|
You last visited: Today at 15:26
Advertisement
XTrap Memory Detection
Discussion on XTrap Memory Detection within the S4 League forum part of the Shooter category.
11/18/2013, 15:12
|
#1
|
elite*gold: 15 
Join Date: Jun 2011
Posts: 570
Received Thanks: 2,757
|
XTrap Memory Detection
Hello, so i tried many time to bypass memory détection using fake scan page method but i get always a crash. i added an infinite loop before return original page then xcrap call the function without any return, well i dont get a crash only after few minutes. So i was asking if the method is patched or if i'm doing something wrong and if i need to detours another func.
|
|
|
|
11/18/2013, 15:28
|
#2
|
elite*gold: 0
Join Date: Feb 2008
Posts: 286
Received Thanks: 212
|
It's a lot better to remove the xtrap driver. You can do that by preventing it from starting up(You have to make it look like xtrap is still there). You can also hook functions. There are several other methods.
|
|
|
|
|
11/18/2013, 15:36
|
#3
|
elite*gold: 15
Join Date: Jun 2011
Posts: 570
Received Thanks: 2,757
|
Quote:
Originally Posted by cheyester10
You can also hook functions. There are several other methods.
|
Thats what i'm doing. I set a jmp to my page.
|
|
|
|
|
11/18/2013, 15:43
|
#4
|
elite*gold: 0
Join Date: Feb 2008
Posts: 286
Received Thanks: 212
|
Quote:
Originally Posted by Forbidi
Thats what i'm doing. I set a jmp to my page.
|
did you inc the original opcode?
|
|
|
|
|
11/18/2013, 15:52
|
#5
|
elite*gold: 15
Join Date: Jun 2011
Posts: 570
Received Thanks: 2,757
|
Quote:
Originally Posted by cheyester10
did you inc the original opcode?
|
i think i have the right calling convention.
|
|
|
|
|
11/18/2013, 16:00
|
#6
|
elite*gold: 724
Join Date: Mar 2011
Posts: 10,479
Received Thanks: 3,318
|
Make sure you don't have any multithreading related issues, multiple threads use this function.
Also make sure your hook includes if (size <= 0).
|
|
|
|
|
11/18/2013, 16:03
|
#7
|
elite*gold: 15
Join Date: Jun 2011
Posts: 570
Received Thanks: 2,757
|
Quote:
Originally Posted by snow911
Make sure you don't have any multithreading related issues, multiple threads use this function.
Also make sure your hook includes if (size < 0).
|
Im not using multithreading, i will add the conditions and see thx.
Edit : still get crash :S
|
|
|
|
|
11/18/2013, 18:55
|
#8
|
elite*gold: 26
Join Date: Jan 2012
Posts: 3,474
Received Thanks: 18,844
|
Quote:
Originally Posted by cheyester10
It's a lot better to remove the xtrap driver. You can do that by preventing it from starting up(You have to make it look like xtrap is still there). You can also hook functions. There are several other methods.
|
xtrap driver != memorydetection ;o
Quote:
Originally Posted by Forbidi
Hello, so i tried many time to bypass memory détection using fake scan page method but i get always a crash. i added an infinite loop before return original page then xcrap call the function without any return, well i dont get a crash only after few minutes. So i was asking if the method is patched or if i'm doing something wrong and if i need to detours another func.
|
thats cause xtrap has a new check for this function. you can bypass it by hooking some functions before it and using maybe a vtable hook ;o
Quote:
Originally Posted by snow911
Also make sure your hook includes if (size < 0).
|
size cant be <0. just check:
Code:
if (!size)
{
return 0;
}
|
|
|
|
|
11/18/2013, 20:22
|
#9
|
elite*gold: 1
Join Date: Apr 2010
Posts: 13,772
Received Thanks: 15,036
|
Quote:
Originally Posted by K1ramoX
Code:
if (!size)
{
return 0;
}
|
Well comparing 'size' for being smaller than zero is actually much safer than expecting that 'size' would never be smaller than zero. Be prepared for the worst case scenario 
|
|
|
|
|
11/18/2013, 21:13
|
#10
|
elite*gold: 15
Join Date: Jun 2011
Posts: 570
Received Thanks: 2,757
|
Quote:
Originally Posted by K1ramoX
thats cause xtrap has a new check for this function. you can bypass it by hooking some functions before it and using maybe a vtable hook ;o
|
What func you mean Oo
|
|
|
|
|
11/18/2013, 21:32
|
#11
|
elite*gold: 724
Join Date: Mar 2011
Posts: 10,479
Received Thanks: 3,318
|
Quote:
Originally Posted by Forbidi
What func you mean Oo
|
I don't think it's a good idea to share everything we know about XTrap with the wide public, you were able to find the memory detection by yourself so you should be able to find other functions as well.
Quote:
|
Im not using multithreading, i will add the conditions and see thx.
|
No, you aren't using multithreading, XTrap uses multithreading and you're hooking a XTrap function.
std::mutex might be something for you.
Oh, and you should return TRUE in your DllMain, return FALSE will free the allocated memory thus your hook jumps to some random / empty memory.
|
|
|
|
|
11/19/2013, 14:40
|
#12
|
elite*gold: 26
Join Date: Jan 2012
Posts: 3,474
Received Thanks: 18,844
|
Quote:
Originally Posted by Omdihar
Well comparing 'size' for being smaller than zero is actually much safer than expecting that 'size' would never be smaller than zero. Be prepared for the worst case scenario |
xtrap is checking if its zero too =P
Quote:
Originally Posted by Forbidi
What func you mean Oo
|
just backtrace
Quote:
Originally Posted by snow911
No, you aren't using multithreading, XTrap uses multithreading and you're hooking a XTrap function.
std::mutex might be something for you.
|
if you let xtrap scan in copied pages you dont need a mutex d:
|
|
|
|
|
11/19/2013, 15:06
|
#13
|
elite*gold: 1
Join Date: Apr 2010
Posts: 13,772
Received Thanks: 15,036
|
Quote:
Originally Posted by K1ramoX
xtrap is checking if its zero too =P
|
XTrap also gets the address of GetProcAddress with calling GetProcAddress instead of doing &GetProcAddress.
Quote:
|
if you let xtrap scan in copied pages you dont need a mutex d:
|
This is only the case if there's only one thread checking the page 
|
|
|
|
|
11/19/2013, 18:02
|
#14
|
elite*gold: 26
Join Date: Jan 2012
Posts: 3,474
Received Thanks: 18,844
|
Quote:
Originally Posted by Omdihar
XTrap also gets the address of GetProcAddress with calling GetProcAddress instead of doing &GetProcAddress.
|
advanced code obfuscation, Y U NO KNOW THAT
Quote:
Originally Posted by Omdihar
This is only the case if there's only one thread checking the page |
mutex for read? theres no write or run ;o
|
|
|
|
 |
Similar Threads
|
XTrap Bypass[Tutorial] Anti Memory Detection
05/31/2013 - S4 League Hacks, Bots, Cheats & Exploits - 21 Replies
Einen wunderschönen guten Abend,
ich verkünde frohe Botschaftich hab herausgefunden wie man den Bypass von iKasaii benutz mit 2 anderen Bypässen Links werde ich zu den einzelnen Bypässen posten.
Hier ist das Tutorial:Anti Memory Detection Hacking
Und hier die Links zu den Bypässen:Xtrap Bypass(Delphi/C++)
Decay' Bypass!
|
fix memory detection
03/03/2013 - S4 League - 4 Replies
Hi there.
I am wondering, how can we fix that 15 mins detection? Is the problem on the bypass or in the trainers?
|
XTrap Memory Access Detection, Profi Tipps benötigt.
06/12/2010 - S4 League - 3 Replies
Gestern habe ich paar Adressen gefunden die in Frage kommen könnten.
Einmal die SP Regneration, Cut Speed und noch paar andere.
Bei jede Adresse in der ich die Value ingame verändere meckert XTrap NICHT. Nur bei den besagten Adressen da kommt ne Meldung "Memory Access detected" .
MrSm!th hat ja einen Bypass für die CheatEngine detection gemacht, kann man das nicht auch für die bestimmten Adressen machen?
Wie muss man da vorgehen, welche Datei von Xtrap muss man analysieren oder muss...
|
All times are GMT +1. The time now is 15:26.
|
|
