Here's a small example of a kernelmode driver that intercepts I/O calls between the PB dll and driver, and attempts to spoof your hardware information when it's being sent back to pbcl.dll.
The driver hooks ZwDeviceIoControlFile by modifying an entry in the System Service Descriptor Table. It's not hard to detect since there is no additional protection, but there are lots of other ways to hook that function.
The IoControlCode is different in every PB version. For the current AA pbcl (v1.125), the code is 0xB3E6D180.
I'm not hardware banned myself, so I've not really tested this in action. It's just an example... Use it while you can, and please let me know if it helps.
PS. Just to state the obvious:
- You should only use this if you are hwbanned already.
- Nothing lasts forever, and PB will detect this soon.
Edit: Added some more spoofer code... Hope it actually works this time.
Edit2: Added MAC address spoofing
Edit3: Changed to using a detour instead of SDT hook, couple of bugfixes
Edit4: Removed MAC spoofer, fixed some bugs
