tocaedit How do I cheat? Reputation: 0
Joined: 26 Aug 2012 Posts: 3
|
Posted: Wed Aug 29, 2012 10:32 am Post subject: bypass integrity check without stealthedit |
|
|
Another way I found to bypass integrity checks is to search near your target dynamic memory address for possible base code (usually numbers between 00400000 to 02000000)
chances are you'll find a pointer to a function list which is also in base code, who's functions are being called on a regular basis to update the target value.
you don't want to edit the base code because that will trigger a crc check, so you make a copy of the function pointer list in some allocated memory , then modify the pointer you find and point it to your copy of the function list, edit the function you want to replace (storing the original value for later use) and point it to your function, voila you have stealth code running
(pointer to the function list must be in dynamic memory)
now your function will be called by something like
call eax
call edx...
ok fine but say you want to run your code after the call
you do something like this
Code: |
push eax
mov eax, [esp+0x4]
mov CALLER, eax
pop eax
add esp, 0x4 //important bit
call OLDFUNC
pushAll
call DoFrame
popAll
jmp CALLER
|
this is for a proxy dll, but may also work with injected dll or codecave
this way you could have the game run a copy of a few functions in your allocated space then just return to the caller. finding the right function in the pointerlist you want to edit is the hardest part, also it relies on the initial pointer being near the target value and associated with its change, you will need to know the pointer path to the dynamic memory with the target
couple advantages over stealthedit; small package, no DEP required, no admin rights required
|
|