[TUT]Writing A Bypass For Any Game

[D3m0ni4k 12]

[TUT]Writing A Bypass For Any Game

 

Well I got bored today and decided to post this tutorial.

Please note that this might not work for every program so don't flame.

 

If you use this or it helped you write anything else please provide credits.

 

For an Example, I will use WarRock, this method however can be adapted for any game.

This can of cource be used for any compare etc.

 

Requirements:

A basic knowledge of C++ and Assembly.

C++ compiler.

A brain(maybe)

 

First of all, open up WarRock.exe unpacked in olly or ida or w/e dissassembler/debugger you want.

Search for the "Hack Detected" String and jmp to the reference of that.

You should now see something like this:

Code:

___:004ADE7C push ebx

___:004ADE7D mov ecx, offset dword_22200D8

___:004ADE82 call sub_6126B0

___:004ADE87 mov eax, dword_C0BC98

___:004ADE8C cmp eax, ebx

___:004ADE8E jz short loc_4ADEA1

___:004ADE90 push esi

___:004ADE91 push 29Ah

___:004ADE96 lea ecx, [eax+36290h]

___:004ADE9C call sub_4459B0

___:004ADEA1

___:004ADEA1 loc_4ADEA1: ; CODE XREF: sub_4ADAF0+39Ej

___:004ADEA1 push 3E8h

___:004ADEA6 call sub_8B1993

___:004ADEAB mov ecx, dword_B2E6F8

___:004ADEB1 add esp, 4

___:004ADEB4 push ebx

___:004ADEB5 push offset aHackDetected ; "Hack Detected!"

___:004ADEBA push esi

___:004ADEBB push ecx

___:004ADEBC nop

___:004ADEBD call near ptr 7E3A07EAh

___:004ADEC2 push esi

___:004ADEC3 call sub_8ADBE1

___:004ADEC8 add esp, 4

___:004ADECB

___:004ADECB loc_4ADECB: ; CODE XREF: sub_4ADAF0+36Ej

___:004ADECB ; sub_4ADAF0+38Aj

___:004ADECB call sub_4AD960

___:004ADED0 call sub_648390

___:004ADED5 call sub_431070

___:004ADEDA mov byte_F521D8, 1

___:004ADEE1

___:004ADEE1 loc_4ADEE1: ; CODE XREF: sub_4ADAF0+4Ej

___:004ADEE1 ; sub_4ADAF0+7Bj

___:004ADEE1 mov ecx, [esp+548h+var_94]

___:004ADEE8 xor eax, eax

___:004ADEEA call sub_8AD85B

___:004ADEEF pop edi

___:004ADEF0 pop esi

___:004ADEF1 pop ebx

___:004ADEF2 mov esp, ebp

___:004ADEF4 pop ebp

___:004ADEF5 retn 10h

___:

___:004ADEF5 sub_4ADAF0 endp

 

Now look at what happens at 004ADE8E, it jmps to the "Hack Detected" msg if the previous compare was equal. Well we can't have that can we? Because when Hackshield detects a hack, it sends a message with the title "Hack Detected", and closes the game.

So to stop this, we are going to edit that compare so that its never equal.

 

Let's start off with the origional function

 

Code:

cmp eax, ebx

 

Now we are going to add a conditional jmp to this so that it jmps to our new function whenever it is equal.

 

Code:

cmp eax, ebx

jz check

 

Now, let's add our function and make it work so that each register always has a different value than the other, and then compare it.

 

 

Code:

cmp eax, ebx

jz check

check:

mov eax, 1

mov ebx, 0

cmp eax, ebx

 

Our code should now work, however, since we are using a C++ compiler, it wont recognise pure asm, so we need to tell it that it's asm.

So, we need to change our code to this:

 

 

Code:

__declspec (naked) void EditCompare()

{

__asm{

 

cmp eax, ebx

jz check

check:

mov eax, 1

mov ebx, 0

cmp eax, ebx

}

}

 

 

Hopefully you usderstood what I did there. First, I declared our function's name, and what kind of function it is. Secondly, I added __asm which tells the compiler that between the next two curly braces, there would be assembly code.

 

There we go, That's our function written!

Now all that's left is to detour it and we are done.

 

So now we need to put this in dll main:

 

 

Code:

DetourFunction(( BYTE* )0x4ADE8E,( BYTE* )EditCompare);

 

And that's it! I hope you understood my tutorial. If you didn't then I suggest you take a closer look at the languages of asm and C++.

 

I hope you enjoyed it^^

Please comment on my tutorial and say if I missed anything.

Oh, and if you leach this, you give me permission to cockslap you and your family.

 

Credits:

Artic66

Krzychukknd

[tom@ha123 0]

Bro your the greatest .I have wanting to learn this for a long time