[Mini Guide]Bypassing the new added debugger detection
Link Removed.
I decided that this forum doesn't deserve or appreciate my work and I am not going to support it by releasing/maintaining my work and generating traffic for it.
I guess i am too foolish to follow this tutorial, lol... Any even more idiot proof method?
I tried forcing "RETN 0" in the IsDebuggerPresent API located in KernalBA, but It seems that this dll is used all the time. lol
If you're plan is to bypass IsDebuggerPresent, then this is not the way to go about it. Try an msdn search on what IsDebuggerPresent returns.
However I can tell you right of the bat that patching that is not going to help you much. But it is however an anti-debugging technique still widely used, so it can't harm to learn how to patch it.
If you do a quick MSDN search you will see that this function is a bool, so it will return true or false, that is for user-mode debuggers (like Ollydbg)
Which I guess is more popular here in the CO scene. So if your memory based bot uses debugging techniques and you want to bypass IsDebuggerPresent you will want that call to return a value of false. Makes sense right?
Now what you really need to know when debugging is what all the registers are for, which I don't think anyone in this forum has explained properly.
Anyway a quick google search about registers will get you everything you need to know about registers.
Either way, after that call EAX will have a value of either 1 or 0 depending on the outcome of IsDebuggerPresent, did it return true or false?
So a quick fix is just to patch EAX with 0, by doing a mov eax,0. Since there is most likely a test or compare statement underneath it to figure out what to do next.
However like I said in the beginning this will not help you against that 1 day restriction, and to be honest what is shown in the video is not enough either However a google search for "Anti-debugging techniques" will be enough.
A- By doing what i did in that video you are simply bypassing all the functions/anti-debugging techniques that the tqanp.dll contains just like its never been loaded into the process...
B- The point of this thread is to give the memory based bots that uses the debugging techniques the ability to Attach/debug conquer.exe again
C- Disabling the IsDebuggerPresent function will not do you any good and it will not let you attach or debug conquer.exe
D- seems like you have come to a conclusion that what i did in that video should stop the 1 day restriction thing... so let me correct you by saying that it has nothing to do with it, and that the 1 day restriction thing is server sided
@ shitboi
If your intention is to debug conquer.exe using something like ollydbg there is some library's/plugins that can hide the debugger for you so you don't have to do any of this.
Thanks for you reply angelius... I have already figured out what needed to be done. I most debug using CheatEngine (though most of you will disagree), but i simply can't get olly to do real time debugging on Conquer. Anyways my problem is solved for now.
Edit:
I concur with the statement that disabling IsDebuggerPresent doesn't do much.
C- Disabling the IsDebuggerPresent function will not do you any good and it will not let you attach or debug conquer.exe
Works fine here, I can easily attach Cheat Engine to Conquer without doing any modifications at all.
The reason that the IsDebuggerPresent patch is needed is for when you're debugging Conquer.exe during launch. If you don't patch IsDebuggerPresent, you won't be able to launch Conquer through a debugger.
Quote:
Originally Posted by shitboi
Thanks for you reply angelius... I have already figured out what needed to be done. I most debug using CheatEngine (though most of you will disagree), but i simply can't get olly to do real time debugging on Conquer. Anyways my problem is solved for now.
Cheat Engine is actually pretty **** good, I tend to use it more than Olly to be honest.
Works fine here, I can easily attach Cheat Engine to Conquer without doing any modifications at all.
The reason that the IsDebuggerPresent patch is needed is for when you're debugging Conquer.exe during launch. If you don't patch IsDebuggerPresent, you won't be able to launch Conquer through a debugger.
Cheat Engine is actually pretty **** good, I tend to use it more than Olly to be honest.
Touche to the cheat engine part. I've recently started using it instead of Olly for some things, though I'm pretty used to Olly. CE has always been super powerful for things like this, and it has a shitload of useful functions packed into one program.
A- By doing what i did in that video you are simply bypassing all the functions/anti-debugging techniques that the tqanp.dll contains just like its never been loaded into the process...
B- The point of this thread is to give the memory based bots that uses the debugging techniques the ability to Attach/debug conquer.exe again
C- Disabling the IsDebuggerPresent function will not do you any good and it will not let you attach or debug conquer.exe
D- seems like you have come to a conclusion that what i did in that video should stop the 1 day restriction thing... so let me correct you by saying that it has nothing to do with it, and that the 1 day restriction thing is server sided
@ shitboi
If your intention is to debug conquer.exe using something like ollydbg there is some library's/plugins that can hide the debugger for you so you don't have to do any of this.
A) Thing is, it does get loaded in the process. What function gets called to load a DLL into memory? Exactly, patch that if you don't want it loaded into memory.
B) It doesn't, since there is no use to attaching a bot to a client if you can not bot because you get restricted.
C) Wrong there, I can debug just fine, I can run Conquer thru a debugger just fine as well. And I can bot cliented just fine as well.
D) I have come to a conclusion? Seems to me you have come to the conclusion that I came to a conclusion, I simply stated that it simply wouldn't help him to get past the 1 day restriction. And the restriction being completely server sided is also false.
So now let's all get to the conclusion that telling someone he is wrong is a no go.
Bypassing GameGuard Guide 10/02/2011 - Rappelz - 36 Replies Hey there!
The simple fact that you are willing to read this tutorial shows that you are at least interested in making your own hacks/bypasses.
I will walk you guys through the general idea behind the PostMessage bypass and its sourcecode.
Here is a list of tools that you will probably need (so look for a copy of these programs):
-Microsoft Visual C++ (any version will do, I myself use 6.0)
-Microsoft Visual Basic (just to save the hassle and to be able to setup a GUI real...
Debugger detection wtf? 02/15/2010 - General Coding - 12 Replies Hi alle zusammen,
Dieser Thread richtet sich an Leute, die Ahnung von Windows Internals und am besten PEB, Debuggerdetection, NT etc. haben (an alle Linuxer, ihr könnt hier aufhören zu lesen, falls ihr nicht vorhabt, etwas mit Windows zu machen ;))
Keine Angst, da es sich bei mir um einen 64bitler handelt, geht es vorläufig (!) nicht in den ring0.
Mein Problem ist eine äußerst nervige Debuggerdetection beim Spiel S4 League.
Ich dachte erst, sie kommt evtl. durch Themida, aber es scheint...
[Request] Guide about Instruction changing without debugger 12/17/2009 - Cabal Online - 0 Replies Hello, for the ones who know about it... Is there another way I could get the current EIP (instruction pointer) on a running process (attached, for example, with MHS and without any live debugger), so I could pause the execution of that given process, get the EIP, and then trace back (manually) execution up to an instruction I wanted to change its behavior?
Well, probably while tracing back the execution I could get caught by instruction jumps (given an address, many many jumps could have...
[Guide] Bypassing the Chat Filter 11/23/2009 - Mabinogi Hacks, Bots, Cheats & Exploits - 6 Replies Hello people :D As you all know I'm working on my bot, but during my 10 minute brake I decided to post this...
Bypassing the Chat Filter is incredibly easy and requires no mods. First I write the following text down: (happy) then I copy it. Once you have that text copied you can say things like: I'm tired of all these god da(happy)mn mother fu(happy)cking snakes on this god da(happy)mn mother fu(happy)cking plane!
Never say: fuck(happy)ing because other people will see ***(happy)ing and...
![[Mini Guide]Bypassing the new added debugger detection](https://www.elitepvpers.com/forum/iconimages/co2-programming/mini-guide-bypassing-new-added-debugger-detection_ltr.gif){kind=small}
However a google search for "Anti-debugging techniques" will be enough.
