|
You last visited: Today at 20:28
Advertisement
[QUESTION]About Bypass Programming
Discussion on [QUESTION]About Bypass Programming within the S4 League forum part of the Shooter category.
02/09/2014, 00:04
|
#1
|
elite*gold: 0
Join Date: Feb 2011
Posts: 131
Received Thanks: 201
|
[QUESTION]About Bypass Programming
Hello everybody,
I was working on xtrap bypass development. So I got some results for x64 xtrap bypassing.
I learnt that bypassing in x64 systems has 2 steps:
1-Terminate K32EnumProcesses in kernel32 (I can make it)
2-Change the name of "X6va016" service to "X6va01"
I need help for making the second step. How can I find the address of this service ? Or it has an other way ?
Thanks~
|
|
|
02/09/2014, 00:27
|
#2
|
elite*gold: 0
Join Date: May 2012
Posts: 1,339
Received Thanks: 1,494
|
Use Cheat Engine to find X6va016's addy.
For 32 bit, you have to show xtrap that you're using 64 bit OS.
|
|
|
02/09/2014, 09:57
|
#3
|
elite*gold: 93616
Join Date: Apr 2010
Posts: 13,737
Received Thanks: 14,990
|
You have to disable the memory detection as well
|
|
|
02/09/2014, 11:24
|
#4
|
elite*gold: 26
Join Date: Jan 2012
Posts: 3,474
Received Thanks: 18,847
|
isn't that hard or?
edit:
look at 40546390. you dont need to change the string:
Code:
push 0 ; _DWORD
push 80h ; _DWORD
push 3 ; _DWORD
push 0 ; _DWORD
push 0 ; _DWORD
push 0C0000000h ; _DWORD
push offset a_X6va016 ; "\\\\.\\X6va016"
mov [edi+0Ch], eax
call dword_406448E0
cmp eax, 0FFFFFFFFh
jnz short loc_405463FA
just edit the code here. there is also the load of the second driver:
Code:
mov edx, [esi]
push edi
push offset a_Xdva407 ; "\\\\.\\XDva407"
mov ecx, esi
call dword ptr [edx+60h]
just sayin
|
|
|
02/09/2014, 12:59
|
#5
|
elite*gold: 10
Join Date: May 2013
Posts: 814
Received Thanks: 1,265
|
Quote:
Originally Posted by K1ramoX
you dont need to change the string:
|
but its easier ;o
---------------------
: Just look into ProcessHacker -> Services
u see the running driver (X6va017) << you have to search this string in cheatengine. you'll probably find 3/4 statics:
~this is done for microvolts, in s4 its the same.. (idk the current driver name ;O)
|
|
|
02/09/2014, 15:12
|
#6
|
elite*gold: 0
Join Date: Feb 2011
Posts: 131
Received Thanks: 201
|
Quote:
Originally Posted by onomato
but its easier ;o
---------------------
: Just look into ProcessHacker -> Services
u see the running driver (X6va017) << you have to search this string in cheatengine. you'll probably find 3/4 statics:
~this is done for microvolts, in s4 its the same.. (idk the current driver name ;O)
|
By this way, X6va017 service will be still running. Doesn't it makes problem ?
|
|
|
02/09/2014, 21:16
|
#7
|
elite*gold: 15
Join Date: Jun 2011
Posts: 570
Received Thanks: 2,757
|
Just search in memory x6va016 as string that's not that hard, maybe learn how to bypass memory scan after that ?
|
|
|
02/09/2014, 21:22
|
#8
|
elite*gold: 10
Join Date: May 2013
Posts: 814
Received Thanks: 1,265
|
Quote:
Originally Posted by likapielikapie
By this way, X6va017 service will be still running. Doesn't it makes problem ?
|
No ;o Change it to X6va111 or something idk ^.^
|
|
|
02/10/2014, 14:35
|
#9
|
elite*gold: 0
Join Date: Feb 2011
Posts: 131
Received Thanks: 201
|
Quote:
Originally Posted by onomato
No ;o Change it to X6va111 or something idk ^.^
|
When I do it, XTrap says "A program is effecting game client"
Help bro
|
|
|
02/10/2014, 15:59
|
#10
|
elite*gold: 596
Join Date: Sep 2011
Posts: 923
Received Thanks: 2,343
|
Quote:
Originally Posted by likapielikapie
When I do it, XTrap says "A program is effecting game client"
Help bro
|
Scroll up.
Quote:
Originally Posted by K1ramoX
isn't that hard or?
edit:
look at 40546390. you dont need to change the string:
Code:
push 0 ; _DWORD
push 80h ; _DWORD
push 3 ; _DWORD
push 0 ; _DWORD
push 0 ; _DWORD
push 0C0000000h ; _DWORD
push offset a_X6va016 ; "\\\\.\\X6va016"
mov [edi+0Ch], eax
call dword_406448E0
cmp eax, 0FFFFFFFFh
jnz short loc_405463FA
just edit the code here. there is also the load of the second driver:
Code:
mov edx, [esi]
push edi
push offset a_Xdva407 ; "\\\\.\\XDva407"
mov ecx, esi
call dword ptr [edx+60h]
just sayin
|
(SC_HANDLE,LPCSTR lpServiceName,DWORD);
ERROR_INVALID_NAME
(LPCTSTR,LPCTSTR,DWORD dwDesiredAccess)
ERROR_ACCESS_DENIED
There are many methods to bypass the 64-bit driver :P
|
|
|
02/15/2014, 16:29
|
#11
|
elite*gold: 0
Join Date: Feb 2014
Posts: 1
Received Thanks: 0
|
Quote:
Originally Posted by Slicktor
Scroll up.
(SC_HANDLE,LPCSTR lpServiceName,DWORD);
ERROR_INVALID_NAME
(LPCTSTR,LPCTSTR,DWORD dwDesiredAccess)
ERROR_ACCESS_DENIED
There are many methods to bypass the 64-bit driver :P
|
Give me bro
|
|
|
02/15/2014, 16:34
|
#12
|
elite*gold: 15
Join Date: Jun 2011
Posts: 570
Received Thanks: 2,757
|
Quote:
Originally Posted by likapielikapie
When I do it, XTrap says "A program is effecting game client"
Help bro
|
You do it with wich language ?
|
|
|
02/16/2014, 10:50
|
#13
|
elite*gold: 0
Join Date: Feb 2011
Posts: 131
Received Thanks: 201
|
Quote:
Originally Posted by Forbidi
You do it with wich language ?
|
Trying with AutoIT
|
|
|
02/16/2014, 17:36
|
#14
|
elite*gold: 0
Join Date: Jan 2012
Posts: 1,458
Received Thanks: 1,407
|
Quote:
Originally Posted by likapielikapie
Trying with AutoIT
|
omg. Screw AutoIt.
Learn C++ Basics and code it in C++ ffs.
AutoIT is good for basic and easy ****.
|
|
|
02/16/2014, 19:00
|
#15
|
elite*gold: 15
Join Date: Jun 2011
Posts: 570
Received Thanks: 2,757
|
Quote:
Originally Posted by Hybrid~
omg. Screw AutoIt.
Learn C++ Basics and code it in C++ ffs.
AutoIT is good for basic and easy ****.
|
So this is a **** ?
|
|
|
|
|
Similar Threads
|
question about programming
08/25/2013 - CO2 Programming - 12 Replies
Hello every one
I was wandering if I wanna create bot/proxy lvling bot
what programs would i know from began to last??
|
Question about Programming
02/02/2013 - CO2 Programming - 11 Replies
Sorry if this is the wrong section.
I would like to know the differences between the different languages. I research it a little but didn't really understand all of it. I'm thinking of learning python, from what i read its the easiest to begin with. But could someone explain this:
What is the language used for?
What type of stuff can you make with it?
What are the pros and cons of it?
If someone could answer these questions regarding each language, that would help a lot, thank you.(...
|
HS Bypass Programming
02/18/2010 - Mabinogi - 24 Replies
Hi,
I'm a programmer who has never tried hacking. I am currently trying to write a bypass for HackShield, mainly for educational purposes, and would like to know if what I have come up with is true or false:
1. The best case scenario would be if HackShield was never loaded at all.
2. To achieve this, a dll would need to be written that intercepts certain function calls and replaces those with its own.
3. The dll would need to be injected into the game process before HackShield is...
|
Programming Question
04/03/2009 - General Gaming Discussion - 0 Replies
Hey,
I have been trying to port some code into any language, and not having any luck at all. A user on here (Atheuz) gave me some old source to an old bot he used to use, but my knowledge is not far enough to fill in the blanks. I tried porting in C++, but had too much trouble.
I was wondering if anyone could try this for me, I would greatly appreciate it.
Basically it's a bot for Phoenix Dynasty Online, that simply right clicks monsters. The memory addresses will have to be adjusted...
|
All times are GMT +2. The time now is 20:28.
|
|