Question about bypass for xtrap in sro_client

[leiwis]

I recently noticed that when bypassing the moment of saving the changes the executable detected it as a Trojan of type "Wacatac.H!ml" it worked on the original SRO_CLIENT without modifying the test client and it is not manipulated in any way since it It gives the error only after applying the patch through ollydb

I use these parameters:

Quote:

Xtrap 1st Check = 00831B20 (Replace With RETN)
Xtrap 2nd Check = 00B7AEF0 (NOP Untill Address) 00B7C3EF

My question is if there is any other method or some other type of patch to avoid this problem.

[Judgelemental]

Quote:

Originally Posted by leiwis

I recently noticed that when bypassing the moment of saving the changes the executable detected it as a Trojan of type "Wacatac.H!ml" it worked on the original SRO_CLIENT without modifying the test client and it is not manipulated in any way since it It gives the error only after applying the patch through ollydb

I use these parameters:



My question is if there is any other method or some other type of patch to avoid this problem.

Try the Address Patcher
Source: RZ

[leiwis]

Quote:

Originally Posted by Judgelemental

Try the Address Patcher
Source: RZ

Hello old friend, I hope you are well! Yes, I am aware of the program and I have used it and even if "Microsoft Defender" still detects it as a threat. I know perfectly well that it is a false positive but a normal user would not understand it like that when installing the client on their PC the antivirus will probably delete the sro_client which is not very pleasant.

[deluxe13]

Quote:

Originally Posted by Judgelemental

Try the Address Patcher
Source: RZ

If i make it, sro_client shows as a virus from Defender. How to resolve this problem without malware alerts?

[romio100]

To resolve the Xtrap issue and bypass the checks you have specified, you need to modify the software instructions at the specified addresses. Using tools like OllyDbg or Cheat Engine, which are reverse engineering tools that allow you to modify the binary instructions in memory for applications, can help.

Here are the steps that can help:

Open the executable file in OllyDbg or Cheat Engine:

Open the application or game that you are experiencing the Xtrap issue in using OllyDbg or Cheat Engine.

Get to the first address (Xtrap 1st Check = 00831B20):

In OllyDbg or Cheat Engine, navigate to address 00831B20.

Select the instruction at this address.

Replace the current instruction with a RETN (returns the program to the address it was called from).

Get to the second address (Xtrap 2nd Check = 00B7AEF0):

Go to address 00B7AEF0.

Fill the instructions from this address through 00B7C3EF with NOP (No Operation) instructions, so that the program skips this part of the code without executing any additional instructions.

[deluxe13]

Quote:

Originally Posted by romio100

To resolve the Xtrap issue and bypass the checks you have specified, you need to modify the software instructions at the specified addresses. Using tools like OllyDbg or Cheat Engine, which are reverse engineering tools that allow you to modify the binary instructions in memory for applications, can help.

Here are the steps that can help:

Open the executable file in OllyDbg or Cheat Engine:

Open the application or game that you are experiencing the Xtrap issue in using OllyDbg or Cheat Engine.

Get to the first address (Xtrap 1st Check = 00831B20):

In OllyDbg or Cheat Engine, navigate to address 00831B20.

Select the instruction at this address.

Replace the current instruction with a RETN (returns the program to the address it was called from).

Get to the second address (Xtrap 2nd Check = 00B7AEF0):

Go to address 00B7AEF0.

Fill the instructions from this address through 00B7C3EF with NOP (No Operation) instructions, so that the program skips this part of the code without executing any additional instructions.

Thank u but then the defender alerts a virus on sro_client?

[romio100]

any change that is not hidden by the protection programs will be detected as a virus. Test this code and check.

[deluxe13]

Quote:

Originally Posted by romio100

any change that is not hidden by the protection programs will be detected as a virus. Test this code and check.

How can i Save then the exe file on ollydbg?

[romio100]

To save an exe file in OllyDbg after editing it, you can follow these steps:

Complete the edits: Make sure you have made all the edits you want to the code.

**Go to the menu**: Click on "File" in the top left corner.

Choose "Save file": From the menu, choose "Save file", then select the path where you want to save the edited file.

Choose the format: Choose the save format as "Executable file (*.exe)".

Save the changes: After choosing the format and location, click "Save" to save the edited file.

Verify the edits: You can then run the file you saved to verify that the edits were successfully applied.

[deluxe13]

I dont have Save File in File Corner bro

[romio100]

When executing the program commands and completing the process of executing the executable file, it appears with the executable file saved, but this image is the user interface