[Release] Advanced hooking

09/23/2011 10:50 BaussHacker#106
Quote:
Originally Posted by Synsia View Post
Either call the client's own disconnect wrapper function or call closesocket() with the correct socket (which you can get from hooking connect())

There's no need to append packets with TQ stamps when you're using the client functions, they will do this for you.
Gratz with 666 thanks looool. :bandit:
09/23/2011 19:33 .Kinshi#107
Quote:
Originally Posted by Synsia View Post
Either call the client's own disconnect wrapper function or call closesocket() with the correct socket (which you can get from hooking connect())

There's no need to append packets with TQ stamps when you're using the client functions, they will do this for you.
I can figure out how to hook the function, but how do I call it?

Is there a certain time to send the packet? Or can you just call the Send function in the hooker?


Yeah I cannot figure out how to send packets lol
10/20/2011 15:32 xmen01235#108
Address change again, how to find that addresses please a good tutorials will be highly appreciated. :(
10/20/2011 20:44 Belth#109
Patch 5532:

private const int SendPacketFxnAddress = 0x6E72A3;
private const int RecvPacketFxnAddress = 0x6E7578;
private const int RecvLoopAddress = 0x6E6DC7;
private const int Return8Address = 0x69A3D6;
private const int NetworkClass = 10082968;

As for how to find addresses I just do it the obvious/noob way; just find any "landmarks" near the previous addresses in the new client. For example find "catch error in process msg:" and search upwards to the first "Test EAX, EAX" command gives you the RecvLoopAddress.

For NetworkClass I attach, login, break at SendPacketFxnAddress and use the value in ECX.
10/21/2011 13:38 xmen01235#110
Quote:
Originally Posted by Belth View Post
Patch 5532:

private const int SendPacketFxnAddress = 0x6E72A3;
private const int RecvPacketFxnAddress = 0x6E7578;
private const int RecvLoopAddress = 0x6E6DC7;
private const int Return8Address = 0x69A3D6;
private const int NetworkClass = 10082968;

As for how to find addresses I just do it the obvious/noob way; just find any "landmarks" near the previous addresses in the new client. For example find "catch error in process msg:" and search upwards to the first "Test EAX, EAX" command gives you the RecvLoopAddress.

For NetworkClass I attach, login, break at SendPacketFxnAddress and use the value in ECX.
Thanks bro, I never think that very obvious way.
10/23/2011 02:26 Belth#111
Here are two issues I've experienced while playing around with this library.

1. After setting a hardware break point (bp) at RecvLoopAddress and running for about 20 minutes, the client freezes up and it's cpu usage goes way up. This happens with a fresh official client. After removing debug checks via Lateralus' Create-A-Client this issue disappears. Neither SendPacketFxnAddress nor RecvPacketFxnAddress produces this issue with a clean client. If it matters, the RecvLoopAddres bp is hit every 74 ms while for RecvPacketFxnAddress it is every 300+ ms. Link to the exact code to replicate this issue: [Only registered and activated users can see links. Click Here To Register...]

2. Even with Lat's client I experience client crashes after various amounts of time depending on how much activity is going on. For example, I get crashes 3-4 times during CTF (so every 15-20 minutes) and every 2-4 hours under "normal" conditions. To test whether the first issue was specific to RecvLoopAddress or not I set bps at Send and Recv and left the client on overnight for 7+ hours so this issue seems also to be related with the RecvLoop.

Any help is appreciated.
10/23/2011 16:45 IAmHawtness#112
Quote:
Originally Posted by Belth View Post
Here are two issues I've experienced while playing around with this library.

1. After setting a hardware break point (bp) at RecvLoopAddress and running for about 20 minutes, the client freezes up and it's cpu usage goes way up. This happens with a fresh official client. After removing debug checks via Lateralus' Create-A-Client this issue disappears. Neither SendPacketFxnAddress nor RecvPacketFxnAddress produces this issue with a clean client. If it matters, the RecvLoopAddres bp is hit every 74 ms while for RecvPacketFxnAddress it is every 300+ ms. Link to the exact code to replicate this issue: [Only registered and activated users can see links. Click Here To Register...]

2. Even with Lat's client I experience client crashes after various amounts of time depending on how much activity is going on. For example, I get crashes 3-4 times during CTF (so every 15-20 minutes) and every 2-4 hours under "normal" conditions. To test whether the first issue was specific to RecvLoopAddress or not I set bps at Send and Recv and left the client on overnight for 7+ hours so this issue seems also to be related with the RecvLoop.

Any help is appreciated.
This library is quite old, and it does have some flaws. If people are interested, I have a newer (yet somewhat old) hooking class that is slightly more stable, a bit easier to use and has some more functions. For example, a client hooking class would look something like this:

Code:
public class Client
{

	private HookManager _hookManager;

	public Client(Process process)
	{
		_hookManager = new HookManager(process);
	}

	public bool Attach()
	{

		if (!_hookManager.Attach) {
			return false;
		}

		if (!_hookManager.AddHook("shell32.dll", "ShellExecuteA", ShellExecuteAHook)) {
			return false;
		}

		return true;

	}


	private void ShellExecuteAHook(ref CONTEXT ctx)
	{
		int filePointer = 0;

		_hookManager.MemRead(filePointer, ctx.Esp + 12);

		if (filePointer > 0) {

			string file = new string("", 255);

			_hookManager.MemRead(file, filePointer);

			if (file == "http://co.91.com/signout/") {
				_hookManager.MemWrite(" " + Convert.ToChar(0).ToString(), filePointer);
			}

	}
     
}
10/23/2011 17:52 BaussHacker#113
Quote:
Originally Posted by IAmHawtness View Post
This library is quite old, and it does have some flaws. If people are interested, I have a newer (yet somewhat old) hooking class that is slightly more stable, a bit easier to use and has some more functions. For example, a client hooking class would look something like this:

Code:
public class Client
{

	private HookManager _hookManager;

	public Client(Process process)
	{
		_hookManager = new HookManager(process);
	}

	public bool Attach()
	{

		if (!_hookManager.Attach) {
			return false;
		}

		if (!_hookManager.AddHook("shell32.dll", "ShellExecuteA", ShellExecuteAHook)) {
			return false;
		}

		return true;

	}


	private void ShellExecuteAHook(ref CONTEXT ctx)
	{
		int filePointer = 0;

		_hookManager.MemRead(filePointer, ctx.Esp + 12);

		if (filePointer > 0) {

			string file = new string("", 255);

			_hookManager.MemRead(file, filePointer);

			if (file == "http://co.91.com/signout/") {
				_hookManager.MemWrite(" " + Convert.ToChar(0).ToString(), filePointer);
			}

	}
     
}
I would be interested, if you were like to share it? :)
10/23/2011 20:41 Belth#114
Quote:
Originally Posted by IAmHawtness View Post
This library is quite old, and it does have some flaws. If people are interested, I have a newer (yet somewhat old) hooking class that is slightly more stable, a bit easier to use and has some more functions.
So you're saying the problem lies with the library and not my code? If your newer class fixes my problems then sure bring it on :D
10/23/2011 21:40 DeathByMoogles#115
Quote:
Originally Posted by IAmHawtness View Post
This library is quite old, and it does have some flaws. If people are interested, I have a newer (yet somewhat old) hooking class that is slightly more stable, a bit easier to use and has some more functions. For example, a client hooking class would look something like this:

Code:
public class Client
{

	private HookManager _hookManager;

	public Client(Process process)
	{
		_hookManager = new HookManager(process);
	}

	public bool Attach()
	{

		if (!_hookManager.Attach) {
			return false;
		}

		if (!_hookManager.AddHook("shell32.dll", "ShellExecuteA", ShellExecuteAHook)) {
			return false;
		}

		return true;

	}


	private void ShellExecuteAHook(ref CONTEXT ctx)
	{
		int filePointer = 0;

		_hookManager.MemRead(filePointer, ctx.Esp + 12);

		if (filePointer > 0) {

			string file = new string("", 255);

			_hookManager.MemRead(file, filePointer);

			if (file == "http://co.91.com/signout/") {
				_hookManager.MemWrite(" " + Convert.ToChar(0).ToString(), filePointer);
			}

	}
     
}
Oh god yes, do share.
10/26/2011 22:06 { Angelius }#116
things have changed a lot since you released that library. and knowing that it's the very first time that I look into this thread. all i can say is (grate job & yes we are interested & you rock)

i'm looking forward to see the next version of that library.

good luck. and thanks a lot
11/04/2011 09:33 xmen01235#117
address change again? so bad that i did not able to screenshot the old one.
11/04/2011 14:19 { Angelius }#118
Quote:
Originally Posted by xmen01235 View Post
address change again? so bad that i did not able to screenshot the old one.
current patch.

SendPacketAddress = 0x6F09D0;
RecvPacketAddress = 0x6F0CA5;

i think thats all you need atm.
11/05/2011 01:03 xmen01235#119
Quote:
Originally Posted by { Angelius } View Post
current patch.

SendPacketAddress = 0x6F09D0;
RecvPacketAddress = 0x6F0CA5;

i think thats all you need atm.
Thanks
11/10/2011 23:22 PKDemon#120
i was wondering how you got the address needed to be able to have the program work right (i am not wanting to do real co i am wanting to do private servers). I just dont know how to find the address i have never looked them up before