========= thread crapped dont know why and i cant edit or remove, im sorry, pls mod edit or remove =================== Im trying to bypass Cabal-BR xtrap version 2548 (latest version) so I tested those: I downloaded rootkit unhooker
and unhooked these hooks from xtrap without crashing or closing game: OK = ok, can unhook without crashing or closing game NO = if you unhook the game will close, pc crash or simply you are not allowed =SSDT= NtDeviceIoControlFile ----------------NO Actual Address 0xF4236F8C Hooked by: C:\WINDOWS\system32\XDva205.sys NtOpenProcess ---------------------NO Actual Address 0xF4236564 Hooked by: C:\WINDOWS\system32\XDva205.sys NtOpenSection ---------------------OK Actual Address 0xF4236486 Hooked by: C:\WINDOWS\system32\XDva205.sys NtProtectVirtualMemory -----------OK Actual Address 0xF423DB72 Hooked by: C:\WINDOWS\system32\XDva205.sys NtReadVirtualMemory ---------------OK Actual Address 0xF423650A Hooked by: C:\WINDOWS\system32\XDva205.sys NtSuspendThread ------------------OK Actual Address 0xF423D7E4 Hooked by: C:\WINDOWS\system32\XDva205.sys NtTerminateProcess ----------------OK Actual Address 0xF423D9E6 Hooked by: C:\WINDOWS\system32\XDva205.sys NtWriteFile ---------------------OK Actual Address 0xF423D96C Hooked by: C:\WINDOWS\system32\XDva205.sys NtWriteVirtualMemory ---------------OK Actual Address 0xF4238FDA Hooked by: C:\WINDOWS\system32\XDva205.sys =Shadow SSDT= NtGdiGetPixel -----------------------------OK Actual Address 0xF416C432 Hooked by: C:\WINDOWS\system32\XDva205.sys NtUserPostMessage --------------------------OK Actual Address 0xF416C318 Hooked by: C:\WINDOWS\system32\XDva205.sys NtUserSendInput ----------------------------NO Actual Address 0xF4168A3E Hooked by: C:\WINDOWS\system32\XDva205.sys NtUserSetWindowsHookEx ---------------------OK Actual Address 0xF4168904 Hooked by: C:\WINDOWS\system32\XDva205.sys NtUserTranslateMessage ---------------------OK Actual Address 0xF416893C Hooked by: C:\WINDOWS\system32\XDva205.sys =Code Hooks= (OK) [924]cabalmain.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [karasx2.dll] (OK) [924]cabalmain.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [karasx2.dll] (NO) ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump at address 0x804DBAA2 hook handler located in [ntoskrnl.exe] (NO) IDT-->Int 0x00000001, Type: IDT modification hook handler located in [XDva205.sys] Cheat Engine is still detected by Xtrap but MHS is not (until you try to access cabalmain.exe). I can access xtrap.xt without problems, but I dont know what to do with this. Was this useful for any of you?
