[Release/Guide] Bot

Page 5 of 9

02/02/2012 14:19 SimSir#61

i can use detours api.. I can think 0x03 Hack shield send some security info ^^ and server check this info after expel ^^

PHP Code:


			
typedef void (WINAPI *pSend)(BYTE bHeader , LPCSTR szFormat , ... );
int __cdecl SendPacket (BYTE bHeader , LPCSTR szFormat , ... );

PHP Code:


			
DWORD dwFakeSend = dwFindPattern(0x401000,0x2bc000,(BYTE*)"\x55\x8B\xEC\x83\xEC\x18\x83\x3D\x00\x00\x00\x00\x00\x00\x00\x33\xC0","xxxxxxxx???????xx");
DWORD dwRealSendNoCrypt = dwFindPattern(dwFakeSend+1,0x2bc000,(BYTE*)"\x55\x8B\xEC\x83\xEC\x18\x83\x3D\x00\x00\x00\x00\x00\x00\x00\x33\xC0","xxxxxxxx???????xx");
DWORD dwSendBack = dwRealSendNoCrypt+0x06; // Send Addresss
pSend SendFunction = (pSend)(dwRealSendNoCrypt); // Send Function Deoturs

//Memory manupulation Check need send detours
DWORD dwMemCheck =    dwFindPattern(0x401000,0xb70000,(BYTE*)"\xE9\x00\x00\x00\x00\x81\xBD\x00\x00\x00\x00\x05\x07\x01\x00\x0F\x84\x00\x00\x00\x00","x????xx????xxxxxx????");
DWORD dwMemCheckReal = dwMemCheck+15;

PHP Code:


			
//Memory Manupulation Secure Bypass;
    DWORD oldProtect=NULL;
    BYTE NOP[6]={90,90,90,90,90,90};
    VirtualProtect((LPVOID)dwMemCheckReal, 6,PAGE_EXECUTE_READWRITE, &oldProtect);
    memcpy((LPVOID)dwMemCheckReal,&NOP,6);
    VirtualProtect((LPVOID)dwMemCheckReal, 6,oldProtect, NULL);

    //Send Detours Start
    DetourTransactionBegin();
    DetourUpdateThread(GetCurrentThread());
    DetourAttach(&(PVOID&)SendFunction, SendPacket);

PHP Code:


			
int __declspec(naked) __cdecl SendPacket (BYTE bHeader , LPCSTR szFormat , ... ){

        __asm{
                push ebp
                mov ebp, esp
                sub esp, 18h
        }
    
            printf("PACKET TYPE:0x%02x FORMAT:%s\n",bHeader,szFormat);
            __asm{JMP dwSendBack};
        
    
}

02/02/2012 14:53 MoepMeep#62

Quite sure it won't work :P

02/02/2012 15:17 SimSir#63

oke how i found Send Header and format ^^

02/09/2012 10:23 SimSir#64

Npc Selling packet only working Npc near?

02/09/2012 11:16 meak1#65

@moepmoep sure u can hooking send but u need the new crypt table in engine^^
i was trying clientless sooner but the 0x03 packet is to hard ;X

@SimSir jeah only near NPC

02/09/2012 14:39 MoepMeep#66

Ye sure, you can hook send at that point. But afaik hackshield detects that, wasnt on int for a few months now :p

02/09/2012 18:41 DerKleineDarky#67

hmm hs dont detect my sendhook xD

02/09/2012 19:32 SimSir#68

i can hooking send packer after player appear packets ^^ but only working 1-2 min :)

02/09/2012 19:39 MoepMeep#69

Quote:

Originally Posted by DerKleineDarky

hmm hs dont detect my sendhook xD

Talking about the one silentius made for you? :p

02/09/2012 23:24 RunzelEier#70

unhook on hackshield packet <-- syntex made it that way

02/10/2012 03:24 DerKleineDarky#71

Quote:

Originally Posted by MoepMeep

Talking about the one silentius made for you? :p

well silentius is doing the most parts of that hackit, but only the parts where you dont need any "hacking" skills :D he is by far a better coder than me, but important things for kalhacks are kinda differend to the stuff he does :D
well working with him is pretty nice, btw also i would have to give credits to alex and even to kevin (he got me with his crappy source doing my own xD)
even you and meak could be mentioned, for giving some packets when i needed them, also i got to give credits to sandro...
so all in all, my hackit is pretty well, i bet much better than from anybody else here (dont count sandro :D ) because i were able to ask for help when i needed it :D

if i forgot somebody, feel mentioned.

02/10/2012 03:26 MoepMeep#72

Mine was better. :p

02/10/2012 08:34 SimSir#73

Some Packet Donate :) ^^

Get Inventory List

Packet Header: 0x04

PHP Code:


			
void Inventory(char *szBuffer, int iLength){
    cout << "Inventory Scanning" << endl;
    //Byte XX.XXXX.00000.XXXX ItemIndex.ItemID.00000.Amount
    for(int i=4; i<=iLength-16;i++){
        if (szBuffer[i] != 0x00 && szBuffer[i+2] != 0x00 && szBuffer[i+6]==0x00 &&
            szBuffer[i+7]==0x00 && szBuffer[i+8] == 0x00 && szBuffer[i+9]==0x00 &&
            szBuffer[i+10]==0x00 && szBuffer[i+11]!=0x00){

            WORD ItemIndexID    = *(WORD*)&szBuffer[i];
            DWORD ItemID        = *(DWORD*)&szBuffer[i+2];
            DWORD Amount        = *(DWORD*)&szBuffer[i+2+4+5];
            cout <<"["<<Items[ItemIndexID].ItemName << "] Amount ["<<Amount <<"] ID: " << ItemID << endl;
        }


    }

}

Maybe need get medicine id ^^ for using

Put On Off item
Header 0x05 On - 0x06 Off

PHP Code:


			
void PutOnOffItem(char *szBuffer,bool State){
    DWORD ItemID        = *(DWORD *)&szBuffer[7];
    WORD ItemIndexID    = *(WORD *)&szBuffer[11];

    if (State==0){
        cout <<"[" <<Items[ItemIndexID].ItemName << "] Put on (" << ItemID <<")" << endl;
    }else{
        cout <<"[" <<Items[ItemIndexID].ItemName << "] Put off (" << ItemID <<")" << endl;
    }

}

Player Stat (Max Hp, Current Hp, Max Mp, Current Mp) Loading Get This Packet Not State Change ^^

Header 0x42

PHP Code:


			
void PlayerStat (char *szBuffer){
    PMe.curHp    = *(WORD *)&szBuffer[18];
    PMe.maxHP    = *(WORD *)&szBuffer[20];
    PMe.curMp    = *(WORD *)&szBuffer[22];
    PMe.maxMP    = *(WORD *)&szBuffer[24];
    cout << "Cur HP: " << PMe.curHp << " Max Hp: " << PMe.maxHP << " Cur Mp: " << PMe.curMp << " Max Mp: " << PMe.maxMP << endl;
}

02/10/2012 13:26 Roronoa Z.#74

Quote:

Originally Posted by SimSir

i can hooking send packer after player appear packets ^^ but only working 1-2 min :)

Use a good way to detour ws2_32.send() call and you got it...
I used it ~1year ago and my source still work on Int...Ofc you need the right pattern for the crypt, but that shouldn't be that hard, just look at the ROAM source which goes around.

02/20/2012 16:08 MoepMeep#75

I guess tax isn't 100 then :p

Page 5 of 9

« First

Last »