|
You last visited: Today at 01:38
Advertisement
Private server duping possible?
Discussion on Private server duping possible? within the Black Desert forum part of the MMORPGs category.
02/08/2019, 09:18
|
#1
|
elite*gold: 0 
Join Date: Feb 2008
Posts: 1
Received Thanks: 0
|
Private server duping possible?
Is there any way of duping on private server Crimson Desert? Or using WPE pro or similar program to change the packets to give yourself items? Please DM on discord at Astrus#4681 so we can discuss.
|
|
|
|
02/09/2019, 03:23
|
#2
|
elite*gold: 902
Join Date: Jul 2012
Posts: 1,390
Received Thanks: 952
|
Code:
*****************
BITCH CONTROL:
XINPUT1_3.dll+90E12A - 49 89 EA - mov r10,rbp
XINPUT1_3.dll+90E12D - 49 81 C2 3F010000 - add r10,0000013F { 319 }
XINPUT1_3.dll+90E134 - 49 81 C9 00080000 - or r9,00000800 { 2048 }
XINPUT1_3.dll+90E13B - 48 C7 C2 12000000 - mov rdx,00000012 { 18 }
XINPUT1_3.dll+90E142 - 45 8A 0A - mov r9l,[r10]
XINPUT1_3.dll+90E145 - 41 80 F9 C6 - cmp r9l,-3A { 198 }
XINPUT1_3.dll+90E149 - 0F86 1E000000 - jbe XINPUT1_3.dll+90E16D
XINPUT1_3.dll+90E14F - 49 81 EF F0000000 - sub r15,000000F0 { 240 }
XINPUT1_3.dll+90E156 - 49 81 C7 00000080 - add r15,80000000 { [80000740] }
XINPUT1_3.dll+90E15D - 81 C3 BE01646A - add ebx,6A6401BE { [0] }
XINPUT1_3.dll+90E163 - 49 81 C5 88000000 - add r13,00000088 { 136 }
XINPUT1_3.dll+90E16A - 48 31 DA - xor rdx,rbx
XINPUT1_3.dll+90E16D - 49 01 DD - add r13,rbx
XINPUT1_3.dll+90E170 - 48 89 EF - mov rdi,rbp
XINPUT1_3.dll+90E173 - 48 81 F2 01000000 - xor rdx,00000001 { 1 }
XINPUT1_3.dll+90E17A - 49 81 E7 04000000 - and r15,00000004 { 4 }
XINPUT1_3.dll+90E181 - 48 81 C7 2A000000 - add rdi,0000002A { 42 }
XINPUT1_3.dll+90E188 - 66 01 1F - add [rdi],bx
XINPUT1_3.dll+90E18B - 49 89 E8 - mov r8,rbp
XINPUT1_3.dll+90E18E - 48 81 F2 F0000000 - xor rdx,000000F0 { 240 }
XINPUT1_3.dll+90E195 - 49 29 C2 - sub r10,rax
XINPUT1_3.dll+90E198 - 49 81 C0 AB000000 - add r8,000000AB { 171 }
XINPUT1_3.dll+90E19F - 49 81 E3 40000000 - and r11,00000040 { 64 }
XINPUT1_3.dll+90E1A6 - 48 C7 C7 00000000 - mov rdi,00000000 { 0 }
XINPUT1_3.dll+90E1AD - 49 89 EE - mov r14,rbp
XINPUT1_3.dll+90E1B0 - 48 05 10000000 - add rax,00000010 { 16 }
XINPUT1_3.dll+90E1B6 - 49 81 C6 2A000000 - add r14,0000002A { 42 }
XINPUT1_3.dll+90E1BD - 4D 0FB7 00 - movzx r8,word ptr [r8]
XINPUT1_3.dll+90E1C1 - 49 89 D4 - mov r12,rdx
XINPUT1_3.dll+90E1C4 - 48 09 C7 - or rdi,rax
XINPUT1_3.dll+90E1C7 - 66 41 81 F0 3AAE - xor r8w,AE3A { 44602 }
XINPUT1_3.dll+90E1CD - 4C 29 C2 - sub rdx,r8
XINPUT1_3.dll+90E1D0 - 4D 0FB7 36 - movzx r14,word ptr [r14]
XINPUT1_3.dll+90E1D4 - 49 81 E7 80000000 - and r15,00000080 { 128 }
XINPUT1_3.dll+90E1DB - 49 81 F7 08000000 - xor r15,00000008 { 8 }
XINPUT1_3.dll+90E1E2 - 49 01 EE - add r14,rbp
XINPUT1_3.dll+90E1E5 - 49 01 E8 - add r8,rbp
XINPUT1_3.dll+90E1E8 - 48 0D F0000000 - or rax,00F0 { 240 }
XINPUT1_3.dll+90E1EE - 4D 8B 00 - mov r8,[r8]
XINPUT1_3.dll+90E1F1 - 45 8B 00 - mov r8d,[r8] <<<<<<<<<<<<<<<<<<<<----------------- Bitch is here.
XINPUT1_3.dll+90E1F4 - 45 39 06 - cmp [r14],r8d
XINPUT1_3.dll+90E1F7 - 9C - pushfq
XINPUT1_3.dll+90E1F8 - 48 C7 C7 00040000 - mov rdi,00000400 { 1024 }
XINPUT1_3.dll+90E1FF - 49 C7 C3 12000000 - mov r11,00000012 { 18 }
XINPUT1_3.dll+90E206 - 49 C7 C0 00000000 - mov r8,00000000 { 0 }
XINPUT1_3.dll+90E20D - 49 C7 C3 00000000 - mov r11,00000000 { 0 }
XINPUT1_3.dll+90E214 - 49 89 ED - mov r13,rbp
XINPUT1_3.dll+90E217 - 49 C7 C4 00000000 - mov r12,00000000 { 0 }
XINPUT1_3.dll+90E21E - 49 81 C5 48000000 - add r13,00000048 { 72 }
XINPUT1_3.dll+90E225 - 4D 8B 6D 00 - mov r13,[r13+00]
XINPUT1_3.dll+90E229 - 48 C7 C2 12000000 - mov rdx,00000012 { 18 }
XINPUT1_3.dll+90E230 - 49 81 C5 08000000 - add r13,00000008 { 8 }
XINPUT1_3.dll+90E237 - 48 81 F7 01000000 - xor rdi,00000001 { 1 }
XINPUT1_3.dll+90E23E - 45 8A 45 00 - mov r8l,[r13+00]
XINPUT1_3.dll+90E242 - 41 80 F8 00 - cmp r8l,00 { 0 }
XINPUT1_3.dll+90E246 - 0F84 52000000 - je XINPUT1_3.dll+90E29E
XINPUT1_3.dll+90E24C - 49 89 ED - mov r13,rbp
XINPUT1_3.dll+90E24F - 49 01 F1 - add r9,rsi
XINPUT1_3.dll+90E252 - 49 81 E9 04000000 - sub r9,00000004 { 4 }
XINPUT1_3.dll+90E259 - 49 81 C5 48000000 - add r13,00000048 { 72 }
XINPUT1_3.dll+90E260 - 49 81 C1 80000000 - add r9,00000080 { 128 }
XINPUT1_3.dll+90E267 - 4D 8B 6D 00 - mov r13,[r13+00]
XINPUT1_3.dll+90E26B - 49 81 C5 06000000 - add r13,00000006 { 6 }
XINPUT1_3.dll+90E272 - 48 C7 C7 00000000 - mov rdi,00000000 { 0 }
XINPUT1_3.dll+90E279 - 48 81 EF 00040000 - sub rdi,00000400 { 1024 }
XINPUT1_3.dll+90E280 - 66 45 8B 45 00 - mov r8w,[r13+00]
XINPUT1_3.dll+90E285 - 49 01 D1 - add r9,rdx
XINPUT1_3.dll+90E288 - 49 01 E8 - add r8,rbp
XINPUT1_3.dll+90E28B - 5E - pop rsi
XINPUT1_3.dll+90E28C - 49 89 30 - mov [r8],rsi
*********************
CHEAT ENGINE BYPASS
XINPUT1_3.dll+16D9E - 42 82 6C C6 85 2F - sub byte ptr [rsi+r8*8-7B],2F { 47 }
XINPUT1_3.dll+16DA4 - D7 - xlatb
XINPUT1_3.dll+16DA5 - BD EC2111E9 - mov ebp,E91121EC { -384753172 }
XINPUT1_3.dll+16DAA - 00 00 - add [rax],al
XINPUT1_3.dll+16DAC - 53 - push rbx
XINPUT1_3.dll+16DAD - 00 B2 220168FF - add [rdx-0097FEDE],dh
XINPUT1_3.dll+16DB3 - 0E - push cs
XINPUT1_3.dll+16DB4 - 1D F0C8DE01 - sbb eax,01DEC8F0 { 31377648 }
XINPUT1_3.dll+16DB9 - 77 AC - ja XINPUT1_3.dll+16D67
XINPUT1_3.dll+16DBB - 9F - lahf
XINPUT1_3.dll+16DBC - 97 - xchg eax,edi
XINPUT1_3.dll+16DBD - 0F5F 41 3A - maxps xmm0,[rcx+3A]
XINPUT1_3.dll+16DC1 - 27 - daa
XINPUT1_3.dll+16DC2 - 8A 39 - mov bh,[rcx]
XINPUT1_3.dll+16DC4 - 80 DF 83 - sbb bh,-7D { 131 }
XINPUT1_3.dll+16DC7 - 70 8C - jo XINPUT1_3.dll+16D55
XINPUT1_3.dll+16DC9 - A7 - cmpsd
XINPUT1_3.dll+16DCA - E8 6E8588DB - call 7FF9DD40F33D
XINPUT1_3.dll+16DCF - 88 DB - mov bl,bl
XINPUT1_3.dll+16DD1 - 88 D2 - mov dl,dl
XINPUT1_3.dll+16DD3 - BB 00000100 - mov ebx,00010000 { [00000000] }
XINPUT1_3.dll+16DD8 - 8B CB - mov ecx,ebx
XINPUT1_3.dll+16DDA - E8 A9010800 - call XINPUT1_3.dll+96F88
XINPUT1_3.dll+16DDF - 4C 8B F8 - mov r15,rax
XINPUT1_3.dll+16DE2 - 45 33 C9 - xor r9d,r9d
XINPUT1_3.dll+16DE5 - 44 8B C3 - mov r8d,ebx
XINPUT1_3.dll+16DE8 - 48 8B D0 - mov rdx,rax
XINPUT1_3.dll+16DEB - 41 8D 49 10 - lea ecx,[r9+10]
XINPUT1_3.dll+16DEF - FF 15 13B91100 - call qword ptr [XINPUT1_3.dll+132708] { ->ntdll.NtQuerySystemInformation }
XINPUT1_3.dll+16DF5 - 3D 040000C0 - cmp eax,C0000004 { -2.00 }
XINPUT1_3.dll+16DFA - 75 2D - jne XINPUT1_3.dll+16E29
XINPUT1_3.dll+16DFC - 0F1F 40 00 - nop [rax+00]
XINPUT1_3.dll+16E00 - 03 DB - add ebx,ebx
XINPUT1_3.dll+16E02 - 8B D3 - mov edx,ebx
XINPUT1_3.dll+16E04 - 49 8B CF - mov rcx,r15
XINPUT1_3.dll+16E07 - E8 50AD0700 - call XINPUT1_3.dll+91B5C
XINPUT1_3.dll+16E0C - 4C 8B F8 - mov r15,rax
XINPUT1_3.dll+16E0F - 45 33 C9 - xor r9d,r9d
XINPUT1_3.dll+16E12 - 44 8B C3 - mov r8d,ebx
XINPUT1_3.dll+16E15 - 48 8B D0 - mov rdx,rax
XINPUT1_3.dll+16E18 - 41 8D 49 10 - lea ecx,[r9+10]
XINPUT1_3.dll+16E1C - FF 15 E6B81100 - call qword ptr [XINPUT1_3.dll+132708] { ->ntdll.NtQuerySystemInformation }
XINPUT1_3.dll+16E22 - 3D 040000C0 - cmp eax,C0000004 { -2.00 }
XINPUT1_3.dll+16E27 - 74 D7 - je XINPUT1_3.dll+16E00
XINPUT1_3.dll+16E29 - 85 C0 - test eax,eax
XINPUT1_3.dll+16E2B - 0F88 06090000 - js XINPUT1_3.dll+17737 ---------------------------------------->>>>>>>>>>>>>> BITCH HERE 2
XINPUT1_3.dll+16E31 - E8 EAF7FEFF - call XINPUT1_3.Ordinal99+6620
XINPUT1_3.dll+16E36 - 48 8D 78 28 - lea rdi,[rax+28]
XINPUT1_3.dll+16E3A - 48 89 BD F0060000 - mov [rbp+000006F0],rdi
XINPUT1_3.dll+16E41 - E8 B907AC00 - call XINPUT1_3.dll+AD75FF
************************ VEH DEBUGGER BYPASS 1 ***********************
XINPUT1_3.Ordinal99+5F3C - 48 89 44 24 68 - mov [rsp+68],rax
XINPUT1_3.Ordinal99+5F41 - 48 85 C0 - test rax,rax
XINPUT1_3.Ordinal99+5F44 - 74 58 - je XINPUT1_3.Ordinal99+5F9E
XINPUT1_3.Ordinal99+5F46 - 89 7C 24 28 - mov [rsp+28],edi
XINPUT1_3.Ordinal99+5F4A - 48 89 44 24 20 - mov [rsp+20],rax
XINPUT1_3.Ordinal99+5F4F - 45 33 C9 - xor r9d,r9d
XINPUT1_3.Ordinal99+5F52 - 45 33 C0 - xor r8d,r8d
XINPUT1_3.Ordinal99+5F55 - 41 8D 54 24 04 - lea edx,[r12+04]
XINPUT1_3.Ordinal99+5F5A - 49 8B CE - mov rcx,r14
XINPUT1_3.Ordinal99+5F5D - E8 4DA5AC00 - call XINPUT1_3.dll+AD04AF
XINPUT1_3.Ordinal99+5F62 - 90 - nop
XINPUT1_3.Ordinal99+5F63 - 85 C0 - test eax,eax
XINPUT1_3.Ordinal99+5F65 - 74 37 - je XINPUT1_3.Ordinal99+5F9E
XINPUT1_3.Ordinal99+5F67 - 41 8B FC - mov edi,r12d
XINPUT1_3.Ordinal99+5F6A - 44 89 64 24 64 - mov [rsp+64],r12d
XINPUT1_3.Ordinal99+5F6F - 90 - nop
XINPUT1_3.Ordinal99+5F70 - 48 63 CF - movsxd rcx,edi
XINPUT1_3.Ordinal99+5F73 - 48 83 F9 02 - cmp rcx,02 { 2 }
XINPUT1_3.Ordinal99+5F77 - 73 25 - jae XINPUT1_3.Ordinal99+5F9E
XINPUT1_3.Ordinal99+5F79 - 48 8B D6 - mov rdx,rsi
XINPUT1_3.Ordinal99+5F7C - 48 8B 8C CC 88000000 - mov rcx,[rsp+rcx*8+00000088]
XINPUT1_3.Ordinal99+5F84 - E8 4FB40800 - call XINPUT1_3.dll+913D8
XINPUT1_3.Ordinal99+5F89 - 0FB6 DB - movzx ebx,bl
XINPUT1_3.Ordinal99+5F8C - 85 C0 - test eax,eax
XINPUT1_3.Ordinal99+5F8E - 41 0F44 DD - cmove ebx,r13d
XINPUT1_3.Ordinal99+5F92 - 88 5C 24 60 - mov [rsp+60],bl
XINPUT1_3.Ordinal99+5F96 - FF C7 - inc edi
XINPUT1_3.Ordinal99+5F98 - 89 7C 24 64 - mov [rsp+64],edi
XINPUT1_3.Ordinal99+5F9C - EB D2 - jmp XINPUT1_3.Ordinal99+5F70
XINPUT1_3.Ordinal99+5F9E - 48 85 F6 - test rsi,rsi
XINPUT1_3.Ordinal99+5FA1 - 74 0A - je XINPUT1_3.Ordinal99+5FAD
XINPUT1_3.Ordinal99+5FA3 - 48 8B CE - mov rcx,rsi
XINPUT1_3.Ordinal99+5FA6 - FF 15 24610B00 - call qword ptr [XINPUT1_3.dll+BC0D0] { ->KERNEL32.LocalFree }
XINPUT1_3.Ordinal99+5FAC - 90 - nop
XINPUT1_3.Ordinal99+5FAD - 4D 85 FF - test r15,r15
XINPUT1_3.Ordinal99+5FB0 - 74 09 - je XINPUT1_3.Ordinal99+5FBB
XINPUT1_3.Ordinal99+5FB2 - 49 8B CF - mov rcx,r15
XINPUT1_3.Ordinal99+5FB5 - FF 15 15610B00 - call qword ptr [XINPUT1_3.dll+BC0D0] { ->KERNEL32.LocalFree }
XINPUT1_3.Ordinal99+5FBB - 4D 85 E4 - test r12,r12
XINPUT1_3.Ordinal99+5FBE - 74 09 - je XINPUT1_3.Ordinal99+5FC9
XINPUT1_3.Ordinal99+5FC0 - 49 8B CC - mov rcx,r12
XINPUT1_3.Ordinal99+5FC3 - FF 15 07610B00 - call qword ptr [XINPUT1_3.dll+BC0D0] { ->KERNEL32.LocalFree }
XINPUT1_3.Ordinal99+5FC9 - 4D 85 F6 - test r14,r14
XINPUT1_3.Ordinal99+5FCC - 74 09 - je XINPUT1_3.Ordinal99+5FD7
XINPUT1_3.Ordinal99+5FCE - 49 8B CE - mov rcx,r14
XINPUT1_3.Ordinal99+5FD1 - E8 D020AD00 - call XINPUT1_3.dll+AD80A6
XINPUT1_3.Ordinal99+5FD6 - 90 - nop
XINPUT1_3.Ordinal99+5FD7 - 48 8B 8C 24 A8000000 - mov rcx,[rsp+000000A8]
XINPUT1_3.Ordinal99+5FDF - 48 85 C9 - test rcx,rcx
XINPUT1_3.Ordinal99+5FE2 - 74 08 - je XINPUT1_3.Ordinal99+5FEC
XINPUT1_3.Ordinal99+5FE4 - 33 D2 - xor edx,edx
XINPUT1_3.Ordinal99+5FE6 - E8 9506AD00 - call XINPUT1_3.dll+AD6680
XINPUT1_3.Ordinal99+5FEB - 90 - nop
XINPUT1_3.Ordinal99+5FEC - 48 8B 8C 24 A0000000 - mov rcx,[rsp+000000A0]
XINPUT1_3.Ordinal99+5FF4 - 48 85 C9 - test rcx,rcx
XINPUT1_3.Ordinal99+5FF7 - 74 06 - je XINPUT1_3.Ordinal99+5FFF
XINPUT1_3.Ordinal99+5FF9 - E8 8883AC00 - call XINPUT1_3.dll+ACE386
XINPUT1_3.Ordinal99+5FFE - 90 - nop
XINPUT1_3.Ordinal99+5FFF - 0FB6 C3 - movzx eax,bl
XINPUT1_3.Ordinal99+6002 - 48 8B 8C 24 00020000 - mov rcx,[rsp+00000200]
XINPUT1_3.Ordinal99+600A - 48 33 CC - xor rcx,rsp
XINPUT1_3.Ordinal99+600D - E8 6E800600 - call XINPUT1_3.dll+6E080
XINPUT1_3.Ordinal99+6012 - 4C 8D 9C 24 10020000 - lea r11,[rsp+00000210]
XINPUT1_3.Ordinal99+601A - 49 8B 5B 38 - mov rbx,[r11+38]
XINPUT1_3.Ordinal99+601E - 49 8B 73 40 - mov rsi,[r11+40]
XINPUT1_3.Ordinal99+6022 - 49 8B E3 - mov rsp,r11
XINPUT1_3.Ordinal99+6025 - 41 5F - pop r15
XINPUT1_3.Ordinal99+6027 - 41 5E - pop r14
XINPUT1_3.Ordinal99+6029 - 41 5D - pop r13
XINPUT1_3.Ordinal99+602B - 41 5C - pop r12
XINPUT1_3.Ordinal99+602D - 5F - pop rdi
XINPUT1_3.Ordinal99+602E - C3 - ret
XINPUT1_3.Ordinal99+602F - CC - int 3
XINPUT1_3.Ordinal99+6030 - 48 89 5C 24 10 - mov [rsp+10],rbx <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<-------------------- OÇ VEH BURASI
XINPUT1_3.Ordinal99+6035 - 48 89 74 24 18 - mov [rsp+18],rsi
XINPUT1_3.Ordinal99+603A - 48 89 7C 24 20 - mov [rsp+20],rdi
XINPUT1_3.Ordinal99+603F - 41 54 - push r12
XINPUT1_3.Ordinal99+6041 - 41 56 - push r14
XINPUT1_3.Ordinal99+6043 - 41 57 - push r15
XINPUT1_3.Ordinal99+6045 - 48 81 EC 90030000 - sub rsp,00000390 { 912 }
XINPUT1_3.Ordinal99+604C - 48 8B 05 15040F00 - mov rax,[XINPUT1_3.dll+F6468] { [AB54CE03] }
XINPUT1_3.Ordinal99+6053 - 48 33 C4 - xor rax,rsp
XINPUT1_3.Ordinal99+6056 - 48 89 84 24 80030000 - mov [rsp+00000380],rax
XINPUT1_3.Ordinal99+605E - 48 8B F9 - mov rdi,rcx
XINPUT1_3.Ordinal99+6061 - 48 8D 94 24 40010000 - lea rdx,[rsp+00000140]
XINPUT1_3.Ordinal99+6069 - E8 FACC0800 - call XINPUT1_3.dll+92D68
XINPUT1_3.Ordinal99+606E - 85 C0 - test eax,eax
XINPUT1_3.Ordinal99+6070 - 0F94 C0 - sete al
XINPUT1_3.Ordinal99+6073 - 84 C0 - test al,al
XINPUT1_3.Ordinal99+6075 - 75 1A - jne XINPUT1_3.Ordinal99+6091
XINPUT1_3.Ordinal99+6077 - 48 8B CF - mov rcx,rdi
XINPUT1_3.Ordinal99+607A - E8 2D37AD00 - call XINPUT1_3.dll+AD97AC
XINPUT1_3.Ordinal99+607F - 90 - nop
XINPUT1_3.Ordinal99+6080 - 83 F8 FF - cmp eax,-01 { 255 }
XINPUT1_3.Ordinal99+6083 - 0F84 17040000 - je XINPUT1_3.Ordinal99+64A0
XINPUT1_3.Ordinal99+6089 - A8 10 - test al,10 { 16 }
XINPUT1_3.Ordinal99+608B - 0F85 0F040000 - jne XINPUT1_3.Ordinal99+64A0
XINPUT1_3.Ordinal99+6091 - 33 D2 - xor edx,edx
XINPUT1_3.Ordinal99+6093 - E8 D8FAFFFF - call XINPUT1_3.Ordinal99+5B70
XINPUT1_3.Ordinal99+6098 - 84 C0 - test al,al
XINPUT1_3.Ordinal99+609A - 75 13 - jne XINPUT1_3.Ordinal99+60AF
XINPUT1_3.Ordinal99+609C - 48 8B CF - mov rcx,rdi
XINPUT1_3.Ordinal99+609F - E8 BCF7FFFF - call XINPUT1_3.Ordinal99+5860
XINPUT1_3.Ordinal99+60A4 - 84 C0 - test al,al
XINPUT1_3.Ordinal99+60A6 - 74 07 - je XINPUT1_3.Ordinal99+60AF
XINPUT1_3.Ordinal99+60A8 - 33 C0 - xor eax,eax
XINPUT1_3.Ordinal99+60AA - E9 F6030000 - jmp XINPUT1_3.Ordinal99+64A5
XINPUT1_3.Ordinal99+60AF - 45 33 FF - xor r15d,r15d
XINPUT1_3.Ordinal99+60B2 - 4C 89 7C 24 58 - mov [rsp+58],r15
XINPUT1_3.Ordinal99+60B7 - 48 8B 05 12C61200 - mov rax,[XINPUT1_3.dll+1326D0] { [7FFA45CD1530] }
XINPUT1_3.Ordinal99+60BE - 33 D2 - xor edx,edx
XINPUT1_3.Ordinal99+60C0 - 48 8D 4C 24 58 - lea rcx,[rsp+58]
XINPUT1_3.Ordinal99+60C5 - 48 85 C0 - test rax,rax
XINPUT1_3.Ordinal99+60C8 - 74 16 - je XINPUT1_3.Ordinal99+60E0
XINPUT1_3.Ordinal99+60CA - 44 89 7C 24 20 - mov [rsp+20],r15d
XINPUT1_3.Ordinal99+60CF - 45 33 C9 - xor r9d,r9d
XINPUT1_3.Ordinal99+60D2 - 4C 8D 05 EFDA0C00 - lea r8,[XINPUT1_3.dll+D3BC8] { ["SHA256"] }
XINPUT1_3.Ordinal99+60D9 - FF D0 - call rax
XINPUT1_3.Ordinal99+60DB - E9 B8030000 - jmp XINPUT1_3.Ordinal99+6498
XINPUT1_3.Ordinal99+60E0 - 45 33 C0 - xor r8d,r8d
XINPUT1_3.Ordinal99+60E3 - E8 4093AC00 - call XINPUT1_3.dll+ACF428
XINPUT1_3.Ordinal99+60E8 - 90 - nop
XINPUT1_3.Ordinal99+60E9 - E9 AA030000 - jmp XINPUT1_3.Ordinal99+6498
XINPUT1_3.Ordinal99+60EE - 4C 89 7C 24 30 - mov [rsp+30],r15
XINPUT1_3.Ordinal99+60F3 - C7 44 24 28 01000000 - mov [rsp+28],00000001 { 1 }
XINPUT1_3.Ordinal99+60FB - C7 44 24 20 03000000 - mov [rsp+20],00000003 { 3 }
XINPUT1_3.Ordinal99+6103 - 45 33 C9 - xor r9d,r9d
XINPUT1_3.Ordinal99+6106 - 45 8D 41 07 - lea r8d,[r9+07]
XINPUT1_3.Ordinal99+610A - 41 BC 00000080 - mov r12d,80000000 { [50E2FA00] }
XINPUT1_3.Ordinal99+6110 - 41 8B D4 - mov edx,r12d
XINPUT1_3.Ordinal99+6113 - 48 8B CF - mov rcx,rdi
XINPUT1_3.Ordinal99+6116 - E8 669AAC00 - call XINPUT1_3.dll+ACFB81
XINPUT1_3.Ordinal99+611B - 90 - nop
XINPUT1_3.Ordinal99+611C - 48 8B D8 - mov rbx,rax
XINPUT1_3.Ordinal99+611F - 48 89 44 24 48 - mov [rsp+48],rax
XINPUT1_3.Ordinal99+6124 - 48 83 F8 FF - cmp rax,-01 { 255 }
XINPUT1_3.Ordinal99+6128 - 75 12 - jne XINPUT1_3.Ordinal99+613C
XINPUT1_3.Ordinal99+612A - 33 D2 - xor edx,edx
XINPUT1_3.Ordinal99+612C - 48 8B 4C 24 58 - mov rcx,[rsp+58]
*********************************** veeeeeeeeeeh debugger bypass 2 ********************************************
XINPUT1_3.Ordinal99+CB7F - 76 90 - jna XINPUT1_3.Ordinal99+CB11
XINPUT1_3.Ordinal99+CB81 - 8C 73 97 - mov [rbx-69],hs
XINPUT1_3.Ordinal99+CB84 - 42 B6 2A - mov sil,2A { 42 }
XINPUT1_3.Ordinal99+CB87 - 96 - xchg eax,esi
XINPUT1_3.Ordinal99+CB88 - BF FF268A34 - mov edi,348A26FF { [0] }
XINPUT1_3.Ordinal99+CB8D - 07 - pop es
XINPUT1_3.Ordinal99+CB8E - 7E FA - jle XINPUT1_3.Ordinal99+CB8A
XINPUT1_3.Ordinal99+CB90 - 68 F43B4D27 - push 274D3BF4 { [00000000] }
XINPUT1_3.Ordinal99+CB95 - 07 - pop es
XINPUT1_3.Ordinal99+CB96 - D8 1A - fcomp dword ptr [rdx]
XINPUT1_3.Ordinal99+CB98 - 88 DB - mov bl,bl
XINPUT1_3.Ordinal99+CB9A - 88 C0 - mov al,al
XINPUT1_3.Ordinal99+CB9C - 88 C9 - mov cl,cl
XINPUT1_3.Ordinal99+CB9E - 90 - nop
XINPUT1_3.Ordinal99+CB9F - 48 8B C6 - mov rax,rsi
XINPUT1_3.Ordinal99+CBA2 - 4C 8D 9C 24 F0000000 - lea r11,[rsp+000000F0]
XINPUT1_3.Ordinal99+CBAA - 49 8B 5B 10 - mov rbx,[r11+10]
XINPUT1_3.Ordinal99+CBAE - 49 8B 73 18 - mov rsi,[r11+18]
XINPUT1_3.Ordinal99+CBB2 - 49 8B E3 - mov rsp,r11
XINPUT1_3.Ordinal99+CBB5 - 5F - pop rdi
XINPUT1_3.Ordinal99+CBB6 - C3 - ret
XINPUT1_3.Ordinal99+CBB7 - CC - int 3
XINPUT1_3.Ordinal99+CBB8 - CC - int 3
XINPUT1_3.Ordinal99+CBB9 - CC - int 3
XINPUT1_3.Ordinal99+CBBA - CC - int 3
XINPUT1_3.Ordinal99+CBBB - CC - int 3
XINPUT1_3.Ordinal99+CBBC - CC - int 3
XINPUT1_3.Ordinal99+CBBD - CC - int 3
XINPUT1_3.Ordinal99+CBBE - CC - int 3
XINPUT1_3.Ordinal99+CBBF - CC - int 3
XINPUT1_3.Ordinal99+CBC0 - 48 89 5C 24 10 - mov [rsp+10],rbx
XINPUT1_3.Ordinal99+CBC5 - 57 - push rdi
XINPUT1_3.Ordinal99+CBC6 - 48 83 EC 40 - sub rsp,40 { 64 }
XINPUT1_3.Ordinal99+CBCA - 48 8B 05 97980E00 - mov rax,[XINPUT1_3.dll+F6468] { [AB54CE03] }
XINPUT1_3.Ordinal99+CBD1 - 48 33 C4 - xor rax,rsp
XINPUT1_3.Ordinal99+CBD4 - 48 89 44 24 30 - mov [rsp+30],rax
XINPUT1_3.Ordinal99+CBD9 - 48 63 41 3C - movsxd rax,dword ptr [rcx+3C]
XINPUT1_3.Ordinal99+CBDD - 8B 5C 08 28 - mov ebx,[rax+rcx+28]
XINPUT1_3.Ordinal99+CBE1 - 48 03 D9 - add rbx,rcx
XINPUT1_3.Ordinal99+CBE4 - C7 44 24 20 31C0C390 - mov [rsp+20],90C3C031 { [0] }
XINPUT1_3.Ordinal99+CBEC - 40 B7 90 - mov dil,-70 { 144 }
XINPUT1_3.Ordinal99+CBEF - 40 88 7C 24 24 - mov [rsp+24],dil
XINPUT1_3.Ordinal99+CBF4 - C7 44 24 28 00000000 - mov [rsp+28],00000000 { 0 }
XINPUT1_3.Ordinal99+CBFC - 4C 8D 4C 24 28 - lea r9,[rsp+28]
XINPUT1_3.Ordinal99+CC01 - BA 05000000 - mov edx,00000005 { 5 }
XINPUT1_3.Ordinal99+CC06 - 44 8D 42 3B - lea r8d,[rdx+3B]
XINPUT1_3.Ordinal99+CC0A - 48 8B CB - mov rcx,rbx
XINPUT1_3.Ordinal99+CC0D - FF 15 E5F50A00 - call qword ptr [XINPUT1_3.dll+BC1F8] { ->KERNEL32.VirtualProtect }
XINPUT1_3.Ordinal99+CC13 - 8B 44 24 20 - mov eax,[rsp+20]
XINPUT1_3.Ordinal99+CC17 - 89 03 - mov [rbx],eax
XINPUT1_3.Ordinal99+CC19 - 40 88 7B 04 - mov [rbx+04],dil
XINPUT1_3.Ordinal99+CC1D - 45 33 C9 - xor r9d,r9d
XINPUT1_3.Ordinal99+CC20 - 44 8B 44 24 28 - mov r8d,[rsp+28]
XINPUT1_3.Ordinal99+CC25 - 41 8D 51 05 - lea edx,[r9+05]
XINPUT1_3.Ordinal99+CC29 - 48 8B CB - mov rcx,rbx
XINPUT1_3.Ordinal99+CC2C - FF 15 C6F50A00 - call qword ptr [XINPUT1_3.dll+BC1F8] { ->KERNEL32.VirtualProtect }
XINPUT1_3.Ordinal99+CC32 - EB 00 - jmp XINPUT1_3.Ordinal99+CC34
XINPUT1_3.Ordinal99+CC34 - 48 8B 4C 24 30 - mov rcx,[rsp+30]
XINPUT1_3.Ordinal99+CC39 - 48 33 CC - xor rcx,rsp
XINPUT1_3.Ordinal99+CC3C - E8 3F140600 - call XINPUT1_3.dll+6E080
XINPUT1_3.Ordinal99+CC41 - 48 8B 5C 24 58 - mov rbx,[rsp+58]
XINPUT1_3.Ordinal99+CC46 - 48 83 C4 40 - add rsp,40 { 64 }
XINPUT1_3.Ordinal99+CC4A - 5F - pop rdi
XINPUT1_3.Ordinal99+CC4B - C3 - ret
XINPUT1_3.Ordinal99+CC4C - CC - int 3
XINPUT1_3.Ordinal99+CC4D - CC - int 3
XINPUT1_3.Ordinal99+CC4E - CC - int 3
XINPUT1_3.Ordinal99+CC4F - CC - int 3
XINPUT1_3.Ordinal99+CC50 - 48 8B C4 - mov rax,rsp --------------------------------------------->>>>>>>>>>> OÇ VEH BURA 2
XINPUT1_3.Ordinal99+CC53 - 55 - push rbp
XINPUT1_3.Ordinal99+CC54 - 41 54 - push r12
XINPUT1_3.Ordinal99+CC56 - 41 55 - push r13
XINPUT1_3.Ordinal99+CC58 - 41 56 - push r14
XINPUT1_3.Ordinal99+CC5A - 41 57 - push r15
XINPUT1_3.Ordinal99+CC5C - 48 8D A8 B8FDFFFF - lea rbp,[rax-00000248]
XINPUT1_3.Ordinal99+CC63 - 48 81 EC 20030000 - sub rsp,00000320 { 800 }
XINPUT1_3.Ordinal99+CC6A - 48 C7 44 24 60 FEFFFFFF - mov qword ptr [rsp+60],FFFFFFFE { -2 }
XINPUT1_3.Ordinal99+CC73 - 48 89 58 08 - mov [rax+08],rbx
XINPUT1_3.Ordinal99+CC77 - 48 89 70 18 - mov [rax+18],rsi
XINPUT1_3.Ordinal99+CC7B - 48 89 78 20 - mov [rax+20],rdi
XINPUT1_3.Ordinal99+CC7F - 48 8B 05 E2970E00 - mov rax,[XINPUT1_3.dll+F6468] { [AB54CE03] }
XINPUT1_3.Ordinal99+CC86 - 48 33 C4 - xor rax,rsp
XINPUT1_3.Ordinal99+CC89 - 48 89 85 10020000 - mov [rbp+00000210],rax
XINPUT1_3.Ordinal99+CC90 - 4C 8B FA - mov r15,rdx
XINPUT1_3.Ordinal99+CC93 - 83 F9 01 - cmp ecx,01 { 1 }
XINPUT1_3.Ordinal99+CC96 - 0F85 BA090000 - jne XINPUT1_3.Ordinal99+D656
XINPUT1_3.Ordinal99+CC9C - C7 85 B0010000 4C006F00 - mov [rbp+000001B0],006F004C { 7274572 }
XINPUT1_3.Ordinal99+CCA6 - C7 85 B4010000 61006400 - mov [rbp+000001B4],00640061 { [0] }
XINPUT1_3.Ordinal99+CCB0 - C7 85 B8010000 69006E00 - mov [rbp+000001B8],006E0069 { 7209065 }
XINPUT1_3.Ordinal99+CCBA - C7 85 BC010000 67002000 - mov [rbp+000001BC],00200067 { 2097255 }
XINPUT1_3.Ordinal99+CCC4 - C7 85 C0010000 6C006900 - mov [rbp+000001C0],0069006C { 6881388 }
XINPUT1_3.Ordinal99+CCCE - C7 85 C4010000 62007200 - mov [rbp+000001C4],00720062 { 7471202 }
XINPUT1_3.Ordinal99+CCD8 - C7 85 C8010000 61007200 - mov [rbp+000001C8],00720061 { 7471201 }
XINPUT1_3.Ordinal99+CCE2 - C7 85 CC010000 79003A00 - mov [rbp+000001CC],003A0079 { 3801209 }
XINPUT1_3.Ordinal99+CCEC - C7 85 D0010000 20002700 - mov [rbp+000001D0],00270020 { [00001E00] }
XINPUT1_3.Ordinal99+CCF6 - C7 85 D4010000 7B007D00 - mov [rbp+000001D4],007D007B { 8192123 }
XINPUT1_3.Ordinal99+CD00 - C7 85 D8010000 27002E00 - mov [rbp+000001D8],002E0027 { [0] }
XINPUT1_3.Ordinal99+CD0A - C7 85 DC010000 20005400 - mov [rbp+000001DC],00540020 { [00000000] }
XINPUT1_3.Ordinal99+CD14 - C7 85 E0010000 69006D00 - mov [rbp+000001E0],006D0069 { 7143529 }
XINPUT1_3.Ordinal99+CD1E - C7 85 E4010000 65002000 - mov [rbp+000001E4],00200065 { 2097253 }
XINPUT1_3.Ordinal99+CD28 - C7 85 E8010000 74006F00 - mov [rbp+000001E8],006F0074 { 7274612 }
XINPUT1_3.Ordinal99+CD32 - C7 85 EC010000 20006C00 - mov [rbp+000001EC],006C0020 { 7077920 }
XINPUT1_3.Ordinal99+CD3C - C7 85 F0010000 6F006100 - mov [rbp+000001F0],0061006F { [0] }
XINPUT1_3.Ordinal99+CD46 - C7 85 F4010000 64003A00 - mov [rbp+000001F4],003A0064 { 3801188 }
XINPUT1_3.Ordinal99+CD50 - C7 85 F8010000 20007B00 - mov [rbp+000001F8],007B0020 { 8060960 }
XINPUT1_3.Ordinal99+CD5A - C7 85 FC010000 7D002000 - mov [rbp+000001FC],0020007D { 2097277 }
XINPUT1_3.Ordinal99+CD64 - C7 85 00020000 6D007300 - mov [rbp+00000200],0073006D { 7536749 }
XINPUT1_3.Ordinal99+CD6E - C7 85 04020000 2E000000 - mov [rbp+00000204],0000002E { 46 }
XINPUT1_3.Ordinal99+CD78 - 33 F6 - xor esi,esi
XINPUT1_3.Ordinal99+CD7A - C7 85 80010000 4C006F00 - mov [rbp+00000180],006F004C { 7274572 }
XINPUT1_3.Ordinal99+CD84 - C7 85 84010000 61006400 - mov [rbp+00000184],00640061 { [0] }
XINPUT1_3.Ordinal99+CD8E - C7 85 88010000 69006E00 - mov [rbp+00000188],006E0069 { 7209065 }
XINPUT1_3.Ordinal99+CD98 - C7 85 8C010000 67002000 - mov [rbp+0000018C],00200067 { 2097255 }
XINPUT1_3.Ordinal99+CDA2 - C7 85 90010000 6C006900 - mov [rbp+00000190],0069006C { 6881388 }
XINPUT1_3.Ordinal99+CDAC - C7 85 94010000 62007200 - mov [rbp+00000194],00720062 { 7471202 }
XINPUT1_3.Ordinal99+CDB6 - C7 85 98010000 61007200 - mov [rbp+00000198],00720061 { 7471201 }
XINPUT1_3.Ordinal99+CDC0 - C7 85 9C010000 79003A00 - mov [rbp+0000019C],003A0079 { 3801209 }
XINPUT1_3.Ordinal99+CDCA - C7 85 A0010000 20002700 - mov [rbp+000001A0],00270020 { [00001E00] }
XINPUT1_3.Ordinal99+CDD4 - C7 85 A4010000 7B007D00 - mov [rbp+000001A4],007D007B { 8192123 }
XINPUT1_3.Ordinal99+CDDE - C7 85 A8010000 27002E00 - mov [rbp+000001A8],002E0027 { [0] }
XINPUT1_3.Ordinal99+CDE8 - 66 89 B5 AC010000 - mov [rbp+000001AC],si
XINPUT1_3.Ordinal99+CDEF - E8 FCEDFFFF - call XINPUT1_3.Ordinal99+BBF0
XINPUT1_3.Ordinal99+CDF4 - 4D 8B 4F 08 - mov r9,[r15+08]
XINPUT1_3.Ordinal99+CDF8 - 49 83 C1 08 - add r9,08 { 8 }
XINPUT1_3.Ordinal99+CDFC - 4C 8D 85 80010000 - lea r8,[rbp+00000180]
XINPUT1_3.Ordinal99+CE03 - 48 8B 08 - mov rcx,[rax]
XINPUT1_3.Ordinal99+CE06 - E8 651B0200 - call XINPUT1_3.dll+2E970
XINPUT1_3.Ordinal99+CE0B - E8 E0EDFFFF - call XINPUT1_3.Ordinal99+BBF0
XINPUT1_3.Ordinal99+CE10 - 48 8B 08 - mov rcx,[rax]
XINPUT1_3.Ordinal99+CE13 - 48 8B 01 - mov rax,[rcx]
XINPUT1_3.Ordinal99+CE16 - FF 50 08 - call qword ptr [rax+08]
XINPUT1_3.Ordinal99+CE19 - E8 EA720300 - call XINPUT1_3.dll+44108
XINPUT1_3.Ordinal99+CE1E - 48 8B D8 - mov rbx,rax
XINPUT1_3.Ordinal99+CE21 - E8 C6720300 - call XINPUT1_3.dll+440EC
XINPUT1_3.Ordinal99+CE26 - 48 99 - cqo
XINPUT1_3.Ordinal99+CE28 - 48 F7 FB - idiv rbx
XINPUT1_3.Ordinal99+CE2B - 48 69 C8 00CA9A3B - imul rcx,rax,3B9ACA00 { 0.00 }
XINPUT1_3.Ordinal99+CE32 - 48 69 C2 00CA9A3B - imul rax,rdx,3B9ACA00 { 0.00 }
XINPUT1_3.Ordinal99+CE39 - 48 99 - cqo
XINPUT1_3.Ordinal99+CE3B - 48 F7 FB - idiv rbx
XINPUT1_3.Ordinal99+CE3E - 48 8D 1C 08 - lea rbx,[rax+rcx]
XINPUT1_3.Ordinal99+CE42 - 49 8B 4F 08 - mov rcx,[r15+08]
XINPUT1_3.Ordinal99+CE46 - 48 8B 49 08 - mov rcx,[rcx+08]
XINPUT1_3.Ordinal99+CE4A - E8 E191FFFF - call XINPUT1_3.Ordinal99+6030
XINPUT1_3.Ordinal99+CE4F - 89 44 24 78 - mov [rsp+78],eax
XINPUT1_3.Ordinal99+CE53 - E8 B0720300 - call XINPUT1_3.dll+44108
XINPUT1_3.Ordinal99+CE58 - 48 8B F8 - mov rdi,rax
XINPUT1_3.Ordinal99+CE5B - E8 8C720300 - call XINPUT1_3.dll+440EC
XINPUT1_3.Ordinal99+CE60 - 48 99 - cqo
XINPUT1_3.Ordinal99+CE62 - 48 F7 FF - idiv rdi
Code:
[PC Hunter Standard][BlackDesert64.exe-->Ring3 Hook]: 69
Hooked Object Hook Address and Location Type Current Value Original Value
len(1) ntdll.dll->DbgBreakPoint 0x00007FFB9385E370->_ inline C3 CC
len(5) ntdll.dll->DbgUiRemoteBreakin 0x00007FFB93889480->_ inline E9 DB E9 F7 FF 48 83 EC 28 65
len(5) ntdll.dll->LdrInitializeThunk 0x00007FFB93834F90->_ inline E9 FF BE 95 FF 40 53 48 83 EC
KERNEL32.DLL->ntdll.dll:NtSetValueKey 0x00007FFB9385B580->0x00007FFB8DEA1D10[C:\Windows\SYSTEM32\apphelp.dll] Iat 10 1D EA 8D FB 7F 00 00 80 B5 85 93 FB 7F 00 00
KERNEL32.DLL->ntdll.dll:NtSetInformationFile 0x00007FFB9385AE70->0x00007FFB8DEA1C90[C:\Windows\SYSTEM32\apphelp.dll] Iat 90 1C EA 8D FB 7F 00 00 70 AE 85 93 FB 7F 00 00
KERNEL32.DLL->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
KERNEL32.DLL->ntdll.dll:ZwCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
len(5) KERNEL32.DLL->AllocConsole 0x00007FFB917C1070->_ inline E9 91 FE 9C 01 FF 25 7A 64 05
KERNELBASE.dll->ntdll.dll:NtSetInformationFile 0x00007FFB9385AE70->0x00007FFB8DEA1C90[C:\Windows\SYSTEM32\apphelp.dll] Iat 90 1C EA 8D FB 7F 00 00 70 AE 85 93 FB 7F 00 00
KERNELBASE.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
KERNELBASE.dll->ntdll.dll:NtSetValueKey 0x00007FFB9385B580->0x00007FFB8DEA1D10[C:\Windows\SYSTEM32\apphelp.dll] Iat 10 1D EA 8D FB 7F 00 00 80 B5 85 93 FB 7F 00 00
KERNELBASE.dll->ntdll.dll:ZwSetValueKey 0x00007FFB9385B580->0x00007FFB8DEA1D10[C:\Windows\SYSTEM32\apphelp.dll] Iat 10 1D EA 8D FB 7F 00 00 80 B5 85 93 FB 7F 00 00
len(5) KERNELBASE.dll->AllocConsole 0x00007FFB8FC4C500->_ inline E9 CF 49 54 03 40 53 48 83 EC
ADVAPI32.dll->ntdll.dll:NtSetValueKey 0x00007FFB9385B580->0x00007FFB8DEA1D10[C:\Windows\SYSTEM32\apphelp.dll] Iat 10 1D EA 8D FB 7F 00 00 80 B5 85 93 FB 7F 00 00
ADVAPI32.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
RPCRT4.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
RPCRT4.dll->ntdll.dll:NtSetInformationFile 0x00007FFB9385AE70->0x00007FFB8DEA1C90[C:\Windows\SYSTEM32\apphelp.dll] Iat 90 1C EA 8D FB 7F 00 00 70 AE 85 93 FB 7F 00 00
USER32.dll->ntdll.dll:NtSetValueKey 0x00007FFB9385B580->0x00007FFB8DEA1D10[C:\Windows\SYSTEM32\apphelp.dll] Iat 10 1D EA 8D FB 7F 00 00 80 B5 85 93 FB 7F 00 00
len(5) USER32.dll->SetWindowTextW 0x00007FFB92D02CB0->_ inline E9 9E E2 48 00 48 89 5C 24 08
cfgmgr32.dll->ntdll.dll:NtSetValueKey 0x00007FFB9385B580->0x00007FFB8DEA1D10[C:\Windows\SYSTEM32\apphelp.dll] Iat 10 1D EA 8D FB 7F 00 00 80 B5 85 93 FB 7F 00 00
cfgmgr32.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
COMDLG32.dll->USER32.dll:SetWindowsHookExW 0x00007FFB92D0AA60->0x00007FFB8DEA1D90[C:\Windows\SYSTEM32\apphelp.dll] Iat 90 1D EA 8D FB 7F 00 00 60 AA D0 92 FB 7F 00 00
COMDLG32.dll->USER32.dll:CallNextHookEx 0x00007FFB92D08060->0x00007FFB8DEA1A70[C:\Windows\SYSTEM32\apphelp.dll] Iat 70 1A EA 8D FB 7F 00 00 60 80 D0 92 FB 7F 00 00
shcore.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
SHELL32.dll->USER32.dll:SetWindowsHookExW 0x00007FFB92D0AA60->0x00007FFB8DEA1D90[C:\Windows\SYSTEM32\apphelp.dll] Iat 90 1D EA 8D FB 7F 00 00 60 AA D0 92 FB 7F 00 00
SHELL32.dll->USER32.dll:CallNextHookEx 0x00007FFB92D08060->0x00007FFB8DEA1A70[C:\Windows\SYSTEM32\apphelp.dll] Iat 70 1A EA 8D FB 7F 00 00 60 80 D0 92 FB 7F 00 00
SHELL32.dll->ntdll.dll:NtSetInformationFile 0x00007FFB9385AE70->0x00007FFB8DEA1C90[C:\Windows\SYSTEM32\apphelp.dll] Iat 90 1C EA 8D FB 7F 00 00 70 AE 85 93 FB 7F 00 00
SHELL32.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
windows.storage.dll->ntdll.dll:NtSetInformationFile 0x00007FFB9385AE70->0x00007FFB8DEA1C90[C:\Windows\SYSTEM32\apphelp.dll] Iat 90 1C EA 8D FB 7F 00 00 70 AE 85 93 FB 7F 00 00
windows.storage.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
powrprof.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
FLTLIB.DLL->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
ole32.dll->ntdll.dll:NtSetInformationFile 0x00007FFB9385AE70->0x00007FFB8DEA1C90[C:\Windows\SYSTEM32\apphelp.dll] Iat 90 1C EA 8D FB 7F 00 00 70 AE 85 93 FB 7F 00 00
ole32.dll->USER32.dll:SetWindowsHookExW 0x00007FFB92D0AA60->0x00007FFB8DEA1D90[C:\Windows\SYSTEM32\apphelp.dll] Iat 90 1D EA 8D FB 7F 00 00 60 AA D0 92 FB 7F 00 00
ole32.dll->USER32.dll:CallNextHookEx 0x00007FFB92D08060->0x00007FFB8DEA1A70[C:\Windows\SYSTEM32\apphelp.dll] Iat 70 1A EA 8D FB 7F 00 00 60 80 D0 92 FB 7F 00 00
WS2_32.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
len(5) WS2_32.dll->GetAddrInfoW 0x00007FFB9330BC90->_ inline E9 FE 52 E8 FF 40 55 53 56 57
len(5) WS2_32.dll->getaddrinfo 0x00007FFB9330E9D0->_ inline E9 FE 25 E8 FF 48 89 5C 24 08
WININET.dll->ntdll.dll:NtSetInformationFile 0x00007FFB9385AE70->0x00007FFB8DEA1C90[C:\Windows\SYSTEM32\apphelp.dll] Iat 90 1C EA 8D FB 7F 00 00 70 AE 85 93 FB 7F 00 00
WININET.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
IPHLPAPI.DLL->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
IPHLPAPI.DLL->ntdll.dll:ZwCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
ntmarta.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
SETUPAPI.dll->ntdll.dll:NtSetInformationFile 0x00007FFB9385AE70->0x00007FFB8DEA1C90[C:\Windows\SYSTEM32\apphelp.dll] Iat 90 1C EA 8D FB 7F 00 00 70 AE 85 93 FB 7F 00 00
SETUPAPI.dll->ntdll.dll:NtSetValueKey 0x00007FFB9385B580->0x00007FFB8DEA1D10[C:\Windows\SYSTEM32\apphelp.dll] Iat 10 1D EA 8D FB 7F 00 00 80 B5 85 93 FB 7F 00 00
rsaenh.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
WINHTTP.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
mswsock.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
mswsock.dll->ntdll.dll:NtSetInformationFile 0x00007FFB9385AE70->0x00007FFB8DEA1C90[C:\Windows\SYSTEM32\apphelp.dll] Iat 90 1C EA 8D FB 7F 00 00 70 AE 85 93 FB 7F 00 00
dhcpcsvc.DLL->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
webio.dll->ntdll.dll:NtSetInformationFile 0x00007FFB9385AE70->0x00007FFB8DEA1C90[C:\Windows\SYSTEM32\apphelp.dll] Iat 90 1C EA 8D FB 7F 00 00 70 AE 85 93 FB 7F 00 00
webio.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
DNSAPI.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
rasadhlp.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
fwpuclnt.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
uxtheme.dll->USER32.dll:SetWindowsHookExW 0x00007FFB92D0AA60->0x00007FFB8DEA1D90[C:\Windows\SYSTEM32\apphelp.dll] Iat 90 1D EA 8D FB 7F 00 00 60 AA D0 92 FB 7F 00 00
uxtheme.dll->USER32.dll:CallNextHookEx 0x00007FFB92D08060->0x00007FFB8DEA1A70[C:\Windows\SYSTEM32\apphelp.dll] Iat 70 1A EA 8D FB 7F 00 00 60 80 D0 92 FB 7F 00 00
MSCTF.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
nvwgf2umx.dll->USER32.dll:CallNextHookEx 0x00007FFB92D08060->0x00007FFB8DEA1A70[C:\Windows\SYSTEM32\apphelp.dll] Iat 70 1A EA 8D FB 7F 00 00 60 80 D0 92 FB 7F 00 00
nvspcap64.dll->USER32.dll:CallNextHookEx 0x00007FFB92D08060->0x00007FFB8DEA1A70[C:\Windows\SYSTEM32\apphelp.dll] Iat 70 1A EA 8D FB 7F 00 00 60 80 D0 92 FB 7F 00 00
NvCamera64.dll->USER32.dll:CallNextHookEx 0x00007FFB92D08060->0x00007FFB8DEA1A70[C:\Windows\SYSTEM32\apphelp.dll] Iat 70 1A EA 8D FB 7F 00 00 60 80 D0 92 FB 7F 00 00
NvCamera64.dll->USER32.dll:SetWindowsHookExW 0x00007FFB92D0AA60->0x00007FFB8DEA1D90[C:\Windows\SYSTEM32\apphelp.dll] Iat 90 1D EA 8D FB 7F 00 00 60 AA D0 92 FB 7F 00 00
DINPUT8.dll->USER32.dll:CallNextHookEx 0x00007FFB92D08060->0x00007FFB8DEA1A70[C:\Windows\SYSTEM32\apphelp.dll] Iat 70 1A EA 8D FB 7F 00 00 60 80 D0 92 FB 7F 00 00
DINPUT8.dll->USER32.dll:SetWindowsHookExW 0x00007FFB92D0AA60->0x00007FFB8DEA1D90[C:\Windows\SYSTEM32\apphelp.dll] Iat 90 1D EA 8D FB 7F 00 00 60 AA D0 92 FB 7F 00 00
DEVOBJ.dll->ntdll.dll:NtSetInformationFile 0x00007FFB9385AE70->0x00007FFB8DEA1C90[C:\Windows\SYSTEM32\apphelp.dll] Iat 90 1C EA 8D FB 7F 00 00 70 AE 85 93 FB 7F 00 00
DEVOBJ.dll->ntdll.dll:NtSetValueKey 0x00007FFB9385B580->0x00007FFB8DEA1D10[C:\Windows\SYSTEM32\apphelp.dll] Iat 10 1D EA 8D FB 7F 00 00 80 B5 85 93 FB 7F 00 00
nvd3dumx.dll->USER32.dll:CallNextHookEx 0x00007FFB92D08060->0x00007FFB8DEA1A70[C:\Windows\SYSTEM32\apphelp.dll] Iat 70 1A EA 8D FB 7F 00 00 60 80 D0 92 FB 7F 00 00
nvSCPAPI64.dll->USER32.dll:CallNextHookEx 0x00007FFB92D08060->0x00007FFB8DEA1A70[C:\Windows\SYSTEM32\apphelp.dll] Iat 70 1A EA 8D FB 7F 00 00 60 80 D0 92 FB 7F 00 00
AVRT.dll->ntdll.dll:NtCreateFile 0x00007FFB9385B430->0x00007FFB8DEA1AC0[C:\Windows\SYSTEM32\apphelp.dll] Iat C0 1A EA 8D FB 7F 00 00 30 B4 85 93 FB 7F 00 00
Well I and my mate raped their a lot of things like 4-5 weeks ago and released 2-3 version BDO hack for Crimson Server. But sadly I had bad times on school and had to delete Crimson. Didnt update anything, I didnt open the game like 5 weeks. What I know is they are using XINPUT1 as anticheat, they are using some kernel functions / api too. So with right tools you can see which functions they are using and fck them :=) Good Luck.
Regards.
Edit from space: Lol you were talking about duping, sorry I didnt read the thread I just gave some info for Crimson Lovers. Sorry, good luck about duping xD
|
|
|
|
All times are GMT +1. The time now is 01:42.
|
|
