bypassing memory detection

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

boyenn

Newbie
Full Member
Jul 20, 2014
5
122
0
On a forum post ( different forum) there was a guy posting some adresses etc about a game that I want to learn how to hack, but I don't understand much of it really.
I won't post the link of the thread, I'll try to quote him as much as possible (I don't want to promote other forums here).

I'm trying to make a hack thats included in an already existing hack for learning purposes ( so I can make my own hack later)
sadly the source code of that hack is not available.

I followed a few of Fleep's tutorials (specifically the one on midhooking) to make a hack, but ran into the game calling "Memory editing deteced" and then crashing.


Okay, so this guys says "Anyways, I dumped their executable and mapped out important address related to anticheating"
Then procedes to give us this code (?) :
@UggLauncher.exe
--------------------------
SKIP UPDATE : 0x00542014
Call to gunzupdates.universegamers.com : 0x00543318

@Uggunz.exe
--------------------------
DETECTING CHEATS :
//CURRENTLY WORKING AS MAPPED.
++02579E2C: kernel32.dll!GetModuleHandleA (NOP) // Sees if it can find a certain module, if so, return true.
++02579E30: kernel32.dll!GetProcAddress (NOP) // Calls a function from the loaded .DLL in LoadLibraryA (some anti-hack function call).
++02579E34: kernel32.dll!ExitProcess (*Obvious NOP) // Exits all processes and threads
++02579E38: kernel32.dll!LoadLibraryA (NOP) // Loading some .DLL.
02579E40: user32.dll!MessageBoxA (NOP))// "Memory editing has been detected!", :)< || Breakpoint activated as soon as I injected my process. - SYNOPSIS : The reason it can take so much time to appear is due to all the functions needed to be called on to design the textbox (such as CreateFontA).
++02579E48: advapi32.dll!RegCloseKey (*Obvious NOP) // Ensuring that the process gets closed, via the registry.
++02579E50: oleaut32.dll!SysFreeString (NOP) // This function frees a string allocated previously by SysAllocString, SysAllocStringByteLen, SysReAllocString, SysAllocStringLen, or SysReAllocStringLen.
02579E58: gdi32.dll!CreateFontA (NO-NOP) // Creating the font for MessageBoxA.
++02579E60: shell32.dll!ShellExecuteA (NOP) // A handle to the parent window used for displaying a UI or error messages.

(1)RETN : 0x7793DEB4 - ntdll
(2)RETN : 0x7793F6B4 -ntdll
ZwClose : 0x779ADC76
DGIRemoteBreakIn :
~~~~~~~~~~~~~~~
BANNING/REPORTING CHEATS :
02579E68: version.dll!GetFileVersionInfoA // Getting version of detected .dll.
02579E70: fmod.dll!_FSOUND_Stream_Open@16 // Playing some random sound.
02579E78: PSAPI.DLL!GetModuleBaseNameA // Getting the handle of the module.
02579E80: ole32.dll!RevokeDragDrop // Revokes the registration of the specified application window as a potential target for OLE drag-and-drop operations.
02579E88: MSIMG32.dll!TransparentBlt // IGNORE.
02579E90: COMCTL32.dll!ImageList_GetIconSize // IGNORE.
02579E98: SHLWAPI.dll!PathRemoveFileSpecW // Creating a log for banning and such.
02579EA0: IMM32.dll!ImmGetCompositionStringA // Retrieves information about the composition string.
02579EA8: WINMM.dll!timeGetTime // Obviously getting the time/date for the log.
02579EB0: WS2_32.dll!WS2_32.10 // Sockets to connect to when uploading log.
02579EB8: RPCRT4.dll!UuidCreateSequential // Getting UID of the hacker.
02579EC0: dbghelp.dll!MiniDumpWriteDump // Creating a .dump file to store the log.
02579EC8: WININET.dll!InternetConnectA // Uploading the log to a server to determine a ban.
02579ED0: gdiplus.dll!GdipCreatePen1 // IGNORE.
02579ED8: OLEACC.dll!LresultFromObject // Returns the result from the server, I.E determines if there should be a ban and sends the results back.
02579EE0: WINSPOOL.DRV!OpenPrinterA // Sending data to our game.
02579EE8: COMDLG32.dll!GetFileTitleA // Retrieves the name of the specified file.

-----------------------

BYPASS :
NTDLL.DLL
0x76EEDEA8
0x76EEDEAE
0x76EEDEB4

(Stops UGG from killing itself, which pretty much all you need to successfully bypass it lulz).


And then says :
"For noobs:"

And then proceeds to give us this :


bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for (; *szMask; ++szMask, ++pData, ++bMask)
if (*szMask == 'x' && *pData != *bMask)
return false;
return (*szMask) == NULL;
}

DWORD dwFindPattern(DWORD dwAddress, DWORD dwLen, BYTE *bMask, char * szMask)
{
for (DWORD i = 0; i < dwLen; i++)
if (bDataCompare((BYTE*)(dwAddress + i), bMask, szMask))
return (DWORD)(dwAddress + i);

return 0;
}

//@Credits to Fleep.
void WriteToMemory(uintptr_t addressToWrite, char* valueToWrite, int byteNum)
{
//used to change our file access type, stores the old
//access type and restores it after memory is written
unsigned long OldProtection;
//give that address read and write permissions and store the old permissions at oldProtection
VirtualProtect((LPVOID)(addressToWrite), byteNum, PAGE_EXECUTE_READWRITE, &OldProtection);

//write the memory into the program and overwrite previous value
memcpy((LPVOID)addressToWrite, valueToWrite, byteNum);

//reset the permissions of the address back to oldProtection after writting memory
VirtualProtect((LPVOID)(addressToWrite), byteNum, OldProtection, NULL);
}

// Written by@errorElevin.
DWORD TransformHex(DWORD orgValue, DWORD subValue) {

DWORD difference = orgValue - subValue;
DWORD sum = orgValue -= difference;

return sum;
}

void lawUpdate() {


DWORD bypassNOP2 = dwFindPattern((DWORD)loaded, 0x8000000, (BYTE*)"\xFF\x25\x00\x00\x00\x00\xFF\x15\x00\x00\x00\x00\xC2\x08\x00", "xx????xx????xxx");
if (bypassNOP2)
{
bypassNOP2 -= 0;
WriteToMemory(bypassNOP2, NOP, 2);
bypassNOP2 -= 0xFFFFFFFA;
WriteToMemory(bypassNOP2, NOP, 2);
bypassNOP2 -= 0xFFFFFFF4;
WriteToMemory(bypassNOP2, NOP, 2);
bypassNOP2 = TransformHex(0x76EEDEA8, 0x76EEDEA9);
WriteToMemory(bypassNOP2, NOP, 2);
bypassNOP2 = TransformHex(0x76EEDEA8, 0x76EEDEAA);
WriteToMemory(bypassNOP2, NOP, 2);
bypassNOP2 = TransformHex(0x76EEDEA8, 0x76EEDEAB);
WriteToMemory(bypassNOP2, NOP, 2);
bypassNOP2 = TransformHex(0x76EEDEA8, 0x76EEDEAC);
WriteToMemory(bypassNOP2, NOP, 2);
bypassNOP2 = TransformHex(0x76EEDEA8, 0x76EEDEAD);
WriteToMemory(bypassNOP2, NOP, 2);
bypassNOP2 = TransformHex(0x76EEDEA8, 0x76EEDEAF);
WriteToMemory(bypassNOP2, NOP, 2);
bypassNOP2 = TransformHex(0x76EEDEA8, 0x76EEDEB0);
WriteToMemory(bypassNOP2, NOP, 2);
bypassNOP2 = TransformHex(0x76EEDEA8, 0x76EEDEB2);
WriteToMemory(bypassNOP2, NOP, 2);
bypassNOP2 = TransformHex(0x76EEDEA8, 0x76EEDEB2);
WriteToMemory(bypassNOP2, NOP, 2);
bypassNOP2 = TransformHex(0x76EEDEA8, 0x76EEDEB3);
WriteToMemory(bypassNOP2, NOP, 2);
bypassNOP2 = TransformHex(0x76EEDEA8, 0x76EEDEB4);
WriteToMemory(bypassNOP2, NOP, 2);
bypassNOP2 = TransformHex(0x76EEDEA8, 0x76EEDEB5);
WriteToMemory(bypassNOP2, NOP, 2);
bypassNOP2 = TransformHex(0x76EEDEA8, 0x76EEDEB6);
WriteToMemory(bypassNOP2, NOP, 2);
}

Together with Alsafa7 from this forum (thanks btw) we were able to implement the last part into our code, but we both have no idea what the first part is, and what we can do with it.
The guy posted another thread a few months later ( a few weeks ago)
0x02973038 = GetModuleHandleA(NOP)
0x0297303C = GetProcAddress(NOP)
0x02873040 = ExitProcess(NOP)
0x02973044 = LoadLibraryA (NOP)
0x02973084 = EnumProcessModules
0x02973094 = GetClipboard (NOP)
0x0297309C = TransparentBit (NOP)
0x029730E4 = CreateBitMapFromScreen (NOP)
0x029730EC = AccessibleObjectFromWindow (NOP)
0x029730CC = UUIDCreateSq (Creates in-game UUID from GUID). //Ban bypass? :clap2:
0x0297304C = MessageboxA

Which makes me assume that this is important (and since the game is still detecting my hack , this is probably why) , now I have no idea how to implement this into my code, or what to do with it.

Is there someone that could help?
 

Cyrion

Coder
Dank Tier Donator
Nobleman
Dec 31, 2013
107
618
7
I'm not here to help or whatever because i just simply don't know how but .. i wanted to say Good luck and continue to hack UGG because Vitor(The owner) is a freaking greedy bastard that needs his server to get hacked, ddosed or whatever. :D
 

boyenn

Newbie
Full Member
Jul 20, 2014
5
122
0
I'm not here to help or whatever because i just simply don't know how but .. i wanted to say Good luck and continue to hack UGG because Vitor(The owner) is a freaking greedy bastard that needs his server to get hacked, ddosed or whatever. :D
There is already a hack out there, so me creating one won't change much.
 

ZxPwd

Newbie
Full Member
Jun 2, 2014
25
658
0
Lol thanks for the bypass... Time to make hacks,, add me on skype


Skype: ZxPwds
 
Last edited:
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods