[Fix] Proxy-DLL

[DrogenViech]

****, Inix fixed this one fast:

[meak1]

Quote:

Originally Posted by DrogenViech

****, Inix fixed this one fast:

hf at learning =) the source was just an example

[RunzelEier]

Ok now you have to debugg kal and look how the new filecheck works and disarm it.
Or you just nop the filecheck, which might be easier

[lortemail]

Am i totally wrong if i see the check here

Code:

0047D100 - 55                         - push ebp
0047D101 - 8B EC                      - mov ebp,esp
0047D103 - 83 EC 1C                   - sub esp,1C
0047D106 - 83 7D 08 00                - cmp dword ptr [ebp+08],00
0047D10A - 74 06                      - je 0047D112
0047D10C - 83 7D 0C 00                - cmp dword ptr [ebp+0C],00
0047D110 - 75 0A                      - jne 0047D11C : [OpenRegKey+17CE]
0047D112 - B8 57000780                - mov eax,80070057
0047D117 - E9 C1000000                - jmp 0047D1DD
0047D11C - 8D 45 FC                   - lea eax,[ebp-04]
0047D11F - 50                         - push eax
0047D120 - 8B 4D 08                   - mov ecx,[ebp+08]
0047D123 - 51                         - push ecx
0047D124 - E8 6D3E2300                - call 006B0F96 : [->GetFileVersionInfoSizeA]
0047D129 - 89 45 F8                   - mov [ebp-08],eax
0047D12C - 83 7D F8 00                - cmp dword ptr [ebp-08],00
0047D130 - 0F86 A2000000              - jbe 0047D1D8
0047D136 - 8B 55 F8                   - mov edx,[ebp-08]
0047D139 - 52                         - push edx
0047D13A - E8 83FA2300                - call 006BCBC2
0047D13F - 83 C4 04                   - add esp,04
0047D142 - 89 45 EC                   - mov [ebp-14],eax
0047D145 - 8B 45 EC                   - mov eax,[ebp-14]
0047D148 - 89 45 F4                   - mov [ebp-0C],eax
0047D14B - 83 7D F4 00                - cmp dword ptr [ebp-0C],00
0047D14F - 75 0A                      - jne 0047D15B
0047D151 - B8 0E000780                - mov eax,8007000E
0047D156 - E9 82000000                - jmp 0047D1DD
0047D15B - 8B 4D F4                   - mov ecx,[ebp-0C]
0047D15E - 51                         - push ecx
0047D15F - 8B 55 F8                   - mov edx,[ebp-08]
0047D162 - 52                         - push edx
0047D163 - 6A 00                      - push 00
0047D165 - 8B 45 08                   - mov eax,[ebp+08]
0047D168 - 50                         - push eax
0047D169 - E8 223E2300                - call 006B0F90 : [->GetFileVersionInfoA]
0047D16E - 85 C0                      - test eax,eax
0047D170 - 74 54                      - je 0047D1C6
0047D172 - C7 45 F0 00000000          - mov [ebp-10],00000000
0047D179 - 8D 4D F8                   - lea ecx,[ebp-08]
0047D17C - 51                         - push ecx
0047D17D - 8D 55 F0                   - lea edx,[ebp-10]
0047D180 - 52                         - push edx
0047D181 - 68 B8ED6E00                - push 006EEDB8 : [0000005C]
0047D186 - 8B 45 F4                   - mov eax,[ebp-0C]
0047D189 - 50                         - push eax
0047D18A - E8 FB3D2300                - call 006B0F8A : [->VerQueryValueA]
0047D18F - 85 C0                      - test eax,eax
0047D191 - 74 33                      - je 0047D1C6
0047D193 - 83 7D F0 00                - cmp dword ptr [ebp-10],00
0047D197 - 74 2D                      - je 0047D1C6
0047D199 - 8B 4D 0C                   - mov ecx,[ebp+0C]
0047D19C - 8B 55 F0                   - mov edx,[ebp-10]
0047D19F - 8B 42 08                   - mov eax,[edx+08]
0047D1A2 - 89 41 04                   - mov [ecx+04],eax
0047D1A5 - 8B 4D 0C                   - mov ecx,[ebp+0C]
0047D1A8 - 8B 55 F0                   - mov edx,[ebp-10]
0047D1AB - 8B 42 0C                   - mov eax,[edx+0C]
0047D1AE - 89 01                      - mov [ecx],eax
0047D1B0 - 8B 4D F4                   - mov ecx,[ebp-0C]
0047D1B3 - 89 4D E8                   - mov [ebp-18],ecx
0047D1B6 - 8B 55 E8                   - mov edx,[ebp-18]
0047D1B9 - 52                         - push edx
0047D1BA - E8 F61E2500                - call 006CF0B5
0047D1BF - 83 C4 04                   - add esp,04
0047D1C2 - 33 C0                      - xor eax,eax
0047D1C4 - EB 17                      - jmp 0047D1DD
0047D1C6 - 8B 45 F4                   - mov eax,[ebp-0C]
0047D1C9 - 89 45 E4                   - mov [ebp-1C],eax
0047D1CC - 8B 4D E4                   - mov ecx,[ebp-1C]
0047D1CF - 51                         - push ecx
0047D1D0 - E8 E01E2500                - call 006CF0B5
0047D1D5 - 83 C4 04                   - add esp,04
0047D1D8 - B8 05400080                - mov eax,80004005
0047D1DD - 8B E5                      - mov esp,ebp
0047D1DF - 5D                         - pop ebp
0047D1E0 - C3                         - ret

[Thiesius]

Detours still works perfectly for me. Make sure the functions got detoured. Also keep in mind the whole thing is about timing - The detours has to be placed before the check is executed = depends on speed of computer.

Of-course there are still other solutions... such as changing the "jump if equal" to "always jump".

@lortemail
I can't check it atm but it's easy to find -> let the engine display error message box and return back into engine code section.

[RunzelEier]

simply look at the call stack
and there should be a call made out off the engine.exe

[VaNilleZ]

i gave you thanks because you help hacking community
even though i don't know a **** =)

[syntex]

I think your method isnt that good

you invested to much time with detours , just make a codecave and rip the check off.

[Thiesius]

Don't think I even use this method. I have my different ways .
However to put together those detours is a matter of 2 mins on MSDN to copy signatures of those functions

[syntex]

true but I like your clean coding style ... youre thinkin of what youre doin i like

i wish there would be more people out there release their source codes, did you know that this section has a underground topic? some people in there im included but its dead there , nobody is contributin or workin on something...

it would be cool to see some active people and start coding some bad *** good bot or hacktool for kal

[Thiesius]

Quote:

Originally Posted by syntex

true but I like your clean coding style ... youre thinkin of what youre doin i like

i wish there would be more people out there release their source codes, did you know that this section has a underground topic? some people in there im included but its dead there , nobody is contributin or workin on something...

it would be cool to see some active people and start coding some bad *** good bot or hacktool for kal

I prefer working with classes, however such code would be much more difficult to read for the newbies (Where is the Entry Point, where are exports initialized and so on).

I don't know about any private topic in this section.

Look at me, I have all essential stuff needed to work on clientless. Even tested and proved to work. And I don't have time to work on it. I think it's rather laziness combined with lack of time.

[TheDestructionFighter]

well.. a few of people who knows (Thanks) but i think they are all talked and said thanks to u it's enough for getting Fame Right?

[syntex]

youre dumb, its not about gettin fame.. its about educate youre self and havin fun while coding **** ..

yea thiesius classes are more diffucult to read and your release is all fine

the only problem is to find sparetime - learnin , work , hobbys, friends and so on :]

[hehepwnz]

Quote:

Originally Posted by syntex

it would be cool to see some active people and start coding some bad *** good bot or hacktool for kal

didnt you said 1 month ago that you dont care anymore about kal and stuff - waste of time etc? :P

back2topic:
good job thiesus (as always) :P

[syntex]

hehe , kal is a waste of time ... but coding for it for education purpose is ok :]

i dont like to play the game anymore and I dont think that you can make alot of business with kal but you can still have fun coding some weird **** for it