mr.panzerschreck
How do I cheat?
![]() Reputation: 0
Joined: 15 Nov 2016
Posts: 2
|
 Posted: Thu Dec 15, 2016 12:56 pm Post subject: XTrap hooks |
 |
|
I successfully managed to bypass process detection, but once I'm attaching CE to a game I got instantly detected. To get past thought this problem before I used to fake StartService function returning invalid handle therefore driver doesn't being loaded. Unfortunately it seems like they changed their stuff, so StartService doesn't gets called and I can't even see X6Va063.sys in executable memory.
I tried to remove their callbacks (ObRegisterCallback) through WIN64AST, but neither removing nor disabling it doesn't do any effect. I'm thinking it's ZwOpenProcess which being hooked and monitored from kernel, but I'm not that sure. I would like to ask if there's a way to know what exact functions XTrap hooking to get their protection done (assuming I'm on 64 bit system?). I mean there surely must be some utility which can let me monitor the various type of kernel hooks made by exact driver or the way to reverse a .sys file to exract this kind of information.
There's also a TitanHide driver, I managed to load it in my system by disabling patch guard and signing mode and seems like it gets loaded successfully (at least tools like WIN64AST and PC monitor see it running) , but I haven't managed to past test application with success and CE still got detected (obv. with disabling/removing callbacks). It would be great if someone can also confirm if it works , but just thinking out load.
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
