HackShield ByPass
// CRC Bypass
// Main detection bypass
// HackShield version 5.5.19.197
// BUT THIS SHOULD Works for any version !! just need to update address
Source Code #
DWORD BeginJMPBack;
void __cdecl SingleStepDetectionEHS ()
{
__asm cmp eax,0x10501
__asm jmp detectiondone1
__asm cmp esi,0x10705
__asm jmp detectiondone2
__asm cmp ecx,0x10703
__asm jmp detectiondone2
detectiondone1:
__asm mov eax,0
detectiondone2:
__asm mov esi,0
detectiondone3:
__asm mov ecx,0
__asm jmp dword ptr [BeginJMPBack];
}
int __stdcall DetouringHackShield ( DWORD Detail , DWORD CrcCheck )
{
DWORD dwEhSvc = 0;
do{
dwEhSvc = (DWORD)GetModuleHandle("EhSvc.dll");
Sleep(1000);
} while(!dwEhSvc)
BeginJMPBack(dwEhSvc+0x71936);
DetourCreate((PBYTE)(dwEhSvc+0x71691),(LPBYTE)SingleStepDetectionEHS,5);
__asm
{
push eax
push edx
mov eax,CrcCheck
mov edx,[eax+0xC]
mov Details,edx
pop edx
pop eax
}
if ( CrcCheck == 0x12 && Detail == 0x0A )
{
MemWrite((void*)dwEhSvc+0x09F10)(void*)"\xC2\x04\x00",3);
}
return (1);
}
Usage :
DetouringHackShield ( 0x12, 0x0A );
Credits and Sources #
iwanttolearn
UC
AnonymousHex™ For posting here
![[UPDATED] Hackshield Bypass Welcom10](https://i.servimg.com/u/f17/17/95/78/23/welcom10.gif)
![[UPDATED] Hackshield Bypass Icon_minitime](https://2img.net/i/fa/icon_minitime.gif){kind=icon}
Tue Dec 18, 2012 3:42 am
