Hackshield Bypass Source
I dunno for which version of HS this bypass is suitable, but this source appeared recently. Credit: RCD
OldProtection DWORD;
MEMwrite void (void * adr, void * ptr, int size)
(
VirtualProtect (adr, size, PAGE_EXECUTE_READWRITE, & OldProtection);
memcpy (adr, ptr, size);
VirtualProtect (adr, size, OldProtection, & OldProtection);
)
void NewDetourhs (long Address, int Size, int Size2)
(
Long EhSvc = (long) GetModuleHandleA ("EhSvc.dll");
OldProtect DWORD;
VirtualProtect ((void *) (EhSvc + Address), Size, PAGE_EX ECUTE_READWRITE, & OldProtect);
* (DWORD *) (EhSvc + Address) = Size2;
/ / * (Int *) (EhSvc + Address) = Size;
)
CopyModules void (void)
(
Long EhSvc = (long) GetModuleHandleA ("EhSvc.dll");
/ / Self CRC checks
MEMwrite ((void *) (EhSvc x0FF28 +0), (void *) (PBYTE) "\ xB8 \ x01 \ x00 \ x00 \ x00", 5);
/ / Anti-asm game client scans
MEMwrite ((void *) (EhSvc x1BC28 +0), (void *) (PBYTE) "\ x90 \ x90", 2);
// Unhook dip & sss 8
MEMwrite ((void *) (EhSvc x650A5 +0), (void *) (PBYTE) "\ xEB", 1);
MEMwrite ((void *) (EhSvc x650CF +0), (void *) (PBYTE) "\ xEB", 1);
/ / Etc code to check jump
MEMwrite ((void *) (EhSvc +0 x66931), (void *) (PBYTE) "\ xEB", 1);
MEMwrite ((void *) (EhSvc x66B79 +0), (void *) (PBYTE) "\ xEB", 1);
/ / Anti restore page
MEMwrite ((void *) (EhSvc x5F80E +0), (void *) (PBYTE) "\ xEB", 1);
MEMwrite ((void *) (EhSvc x5F784 +0), (the void *) (PBYTE) "\ xEB ", 1);
/ / Processscan, play eagle-detect process callbacks, for cheat engine
MEMwrite ((void *) (EhSvc x54A14 +0), (void *) (PBYTE) "\ xE9 \ x7E \ x0A \ x00 \ x00", 5);
/ / Nano-detect objects
MEMwrite ((void *) (EhSvc x2411B +0), (void *) (PBYTE) "\ xEB", 1);
MEMwrite ((void *) (EhSvc +0 x24265), (void *) (PBYTE) "\ xEB", 1);
MEMwrite ((void *) (EhSvc x2435F +0), (void *) (PBYTE) "\ X31", 1);
MEMwrite ((void *) (EhSvc +0 x22556), (void *) (PBYTE) "\ X31", 1);
MEMwrite ((void *) (EhSvc +0 x26171), (void *) (PBYTE) "\ X31", 1);
MEMwrite ((void *) (EhSvc +0 x25618), (void *) (PBYTE) "\ xEB", 1);
MEMwrite ((void *) (EhSvc x2572C +0), (void *) (PBYTE) "\ xEB", 1);
MEMwrite ((void *) (EhSvc x25ADB +0), (void *) (PBYTE) "\ xEB", 1);
int EhPtr = 0x0D0F40;
NewDetourhs ((EhPtr-0x44), 0x8, 4);
NewDetourhs ((EhPtr-0x40), 0x8, 4);
NewDetourhs ((EhPtr-0x20), 0x8, 4);
NewDetourhs (0x0D13F8, 0x8, 4);
NewDetourhs (0x0CD5F8, 0x8, 4);
NewDetourhs (0x0C7570, 0x8, 4);
NewDetourhs (0x0C7754, 0x8, 4);
NewDetourhs (0x0CED40, 0x8, 4);
NewDetourhs (0x0C7739, 0x8, 4);
NewDetourhs (0x0D2E08, 0x8, 4);
NewDetourhs (0x0C7758, 0x8, 4);
NewDetourhs (0x0C62F8, 0x8, 4);
NewDetourhs (0x0C7715, 0x8, 4);
NewDetourhs (0x0D0F40, 0x8, 4);
NewDetourhs (0x0C7719, 0x8, 4);
NewDetourhs (0x0D2E40, 0x8, 4);
NewDetourhs (0x0C62F8, 0x8, 4);
NewDetourhs (0x0CD8FC, 0x8, 4);
NewDetourhs (0x0CD5F8, 0x8, 4);
NewDetourhs (0x0D3DF1, 0x8, 4);
)
void loop (void)
(
for (;;)
(
Long EhSvc = (long) GetModuleHandleA ("EhSvc.dll");
if (EhSvc! = 0)
(
CopyModules ();
)
Sleep (20);
)
)
MEMwrite void (void * adr, void * ptr, int size)
(
VirtualProtect (adr, size, PAGE_EXECUTE_READWRITE, & OldProtection);
memcpy (adr, ptr, size);
VirtualProtect (adr, size, OldProtection, & OldProtection);
)
void NewDetourhs (long Address, int Size, int Size2)
(
Long EhSvc = (long) GetModuleHandleA ("EhSvc.dll");
OldProtect DWORD;
VirtualProtect ((void *) (EhSvc + Address), Size, PAGE_EX ECUTE_READWRITE, & OldProtect);
* (DWORD *) (EhSvc + Address) = Size2;
/ / * (Int *) (EhSvc + Address) = Size;
)
CopyModules void (void)
(
Long EhSvc = (long) GetModuleHandleA ("EhSvc.dll");
/ / Self CRC checks
MEMwrite ((void *) (EhSvc x0FF28 +0), (void *) (PBYTE) "\ xB8 \ x01 \ x00 \ x00 \ x00", 5);
/ / Anti-asm game client scans
MEMwrite ((void *) (EhSvc x1BC28 +0), (void *) (PBYTE) "\ x90 \ x90", 2);
// Unhook dip & sss 8
MEMwrite ((void *) (EhSvc x650A5 +0), (void *) (PBYTE) "\ xEB", 1);
MEMwrite ((void *) (EhSvc x650CF +0), (void *) (PBYTE) "\ xEB", 1);
/ / Etc code to check jump
MEMwrite ((void *) (EhSvc +0 x66931), (void *) (PBYTE) "\ xEB", 1);
MEMwrite ((void *) (EhSvc x66B79 +0), (void *) (PBYTE) "\ xEB", 1);
/ / Anti restore page
MEMwrite ((void *) (EhSvc x5F80E +0), (void *) (PBYTE) "\ xEB", 1);
MEMwrite ((void *) (EhSvc x5F784 +0), (the void *) (PBYTE) "\ xEB ", 1);
/ / Processscan, play eagle-detect process callbacks, for cheat engine
MEMwrite ((void *) (EhSvc x54A14 +0), (void *) (PBYTE) "\ xE9 \ x7E \ x0A \ x00 \ x00", 5);
/ / Nano-detect objects
MEMwrite ((void *) (EhSvc x2411B +0), (void *) (PBYTE) "\ xEB", 1);
MEMwrite ((void *) (EhSvc +0 x24265), (void *) (PBYTE) "\ xEB", 1);
MEMwrite ((void *) (EhSvc x2435F +0), (void *) (PBYTE) "\ X31", 1);
MEMwrite ((void *) (EhSvc +0 x22556), (void *) (PBYTE) "\ X31", 1);
MEMwrite ((void *) (EhSvc +0 x26171), (void *) (PBYTE) "\ X31", 1);
MEMwrite ((void *) (EhSvc +0 x25618), (void *) (PBYTE) "\ xEB", 1);
MEMwrite ((void *) (EhSvc x2572C +0), (void *) (PBYTE) "\ xEB", 1);
MEMwrite ((void *) (EhSvc x25ADB +0), (void *) (PBYTE) "\ xEB", 1);
int EhPtr = 0x0D0F40;
NewDetourhs ((EhPtr-0x44), 0x8, 4);
NewDetourhs ((EhPtr-0x40), 0x8, 4);
NewDetourhs ((EhPtr-0x20), 0x8, 4);
NewDetourhs (0x0D13F8, 0x8, 4);
NewDetourhs (0x0CD5F8, 0x8, 4);
NewDetourhs (0x0C7570, 0x8, 4);
NewDetourhs (0x0C7754, 0x8, 4);
NewDetourhs (0x0CED40, 0x8, 4);
NewDetourhs (0x0C7739, 0x8, 4);
NewDetourhs (0x0D2E08, 0x8, 4);
NewDetourhs (0x0C7758, 0x8, 4);
NewDetourhs (0x0C62F8, 0x8, 4);
NewDetourhs (0x0C7715, 0x8, 4);
NewDetourhs (0x0D0F40, 0x8, 4);
NewDetourhs (0x0C7719, 0x8, 4);
NewDetourhs (0x0D2E40, 0x8, 4);
NewDetourhs (0x0C62F8, 0x8, 4);
NewDetourhs (0x0CD8FC, 0x8, 4);
NewDetourhs (0x0CD5F8, 0x8, 4);
NewDetourhs (0x0D3DF1, 0x8, 4);
)
void loop (void)
(
for (;;)
(
Long EhSvc = (long) GetModuleHandleA ("EhSvc.dll");
if (EhSvc! = 0)
(
CopyModules ();
)
Sleep (20);
)
)
Then create a function to call the Anti-HS:
CreateThread (NULL, NULL, (LPTHREAD_START_ROUTINE) Loop, NULL, NULL, NULL);
After that compile
0 comentarios:
Publicar un comentario