Your incapacity to read what you already post its another lame addition to a team with "good coders" lol...Quote:
Originally Posted by Simp1e[BoR]
Circus is comming to post a bypass and saying it suck, rings you any bells?
Printable View
Your incapacity to read what you already post its another lame addition to a team with "good coders" lol...Quote:
Originally Posted by Simp1e[BoR]
Circus is comming to post a bypass and saying it suck, rings you any bells?
I do not understand about what you think many developers tell thanks for that that have shown the most simple defect of the program that Fix This Bug and you think that I offend you to me it it is not necessary my purpose was to give idea to the developer
Think there will be to me from it what that advantage?
---------- Post added at 01:16 AM ---------- Previous post was at 01:09 AM ----------
----Quote:
axaxaxa :D
SKT - sucks
--
Absolutely in general the author has considered one that that was necessary KILL all latent processes not at start Launcher and to make them in DLL Lybrary and to put that it repeated each 10 seconds for example.
Not I have written this message It has written User "napuk228" read Message
I on the contrary into the account of it have given out idea how to make that it there was I did not state that
"SKT - sucks"!!!!!!!!!!!!!!!!!!!!!!!!! You not so have understood me.
P.S You in general have a logic?
Lol then what for the bypass + the quote, even the author understand it bad, and everyone seems to be.Quote:
Originally Posted by Simp1e[BoR]
What about perfecting your english?
Does that have any logic?...
PS: If you didnt mean the it suck, its ok and we all own you an appology, but cant understand why the bypass knowing its a descontinued project and probably the only one that MU community uses for anti cheat...
At me the translator translates badly... I hope you have understood that I had no to a kind that your project "sucks" Can I has considered to write that it not so but I it had to a kind likely if I like to state it I have written it in 1 message from video.
Its not my project, its SunLove i am just defending his project.Quote:
Originally Posted by Simp1e[BoR]
And its discontinued, unupdated and allmost the only anti hack of the community.
Recommend you to dont post any other bypass, if you do post a solution and use better translator.
So what for you express opinion on my command without having understood a essence of my message. I could talk itself "SunLove" and tell to it that I had to a kind.
---------- Post added at 01:54 AM ---------- Previous post was at 01:51 AM ----------
Me simply amazes wished to help the developer and here have piled aggression
the essence of your message for everyone seems the same, including SunLove.Quote:
Originally Posted by Simp1e[BoR]
Your translator sucks, and SunLove post already. He is not posting anymore since he speak worst english than you...
And for the last time change that fucking translator.
http://babelfish.yahoo.com/
Try this one...
you did see who it did write this Message? " 30 " Message I did not want to to insult him. and it had in I conduct that if we place the alliteration Of kill hide processes of every 10 seconds this problem it will disappear.
I dont understand you a shit, but i get your point, you didnt mean to "insult him". It looked that way.Quote:
Originally Posted by Simp1e[BoR]
SunLove should not be angry anymore.
The rest of what you post its out of my english lang. Really you need to learn english, the world is not russian xD
you understood that I it had in mind. The matter is far from in the language.
:) waitting ... what can i do for your team BoR
# English:Quote:
Originally Posted by theunknownguy
I think you can use the search and find the program from S@nek[BoR].
- RaGEZONE - MMORPG server development forums - View Profile: MuForum.Info -> Statistics -> Find all threads started by MuForum.Info
# Russian:
Думаю ты можешь воспользоваться поиском и найти программы от S@nek[BoR].
Quote:
1. MST - MU S@nek Tools;
2. MCS - MU Connect Server;
- 1.0.8.* (Without IOCP);
- 1.0.9.* (With IOCP);
3. MWM - MU WindowMode v3.0.4.19;
4. ML - MU Launcher_v1.0.4.50;
5. MTL - MU Test Launcher;
6. MCMSB - MU Calculation of MonsterSetBase_v1.0.2.48;
7. MCE - MU Calculation of the Experience_v1.0.1.13;
8. SIP - Show My IP_v1.0.2.13;
9. SSU - ServerStartUp_v1.0.4.113;
- I do not understand, this threat?Quote:
Originally Posted by Sunlove
Can you send us the source for the Anti Hide Process? I'm developing a GG for my private server.
Att,
[CzF]HueyGTO
shut up fenix noob...
and gtfo from rz, we dont need stupid emos/gays like u.
you must shut Up ! dont post anymore in my topic ! you are not welcome !Quote:
Originally Posted by master02
What do you think if they end up fighting and show who has it longer and we
focus on making a more powerful anticheat
For block hidetoolz to show for "WOW CRACKERS" using HideToolz, force Hidetoolz whit SW_SHOW and detect by window Class/Title
Or use DDK libraries for detect real hidding process and kill him
Is that suppose to impress me or something?...Quote:
Originally Posted by MuForum.Info
Really i am an old fucker on this community i didnt know your team. And if you do this list for show something, its a real FAIL.
Just launchers, IOCP and calculators?...
LOL i dont want to insult you, i really dont, but if thats what it takes to be a "big" team on this community and be saying:
Lol then i guess FHX team (me and holy) where gods for create the new skills in main side and the new panel.Code:"BOR here, BOR that, BOR good coders"
I still consider the last very big team over here was SCFMT, even if its for sale, they deserver the credits.
For you to start telling and using your team names on everything you talk, FIRST, do big projects, CzF have more than twice the list of projects you have and they are all muservers plus other stuff.
omg, I got a new concept of arrogance this time :DQuote:
Originally Posted by theunknownguy
Fenix, go to your thread, please dont post kid words here...
Sunlove: try this for HideToolz
HWND HideToolz = FindWindow("obj_Form","HideToolz");
ShowWindow(HideToolz , SW_SHOW);
if(HideToolz)
{
MessageBoxA(FindWindow("MU","MU"),"HideToolz Detected","AntiCheat System",0);
ExitProcess(0);
}
You just get the truth with FHX we never believed the big shit and we do much more...Quote:
Originally Posted by Deathway
But wait from you we learn the concept of stealing sources and put decompiled on header... and leaving folder names the same order of files and same names (of folder) knowing it doesnt even appear on PDB... so lame...
Now go back to your hole nobody believes you now, you can still try to remove GameGuard from GMO, if you want i give you a hand =P.
PS: You should talk with your friends of "decompilation" from darkteam, i got some really nasty comments about what you did from there hahhahaa...
I am here defending my friend sunlove and he is not continuing this project anymore...Quote:
Fenix, go to your thread, please dont post kid words here...
Sunlove: try this for HideToolz
HWND HideToolz = FindWindow("obj_Form","HideToolz");
ShowWindow(HideToolz , SW_SHOW);
if(HideToolz)
{
MessageBoxA(FindWindow("MU","MU"),"HideToolz Detected","AntiCheat System",0);
ExitProcess(0);
}
And detection by caption is kids words agaisnt HideToolz, do you even know some security?... sad
Just userland prevention by removing those stupid hooks from HideToolz. Or detection by heuristic from module scanner trough ollydbg. Remember hidetoolz doesnt work for kernel hook in x64, patch guard does it works...
i know fenix, but stop with fighting...
and i know about windows detection, if u edit exe that "fix" dont work...
better mode is making a hidden process skan, cuz hidetoolz start, WindowHide, ProcessHide, but if u can hide main whit ring0 WPE, Cheat Engine and anothers dont work....
i am a not profesional, i am learning c++, any ppl when start are newbie, but whit time and exp maybe i will be a better
Code:void HideProcess( char* input )
{
PEPROCESS PeProcess = NULL;
PLIST_ENTRY pNextEntry, pListHead;
PLIST_ENTRY BeforeProcess,Process,AfterProcess;
PeProcess = PsGetCurrentProcess();
if(!PeProcess)
return;
if( IsListEmpty( &PeProcess->ActiveProcessLinks ) )
return;
else
{
pListHead = &PeProcess->ActiveProcessLinks;
pNextEntry = pListHead->Flink;
while(pNextEntry != pListHead)
{
PeProcess = CONTAINING_RECORD( pNextEntry,EPROCESS,ActiveProcessLinks );
if(PeProcess->ActiveThreads)
{
if( !IsListEmpty( &PeProcess->ThreadListHead ) )
{
if( _strnicmp( PeProcess->ImageFileName, input ,strlen(input) ) == 0 )
{
Process = pNextEntry;
BeforeProcess = pNextEntry->Blink;
AfterProcess = pNextEntry->Flink;
BeforeProcess->Flink = Process->Flink;
AfterProcess->Blink = Process->Blink;
return;
}
}
}
PeProcess = NULL;
pNextEntry = pNextEntry->Flink;
}
}
return;
}
You old in this community you know old teams we dont used to be saying we are good coders and show a list of our works. I am just trying to prove that old teams do much more than new guys and never believed nothing...Quote:
Originally Posted by Mulegend
The hide process will work with SSDT hook on kernel, since x64 got patchguard i doubt alot it would work...
The technique you use is called DKOM and is so old my grandma would laugh if it still working, but its a good technique for x32 versions.
You dont need to do anything like that to stop hidetoolz, you just use user land protection and a driver that check for SSDT changes, if anything changed then you can just close the game. Also you can add a secure list by module address range, that would match AV security, in this way youll let AV work and rootkits and other bullshits out.
This kind of technique is not much used, works only for anti cheats, since in all cases the attacker wants to play and you can be free to close the game with any modification detected...
Cheat Engine uses his own and non usefull virtual machine that is so easy to detect that my grandma would laugh of it. Again with a good heuristic scan and also easy to crash by any non handled opcode that would rise an exception handled by Cheat engine first.
Still in all cases man this project is not going to be updated, SunLove doesnt have time, he is a grow up man and need money and time for feed his family.
i am reading for that coding method, but my c++ is very basic, for me this a new world...KDOM is discontinued method, but u know how check main integrity for any modification?
If you want to check against DKOM you just can use the struct you paste above:Quote:
Originally Posted by Mulegend
Code:pNextEntry->Blink;
AfterProcess = pNextEntry->Flink;
Usually it points to the next address of the struct, the size of this struct has i remember is undocumented, but you can make an aproximation, with this way you can check if FLink points to an adress twice the range that you aproximate, it means DKOM.
For SSDT hook bullshit is so easy you can just restore the original SSDT values, or do a module range address checker wich is a little more complex. This involves getting the range of the original SSDT offsets to Kernel APIs and check if the range match with the new offsets, if its in the range you can be sure that its not hooked.Code:Range = You calculate the struct sizeof
Detection = .If (Offset FLink > Range*2)
Ofc this technique have a weakness, guy could writte the hook into the range, but who does that?, kernel is very compressed and you might touch any fucking byte used by initialised section and the result is BDOS.
At least both ways detect allmost all rootkits xD.
Add this too in anti hack DB:
MU AutoClicker Elite
MU AutoClicker Avanta