DCE9
BYTE HD5[] = {0xEB, 0x07};
#define IsDebuggerPresent 0x00499517
BYTE IDP[] = {0x90};
#define ZCheckHackProcess1 0x00441E35
BYTE ZCHP1[] = {0xEB, 0x34};
#define ZCheckHackProcess2 0x00441E62
BYTE ZCHP2[] = {0xEB, 0x2C};
#define ZCheckHackProcess3 0x00441EBD
BYTE ZCHP3[] = {0xEB, 0x09};
#define AbnormalBehavior 0x00440353
BYTE AB[] = {0xE9, 0x8A, 0x00, 0x00, 0x00};

//Write To Memory
DWORD OldProtection;
void WriteToMemory(DWORD Offset, DWORD Pointer, DWORD Length){
VirtualProtect((void *)Offset, Length, PAGE_EXECUTE_READWRITE, &OldProtection);
RtlMoveMemory((void *)Offset, (const void*)Pointer, Length);
VirtualProtect((void *)Offset, Length, OldProtection, &OldProtection);
}
void ModifyMemory( BYTE *Offset, BYTE *ByteArray, DWORD Length){
for(DWORD i = 0; i < Length; i++)
WriteToMemory((DWORD)Offset + i, (DWORD)ByteArray + i, 1);
}

void Bypass()
{
ModifyMemory((BYTE*)HackDetect1, HD1, 2);
ModifyMemory((BYTE*)HackDetect2, HD2, 2);
//ModifyMemory((BYTE*)HackDetect3, HD3, 2);
ModifyMemory((BYTE*)HackDetect4, HD4, 2);
ModifyMemory((BYTE*)HackDetect5, HD5, 2);
//ModifyMemory((BYTE*)IsDebuggerPresent, IDP, 1);
//ModifyMemory((BYTE*)ZCheckHackProcess1, ZCHP1, 2);
//ModifyMemory((BYTE*)ZCheckHackProcess2, ZCHP2, 2);
//ModifyMemory((BYTE*)ZCheckHackProcess3, ZCHP3, 2);
ModifyMemory((BYTE*)AbnormalBehavior, AB, 5);
}

bool APIENTRY DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpvReserved){
if(dwReason == DLL_PROCESS_ATTACH){
DisableThreadLibraryCalls(hModule);
Bypass();
return true;
}
return true;
}

Don't ask how to compile it. If you can't compile it you don't deserve it.
Works for all versions of xtrap to date.

Edit: Posted in the wrong section..Someone can move it if needed =)
05/30/2010 00:01 Gee.#2
First :) Thanks I will try to make a bypass out of it!
05/30/2010 00:02 FrEakY.#3
This is a trainer ?

PHP Code:
/Write To Memory
DWORD OldProtection;
void WriteToMemory(DWORD OffsetDWORD PointerDWORD Length){
VirtualProtect((void *)OffsetLengthPAGE_EXECUTE_READWRITE, &OldProtection);
RtlMoveMemory((void *)Offset, (const void*)PointerLength);
VirtualProtect((void *)OffsetLengthOldProtection, &OldProtection);
}
void ModifyMemoryBYTE *OffsetBYTE *ByteArrayDWORD Length){
for(DWORD i 0Lengthi++)
WriteToMemory((DWORD)Offset i, (DWORD)ByteArray i1);
05/30/2010 00:07 zimti3#4
Nice Nice aba kannste ma sagen wozu ein bypass



THANKS
05/30/2010 00:10 Smincke2#5
Würdes du das bitte rausnehmen die fixxen es sonst bald
05/30/2010 00:13 Gee.#6
Is it IN C++?
05/30/2010 00:14 mes10#7
it is
05/30/2010 00:15 Steevie#8
Quote:
Originally Posted by Gee. View Post
Is it IN C++?
Quote:
Originally Posted by mes10 View Post
Simply compile in C++ as a DLL and inject.
Yes
05/30/2010 00:16 romskidd#9
I will try it later, but thanks !
05/30/2010 00:17 FrEakY.#10
I don't think, this is a bypass, it's a Trainer...
05/30/2010 00:22 Gee.#11
Ok I Put it in Dll. Form injected but cheat engine is still detected -_- haha that rhymes

"Ok I Put it in Dll. Form injected "
"but cheat engine is still detected"
05/30/2010 00:23 FrEakY.#12
Sure..cuz it's just a lil Trainer omfg :rolleyes:
05/30/2010 00:26 Gee.#13
Quote:
Originally Posted by FrEakY. View Post
Sure..cuz it's just a lil Trainer omfg :rolleyes:
Teh..... :rolleyes::rolleyes:
05/30/2010 00:29 FrEakY.#14
Quote:
Originally Posted by Gee.
Know nothing about hacking -_-
^^this
05/30/2010 00:29 Epitaph_Haseo#15
Da steht doch, was das macht... Ich probiers einfach mal aus...
Kompiliert ist schon, nurnoch Testen ^^
€: Okay, wieso stellt man soetwas rein, ohne es zu testen? Irgendwie macht das sogar Sinn, dass es nicht funtzt...
(Ich sollte erst den SC lesen, dann compilieren xD)
Page 1 of 2 1 2