What's new
  • Welcome to PHCorner Forums. Take a moment to Sign up and gain unlimited access and extra privileges that guests are not entitled to, such as: All that and more! Registration is quick, simple and absolutely free. Join our community today!

C and C++ PointBlank PH/ID Zepetto New Anti-Cheat Bypass(For Game häçkers)

zNova

Journeyman
Established
Joined
Apr 16, 2018
Messages
67
Reaction score
4
Ito yung sabi ng pbph zepetto regarding sa cheat blocker module nila.




Isang malaking kalokohan dahil napakalimited nung functions nila sa loob nung cb.cbm which is yung main module nung anti-cheat nila.

Example :


So kapag inedit mo tong function lalabas diyan yung "Memory häçking detected" since may self check function.
Kahit anong way pag modify mo basta .txt section modification olats yan.

Ang ginagawa lang naman pala nitong function nato nag seset ng trap jmp sa mga common functions na ginagamit sa cheat like GetViewport,SetRenderState, at ibang game function.

Tsaka pala nag seset lang ito ng trap after mag load nung game like nasa server selection na(sa pb indo login screen).
Example.

Itong function na nasa taas ay "i3SceneObject::FindCacheMatrix", nirereturn nito yung calculated matrix para sa bone nung characters.

EZ way to para sa ESP Skeleton/Aimbot kaya naglagay sila trap dito

So after ko mag load (nasa server selection na)
ito yung result :


May jmp na diba , everytime na icacall mo yung function dadaan siya dito sa jmp nato then pag finollow mo yung jmp na yon makikita mo ito.

Kitang-kita yung push 06, so naisip ko isa tong array at tama nga ako. starting from 0 - 0x19 at 0x1A may jmp trap.

Pag cinall mo yung function na meron nito madedetect ka(malamang).

Btw kaya importanteng ibypass to kung gagawa ka d3d9 menu madedetect yung text mo dahil sa SetRenderState.
Nireverse ko yung DrawText virtual method sa LPD3DXFONT(index nitong DrawTextA 15, sa DrawTextW 16).

So paano kaya ito mababypass ?
Simpleng simple lang
hook mo yung address na tatalunan nung jmp sa function.

Example :

DWORD AddrToJmp = (DWORD)HideAPI::GetModuleHandleHidden("cb.cbm") + 0x2AFD0;//Ito yung address na gagamitin natin para iredirect yung jmp sa function (ito yung address na tested ko pero pwede kayo mag emulate nang sarili niyong function.
void __declspec(*****) HookMem()
{
__asm jmp AddrToJmp//new jmp address
}

class MemoryFinderAPI
{
public:
char* fpattern;
DWORD dpattern;
char* mask;
MemoryFinderAPI(){}
MemoryFinderAPI(DWORD pattern,char* pmask) {
dpattern = pattern;
mask = pmask;
}
MemoryFinderAPI(char* pattern,char* pmask) {
fpattern = pattern;
mask = pmask;
}
//code cut
};

class MemAPI
{
public:
void Bypass(MemoryFinderAPI memory)
{
DWORD CurItem = (DWORD)FindPatternByDump(memory.fpattern, memory.mask);//Findpattern function
DWORD ItemToBypass = CurItem + 0x5;
// Func::LogFunction("Item %X %X", CurItem, ItemToBypass); //testing
Func::DetourCreate1(ItemToBypass, (DWORD)HookMem, 0x5);//Detour function para makagawa ng jmp sa target address [function param(DWORD Address,DWORD NewFunction,DWORD HookType)].
Sleep(10);//Interval lang natin
}

Full List nung ibabypass niyo :

memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x04\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//CGameCharaBase::getCurHP
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x05\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x06\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//i3SceneObject::FindCacheMatrix
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x07\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x08\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x09\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x0A\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x0B\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x0C\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x0D\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x0E\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x0F\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x11\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x12\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x13\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x14\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x15\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x16\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x17\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x18\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x19\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//GetViewPort
memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x1A\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));//SetRenderState


Bali icall niyo muna yung bypass bago kayo mag call nung mga detected functions dahil nailolog nung cb.cbm yung modular calls.

Sana hindi kayo naguluhan, kung may tanong kayo reply lang kayo.
 

zNova

Journeyman
Assembly language una then c++ language yung pang program ko nung mga häçks.
 
Top