View Single Post
Old 10-24-2012, 11:57 AM   #32 (permalink)
Junior Member
Join Date: Oct 2012
Posts: 29
Thanks: 0
Thanked 1 Time in 1 Post
MrTiger is an unknown quantity at this point


Originally Posted by Atmosk View Post
Ok detections can only happen in 2 ways:

1.) Detect signature strings/injection points
2.) Detect modified memory

PB has an onupdate routine that changes the region it looks at randomly at different times. Guess what? You can hook that and essentially prevent it from doing anything.

Problem is that it changes all the time so you can't predict when it'll change.

BUT: Dogmatt has this driver protection shits and I have no idea what it does or how it works, but it's supposed to be the best.

Whatever man, worry about detections, I'll be out there raping face with my hags, thanks to eld and nubleng.
Mother of god. I love it when someone that has no idea talks just to talk.

If you honestly think those two are the only ways of discovering a hack I'm really wasting my breath and time.

I did it as a favor, pointing out easy fixes and weaknesses. If you want to be an ostrich with yer head stuck in the ground go ahead.

Taking things out of context and replying with nonsensical bullshit is just the a-typical annoying kissass retard.

First of all - PunkBuster is not a threat, unless yer retarded. Ways of bypassing the debugging func, ss func and kick func and even replacing the GID are widely available.

However, detecting this hack is easy. Want to know how? Sure I'll let you know as a proof of concept.

First of all the config writes to a certain mapfolder, not hard to check or see the writing happen or monitor for it.

Theirs a full load of files that remain on the computer how hard is it to check the MD5/hash/CRC32-signature? Not hard at all.

Monitor which engine functions are being called - profit.

It runs in ring3 - very easy to detect.

I checked around the driverprotection, not to tamper just to see what I could get from it without triggering anything - it's not rootkit level. Which basically makes it null and void.

Theirs a whole more to detecting hacks then

1.) Detect signature strings/injection points
2.) Detect modified memory

MrTiger is offline