PDA

View Full Version : PB Proof with 2 Byte Nop

Tetsuo Umezawa
3rd July 2007, 23:15
Here i have found an Offset in IDA which u just nop out and PB wont do anything!

I know that this would not work for long now but many poor Coders use this Offset to sell their hacks and this couldn't be right because this Offset has one Problem! It seems that PB dont scan or do anything if it is nopped out! So Updates to the Server are also off and after some time you would probably be kicked!

The risk if thats got detected would definately be an HW-BAN because u change an Offset within pbcl!

So now the Offset for BF2 is pbclbase + 0x5da0

and for BF2142 the Offset is pbclbase +0x5dc0

At these Offsets just a simple 2 Byte nop and PB is ****ed off!

BYTE Nop2Bytes[2] = {0x90,0x90};

//For BF2
WriteProcessMemory(hand, (void*)(PbclBase + 0x5da0), &Nop2Bytes,2, &bytes);

//For BF2142
WriteProcessMemory(hand, (void*)(PbclBase + 0x5dc0), &Nop2Bytes,2, &bytes);

Thats all

Use it as long it works!

Have fun

Tetsuo Umezawa
wick2o
5th July 2007, 05:11
has anyone been able to confirm/deny this?
scruie
5th July 2007, 05:44
Yes this works: LINK (http://72.22.88.85/forum/showthread.php?t=46730)


Read the whole thread as someone explained the BF2 side of things.

And this will lead to a PB hard ware ban!
wick2o
5th July 2007, 05:55
This is interesting....would be even more intresting if there is some virtual pointer that could be changed... just an idea i have yet to research
snipester
5th July 2007, 18:34
noping the offset itself only works in 2142 as in bf2 the pbcl writes over it. I can confirm it works in 2142.
scruie
5th July 2007, 18:42
noping the offset itself only works in 2142 as in bf2 the pbcl writes over it. I can confirm it works in 2142.

Doesn't the following work for BF2 as quoted by Roverturbo;

Oh you beat me to it, i was going to post something similar this coming week. Great work okidoki.

For anyone wanting to attempt this in BF2, the information is as follows:

Code:

BF2 (v1.289 | A1381)

int __cdecl sub_10031920(_MEMORY_BASIC_INFORMATION Buffer)

It is called the same way as the farcry version so use the same prototype.
Spontaneous
6th July 2007, 10:16
Might I add this is not the first time such an idea was brought to light. I remember back in the day of PunkBuster Buster made by test0r. I think it was orignally made for bfvietnam. See little do you know, PB can turn on and off a SECONDARY scanner to scan their own dlls for modification. This is how PB orignally detected this method back then. I am sure PB will get a report of people using this method again, and turn on the scanner.

Not to mention that such a method will lead global bans(GUID and HardWare).
repoman1
25th July 2007, 18:36
anybody still know if this is undetected?