I'm pretty damn frustrated...
First I tried to statically patch (using a hex editor) logs.dll + game.dll; to avoid cheating #138 (shoot through walls + no gun raising); but no luck...
Conclusion: #138 detection is server-side.
HRADBA scans memory; may hash it- and sends it to server for comparison (with what 'should' be there).
So, I then used DLL injection- to inject a DLL stub- which loaded hacked_logs.dll; got the address of the required functions in this 'copy'- located the IAT (Import Address Table) Entry of game.dll for the required functions and redirected them to point to hacked_logs.dll; instead of the original logs.dll... Eventually; everything compiled and ran; functions were being hooked- so I load them game up and start the injection process.
Join a server with HRADBA... 2 minutes later; bang- right there... cheating #128 (if I remember correctly)- "Can be caused by (except real cheats) by Windows Blinds like software... etc etc".
I thought; wtf- there are hundreds of exported API functions in logs.dll- and hooking one is detected, by the server in 2 minutes?
Darawks method on using the debug registers is nice- but only being able to use 4 memory addresses really sucks bigtime- and ain't great for large trainers pokin' shit all over the place...
My conclusion...
The only way I feel HRADBA can be defeated (Pure server check + #138, #128 + #143?), is with a full-fledged rootkit...
But... it will be beaten...
Subsky