By:
gC_Admin
this is before PB started loading its services and system files
Code:
int __cdecl npb_CompileHash( char* szFinal, int iSize, char* szWTF, char iAdd )
{
__asm
{
mov dwCurrentByte, esi; //current byte ( increment )
pushad;
mov ecx, [ ebp - 0x0DCC ];
mov dwCurrentScan, ecx; //address of the scan
popad;
}
if( dwCurrentScan == 0x943A3E ) //warrock player boxes cvar
{
if( dwCurrentByte == 0 )
{
_asm mov iAdd, 0; //cvar check
}
}
if( dwCurrentScan > dwD3D8 && dwCurrentByte < 7 ) //d3d8 dip scan
{
iAdd = ( char )dwDirectXBackup[ dwCurrentByte ];
//for DIP ( backup bytes to spoof the buffer )
}
return ppb_CompileHash( szFinal, iSize, szWTF, iAdd );
}
DWORD WINAPI dwPBWait( LPVOID )
{
CDetour pbcl_hash;
ppb_CompileHash = ( pb_CompileHash_t )pbcl_hash.Create( ( BYTE* )( ( dwPBCL ) + 0x3DFC ), ( BYTE* )npb_CompileHash, DETOUR_TYPE_PUSH_RET );
return 0;
}
it is detected and will result in a 1440 hardware ban, and a perm account ban in warrock but should work for older games, if you want to find the hashing information passed through these functions you can hook strlen or _vsnprintf, make sure to use returnaddress
key identifiers for hashes are generally, but not always start with "1_", they use it to hash d3d8 ( or d3d9 scans, as i found in BF2 before the update ) as well as game scans of sorts
ive heard this method is still undetected if you use SEH hooking
its very complicated in the inner-workings so i wont explain more then that, have fun
PB Bypass [Pre Sys] 
Linear Mode
