Pattern Scan

Pattern Scan of Dip Engine can anyone give?

There's no need for DIP Engine. Just hook D3D DIP.

Do a midfunction hook after the first 5 bytes.

Originally Posted by Flengo

There's no need for DIP Engine. Just hook D3D DIP.

Do a midfunction hook after the first 5 bytes.

Or you can look into hotpatch hooking, its a feature windows implemented to allow patching executables without restarting.

The hot patch nops are the first place any decent anti hack software looks, I am sure Hack shield would scan there if they are scanning the functions entry point. there is 6 bytes allocated just before the entry of the function these are normally nops 0x90 then on the function export table it will be the original address - 6 bytes, when this function is called with the new address there is normally a patch which jumps to another function, it goes something like that... it was years ago I played with microsoft hot patch area because its normally the first thing checked in any good hack detection software

Originally Posted by Departure

The hot patch nops are the first place any decent anti hack software looks, I am sure Hack shield would scan there if they are scanning the functions entry point. there is 6 bytes allocated just before the entry of the function these are normally nops 0x90 then on the function export table it will be the original address - 6 bytes, when this function is called with the new address there is normally a patch which jumps to another function, it goes something like that... it was years ago I played with microsoft hot patch area because its normally the first thing checked in any good hack detection software

Believe it or not, as of several patches ago (I haven't checked since), hotpatch hooking worked perfectly for DrawIndexedPrimitive :P

close please

Nexon doesn't really do shit.

I'll try it out. But I'm pretty sure it should still be working.

It wouldn't stand a chance against any real Anti-Hack programs.

Not sure if it's right but try this.

Code:

PATTERN: "\x8B\x08\x8B\x91\x48\x01\x00\x00\xFF\xD2\x8B\xE5\x5D\xC2\x14\x00"
MASK: "xxxxxxxxxxxxxxxx"

Search in Engine of course.

Well you can use the vtable 82 Dip not use any type of address and parese that undetectable

Originally Posted by demtrios

Well you can use the vtable 82 Dip not use any type of address and parese that undetectable

A normal vtable hook on 82 with ms detours (or any other detours) is detected :/

Originally Posted by Ch40zz-C0d3r

A normal vtable hook on 82 with ms detours (or any other detours) is detected :/

Yes mine is working perfectly

use Vtable
with modified "Clarkie detours"
works like a charm

Pattern Scan

Post a Reply

Similar Threads

Tags for this Thread