Welcome to Ramleague,

Ramleague - the best site for pinoy chat, games chat and mobiles chat,

Sign Up
  1. Hello guest Guest , Are you tired from Ads? to remove some ads you need to register and be active. :D

[Source Code] PointBlank Bypass

Discussion in 'Point Blank' started by zNova, Apr 5, 2020.

  1. zNova True God Gamer
    Member Lvl2

    zNova
    Joined:
    Oct 7, 2017
    Posts:
    912
    Reputation:
    52
    Thanks:
    212
    Psychedelic

    PointBlank Bypass

    Code:
    class MemoryFinderAPI
    {
    public:
        char* fpattern;//tmp var
        DWORD dpattern;//tmp var
        char* mask;//tmp var
        MemoryFinderAPI(){}
        MemoryFinderAPI(DWORD pattern,char* pmask) {
            dpattern = pattern;
            mask = pmask;
        }
        MemoryFinderAPI(char* pattern,char* pmask) {
            fpattern = pattern;
            mask = pmask;
        }
    };
    
    DWORD AddrToJmp = (DWORD)HideAPI::GetModuleHandleHidden("cb.cbm") + 0x307F0;// 0x30810;
    void __declspec(naked) HookMem()
    {
        __asm jmp AddrToJmp
    }
    class MemAPI
    {
    public:
        std::vector<MemoryFinderAPI> MemoryTamper;
        void Bypass(MemoryFinderAPI memory)
        {
            DWORD CurItem = (DWORD)FindPatternByDump(memory.fpattern, memory.mask);
            DWORD ItemToBypass = CurItem + 0x5;
         //Func::LogFunction("Item %X %X", CurItem, ItemToBypass);
            Func::DetourCreate1(ItemToBypass, (DWORD)HookMem, 0x5);
            Sleep(10);
        }
    
        DWORD Scan(char* pattern, char* mask)
        {
            DWORD Tmp = NULL;
            Tmp = (DWORD)FindPatternByDump(pattern, mask);
            return Tmp;
        }
    
    };
    MemAPI memoryscanner;
    
    
    Usage :
    memoryscanner.Bypass(MemoryFinderAPI((PCHAR)"\x68\x04\x00\x00\x00\xE9", (PCHAR)"xxxxxx"));
    
    
    Here's the old bypass that i made and is still working.
    This is a bypass for cb.cbm or cheat blocker module that checks the call of their in-game functions.
    You will notice after the cb.cbm is loaded several functions will turn into jmp instead of push ebp.
     
    Last edited: Apr 5, 2020
    • BE A GAMER - RAMLeague
  2. phenx123 Active Member
    Member Lvl1

    phenx123
    Joined:
    Dec 20, 2014
    Gender:
    Female
    Posts:
    32
    Reputation:
    0
    Thanks:
    1
    Location:
    QUEZON CITY
    Philippines
    Can i ask? How to use it the source code?? :( Im Playing Point Blank. please i want to by bass the cheat blocker.
     
  3. nmaikaze Member
    Member Lvl1

    nmaikaze
    Joined:
    Sep 24, 2015
    Gender:
    Male
    Posts:
    5
    Reputation:
    0
    Thanks:
    0
    is this can do bypass (isDebuggerPresent) ???
     
  4. zNova True God Gamer
    Member Lvl2

    zNova
    Joined:
    Oct 7, 2017
    Posts:
    912
    Reputation:
    52
    Thanks:
    212
    Psychedelic
    Nope but the game is simply redirecting a jmp to ntdll function that prevents Debugger attachment.
     
  5. nmaikaze Member
    Member Lvl1

    nmaikaze
    Joined:
    Sep 24, 2015
    Gender:
    Male
    Posts:
    5
    Reputation:
    0
    Thanks:
    0
    okay i get it.

    by the way, i was trying to reversing & dumped cb.cbm with using x64dbg & scylla, and here i got and i don't know its useful or not maybe you can check it /pls

    [​IMG]
    Please Login/Register to view links
    seems like cb.cbm detecting debugger path with this function

    Please Login/Register to view links <-- here the dump files :)
     
  6. zNova True God Gamer
    Member Lvl2

    zNova
    Joined:
    Oct 7, 2017
    Posts:
    912
    Reputation:
    52
    Thanks:
    212
    Psychedelic
    This is what they are doing to detect debugger though if you want to use one leaving these functions untouched, use dbvm or ring0 driver of c.e and use kernel mode debugger.
    Code:
    [4920] PointBlank.exe->ntdll.dll!RtlGetFullPathName_U           || 0x777EE23B => [0x0F6F1E50] :: cb.cbm+0x21E50        || Inline - Detour [5 Bytes] || mov edi, edi   || jmp 0F6F1E50h
    [4920] PointBlank.exe->ntdll.dll!LdrLoadDll                     || 0x777EEB2A => [0x00A5F2D0] :: PointBlank.exe+0xF2D0 || Inline - Detour [5 Bytes] || mov edi, edi   || jmp 00A5F2D0h
    [4920] PointBlank.exe->ntdll.dll!DbgUiRemoteBreakin             || 0x7784F3AA => [0x0012000F] :: $exR120000+0xF        || Inline - Detour [5 Bytes] || push 00000008h || jmp 0012000Fh
    [4920] PointBlank.exe->kernel32.dll!LoadLibraryW                || 0x76F1482B => [0x00A5F3B0] :: PointBlank.exe+0xF3B0 || Inline - Detour [5 Bytes] || mov edi, edi   || jmp 00A5F3B0h
    [4920] PointBlank.exe->kernel32.dll!LoadLibraryA                || 0x76F148D7 => [0x00A5F320] :: PointBlank.exe+0xF320 || Inline - Detour [5 Bytes] || mov edi, edi   || jmp 00A5F320h
    [4920] PointBlank.exe->kernel32.dll!SetUnhandledExceptionFilter || 0x76F187E1 => [0x0396D710] :: CrashTrace.dll+0xD710 || Inline - Detour [5 Bytes] || mov edi, edi   || jmp 0396D710h
    
    --- Last post, May 13, 2020, Original Post Date: May 13, 2020 ---
    The format is :
    Address - Hook Redirection - Hook Type - Orig bytes - modified bytes
     
  7. nmaikaze Member
    Member Lvl1

    nmaikaze
    Joined:
    Sep 24, 2015
    Gender:
    Male
    Posts:
    5
    Reputation:
    0
    Thanks:
    0
    Thank you, for correcting =]

    by the way, that's good stuff
     
Loading...

Advertisement

Similar Threads Forum Date
Help me bypass pbid.exe garena pointblank indonesia Point Blank Source Code & Tutorials May 26, 2017
Give Me Source Code BYPASS XIGNCODE3 PointBlank Point Blank Source Code & Tutorials Dec 31, 2015
Bypass para todos pointblank com Xigncode3 Point Blank Source Code & Tutorials Nov 4, 2015
For Daily Updates of pointblank Cheat. Point Blank Jul 22, 2020
Pointblank PH Cheat July 06 2020 Point Blank Jul 6, 2020
Pointblank Cheat Working 7.04.2020 Point Blank Jul 4, 2020

Tags for this Thread

:

Share This Page