War Rock Cheat Programming Discussion

Page 61 of 76

12/22/2014 19:47 MRx86�#901

Quote:

Originally Posted by Peter File

[Only registered and activated users can see links. Click Here To Register...]

WSAAPI -> FAR PASCAL -> __stdcall

And btw I don't think there's any reason to call WSAStartup yourself at all.

anyidea why msdn don't put the convetion normaly they should.

12/22/2014 22:22 Raz9r#902

Oh well.
Anyways, you can easily detect that using templates and overload resolution (at compile time) like this:

Code:

template <typename R, typename... P>
std::true_type is_stdcall(R (__stdcall *)(P...)) { return {}; }

template <typename R, typename... P>
std::false_type is_stdcall(R (__cdecl *)(P...)) { return {}; }

The following can than be used to check at compile time:

Code:

static_assert(decltype(is_stdcall(send))::value, "this fails if send is not stdcall");

Just written from scratch and on a mobile phone, sorry for any possible errors.

12/23/2014 23:14 Alliance�#903

Code:

#define _CRT_SECURE_NO_WARNINGS
#include  <Windows.h>
#include <winsock.h>
#include <iostream>

#pragma comment(lib,"ws2_32.lib")

using namespace std;

Code:

#include "Intestazione.h"


typedef int(__stdcall *hsend)(SOCKET s, const char *buf, int len, int flags);
hsend osend;

int __stdcall msend(SOCKET s, const char *buf, int len, int flags)
{
	cout << " SUCCESS" << endl;
	return osend(s, buf, len,flags);
}


void *DetourCreate(BYTE *src, const BYTE *dst, unsigned int len)
{
	BYTE * jmp = reinterpret_cast<BYTE*>(malloc(len + 5));
	DWORD dwBack;
	VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, &dwBack);
	memcpy(jmp, src, len);
	jmp += len;
	jmp[0] = 0xE9;
	*reinterpret_cast<DWORD*>(jmp + 1) = (DWORD)(src + len - jmp) - 5;
	src[0] = 0xE9;
	*reinterpret_cast<DWORD*>(src + 1) = (DWORD)(dst - src) - 5;
	VirtualProtect(src, len, dwBack, &dwBack);
	return jmp - len;
}

DWORD WINAPI Start(LPVOID lpArg)
{
	AllocConsole();
	SetConsoleTitle("Packet Manager v 1.0.0.0 [Alliance coder]");
	freopen("CONIN$", "r", stdin);
	freopen("CONOUT$", "w", stdout);
	freopen("CONOUT$", "w", stderr);

	cout << "Waiting module: ";
	HMODULE hDll = NULL;
	do
	{
		Sleep(300);
		hDll = GetModuleHandle("ws2_32.dll");
		
	} while (!hDll);

	cout << " SUCCESS" << endl;
	cout << "Waiting detour: ";
	osend = (hsend)DetourCreate((BYTE*)reinterpret_cast<DWORD>(GetProcAddress(hDll,"send")), (BYTE*)msend, 5);

	return EXIT_SUCCESS;
}

BOOL APIENTRY DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpReserved)
{

	switch (fdwReason)
	{
	case DLL_PROCESS_ATTACH:
		CreateThread(NULL, NULL, Start, NULL, NULL, NULL);
		break;

	case DLL_THREAD_ATTACH:
		break;

	case DLL_THREAD_DETACH:
		break;

	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}

This is my project to hook send function , but don't work.I don't know what is the problem...someone can fix it if there are errors?

12/24/2014 12:49 Cyno�#904

Quote:
Originally Posted by Alliance�
Code:
...

I just tested it and it works for me.
Are you compiling in debug or in release mode?
Try to disable optimization.

12/24/2014 14:58 MRx86�#905

Quote:

Originally Posted by Cyno�

I just tested it and it works for me.
Are you compiling in debug or in release mode?
Try to disable optimization.

that is not due to optimization.
i think since him is going to MAPPING inside the process his compiler setting are wrong. ^^ :D

12/24/2014 15:13 Alliance�#906

Quote:

Originally Posted by Cyno™

I just tested it and it works for me.
Are you compiling in debug or in release mode?
Try to disable optimization.

I compile in debug and release mode and not working.
I use PerX injector or Extreme injector v3 with standard injection method and not with mapping.

12/24/2014 17:50 Cyno�#907

Quote:

Originally Posted by Alliance�

I compile in debug and release mode and not working.
I use PerX injector or Extreme injector v3 with standard injection method and not with mapping.

You can try to hook it via the IAT

12/25/2014 00:02 +Yazzn#908

Try to call FreeConsole before calling AllocConsole. If that doesn't work try to Sleep for 10000 ms before you call FreeConsole and AllocConsole. I think WarRock is messing with your console.

In case it's still not working describe your problem more closely. "don't work" isn't something we can work with.

12/27/2014 12:51 Alliance�#909

Quote:

Originally Posted by Peter File

Try to call FreeConsole before calling AllocConsole. If that doesn't work try to Sleep for 10000 ms before you call FreeConsole and AllocConsole. I think WarRock is messing with your console.

In case it's still not working describe your problem more closely. "don't work" isn't something we can work with.

i try to delete allocconsole and replace with file writer, but not work...
if i start warrock.exe unpacked with ollydbg and inject dll the detour work and result is success, if i start warrock without ollybg not work.

12/27/2014 13:44 +Yazzn#910

Is the console showing up or is it just your send hook that doesn't work?

12/27/2014 14:23 MRx86�#911

i made complete project for you with full project optimization, and the project and full code optimized with no memory leak ...

Compiled with visual studio 2008 as MultiThread

1) All what i've saw there, after loading screen some how detour is getting unhooked i made a small check to check if detour is being unhooked....

2) I Made for you 2 way to hook send one via IAT and one VIA detouring

3) IAT Hook is more safe.

4) you can set from Include.h which kinda of hook you wanna use.

5) there is also an logs to check if something is wrong. the logs is stored inside C://DebugInfo.log

[Only registered and activated users can see links. Click Here To Register...]

[Only registered and activated users can see links. Click Here To Register...]

Code:

Class Initialized!
ws2_32.dll Load!
Hook Method Via IAT
Hooking Send
Hook have been placed
Send is being called!
Send is being called!
Send is being called!
Send is being called!
Send is being called!
Send is being called!

VirusScan Powered By Jotty
[Only registered and activated users can see links. Click Here To Register...]

12/27/2014 17:37 r_a_z_0_r#912

Quote:

Originally Posted by GHTheBoss

...

IAT Address for Recv:

Code:

#define ADR_RECV 0x8BE95C

Credits: GHTheBoss [Only registered and activated users can see links. Click Here To Register...]

12/27/2014 17:41 MRx86�#913

Quote:
Originally Posted by r_a_z_0_r
IAT Address for Recv:
Code:
#define ADR_RECV 0x8BE950

your address is wrong :) for recv

Quote:

8BE96C ; WS2_32.send
8BE988 ; WS2_32.closesocket
8BE994 ; WS2_32.socket
8BE97C ; WS2_32.WSACleanup
8BE978 ; WS2_32.shutdown
8BE974 ; WS2_32.ntohs
8BE970 ; WS2_32.inet_addr
8BE968 ; WS2_32.WSAStartup
8BE964 ; WS2_32.sendto
8BE960 ; WS2_32.WSAGetLastError
8BE95C ; WS2_32.recv
8BE958 ; WS2_32.connect
8BE954 ; WS2_32.ioctlsocket
8BE950 ; WS2_32.setsockopt
8BE94C ; WS2_32.getsockopt
8BE980 ; WS2_32.inet_ntoa
8BE944 ; WS2_32.gethostbyname
8BE940 ; WS2_32.ntohs
8BE93C ; WS2_32.bind
8BE938 ; WS2_32.select
8BE934 ; WS2_32.listen
8BE98C ; WS2_32.accept
8BE92C ; WS2_32.__WSAFDIsSet
8BE990 ; WS2_32.gethostbyaddr
8BE924 ; WS2_32.ntohl
8BE920 ; WS2_32.getservbyname
8BE91C ; WS2_32.getprotobynumber
8BE918 ; WS2_32.recvfrom
8BE948 ; WS2_32.gethostname
8BE984 ; WS2_32.getpeername
8BE928 ; WS2_32.WSAAsyncSelect
8BE930 ; WS2_32.getsockname

12/27/2014 19:24 raffagold#914

Xor Keys InGame

Client > Server 54 (dec)
Server > Client 85 (dec)

Little question,
I want join in a game server (es: World_NIU)
I send packet OPC 4352 with NPP and other credentials,after login success and get server availables than i try send packet OPC 24832 (24832 dla#qud$wlr%aks^tp& 302 [HWID])
but server response is: OPC 24832 (24832 90020 (null)) instead of ([TIMESTAMP] 24832 1 26/22/1/24/11/114/3/357/0 [SOMENUMBER])

Any suggestion?

12/28/2014 02:16 Alliance�#915

Code:

[TIMESTAMP] 24832 dla#qud$wlr%aks^tp& 3026 [MAC_ADDRESS]

Try to send this!

Page 61 of 76

« First

Last »