Hackshield Paths And Dir Info

[UnknownPK 0]

Right First Off NOT TESTED On Another Computer So Not 100% Sure if these offsets will change with another computer so please test but sure it sould i no its nothing MUCH but its somthing So here you go make sure you reply

 

BTW HSF = Hackshield Full With This it Will Tell You What It Is Like USERNAME=UnknownPK Without UnknownPK

struct CHShieldDir
{
BYTE padding[0x4];				//0x0000
	DWORD unknownstruct;		//0x0004
char unknown[1212];				//0x0008
	char ghbystem[18];			//0x04C4
BYTE Padding2[0x5];				//0x04D6
	char CurrLang[9];			//0x04DB
char unknown1[156];				//0x04E4 
	char HSFAUserProfiles[16];	//0x0580
	char AUserProfilesPath[56];	//0x0590
	char HSFAPPData[8];			//0x05C8
	char APPDataPath[64];		//0x05D0
	char HSFClass[10];			//0x0610
	char ClassPath[62];			//0x061A
	char HSFCommonProFiles[19];	//0x0658
	char CommonProFiles[53];	//0x066B
	char HSFComputerName[13];	//0x06A0
	char ComputerName[27];		//0x06AD
	char HSFCompspec[8];		//0x06C8
	char Compspec[48];			//0x06D0
	char HSFDXSDK_Dir[10];		//0x0700
	char DXSDK_Dir[78];			//0x070A
	char FP_NO_Host_Check[17];	//0x0758
	char FP_NO_Host_Check_A[23];//0x0769
	char HSFHomeDrive[10];		//0x0780
	char HomeDrive[14];			//0x078A
	char HSFHomePath[9];		//0x0798
	char HomePath[47];			//0x07A1
	char HSFLogonServer[12];	//0x07D0 
	char LogonServer[28];		//0x07DC
	char HSFNumProcessors[21];	//0x07F8 
	char NumProcessors[19];		//0x080D
	char HSFOperatingSystem[2];	//0x0820
	char OperatingSystem[22];	//0x0823
	char HSFPaths[232];			//0x083D
	char HSFPATHExt[8];			//0x0920
	char PATHExt[64];			//0x0928 
	char HSFSystemBit[22];		//0x0968
	char SystemBit[18];			//0x097F 
	char HSFProcessorID[20];	//0x0990
	char ProcessorID[68];		//0x09A5
	char HSFProcessorLevel[16];	//0x09E8
	char ProcessorLevel[24];	//0x09F8
	char HSFProcessorRevis[19];	//0x0A10
	char ProcessorRevis[21];	//0x0A23
	char HSFProgramFiles[13];	//0x0A38
	char ProgramFiles[27];		//0x0A45 
	char HSFModulePath[12];		//0x0A60
	char ModulePath[76];		//0x0A6D
	char HSFQTJava[7];			//0x0AB8
	char QTJava[65];			//0x0ABF
	char HSFSessionName[12];	//0x0B00
	char SessionName[28];		//0x0B0C
	char HSFSystemDrive[12];	//0x0B28
	char SystemDrive[12];		//0x0B34
	char HSFSystemRoot[11];		//0x0B40
	char SystemRoot[29];		//0x0B4B
	char HSFTempFiles[5];		//0x0B68
	char TempFiles[51];			//0x0B6D
	char HSFTmpFiles[4];		//0x0BA0
	char TmpFiles[52];			//0x0BA4
	char HSFUserDomain[11];		//0x0BD8
	char UserDomain[29];		//0x0BE3
	char HSFUserName[9];		//0x0C00
	char UserName[31];			//0x0C09
	char HSFUserProfile[12];	//0x0C28
	char UserProfile[44];		//0x0C34
	char HSFVSComonTools[14];	//0x0C60
	char UserProfile1[74];		//0x0C6E
	char HSFWinDir[7];			//0x0CB8
	char WinDir[34];			//0x0CBF
char unknown4[3971];			//0x0CE1
	char User32DLL[10];			//0x1C64
char unknown5[10];				//0x1C6E
	char D3D9DLLPath[40];		//0x1C78
char unknown6[124];				//0x1CA0
	char TempCRCFile[100];		//0x1D1C
char unknown7[468];				//0x1D80
	char TempCRCFile2[100];		//0x1F54
char unknown8[604];				//0x1FB8
	char TempCRCFile3[100];		//0x2214
char unknown9[468];				//0x2278
	char TempCRCFile4[100];		//0x244C
char unknown10[440];			//0x24B0
	char EHSvcDLLPath[61];		//0x2668
char unknown11[39];				//0x26A5
	char TempCRCFile5[100];		//0x26CC
char unknown12[468];			//0x2730
	char TempCRCFile6[100];		//0x2904
};//0x2968(10600);

 

THIS STRUCT ABOVE WAS BUILD BY UNKNOWNPK AND I DIDNT COPY AND PASTE FROM ANY WHERE USING IT OR POSTING ON ANOTHER SITE CREDITS ME!

 

How To Use!

	DWORD dwEhsvc = (DWORD)GetModuleHandle("Ehsvc.dll");
if(dwEhsvc)
{
	DWORD dwPointer = *(DWORD*)(dwEhsvc +0xEA7A0);//currently up to date with hackshield version 5.4.5.64
	if(dwPointer)
	{
		CHShieldDir *g_pData = (CHShieldDir*)dwPointer;
		if(g_pData)
		{
			//this will log the EHSVC Path 
			add_log("%s",g_pData->EHSvcDLLPath);
		}
	}
}

 

Here What All The Sturct Above Logs!

System\WarRock.exe

ENG

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\UnknownPK\Application Data

CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=HOMEUSE-38C1F15

ComSpec=C:\WINDOWS\system32\cmd.exe

DXSDK_DIR=C:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\UnknownPK

LOGONSERVER=\\HOMEUSE-38C1F15

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\Program Files\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program Files\QT Lite\Q*Zensored*tem;C:\Program Files\QuickTime\Q*Zensored*tem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.paysafecard1

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 43 Stepping 1, AuthenticAMD

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=2b01

ProgramFiles=C:\Program Files

PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\

QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\UNKNOW~1\LOCALS~1\Temp

TMP=C:\DOCUME~1\UNKNOW~1\LOCALS~1\Temp

USERDOMAIN=HOMEUSE-38C1F15

USERNAME=UnknownPK

USERPROFILE=C:\Documents and Settings\UnknownPK

VS90COMNTOOLS=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\

windir=C:\WINDOWS

USER32.dll

C:\WINDOWS\system32\D3D9.DLL

C:\Program Files\GamersFirst\War Rock\Data\HShield\EHSVC.DLL

C:\DOCUME~1\UNKNOW~1\LOCALS~1\Temp\013e550c88f9.tmp

C:\DOCUME~1\UNKNOW~1\LOCALS~1\Temp\2672e2d91670.tmp

C:\DOCUME~1\UNKNOW~1\LOCALS~1\Temp\9baa70f0d3a1.tmp

C:\DOCUME~1\UNKNOW~1\LOCALS~1\Temp\ac9703bf6fed.tmp

C:\DOCUME~1\UNKNOW~1\LOCALS~1\Temp\e59780eab9c2.tmp

C:\DOCUME~1\UNKNOW~1\LOCALS~1\Temp\76221f4b89ce.tmp

GPU DLL: nv4_disp.dll

GPU Using NVIDIA GeForce 9800 GX2

Current FPS : 0.00

Screen X: 1024

Screen Y: 768

Edited January 8, 2011 by unknownpk

[NeoIII 5137]

nice release

[Nexo1337 0]

Ty, dude

[blonka 1]

good ;>

[ppd951 1]

.

[luchettoman 0]

very good!

[Brazzers 10]

Very nice, thank you for sharing this

[steny 0]

Thank you!