[USF]String Patch (Client Bypass)

cudak

Veteran Member

Status: Offline

Posts: 46

Date: Mar 14, 2011

[USF]String Patch (Client Bypass)

t is a large assembly patch which should replace all the blacklisted strings.

(example written in C++)
(Client patch in asm->hex)

BOOL g_bActive =false;

BYTE g_bStringScan_Original[0x148]= 
{
        0x6F,0x6C,0x6C,0x79,0x64,0x62,0x67,0x2E,
        0x65,0x78,0x65,0x00,0x6D,0x6C,0x62,0x2E, 
        0x65,0x78,0x65,0x00,0x6D,0x6C,0x65,0x6E,
        0x67,0x69,0x6E,0x65,0x2E,0x65,0x78,0x65, 
        0x00,0x00,0x00,0x00,0x7A,0x69,0x64,0x20,
        0x65,0x6E,0x67,0x69,0x6E,0x65,0x2E,0x65, 
        0x78,0x65,0x00,0x00,0x72,0x79,0x75,0x20,
        0x65,0x6E,0x67,0x69,0x6E,0x65,0x2E,0x65, 
        0x78,0x65,0x00,0x00,0x73,0x6F,0x72,0x61,
        0x65,0x6E,0x67,0x69,0x6E,0x65,0x2E,0x65, 
        0x78,0x65,0x00,0x00,0x73,0x79,0x73,0x74,
        0x65,0x6D,0x63,0x61,0x31,0x31,0x73,0x69, 
        0x67,0x6E,0x61,0x6C,0x2E,0x65,0x78,0x65,
        0x00,0x00,0x00,0x00,0x73,0x79,0x73,0x74, 
        0x65,0x6D,0x72,0x65,0x74,0x72,0x69,0x65,
        0x76,0x65,0x72,0x2E,0x65,0x78,0x65,0x00, 
        0x6B,0x65,0x72,0x6E,0x65,0x6C,0x6D,0x6F,
        0x64,0x75,0x6C,0x65,0x75,0x6E,0x6C,0x6F, 
        0x61,0x64,0x65,0x72,0x2E,0x65,0x78,0x65,
        0x00,0x00,0x00,0x00,0x65,0x6D,0x70,0x74, 
        0x79,0x70,0x72,0x6F,0x63,0x65,0x73,0x73,
        0x2E,0x65,0x78,0x65,0x00,0x00,0x00,0x00, 
        0x61,0x62,0x79,0x73,0x73,0x77,0x73,0x2E,
        0x65,0x78,0x65,0x00,0x6D,0x6F,0x6F,0x6E, 
        0x6C,0x69,0x67,0x68,0x74,0x65,0x6E,0x67,
        0x69,0x6E,0x65,0x2E,0x65,0x78,0x65,0x00, 
        0x53,0x46,0x48,0x2E,0x65,0x78,0x65,0x00,
        0x43,0x68,0x65,0x61,0x74,0x20,0x45,0x6E, 
        0x67,0x69,0x6E,0x65,0x20,0x35,0x2E,0x32,
        0x20,0x43,0x6C,0x69,0x65,0x6E,0x74,0x00, 
        0x43,0x68,0x65,0x61,0x74,0x20,0x45,0x6E,
        0x67,0x69,0x6E,0x65,0x20,0x35,0x2E,0x32, 
        0x20,0x53,0x65,0x72,0x76,0x65,0x72,0x00,
        0x43,0x68,0x65,0x61,0x74,0x20,0x45,0x6E, 
        0x67,0x69,0x6E,0x65,0x20,0x35,0x2E,0x33,
        0x00,0x00,0x00,0x00,0x41,0x64,0x76,0x61, 
        0x6E,0x63,0x65,0x64,0x20,0x52,0x65,0x64,
        0x44,0x6F,0x74,0x20,0x44,0x72,0x61,0x77, 
        0x69,0x6E,0x67,0x20,0x53,0x79,0x73,0x74,
        0x65,0x6D,0x00,0x00,0x49,0x50,0x32,0x00, 
        0x73,0x65,0x73,0x73,0x69,0x6F,0x6E,0x20
};

BYTE g_bStringScan_Bypass[0x148];

voidStringScan_Patch(DWORD *pStringScan)
{
        for(int i =0; i <sizeof(g_bStringScan_Original); i++)
        {
                if(g_bStringScan_Original[i]!=0&& g_bStringScan_Original[i]!=0x65)
                {
                        g_bStringScan_Bypass[i]=0x78;
                }
                else
                {
                        g_bStringScan_Bypass[i]= g_bStringScan_Original[i];
                }
        }

        memcpy(pStringScan, g_bStringScan_Bypass,sizeof(g_bStringScan_Bypass));

        g_bActive =true;
}

voidStringScan_UnPatch(DWORD *pStringScan)
{
        memcpy(pStringScan, g_bStringScan_Original,sizeof(g_bStringScan_Original));
        g_bActive =false;
}

Credit me or don't, it dosn't really matter.

#define STARTOFSTRINGS 0x9C74F8

Patches Strings:

Ollydbg
Cheatengine5.2and5.3
kernelmoduleloader
AdvancedRedDotDrawingSystem
mlengine.exe
zidengine.exe
ryuengine.exe
soraengine.exe
systemcallsignal.exe
systemretrieve.exe
SFH.exe
moonlightengine.exe

__________________

Moderator [X] /yea !

Administrator [ ]

Frederick WT hack owner [ ]

20 posts [X] 50 posts []

Srry for my bad english i'm form Poland ^^

Mikail601

Veteran Member

Status: Offline

Posts: 27

Date: Mar 14, 2011

	Permalink
LoL what means all that thingyss XD __________________ Rackrz

cudak

Veteran Member

Status: Offline

Posts: 46

Date: Mar 14, 2011

	Permalink
Its a patch for bypass...read the topic :) __________________ Moderator [X] /yea ! Administrator [ ] Frederick WT hack owner [ ] 20 posts [X] 50 posts [] Srry for my bad english i'm form Poland ^^