PByte - Bypass [12/02/2015]

Rutherfordio · 02/12/2015, 22:17

What do you need?

S4 Dump
IDA/Olly
C++

Module of hs is EHSvc.dll
Pattern of bypass

Code:

.rdata:10024A38 aX?xxxxxxxx     db 'x?xxxxxxxx',0       ; DATA XREF: sub_100018E0+146o
.rdata:10024A43                 align 4
.rdata:10024A44 aU              db 'u',0                ; DATA XREF: sub_100018E0+14Bo
.rdata:10024A46                 db  8Bh ; ï
.rdata:10024A47                 db  46h ; F
.rdata:10024A48                 db  0Ch
.rdata:10024A49                 db  8Bh ; ï
.rdata:10024A4A                 db  7Fh ; 
.rdata:10024A4B                 db    4
.rdata:10024A4C                 db  83h ; â
.rdata:10024A4D                 db 0F8h ; °
.rdata:10024A4E                 db    0
.rdata:10024A4F                 db    0
.rdata:10024A50 aXxxxxxxx????xx db 'xxxxxxxx????xxxx',0 ; DATA XREF: sub_100018E0+169o
.rdata:10024A61                 align 4
.rdata:10024A64 unk_10024A64    db  8Bh ; ï             ; DATA XREF: sub_100018E0+16Eo
.rdata:10024A65                 db  41h ; A
.rdata:10024A66                 db  3Ch ; <
.rdata:10024A67                 db  8Bh ; ï
.rdata:10024A68                 db  50h ; P
.rdata:10024A69                 db  1Ch
.rdata:10024A6A                 db  52h ; R
.rdata:10024A6B                 db 0E8h ; Þ
.rdata:10024A6C                 db    0
.rdata:10024A6D                 db    0
.rdata:10024A6E                 db    0
.rdata:10024A6F                 db    0
.rdata:10024A70                 db  8Bh ; ï
.rdata:10024A71                 db  4Ch ; L
.rdata:10024A72                 db  24h ; $

So make the code like this:

Code:

WriteMemory((LPVOID)(dwEHSVC12022015 + 0x00ADDRESS), (LPVOID)"\x00\xAA", 2);

(Example)

Make address, mask (xxx?), main.cpp, brain.h, and enjoy.

~~sososoma~~ · 02/12/2015, 22:22

Well. Can you make it a dll File?
That would help alot of ppl ^^

Lofiele · 02/12/2015, 22:24

So to better understand making a bypass file, you'd need to learn some c++ correct?

Rutherfordio · 02/12/2015, 22:37

Quote:

Originally Posted by Lofiele

So to better understand making a bypass file, you'd need to learn some c++ correct?

Read: Make address, mask (***?), main.cpp, brain.h, and enjoy.

Lofiele · 02/12/2015, 22:41

Quote:

Originally Posted by Rutherfordio

Read: Make address, mask (***?), main.cpp, brain.h, and enjoy.

Well, let's say you wanted to do it without having someone tell you exactly how to and learn for yourself.

MaxChri · 02/12/2015, 22:45

Hahaha what you post here for ****? Delete your brain.exe

Rutherfordio · 02/13/2015, 15:37

I'm not a teacher bro, learn yourself.

It's the new PBYTE Bypass source.

Neyil · 02/13/2015, 18:59

You also need to make new threads(emulated), emulate hs packets, you need to prevent hackshield from reading your thread plus many more stuffs...

~~Cyrex'~~ · 02/13/2015, 19:03

Quote:

Originally Posted by Lofiele

So to better understand making a bypass file, you'd need to learn some c++ correct?

Well, yes. You need to know RE.