Thread: Bypass XTrap Memory Protection

[INFO]
XTrap scans its own memory + target exe memory and creates a crc of it, if you change something, it'll be detected in a few
seconds.
This is a short tutorial, how to bypass it.


The functon which scans is easy to find, set a page_guard on your page and log all accesses on it(The plugin "Stealth Edit 2"
for Cheat Engine does it well).

Once found, you've to find out the calling convention + parameters, it's hard to explain, try to find some information with
google.

The actual calling convention is:

Code:

int __cdecl newScanPage(int unknown, DWORD targetPage, unsigned int pageSize);

The rest is easy, hook the function and "fake" the page, you can map the original exe into the process or create second
page for every page once.

Code:

int __cdecl newScanPage(int unknown, DWORD targetPage, unsigned int pageSize)
{
	DWORD fakePage = createFakePage(targetPage);
	return origScanPage(unknown, fakePage, pageSize);
}

/*
...
*/

DWORD addr = FindPattern(baseAddress, codeSize, 
		 (BYTE*)"\x55\x8B\xEC\x83\xEC\x2C\x83\x7D\x10\x00\x75\x05\xE9\x00\x00\x00\x00\x8B\x45\x08\x8B\x48\x14\x8B\x55\x10\x8D\x04\xD1\x89\x45\xEC\x8B\x4D\x08\x8B\x55\xEC\x3B\x51\x14\x73\x0F\x8B\x45\x08\x8B\x48\x18\x83\xC1\x01\x8B\x55\x08",
		 "xxxxxxxxxxxxx????xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");

createFakePage(addr);
origScanPage = (typeScanPage) Detourfunction((PBYTE)addr, (PBYTE)newScanPage);

Have fun

Tell me you would know if this method works on the version of x-trap 5590
or runs in last chaos

in the version of x-trap 5590 official?

can use in xtrap 2012 6370?
in game dragona online?

Hi udword,

I know this post is kind of old but it is the only one that I found on the entire web that shows how to bypass xtrap by code.
I'm new to this stuff so would you please elaborate more in details?

Thanks
Andrew