Register for your free account! | Forgot your password?

Go Back   elitepvpers > MMORPGs > Conquer Online 2 > CO2 Programming
[Question] The new client protection [Question] The new client protection
You last visited: Today at 22:41

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement


Advertise with us!

[Question] The new client protection

Discussion on [Question] The new client protection within the CO2 Programming forum part of the Conquer Online 2 category.

Closed Thread
 
Old   #1
 
{ Angelius }'s Avatar
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Aug 2010
Posts: 992
Received Thanks: 1,110
[Question] The new client protection

This can be closed.
{ Angelius } is offline  
Old 07/21/2013, 16:32   #2
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Mar 2013
Posts: 118
Received Thanks: 95


That hooked NtProtectVirtualMemory you're looking at is because of your Avast Anti-Virus software. It has nothing to do with TQ's anti-cheat system.
Smaehtin is offline  
Old 07/21/2013, 17:32   #3
 
{ Angelius }'s Avatar
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Aug 2010
Posts: 992
Received Thanks: 1,110
Quote:
Originally Posted by Smaehtin View Post


That hooked NtProtectVirtualMemory you're looking at is because of your Avast Anti-Virus software. It has nothing to do with TQ's anti-cheat system.
Yeah thanks Einstein :|

Like i didn't think about that before i include it in my post... i have checked that call on my PC and on 2 different VM's All has the same antivirus installed.

And the only way you would be right is if the OS type itself matter which i doubt.

And by the way regardless of the fact that your answer is useless to me you didn't have to be a **** about it posting that silly image of yours.
{ Angelius } is offline  
Old 07/21/2013, 17:49   #4
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Mar 2013
Posts: 118
Received Thanks: 95
Quote:
Originally Posted by { Angelius } View Post
Well TQ team decided to change that route a bit to their advantage and this is what they came up with.

ntdll.NtProtectVirtualMemory
Before:
PHP Code:
MOV EAX0x4E
CALL DWORD PTR FS:[0C0]
RETN 14 
After:
PHP Code:
JMP 00030A08
CALL DWORD PTR FS:[0C0]
RETN 14 
No, TQ didn't hook ntdll.NtProtectVirtualMemory. Avast Anti-Virus did.
Am I being clear enough now?
Smaehtin is offline  
Thanks
1 User
Old 07/21/2013, 17:53   #5
 
{ Angelius }'s Avatar
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Aug 2010
Posts: 992
Received Thanks: 1,110
Quote:
Originally Posted by Smaehtin View Post
No, TQ didn't hook ntdll.NtProtectVirtualMemory. Avast Anti-Virus did.
Am I being clear enough now?
And you are saying that based on what ?

Or do i have to take it on faith and trust you lol.
{ Angelius } is offline  
Old 07/21/2013, 18:00   #6
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Mar 2013
Posts: 118
Received Thanks: 95
Quote:
Originally Posted by { Angelius } View Post
And you are saying that based on what ?

Or do i have to take it on faith and trust you lol.
Quote:
Originally Posted by { Angelius } View Post
The (JMP 00030A08) eventually leads to this function.
Code:
CPU Disasm
Address   Hex dump          Command                                  Comments
7272A890  /.  55            PUSH EBP
7272A891  |.  8BEC          MOV EBP,ESP
7272A893  |.  83E4 F8       AND ESP,FFFFFFF8                         ; QWORD (8.-byte) stack alignment
7272A896  |.  81EC 8C000000 SUB ESP,8C
7272A89C  |.  53            PUSH EBX
7272A89D  |.  56            PUSH ESI
7272A89E  |.  57            PUSH EDI
7272A89F  |.  68 84000000   PUSH 84                                  ; /Arg3 = 84
7272A8A4  |.  33F6          XOR ESI,ESI                              ; |
7272A8A6  |.  8D4424 18     LEA EAX,[LOCAL.33]                       ; |
7272A8AA  |.  56            PUSH ESI                                 ; |Arg2 => 0
7272A8AB  |.  50            PUSH EAX                                 ; |Arg1 => OFFSET LOCAL.33
7272A8AC  |.  E8 3F0F0100   CALL 7273B7F0                            ; \[B][SIZE="7"][COLOR="Red"]snxhk[/COLOR][/SIZE][/B].7273B7F0
Smaehtin is offline  
Old 07/21/2013, 18:01   #7

 
elite*gold: 54
The Black Market: 163/0/0
Join Date: Jul 2011
Posts: 380
Received Thanks: 86
Quote:
Originally Posted by { Angelius } View Post
And you are saying that based on what ?

Or do i have to take it on faith and trust you lol.
Search the snxhk.dll thats being called on google, or even better do a search on your computer and you'll find it in avast's directory. It's an avast dll.

p.s. omgawd I was slow
Fragaria is offline  
Old 07/21/2013, 18:13   #8
 
{ Angelius }'s Avatar
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Aug 2010
Posts: 992
Received Thanks: 1,110
Quote:
Originally Posted by DragonHeart~V4 View Post
Search the snxhk.dll thats being called on google, or even better do a search on your computer and you'll find it in avast's directory. It's an avast dll.

p.s. omgawd I was slow
****... You guys are right... I failed to do a simple search before i jump into the depth of the assembly code.

Oh well. Albert Einstein failed to ride a bicycle :P
{ Angelius } is offline  
Old 07/21/2013, 20:45   #9
 
Spirited's Avatar
 
elite*gold: 12
The Black Market: 0/0/0
Join Date: Jul 2011
Posts: 8,282
Received Thanks: 4,191
Closed, as requested.
Spirited is offline  
Thanks
2 Users
Closed Thread

« New Zoom Hack | [Release] Proxy Phoenix Packet Sniffer »

Similar Threads Similar Threads
[RLS]Client Protection *LITE*
04/13/2013 - Metin2 PServer Guides & Strategies - 61 Replies
Herzlich Willkommen zu meinem Release. Ich release hier die Lite version meines Client Protection System. Ich empfehle das System in eine OnUpdate funktion hineinzuschreiben. Da dies nichts besonderes ist, aber dennoch 95% der Fähigkeiten der Com übersteigt, möchte ich etwas gutes tun und es hiermit zu releasen. Ihr müsst natürlich eure eigene Whitelist selbst machen :D Löscht überschüssige Dateien Schließt sich wenn Dateien fehlen Meldet welche Dateien fehlen
Question about Protection wings
03/09/2013 - Dekaron - 2 Replies
what are the stats of the wings and can i trade them? cux im looking for a buyer but im not sure if i can trade them like Fate wings. I got a box from a Gold box. Thanks IT CAN NOT BE TRADED SOO. #Close
[Best client protection?] Is this best client protection?
10/31/2012 - Metin2 Private Server - 0 Replies
Hello, i found this : WildGamers Security Page This website offers for metin2 clients anti-hack protection with autoban etc. (deleted root etc.), and I try him on my server, and this works. But, how I can to user switchbot on 4Metin PVP - Private server - Use this protection with some things edited. P.S.: Protection is only in client, personalized PONG on game :-s
[QUESTION]Dedicated Server Protection
03/21/2010 - Dekaron Private Server - 10 Replies
Hello guys, I was wondering if I need any anti virus or protection on my dedicated server that I will get tomorrow, I want my server to be secure so you guys know if I need some programs or not? Please let me know, I would really appreciate since my server is making a really quick progress. Thanks in advance,
Client Protection?
05/08/2009 - World of Warcraft - 0 Replies
so i was wondering what kind of protection the wow client has, like can i search (or access through kernel calls) the virtual memory safely or do bots and such strictly have to be pixel based? (without killing warden i mean)



All times are GMT +1. The time now is 22:42.

elitepvpers - play less, get more - Top

Powered by vBulletin®
Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2026 elitepvpers All Rights Reserved.