Jump to content
Welcome, Guest
Existing user? Sign In

Sign In



Sign Up
The MatriX
  • Welcome To Ghbsys
  • CS GO Streaming Version is released. Have fun streaming while cheating!
  • Have a Payment Issue? Send us a Support ticket.
  • Make a thread if you need support or join our discord for live support.
  • Have Suggestions? Make a thread and you'll earn Ghbsys Points for implemented suggestions.
  • Join our discord to stay well connected! Don't forget to integrate your discord to the site

  • Welcome to [GHB] - GAmEhAcKbAsTaRdS Forum

    Welcome to [GHB] - GAmEhAcKbAsTaRdS Forum, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be apart of [GHB] - GAmEhAcKbAsTaRdS Forum by signing in or creating an account.
    • Start new topics and reply to others
    • Subscribe to topics and forums to get email updates
    • Get your own profile page and make new friends
    • Send personal messages to other members.

    Guest Message by DevFuse

    { WarRock } VMT Hook + HackShield ByPass ( Credit To Biene Maja ), Undetected till 11 December 2012

    pertl123

    By pertl123,
    in C and C++

     Share

    Recommended Posts

    pertl123

    pertl123 0

    Posted
    Posted (edited)

    Biene Maja Says on official forum : Foreword

     

    This was an hook from gordon of combat arms

    So I thank Gordon.

     

    I re updated the hook for warrock, and I also added the bypass (because this is now very difficult hook in warrock in simple way) so then i decided to use my driver for hackshield for using a debugger , to check how hackshield is detecting working for the VMT HackShield Hook.

    Then I found the solution and I decided to post it public

     

    Tools Used OLLYDBG + BreakPoint ,

     

    #define ADR_DevicePTR                0x9EB494
#define OFS_DevicePTR               0x02B930

DWORD HSDevicePointer1;


       HRESULT   __stdcall nReset    (  LPDIRECT3DDEVICE9 pDevice, D3DPRESENT_PARAMETERS* pPresentationParameters );
typedef HRESULT ( APIENTRY* Reset_t ) (  LPDIRECT3DDEVICE9 pDevice, D3DPRESENT_PARAMETERS* pPresentationParameters );
                         Reset_t     pReset;

HRESULT __stdcall nReset ( LPDIRECT3DDEVICE9 pDevice,D3DPRESENT_PARAMETERS* pPresentationParameters )
{
   _asm PUSHAD;



       _asm POPAD;

      return pReset(pDevice, pPresentationParameters);
}

       HRESULT   __stdcall nPresent   (  LPDIRECT3DDEVICE9 pDevice,CONST RECT* pSourceRect,CONST RECT* pDestRect,HWND hDestWindowOverride,CONST RGNDATA* pDirtyRegion );
typedef HRESULT ( APIENTRY* Present_t )(  LPDIRECT3DDEVICE9 pDevice,CONST RECT* pSourceRect,CONST RECT* pDestRect,HWND hDestWindowOverride,CONST RGNDATA* pDirtyRegion );
                         Present_t   pPresent;

HRESULT __stdcall nPresent( LPDIRECT3DDEVICE9 pDevice,CONST RECT* pSourceRect,CONST RECT* pDestRect,HWND hDestWindowOverride,CONST RGNDATA* pDirtyRegion )
{        
   _asm PUSHAD;


   _asm POPAD;

   return pPresent (pDevice, pSourceRect, pDestRect, hDestWindowOverride, pDirtyRegion);
}


       HRESULT   __stdcall  nDrawIndexedPrimitive    (  LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE pType D3DparamX ,UINT nMinIndex, UINT nNumVertices, UINT nStartIndex, UINT nPrimitiveCount );
typedef HRESULT ( APIENTRY* DrawIndexedPrimitive_t ) (  LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE pType D3DparamX ,UINT nMinIndex, UINT nNumVertices, UINT nStartIndex, UINT nPrimitiveCount );
                         DrawIndexedPrimitive_t     pDrawIndexedPrimitive;


HRESULT __stdcall nDrawIndexedPrimitive ( LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE pType D3DparamX ,UINT nMinIndex, UINT nNumVertices, UINT nStartIndex, UINT nPrimitiveCount )
{
              _asm PUSHAD;

 LPDIRECT3DVERTEXBUFFER9 Stream_Data;
 UINT Offset = 0;
 UINT Stride = 0;

 if ( pDevice->GetStreamSource ( 0, &Stream_Data, &Offset, &Stride ) == D3D_OK )
 Stream_Data->Release();

               // Your Chams or WallHack Code


              _asm POPAD;

   return pDrawIndexedPrimitive(pDevice,pType D3DparamvalX,nMinIndex,nNumVertices,nStartIndex,nPrimitiveCount);
}



DWORD WarRockDevice  (int index)
{
       if ( !ADR_DevicePTR) return 0;
       DWORD dwBla1 = *(DWORD*)ADR_DevicePTR;
       if(!dwBla1) return 0;

       DWORD dwBla2 = *(DWORD*)(dwBla1 + OFS_DevicePTR );
       if(!dwBla2) return 0;
       dwBla2 = *(DWORD*)dwBla2;

       if(!dwBla2) return 0;
       return dwBla2 + ( 4*index );
}

DWORD GetRestoringFromHackShield ( int index )
{
   DWORD dwVA = HSDevicePointer1;
   if(IsBadReadPtr((void*)dwVA, 4)) return 0;
   dwVA = *(DWORD*)dwVA;

   if(!dwVA || IsBadReadPtr((void*)dwVA, 0x200)) return 0;
   return dwVA + (4*index);
}

#define VMTInitiliazing (name, index)\
   DWORD dw##name##1 = WarRockDevice (index);\
   if(*(DWORD*)dw##name##1 != (DWORD)&n##name && dw##name##1 != NULL)\
{\
    p##name = (name##_t) *(DWORD*)dw##name##1;\
   *(DWORD*)dw##name##1 = (DWORD)&n##name;\
       *(DWORD*)GetRestoringFromHackShield(index) = (DWORD)&n##name;\
}


void KeepVMTUndetected (void)
{
   DWORD hEhSvc = (DWORD)GetModuleHandle("EhSvc.dll");
   if ( hEhSvc !=0 )
   {
               HSDevicePointer1 = (hEhSvc+0x105738);

           while(1)
           {

               *(int*)(hEhSvc+0x1056e4) =1;


                        Sleep(30);
           }
   }
}


int __stdcall InitializateHooks ( void )
{

                        while( !GetModuleHandle("d3d9.dll") || !GetModuleHandle("EhSvc.dll") )
            Sleep(300);

                        CreateThread(0,0,(LPTHREAD_START_ROUTINE)KeepVMTUndetected,0,0,0);

            bool bValid = false;
            while(true)
            {
                bValid = WarRockDevice(0) > 0;
                if( bValid )
                {
                    VMTInitiliazing( Reset, 16 );
                    VMTInitiliazing( Present, 17 );
                    VMTInitiliazing( DrawIndexedPrimitive, 82 );
                }  
                    Sleep(300);
            }
        return (0);
}


CreateThread(0,0,(LPTHREAD_START_ROUTINE)InitializateHooks,0,0,0);// In DLL Main

     

    Thank you Gordon for your inspiration to this Hook..

     

     

    Also Guys Keep Credit To :

    Gordon

    UnknownPK

    Edited by Neo I.I.I
    Link to comment
    Share on other sites
    Guest
    This topic is now closed to further replies.
     Share
    Go to topic listing

    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...