What's new

xentr_guest_message_title Asian Coderz

xentr_guest_message_description

CF PH DIP Hook Detection Bypass ( Only in CSHELL Security )

Status
Not open for further replies.

XorEax

Administrator
Staff member
Administrator
Joined
Dec 8, 2013
Messages
911
Reaction score
2
Points
16
Age
21
CShell build: 6-17-20

m_DIPHook : 74 42 8A 09 80 F9 E9 ( Anti DIP Hook Detection )

To Bypass:

  • todo_1 : Change 74 (JE) to EB (JMP)
     
  • todo_2 : Detour before the JE and jump to neutral code
     



Sample Bypass Code of todo_2:

Code:
DWORD DETADR = (CSHELL + 0x22CFF0);
DWORD NEUTRALADR = (CSHELL + 0x22D039);

__declspec(naked) void __Bypass_Todo_2()
{
__asm
{
	MOV ECX, [EDI+EAX*4]
	TEST ECX,ECX
	JMP [NEUTRALADR]
}
}

Detour(DETADR,__Bypass_Todo_2);
 
Last edited by a moderator:

XorEax

Administrator
Staff member
Administrator
Joined
Dec 8, 2013
Messages
911
Reaction score
2
Points
16
Age
21
[QUOTE='Joseph2]is this a cheat of cf?
[/QUOTE]this is for coder section.

 

EOTHAX

New member
Joined
Apr 24, 2021
Messages
5
Reaction score
0
Points
0
Age
20
thanks

do you have the latest

 

DarkArtistry02

New member
Joined
Oct 13, 2020
Messages
4
Reaction score
0
Points
0
Age
24
[QUOTE='XorEax]CShell build: 6-17-20
m_DIPHook : 74 42 8A 09 80 F9 E9 ( Anti DIP Hook Detection )

To Bypass:

  • todo_1 : Change 74 (JE) to EB (JMP)
     
  • todo_2 : Detour before the JE and jump to neutral code
     




Sample Bypass Code of todo_2:

DWORD DETADR = (CSHELL + 0x22CFF0);

DWORD NEUTRALADR = (CSHELL + 0x22D039);

__declspec(naked) void __Bypass_Todo_2()

{

__asm

{

MOV ECX, [EDI+EAX*4]

TEST ECX,ECX

JMP [NEUTRALADR]

}

}

Detour(DETADR,__Bypass_Todo_2);
[/QUOTE]
Thanks for this but I have a question if this AOB(74 42 8A 09 80 F9 E9) is for DETADR how did you get the NEUTRALADR? 

 

DarkArtistry02

New member
Joined
Oct 13, 2020
Messages
4
Reaction score
0
Points
0
Age
24
I changed JE to JMP on Cheat Engine and it works but I don't know how to apply it on c++

 
Status
Not open for further replies.
Top Bottom