Solved Bypass XignCode GetaSyncKeyState Detection

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

steb

Jr.Coder
Full Member
Nobleman
Aug 16, 2016
63
383
1
So I was getting detected in game(Gets detected after 2minutes), not sure why. So I removed some code from my menu to check why i'm getting detected, I removed the code inside my NAV function and it worked fine ingame, no detection what so ever. Any other ways you guys would recommend to make my hotkeys undetectable ?

Game: SFPH (Special Force SEA)
AntiCheat: Xigncode3

Code that was getting detected
C++:
void MenuD3D::Nav(void)
{
	if (GetAsyncKeyState(VK_INSERT) & 1) visible = (!visible);
	if (!visible) return;

	if (GetAsyncKeyState(VK_CONTROL)) {
		if (GetAsyncKeyState(VK_UP) & 1) y -= 10;
		if (GetAsyncKeyState(VK_DOWN) & 1) y += 10;
		if (GetAsyncKeyState(VK_LEFT) & 1) x -= 10;
		if (GetAsyncKeyState(VK_RIGHT) & 1) x += 10;
	}
	else {
		if (GetAsyncKeyState(VK_UP) & 1) {
			do {
				cur--;
				if (cur<0)  cur = noitems - 1;
			} while (MENU[cur]->typ == MENUTEXT);
		}
		else if (GetAsyncKeyState(VK_DOWN) & 1) {
			do {
				cur++;
				if (cur == noitems) cur = 0;
			} while (MENU[cur]->typ == MENUTEXT);
		}
		else if (MENU[cur]->var) {
			int dir = 0;
			if (GetAsyncKeyState(VK_LEFT) & 1 && *MENU[cur]->var > 0) dir = -1;
			if (GetAsyncKeyState(VK_RIGHT) & 1 && *MENU[cur]->var < (MENU[cur]->maxval - 1)) dir = 1;
			if (dir) {
				*MENU[cur]->var += dir;
				if (MENU[cur]->typ == MENUGROUP) noitems = 0;
			}
		}
	}
}
My D3DMenu :
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,074
78,998
2,371
I think that your GetAsyncKeyState calls that are getting detected. Can you see if XIGNCODE is hooking that function and checking the return address?

You can try directinput, SetWindowsHookEx

https://www.unkn0wncheats.me/forum/847082-post140.html

This might be overkill but, you could make an external application that talks to your DLL somehow. The external application detects key presses and then somehow sends keystates in the form of bools to your DLL. There's a number of ways this could be done, you could have variables in the .exe and your internal hack does ReadProcessMemory on them or something like that depending on what is detected
 

Traxin

Escobar Tier VIP
Dank Tier Donator
Aug 3, 2015
1,041
25,378
154
You can also hook the wndproc function with SetWindowLongPtr and just read the key messages.
 

Broihon

edgy 12 y/o
Escobar Tier VIP
Fleep Tier Donator
Dec 22, 2013
1,745
40,528
316
Rake;46947 said:
They don't check that? idiots!
True, really bad. It's kinda weird though. The check itself is really good. It checks the whole stack to verify if the call is from the game module or some suspicious haxxor.dll. Just faking the return address of the call isn't enough.

Edit:
C++:
	BYTE * pGAKS = reinterpret_cast<BYTE*>(GetAsyncKeyState);
	BYTE Orig[10];
	memcpy(Orig, pGAKS, 10);

	bool bChanged = false;

	while (!bChanged)
	{
		for (UINT i = 0; i != 10; ++i)
			if (pGAKS[i] != Orig[i])
				bChanged = true;
		Sleep(100);
	}

	DWORD dwOld = 0;
	VirtualProtect(pGAKS, 10, PAGE_EXECUTE_READWRITE, &dwOld);
	memcpy(pGAKS, Orig, 10);
	VirtualProtect(pGAKS, 10, dwOld, &dwOld);
Something like this will probably do the job.
 
Last edited:

steb

Jr.Coder
Full Member
Nobleman
Aug 16, 2016
63
383
1
Вroihon;46948 said:
True, really bad. It's kinda weird though. The check itself is really good. It checks the whole stack to verify if the call is from the game module or some suspicious haxxor.dll. Just faking the return address of the call isn't enough.

Edit:
C++:
	BYTE * pGAKS = reinterpret_cast<BYTE*>(GetAsyncKeyState);
	BYTE Orig[10];
	memcpy(Orig, pGAKS, 10);

	bool bChanged = false;

	while (!bChanged)
	{
		for (UINT i = 0; i != 10; ++i)
			if (pGAKS[i] != Orig[i])
				bChanged = true;
		Sleep(100);
	}

	DWORD dwOld = 0;
	VirtualProtect(pGAKS, 10, PAGE_EXECUTE_READWRITE, &dwOld);
	memcpy(pGAKS, Orig, 10);
	VirtualProtect(pGAKS, 10, dwOld, &dwOld);
Something like this will probably do the job.
Wait after I do this I can use get a sync key?
 

r4z0r

Coder
Meme Tier VIP
Jul 21, 2016
246
1,678
13
"This" basically unhooks what Xigncode hooked to check if anything else is using this function, so it should work. Considering that's Broihon code you may be able to use GetAsync without problems if you inject the dll after Xigncode is loaded, I'm just not sure about copying the original bytes to Orig without setting its protection to READWRITE, but I may be wrong 'cause I don't know its original protection, btw Broihon god.

Edit: I just realized you don't need change the protection, I'm stupid.
 
Last edited:

steb

Jr.Coder
Full Member
Nobleman
Aug 16, 2016
63
383
1
"This" basically unhooks what Xigncode hooked to check if anything else is using this function, so it should work. Considering that's Broihon code you may be able to use GetAsync without problems if you inject the dll after Xigncode is loaded, I'm just not sure about copying the original bytes to Orig without setting its protection to READWRITE, but I may be wrong 'cause I don't know its original protection, btw Broihon god.

Edit: I just realized you don't need change the protection, I'm stupid.
Do I really have to inject the dll after xigncode is loaded ?
 

Broihon

edgy 12 y/o
Escobar Tier VIP
Fleep Tier Donator
Dec 22, 2013
1,745
40,528
316
raz0r the default protection state is PAGE_EXECUTE_READ which means I can copy the original bytes without changing the protection in first place, as you said.

steb glad it works.
You definitly have to inject before Xigncode is loaded. Otherwise the code wouldn't be able to get the original bytes or detect the hook.

Edit: Just a little fun fact. If I recall correctly Xigncode doesn't even change the protection back to PAGE_EXECUTE_READ after they hook the function. But I wouldn't rely on that. That's why I'm still using VirtualProtect - just to be sure.
 

steb

Jr.Coder
Full Member
Nobleman
Aug 16, 2016
63
383
1
Hmm weirddd, it works in win10 but when my friend tested my hack xigncode detects it , he's using win7.
 

Broihon

edgy 12 y/o
Escobar Tier VIP
Fleep Tier Donator
Dec 22, 2013
1,745
40,528
316
Hmm weirddd, it works in win10 but when my friend tested my hack xigncode detects it , he's using win7.
Well, they can detect the hack module itself and the d3d hook...
 

FallBright

Newbie
May 26, 2017
3
14
0
True, really bad. It's kinda weird though. The check itself is really good. It checks the whole stack to verify if the call is from the game module or some suspicious haxxor.dll. Just faking the return address of the call isn't enough.

Edit:
C++:
	BYTE * pGAKS = reinterpret_cast<BYTE*>(GetAsyncKeyState);
	BYTE Orig[10];
	memcpy(Orig, pGAKS, 10);

	bool bChanged = false;

	while (!bChanged)
	{
		for (UINT i = 0; i != 10; ++i)
			if (pGAKS[i] != Orig[i])
				bChanged = true;
		Sleep(100);
	}

	DWORD dwOld = 0;
	VirtualProtect(pGAKS, 10, PAGE_EXECUTE_READWRITE, &dwOld);
	memcpy(pGAKS, Orig, 10);
	VirtualProtect(pGAKS, 10, dwOld, &dwOld);
Something like this will probably do the job.
hey sir, sorry for asking and bumping the thread but, where do i put those codes ? tried putting it anywhere but nothing happens ingame
 

Broihon

edgy 12 y/o
Escobar Tier VIP
Fleep Tier Donator
Dec 22, 2013
1,745
40,528
316
hey sir, sorry for asking and bumping the thread but, where do i put those codes ? tried putting it anywhere but nothing happens ingame
When you create a thread from the dll main it should be at the beginning. At least the memcpy must be executed before Xigcode hooks GetAsyncKeyState.
 

FallBright

Newbie
May 26, 2017
3
14
0
When you create a thread from the dll main it should be at the beginning. At least the memcpy must be executed before Xigcode hooks GetAsyncKeyState.
hi sir Broihon, i tried putting the code on the following thread/fncs and encountered different results:

*Hack thread = menu showed, but gets detected after a minute or so
*Loop Function = menu showed, but gets detected after a minute or so
*Dll main (before create thread) = menu does not show, no detection = no hack
*Dll main (after create thread) = menu showed, but gets detected after a minute or so

also tried putting declarations on global but menu does not show . . .

idk what's wrong or i am doing it completely wrong :(
 

Broihon

edgy 12 y/o
Escobar Tier VIP
Fleep Tier Donator
Dec 22, 2013
1,745
40,528
316
Put it at the beginning of the thread. But you do realize that Xigncode detects most d3d hooks and injected dlls aswell?
 

FallBright

Newbie
May 26, 2017
3
14
0
Put it at the beginning of the thread. But you do realize that Xigncode detects most d3d hooks and injected dlls aswell?
Yes, i am using the injector you made and tried excluding GetAsync from the build and xc is not detecting it.


am i doing it right ?
C++:
BOOL WINAPI DllMain(HMODULE hDll, DWORD dwReason, LPVOID LpReserved)
{
	BYTE * pGAKS = reinterpret_cast<BYTE*>(GetAsyncKeyState);
	BYTE Orig[10];
	memcpy(Orig, pGAKS, 10);
	bool bChanged = false;
	while (!bChanged)
	{
        for (UINT i = 0; i != 10; ++i)
        if (pGAKS[i] != Orig[i])
            bChanged = true;
		Sleep(100);
	}	
	DWORD dwOld = 0;
	VirtualProtect(pGAKS, 10, PAGE_EXECUTE_READWRITE, &dwOld);
	memcpy(pGAKS, Orig, 10);
	VirtualProtect(pGAKS, 10, dwOld, &dwOld);

	if(dwReason==DLL_PROCESS_ATTACH)
        {
		CreateThread(0, 0, (LPTHREAD_START_ROUTINE)D3D_Hook, 0, 0, 0);
	}
	return TRUE;
}
 
Last edited:

TuPeorEnemigo

Newbie
Silenced
Jul 10, 2017
1
11
0
Hola Que Tal Una Pregunta De Que Forma Puedo Aprender A Crear ByPass y Programacion se un poco de c++ pero lo minimo :)
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods