Author Topic: Lockdown (Read 11299 times)

Joe · « **Reply #15 on:** April 11, 2007, 04:38:37 pm »

Hm, if you replaced CreateFile, DeleteFile, etc, with stubs, couldn't you actually make your own lockdown DLL's that didn't check for the hacks?

iago · « **Reply #16 on:** April 11, 2007, 05:14:59 pm »

Quote from: Joe[x86/64] on April 11, 2007, 04:38:37 pm

Hm, if you replaced CreateFile, DeleteFile, etc, with stubs, couldn't you actually make your own lockdown DLL's that didn't check for the hacks?

Assuming that the DLL does a checksum on memory (which I'm pretty sure it does), you'd have to fake the checksum, which would be identical to re-implementing it.

Joe · « **Reply #17 on:** April 11, 2007, 07:05:33 pm »

Right, but you could force StarCraft to use your DLL instead of the one from BNFTP, which does check for hacks, right?

iago · « **Reply #18 on:** April 11, 2007, 07:22:24 pm »

The one from Battle.net checks for exactly one hack.

The easier thing to do if you want to hack is to load your memory patches after the CheckRevision .dll is unloaded. You can hook LoadLibraryA() and FreeLibrary() safely, because Battle.net's .dll can't check those (kernel32.dll can't be guaranteed to have a consistent checksum).

Better yet, apply patches after the ExtraWork .dll has been unloaded. Then you're even safer.

warz · « **Reply #19 on:** April 12, 2007, 02:30:08 pm »

Quote from: iago on April 11, 2007, 07:22:24 pm

The one from Battle.net checks for exactly one hack.

Saying that is misleading. Checkrevision only checks for one hack's file name. Since most hacks deal with modifying memory, and the new Checkrevision routines check for that, I'd say it checks for a whole realm of hacks.

iago · « **Reply #20 on:** April 12, 2007, 02:57:09 pm »

Quote from: warz on April 12, 2007, 02:30:08 pm

Quote from: iago on April 11, 2007, 07:22:24 pm
The one from Battle.net checks for exactly one hack.

Saying that is misleading. Checkrevision only checks for one hack's file name. Since most hacks deal with modifying memory, and the new Checkrevision routines check for that, I'd say it checks for a whole realm of hacks.

I explained that in the previous post. But Joe is talking about checking for specific .dll's.

Joe · « **Reply #21 on:** April 12, 2007, 05:25:26 pm »

No, I'm saying that we could write a DLL that has the same functionality as the BnFtp DLL's, but doesn't check for hacks. By patching StarCraft's CreateFile and DeleteFile, we can stick our own DLL in the folder and StarCraft *should* run it instead.

iago · « **Reply #22 on:** April 12, 2007, 07:21:01 pm »

Quote from: Joe[x86/64] on April 12, 2007, 05:25:26 pm

No, I'm saying that we could write a DLL that has the same functionality as the BnFtp DLL's, but doesn't check for hacks. By patching StarCraft's CreateFile and DeleteFile, we can stick our own DLL in the folder and StarCraft *should* run it instead.

Have you read my posts? The new CheckRevision does a checksum on your *memory*! The trick is to re-implement the checksum, which isn't an easy job.

The alternative, as I said, is to load hacks *after* the CheckRevision function runs. It's a whole lot easier than the alternatives.

Clan x86

News:

Author Topic: Lockdown (Read 11299 times)

Joe

Re: Lockdown

iago

Re: Lockdown

Joe

Re: Lockdown

iago

Re: Lockdown

warz

Re: Lockdown

iago

Re: Lockdown

Joe

Re: Lockdown

iago

Re: Lockdown