[RELEASE][.NET] Hooking library, take two

~~IAmHawtness~~ · 04-25-2012, 21:28

August 5th, 2012 update: Restrictions are fixed, meaning you will no longer get banned for using this library

New hooking library + sample + source. Enjoy.

It probably has bugs (I'm terrible at C#)
I might make a tutorial on how to use although the sample should be enough
Feel free to ask any questions in the thread

Belth's guide on how to find some important memory addresses (Remember to thank him):

Quote:

Originally Posted by Belth

5609 Addresses:
SendPacketFunction = 0x6C8F56
ReceiveLoop = 0x6C9833

This is how I find the addresses:

Recv Loop
1. Search all referenced text strings for "catch error in process msg" without quotes.
2. Trace back until I find "TEST EAX, EAX" followed by "JNZ SHORT <ADDRESS>".

Send Packet Function
1. Search for the binary string "55 8D AC 24 FC DF FF FF B8 04 20 00 00".

Removing the "You can't jump that far." message
1. Search for the constant 186C0.
2. Trace back to the first "JLE <ADDRESS>" command.
3. Replace JLE (7E) with JMP (EB).
*Note: doing this also means that you can attempt to jump further than the server allows (which will disconnect you) so you should validate all jump packets from the client.

Lock client at 60 FPs
1. Search all intermodular calls for Kernel32.Sleep.
2. Trace back and find ADD ECX, 19.
3. Trace back and find LEA EDX, DWORD PTR DS:[ECX+19].
4. Change 19 to another value. The lower the value the higher the FPS and the reverse is true. I use a value of 10 for 60 FPS.

Yes it's very rudimentary as I am as much a noob at this as anyone.

itachi26 · 04-25-2012, 21:41

I take a look quicky!

EDIT :

Quote:

private const uint SendPacketAddress = 0x6BFD0C;
private const uint RecvPacketLoopAddress = 0x6C05E8;

How do you know that?

~~IAmHawtness~~ · 04-25-2012, 21:54

Quote:

Originally Posted by itachi26

I take a look quicky!

EDIT :

How do you know that?

Because I found the addresses using olly

itachi26 · 04-25-2012, 22:06

Well, I've already tried to open up conquer.exe with olly, and it's just a mess... Is there any tutorial to learn or it is logical?

~~IAmHawtness~~ · 04-25-2012, 22:16

Quote:

Originally Posted by itachi26

Well, I've already tried to open up conquer.exe with olly, and it's just a mess... Is there any tutorial to learn or it is logical?

There are plenty of olly tutorials around, just search for them

itachi26 · 04-25-2012, 22:23

Okay, I will take a look later. At the moment, the most important thing is to learn how to code in C#, thanks for your advises!

-Shunsui- · 04-25-2012, 22:57

Changes?

~~IAmHawtness~~ · 04-25-2012, 23:05

Quote:

Originally Posted by -Shunsui-

Changes?

Uhm, it's a whole different library, the old one was in VB, this one is completely different.

pro4never · 04-25-2012, 23:11

You make me so hot

ruievmonteiro · 04-26-2012, 15:35

Did you correct the cpu usage problems that sometimes happened with your old lib? Guess Angelius said those were solved after parsing the exceptions thrown at the debug loop