|
You last visited: Today at 05:11
Advertisement
How did they patch .NET hacks?
Discussion on How did they patch .NET hacks? within the WarRock forum part of the Shooter category.
11/02/2013, 08:57
|
#1
|
elite*gold: 0 
Join Date: Oct 2013
Posts: 2
Received Thanks: 0
|
How did they patch .NET hacks?
So I remember a few years back that K2/G1 (not sure what the name was) patched .NET hacks somehow... at least they said they did...
Well, how is that possible, lol? What did they do? I'm sure its still possible to do hacks with C# and other .NET languages...
Mind telling me a few things about that patch and what they did? I couldn't find anything on Google...
Thanks!
|
|
|
|
11/02/2013, 11:49
|
#2
|
elite*gold: 0
Join Date: Jun 2012
Posts: 167
Received Thanks: 16
|
they removed external packet reading? D:
|
|
|
|
|
11/02/2013, 12:16
|
#3
|
elite*gold: 0
Join Date: Nov 2012
Posts: 592
Received Thanks: 394
|
Well is not right, you can yet make hacks in .NET but not easyer as before and you need to work a lot on it
|
|
|
|
|
11/02/2013, 12:21
|
#4
|
elite*gold: 0
Join Date: Sep 2008
Posts: 1,683
Received Thanks: 506
|
Create a proxy in .NET, they couldn't possibly patch that.
You can use it to hack
|
|
|
|
|
11/02/2013, 12:43
|
#5
|
elite*gold: 0
Join Date: Jul 2010
Posts: 748
Received Thanks: 569
|
They did an update to the client that disabled (some) & detect memory modifications, this is however possible but they detect it.
|
|
|
|
|
11/02/2013, 14:11
|
#6
|
elite*gold: 1
Join Date: Apr 2013
Posts: 461
Received Thanks: 216
|
Quote:
Originally Posted by Sleutel
They did an update to the client that disabled (some) & detect memory modifications, this is however possible but they detect it.
|
AFAIK Hackshield hooked a few functions which .NET calls on memory modification and such. So they detect that easily.
|
|
|
|
|
11/02/2013, 14:27
|
#7
|
elite*gold: 420
Join Date: Jan 2012
Posts: 1,082
Received Thanks: 1,000
|
In .NET you just called WinAPI's OpenProcess and Read/WriteMemoryProcess functions, but HackShield hooks them (I think they actually hook some underlying functions with their driver, but I'm too lazy to check that out now) and makes them unusable.
|
|
|
|
|
11/02/2013, 14:42
|
#8
|
elite*gold: 297
Join Date: Dec 2010
Posts: 1,129
Received Thanks: 1,687
|
Quote:
Originally Posted by Yazzn (:
In .NET you just called WinAPI's OpenProcess and Read/WriteMemoryProcess functions, but HackShield hooks them (I think they actually hook some underlying functions with their driver, but I'm too lazy to check that out now) and makes them unusable.
|
Actually it's some SSDT modifications/hooks detecting any call to those function on a system-wide level. The underlying functions are from ntdll.dll.
The way it works:
.NET marshals to Win32 API which calls the underlying NT functions which are hooked by Hackshields driver. There is a nice article about kernel-level SSDT hooks over  .
|
|
|
|
|
11/02/2013, 15:10
|
#9
|
elite*gold: 0
Join Date: Oct 2013
Posts: 2
Received Thanks: 0
|
Okay, can anyone PM me the current base address and coordY offset? I wanna try a function. As far as I could gather from info you supplied, the function should work.
Also, does the HS detect if you are reading the memory of War Rock or is only the memory writting stuff detected? If reading the memory isn't, it would be simple to make a memory aimbot with .NET, I guess?
|
|
|
|
|
11/02/2013, 16:27
|
#10
|
elite*gold: 297
Join Date: Dec 2010
Posts: 1,129
Received Thanks: 1,687
|
It's entirely impossible without applying a driver unhooking the kernel-level SSDT hooks. That's why you'd need to inject a native DLL in the process: You don't really want to do that because it's a ******* mess.
An aimbot from an external program is not just almost impossible to do, but is gonna lag the sh*t out of you. Have fun trying that.
|
|
|
|
All times are GMT +1. The time now is 05:14.
|
|
