HS Hackers
Seja Bem Vindo Ao Site: HS Hackers

HS Hackers

Seja Bem Vindos A HS Hackers | Um Dos Melhores Site De Cheats Do Brasil!!!


Você não está conectado. Conecte-se ou registre-se

 » Zona Programação » Ferramentas Hacker » Programação VB/C++/C# »

Bypass para Hackshield

Ver o tópico anterior Ver o tópico seguinte Ir em baixo Mensagem [Página 1 de 1]

avatar

MEMBRO

Mensagens Mensagens : 34
Moedas Moedas : 1196
Sexo : Masculino
Reputação Reputação : 21
Idade Idade : 21
Localização : Google
Ver perfil do usuário http://hshackercheats.forumbrasil.net/
Olá meninos Progamadores !!
Hoje vos trago um bypass para Hackshield em
C++
Bom este topico não irá ter video nen download nen scanner
certo ? este é pra vocês ficarem de boa na lagoa com seus hackers
no Combat Arms né ?!?
Estamos em tempo de COPA então resolvi postar..
Sem mais delongas..
Não sei se tá funcional ainda 
(É Pra vocês aprenderem a mexer !)

Bypass:
#ifndef _ANTIHACKSHIELD_H
#define _ANTIHACKSHIELD_H

#include "xorstr.h"

typedef LONG (WINAPI* tZwSetEvent)(HANDLE EventHandle, PLONG PreviousState);
tZwSetEvent oZwSetEvent;

bool bThreadTerminate = false;

DWORD dwMAIN_THREAD;
DWORD dwLMP_HACKSHIELD_THREAD;
DWORD dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1;
DWORD dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2;
DWORD dwCHECK_INTEGRITY_HACKSHIELD_THREAD;
DWORD dwKDTRACE_HACKSHIELD_THREAD;

DWORD dwLMP_HACKSHIELD_THREAD_EVENT;
DWORD dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1_EVENT;
DWORD dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT;
DWORD dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT;

DWORD dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL;
DWORD dwHACKSHIELD_CALL_TO_CREATE_THREAD;

MODULEINFO mEngine, mEhSvc;

#define INRANGE(x,a,b)  (x >= a && x <= b)
#define getBits( x )    (INRANGE((x&(~0x20)),'A','F') ? ((x&(~0x20)) - 'A' + 0xa) : (INRANGE(x,'0','9') ? x - '0' : 0))
#define getByte( x )    (getBits(x[0]) << 4 | getBits(x[1]))
DWORD FindPattern( DWORD rangeStart, DWORD rangeEnd, const char* pattern )
{
   const char* pat = pattern;
   DWORD firstMatch = 0;
   for( DWORD pCur = rangeStart; pCur < rangeEnd; pCur++ )
   {
       if( !*pat ) return firstMatch;
       if( *(PBYTE)pat == '\?' || *(BYTE*)pCur == getByte( pat ) ) {
           if( !firstMatch ) firstMatch = pCur;
           if( !pat[2] ) return firstMatch;
           if( *(PWORD)pat == '\?\?' || *(PBYTE)pat != '\?' ) pat += 3;
           else pat += 2;  

       } else {
           pat = pattern;
           firstMatch = 0;
       }
   }
   return NULL;
}

struct sHackShieldThreadParams
{
   char _pad1[0x48];
   DWORD param1;
   DWORD param2;
};


#pragma optimize("", off)
void FakeASMCheck()
{
   VIRTUALIZER1_START
   oZwSetEvent((HANDLE) *(DWORD *)dwLMP_HACKSHIELD_THREAD_EVENT, 0);
   VIRTUALIZER1_END

   while(bThreadTerminate == false)
       Sleep(1000);
}

void FakeHeuristicScanThread()
{
   VIRTUALIZER1_START
   dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1_EVENT = *(DWORD *)(dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1_EVENT + 1 );
   dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1_EVENT = *(DWORD *)(dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1_EVENT + 0xBCC);

   oZwSetEvent((HANDLE)dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1_EVENT, 0);
   VIRTUALIZER1_END
   while(bThreadTerminate == false)
       Sleep(1000);
}

void FakeHeuristicModulesScanThread()
{
   VIRTUALIZER1_START
   dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT = *(DWORD *)(dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT + 1);
   dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT = *(DWORD *)(dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT);
   dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT = *(DWORD *)(dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT + 0xB98);

   oZwSetEvent((HANDLE)dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT, 0);
   VIRTUALIZER1_END
   while(bThreadTerminate == false)
       Sleep(1000);
}


void FakeHackShieldIntegrityChecks()
{
   VIRTUALIZER1_START
   dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT = **(DWORD **)(dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT + 2);
   oZwSetEvent((HANDLE) dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT, 0);
   VIRTUALIZER1_END
   while(bThreadTerminate == false)
       Sleep(1000);
}

void FakeKernelTraceThread()
{
   while(bThreadTerminate == false)
       Sleep(1000);
}


typedef HANDLE(WINAPI* tCreateThread)(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId);
tCreateThread oCreateThread;
HANDLE WINAPI hkCreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId)
{
   VIRTUALIZER1_START
   __asm pushad;

   if(lpStartAddress == (LPTHREAD_START_ROUTINE)dwMAIN_THREAD )
   {
       sHackShieldThreadParams * pHackShieldThreadParams = (sHackShieldThreadParams *)lpParameter;

       if(pHackShieldThreadParams->param1 == dwLMP_HACKSHIELD_THREAD )
           pHackShieldThreadParams->param1 = (DWORD)FakeASMCheck;
       
       if(pHackShieldThreadParams->param1 == dwCHECK_INTEGRITY_HACKSHIELD_THREAD )
           pHackShieldThreadParams->param1 = (DWORD)FakeHackShieldIntegrityChecks;

       if(pHackShieldThreadParams->param1 == dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1 )
           pHackShieldThreadParams->param1 = (DWORD)FakeHeuristicScanThread;
           
       if(pHackShieldThreadParams->param1 == dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2 )
           pHackShieldThreadParams->param1 = (DWORD)FakeHeuristicModulesScanThread;

       if(pHackShieldThreadParams->param1 == dwKDTRACE_HACKSHIELD_THREAD )
           pHackShieldThreadParams->param1 = (DWORD)FakeKernelTraceThread;

       lpParameter = (LPVOID)pHackShieldThreadParams;
   }

   __asm popad;

   return oCreateThread(lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpThreadId);
   VIRTUALIZER1_END
}


MODULEINFO GetModuleInfo ( LPCTSTR lpModuleName )
{
   
   MODULEINFO miInfos = { NULL };

   HMODULE hPSAPI_module;

   if(!GetModuleHandleA(/*psapi.dll*/XorStr<0x83,10,0x958DA3D8>("\xF3\xF7\xE4\xF6\xEE\xA6\xED\xE6\xE7"+0x958DA3D8).s))
   {
       VIRTUALIZER1_START
       char szSystemPath[MAX_PATH];
       GetWindowsDirectory(szSystemPath, MAX_PATH);
       char szPSAPIDLLPath[MAX_PATH];
       sprintf(szPSAPIDLLPath, /*%s\\system32\\psapi.dll*/XorStr<0x36,22,0x2421358F>("\x13\x44\x64\x4A\x43\x48\x48\x58\x53\x0C\x72\x1D\x32\x30\x25\x35\x2F\x69\x2C\x25\x26"+0x2421358F).s, szSystemPath);
       //char *szSystemPath = new char[MAX_PATH] = getenv(/*SystemRoot*/XorStr<0x7F,11,0xFE364ABD>("\x2C\xF9\xF2\xF6\xE6\xE9\xD7\xE9\xE8\xFC"+0xFE364ABD).s);
       //sprintf(szSystemPath, /*%s\\system32\\psapi.dll*/XorStr<0xD9,22,0xFE6A7D9B>("\xFC\xA9\x87\xAF\xA4\xAD\xAB\x85\x8C\xD1\xD1\xB8\x95\x95\x86\x98\x80\xC4\x8F\x80\x81"+0xFE6A7D9B).s, szSystemPath);
       hPSAPI_module =  LoadLibrary(szPSAPIDLLPath);
       VIRTUALIZER1_END
   }
   else
       hPSAPI_module = GetModuleHandleA(/*psapi.dll*/XorStr<0xC0,10,0xF54899B1>("\xB0\xB2\xA3\xB3\xAD\xEB\xA2\xAB\xA4"+0xF54899B1).s);

   if (!hPSAPI_module)
       return miInfos;

   HMODULE hmModule = GetModuleHandle(lpModuleName);

   typedef DWORD ( __stdcall *tGetModuleInformation)( HANDLE, HMODULE, LPMODULEINFO, DWORD );
   tGetModuleInformation oGetModuleInformation = (tGetModuleInformation) (GetProcAddress(hPSAPI_module, /*GetModuleInformation*/XorStr<0x51,21,0x2BAEFCCD>("\x16\x37\x27\x19\x3A\x32\x22\x34\x3C\x13\x35\x3A\x32\x2C\x32\x01\x15\x0B\x0C\x0A"+0x2BAEFCCD).s));
   oGetModuleInformation(GetCurrentProcess(), hmModule, &miInfos, sizeof ( MODULEINFO ));

   return miInfos;

   
}

#pragma optimize("", on)
typedef int(__cdecl* tSecureFunctionCall)(int a1, int a2, int a3);
tSecureFunctionCall oSecureFunctionCall;
int hk_secureFunctionCall(int a1, int a2, int a3)
{
   __asm pushad;
   VIRTUALIZER1_START
   if(a1 == 6)
       bThreadTerminate = true;
   VIRTUALIZER1_END
   __asm popad;
   return oSecureFunctionCall(a1,a2,a3);
}


#pragma optimize("", off)
void InitializeHSBypass(void)
{
   while(!GetModuleHandleA(/*EhSvc.dll*/XorStr<0x68,10,0x6EB6F07E>("\x2D\x01\x39\x1D\x0F\x43\x0A\x03\x1C"+0x6EB6F07E).s) )
   Sleep(100);

   mEngine = GetModuleInfo(0);
   mEhSvc = GetModuleInfo(/*EhSvc.dll*/XorStr<0x52,10,0x1A77CE04>("\x17\x3B\x07\x23\x35\x79\x3C\x35\x36"+0x1A77CE04).s);

   dwMAIN_THREAD = (DWORD) FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC ?? 53 56 57 89 65 ?? FF 35*/XorStr<0x21,120,0x2DDE4771>("\x14\x17\x03\x1C\x67\x06\x62\x6B\x09\x1C\x6A\x0C\x6B\x68\x0F\x06\x09\x12\x0C\x0B\x15\x09\x08\x18\x06\x05\x1B\x03\x02\x1E\x09\x78\x61\x7D\x7C\x64\x7A\x79\x67\x77\x76\x6A\x74\x73\x6D\x78\x7B\x70\x10\x63\x73\x64\x65\x76\x67\x68\x79\x6A\x6B\x7C\x6D\x6E\x7F\x55\x51\x42\x55\x50\x45\x5E\x5E\x48\x5B\x5F\x4B\x5C\x5D\x4E\x5F\x40\x51\x42\x43\x54\x45\x46\x57\x40\x4A\x5A\x3E\x3F\x5D\x41\x40\xA0\xB4\xB1\xA3\xB1\xB3\xA6\xB2\xBF\xA9\xB2\xB2\xAC\xBB\xBB\xAF\xAF\xAE\xB2\xD5\xD2\xB5\xA5\xA2"+0x2DDE4771).s);

   dwLMP_HACKSHIELD_THREAD = (DWORD) FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC 53 56 57 E9*/XorStr<0x65,21,0x321AD150>("\x50\x53\x47\x50\x2B\x4A\x2E\x2F\x4D\x5B\x5C\x50\x44\x44\x53\x41\x42\x56\x32\x41"+0x321AD150).s );
   dwLMP_HACKSHIELD_THREAD = dwLMP_HACKSHIELD_THREAD + 0x1;
   dwLMP_HACKSHIELD_THREAD = (DWORD) FindPattern( (DWORD)dwLMP_HACKSHIELD_THREAD, (DWORD)dwLMP_HACKSHIELD_THREAD + (DWORD)mEhSvc.SizeOfImage, /*55 8B EC 53 56 57 E9*/XorStr<0x65,21,0x321AD150>("\x50\x53\x47\x50\x2B\x4A\x2E\x2F\x4D\x5B\x5C\x50\x44\x44\x53\x41\x42\x56\x32\x41"+0x321AD150).s);

   dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1 = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*8B 4C 24 04 E8*/XorStr<0x3B,15,0xFE4FC9CF>("\x03\x7E\x1D\x0A\x7C\x60\x73\x76\x63\x74\x71\x66\x02\x70"+0xFE4FC9CF).s );
   dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2 = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 81 EC ?? ?? ?? ?? 53 56 57 89 65 ?? C6 45 ?? ?? C6*/XorStr<0x0E,138,0xA52699E6>("\x3B\x3A\x30\x29\x50\x33\x51\x56\x36\x21\x59\x39\x5C\x5D\x3C\x2B\x26\x3F\x1F\x1E\x02\x1C\x1B\x05\x19\x18\x08\x16\x15\x0B\x1A\x15\x0E\x10\x0F\x11\x0D\x0C\x14\x0A\x09\x17\x07\x06\x1A\x0D\x08\x1D\x7F\x0E\x60\x71\x72\x63\x74\x75\x66\x77\x78\x69\x7A\x7B\x6C\x78\x7E\x6F\x66\x65\x72\x6B\x6D\x75\x64\x62\x78\x69\x6A\x7B\x6C\x6D\x7E\x6F\x50\x41\x52\x53\x44\x5D\x57\x47\x2D\x2A\x4A\x54\x53\x4D\x51\x50\x50\x4E\x4D\x53\x4B\x4A\x56\x42\x4B\x59\x4F\x4D\x5C\x48\x49\x5F\xB8\xB8\xA2\xB5\xB1\xA5\xB9\xB8\xA8\xCA\xBC\xAB\xB8\xB8\xAE\xB0\xAF\xB1\xAD\xAC\xB4\xD6\xA0"+0xA52699E6).s );
   dwCHECK_INTEGRITY_HACKSHIELD_THREAD = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, ( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC B8*/XorStr<0xB9,12,0xE4296250>("\x8C\x8F\x9B\x84\xFF\x9E\xFA\x83\xE1\x80\xFB"+0xE4296250).s );
   dwKDTRACE_HACKSHIELD_THREAD = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 81 C4 ?? ?? ?? ?? 53 56 57 89 65 ?? C7 45 ?? ?? ?? ?? ?? C7 45 ?? ?? ?? ?? ?? C7 45 ?? ?? ?? ?? ?? FF*/XorStr<0x90,189,0x9E605CC7>("\xA5\xA4\xB2\xAB\xD6\xB5\xD3\xD4\xB8\xAF\xDB\xBB\xDA\xDB\xBE\xA9\x98\x81\x9D\x9C\x84\x9A\x99\x87\x97\x96\x8A\x94\x93\x8D\x98\x97\x90\x8E\x8D\x93\x8B\x8A\x96\x88\x87\x99\x85\x84\x9C\x8B\x8A\x9F\x81\xF0\xE2\xF3\xF4\xE5\xF6\xF7\xE8\xF9\xFA\xEB\xFC\xFD\xEE\xFA\xE0\xF1\xE4\xE7\xF4\xED\xEF\xF7\xEA\xEC\xFA\xEB\xEC\xFD\xEE\xEF\xC0\xD1\xD2\xC3\xD4\xD5\xC6\xDF\xD9\xC9\xA9\xDF\xCC\xD2\xD1\xCF\xCF\xCE\xD2\xCC\xCB\xD5\xC9\xC8\xD8\xCC\xC9\xDB\xC9\xCB\xDE\xCA\x37\x21\x3A\x3A\x24\x33\x33\x27\x37\x36\x2A\x48\x3B\x2D\x3A\x3A\x30\x2E\x2D\x33\x2B\x2A\x36\x28\x27\x39\x25\x24\x3C\x22\x21\x3F\x63\x16\x02\x17\x11\x05\x19\x18\x08\x16\x15\x0B\x13\x12\x0E\x10\x0F\x11\x0D\x0C\x14\x76\x01\x17\x0C\x0C\x1A\x04\x03\x1D\x01\x00\x60\x7E\x7D\x63\x7B\x7A\x66\x78\x77\x69\x0C\x0D"+0x9E605CC7).s);

   dwLMP_HACKSHIELD_THREAD_EVENT = ( (DWORD)mEhSvc.lpBaseOfDll + 0x130CA8);
   dwDETECT_GAME_HACK_HACKSHIELD_THREAD_1_EVENT = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*B9 ?? ?? ?? ?? E8 ?? ?? ?? ?? 5D C3*/XorStr<0x1C,36,0x0FA547FD>("\x5E\x24\x3E\x20\x1F\x01\x1D\x1C\x04\x1A\x19\x07\x17\x16\x0A\x6E\x14\x0D\x11\x10\x10\x0E\x0D\x13\x0B\x0A\x16\x08\x07\x19\x0F\x7F\x1C\x7E\x0D"+0x0FA547FD).s );
   dwDETECT_GAME_HACK_HACKSHIELD_THREAD_2_EVENT = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*A1 ?? ?? ?? ?? 53 56 33 F6 57 3B C6 89 65 ?? 75*/XorStr<0xDF,48,0x4944DE25>("\x9E\xD1\xC1\xDD\xDC\xC4\xDA\xD9\xC7\xD7\xD6\xCA\xD4\xD3\xCD\xDB\xDC\xD0\xC4\xC4\xD3\xC7\xC6\xD6\xB1\xCE\xD9\xCF\xCC\xDC\xCE\xBC\xDF\x43\x37\x22\x3B\x3D\x25\x30\x32\x28\x36\x35\x2B\x3B\x38"+0x4944DE25).s );
   
   dwCHECK_INTEGRITY_HACKSHIELD_THREAD_EVENT = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD)( (DWORD) mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*8B 0D ?? ?? ?? ?? 51 FF 15 ?? ?? ?? ?? 8B 55*/XorStr<0x15,45,0x216E426F>("\x2D\x54\x37\x28\x5D\x3A\x24\x23\x3D\x21\x20\x00\x1E\x1D\x03\x1B\x1A\x06\x12\x19\x09\x6C\x6D\x0C\x1C\x1B\x0F\x0F\x0E\x12\x0C\x0B\x15\x09\x08\x18\x06\x05\x1B\x04\x7F\x1E\x0A\x75"+0x216E426F).s );

   dwHACKSHIELD_CALL_TO_CREATE_THREAD = (DWORD)FindPattern( (DWORD)mEhSvc.lpBaseOfDll, (DWORD) ( (DWORD)mEhSvc.lpBaseOfDll + (DWORD)mEhSvc.SizeOfImage), /*FF 15 ?? ?? ?? ?? 85 C0 75 ?? FF 15 ?? ?? ?? ?? 8B F8 56*/XorStr<0x82,57,0xBCA0FCCB>("\xC4\xC5\xA4\xB4\xB3\xA7\xB7\xB6\xAA\xB4\xB3\xAD\xB1\xB0\xB0\xAE\xAD\xB3\xAC\xA0\xB6\xD4\xA8\xB9\xAD\xAE\xBC\xA2\xA1\xBF\xE6\xE7\x82\x92\x91\x85\x99\x98\x88\x96\x95\x8B\x93\x92\x8E\x90\x8F\x91\x8A\xF1\x94\xF3\x8E\x97\x8D\x8F"+0xBCA0FCCB).s);
   dwHACKSHIELD_CALL_TO_CREATE_THREAD = *(DWORD *)(dwHACKSHIELD_CALL_TO_CREATE_THREAD + 2);

   dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL = (DWORD)FindPattern( (DWORD)mEngine.lpBaseOfDll, (DWORD) ( (DWORD)mEngine.lpBaseOfDll + (DWORD)mEngine.SizeOfImage), /*89 0D ?? ?? ?? ?? 8B 55 E8*/XorStr<0x57,27,0xD71F02EA>("\x6F\x61\x79\x6A\x1F\x7C\x62\x61\x7F\x5F\x5E\x42\x5C\x5B\x45\x59\x58\x48\x51\x28\x4B\x59\x58\x4E\x2A\x48"+0xD71F02EA).s);
   dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL = *(DWORD *)(dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL + 2);


   VIRTUALIZER1_START

   oZwSetEvent = (tZwSetEvent)GetProcAddress( GetModuleHandle(/*ntdll.dll*/XorStr<0x89,10,0x1E870C7A>("\xE7\xFE\xEF\xE0\xE1\xA0\xEB\xFC\xFD"+0x1E870C7A).s), /*ZwSetEvent*/XorStr<0x34,11,0xCB9D323B>("\x6E\x42\x65\x52\x4C\x7C\x4C\x5E\x52\x49"+0xCB9D323B).s);

   DWORD oldProtect;

   VirtualProtect((void *)mEhSvc.lpBaseOfDll, mEhSvc.SizeOfImage, PAGE_EXECUTE_READWRITE, &oldProtect);
   oCreateThread = (tCreateThread) *(DWORD *)((DWORD)dwHACKSHIELD_CALL_TO_CREATE_THREAD);
   *(DWORD *)(dwHACKSHIELD_CALL_TO_CREATE_THREAD) = (DWORD)hkCreateThread;
   VirtualProtect((void *)mEhSvc.lpBaseOfDll, mEhSvc.SizeOfImage, oldProtect, &oldProtect);

   VirtualProtect((void *)mEngine.lpBaseOfDll, mEngine.SizeOfImage, PAGE_EXECUTE_READWRITE, &oldProtect);
   oSecureFunctionCall = (tSecureFunctionCall)*(DWORD*)dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL;
   *(DWORD *)(dwPFN_SECURE_HACKSHIELD_FUNCTION_CALL) = (DWORD)hk_secureFunctionCall;
   VirtualProtect((void *)mEngine.lpBaseOfDll, mEngine.SizeOfImage, oldProtect, &oldProtect);

   VIRTUALIZER1_END
}
#pragma optimize("", on)
#endif

Bypass para Hackshield em Sab 28 Jun 2014, 13:41

avatar

Fundador

Mensagens Mensagens : 241
Moedas Moedas : 2274
Sexo : Masculino
Reputação Reputação : 458
Idade Idade : 20
Localização : [K]ris[S]
Ver perfil do usuário http://hshackercheats.forumbrasil.net
Isso parece que serve para fazer logger não sei muito bem onde você pego isso ?? acho que já vi uma vez conheço muito isso ai não// Mas Obrigado Por Postar <3 s2 Maninhow

Re: Bypass para Hackshield em Dom 29 Jun 2014, 01:49

avatar

MEMBRO

Mensagens Mensagens : 9
Moedas Moedas : 990
Sexo : Masculino
Reputação Reputação : 0
Ver perfil do usuário
NOSA SO De Olhar Da Praver Q nao Tamais On

Re: Bypass para Hackshield em Qui 19 Fev 2015, 11:25

Conteúdo patrocinado

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo Mensagem [Página 1 de 1]

Permissão deste fórum:
Você não pode responder aos tópicos neste fórum