Cheat Engine

gunminiho · Posted: Wed Jun 17, 2009 1:04 pm Post subject: Trampoline Bypass

hi all

hmm i was wondering if as much as it can be used ( Trampoline Bypass ) for SendMessage or PostMessage, can i use same method for other API's? like WriteProcessMemory or VirtualProtect, GetPixel?

Deine Mutter · Posted: Wed Jun 17, 2009 2:17 pm Post subject:

It largely depends on the game or the protection you are trying to bypass. If this protection hooks any of those functions in kernel mode a user-mode trampoline will not work. As far as I remember, GameGuard hooks GetPixel only in user-mode, for example. In this case an usermode-trampoline would work. But WriteProcessMemory is hooked in kernel-mode (NtWriteVirtualMemory), in this case a user-mode trampoline bypass would not be sufficient.

azfk · Cheater Reputation: 0 Joined: 26 May 2009 Posts: 37

Usually memory based functions like WriteProcessMemory and ReadProcessMemory are hooked on a kernel level,

as for things like sendmessage and such

they are 'trivial' are trampoline bypasses do work, VirtualProtect I'm not so sure of..

gunminiho · Posted: Thu Jun 18, 2009 12:53 am Post subject:

hmm well im a begginer programer hmm can someone let me know what is UserMode and KernelMode? i have a idea but im not sure about it hmm please Very Happy

and system used is HackShield Pro ( MS )

also is there a way to get addys with ollydbg? i mean i wanna get some addys for another game but... im not sure about it, cause i cant use CE or UCE ( Audition - Xtrap )

Deine Mutter · Posted: Thu Jun 18, 2009 2:29 am Post subject:

What you are trying to do is pretty hard to do for a beginner programer. I would suggest reading tutorials/books or the source of Darkbyte's driver. Driver development is the thing you should be concerned with, because it is the only way to access the kernel. But this is really hard stuff, I do not think that simply saving the original function addresses and restoring them after they are hooked will work, for example. You will also need reverse-engineering skills to observe how the protection you are trying to bypass works.

Working with OllyDBG is also a very hard thing to do. For example you could unpack the game (which isn't easy either) and remove GameGuard. Then you will be able to use OllyDBG, but only if you are not logged in, because the server (most likely) checks if GG (or any other protection) is present. There are a lot of other solutions (protecting OllyDBG from GG with a driver, disable GGin a certain way etc..) but this is very hard to do and I don't think that there are any public solutions/tutorials for this purpose.

The easiest solution would be: Try to make your CE undetected.

&Vage · Posted: Thu Jun 18, 2009 12:46 pm Post subject:

Don't think HackShield hooks in r3, not sure about r0. Just disable HackShield's driver and there you go, use any APIs without restrictions.

gunminiho · Posted: Thu Jun 18, 2009 7:49 pm Post subject:

well... im not trying to do it i just wanna know about KernelMode Level and UserMode Level...

So... HackShield driver is the one that hooks those API's????????? by not loading them you can use any API hmm

still i just wanna know what is all that KernelMode Level and Usermode Level Sad

Mikage · Newbie cheater Reputation: 0 Joined: 05 Feb 2010 Posts: 10

erm hi all, im new so do u think some1 cud make like a small video? im also a beginner and i wanna bypass Hackshield Pro for S.U.N Online as i keep dieing even tho i put most of me stats on str and vit >.> Please help me.(i learn better from videos than written books or tutorials. sry~)

igoticecream · Posted: Sat Feb 06, 2010 7:57 pm Post subject: