Results 1 to 5 of 5
  1. #1
    udword
    Guest

    Bypass XTrap Memory Protection

    [INFO]
    XTrap scans its own memory + target exe memory and creates a crc of it, if you change something, it'll be detected in a few
    seconds.
    This is a short tutorial, how to bypass it.


    The functon which scans is easy to find, set a page_guard on your page and log all accesses on it(The plugin "Stealth Edit 2"
    for Cheat Engine does it well).

    Once found, you've to find out the calling convention + parameters, it's hard to explain, try to find some information with
    google.

    The actual calling convention is:
    Code:
    int __cdecl newScanPage(int unknown, DWORD targetPage, unsigned int pageSize);
    The rest is easy, hook the function and "fake" the page, you can map the original exe into the process or create second
    page for every page once.

    Code:
    int __cdecl newScanPage(int unknown, DWORD targetPage, unsigned int pageSize)
    {
    	DWORD fakePage = createFakePage(targetPage);
    	return origScanPage(unknown, fakePage, pageSize);
    }
    
    /*
    ...
    */
    
    DWORD addr = FindPattern(baseAddress, codeSize, 
    		 (BYTE*)"\x55\x8B\xEC\x83\xEC\x2C\x83\x7D\x10\x00\x75\x05\xE9\x00\x00\x00\x00\x8B\x45\x08\x8B\x48\x14\x8B\x55\x10\x8D\x04\xD1\x89\x45\xEC\x8B\x4D\x08\x8B\x55\xEC\x3B\x51\x14\x73\x0F\x8B\x45\x08\x8B\x48\x18\x83\xC1\x01\x8B\x55\x08",
    		 "xxxxxxxxxxxxx????xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
    
    createFakePage(addr);
    origScanPage = (typeScanPage) Detourfunction((PBYTE)addr, (PBYTE)newScanPage);

    Have fun

  2. The Following User Says Thank You to udword For This Useful Post:


  3. #2
    plasen
    plasen is offline
    Guest
    Join Date
    2012 Dec
    Posts
    2
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0

    x-trap last chaos

    Tell me you would know if this method works on the version of x-trap 5590
    or runs in last chaos

  4. #3
    plasen
    plasen is offline
    Guest
    Join Date
    2012 Dec
    Posts
    2
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0

    ???

    in the version of x-trap 5590 official?

  5. #4
    voltsgea
    voltsgea is offline
    New member
    Join Date
    2012 Jul
    Posts
    6
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    2
    Thanked in
    2 Posts
    Rep Power
    0
    can use in xtrap 2012 6370?
    in game dragona online?

  6. #5
    andrewfam
    andrewfam is offline
    Guest
    Join Date
    2013 Dec
    Posts
    1
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0

    RE: Bypass XTrap Memory Protection

    Hi udword,

    I know this post is kind of old but it is the only one that I found on the entire web that shows how to bypass xtrap by code.
    I'm new to this stuff so would you please elaborate more in details?

    Thanks
    Andrew

Similar Threads

  1. HackShield memory protection bypass
    By Dwar in forum Anti-Cheat Systems
    Replies: 24
    Last Post: 2014-09-13, 03:00 AM
  2. xTrap bypass
    By Dilof in forum Martial Empires
    Replies: 4
    Last Post: 2011-06-10, 05:04 AM
  3. byPass xtrap
    By bhebhe in forum Aika Online
    Replies: 0
    Last Post: 2010-11-10, 07:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •