|
You last visited: Today at 12:37
Advertisement
D3D Hook
Discussion on D3D Hook within the S4 League forum part of the Shooter category.
08/07/2010, 14:48
|
#1
|
elite*gold: 0 
Join Date: Jul 2007
Posts: 120
Received Thanks: 71
|
D3D Hook
Alright, I'm trying to hook EndScene, but xtrap keeps detecting it.
I've tried to hook it using the Virtual Table, -> detected.
I've tried to hook it by just hooking EndScene in d3d9.dll -> detected.
I've seen the other hacks around and it looks to me like they fake the d3d9.dll, use some kind of wrapper, but this is very lame.
Okay second problem, I've been trying to find some values using Search Engine, but it gets detected by xtrap too. Is there any patch / bypass for Xtrap?
I've been trying to hook EnumProcesses, but it seems like LoadLibrary and GetProcAddress are hooked by xtrap.
please help me 
|
|
|
|
08/07/2010, 14:52
|
#2
|
elite*gold: 7110
Join Date: Jun 2009
Posts: 28,907
Received Thanks: 25,408
|
Yes, XTrap detects Dll Injection, you have to get them in at startup (and hide them then) OR create a dll called HID.dll which loads your dll and place it in S4 directory with your dll.
Of course Cheat engine is detected, what did you except? Hook K32EnumProcesses (not the normal EnumProcesses) and EnumWindows to solve this.
Yes, almost all D3D functions are checked, you have to search the memory checking thread of XTrap to solve this and to be able to patch in S4Client.exe, else the whole module .code section is checked!
Try to hook EndScene at Offset 0x7
No, there is no public bypass out.
|
|
|
|
|
08/08/2010, 15:54
|
#3
|
elite*gold: 0
Join Date: Jul 2007
Posts: 120
Received Thanks: 71
|
Hey, thanks for your answer.
I've been trying to run S4Client.exe directly, without using the patcher. But it keeps saying that it can't be opened directly. Ofcourse, this is bullshit, and it just needs a certain parameter to be added, but I'm having hard time finding those parameters.
I compiled some program that listed all parameters( char[] args), and renamed that program to S4Client.exe and put it in the S4 league folder, but Xtrap detected that it was not the real client. Probably a MD5 hash or something.
Also, HCGW.exe ( or something ) launches Xtrap.xt, do you know which function is used for that? I thought CreateProcess().
Why exactly does it have to be called HID.dll ? Does S4client load that DLL?
Also, I see a lot of people who release Cheat Eninge tables and trainers etc. How did they find addresses etc? I can't wait to get my hands on that, use Reclass, and then code an aimbot in no-time :P
|
|
|
|
|
08/08/2010, 16:46
|
#4
|
elite*gold: 7110
Join Date: Jun 2009
Posts: 28,907
Received Thanks: 25,408
|
The parameters are easy to find (either process explorer or a little dll) but forget about that.
One xtrap key and one HGWC key are the parameters and they are not static. they seem to be some kind of time based hash.
And no, thats the big fail. HGWC says (not XTrap; HGWC and XTrap ar two different programms) that the file is changed but it checks that via crcs.
So you can simply add bytes at the and, so the crc is the same as the original one.
HGWC only launches S4Client.exe via CreateProcess and updates XTrap.xt.
The XTrapVa.dll launches XTrap.xt
Yes, it is a loaded but not used system Dll. And because Windows searches in the app directory first and then in the system directory you can load your Dlls this way.
They suspend HGWC, XTrap.xt and S4Client.exe and search some random values at startup (when the XTrap driver is not loaded yet) and some strings of the resource parsing routine; not really impressive.
|
|
|
|
|
08/09/2010, 16:29
|
#5
|
elite*gold: 0
Join Date: Jul 2007
Posts: 120
Received Thanks: 71
|
Right now, i haven't tackled Xtrap yet.
How do you guys find all the addresses for unlimited ammo, SP etc. ?
There are like 20 guys who release the same hack/trainer ( *cough* autoit *cough*) but they are never open source and they never actually tell how to find the addresses.
|
|
|
|
|
08/09/2010, 16:33
|
#6
|
elite*gold: 0
Join Date: Jul 2009
Posts: 2,241
Received Thanks: 848
|
Quote:
Originally Posted by blackmorpheus
Right now, i haven't tackled Xtrap yet.
How do you guys find all the addresses for unlimited ammo, SP etc. ?
There are like 20 guys who release the same hack/trainer ( *cough* autoit *cough*) but they are never open source and they never actually tell how to find the addresses.
|
Well this is actually a big problem, cause most values are leeched from each other.
Someone posts a method, everybody is releasing ******* many trainers.
You could also reverse those (You said it already, AutoIt).
|
|
|
|
|
08/09/2010, 20:41
|
#7
|
elite*gold: 7110
Join Date: Jun 2009
Posts: 28,907
Received Thanks: 25,408
|
no, try to reverse autoit lol
Quote:
Originally Posted by blackmorpheus
Right now, i haven't tackled Xtrap yet.
How do you guys find all the addresses for unlimited ammo, SP etc. ?
There are like 20 guys who release the same hack/trainer ( *cough* autoit *cough*) but they are never open source and they never actually tell how to find the addresses.
|
mix a bit copy&paste + autoit compilers + the same random **** addresses + sharing them via pm + process suspend tool + basic cheat engine skills and you will get:
10 equal amazin autoit trainers ^-^
|
|
|
|
All times are GMT +1. The time now is 12:38.
|
|
