unknowncheats uc-forum.com ucdownloads ucdownloads.com

Go Back   UC-Tutorials - Multiplayer Game Hacking and Cheat Tutorials > Anti-Cheat Bypass > PunkBuster
Reload this Page Defeating punkbuster whitelist detection
- Sponsored Advertisement -
http://www.myfpscheats.com/


Reply
 
Thread Tools Display Modes
  #1  
Old 06-29-2007, 03:18 AM
zero_tolerance zero_tolerance is offline
Senior Member
  
Join Date: Dec 2006
Posts: 289
Default Defeating punkbuster whitelist detection
By: Okidoki




Hi,

Here is a way of not being detected by the PB whitelist checks.

You have to hook FindFirstFileA and FindNextFileA ( kernel32.dll exports ), and find the size of your pbcl.dll.

Here are the hooked functions:
PHP Code:
// Credits: phrak, Game Deception

typedef BOOL WINAPI *FindNextFileA_t )( HANDLE hFindFileLPWIN32_FIND_DATA lpFindFileData );
typedef HMODULE WINAPI *FindFirstFileA_t )( LPCTSTR lpFileNameLPWIN32_FIND_DATA lpFindFileData );

FindFirstFileA_t pFindFirstFileA 0;
FindNextFileA_t pFindNextFileA 0;

char *g_pszFileName "Whatever";        // replace it by your file name

DWORD g_dwPbclBase;                // = ( DWORD )GetModuleHandle( "pbcl.dll" );
DWORD g_dwPbclSize 0x84000;        // replace it by the correct pbcl.dll size

extern "C" void *_ReturnAddressvoid );

//========================================================================


HANDLE WINAPI _FindFirstFileALPCTSTR lpFileNameLPWIN32_FIND_DATA lpFindFileData )
{
    DWORD dwReturnAddress PtrToUlong_ReturnAddress( ) );

    int iLoop 1;

    HANDLE hReturn pFindFirstFileAlpFileNamelpFindFileData );

    if( dwReturnAddress >= g_dwPbclBase && dwReturnAddress <= ( g_dwPbclBase+g_dwPbclSize ) )
    {
        while( iLoop && !_strnicmplpFindFileData->cFileNameg_pszFileNamestrleng_pszFileName ) ) )
            iLoop pFindNextFileAhReturnlpFindFileData );

        if( !iLoop )
            hReturn INVALID_HANDLE_VALUE;
    }

    return hReturn;
}

//========================================================================

BOOL WINAPI _FindNextFileAHANDLE hFindFileLPWIN32_FIND_DATA lpFindFileData )
{
    DWORD dwReturnAddress PtrToUlong_ReturnAddress( ) );

    BOOL bReturn FindNextFileACallhFindFilelpFindFileData );

    if( dwReturnAddress >= g_dwPbclBase && dwReturnAddress <= ( g_dwPbclBase+g_dwPbclSize ) )
    {
        do 
        {
            bReturn FindNextFileACallhFindFilelpFindFileData );
        } while( !_strnicmplpFindFileData->cFileNameg_pszFileNamestrleng_pszFileName ) ) && bReturn );

        if( !bReturn )
            memsetlpFindFileData0sizeofLPWIN32_FIND_DATA ) ); 
    }

    return bReturn;

now your custom file shouldn't been detected anymore by PB whitelist checks, this code is 100% working for up to date FarCry 1.4 punkbuster client

Regards.
Reply With Quote
Reply

  • Submit Thread to Digg
  • Submit Thread to del.icio.us
  • Submit Thread to StumbleUpon
  • Submit Thread to Google
  • Submit Thread to Facebook
  • Submit Thread to My Yahoo!
  • Submit Thread to MySpace
  • Submit Thread to Twitter
  • Submit Thread to Reddit

Tags
defeating, detection, punkbuster, whitelist

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT. The time now is 07:18 PM.

Contact Us - Archive