Search the Community
Showing results for tags 'modding' or ''.
-
The antivirus software uses two methods to protect our PC: 1 - Analyze the files comparing them with the database of malicious software (Signatures) would be like a police reconnaissance wheel or when trying to identify a criminal with a photo: The antivirus compares each file on the hard drive with a "dictionary" of known viruses. If any piece of code (signatures) in a file on the hard drive matches the virus known in the dictionary, the antivirus software comes into play and 2 the constant monitoring of the behavior of files that may be infected. For example Seeing it from Binary, let's suppose that for Avast this code is a virus signature "12 55 40 05" when analyzing the binary and find this: Automatically Skip as a virus Av Fucker Method With this method we will look for the signature and we will change its code so that Avast or any antivirus does not recognize it anymore Code detected as virus Modified code indented It's simple right? the issue is that when we modify one of those numbers (offset) it has to be functional Let's see it Step by step Step 1 tools Undetectable offset locator 2.6 (is that I use but can be any locator) Hex Workshop This Crypter: LVL23 Crypter I used this little ball: LVL23 Ball Step 2 We grab the crypter and encrypt a small ball Step 3 We open in offset locator and in "file" we choose the ball and in "directory" the folder where we will create the offsets (Create a new folder and call it offsets) in initial bytes we put "100" and fill in the number "90" It would have to stay more or less ASi We start and wait for it to finish creating the offset ... When finished we scan the offset folder with Avast and delete the detected ones Step 4 Let's show offset and we double click on the range that appears 2370 - 2410 now the locator will stay like this