Need help bypassing HELIX's wallhack protection

[AsuraYuuto]

So first things first, I wanted to do a wallhack for HELIX, and noticed that it doesn't work. And before Mshield loads, I did a 4 byte unknown value scan on HELIXMAIN's module start and end address.

I got 6000 results but I only took at most 1000 since others weren't part of the .text section meaning they were not code, just values.

In those 1000 results, I was randomly accessing codes when I found the code below which strangely reminded the offset of wallhack. Pic below



And so after doing my hook, I can finally walk through walls. The problem is fixed....

but 500 milliseconds after I walked through the wall, the game sends me back into the spawn point of the map and now I have hit another wall. Pls help.

[mrebhem100]

there is no mtp.dll anymore .

[AsuraYuuto]

Quote:

Originally Posted by mrebhem100

there is no mtp.dll anymore .

it's there. It was just manually mapped that's why you see 09XXXXXXX instead of mtp.dll+XXXXXX

[krauwcer]

Quote:

Originally Posted by AsuraYuuto

it's there. It was just manually mapped that's why you see 09XXXXXXX instead of mtp.dll+XXXXXX

follow call address after mshield load, you can do auto wallhack permant.
now mtp change to mtd and have base address and offsets, mtd.dll+003E???? base address v4.2.7.4

[mrebhem100]

can you teach me where to find mtp.dll

how to do that ?

I know how to wallhack just help me find mtp.dll

[AsuraYuuto]

Quote:

Originally Posted by mrebhem100

can you teach me where to find mtp.dll

how to do that ?

I know how to wallhack just help me find mtp.dll

You can't find it because the mtp.dll has been manually mapped.

You have to dereference the value from the call, the E9 hook from above, then add the hook address to the dereferenced value, then use VirtualQuery on the sum of hook address and dereferenced value to get the base address of mtp.dll.