Damn, Inix fixed this one fast:
[Only registered and activated users can see links. Click Here To Register...]
:(
[Only registered and activated users can see links. Click Here To Register...]
:(
[Fix] Proxy-DLL
03/11/2011 20:24
DrogenViech#16
03/11/2011 21:30
meak1#17
hf at learning =) the source was just an exampleQuote:
Damn, Inix fixed this one fast:
[Only registered and activated users can see links. Click Here To Register...]
:(
03/11/2011 21:56
RunzelEier#18
Ok now you have to debugg kal and look how the new filecheck works and disarm it.
Or you just nop the filecheck, which might be easier
Or you just nop the filecheck, which might be easier
03/11/2011 22:55
lortemail#19
Am i totally wrong if i see the check here
Code:
0047D100 - 55 - push ebp 0047D101 - 8B EC - mov ebp,esp 0047D103 - 83 EC 1C - sub esp,1C 0047D106 - 83 7D 08 00 - cmp dword ptr [ebp+08],00 0047D10A - 74 06 - je 0047D112 0047D10C - 83 7D 0C 00 - cmp dword ptr [ebp+0C],00 0047D110 - 75 0A - jne 0047D11C : [OpenRegKey+17CE] 0047D112 - B8 57000780 - mov eax,80070057 0047D117 - E9 C1000000 - jmp 0047D1DD 0047D11C - 8D 45 FC - lea eax,[ebp-04] 0047D11F - 50 - push eax 0047D120 - 8B 4D 08 - mov ecx,[ebp+08] 0047D123 - 51 - push ecx 0047D124 - E8 6D3E2300 - call 006B0F96 : [->GetFileVersionInfoSizeA] 0047D129 - 89 45 F8 - mov [ebp-08],eax 0047D12C - 83 7D F8 00 - cmp dword ptr [ebp-08],00 0047D130 - 0F86 A2000000 - jbe 0047D1D8 0047D136 - 8B 55 F8 - mov edx,[ebp-08] 0047D139 - 52 - push edx 0047D13A - E8 83FA2300 - call 006BCBC2 0047D13F - 83 C4 04 - add esp,04 0047D142 - 89 45 EC - mov [ebp-14],eax 0047D145 - 8B 45 EC - mov eax,[ebp-14] 0047D148 - 89 45 F4 - mov [ebp-0C],eax 0047D14B - 83 7D F4 00 - cmp dword ptr [ebp-0C],00 0047D14F - 75 0A - jne 0047D15B 0047D151 - B8 0E000780 - mov eax,8007000E 0047D156 - E9 82000000 - jmp 0047D1DD 0047D15B - 8B 4D F4 - mov ecx,[ebp-0C] 0047D15E - 51 - push ecx 0047D15F - 8B 55 F8 - mov edx,[ebp-08] 0047D162 - 52 - push edx 0047D163 - 6A 00 - push 00 0047D165 - 8B 45 08 - mov eax,[ebp+08] 0047D168 - 50 - push eax 0047D169 - E8 223E2300 - call 006B0F90 : [->GetFileVersionInfoA] 0047D16E - 85 C0 - test eax,eax 0047D170 - 74 54 - je 0047D1C6 0047D172 - C7 45 F0 00000000 - mov [ebp-10],00000000 0047D179 - 8D 4D F8 - lea ecx,[ebp-08] 0047D17C - 51 - push ecx 0047D17D - 8D 55 F0 - lea edx,[ebp-10] 0047D180 - 52 - push edx 0047D181 - 68 B8ED6E00 - push 006EEDB8 : [0000005C] 0047D186 - 8B 45 F4 - mov eax,[ebp-0C] 0047D189 - 50 - push eax 0047D18A - E8 FB3D2300 - call 006B0F8A : [->VerQueryValueA] 0047D18F - 85 C0 - test eax,eax 0047D191 - 74 33 - je 0047D1C6 0047D193 - 83 7D F0 00 - cmp dword ptr [ebp-10],00 0047D197 - 74 2D - je 0047D1C6 0047D199 - 8B 4D 0C - mov ecx,[ebp+0C] 0047D19C - 8B 55 F0 - mov edx,[ebp-10] 0047D19F - 8B 42 08 - mov eax,[edx+08] 0047D1A2 - 89 41 04 - mov [ecx+04],eax 0047D1A5 - 8B 4D 0C - mov ecx,[ebp+0C] 0047D1A8 - 8B 55 F0 - mov edx,[ebp-10] 0047D1AB - 8B 42 0C - mov eax,[edx+0C] 0047D1AE - 89 01 - mov [ecx],eax 0047D1B0 - 8B 4D F4 - mov ecx,[ebp-0C] 0047D1B3 - 89 4D E8 - mov [ebp-18],ecx 0047D1B6 - 8B 55 E8 - mov edx,[ebp-18] 0047D1B9 - 52 - push edx 0047D1BA - E8 F61E2500 - call 006CF0B5 0047D1BF - 83 C4 04 - add esp,04 0047D1C2 - 33 C0 - xor eax,eax 0047D1C4 - EB 17 - jmp 0047D1DD 0047D1C6 - 8B 45 F4 - mov eax,[ebp-0C] 0047D1C9 - 89 45 E4 - mov [ebp-1C],eax 0047D1CC - 8B 4D E4 - mov ecx,[ebp-1C] 0047D1CF - 51 - push ecx 0047D1D0 - E8 E01E2500 - call 006CF0B5 0047D1D5 - 83 C4 04 - add esp,04 0047D1D8 - B8 05400080 - mov eax,80004005 0047D1DD - 8B E5 - mov esp,ebp 0047D1DF - 5D - pop ebp 0047D1E0 - C3 - ret
03/11/2011 23:22
Thiesius#20
Detours still works perfectly for me. Make sure the functions got detoured. Also keep in mind the whole thing is about timing - The detours has to be placed before the check is executed = depends on speed of computer.
Of-course there are still other solutions... such as changing the "jump if equal" to "always jump".
@lortemail
I can't check it atm but it's easy to find -> let the engine display error message box and return back into engine code section.
Of-course there are still other solutions... such as changing the "jump if equal" to "always jump".
@lortemail
I can't check it atm but it's easy to find -> let the engine display error message box and return back into engine code section.
03/12/2011 02:42
RunzelEier#21
simply look at the call stack
and there should be a call made out off the engine.exe
and there should be a call made out off the engine.exe
03/12/2011 15:40
VaNilleZ#22
i gave you thanks because you help hacking community
even though i don't know a shit =)
even though i don't know a shit =)
03/14/2011 12:25
syntex#23
I think your method isnt that good :o
you invested to much time with detours , just make a codecave and rip the check off.
you invested to much time with detours , just make a codecave and rip the check off.
03/14/2011 20:03
Thiesius#24
Don't think I even use this method. I have my different ways :).
However to put together those detours is a matter of 2 mins on MSDN to copy signatures of those functions
However to put together those detours is a matter of 2 mins on MSDN to copy signatures of those functions
03/14/2011 21:29
syntex#25
true :o but I like your clean coding style ... youre thinkin of what youre doin :p i like
i wish there would be more people out there release their source codes, did you know that this section has a underground topic? some people in there im included but its dead there , nobody is contributin or workin on something...
it would be cool to see some active people and start coding some bad ass good bot or hacktool for kal :p
i wish there would be more people out there release their source codes, did you know that this section has a underground topic? some people in there im included but its dead there , nobody is contributin or workin on something...
it would be cool to see some active people and start coding some bad ass good bot or hacktool for kal :p
03/14/2011 21:55
Thiesius#26
I prefer working with classes, however such code would be much more difficult to read for the newbies (Where is the Entry Point, where are exports initialized and so on).Quote:
i wish there would be more people out there release their source codes, did you know that this section has a underground topic? some people in there im included but its dead there , nobody is contributin or workin on something...
it would be cool to see some active people and start coding some bad ass good bot or hacktool for kal :p
I don't know about any private topic in this section.
Look at me, I have all essential stuff needed to work on clientless. Even tested and proved to work. And I don't have time to work on it. I think it's rather laziness combined with lack of time.
03/15/2011 04:34
TheDestructionFighter#27
well.. a few of people who knows (Thanks) but i think they are all talked and said thanks to u it's enough for getting Fame Right? :D
03/15/2011 14:12
syntex#28
youre dumb, its not about gettin fame.. its about educate youre self and havin fun while coding shit ..
yea thiesius classes are more diffucult to read :p and your release is all fine
the only problem is to find sparetime - learnin , work , hobbys, friends and so on :]
yea thiesius classes are more diffucult to read :p and your release is all fine
the only problem is to find sparetime - learnin , work , hobbys, friends and so on :]
03/16/2011 00:29
hehepwnz#29
didnt you said 1 month ago that you dont care anymore about kal and stuff - waste of time etc? :PQuote:
back2topic:
good job thiesus (as always) :P
03/16/2011 22:32
syntex#30
hehe , kal is a waste of time ... but coding for it for education purpose is ok :]
i dont like to play the game anymore and I dont think that you can make alot of business with kal but you can still have fun coding some weird shit for it
i dont like to play the game anymore and I dont think that you can make alot of business with kal but you can still have fun coding some weird shit for it