Quote:
What do you exactly mean by "Open a command prompt and go to the location where you have the binaries (BowHack.dll and ManualInject.exe)" What do I have to type into the command prompt?
[source & release] Bow hack (webzen only)
06/10/2020 00:11
cookie69#46
06/18/2020 07:23
admi#47
Checking the file via URL on Virustotal it shows it's clean
But downloading the zip, uploading it to Virustotal and checking it again, it shows 17 findings (most of them say Trojan)
How come?
But downloading the zip, uploading it to Virustotal and checking it again, it shows 17 findings (most of them say Trojan)
How come?
06/18/2020 12:06
netHoxInc#48
Because it injects a dll into another program, therefore heuristic scans will triggerQuote:
But downloading the zip, uploading it to Virustotal and checking it again, it shows 17 findings (most of them say Trojan)
How come?
06/18/2020 20:13
cookie69#49
you have the source code :rollsafe:Quote:
But downloading the zip, uploading it to Virustotal and checking it again, it shows 17 findings (most of them say Trojan)
How come?
injectors are detected by your anti-vir because a malware can inject itself inside other processes that's why injection code is detected by default.
But you are absolutely right to ask ;)
06/19/2020 01:32
admi#50
Was more confused about the fact that checking the same file via 2 different methods results differently :p but thank you for the answers ♥
07/20/2020 13:46
miniman06#51
I applaud the sharing of the source but ill give some points to clean up the code a bit and make it more modern:
should be
you are using both g and g_ prefixes while either are them are fine but why not be consistent,also if you are not using them out of the scope(cpp file) you should prefix them with "static".
calling CreateThread directly is a bad practice better use _beginthread or even much better std::thread.
could be easly replaced with thread::join.
use stream buffers no real need for va args here same with the other functions.
static const should be used here and in FindActionMoverOffset().
WHY?
not sure why you would use that over Sleep but even as is it is written badly
The shell code itself is really not needed just use a standard _thiscall with a tiny __asm block of whatever you have to recover from the stack, then you would not need that horrific executable page code.
Code:
#define MODULE_NAME L"Neuz.exe"
Code:
const wchar_t module_name[] = L"Neuz.exe";
Code:
BOOLEAN bHackRunning = TRUE; void MySleep(double d_delay); DWORD dwMainWinThread, dwBowHackThread; HANDLE hBowHack, hMainWin; HMODULE g_hModule; HWND g_hWnd; BOOLEAN bowAlwaysStrongAttack; bool AlreadyHooked = false; ULONG_PTR gRWXBuf = NULL; ULONG_PTR gSendActMsgOrig = NULL; ULONG_PTR gStrongBowEnabled = NULL;
Code:
hMainWin = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&MainWin, g_hModule, NULL, &dwMainWinThread); // Bow hack thread hBowHack = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&thBowHack, NULL, NULL, &dwBowHackThread);
Code:
WaitForSingleObject(hBowHack, INFINITE);
Code:
void LogErrorMessageA(const char* pszFormat, ...) {
static char s_acBuf[2048]; // this here is a caveat!
va_list args;
va_start(args, pszFormat);
vsprintf(s_acBuf, pszFormat, args);
OutputDebugStringA(s_acBuf);
va_end(args);
MessageBoxA(g_hWnd, s_acBuf, "Error", MB_ICONERROR);
}
Code:
char sig[] = "\x5E\x85\xC0\x74\x17\x50\xA1\x00\x00\x00\x00\x8B\x88\x00\x03\x00\x00\x51\xB9"; char mask[] = "xxxxxxx????xx?xxxxx";
Code:
/*
Replace Sleep(ms) function
*/
void MySleep(double d_delay)
{
DWORD start = GetTickCount();
DWORD control = GetTickCount();
while (control < (start + d_delay)) {
control = GetTickCount();
}
}
not sure why you would use that over Sleep but even as is it is written badly
Code:
void MySleep(const DWORD dwDelay)
{
const DWORD dwStart = GetTickCount();
DWORD dwControl = dwStart ;
while ((dwControl - dwStart) < dwDelay ) {
dwControl = GetTickCount();
}
}
The shell code itself is really not needed just use a standard _thiscall with a tiny __asm block of whatever you have to recover from the stack, then you would not need that horrific executable page code.
08/23/2020 14:55
Play4life#52
Doesnt work anymore since last patch.
flyff will close if you try to inject the .dll
flyff will close if you try to inject the .dll
11/06/2020 05:10
drazula#53
hi can u update? now cant used bcz flyff is update /sad
11/13/2020 00:42
amaterasubj#54
bow hack is not working :( update it pls
12/04/2020 00:08
cyan95#55
cookie , please could you update it ? thanks
12/04/2020 13:39
Kamsahamnida#56
It's working for me, dunno what ur talking about. Just use your head and stop behaving like a baby ;)Quote:
12/04/2020 14:29
'P!nkBeatzz'#57
This source has been released with a reason.Quote:
The reason is to learn how things are done and to update it yourself.
12/04/2020 14:51
netHoxInc#58
Yep. When i was showing omdi the specific game function he decided it to be open source. If learning those stuff is not in ur interest or you feel too unskilled, you will most likely wait for someone to spoonfeed you.
Alternatively you might need to pay someone to do it for you, or buy an application that is supporting it. (*cough* Anubis *cough*) (sry for the semi ad, but its topic related)
Even tho updating this tool is as easy as finding ur players level or name... The source is given so its up to you. :)
Cheers, net
Alternatively you might need to pay someone to do it for you, or buy an application that is supporting it. (*cough* Anubis *cough*) (sry for the semi ad, but its topic related)
Even tho updating this tool is as easy as finding ur players level or name... The source is given so its up to you. :)
Cheers, net
12/05/2020 03:38
cheesekimbap#59
Can someone make some video tutorial please?:feelsbadman:
12/05/2020 10:02
netHoxInc#60
At this point i feel like #requestclose if TE does not want to update.Quote: