[Tutorial] Hackshields mit AutoIt bypassen

[K1ramoX]

Quote:

Originally Posted by carlox02

So the number 90, is every asm nop function, and all you have to do is change the number 90 in the script, to the one that has nop?
like if the nop's were on 96, I had to change it to 96 on the script?

90 is the byte for nop (no operation), you dont have to change it. but you can change the bytes to:

Code:

55 8B EC 8B 45 10 C7 00 00 00 00 00 B8 01 00 00 00 5D C2 0C 00

you get this asm code:

Code:

push ebp
mov ebp,esp
mov eax,[ebp+10]
mov [eax],00000000
mov eax,00000001
pop ebp
ret 000C

wich is the same like this c++ code:

Code:

*pBytesReturned = 0;
return TRUE;

but i think many hackshields will detect this. more infos about the api you can get

If this all is detected go to the K32EnumProcesses api (at enumprocesses + 7 is a jmp to this api) and do the same there. maybe there isnt a check.

[carlox02]

I wanna know only for xtrap, S4 League for the change, on the autoIt script, there's the 90 byte witch is nop(no operation), that byte is the one that detects, or is it the enum?

[OoS4KingoO]

das dauert zu lange Könnt ihr nicht einfach nen Bypass Erstellen ?!?!?