|
You last visited: Today at 12:04
Advertisement
[Release][GF]Kamer mod - level, fish, farm bot
Discussion on [Release][GF]Kamer mod - level, fish, farm bot within the Metin2 Hacks, Bots, Cheats, Exploits & Macros forum part of the Metin2 category.
03/26/2015, 20:41
|
#3931
|
elite*gold: 0 
Join Date: Mar 2015
Posts: 131
Received Thanks: 8
|
Quote:
Originally Posted by _asm
It's funny that you literally asked the developer if he uses a HEX EDITOR again a HEX EDITOR for making it undetected. Wow that just made my day.
|
I dont know if u have brains... i ask first for dont lose my time.
|
|
|
|
03/26/2015, 20:52
|
#3932
|
elite*gold: 0
Join Date: Dec 2014
Posts: 442
Received Thanks: 211
|
Quote:
Originally Posted by lUploaderl
I dont know if u have brains... i ask first for dont lose my time.
|
Well I guess I only have one brain  (would be nice if you can tell me where I can get multiple brains!).
Your English. **** not bad!
|
|
|
|
|
03/26/2015, 20:59
|
#3933
|
elite*gold: 0
Join Date: Mar 2015
Posts: 131
Received Thanks: 8
|
Quote:
Originally Posted by _asm
Well I guess I only have one brain (would be nice if you can tell me where I can get multiple brains!).
Your English. **** not bad! |
I think you're smart enough, for understand.
|
|
|
|
|
03/26/2015, 21:33
|
#3934
|
elite*gold: 0
Join Date: Jan 2013
Posts: 127
Received Thanks: 5
|
who have By pass
|
|
|
|
|
03/26/2015, 21:39
|
#3935
|
elite*gold: 0
Join Date: Mar 2015
Posts: 131
Received Thanks: 8
|
Quote:
Originally Posted by oussama83
who have By pass
|
I know 1 away for fk the hack shield, w8 a sec i go try it 
I will post back here a 2 hours
|
|
|
|
|
03/26/2015, 21:43
|
#3936
|
elite*gold: 0
Join Date: Jan 2013
Posts: 127
Received Thanks: 5
|
Quote:
Originally Posted by lUploaderl
I know 1 away for fk the hack shield, w8 a sec i go try it
I will post back here a 2 hours |
i try one but that dont work
and plz if u have a DMG send it to me too
|
|
|
|
|
03/26/2015, 21:49
|
#3937
|
elite*gold: 0
Join Date: Mar 2015
Posts: 131
Received Thanks: 8
|
Quote:
Originally Posted by oussama83
i try one but that dont work
and plz if u have a DMG send it to me too
|
All bypass u find all pached.
I dont have DMG hack i w8 for 1 to :P
About the bypass for hack shield, i fail hard here i only know how fk the heart beat (Gameguard)
I talking to 2 coders for he can help me.
|
|
|
|
|
03/26/2015, 22:06
|
#3938
|
elite*gold: 0
Join Date: Dec 2011
Posts: 128
Received Thanks: 4
|
well I guess I can play without hacks for a while
Nah, I prefer to play another game and come back to metin when this is stable
|
|
|
|
|
03/26/2015, 22:08
|
#3939
|
elite*gold: 0
Join Date: Mar 2015
Posts: 131
Received Thanks: 8
|
This bypass as been release january
#include"HackShield.h"
#include<stdio.h>
#define WindowsUnknown 0
#define Windows7 7
#define Windows8 8
void WriteByte(BYTE temp, PDWORD CurrentAddr){
*(BYTE *)CurrentAddr[0] = temp;
CurrentAddr[0]+=1;
}
void WriteWord(WORD temp, PDWORD CurrentAddr){
*(WORD *)CurrentAddr[0] = temp;
CurrentAddr[0]+=2;
}
void WriteDword(DWORD temp, PDWORD CurrentAddr){
*(DWORD *)CurrentAddr[0] = temp;
CurrentAddr[0]+=4;
}
void WriteCall(DWORD Addr, PDWORD CurrentAddr){
*(BYTE *)CurrentAddr[0] = 0xE8;
*(DWORD *)(CurrentAddr[0]+1) = Addr-CurrentAddr[0]-5;
CurrentAddr[0]+=5;
}
void DupeMemory(DWORD src, DWORD dwSize, PDWORD CurrentAddr){
memcpy((DWORD *)CurrentAddr[0], (DWORD *)src, dwSize);
CurrentAddr[0]+=dwSize;
}
char whitelist[4][128] = {"wow64win.dll", "wow64.dll", "wow64cpu.dll", "apisetschema.dll"};
char temp[512];
bool _stdcall DLLChecker(char Buffer[]){
int i, slash, j;
ZeroMemory(temp, 512);
for(i=0; Buffer[i]; i+=2){
if(Buffer[i] == '/' || Buffer[i] == '\\'){
slash = i+2;
}
}
i=0;
for(; Buffer[slash]; slash+=2){
temp[i] = Buffer[slash];
i++;
}
temp[i] = '\0';
bool aw = false;
for(i=0; i<4; i++){
if(strcmp(temp, whitelist[i])==0){
return true;
}
}
ZeroMemory(Buffer, slash);
return false;
}
bool _stdcall blabla(HANDLE hProcess, DWORD dwFag){
//HMODULE hWL[4] = {LoadLibraryA("wow64win.dll"), LoadLibraryA("wow64.dll"), LoadLibraryA("wow64cpu.dll"), LoadLibraryA("apisetschema.dll")};
//DWORD dwWL_st[4];
//DWORD dwWL_en[4];
//MODULEINFO WLInfo[4];
//int i;
//if(hProcess!=GetCurrentProcess()){
// return false;
//}
//else{
/*
for(i=0; i<4; i++){
if(hWL[i]){
if(GetModuleInformation(GetCurrentProcess(), hWL[i], &WLInfo[i], sizeof(MODULEINFO))){
dwWL_st[i] = (DWORD)WLInfo[i].lpBaseOfDll;
dwWL_en[i] = (DWORD)WLInfo[i].lpBaseOfDll+(DWORD)WLInfo[i].SizeOfImage;
if(dwWL_st[i] <= dwFag && dwFag <= dwWL_en[i]){
return true;
}
}
}
}
*/
//}
//if(0x00400000 <= dwFag && dwFag <= 0x02000000){
// return false;
//}
//return true;
//return false;
//FILE *fp;
//fp = fopen("Addy.txt", "a");
//fprintf(fp, "[%p]%p\n", hProcess, dwFag);
//fclose(fp);
return true;
}
void _declspec(naked) DLLFucker(){
_asm{
add esp,0x04
mov edx,esp
pushad
push [edx+0x08]
push [edx+0x04]
call blabla
test eax,eax
je Block
popad
ret 0x0018
Block:
popad
xor eax,eax
add dword ptr [esp],0x5D
mov word ptr [esp+0x18],0
ret 0x0018
}
}
void AirBypassInitialization(DWORD HS_START, DWORD HS_END){
DWORD ReturnChecker = (DWORD)new BYTE[0x100];
DWORD SystemCallHook = (DWORD)new BYTE[0x100];
DWORD CurrentAddr;
DWORD old;
DWORD Sys64;
_asm{
mov eax,fs:[0x18]
mov eax,[eax+0xC0]
mov dword ptr [Sys64],eax
}
VirtualProtect((DWORD *)ReturnChecker, 0x100, PAGE_EXECUTE_READWRITE, &old);
VirtualProtect((DWORD *)SystemCallHook, 0x100, PAGE_EXECUTE_READWRITE, &old);
VirtualProtect((DWORD *)Sys64, 7+5, PAGE_EXECUTE_READWRITE, &old);
CurrentAddr = ReturnChecker;
WriteWord(0xC031, &CurrentAddr);
WriteDword(0x04247C81, &CurrentAddr);
WriteDword(HS_START, &CurrentAddr);
WriteWord(0x0B72, &CurrentAddr);
WriteDword(0x04247C81, &CurrentAddr);
WriteDword(HS_END, &CurrentAddr);
WriteWord(0x0177, &CurrentAddr);
WriteDword(0x0004C240, &CurrentAddr);
CurrentAddr = SystemCallHook;
///////////////
WriteWord(0xF883, &CurrentAddr);
WriteByte(0x20, &CurrentAddr);
WriteWord(0x5874, &CurrentAddr);
//
WriteWord(0xF883, &CurrentAddr);
WriteByte(0x16, &CurrentAddr);
WriteWord(0x4374, &CurrentAddr);
//
WriteWord(0xF883, &CurrentAddr);
WriteByte(0x33, &CurrentAddr);
WriteWord(0x3774, &CurrentAddr);
//original code
WriteWord(0xF883, &CurrentAddr);
WriteByte(0x04, &CurrentAddr);
WriteWord(0x0974, &CurrentAddr);
WriteByte(0x3D, &CurrentAddr);
WriteDword(0x000000CA, &CurrentAddr);
WriteWord(0x0D74, &CurrentAddr);
WriteWord(0x22EB, &CurrentAddr);
WriteWord(0x7A81, &CurrentAddr);
WriteByte(0x14, &CurrentAddr);
WriteDword(0x80000040, &CurrentAddr);
WriteWord(0x1975, &CurrentAddr);
WriteWord(0x10EB, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteDword(0x0824448B, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteCall(ReturnChecker, &CurrentAddr);
WriteWord(0xC085, &CurrentAddr);
WriteByte(0x58, &CurrentAddr);
WriteWord(0x0774, &CurrentAddr);
WriteWord(0xC031, &CurrentAddr);
WriteDword(0x03240483, &CurrentAddr);
WriteByte(0xC3, &CurrentAddr);
DupeMemory(Sys64, 7, &CurrentAddr);
//+1
WriteByte(0x50, &CurrentAddr);
WriteDword(0x5C24448B, &CurrentAddr);
WriteWord(0xE0EB, &CurrentAddr);
//+2
WriteDword(0x180C7A83, &CurrentAddr);
WriteWord(0xEC75, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteByte(0x8B, &CurrentAddr);
WriteWord(0x2484, &CurrentAddr);
WriteDword(0x0000010C, &CurrentAddr);
WriteWord(0xD0EB, &CurrentAddr);
//+3
WriteWord(0x7A81, &CurrentAddr);
WriteByte(0x10, &CurrentAddr);
WriteDword(0x00000210, &CurrentAddr);
WriteWord(0xD975, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteByte(0x8B, &CurrentAddr);
WriteWord(0x2484, &CurrentAddr);
WriteDword(0x00000268, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteCall(ReturnChecker, &CurrentAddr);
WriteWord(0xC085, &CurrentAddr);
WriteByte(0x58, &CurrentAddr);
WriteWord(0xC674, &CurrentAddr);
WriteByte(0xC7, &CurrentAddr);
WriteWord(0x2404, &CurrentAddr);
WriteDword((DWORD)DLLFucker, &CurrentAddr);
WriteWord(0xBDEB, &CurrentAddr);
//WriteDword(0x04244483, &CurrentAddr);
//WriteByte(0x5D, &CurrentAddr);
//WriteWord(0xB8EB, &CurrentAddr);
//////////////////
*(BYTE *)(Sys64+7) = 0xE9;
*(DWORD *)(Sys64+7+1) = SystemCallHook-(Sys64+7)-5;
*(WORD *)(Sys64) = 0x05EB;
}
void AirBypassInitialization2(DWORD HS_START, DWORD HS_END){
DWORD ReturnChecker = (DWORD)new BYTE[0x100];
DWORD SystemCallHook = (DWORD)new BYTE[0x100];
DWORD CurrentAddr;
DWORD old;
DWORD Sys64;
_asm{
mov eax,fs:[0x18]
mov eax,[eax+0xC0]
mov dword ptr [Sys64],eax
}
VirtualProtect((DWORD *)ReturnChecker, 0x100, PAGE_EXECUTE_READWRITE, &old);
VirtualProtect((DWORD *)SystemCallHook, 0x100, PAGE_EXECUTE_READWRITE, &old);
VirtualProtect((DWORD *)Sys64, 7+5, PAGE_EXECUTE_READWRITE, &old);
CurrentAddr = ReturnChecker;
WriteWord(0xC031, &CurrentAddr);
WriteDword(0x04247C81, &CurrentAddr);
WriteDword(HS_START, &CurrentAddr);
WriteWord(0x0B72, &CurrentAddr);
WriteDword(0x04247C81, &CurrentAddr);
WriteDword(HS_END, &CurrentAddr);
WriteWord(0x0177, &CurrentAddr);
WriteDword(0x0004C240, &CurrentAddr);
CurrentAddr = SystemCallHook;
//xd
WriteByte(0x3D, &CurrentAddr);
WriteDword(0x000000E0, &CurrentAddr);
WriteWord(0x2D74, &CurrentAddr);
WriteByte(0x3D, &CurrentAddr);
WriteDword(0x001B0006, &CurrentAddr);
WriteWord(0x2D74, &CurrentAddr);
WriteWord(0xF883, &CurrentAddr);
WriteByte(0x18, &CurrentAddr);
WriteWord(0x3474, &CurrentAddr);
WriteWord(0xF883, &CurrentAddr);
WriteByte(0x35, &CurrentAddr);
WriteWord(0x4074, &CurrentAddr);
WriteWord(0xF883, &CurrentAddr);
WriteByte(0x22, &CurrentAddr);
WriteWord(0x4974, &CurrentAddr);
DupeMemory(Sys64, 7, &CurrentAddr);
WriteWord(0xC031, &CurrentAddr);
WriteByte(0xC3, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteCall(ReturnChecker, &CurrentAddr);
WriteWord(0xC085, &CurrentAddr);
WriteByte(0x58, &CurrentAddr);
WriteWord(0xEB74, &CurrentAddr);
WriteWord(0xF0EB, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteByte(0x8B, &CurrentAddr);
WriteWord(0x2444, &CurrentAddr);
WriteByte(0x08, &CurrentAddr);
WriteWord(0xECEB, &CurrentAddr);
WriteByte(0x81, &CurrentAddr);
WriteWord(0x247C, &CurrentAddr);
WriteByte(0x1C, &CurrentAddr);
WriteDword(0x80000040, &CurrentAddr);
WriteWord(0xDF74, &CurrentAddr);
WriteWord(0xD6EB, &CurrentAddr);
WriteByte(0x83, &CurrentAddr);
WriteWord(0x247C, &CurrentAddr);
WriteByte(0x14, &CurrentAddr);
WriteByte(0x18, &CurrentAddr);
WriteWord(0xCF75, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteByte(0x8B, &CurrentAddr);
WriteWord(0x2484, &CurrentAddr);
WriteDword(0x000000E0, &CurrentAddr);
WriteWord(0xCFEB, &CurrentAddr);
WriteByte(0x83, &CurrentAddr);
WriteWord(0x247C, &CurrentAddr);
WriteByte(0x08, &CurrentAddr);
WriteByte(0x05, &CurrentAddr);
WriteWord(0xBE75, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteByte(0x8B, &CurrentAddr);
WriteWord(0x2444, &CurrentAddr);
WriteByte(0x5C, &CurrentAddr);
WriteWord(0xC1EB, &CurrentAddr);
WriteByte(0x81, &CurrentAddr);
WriteWord(0x247C, &CurrentAddr);
WriteByte(0x18, &CurrentAddr);
WriteDword(0x00000210, &CurrentAddr);
WriteWord(0xAD75, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteByte(0x8B, &CurrentAddr);
WriteWord(0x2484, &CurrentAddr);
WriteDword(0x00000280, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteCall(ReturnChecker, &CurrentAddr);
WriteWord(0xC085, &CurrentAddr);
WriteByte(0x58, &CurrentAddr);
WriteWord(0x9A74, &CurrentAddr);
WriteByte(0xC7, &CurrentAddr);
WriteWord(0x2444, &CurrentAddr);
WriteByte(0x04, &CurrentAddr);
WriteDword(CurrentAddr+6, &CurrentAddr);
WriteWord(0x97EB, &CurrentAddr);
WriteByte(0xC9, &CurrentAddr);
WriteByte(0xC2, &CurrentAddr);
WriteWord(0x0010, &CurrentAddr);
*(BYTE *)(Sys64+7) = 0xE9;
*(DWORD *)(Sys64+7+1) = SystemCallHook-(Sys64+7)-5;
*(WORD *)(Sys64) = 0x05EB;
}
void WaitForHS(int version){
HMODULE EHSvc = NULL;
MODULEINFO EHSvcInfo;
//Wait for HS
while(!EHSvc){
EHSvc = GetModuleHandleA("EHSvc.dll");
Sleep(50);
}
GetModuleInformation(GetCurrentProcess(), EHSvc, &EHSvcInfo, sizeof(MODULEINFO));
if(version==Windows7){
AirBypassInitialization((DWORD)EHSvcInfo.lpBaseOfD ll, (DWORD)EHSvcInfo.lpBaseOfDll+(DWORD)EHSvcInfo.Size OfImage);
}else{
AirBypassInitialization2((DWORD)EHSvcInfo.lpBaseOf Dll, (DWORD)EHSvcInfo.lpBaseOfDll+(DWORD)EHSvcInfo.Size OfImage);
}
}
int GetOSVersion(){
OSVERSIONINFOA lpVersionInfo;
lpVersionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFOA);
GetVersionExA(&lpVersionInfo);
if(lpVersionInfo.dwMajorVersion!=6) return WindowsUnknown;
switch(lpVersionInfo.dwMinorVersion){
case 0:
return WindowsUnknown;
case 1:
return Windows7;
case 2:
case 3:
return Windows8;
}
return WindowsUnknown;
}
bool HackShieldBypass(){
int YourOS = GetOSVersion();
BOOL BitNumber;
if(!YourOS) return false;
IsWow64Process(GetCurrentProcess(), &BitNumber);
if(!BitNumber) return false;
CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)WaitForHS, (DWORD *)YourOS, NULL, NULL);
return true;
}
|
|
|
|
|
03/26/2015, 22:14
|
#3940
|
elite*gold: 0
Join Date: Jan 2013
Posts: 127
Received Thanks: 5
|
Quote:
Originally Posted by lUploaderl
This bypass as been release january
#include"HackShield.h"
#include<stdio.h>
#define WindowsUnknown 0
#define Windows7 7
#define Windows8 8
void WriteByte(BYTE temp, PDWORD CurrentAddr){
*(BYTE *)CurrentAddr[0] = temp;
CurrentAddr[0]+=1;
}
void WriteWord(WORD temp, PDWORD CurrentAddr){
*(WORD *)CurrentAddr[0] = temp;
CurrentAddr[0]+=2;
}
void WriteDword(DWORD temp, PDWORD CurrentAddr){
*(DWORD *)CurrentAddr[0] = temp;
CurrentAddr[0]+=4;
}
void WriteCall(DWORD Addr, PDWORD CurrentAddr){
*(BYTE *)CurrentAddr[0] = 0xE8;
*(DWORD *)(CurrentAddr[0]+1) = Addr-CurrentAddr[0]-5;
CurrentAddr[0]+=5;
}
void DupeMemory(DWORD src, DWORD dwSize, PDWORD CurrentAddr){
memcpy((DWORD *)CurrentAddr[0], (DWORD *)src, dwSize);
CurrentAddr[0]+=dwSize;
}
char whitelist[4][128] = {"wow64win.dll", "wow64.dll", "wow64cpu.dll", "apisetschema.dll"};
char temp[512];
bool _stdcall DLLChecker(char Buffer[]){
int i, slash, j;
ZeroMemory(temp, 512);
for(i=0; Buffer[i]; i+=2){
if(Buffer[i] == '/' || Buffer[i] == '\\'){
slash = i+2;
}
}
i=0;
for(; Buffer[slash]; slash+=2){
temp[i] = Buffer[slash];
i++;
}
temp[i] = '\0';
bool aw = false;
for(i=0; i<4; i++){
if(strcmp(temp, whitelist[i])==0){
return true;
}
}
ZeroMemory(Buffer, slash);
return false;
}
bool _stdcall blabla(HANDLE hProcess, DWORD dwFag){
//HMODULE hWL[4] = {LoadLibraryA("wow64win.dll"), LoadLibraryA("wow64.dll"), LoadLibraryA("wow64cpu.dll"), LoadLibraryA("apisetschema.dll")};
//DWORD dwWL_st[4];
//DWORD dwWL_en[4];
//MODULEINFO WLInfo[4];
//int i;
//if(hProcess!=GetCurrentProcess()){
// return false;
//}
//else{
/*
for(i=0; i<4; i++){
if(hWL[i]){
if(GetModuleInformation(GetCurrentProcess(), hWL[i], &WLInfo[i], sizeof(MODULEINFO))){
dwWL_st[i] = (DWORD)WLInfo[i].lpBaseOfDll;
dwWL_en[i] = (DWORD)WLInfo[i].lpBaseOfDll+(DWORD)WLInfo[i].SizeOfImage;
if(dwWL_st[i] <= dwFag && dwFag <= dwWL_en[i]){
return true;
}
}
}
}
*/
//}
//if(0x00400000 <= dwFag && dwFag <= 0x02000000){
// return false;
//}
//return true;
//return false;
//FILE *fp;
//fp = fopen("Addy.txt", "a");
//fprintf(fp, "[%p]%p\n", hProcess, dwFag);
//fclose(fp);
return true;
}
void _declspec(naked) DLLFucker(){
_asm{
add esp,0x04
mov edx,esp
pushad
push [edx+0x08]
push [edx+0x04]
call blabla
test eax,eax
je Block
popad
ret 0x0018
Block:
popad
xor eax,eax
add dword ptr [esp],0x5D
mov word ptr [esp+0x18],0
ret 0x0018
}
}
void AirBypassInitialization(DWORD HS_START, DWORD HS_END){
DWORD ReturnChecker = (DWORD)new BYTE[0x100];
DWORD SystemCallHook = (DWORD)new BYTE[0x100];
DWORD CurrentAddr;
DWORD old;
DWORD Sys64;
_asm{
mov eax,fs:[0x18]
mov eax,[eax+0xC0]
mov dword ptr [Sys64],eax
}
VirtualProtect((DWORD *)ReturnChecker, 0x100, PAGE_EXECUTE_READWRITE, &old);
VirtualProtect((DWORD *)SystemCallHook, 0x100, PAGE_EXECUTE_READWRITE, &old);
VirtualProtect((DWORD *)Sys64, 7+5, PAGE_EXECUTE_READWRITE, &old);
CurrentAddr = ReturnChecker;
WriteWord(0xC031, &CurrentAddr);
WriteDword(0x04247C81, &CurrentAddr);
WriteDword(HS_START, &CurrentAddr);
WriteWord(0x0B72, &CurrentAddr);
WriteDword(0x04247C81, &CurrentAddr);
WriteDword(HS_END, &CurrentAddr);
WriteWord(0x0177, &CurrentAddr);
WriteDword(0x0004C240, &CurrentAddr);
CurrentAddr = SystemCallHook;
///////////////
WriteWord(0xF883, &CurrentAddr);
WriteByte(0x20, &CurrentAddr);
WriteWord(0x5874, &CurrentAddr);
//
WriteWord(0xF883, &CurrentAddr);
WriteByte(0x16, &CurrentAddr);
WriteWord(0x4374, &CurrentAddr);
//
WriteWord(0xF883, &CurrentAddr);
WriteByte(0x33, &CurrentAddr);
WriteWord(0x3774, &CurrentAddr);
//original code
WriteWord(0xF883, &CurrentAddr);
WriteByte(0x04, &CurrentAddr);
WriteWord(0x0974, &CurrentAddr);
WriteByte(0x3D, &CurrentAddr);
WriteDword(0x000000CA, &CurrentAddr);
WriteWord(0x0D74, &CurrentAddr);
WriteWord(0x22EB, &CurrentAddr);
WriteWord(0x7A81, &CurrentAddr);
WriteByte(0x14, &CurrentAddr);
WriteDword(0x80000040, &CurrentAddr);
WriteWord(0x1975, &CurrentAddr);
WriteWord(0x10EB, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteDword(0x0824448B, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteCall(ReturnChecker, &CurrentAddr);
WriteWord(0xC085, &CurrentAddr);
WriteByte(0x58, &CurrentAddr);
WriteWord(0x0774, &CurrentAddr);
WriteWord(0xC031, &CurrentAddr);
WriteDword(0x03240483, &CurrentAddr);
WriteByte(0xC3, &CurrentAddr);
DupeMemory(Sys64, 7, &CurrentAddr);
//+1
WriteByte(0x50, &CurrentAddr);
WriteDword(0x5C24448B, &CurrentAddr);
WriteWord(0xE0EB, &CurrentAddr);
//+2
WriteDword(0x180C7A83, &CurrentAddr);
WriteWord(0xEC75, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteByte(0x8B, &CurrentAddr);
WriteWord(0x2484, &CurrentAddr);
WriteDword(0x0000010C, &CurrentAddr);
WriteWord(0xD0EB, &CurrentAddr);
//+3
WriteWord(0x7A81, &CurrentAddr);
WriteByte(0x10, &CurrentAddr);
WriteDword(0x00000210, &CurrentAddr);
WriteWord(0xD975, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteByte(0x8B, &CurrentAddr);
WriteWord(0x2484, &CurrentAddr);
WriteDword(0x00000268, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteCall(ReturnChecker, &CurrentAddr);
WriteWord(0xC085, &CurrentAddr);
WriteByte(0x58, &CurrentAddr);
WriteWord(0xC674, &CurrentAddr);
WriteByte(0xC7, &CurrentAddr);
WriteWord(0x2404, &CurrentAddr);
WriteDword((DWORD)DLLFucker, &CurrentAddr);
WriteWord(0xBDEB, &CurrentAddr);
//WriteDword(0x04244483, &CurrentAddr);
//WriteByte(0x5D, &CurrentAddr);
//WriteWord(0xB8EB, &CurrentAddr);
//////////////////
*(BYTE *)(Sys64+7) = 0xE9;
*(DWORD *)(Sys64+7+1) = SystemCallHook-(Sys64+7)-5;
*(WORD *)(Sys64) = 0x05EB;
}
void AirBypassInitialization2(DWORD HS_START, DWORD HS_END){
DWORD ReturnChecker = (DWORD)new BYTE[0x100];
DWORD SystemCallHook = (DWORD)new BYTE[0x100];
DWORD CurrentAddr;
DWORD old;
DWORD Sys64;
_asm{
mov eax,fs:[0x18]
mov eax,[eax+0xC0]
mov dword ptr [Sys64],eax
}
VirtualProtect((DWORD *)ReturnChecker, 0x100, PAGE_EXECUTE_READWRITE, &old);
VirtualProtect((DWORD *)SystemCallHook, 0x100, PAGE_EXECUTE_READWRITE, &old);
VirtualProtect((DWORD *)Sys64, 7+5, PAGE_EXECUTE_READWRITE, &old);
CurrentAddr = ReturnChecker;
WriteWord(0xC031, &CurrentAddr);
WriteDword(0x04247C81, &CurrentAddr);
WriteDword(HS_START, &CurrentAddr);
WriteWord(0x0B72, &CurrentAddr);
WriteDword(0x04247C81, &CurrentAddr);
WriteDword(HS_END, &CurrentAddr);
WriteWord(0x0177, &CurrentAddr);
WriteDword(0x0004C240, &CurrentAddr);
CurrentAddr = SystemCallHook;
//xd
WriteByte(0x3D, &CurrentAddr);
WriteDword(0x000000E0, &CurrentAddr);
WriteWord(0x2D74, &CurrentAddr);
WriteByte(0x3D, &CurrentAddr);
WriteDword(0x001B0006, &CurrentAddr);
WriteWord(0x2D74, &CurrentAddr);
WriteWord(0xF883, &CurrentAddr);
WriteByte(0x18, &CurrentAddr);
WriteWord(0x3474, &CurrentAddr);
WriteWord(0xF883, &CurrentAddr);
WriteByte(0x35, &CurrentAddr);
WriteWord(0x4074, &CurrentAddr);
WriteWord(0xF883, &CurrentAddr);
WriteByte(0x22, &CurrentAddr);
WriteWord(0x4974, &CurrentAddr);
DupeMemory(Sys64, 7, &CurrentAddr);
WriteWord(0xC031, &CurrentAddr);
WriteByte(0xC3, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteCall(ReturnChecker, &CurrentAddr);
WriteWord(0xC085, &CurrentAddr);
WriteByte(0x58, &CurrentAddr);
WriteWord(0xEB74, &CurrentAddr);
WriteWord(0xF0EB, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteByte(0x8B, &CurrentAddr);
WriteWord(0x2444, &CurrentAddr);
WriteByte(0x08, &CurrentAddr);
WriteWord(0xECEB, &CurrentAddr);
WriteByte(0x81, &CurrentAddr);
WriteWord(0x247C, &CurrentAddr);
WriteByte(0x1C, &CurrentAddr);
WriteDword(0x80000040, &CurrentAddr);
WriteWord(0xDF74, &CurrentAddr);
WriteWord(0xD6EB, &CurrentAddr);
WriteByte(0x83, &CurrentAddr);
WriteWord(0x247C, &CurrentAddr);
WriteByte(0x14, &CurrentAddr);
WriteByte(0x18, &CurrentAddr);
WriteWord(0xCF75, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteByte(0x8B, &CurrentAddr);
WriteWord(0x2484, &CurrentAddr);
WriteDword(0x000000E0, &CurrentAddr);
WriteWord(0xCFEB, &CurrentAddr);
WriteByte(0x83, &CurrentAddr);
WriteWord(0x247C, &CurrentAddr);
WriteByte(0x08, &CurrentAddr);
WriteByte(0x05, &CurrentAddr);
WriteWord(0xBE75, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteByte(0x8B, &CurrentAddr);
WriteWord(0x2444, &CurrentAddr);
WriteByte(0x5C, &CurrentAddr);
WriteWord(0xC1EB, &CurrentAddr);
WriteByte(0x81, &CurrentAddr);
WriteWord(0x247C, &CurrentAddr);
WriteByte(0x18, &CurrentAddr);
WriteDword(0x00000210, &CurrentAddr);
WriteWord(0xAD75, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteByte(0x8B, &CurrentAddr);
WriteWord(0x2484, &CurrentAddr);
WriteDword(0x00000280, &CurrentAddr);
WriteByte(0x50, &CurrentAddr);
WriteCall(ReturnChecker, &CurrentAddr);
WriteWord(0xC085, &CurrentAddr);
WriteByte(0x58, &CurrentAddr);
WriteWord(0x9A74, &CurrentAddr);
WriteByte(0xC7, &CurrentAddr);
WriteWord(0x2444, &CurrentAddr);
WriteByte(0x04, &CurrentAddr);
WriteDword(CurrentAddr+6, &CurrentAddr);
WriteWord(0x97EB, &CurrentAddr);
WriteByte(0xC9, &CurrentAddr);
WriteByte(0xC2, &CurrentAddr);
WriteWord(0x0010, &CurrentAddr);
*(BYTE *)(Sys64+7) = 0xE9;
*(DWORD *)(Sys64+7+1) = SystemCallHook-(Sys64+7)-5;
*(WORD *)(Sys64) = 0x05EB;
}
void WaitForHS(int version){
HMODULE EHSvc = NULL;
MODULEINFO EHSvcInfo;
//Wait for HS
while(!EHSvc){
EHSvc = GetModuleHandleA("EHSvc.dll");
Sleep(50);
}
GetModuleInformation(GetCurrentProcess(), EHSvc, &EHSvcInfo, sizeof(MODULEINFO));
if(version==Windows7){
AirBypassInitialization((DWORD)EHSvcInfo.lpBaseOfD ll, (DWORD)EHSvcInfo.lpBaseOfDll+(DWORD)EHSvcInfo.Size OfImage);
}else{
AirBypassInitialization2((DWORD)EHSvcInfo.lpBaseOf Dll, (DWORD)EHSvcInfo.lpBaseOfDll+(DWORD)EHSvcInfo.Size OfImage);
}
}
int GetOSVersion(){
OSVERSIONINFOA lpVersionInfo;
lpVersionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFOA);
GetVersionExA(&lpVersionInfo);
if(lpVersionInfo.dwMajorVersion!=6) return WindowsUnknown;
switch(lpVersionInfo.dwMinorVersion){
case 0:
return WindowsUnknown;
case 1:
return Windows7;
case 2:
case 3:
return Windows8;
}
return WindowsUnknown;
}
bool HackShieldBypass(){
int YourOS = GetOSVersion();
BOOL BitNumber;
if(!YourOS) return false;
IsWow64Process(GetCurrentProcess(), &BitNumber);
if(!BitNumber) return false;
CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)WaitForHS, (DWORD *)YourOS, NULL, NULL);
return true;
}
|
ok but how can i use it
|
|
|
|
|
03/26/2015, 22:31
|
#3941
|
elite*gold: 0
Join Date: Mar 2015
Posts: 131
Received Thanks: 8
|
Quote:
Originally Posted by oussama83
ok but how can i use it
|
C++
|
|
|
|
|
03/26/2015, 22:38
|
#3942
|
elite*gold: 0
Join Date: Jan 2013
Posts: 127
Received Thanks: 5
|
Quote:
Originally Posted by lUploaderl
C++
|
lol so i will not do that at all
i need same ready one 
|
|
|
|
|
03/26/2015, 22:58
|
#3943
|
elite*gold: 0
Join Date: Mar 2015
Posts: 131
Received Thanks: 8
|
Quote:
Originally Posted by oussama83
lol so i will not do that at all
i need same ready one |
Need w8 for update the hack kamer :c
|
|
|
|
|
03/26/2015, 23:09
|
#3944
|
elite*gold: 726
Join Date: Jul 2010
Posts: 14,233
Received Thanks: 7,915
|
Quote:
Originally Posted by lUploaderl
This bypass as been release january
|
Do you even know the function of this code? You said it is from january, but the problems with the autobans only exist for some weeks.
@others: please do not spam, it is useless and you will be informed as soon as kamer found a solution ...
|
|
|
|
|
03/26/2015, 23:13
|
#3945
|
elite*gold: 0
Join Date: Mar 2015
Posts: 131
Received Thanks: 8
|
Quote:
Originally Posted by 123klo
Do you even know the function of this code? You said it is from january, but the problems with the autobans only exist for some weeks.
@others: please do not spam, it is useless and you will be informed as soon as kamer found a solution ...
|
Yep i know,
i trying to talk hackers / coders about bypass.
+/- time u guys get DC or game close can tell me?
Thx
|
|
|
|
Similar Threads
|
[Release][GF]Kamer mod - level, fish, farm bot
07/24/2014 - Metin2 Hacks, Bots, Cheats, Exploits & Macros - 1180 Replies
LEVEL BOT | FISH BOT | FARM BOT(Metin,boss,ore), works on GF Servers(DE, IT, RO, PL, ...)
Screens/Video
http://i.imgur.com/7vJOE2L.png
http://i.imgur.com/DGxemcF.png
https://www.youtube.com/watch?v=nzQFF6zr5GA
MOD DOWNLOAD
|
All times are GMT +1. The time now is 12:05.
|
|
![[Release][GF]Kamer mod - level, fish, farm bot](https://www.elitepvpers.com/forum/iconimages/metin2-hacks-bots-cheats-exploits-macros/release-gf-kamer-mod-level-fish-farm-bot_ltr.gif){kind=small}
