Guide Anticheat XTrap Bypass Source Codes

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,380
78,998
2,414
Game Name
N/A
Anticheat
XTrap
How long you been coding/hacking?
5 Years
Coding Language
C++ masterrace
Introduction - What Is XTrap

X-Trap
is an anti-cheating program created and maintained by WiseLogic, used in almost all CrossFire versions to prevent players from using hacking tools.
Like anti-virus programs, X-Trap is launched along with CrossFire and continue manipulating memories while CF is running to detect suspicious processes that try to interact with crossfire.exe. If something goes wrong, X-Trap will close CrossFire and give out an error message, telling players the possible reasons and general suggestions to fix it. Accessing process viewers, like Task Manager, is also counted as suspicious activities (This is X-Trap's self-defense module to avoid being "killed").

1580933969238.png


Though not as effective as many people think, X-Trap is actually better at detecting and blocking hack tools, some that GameGuard can't detect which was the previous anti-cheat program for CrossFire. Naturally, hack tools are updated faster than X-Trap because hackers are everywhere, and they have more resources and have more time, while WiseLogic must work on updating their X-Trap for every publisher, so X-Trap often falls behind when coming to updates. However, X-Trap is still a necessary tool to help protecting CF against popular and public hacks, which many people may use for free.
  • To date, CF China, CF North America, CF Brazil and CF Japan does not use X-Trap. CF Japan utilizes Game Guard, CrossFire North America, CF Brazil and CF Español use XIGNCODE3 while CF China has its own anti-cheating program called Tencent Protect, which works similar to GameGuard, but acts much more effective, due to in-game file checking. This process requires powerful computers however, so players with decent PCs may have to wait a bit long before the game is loaded.
  • In January 2017, CF Brazil changed their anti-cheat from X-Trap to XignCode.
  • In March 2017, CF Español changed their anti-cheat from X-Trap to XignCode.
  • X-Trap can only be run on a computer's administrator account, so it is not possible to play CrossFire in Guest accounts or Standard users' accounts.
  • Recent patches in CF Vietnam has X-Trap blacklisted almost all of the auto-clicker programs. This is done to counter event farming, as lots of people have been using auto-clickers to hang in room during events that requires playing a certain amount of times to receive prizes.
  • In Feb 2020, CF Philippines changed their anti-cheat from X-Trap to XignCode.
Other games that use XTrap: Cabal Online, Granado Espada, Tower Alliance Online, Priston Tale
XTrap has many false positives, it will block anything that tries to touch the game process including Process Explorer and other tools.

XTrap Source Code
The XTrap Source code was leaked in 2012 and can be found in the attachments below

XTrap Bypass
Before you try to bypass XTrap you need to learn about anticheat:
https://guidedhacking.com/threads/how-to-get-started-with-anticheat-bypass.9882/

S4League Old Outdated Bypass
available in the attachments

Various Bypasses

Bypass 1

C++:
DWORD XTrapDriver = 0x40A20840;

int ThreadDetection()
{
    DWORD oldprotect = 0;
    DWORD K32EnumAddr = (DWORD)GetProcAddress(LoadLibraryA("Kernel32.dll"), "K32EnumProcesses");
    VirtualProtect((LPVOID)K32EnumAddr, sizeof(K32EnumAddr), PAGE_EXECUTE_READWRITE, &oldprotect);
    memcpy((LPVOID)K32EnumAddr, (LPVOID)"\xEB\xFE", 2);
    return 0;
}

void Bypass(void*)
{
    while (1)
    {
      DWORD XTrap = (DWORD)GetModuleHandle("XTrapVa.dll");  // get XTrap base address
      HMODULE hwd = GetModuleHandle(TEXT("XTrapVa.dll"));
        if (hwd)// wait XTrapVa.dll
        {
            Sleep(500);
            sHook = (xHook)DetourFunction((PBYTE)XTrapDriver, (PBYTE)Hook);// Hook
            wmemcpy((wchar_t*)sHook, L"X6va02", 6);
            ThreadDetection(); // Call ThreadDetection
            MessageBoxA(NULL, "XTrap Bypass Successful", "Notice", MB_ICONINFORMATION);
            break;
        }
    }
}

BOOL __stdcall Hook() // Hook
{
    return TRUE;
}


BOOL APIENTRY DllMain(HMODULE hModule,DWORD  ul_reason_for_call,LPVOID lpReserved)
{
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
        CreateThread(0, 0, (LPTHREAD_START_ROUTINE)Bypass, 0, 0, 0);
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}
Bypass 2
Code:
Module Hook

#Region "Access"
    'Setting some privileges.
    Const PROCESS_ALL_ACCESS = &H1F0FF

    Public Enum ThreadAccess As Integer
        TERMINATE = (&H1)
        SUSPEND_RESUME = (&H2)
        GET_CONTEXT = (&H8)
        SET_CONTEXT = (&H10)
        SET_INFORMATION = (&H20)
        QUERY_INFORMATION = (&H40)
        SET_THREAD_TOKEN = (&H80)
        IMPERSONATE = (&H100)
        DIRECT_IMPERSONATION = (&H200)
    End Enum
#End Region

#Region "Functions"
    Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Integer, ByVal bInheritHandle As Integer, ByVal dwProcessId As Integer) As Integer

    'Functions that will allow us to write/read process memory.
    Public Declare Function WriteProcessMemory1 Lib "kernel32" Alias "WriteProcessMemory" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByRef lpBuffer As Integer, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Integer
    Public Declare Function ReadProcessMemory1 Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByRef lpBuffer As Integer, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Integer

    'Functions to suspend/resume the process.
    Public Declare Function OpenThread Lib "kernel32.dll" (ByVal dwDesiredAccess As ThreadAccess, ByVal bInheritHandle As Boolean, ByVal dwThreadId As UInteger) As IntPtr
    Public Declare Function SuspendThread Lib "kernel32.dll" (ByVal hThread As IntPtr) As UInteger
    Public Declare Function ResumeThread Lib "kernel32.dll" (ByVal hThread As IntPtr) As UInteger
    Public Declare Function CloseHandle Lib "kernel32.dll" (ByVal hHandle As IntPtr) As Boolean
#End Region

#Region "Suspend/Resume"
    'Some functions that allow us to suspend/resume the process.
    Public Function SuspendProcess(ByVal nProcess As System.Diagnostics.Process)
        For Each t As ProcessThread In nProcess.Threads
            Dim th As IntPtr

            th = OpenThread(ThreadAccess.SUSPEND_RESUME, False, t.Id)

            If th <> IntPtr.Zero Then
                SuspendThread(th)
                CloseHandle(th)
            End If
        Next
    End Function

    Public Function ResumeProcess(ByVal nProcess As System.Diagnostics.Process)
        For Each t As ProcessThread In nProcess.Threads
            Dim th As IntPtr

            th = OpenThread(ThreadAccess.SUSPEND_RESUME, False, t.Id)

            If th <> IntPtr.Zero Then
                ResumeThread(th)
                CloseHandle(th)
            End If
        Next
    End Function
#End Region

#Region "Memory"
    Public Function GetMemoryAddress(ByVal nProcess As String, ByVal nBaseAddress As Integer, ByVal nOffsets As Integer(), ByVal nLevel As Integer, Optional ByVal nSize As Integer = 4) As Integer
        Dim nAddress As Integer = nBaseAddress

        For i As Integer = 1 To nLevel
            nAddress = ReadInteger(nProcess, nAddress, nSize) + nOffsets(i - 1)
        Next

        Return nAddress
    End Function

    Public Function ReadInteger(ByVal nProcess As String, ByVal nAddress As Integer, Optional ByVal nSize As Integer = 4) As Integer
        If nProcess.EndsWith(".exe") Then
            nProcess = nProcess.Replace(".exe", Nothing)
        End If

        Dim ProcessHandle As Process() = Process.GetProcessesByName(nProcess)

        If Not ProcessHandle.Count = 1 Then
            Exit Function
        End If

        Dim hProcess As IntPtr = OpenProcess(PROCESS_ALL_ACCESS, 0, ProcessHandle(0).Id)

        If hProcess = IntPtr.Zero Then
            Exit Function
        End If

        Dim hAddress As Integer
        Dim vBuffer As Integer
        hAddress = nAddress

        ReadProcessMemory1(hProcess, hAddress, vBuffer, nSize, 0)

        Return vBuffer
    End Function

    Public Function DefineBytes(ByVal nProcess As String, ByVal nAddress As Integer, ByVal nValue As String)
        If nProcess.EndsWith(".exe") Then
            nProcess = nProcess.Replace(".exe", Nothing)
        End If

        If nValue.Contains(" ") Then
            nValue = nValue.Replace(" ", Nothing)
        End If

        Dim ProcessHandle As Process() = Process.GetProcessesByName(nProcess)

        If ProcessHandle.Length = 0 Then
            Exit Function
        End If

        Dim hProcess As IntPtr = OpenProcess(PROCESS_ALL_ACCESS, 0, ProcessHandle(0).Id)

        If hProcess = IntPtr.Zero Then
            Exit Function
        End If

        Dim C As Integer
        Dim B As Integer
        Dim D As Integer
        Dim V As Byte

        B = 0
        D = 1
        For C = 1 To Math****und((Len(nValue) / 2))
            V = Val("&H" & Mid$(nValue, D, 2))
            Call WriteProcessMemory1(hProcess, nAddress + B, V, 1, 0&)
            B = B + 1
            D = D + 2
        Next C
    End Function
#End Region

#Region "Message(s)"
    'Some defines.
    Dim Credits As String = ("This bypass was created by Papulatus, happy hacking! ^^") REM: You could just leech this bypass, but I would appreciate it if you credit me :).
    Dim Bit32 As String = ("This bypass doesn't support 32-Bit!") REM: Disappoint some 32-Bit users.
    Dim SearchFailed As String = ("Couldn't find the MicroVolts directory, please put this application in the 'Bin' folder of MicroVolts!") REM: Message to display if we couldn't find the MicroVolts directory.
#End Region

#Region "Required addresses"
    'The addresses we'll need to bypass XTrap.
    Dim GetProcAddress As Integer
    Dim ReadProcessMemory As Integer
    Dim XTrapDriver As Integer
#End Region

#Region "Timer(s)"
    Dim MainTMR As New System.Timers.Timer REM: Timer to do some important stuff.
#End Region

#Region "Main" REM: Our main.
    Sub Main()
        'Timer settings:
        MainTMR.AutoReset = True
        MainTMR.Interval = 1
        AddHandler MainTMR.Elapsed, AddressOf MainTMR_Tick

        If Environment.Is64BitOperatin****tem = False Then REM: Detect 32-Bit users.
            Console.WriteLine(Bit32)
        Else
            If My.Computer.FileSystem.CurrentDirectory.Contains("\MicroVolts\Bin") Then REM: Check if the application is in the 'Bin' folder of MicroVolts.
                Console.WriteLine(Credits)
                My.Computer.FileSystem.CurrentDirectory = My.Computer.FileSystem.CurrentDirectory.Replace("\Bin", Nothing) REM: Set current directory.
                Process.Start("Bin\MicroVolts.exe")
                MainTMR.Start()
            Else
                If My.Computer.FileSystem.DirectoryExists("C:\Program Files\MicroVolts\") Then
                    Console.WriteLine(Credits)
                    My.Computer.FileSystem.CurrentDirectory = ("C:\Program Files\MicroVolts\") REM: Set current directory.
                    Process.Start("Bin\MicroVolts.exe")
                    MainTMR.Start()
                ElseIf My.Computer.FileSystem.DirectoryExists("C:\Program Files (x86)\MicroVolts\") Then
                    Console.WriteLine(Credits)
                    My.Computer.FileSystem.CurrentDirectory = ("C:\Program Files (x86)\MicroVolts\") REM: Set current directory.
                    Process.Start("Bin\MicroVolts.exe")
                    MainTMR.Start()
                ElseIf My.Computer.FileSystem.DirectoryExists("C:\Archivos de Programa\MicroVolts\") Then
                    Console.WriteLine(Credits)
                    My.Computer.FileSystem.CurrentDirectory = ("C:\Archivos de Programa\MicroVolts\") REM: Set current directory.
                    Process.Start("Bin\MicroVolts.exe")
                    MainTMR.Start()
                ElseIf My.Computer.FileSystem.DirectoryExists("C:\Archivos de Programa (x86)\MicroVolts\") Then
                    Console.WriteLine(Credits)
                    My.Computer.FileSystem.CurrentDirectory = ("C:\Archivos de Programa (x86)\MicroVolts\") REM: Set current directory.
                    Process.Start("Bin\MicroVolts.exe")
                    MainTMR.Start()
                ElseIf My.Computer.FileSystem.DirectoryExists("C:\MicroVolts\") Then
                    Console.WriteLine(Credits)
                    My.Computer.FileSystem.CurrentDirectory = ("C:\MicroVolts\") REM: Set current directory.
                    Process.Start("Bin\MicroVolts.exe")
                    MainTMR.Start()
                ElseIf My.Computer.FileSystem.DirectoryExists("D:\MicroVolts\") Then
                    Console.WriteLine(Credits)
                    My.Computer.FileSystem.CurrentDirectory = ("D:\MicroVolts\") REM: Set current directory.
                    Process.Start("Bin\MicroVolts.exe")
                    MainTMR.Start()
                ElseIf My.Computer.FileSystem.DirectoryExists("D:\Program Files\MicroVolts\") Then
                    Console.WriteLine(Credits)
                    My.Computer.FileSystem.CurrentDirectory = ("D:\Program Files\MicroVolts\") REM: Set current directory.
                    Process.Start("Bin\MicroVolts.exe")
                    MainTMR.Start()
                ElseIf My.Computer.FileSystem.DirectoryExists("D:\Program Files (x86)\MicroVolts\") Then
                    Console.WriteLine(Credits)
                    My.Computer.FileSystem.CurrentDirectory = ("D:\Program Files (x86)\MicroVolts\") REM: Set current directory.
                    Process.Start("Bin\MicroVolts.exe")
                    MainTMR.Start()
                ElseIf My.Computer.FileSystem.DirectoryExists("D:\Archivos de Programa\MicroVolts\") Then
                    Console.WriteLine(Credits)
                    My.Computer.FileSystem.CurrentDirectory = ("D:\Archivos de Programa\MicroVolts\") REM: Set current directory.
                    Process.Start("Bin\MicroVolts.exe")
                    MainTMR.Start()
                ElseIf My.Computer.FileSystem.DirectoryExists("D:\Archivos de Programa (x86)\MicroVolts\") Then
                    Console.WriteLine(Credits)
                    My.Computer.FileSystem.CurrentDirectory = ("D:\Archivos de Programa (x86)\MicroVolts\") REM: Set current directory.
                    Process.Start("Bin\MicroVolts.exe")
                    MainTMR.Start()
                Else
                    Console.WriteLine(SearchFailed)
                End If
            End If
        End If

        Do Until Console.Title = (Nothing) REM: A simple infinite loop to keep the console stay open.
            Console.ReadKey()
        Loop
    End Sub

    Private Sub MainTMR_Tick(ByVal sender As Object, ByVal e As System.Timers.ElapsedEventArgs)
        Dim MV() As Process = Process.GetProcessesByName("MicroVolts")
        Dim XT() As Process = Process.GetProcessesByName("XTrap.xt")

        GetProcAddress = GetMemoryAddress("MicroVolts", &HF5F0F0, {&H0}, 0, 4) REM: Grab MicroVolts' GetProcAddress function.
        ReadProcessMemory = ReadInteger("MicroVolts", GetProcAddress, 4) REM: Use MicroVolts' GetProcAddress function.
        XTrapDriver = GetMemoryAddress("MicroVolts", &H406BECD4, {&H0}, 0, 4) REM: Grab the XTrap driver.

        'You'll need this if you want to create BYPASSED multiclients.
        Dim MVIndex As Integer = MV.Count - 1
        Dim XTIndex As Integer = XT.Count - 1

        If XT.Count = MV.Count Then REM: Check if XTrap is running.
            'Begin the motherf*cking hook.
            SuspendProcess(MV(MVIndex))
            DefineBytes("MicroVolts", XTrapDriver, "6F 6C 6F 6C 6F 6C 6F") REM: F*cking up the XTrap driver.
            DefineBytes("MicroVolts", ReadProcessMemory, "EB FE") REM: Send ReadProcessMemory to an infinite loop.
            ResumeProcess(MV(MVIndex)) REM: Enjoy the bypass ;).

            End REM: Close our handle.
        End If
    End Sub
#End Region

End Module
Bypass 3
C++:
/*
Anti TerminateProcess/ExitProcess Check

Description :
     XTrap check the first byte of TerminateProcess/ExitProcess
     if the byte is E9/C2 then XTrap returns true!

What we do :
     xor eax,eax // (so that eax = 0)
     retn
*/
copymemory((void*)(xtrap+0x2C940),(void*)"\x33\xC0\xC3",3);


/*
Anti TerminateProcess/ExitProcess

Description :
     XTrap Closes the process with TermanateProcess first
     if that fails it then trys ExitProcess
     so we just return so that nothing will close our process

What we do :
     return
*/
copymemory((void*)(xtrap+0x31800),(void*)"\xC3\x90\x90\x90\x90",5);


/*
Anti XTrap Message's

Description :
     XTrap likes to be rude and when we playing we get annoying message's
     like Please close program XXXXX so we just return the message kindly ;)

What we do :
     return 8
*/
copymemory((void*)(xtrap+0x388D0),(void*)"\xC2\x08\x00",3);
Driver Anti Xtrap by Firefox

C++:
/* Replace "dll.h" with the name of your header */
#define _WIN32_WINNT 0x0500
#include <windows.h>
#include <stdio.h>
#include <conio.h>
#include <tlhelp32.h>
#include <shlwapi.h>
#include <iostream>
#include <winioctl.h>

typedef LONG    NTSTATUS;
typedef NTSTATUS (WINAPI *pNtQIT)(HANDLE, LONG, PVOID, ULONG, PULONG);
#define STATUS_SUCCESS    ((NTSTATUS)0x000000000L)
#define ThreadQuerySetWin32StartAddress 9

unsigned char *call_terminateThread;

void config_ini();
int Sleeped;
char PATH_FILE_TMP[FILENAME_MAX];

void myTerminateThread()
{
asm("mov eax, %0 \n"
//"mov eax, dword ptr ds:[eax]\n"
//"add eax, 3\n"
//7C81CB3E   8BEC             MOV EBP,ESP

  "jmp eax" :: "d" (call_terminateThread)); //7C81CB3E   8BEC             MOV EBP,ESP
}

DWORD WINAPI GetThreadStartAddress(HANDLE hThread)
{
    NTSTATUS ntStatus;
    HANDLE hDupHandle;
    DWORD dwStartAddress;

    pNtQIT NtQueryInformationThread = (pNtQIT)GetProcAddress(GetModuleHandle("ntdll.dll"), "NtQueryInformationThread");
    if(NtQueryInformationThread == NULL) return 0;

    HANDLE hCurrentProcess = GetCurrentProcess();
    if(!DuplicateHandle(hCurrentProcess, hThread, hCurrentProcess, &hDupHandle, THREAD_QUERY_INFORMATION, FALSE, 0)){
        SetLastError(ERROR_ACCESS_DENIED);
        return 0;
    }
    ntStatus = NtQueryInformationThread(hDupHandle, ThreadQuerySetWin32StartAddress, &dwStartAddress, sizeof(DWORD), NULL);
    CloseHandle(hDupHandle);

    if(ntStatus != STATUS_SUCCESS) return 0;
    return dwStartAddress;
}

void CreateThreadFunction();
BOOL EnumThread(DWORD dwProcessId);

DWORD GetProcessID(const char* szExeName)
{
    PROCESSENTRY32 pe = { sizeof(PROCESSENTRY32) };
    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

    if(Process32First(hSnapshot, &pe))
        while(Process32Next(hSnapshot, &pe))
            if(!strcmp(pe.szExeFile, szExeName))
                return pe.th32ProcessID;

    return 0;
}

DWORD XTrapVa;

BOOL Teste = true;
HANDLE mInstance;

unsigned char buffer[3];

BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved)
{
     if(Teste)
     {
      mInstance = hInst;
      //config_ini();
      bool test = 0;
      //char buffer_msg[] = "\x6A\x00\x68\xB5\x95\xB8\x00\x68\xB5\x95\xB8\x00\xFF\x15\x60\x34\xCF\x00\xC3\x46\x69\x72\x65\x66\x6F\x78\x00";
      //test = WriteProcessMemory((void*)-1, (void*)0x00B895A2, buffer_msg, sizeof(buffer_msg), 0);
      //if(test == -1)
       //MessageBox(0, 0, 0, 0);
  
      MessageBox(0, "[Bypass XTrapGC] Criado por Firefox [PressEnter]", "Criado por Firefox [PressEnter]", 0);
      CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)CreateThreadFunction, NULL, 0, NULL);
      Teste = false;
     }
    /* Returns TRUE on success, FALSE on failure */
    return TRUE;
}

void config_ini()
{
int i;
char PATH_FILE[FILENAME_MAX];

GetModuleFileName((HINSTANCE)mInstance, PATH_FILE, FILENAME_MAX);

i = strlen(PATH_FILE);

for(i; i > 0; i--)
{
  if(PATH_FILE[i] == '\\')
  {
   break;
  }
}

strncpy(PATH_FILE_TMP, PATH_FILE, i+1);
PATH_FILE_TMP[i+1] = '\0';
strcat(PATH_FILE_TMP, "config.ini");

Sleeped = GetPrivateProfileInt("AntiXTrapbyFirefox", "Sleep", 25000, PATH_FILE_TMP);
}

HANDLE hProcess;
DWORD pID;

BOOLEAN testes = true;

FILE * pFile;

void CreateThreadFunction()
{
DWORD myPID = GetCurrentProcessId();
//HANDLE tprocess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, myPID);
DWORD address = (DWORD)GetProcAddress(GetModuleHandle("kernel32.dll"), "TerminateThread");
call_terminateThread = (unsigned char*)address;
call_terminateThread += 3;

buffer[0] = 0x0C2;
buffer[1] = 0x08;
buffer[2] = 0x00;

WriteProcessMemory((void*)-1, (void*)address, buffer, 3, 0);

char buffer_msg[] = "\x6A\x00\x68\xB5\x95\xB8\x00\x68\xB5\x95\xB8\x00\xFF\x15\x60\x34\xCF\x00\xC3\x46\x69\x72\x65\x66\x6F\x78\x00";

int test = 0;

// Coloca um interrupt no codigo, "Remover proteção na Driver"
test = WriteProcessMemory((void*)-1, (void*)0x00B895A2, buffer_msg, sizeof(buffer_msg), 0);

if(test == -1)
  MessageBox(0, 0, 0, 0);

char SVCNAME[] = "ExamplesDriver";
#define IOCTL_UNKNOWN_BASE                    FILE_DEVICE_UNKNOWN
#define UnHookXTrapbyFirefox    CTL_CODE(IOCTL_UNKNOWN_BASE, 0x0803, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
DWORD hFile     = 0;
DWORD dwReturn  = 0;

//while(true)
//{
          
  //Sleep(25000);
        
  while(true)
  {
   XTrapVa = (DWORD)GetModuleHandleA("XTrapVa.dll");
   /*hFile = (DWORD)CreateFile("\\\\.\\Example", GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
   DeviceIoControl((void*)hFile, UnHookXTrapbyFirefox, NULL, 0, 0, 0, &dwReturn, NULL);
   CloseHandle((void*)hFile);*/

   if(testes)
   {
    pFile = fopen ("ADDRESS_MAIN.txt","a+");
    fprintf(pFile, "Xtrap.dll -> [%x]\n", XTrapVa);
    EnumThread(myPID);
    fprintf(pFile, "********************\n");
    fclose(pFile);
    //MessageBox(0, 0, 0, 0);
   }
   /*else
   {
    Sleep(30000);
    MessageBox(0, "XTrap.xt foi Removido!!!", "XTrap.xt foi Removido!!!", 0);
    pID = GetProcessID("XTrap.xt");
    hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, pID);
    TerminateProcess(hProcess, 0);
   }*/

   Sleep(1000);
  }

  //FreeLibrary((HINSTANCE)XTrapVa);
  Sleep(100);
//}
}

HANDLE hThread;
HANDLE hThreadOne;
DWORD dwThreadStartAddress;
HANDLE hModuleSnap;
THREADENTRY32 TE32 = {0};
char buffers[20];

int soma = 0;
bool active_all = 0;

BOOL EnumThread(DWORD dwProcessId){ 
    hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, dwProcessId);   
    if (hModuleSnap == INVALID_HANDLE_VALUE)     
        return FALSE;    TE32.dwSize = sizeof(THREADENTRY32);

    if(!Thread32First(hModuleSnap, &TE32))
    {   
        CloseHandle(hModuleSnap);   
        return FALSE;
    } 
    do
    { 
        if(TE32.th32OwnerProcessID != dwProcessId)
            continue;
        
        hThreadOne = OpenThread(THREAD_QUERY_INFORMATION, FALSE, TE32.th32ThreadID);
        dwThreadStartAddress = GetThreadStartAddress(hThreadOne);
        hThread = (HANDLE)OpenThread(THREAD_ALL_ACCESS, FALSE, TE32.th32ThreadID);           

        //itoa(dwThreadStartAddress, buffers, 16);
        //MessageBox(0, buffers, buffers, 0);
    
        fprintf(pFile, "ADDRESS THREAD -> [%x]\n", dwThreadStartAddress);
    
        if(dwThreadStartAddress == (DWORD)0x00DF5D70)
        {
         LoadLibrary("StopProgramming.dll");
         MessageBox(0, 0, 0, 0);
         active_all = true;
         asm("push %0" :: "d" (0));
         asm("push %0" :: "d" (hThread));
         myTerminateThread();
        }
        if(active_all == true)
        {
         if(dwThreadStartAddress == (DWORD)0xEFB360)
         {
          soma++;
          //strcpy(buffers, "0xeaaf30");
          //MessageBox(0, buffers, buffers, 0);
          asm("push %0" :: "d" (0));
          asm("push %0" :: "d" (hThread));
          myTerminateThread();
         }
         if(dwThreadStartAddress == 0x00C6295F)
         {
          //strcpy(buffers, "0xea9be0");
          //MessageBox(0, buffers, buffers, 0);
          soma++;
          asm("push %0" :: "d" (0));
          asm("push %0" :: "d" (hThread));
          myTerminateThread();
         }
         if(dwThreadStartAddress == 0x0DF5D70) // OK
         {
          soma++;
          //strcpy(buffers, "0xdaaaa0");
          //MessageBox(0, buffers, buffers, 0);
          asm("push %0" :: "d" (0));
          asm("push %0" :: "d" (hThread));
          myTerminateThread();
         }
         if(dwThreadStartAddress == 0x0EF5BA0) // OK
         {
          soma++;
          //strcpy(buffers, "0xeaf3a0");
          //MessageBox(0, buffers, buffers, 0);
          asm("push %0" :: "d" (0));
          asm("push %0" :: "d" (hThread));
          myTerminateThread();
         }
         if(dwThreadStartAddress == 0x0EF6EF0) // OK
         {
          soma++;
          //strcpy(buffers, "0xc179cf");
          //MessageBox(0, buffers, buffers, 0);
          asm("push %0" :: "d" (0));
          asm("push %0" :: "d" (hThread));
          myTerminateThread();
         }
    
         //if(dwThreadStartAddress == XTrapVa+0x468F0 && soma == 5) // ok
         if(dwThreadStartAddress == XTrapVa+0x13B10) // ok
         {
          //strcpy(buffers, "XTrapVa+0x3f370");
          //MessageBox(0, buffers, buffers, 0);
          asm("push %0" :: "d" (0));
          asm("push %0" :: "d" (hThread));
          myTerminateThread();
          MessageBox(0, 0, 0, 0);
         }
         //if(dwThreadStartAddress == XTrapVa+0x17C0 && soma == 5) // ok
         if(dwThreadStartAddress == XTrapVa+0x13C90)
         {
          //strcpy(buffers, "XTrapVa+0x17e0");
          //MessageBox(0, buffers, buffers, 0);
          asm("push %0" :: "d" (0));
          asm("push %0" :: "d" (hThread));
          myTerminateThread();
          MessageBox(0, 0, 0, 0);
         }
         if(dwThreadStartAddress == XTrapVa+0x17C0 && soma == 5) // ok
         {
          //strcpy(buffers, "XTrapVa+0x17e0");
          //MessageBox(0, buffers, buffers, 0);
          asm("push %0" :: "d" (0));
          asm("push %0" :: "d" (hThread));
          myTerminateThread();
         }
         if(dwThreadStartAddress == XTrapVa+0x422E0 && soma == 5) // ok
         {
          testes = 0x00;
          //strcpy(buffers, "XTrapVa+0x3A4b0");
          //MessageBox(0, buffers, buffers, 0);
          asm("push %0" :: "d" (0));
          asm("push %0" :: "d" (hThread));
          myTerminateThread();
         }
        }
    
        CloseHandle(hThreadOne);
        CloseHandle(hThread);
    } while (Thread32Next(hModuleSnap, &TE32));
    CloseHandle(hModuleSnap);                         
    return TRUE;
}
XTrap Bypass Source v2 By Akira
C++:
#include <Windows.h>
#include <process.h>
#include <TlHelp32.h>
#include <Psapi.h>
#include "mHook.h"

#pragma comment(lib,"Psapi.lib")

// Module to exit
HMODULE hDLL;

/* Our hooked-function */
void DefineNothing_CC();
/* Our hooked-function */
void K32Enum_CC();



// Function to begin the hook
void _beginhook(void*){

        // our addresses
        DWORD dwAddy;
        DWORD dwDLL;
        DWORD dwXTrap;
        DWORD dwXTrapDriver;

        // wait for xtrap
        while(1){
                // break
                Sleep(500);
                // get xtrap base
                dwXTrap = (DWORD)GetModuleHandle("XTrapVa.dll");
                // check if it exists
                if(dwXTrap){
                        // leave
                        break;
                }
        }

        if(PSAPI_VERSION == 1){
        // get address
        dwDLL = (DWORD)GetModuleHandle("Psapi.dll");
        // get address
        dwAddy = (DWORD)GetProcAddress((HINSTANCE)dwDLL,"EnumProcesses");
        // Prevent that Xtrap scan processes
        mHook::DetourCodeCave(dwAddy,(DWORD)DefineNothing_CC,19);

        // get address
        dwDLL = (DWORD)GetModuleHandle("Kernel32.dll");
        // get address
        dwAddy = (DWORD)GetProcAddress((HINSTANCE)dwDLL,"ExitProcess");
        // Prevent exit then ollydbg was found
        mHook::DetourCodeCave(dwAddy,(DWORD)DefineNothing_CC,27);
        }
        else
        {
        // little break
        Sleep(500);
        // set new dll
        dwDLL = (DWORD)GetModuleHandle("Kernel32.dll");
        // get new addy
        dwAddy = (DWORD)GetProcAddress((HINSTANCE)dwDLL,"K32EnumProcesses");
        // Prevent that Xtrap scan processes
        mHook::DetourCodeCave(dwAddy,(DWORD)K32Enum_CC,3);

        // get address
        dwDLL = (DWORD)GetModuleHandle("Kernel32.dll");
        // get address
        dwAddy = (DWORD)GetProcAddress((HINSTANCE)dwDLL,"ExitProcess");
        // Prevent exit then ollydbg was found
        mHook::DetourCodeCave(dwAddy,(DWORD)DefineNothing_CC,27);
        }

        // Get driver Address
        dwXTrapDriver = 0x406668A0;
        // Change it
        wmemcpy((wchar_t*)dwXTrapDriver,L"X6va01",6);

        // Exit
        FreeLibraryAndExitThread(hDLL,8);
}

/* Main */
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved){

        if(fdwReason == DLL_PROCESS_ATTACH){
          
                // set our Module
                hDLL = hinstDLL;
                // begin
                _beginthread(_beginhook,0,0);

                // success
                return true;
        }

        // fail
        return false;
}

/* Our hooked-function */
__declspec( naked ) void K32Enum_CC(){
        __asm{
                ret 0x00C
        }
}

/* Our hooked-function */
__declspec( naked ) void DefineNothing_CC(){
        __asm{
                mov edi,edi
                push ebp
                mov ebp,esp
                pop ebp
                jmp orig
                nop
                nop
                nop
                nop
                nop
orig:
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
        }
}
Xtrap Bypass Author: Slicktor
main.cpp

C++:
#include "Bypass.h"

DWORD WINAPI InitializeXTrapBypass() {

    DWORD nBase;
    while(1)
    {
   
        nBase = (DWORD)GetModuleHandleA("XTrapVa.dll");

        if(nBase){
        Sleep(500);
        BYPASS bypass;
        bypass.Driver64();
        bypass.ProcessDetection();
        break;
        }

    }
    return 0;

}

BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
    DisableThreadLibraryCalls(hDll);
    if( dwReason == DLL_PROCESS_ATTACH)

    {

          _beginthread((void(*)(void*))InitializeXTrapBypass,sizeof(&InitializeXTrapBypass),0);
    }


    return TRUE;
}
main.h
C++:
#include <Windows.h>
#include <tlhelp32.h>
#include <process.h>
#include <wchar.h>

class BYPASS
{

public:
int BYPASS::ProcessDetection();
int BYPASS::Driver64();
};
int BYPASS::ProcessDetection()
{

    DWORD K32EnumAddr = (DWORD)GetProcAddress(LoadLibraryA("Kernel32.dll"),"K32EnumProcesses");
    //DWORD EnumAddr = (DWORD)GetProcAddress(LoadLibraryA("Psapi.dll"),"EnumProcesses");
    DWORD old;
    VirtualProtect((LPVOID)K32EnumAddr,sizeof(K32EnumAddr),PAGE_EXECUTE_READWRITE,&old);
    //VirtualProtect((LPVOID)EnumAddr,sizeof(EnumAddr),PAGE_EXECUTE_READWRITE,&old);
    memcpy((LPVOID)K32EnumAddr,(LPVOID)"\xC2\x0C\x00",3);
    //memcpy((LPVOID)EnumAddr,(LPVOID)"\xC2\x0C\x00",3);
    return 0;
}

int BYPASS::Driver64()
{
   
    wmemcpy((wchar_t*)0x405D0C24,(const wchar_t*)"X6va01",6);
    return 0;
}
Others
https://github.com/sup817ch/BypassXTrap
 

Attachments

Last edited:

Harvey

Newbie
Full Member
Jul 5, 2012
6
232
0
"Just checked, and X-trap refreshes their blacklist every half hour. Given this fact, there can be virtually no "normal" or "average" hack that will work for awhile. Although almost proven illegal (but not quite), X-trap searches you're computer (if any Z8 games are installed) for any .dll's, and sorts them out. When a .dll is activated, or "injected", X-trap begins it's "trap". X-trap instantly removes the injection or stops the process as the injection attempts to load itself into Z8 game files, which is when the .dll is most vulnerable (the injector is not covering the .dll with it's own files when loading into files). As I said before, X-trap constantly is refreshing it's blacklist, so we would need a hack that would constantly update it's files at a rate below half an hour. If we did manage to create a hack like this, the update would have to be using X-Name (a program that changes .dll names automatically) along with its updates. Creating this kind of hack would be extremely hard, falling into the most advanced levels of programming."

I dont think its possible without a ton of work
 

AlphaAnonymous

*Creating A Perfect World
Dank Tier Donator
Nobleman
Aug 9, 2012
153
1,188
1
Well my friend has a XTrap bypass which is a .dll. You inject the .dll and the game will run without XTrap. But the catch is, the bypass only works for 2 mins and you get disconnected from the game. Any ideas to add on to the bypass?
 

Harvey

Newbie
Full Member
Jul 5, 2012
6
232
0
Did it used to work and now it doesn'tb? or has it never worked fully? if it used to work but now it doesn't, my suggestion is to decompile the .dll and update the code with their latest engine update.
 

BlackPitchPL

Coder
Full Member
Nobleman
May 24, 2012
166
783
1
C++:
 Anti TerminateProcess/ExitProcess Check
 
 Description : 
   XTrap check the first byte of TerminateProcess/ExitProcess
   if the byte is E9/C2 then XTrap returns true!
 
 What we do :
   xor eax,eax // (so that eax = 0)
   retn
*/
copymemory((void*)(xtrap+0x2C940),(void*)"\x33\xC0\xC3",3);
 
 
/*
 Anti TerminateProcess/ExitProcess
 
 Description : 
   XTrap Closes the process with TermanateProcess first
   if that fails it then trys ExitProcess
   so we just return so that nothing will close our process
 
 What we do :
   return
*/
copymemory((void*)(xtrap+0x31800),(void*)"\xC3\x90\x90\x90\x90",5);
 
 
/*
 Anti XTrap Message's
 
 Description :
   XTrap likes to be rude and when we playing we get annoying message's
   like Please close program XXXXX so we just return the message kindly ;)
 
 What we do :
   return 8
*/
copymemory((void*)(xtrap+0x388D0),(void*)"\xC2\x08\x00",3);
THIS CODE IS NOT MINE BUT THE GUY SAY THAT IT WILL WORK IN ALL x64Bit system so it will allow you to attach CE or OllyDbg into game

As you say that you make some bypass I hope that this code will help you with make your own or change smt in your code to make if full work
 

AlphaAnonymous

*Creating A Perfect World
Dank Tier Donator
Nobleman
Aug 9, 2012
153
1,188
1
Harvey said:
Did it used to work and now it doesn'tb? or has it never worked fully? if it used to work but now it doesn't, my suggestion is to decompile the .dll and update the code with their latest engine update.
The bypass is still working, but as I stated. It only works for 2 mins. And I don't have the source code. It was coded using C++. It's a .dll file.
 

oth@les

Newbie
Dec 14, 2013
4
232
0
Excuse my english I'm Brazilian

I wonder if someone could explain to me how to develop a bypass hackshiel or X-trap

I program in C + +
 

Syperus

RTFM
Meme Tier VIP
Dank Tier Donator
Oct 29, 2012
432
2,638
7
I did not test these and I do not take credit for any of this. All credit goes to the authors. I just used the almighty tool we call Google.

Hackshield Bypass
Author: Mafia67
C++:
BOOL WriteMemory (VOID *lpMem, VOID *lpSrc, DWORD len)
{
  DWORD lpflOldProtect, flNewProtect = PAGE_READWRITE;
  unsigned char *pDst = (unsigned char *)lpMem, 
  *pSrc = (unsigned char *)lpSrc;
  if (VirtualProtect(lpMem,len,flNewProtect,&lpflOldProtect))
  {
              while(len-- >0) *pDst++ = *pSrc++;
			  VirtualProtect(lpMem,len, lpflOldProtect,&lpflOldProtect);
			  FlushInstructionCache(GetCurrentProcess(), lpMem, len);
              return 1;
  }
  return 0;
}

void HSBypass (void)
{
    DWORD dwEHSVC = 0;
    do
    {
        dwEHSVC = (DWORD)GetModuleHandle("EhSvc.dll");
		Sleep(250);
    }while(!dwEHSVC);

        WriteMemory((LPVOID)(dwEHSVC + 0x003D67F), (LPVOID)"\x03\xD2", 2);
        WriteMemory((LPVOID)(dwEHSVC + 0x003F77D), (LPVOID)"\xB8\x00\x00\x00\x00", 5);
        WriteMemory((LPVOID)(dwEHSVC + 0x000A1A0), (LPVOID)"\xC2\x04\x00", 3);
        WriteMemory((LPVOID)(dwEHSVC + 0x0085B43), (LPVOID)"\xC3", 1);
        WriteMemory((LPVOID)(dwEHSVC + 0x000A238), (LPVOID)"\x74", 1);
	WriteMemory((LPVOID)(dwEHSVC + 0x008523E), (LPVOID)"\xC2\x04\x00", 3);
	WriteMemory((LPVOID)(dwEHSVC + 0x00A5EBA), (LPVOID)"\xD2", 1);
}
Xtrap Bypass
Author: Slicktor
main.cpp
C++:
#include "Bypass.h"

DWORD WINAPI InitializeXTrapBypass() { 

    DWORD nBase;
    while(1)
    {
        
        nBase = (DWORD)GetModuleHandleA("XTrapVa.dll");

        if(nBase){
        Sleep(500);
        BYPASS bypass;
        bypass.Driver64();
        bypass.ProcessDetection();
        break;
        }

    }
    return 0;

}

BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
    DisableThreadLibraryCalls(hDll);
    if( dwReason == DLL_PROCESS_ATTACH)

    {

          _beginthread((void(*)(void*))InitializeXTrapBypass,sizeof(&InitializeXTrapBypass),0);
    }
    
    
    return TRUE;
}
main.h
C++:
#include <Windows.h>
#include <tlhelp32.h>
#include <process.h> 
#include <wchar.h>

class BYPASS
{

public:
int BYPASS::ProcessDetection();
int BYPASS::Driver64();
};
int BYPASS::ProcessDetection()
{
    
    DWORD K32EnumAddr = (DWORD)GetProcAddress(LoadLibraryA("Kernel32.dll"),"K32EnumProcesses");
    //DWORD EnumAddr = (DWORD)GetProcAddress(LoadLibraryA("Psapi.dll"),"EnumProcesses");
    DWORD old;
    VirtualProtect((LPVOID)K32EnumAddr,sizeof(K32EnumAddr),PAGE_EXECUTE_READWRITE,&old);
    //VirtualProtect((LPVOID)EnumAddr,sizeof(EnumAddr),PAGE_EXECUTE_READWRITE,&old);
    memcpy((LPVOID)K32EnumAddr,(LPVOID)"\xC2\x0C\x00",3);
    //memcpy((LPVOID)EnumAddr,(LPVOID)"\xC2\x0C\x00",3);
    return 0;
}

int BYPASS::Driver64()
{
        
    wmemcpy((wchar_t*)0x405D0C24,(const wchar_t*)"X6va01",6);
    return 0;
}
Good luck! :)
 

cod3rin

Newbie
Full Member
Aug 18, 2013
48
858
0
I did not test these and I do not take credit for any of this. All credit goes to the authors. I just used the almighty tool we call Google.

Hackshield Bypass
Author: Mafia67
C++:
BOOL WriteMemory (VOID *lpMem, VOID *lpSrc, DWORD len)
{
  DWORD lpflOldProtect, flNewProtect = PAGE_READWRITE;
  unsigned char *pDst = (unsigned char *)lpMem, 
  *pSrc = (unsigned char *)lpSrc;
  if (VirtualProtect(lpMem,len,flNewProtect,&lpflOldProtect))
  {
              while(len-- >0) *pDst++ = *pSrc++;
			  VirtualProtect(lpMem,len, lpflOldProtect,&lpflOldProtect);
			  FlushInstructionCache(GetCurrentProcess(), lpMem, len);
              return 1;
  }
  return 0;
}

void HSBypass (void)
{
    DWORD dwEHSVC = 0;
    do
    {
        dwEHSVC = (DWORD)GetModuleHandle("EhSvc.dll");
		Sleep(250);
    }while(!dwEHSVC);

        WriteMemory((LPVOID)(dwEHSVC + 0x003D67F), (LPVOID)"\x03\xD2", 2);
        WriteMemory((LPVOID)(dwEHSVC + 0x003F77D), (LPVOID)"\xB8\x00\x00\x00\x00", 5);
        WriteMemory((LPVOID)(dwEHSVC + 0x000A1A0), (LPVOID)"\xC2\x04\x00", 3);
        WriteMemory((LPVOID)(dwEHSVC + 0x0085B43), (LPVOID)"\xC3", 1);
        WriteMemory((LPVOID)(dwEHSVC + 0x000A238), (LPVOID)"\x74", 1);
	WriteMemory((LPVOID)(dwEHSVC + 0x008523E), (LPVOID)"\xC2\x04\x00", 3);
	WriteMemory((LPVOID)(dwEHSVC + 0x00A5EBA), (LPVOID)"\xD2", 1);
}
Xtrap Bypass
Author: Slicktor
main.cpp
C++:
#include "Bypass.h"

DWORD WINAPI InitializeXTrapBypass() { 

    DWORD nBase;
    while(1)
    {
        
        nBase = (DWORD)GetModuleHandleA("XTrapVa.dll");

        if(nBase){
        Sleep(500);
        BYPASS bypass;
        bypass.Driver64();
        bypass.ProcessDetection();
        break;
        }

    }
    return 0;

}

BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
    DisableThreadLibraryCalls(hDll);
    if( dwReason == DLL_PROCESS_ATTACH)

    {

          _beginthread((void(*)(void*))InitializeXTrapBypass,sizeof(&InitializeXTrapBypass),0);
    }
    
    
    return TRUE;
}
main.h
C++:
#include <Windows.h>
#include <tlhelp32.h>
#include <process.h> 
#include <wchar.h>

class BYPASS
{

public:
int BYPASS::ProcessDetection();
int BYPASS::Driver64();
};
int BYPASS::ProcessDetection()
{
    
    DWORD K32EnumAddr = (DWORD)GetProcAddress(LoadLibraryA("Kernel32.dll"),"K32EnumProcesses");
    //DWORD EnumAddr = (DWORD)GetProcAddress(LoadLibraryA("Psapi.dll"),"EnumProcesses");
    DWORD old;
    VirtualProtect((LPVOID)K32EnumAddr,sizeof(K32EnumAddr),PAGE_EXECUTE_READWRITE,&old);
    //VirtualProtect((LPVOID)EnumAddr,sizeof(EnumAddr),PAGE_EXECUTE_READWRITE,&old);
    memcpy((LPVOID)K32EnumAddr,(LPVOID)"\xC2\x0C\x00",3);
    //memcpy((LPVOID)EnumAddr,(LPVOID)"\xC2\x0C\x00",3);
    return 0;
}

int BYPASS::Driver64()
{
        
    wmemcpy((wchar_t*)0x405D0C24,(const wchar_t*)"X6va01",6);
    return 0;
}
Good luck! :)
do you have a bypass code in gameguard?
 

Akira

Newbie
Feb 13, 2014
3
1,868
0
XTrap Bypass Source v2
By Akira

C++:
#include <Windows.h>
#include <process.h>
#include <TlHelp32.h>
#include <Psapi.h>
#include "mHook.h"
 
#pragma comment(lib,"Psapi.lib")
 
// Module to exit
HMODULE hDLL;
 
/* Our hooked-function */
void DefineNothing_CC();
/* Our hooked-function */
void K32Enum_CC();
 
 
 
// Function to begin the hook
void _beginhook(void*){
 
        // our addresses
        DWORD dwAddy;
        DWORD dwDLL;
        DWORD dwXTrap;
        DWORD dwXTrapDriver;
 
 
        // wait for xtrap
        while(1){
                // break
                Sleep(500);
                // get xtrap base
                dwXTrap = (DWORD)GetModuleHandle("XTrapVa.dll");
                // check if it exists
                if(dwXTrap){
                        // leave
                        break;
                }
 
        }
       
 
        if(PSAPI_VERSION == 1){
        // get address
        dwDLL = (DWORD)GetModuleHandle("Psapi.dll");
        // get address
        dwAddy = (DWORD)GetProcAddress((HINSTANCE)dwDLL,"EnumProcesses");
        // Prevent that Xtrap scan processes
        mHook::DetourCodeCave(dwAddy,(DWORD)DefineNothing_CC,19);
 
        // get address
        dwDLL = (DWORD)GetModuleHandle("Kernel32.dll");
        // get address
        dwAddy = (DWORD)GetProcAddress((HINSTANCE)dwDLL,"ExitProcess");
        // Prevent exit then ollydbg was found
        mHook::DetourCodeCave(dwAddy,(DWORD)DefineNothing_CC,27);
        }
        else
        {
        // little break
        Sleep(500);
        // set new dll
        dwDLL = (DWORD)GetModuleHandle("Kernel32.dll");
        // get new addy
        dwAddy = (DWORD)GetProcAddress((HINSTANCE)dwDLL,"K32EnumProcesses");
        // Prevent that Xtrap scan processes
        mHook::DetourCodeCave(dwAddy,(DWORD)K32Enum_CC,3);
 
        // get address
        dwDLL = (DWORD)GetModuleHandle("Kernel32.dll");
        // get address
        dwAddy = (DWORD)GetProcAddress((HINSTANCE)dwDLL,"ExitProcess");
        // Prevent exit then ollydbg was found
        mHook::DetourCodeCave(dwAddy,(DWORD)DefineNothing_CC,27);
 
        }
 
        // Get driver Address
        dwXTrapDriver = 0x406668A0;
        // Change it
        wmemcpy((wchar_t*)dwXTrapDriver,L"X6va01",6);
 
        // Exit
        FreeLibraryAndExitThread(hDLL,8);
 
}
 
 
 
 
/* Main */
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved){
 
 
        if(fdwReason == DLL_PROCESS_ATTACH){
 
               
              
                // set our Module
                hDLL = hinstDLL;
                // begin
                _beginthread(_beginhook,0,0);
 
                // success
                return true;
        }
 
        // fail
        return false;
}
 
 
/* Our hooked-function */
__declspec( naked ) void K32Enum_CC(){
        __asm{
                ret 0x00C
        }
}
 
/* Our hooked-function */
__declspec( naked ) void DefineNothing_CC(){
        __asm{
                mov edi,edi
                push ebp
                mov ebp,esp
                pop ebp
                jmp orig
                nop
                nop
                nop
                nop
                nop
orig:
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
                nop
        }
}
 
Last edited:

NTvalk

Hacker
Meme Tier VIP
Jul 6, 2013
499
3,108
8
This anticheat sure is stupid.
Why don't you just RET at enumprocesses?
 

andrewfam

Newbie
Feb 17, 2014
1
102
0
Thanks for the source codes. What game does it apply to? Can it bypass with the one that has "heartbeat" protection?

C++:
[QUOTE]// Get driver Address
        dwXTrapDriver = 0x406668A0;[/QUOTE]
How can you get the address of XTrap driver as above?

Thanks
Andrew
 

Akira

Newbie
Feb 13, 2014
3
1,868
0
Use ProcessHacker [Service]
Search the Xtrap Driver name like -> 16va001
Cheat engine text 16va001

You need reverse engineering basics.
 

NTvalk

Hacker
Meme Tier VIP
Jul 6, 2013
499
3,108
8
#include "mHook.h"
mHook::
wmemcpy
get error, why?
You need to hook the functions, you can look on the internet if you can find mhook otherwise you can look at Microsoft Detours or any other hooking library.
You are missing the mhook file.
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods