News:

Holy shit, it's 2018 2019 2020 2021 2022 2023 2024, and the US isn't a fascist country! What a time to be alive.

Main Menu

Lockdown

Started by Hdx, February 24, 2007, 10:34:16 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2 All
User actions

Joe

#15
April 11, 2007, 04:38:37 PM
Hm, if you replaced CreateFile, DeleteFile, etc, with stubs, couldn't you actually make your own lockdown DLL's that didn't check for the hacks?
Quote from: Camel on June 09, 2009, 04:12:23 PMI'd personally do as Joe suggests

Quote from: AntiVirus on October 19, 2010, 02:36:52 PM
You might be right about that, Joe.

iago

#16
April 11, 2007, 05:14:59 PM
Quote from: Joex86/64] link=topic=8759.msg114822#msg114822 date=1176323917]
Hm, if you replaced CreateFile, DeleteFile, etc, with stubs, couldn't you actually make your own lockdown DLL's that didn't check for the hacks?
Assuming that the DLL does a checksum on memory (which I'm pretty sure it does), you'd have to fake the checksum, which would be identical to re-implementing it.

Joe

#17
April 11, 2007, 07:05:33 PM
Right, but you could force StarCraft to use your DLL instead of the one from BNFTP, which does check for hacks, right?
Quote from: Camel on June 09, 2009, 04:12:23 PMI'd personally do as Joe suggests

Quote from: AntiVirus on October 19, 2010, 02:36:52 PM
You might be right about that, Joe.

iago

#18
April 11, 2007, 07:22:24 PM
The one from Battle.net checks for exactly one hack.

The easier thing to do if you want to hack is to load your memory patches after the CheckRevision .dll is unloaded. You can hook LoadLibraryA() and FreeLibrary() safely, because Battle.net's .dll can't check those (kernel32.dll can't be guaranteed to have a consistent checksum).

Better yet, apply patches after the ExtraWork .dll has been unloaded. Then you're even safer.

warz

#19
April 12, 2007, 02:30:08 PM
Quote from: iago on April 11, 2007, 07:22:24 PM
The one from Battle.net checks for exactly one hack.

Saying that is misleading. Checkrevision only checks for one hack's file name. Since most hacks deal with modifying memory, and the new Checkrevision routines check for that, I'd say it checks for a whole realm of hacks. :P
http://www.chyea.org/ - web based markup debugger

iago

#20
April 12, 2007, 02:57:09 PM
Quote from: warz on April 12, 2007, 02:30:08 PM
Quote from: iago on April 11, 2007, 07:22:24 PM
The one from Battle.net checks for exactly one hack.

Saying that is misleading. Checkrevision only checks for one hack's file name. Since most hacks deal with modifying memory, and the new Checkrevision routines check for that, I'd say it checks for a whole realm of hacks. :P
I explained that in the previous post. But Joe is talking about checking for specific .dll's.

Joe

#21
April 12, 2007, 05:25:26 PM
No, I'm saying that we could write a DLL that has the same functionality as the BnFtp DLL's, but doesn't check for hacks. By patching StarCraft's CreateFile and DeleteFile, we can stick our own DLL in the folder and StarCraft *should* run it instead.
Quote from: Camel on June 09, 2009, 04:12:23 PMI'd personally do as Joe suggests

Quote from: AntiVirus on October 19, 2010, 02:36:52 PM
You might be right about that, Joe.

iago

#22
April 12, 2007, 07:21:01 PM
Quote from: Joex86/64] link=topic=8759.msg114991#msg114991 date=1176413126]
No, I'm saying that we could write a DLL that has the same functionality as the BnFtp DLL's, but doesn't check for hacks. By patching StarCraft's CreateFile and DeleteFile, we can stick our own DLL in the folder and StarCraft *should* run it instead.
Have you read my posts? The new CheckRevision does a checksum on your *memory*! The trick is to re-implement the checksum, which isn't an easy job.

The alternative, as I said, is to load hacks *after* the CheckRevision function runs. It's a whole lot easier than the alternatives.
Print
Go Up Pages 1 2 All
User actions