I'm not real who can use this so i'll just release it all, if u have a specific antiss that is based of the size, this will help, but who knows. These are all the dll's that are loaded while ravenshield.exe is running, this includes all winsock, d3d, game, etc dll's.

WARNING: The dll base addresses are only for my computer so you can't use those, however u can get the same easily through a call to GetModuleHandle


//=======================
// drewpaul86 exe
//=======================
Ravenshield.exe: Base: 0x0810900000 Size: 0x00041606
ntdll.dll: Base: 0x087c900000 Size: 0x000b0000
kernel32.dll: Base: 0x087c800000 Size: 0x000f4000
Window.dll: Base: 0x0811000000 Size: 0x0005b000
Core.dll: Base: 0x0810100000 Size: 0x00179000
vorbisfile.dll: Base: 0x0810000000 Size: 0x00007000
ogg.dll: Base: 0x08320000 Size: 0x00006000
MSVCRT.dll: Base: 0x0877c10000 Size: 0x00058000
vorbis.dll: Base: 0x08330000 Size: 0x00017000
WINMM.dll: Base: 0x0876b40000 Size: 0x0002d000
USER32.dll: Base: 0x0877d40000 Size: 0x00090000
GDI32.dll: Base: 0x0877f10000 Size: 0x00046000
ADVAPI32.dll: Base: 0x0877dd0000 Size: 0x0009b000
RPCRT4.dll: Base: 0x0877e70000 Size: 0x00091000
SHELL32.dll: Base: 0x087c9c0000 Size: 0x00814000
SHLWAPI.dll: Base: 0x0877f60000 Size: 0x00076000
ole32.dll: Base: 0x08774e0000 Size: 0x0013d000
MSVCR71.dll: Base: 0x087c340000 Size: 0x00056000
Engine.dll: Base: 0x0810300000 Size: 0x004ec000
binkw32.dll: Base: 0x0830000000 Size: 0x00072000
AVIFIL32.dll: Base: 0x0873b50000 Size: 0x00017000
MSACM32.dll: Base: 0x0877be0000 Size: 0x00015000
MSVFW32.dll: Base: 0x0875a70000 Size: 0x00021000
COMCTL32.dll: Base: 0x085d090000 Size: 0x00097000
MSVCP71.dll: Base: 0x087c3a0000 Size: 0x0007b000
comdlg32.dll: Base: 0x08763b0000 Size: 0x00049000
comctl32.dll: Base: 0x08773d0000 Size: 0x00102000
Secur32.dll: Base: 0x0877fe0000 Size: 0x00011000
RICHED32.DLL: Base: 0x08732e0000 Size: 0x00005000
RICHED20.dll: Base: 0x0874e30000 Size: 0x0006c000
R6GAMESERVICE.dll: Base: 0x08ed0000 Size: 0x000a1000
R6Abstract.dll: Base: 0x08f80000 Size: 0x00014000
WS2_32.dll: Base: 0x0871ab0000 Size: 0x00017000
WS2HELP.dll: Base: 0x0871aa0000 Size: 0x00008000
OLEAUT32.dll: Base: 0x0877120000 Size: 0x0008c000
iphlpapi.dll: Base: 0x0876d60000 Size: 0x00019000
IPDRV.dll: Base: 0x08fc0000 Size: 0x00029000
WSOCK32.dll: Base: 0x0871ad0000 Size: 0x00009000
R6GAME.dll: Base: 0x083150000 Size: 0x0002d000
R6Engine.dll: Base: 0x083180000 Size: 0x0008f000
R6Weapons.dll: Base: 0x0810d0000 Size: 0x00010000
WINDRV.dll: Base: 0x0811100000 Size: 0x00026000
DINPUT8.dll: Base: 0x086ce10000 Size: 0x00038000
IMM32.dll: Base: 0x0876390000 Size: 0x0001d000
HID.DLL: Base: 0x08688f0000 Size: 0x00009000
SETUPAPI.DLL: Base: 0x0877920000 Size: 0x000f3000
WINTRUST.dll: Base: 0x0876c30000 Size: 0x0002e000
CRYPT32.dll: Base: 0x0877a80000 Size: 0x00094000
MSASN1.dll: Base: 0x0877b20000 Size: 0x00012000
IMAGEHLP.dll: Base: 0x0876c90000 Size: 0x00028000
D3DDRV.dll: Base: 0x0843e0000 Size: 0x0004a000
d3d8.dll: Base: 0x086d9a0000 Size: 0x00128000
d3d8thk.dll: Base: 0x086d990000 Size: 0x00006000
VERSION.dll: Base: 0x0877c00000 Size: 0x00008000
DDRAW.dll: Base: 0x0873760000 Size: 0x00049000
DCIMAN32.dll: Base: 0x0873bc0000 Size: 0x00006000
DAREAUDIO.dll: Base: 0x0839f0000 Size: 0x00010000
SNDDSound3DDLL_ret.dll: Base: 0x088770000 Size: 0x00067000
DSOUND.dll: Base: 0x0873f10000 Size: 0x0005c000
EAX.DLL: Base: 0x0887e0000 Size: 0x0001f000
SNDext_ret.dll: Base: 0x088800000 Size: 0x00007000
CLBCATQ.DLL: Base: 0x0876fd0000 Size: 0x0007f000
COMRes.dll: Base: 0x0877050000 Size: 0x000c5000
wdmaud.drv: Base: 0x0872d20000 Size: 0x00009000
msacm32.drv: Base: 0x0872d10000 Size: 0x00008000
midimap.dll: Base: 0x0877bd0000 Size: 0x00007000
KsUser.dll: Base: 0x0873ee0000 Size: 0x00004000
pbsv.dll: Base: 0x08c310000 Size: 0x000bf000
pbcls.dll: Base: 0x08c3e0000 Size: 0x00081000
pbags.dll: Base: 0x08c480000 Size: 0x00016000
mswsock.dll: Base: 0x0871a50000 Size: 0x0003f000
DNSAPI.dll: Base: 0x0876f20000 Size: 0x00027000
winrnr.dll: Base: 0x0876fb0000 Size: 0x00008000
WLDAP32.dll: Base: 0x0876f60000 Size: 0x0002c000
rasadhlp.dll: Base: 0x0876fc0000 Size: 0x00006000
pbcl.dll: Base: 0x08c940000 Size: 0x00081000
pbag.dll: Base: 0x08ce10000 Size: 0x00016000



In case anyone was wondering, yes this was generated externally from the game, meaning nothing was injected into the games process.

prolly dumb question but what those do? lol

the base address is used in a call to getprocaddress which gives u the address of any exported function in the individual dll, and the size is just the size of the dll.

the reason i got these is because i am working on a way to hack the game without injecting a dll, but in doing so u can't use either getprocaddress or getmodulehandle. so as a result if u figure out the change in address from the base to a function u want to hook, u can just add the amount of bytes between the base and the function.

or if ur making an antiss that is based on the _ReturnAddress() of a call to GetForegroundWindow() for instance, you can instead base it on the size instead of logging the specific address making it so the particular antiss dll will never have to become updated unless the particular hook is detected.

for example, in a dll that you inject (as most antiss's out there are), you can use the above information to do this:

if ( (DWORD)_ReturnAddress() >= GetModuleHandle("pbcl.dll") && (DWORD)_ReturnAddress() <= GetModuleHandle("pbcl.dll") + 0x00081000 )
//Block SS



...u asked lol



or of course u can use this information for developing a winsock hook in conjunction with what dc had posted earlier.

or it shows that it is possible for people to hack at the game externally leaving very little marks, for instance making retlock, or the other things lion had released a while back, or possibly d3d hooks. who knows, there's unlimited possiblities.

o, and for those that are considering hooking winsock. wsock32.dll appears to be a wrapper for ws2_32.dll (pb makes calls only to wsock32.dll)