[Fix] Proxy-DLL

Page 1 of 3 1 23
03/10/2011 17:21 Thiesius#1
So... you might have noticed the KalOnline no longer let you use dbghelp or d3dx9_29.dll with proxies.

Kal-Online checking mechanism is very simple -> Get some information about file and compare (Size, version and such things).

At the moment I have 3 solutions in my mind (Though there are more).
Right now I'm going to show you fixing by DETOUR

So how does it works?
It's pretty easy:
They are using 3 functions we are interested in
-> CreateFileA (They are using it for GetFileInformationByHandle)
-> GetFileVersionInfoSizeA
-> GetFileVersionInfoA

Where is the trick?
All those functions has filename as one of their input argument.
We will detour all original functions and we will be checking for filename.
If the filename is our proxy-dll, then change the filename to name of original dll.

Check the source for better understanding.
Delete or add any pieces to make the source faster (Yea I haven't spent much time on this so please be understanding)

You can ask a question about the source or mechanism. Please try to avoid asking a incredibly easy questions.

Update #00:
This update fixes the synchronization with version.dll .

There were 2 possible errors:
-> Our detours were attached too late.
-> Our detours weren't loaded because version.dll wasn't loaded yet (attached too early)

How does this fix works?

Adding another detour on kernel32.LoadLibraryA.
Were checking for version.dll if it's being loaded -> If yes
Place the rest of the detours.
03/10/2011 17:42 meak1#2
hm its most of the first steps with ollydbg to jump over msgbox, i think its good release but u only need little basics in ollydbg =/

Edit: now no one learned how to fix proxy dll, just copy&paste ur source
03/10/2011 18:05 RunzelEier#3
your info are enouth.
no need for the source.
but good that you share your ideas
03/10/2011 18:24 ILikeItEasy#4
Nice work Thiesius and really generous of you to share this. I'll even might switch to your solution and keep my own as backup :P
03/10/2011 19:40 DerKleineDarky#5
bleh, so nubs are coming back again?
03/10/2011 21:27 meak1#6
if u sell ur bot then yes =)
03/10/2011 22:08 Thiesius#7
Quote:
Originally Posted by meak1 View Post
hm its most of the first steps with ollydbg to jump over msgbox, i think its good release but u only need little basics in ollydbg =/

Edit: now no one learned how to fix proxy dll, just copy&paste ur source
I'm afraid it would take too much time to include technical details such as showing everyone how to work with debugger - If I had so much time I would invest it into Response Server :P . There are a dozen of tutorials about debugging they can read. And this fix also isn't very difficult to understand.
I could also draw some crappy schemes about how those detours works exactly, but again: there are a lot of other discussions about hooks and detours on this or other forums.

Of-course they can Copy&Paste the source now, but soon or later some of them will work with assembly and they will try to understand how does it work exactly (Even though it's very simple as I already said.)


Anyways, advice from me for the newbies -> if you want to understand the code, study it now... before it will get fixed. After the fix it will become more and more complex. New bypass methods will be invented and after time it might be possible, that the idea of Proxy-DLLs would reach the state "too-difficult-to-make-a-bypass". As the game security updates the DLL injections via different methods are going to be also little bit more complex.
03/10/2011 22:39 EddyGER#8
first of all. its very very nice that you released a good stuff
but you should delete it because here are only leecher.
as you can see, 25 ppl's downloaded this dll and you got only 4 thanks ?
just sad :(
03/10/2011 22:44 meak1#9
like i said thiesius, its easy to fix the proxy dll u only need some ollydbg basics.

look 25 ppl downloaded because here only leecher, they not wanna learn it, never.

Delete ur Source please.

Its not hard to understand and fix it... if they would learn, they not need to download...


Its so easy but only leech =D
03/10/2011 22:59 bloodx#10
well just stfu guys most of u even leeched a way to bypass this check and now u talk oh oh was so easy...... most of u. too only learned from epvp releases only cuz your crap ic bots get all time blocked? cry me a river.... pehh write with phone suxx... when i got my internet back i wil release again some stuff...
03/11/2011 00:23 EddyGER#11
Quote:
Originally Posted by bloodx View Post
well just stfu guys most of u even leeched a way to bypass this check and now u talk oh oh was so easy...... most of u. too only learned from epvp releases only cuz your crap ic bots get all time blocked? cry me a river.... pehh write with phone suxx... when i got my internet back i wil release again some stuff...
du hast schon recht...aber wenn man wenigstens halb so viele THANKS bekommen würde wie man die datei downgeloadet hat, wäre das doch viel besser oder nicht ?

03/11/2011 06:48 pamz12#12
like it's just about thanks.... i smell smth other
03/11/2011 10:30 RunzelEier#13
im pretty sure thiesius dont cares about stupid virtual thanks.
and for this bypass you dont need 1 line asm and you dont need to run kal in a debugger

Here is a video tut by MrSm!th about Ms Detours 1.5
[Only registered and activated users can see links. Click Here To Register...]
03/11/2011 14:02 Owmagad#14
can't get it why you keep releasing stuff & helping the leechers thiesus.
03/11/2011 17:11 Thiesius#15
Quote:
Originally Posted by Owmagad View Post
can't get it why you keep releasing stuff & helping the leechers thiesus.
1) I'm releasing only simple stuff
2) Among the leechers are also guys who aren't yet so experienced, but they are willing to learn (IT students or the guys/girls who has programming as a hobby/work)
3) I also had to learn from some material and now I think it's my turn to contribute
Page 1 of 3 1 23