Register for your free account! | Forgot your password?

You last visited: Today at 04:01

  • Please register to post and access all features, it's quick, easy and FREE!

 

[Release]: Hackshield bypass.

Reply
 
Old   #76
 
elite*gold: 0
Join Date: Mar 2005
Posts: 114
Received Thanks: 1
Quote:
Originally Posted by hilete View Post
Requiem.rar:
Upload of file failed.
pm your email pls, i'll send it to you right away.
if you can email it then you can upload it somewhere, just do it.



MrWise is offline  
Old   #77
 
elite*gold: 0
Join Date: Aug 2008
Posts: 20
Received Thanks: 0
Quote:
Originally Posted by Layka0 View Post
of coz u can doubt ,
but myself i have same problems connecting and playing russian server with original exe and with fixed exe.

russian sever is just sucking all the way ,ive tried playing there, i have 26 lvl SH
and i cant play ther even with orig exe same shit happens DC - unable to connect etc

ill repeat myself its just a server, offsets working pretty nice,
logic tells me you have connection problems (bad routing for example) AND protection issues, and i have protection issues only.

anyway, i changed j(n)z at these locations (as you can see it's 0x90 bytes away from english version.. if i remember correctly):
384402
3845B2
3bb800

nops placed here:
386B27

and there is a cycle with peekmessage(), which in some case goes to checking again:
38488f

could you upload original russian requiem.exe here please, cause I can't.

have anyone tried MzBot (v2) API? did it work? i am unable to make it work.
by MzBot v2 they mean proof of concept code, that supposedly bypasses NtUserSendInput hook
the code of dll is this:
Code:
.386
.model flat, stdcall
option casemap:none

include windows.inc
include kernel32.inc
includelib kernel32.lib


.DATA
	varSSID		dd 0
	sDeviceName	db 92, 92, 46, 92, 116, 111, 66, 122, 77, 0 ; //./toBzM
	buffDrvOutput	dq 0

.CODE
start:
LibMain proc hInstDLL:DWORD, reason:DWORD, unused:DWORD
	mov varSSID, 0
	.if reason == DLL_PROCESS_ATTACH
	
	.elseif reason == DLL_PROCESS_DETACH
	
	.elseif reason == DLL_THREAD_ATTACH
	
	.elseif reason == DLL_THREAD_DETACH
	
	.endif
	
	mov eax, 1
	ret

LibMain endp

InitMzBot proc
	; Open File it
	push 0
	push 0
	push 3 ; OPEN_EXISTING
	push 0
	push 3 ; FILE_SHARE_READ | FILE_SHARE_WRITE,
	push 0C0000000h ; GENERIC_READ | GENERIC_WRITE
	push OFFSET sDeviceName
	call CreateFile
	cmp eax, 0FFFFFFFFh ; INVALID_HANDLE_VALUE
	jne ContactDriver1
	
	; Oh sh*t? A funny error occurred!
	mov eax, -1
	ret
ContactDriver1:
	; So we got it?
	push eax ; Backup the handle as usual
	
	; Time to IOCTL it!
	push 0 ; Reserve 4 byte for the OutputSize
	mov ebx, esp ; Yes, I have a habit of using random registers.. erm... not eax and not ecx...
	
	; Call IOCTL
	push 0
	push ebx
	push 8 ; QWord, remember?
	push OFFSET buffDrvOutput; The content?
	push 0 ; No, there is ~~
	push 0 ; no input data!
	push 0A9002A40h ; #define IOCTL_GET_STARTING_SERVICEID		CTL_CODE(0xA900, 0x0A90, METHOD_BUFFERED, FILE_ANY_ACCESS)
	push eax
	call DeviceIoControl
	cmp eax, 0
	jne ContactDriver2
	
	; Screw it, another error!
	add esp, 4 ; Clean off the OutputSize as well!
	call CloseHandle ; Backup.. backup...
	mov eax, -2
	ret
	
ContactDriver2:
	add esp, 4
	call CloseHandle
	mov eax, OFFSET buffDrvOutput ; **** it! Who cares if it is a QWord or DWord?! As far as I see, it won't be zero
	mov eax, [eax]
	add eax, 01000h
	mov varSSID, eax ; Set varSSID as well...
	ret
InitMzBot endp

AltSendInput proc
	mov eax, varSSID
	cmp eax, 0
	je Alt_SendInput_Err
	call IntCallGate
	
	ret 0Ch

Alt_SendInput_Err:
	mov eax, -1
	ret 0Ch
	
IntCallGate:
	; Erm.. no, they won't be dumb enough to detect this!
	mov edx, esp
	db 00Fh
	db 034h ; Yeah, sysenter
	ret
AltSendInput endp

end start
I fail to get results with this code even with no hooks on NtUserSendInput. I've tried myself - no result. Found a C++ wrap for the dll:
Code:
#ifndef MZBOT2_DLL_VERSION_HEADER
#define MZBOT2_DLL_VERSION_HEADER

#include <windows.h>

unsigned int MzBot_Init() {
	HMODULE m = LoadLibrary( "amz.dll" );
	if ( !m ) {
		return -3;
	}
	unsigned long addr = (unsigned long) GetProcAddress( m, "InitMzBot" );
	if ( !addr ) {
		return -4;
	}
	__asm {
		mov eax, addr
		call addr
		mov addr, eax
	}
	return addr;
};

unsigned int MzBot_SendInput( UINT nInputs, LPINPUT pInputs, int cbSize )
{
	HMODULE m = LoadLibrary( "amz.dll" );
	unsigned long addr = (unsigned long) GetProcAddress( m, "AltSendInput" );
	__asm {
		mov eax, addr
		push cbSize
		push pInputs
		push nInputs
		call addr
		mov addr, eax
	}
	return addr;	
};

#endif //#ifndef MZBOT2_DLL_VERSION_HEADER
and again, no result.

well, the error occures during init. return val is -1, so CreateFile isn't working well. who remembers what can be \\.\toBzM? like mailslot, but it's not... stream?


hilete is offline  
Old   #78
 
elite*gold: 0
Join Date: Jan 2008
Posts: 50
Received Thanks: 17
hilete

i can assure i have no isp prolems, my connection is totally fine.

Try this one


at least it does work for me
i can use macros and bind mouse buttons
but still problems with DC and its definitely not my fault
Attached Files
File Type: rar Requiem.rar (1.27 MB, 73 views)
Layka0 is offline  
Old   #79
 
elite*gold: 0
Join Date: Aug 2008
Posts: 20
Received Thanks: 0
wait a minute... which version is this? 62kb larger than our rus client...


hilete is offline  
Old   #80
 
elite*gold: 0
Join Date: Apr 2008
Posts: 24
Received Thanks: 0
In russian server hee do`nt work
lexxes is offline  
Old   #81
 
elite*gold: 0
Join Date: Jan 2008
Posts: 50
Received Thanks: 17
i dont remember exactly but this is eng requiem exe that works at least for me on russian server too.
allows me to use all the things i need to ease my game.
Layka0 is offline  
Old   #82
 
elite*gold: 0
Join Date: Aug 2008
Posts: 20
Received Thanks: 0
well... it's sad, it doesn't start for me..
hilete is offline  
Old   #83
 
elite*gold: 0
Join Date: Jan 2008
Posts: 50
Received Thanks: 17
thats rly strange - with this exe i can play, with other fixed i get "overbuffer" and ???? Errors
Layka0 is offline  
Old   #84
 
elite*gold: 0
Join Date: Aug 2008
Posts: 20
Received Thanks: 0
mysteriosness, it is, yes?

by "doesn't start" I mean no errors even. i replace my exe with yours, start "UpdaterRus.exe", on the appeared window I press "start" (in russian ofcourse) button, and then nothing...
hilete is offline  
Old   #85
 
elite*gold: 0
Join Date: Jan 2008
Posts: 50
Received Thanks: 17
i dont know if it will help, im trying this with game installed from Requiem_Rus_V3_install
Layka0 is offline  
Old   #86
 
elite*gold: 0
Join Date: Aug 2008
Posts: 20
Received Thanks: 0
3,116,041,081 bytes?
hilete is offline  
Old   #87
 
elite*gold: 0
Join Date: Jan 2008
Posts: 50
Received Thanks: 17
hilete
i dont know exactly coz i have it in extracted mode
but i dl'ed from

pm me with ur msn
Layka0 is offline  
Old   #88
 
elite*gold: 0
Join Date: Jun 2008
Posts: 10
Received Thanks: 0
Layka,

Today after the update, when using the current HackShield Bypass everything turn into a ? icons. Can you make a new quick one or show me how to do it if it's simple? This is for Requiem USA.

Thanks so much!
division101 is offline  
Old   #89
 
elite*gold: 0
Join Date: Dec 2007
Posts: 142
Received Thanks: 135
yep, everithing tirns to "?" and no grass! Plz make one quick fixed exe! Or just send the method to me via private message plz!
MADR4T is offline  
Old   #90
 
elite*gold: 0
Join Date: Apr 2008
Posts: 34
Received Thanks: 17
can someone make one for the last english client i dont have such good programming skills and i would be very thankfull cuz i cant play without it . thks in advance


razelm is offline  
Reply



« Previous Thread | Next Thread »

Similar Threads
[Release]Hackshield Bypass
so ehm, hier gibts nen release zum Hackshield Bypass (nur für dll's)! wundert euch nich über den namen (Mod Manager), das soll später ein tool zum...
24 Replies - Metin2 Hacks, Bots, Cheats, Exploits & Macros
[RELEASE]Hackshield Bypass
hi leutzZ also ich habe hier mal so ein trick ich weis aber nich ob es funzt is only vista(ich hab leider kein vista und kann es nicht testen) ...
3 Replies - Coding Releases
[Release] D3D Bypass (Hackshield)
Ok, Since i whas vip coder for warrock and I quit I will release this, *NOTE* If I have around 100 views and 10-20 thanks, I CLOSE THIS TRHEAD ...
20 Replies - WarRock Hacks, Bots, Cheats & Exploits
*Release Hackshield Bypass*
First off I take no credits in this, I did not make it, but I really can't remember where I got this, it has been on my desktop for a while now, So...
13 Replies - Dragonica Hacks, Bots, Cheats & Exploits
[Release]Loader/HackShield bypass
Put this in your Requiem\System folder and execute, it will load the game straight up bypassing the launcher and hackshield Have fun *M*
48 Replies - General Gaming Discussion



All times are GMT +1. The time now is 04:01.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2017 elitepvpers All Rights Reserved.