Gurud's PoE Trainer FullBight, Maphack and Zoomhack 1.0.0.e+

[gurud]

i started it while in game.. but i just did it b4 poe opened and it said injecting at bottom then it says done ty

in game nothing working tho lol, all cheats atm, windows 7

go to the config.ini file and increase the InjectDelay (in ms) this might be it, if this don't work do you have cheat engine installed? sometimes the CE trainer don't like people with no cheat engine installed

[datz]

changed it from 500 to 600 didnt work.. changed it to 1000 still dont work, i have ce installed version 6.3 i believe

[gurud]

changed it from 500 to 600 didnt work.. changed it to 1000 still dont work, i have ce installed version 6.3 i believe

create a new account and use the detected.exe there see if they are working

[datz]

nope not working either lol

weird.

[gurud]

nope not working either lol

weird.

PM'ed you with a possible solution

[datz]

tried it restarted comp as promted and does not do anything different than before.. i also tried running windowed mode and full screen idk if that would change but it didnt lol

[gurud]

tried it restarted comp as promted and does not do anything different than before.. i also tried running windowed mode and full screen idk if that would change but it didnt lol

maybe your antivirus could be deleting required files like:
inject.dll
resource/hidden-x32x64.dll
resource/hide.exe

[datz]

maybe your antivirus could be deleting required files like:
inject.dll
resource/hidden-x32x64.dll
resource/hide.exe

ok ill try

i got full bright to work somehow although the rest do not

disabled avg still not working lol

[randomSir]

Reversed the new version, can confirm both signature scans return the correct values so this should be safe to use right now.
Keep in mind that they could update the AC at any time to detect this or any other memory modifying hacks.

[doragon]

Reversed the new version, can confirm both signature scans return the correct values so this should be safe to use right now.
Keep in mind that they could update the AC at any time to detect this or any other memory modifying hacks.

+1


it's a safe but in future it can be detectable by this

PHP Code:

PVOID __userpurge sub_9C8530@<eax>(int hash@<eax>, int shiftedHash)
{
  DWORD processId; // eax@1
  HANDLE handle; // ebx@2
  PVOID baseAdress; // ebp@4
  int size; // edi@4
  void *lpBuffer; // esi@6
  MEMORY_BASIC_INFORMATION memBasicInfo; // [sp+4Ch] [bp-1Ch]@1

  memBasicInfo.BaseAddress = 0;
  _mm_storel_epi64(&memBasicInfo.AllocationBase, 0i64);
  _mm_storel_epi64(&memBasicInfo.RegionSize, 0i64);
  _mm_storel_epi64(&memBasicInfo.Protect, 0i64);
  processId = GetProcessId_9C7D40(hash);
  if ( !processId )
    return 0;
  handle = faddr_OpenProcess_C9079C(PAGE_WRITECOMBINE|PAGE_EXECUTE, 0, processId);
  if ( !handle || !faddr_VirtualQueryEx_C90FD8(handle, 0, &memBasicInfo, 28) )
    return 0;
  while ( 1 )
  {
    baseAdress = memBasicInfo.BaseAddress;
    size = memBasicInfo.RegionSize;
    if ( !(memBasicInfo.State & MEM_COMMIT)
      || !(memBasicInfo.AllocationProtect & (PAGE_EXECUTE_WRITECOPY|PAGE_EXECUTE_READWRITE|PAGE_EXECUTE)) )
      goto LABEL_8;                             // region is protected go next
    lpBuffer = faddr_VirtualAlloc_C90FBC(0, memBasicInfo.RegionSize, MEM_COMMIT, PAGE_READWRITE);
    faddr_ReadProcessMemory_C91004(handle, baseAdress, lpBuffer, size, 0);// dump region
    if ( sub_9C8410(lpBuffer, size, shiftedHash) )
      return baseAdress;
    faddr_VirtualFree_C90FF4(lpBuffer, 0, MEM_RELEASE);
LABEL_8:
    if ( !faddr_VirtualQueryEx_C90FD8(handle, baseAdress + size, &memBasicInfo, 28) )
      return 0;
  }
}

DWORD __usercall GetProcessId_9C7D40@<eax>(int hash@<edi>)
{
  int hProcessSnap; // esi@1
  unsigned int length; // eax@2
  char *name; // edx@2
  int i; // ecx@2
  DWORD result; // eax@6
  PROCESSENTRY32 pe32; // [sp+10h] [bp-12Ch]@1

  hProcessSnap = faddr_CreateToolhelp32Snapshot_C90FE4(TH32CS_SNAPPROCESS, 0);
  pe32.dwSize = 296;
  if ( faddr_Process32First_C90FF8(hProcessSnap, &pe32) )
  {
    while ( 1 )
    {
      length = strlen(pe32.szExeFile);
      name = pe32.szExeFile;
      for ( i = 5381; length; --length )
        i = 33 * i + *name++;
      if ( i == hash )
        break;
      if ( !faddr_Process32Next_C91008(hProcessSnap, &pe32) )
        goto LABEL_6;
    }
    result = pe32.th32ProcessID;
  }
  else
  {
LABEL_6:
    faddr_CloseHandle_C90FE8(hProcessSnap);
    result = 0;
  }
  return result;
} 


so don't forget rename Launcher exe to another name!!!

[immor]

cheating suxx but i do like the gui!
+1

[Philss]

Thanks guruud you are awsome!

[Ouariasse]

Careful this can be detected on the fly if they decide to update their anti cheat server side.

[bnet4sale]

Quick q, What's to stop them from checking the Details of an exe for things like "by Gurud"?

[randomSir]

Quick q, What's to stop them from checking the Details of an exe for things like "by Gurud"?

It would be trivially easy for them to detect this any number of ways since it's public.
I predict they will just add one or two more sigs to scan, since that seems to be the only function of the anti cheat that is currently executed at all.