OpenSource

Page 1 of 2

02/24/2012 00:18 bloodx#1

I just started this Thread for all to post Source Codes/Snippes/Packets what ever.

Looks like some more People now know how to work with the Public Sources.

Here a little "Base"

Spoiler

DllMain.cpp

PHP Code:


			
#include "Main.h"

HANDLE main_HackThread = 0;
unsigned int main_HackThread_ID = 0;

BOOL __stdcall DllMain(HMODULE hModule, unsigned long ulCallReason, LPVOID lpReserved)
{
    switch(ulCallReason)
    {
    case DLL_PROCESS_ATTACH:
            main_HackThread = reinterpret_cast <HANDLE> (_beginthreadex(NULL , 0, &CMain::Main_HackThread_, NULL, NULL, &main_HackThread_ID));
        break;
    case DLL_PROCESS_DETACH:
        break;
    }
    return 1;
}

Main.h

PHP Code:


			
#ifndef MAIN_H
#define MAIN_H
#include <WinSock2.h>
#include <detours.h>
#include <Windows.h>
#include <iostream>
#include <io.h>
#include <fcntl.h>
#include <process.h>
#include <math.h>
#include <stdio.h>
#include <fstream>
#include <vector>
#include <iterator>
#include <algorithm>
#include <string>
#include <stdint.h>

#pragma comment(lib, "detours.lib")
#pragma comment(lib, "ws2_32.lib")

class CMain
{
public:
    static unsigned int __stdcall Main_HackThread_( LPVOID lpParam );
};

#endif MAIN_H

Mainc.pp

PHP Code:


			
#include "Main.h"
#include "Send.h"
#include "Function.h"
extern HANDLE main_HackThread;

extern int (__stdcall *DetourRecv)(SOCKET Socket, char *Buffer, int Length, int Flags);
extern int __stdcall FilterRecv(SOCKET Socket, char* Buffer,int iLenght, int iFlags);

extern unsigned long Chat_add;
extern unsigned long MiniChat_add;

unsigned int __stdcall CMain::Main_HackThread_( LPVOID lpParam )
{
    //Initialize AhnLab HackShield Kill
    BYTE Replacer;
    DWORD Virutal_add = 0x00504DBF - 0x00104DBF;
    Replacer = 0x85;
    CFunction::MemcpyEx(Virutal_add + 0x00104DBF, reinterpret_cast<DWORD>(&Replacer),1);
    Replacer = 0x75;
    CFunction::MemcpyEx(Virutal_add + 0x00104F66, reinterpret_cast<DWORD>(&Replacer),1);
    CFunction::MemcpyEx(Virutal_add + 0x0010DB66, reinterpret_cast<DWORD>(&Replacer),1);
    Replacer = 0x61;
    CFunction::MemcpyEx(Virutal_add + 0x002A2A6D, reinterpret_cast<DWORD>(&Replacer),1);

    BYTE pChat[] = {0x55,0x8B,0xEC,0x83,0x3D,0x48,0x2B,0x86,0x00,0x00,0x74,0x17,0x8B,0x45,0x10,0x50};
    char * mChat = "xxx????????xxxx";
    
    BYTE pKChatLog[] = {0x55,0x8B,0xEC,0x83,0x3D,0x00,0x00,0x00,0x00,0x00,0x74,0x17,0x8B,0x45,0x10,0x50}; 
    char * cKChatLog = "xxxxx?????xxxxxx"; 

    Chat_add = CFunction::dwFindPattern( 0x00400000,0x00700000,pChat,mChat);
    MiniChat_add = CFunction::dwFindPattern( Chat_add+1,0x00700000,pKChatLog,cKChatLog); 

    DetourRecv = (int (__stdcall *)(SOCKET, char *, int, int))DetourFunction(reinterpret_cast<PBYTE>(0x0052F060),reinterpret_cast<PBYTE>(FilterRecv));

    CloseHandle(main_HackThread);
    _endthreadex(0);
    return 0;
}

Send.cpp

PHP Code:


			
#include "Main.h"
#include "Send.h"

DWORD SendKoemBack = ((*reinterpret_cast<DWORD*>(0x004921F4 + 1)) + (0x004921F4 + 1) + 4);

__declspec (naked) int __cdecl CSend::SendKoemV2(BYTE type, char* format, ...)
{
    __asm jmp SendKoemBack
}

Send.h

PHP Code:


			
#ifndef SEND_H
#define SEND_H
class CSend
{
public:
    static int __cdecl SendKoemV2(BYTE type , char* format, ...);
};
#endif SEND_H

Recv.cpp

PHP Code:


			
#include "Main.h"
#include "Function.h"
#include "Send.h"
#include "Recv.h"

enum RecvHeader
{
    Item = 0x36,
    PlayeyApear = 0x32
};

void MyRecv(char* szBuffer,int iLenght)
{
    switch (szBuffer[2])
    {
    case Item:
        {
            WORD  Itemindex = *reinterpret_cast<WORD*>(&szBuffer[3]);
            DWORD dwItemID = *reinterpret_cast<DWORD*>(&szBuffer[5]);
            DWORD AchseX = *reinterpret_cast<DWORD*>(&szBuffer[5 + 4]);
            DWORD AchseY = *reinterpret_cast<DWORD*>(&szBuffer[5 + 4 + 4]);
            DWORD Amount = *reinterpret_cast<DWORD*>(&szBuffer[17]);

            CSend::SendKoemV2(0x20,"ddd",dwItemID,AchseX / 32,AchseY / 32);
            CFunction::IngameMiniChat(violett,"Picked->[ItemUID _ %d][Index _ %d][Amount _ %d]",dwItemID, Itemindex, Amount);
        }
        break;
    case PlayeyApear:
        {
            DWORD PlayerUniqueID = *reinterpret_cast<DWORD*>(&szBuffer[3]);
            char szPlayerName[255];
            memcpy(reinterpret_cast<char*>(szPlayerName),reinterpret_cast<void*>((reinterpret_cast<DWORD>(szBuffer) + 7)),16);
            BYTE PlayerReserved = strlen(szPlayerName);
            DWORD PlayerCoordinateX = *reinterpret_cast<DWORD*>(&szBuffer[7 + PlayerReserved + 2]);
            DWORD PlayerCoordinateY = *reinterpret_cast<DWORD*>(&szBuffer[7 + PlayerReserved + 6]);
            DWORD PlayerCoordinateZ = *reinterpret_cast<DWORD*>(&szBuffer[7 + PlayerReserved + 10]);
            CFunction::IngameChat(blue,"Player->[Name _ %s][UID _ %d][X,Y,Z [%d,%d,%d] ]",
                szPlayerName,PlayerUniqueID,PlayerCoordinateX,PlayerCoordinateY,PlayerCoordinateZ);
        }
        break;
    }

}
int (__stdcall *DetourRecv)(SOCKET Socket, char *Buffer, int Length, int Flags);
int ASyncPos = 0;
int FinalSize = 0;
int __stdcall FilterRecv(SOCKET Socket,char *Buffer, int iLength, int iFlags)
{
    if (ASyncPos == FinalSize && FinalSize > 0)
    {
        MyRecv(Buffer, ASyncPos);

        ASyncPos = 0;
    }
    int RecvRET = DetourRecv(Socket, Buffer, iLength, iFlags);
    if (RecvRET < 0)
    {
        return RecvRET;
    }
    if (ASyncPos == 0)
        FinalSize = *((short int*) Buffer);
    ASyncPos += RecvRET;

    return RecvRET;

}

Function.cpp

PHP Code:


			
unsigned long Chat_add;

typedef int (__cdecl * Chat_org)(char, char*, int);

unsigned long MiniChat_add;

typedef int (__cdecl * MiniChat_org)(char*, int, int);

void CFunction::IngameChat(int color,char* mFormat,...){ 

    char* mText = new char[255];
    va_list args;
    va_start(args, mFormat);
    vsprintf_s(mText,255,mFormat,args);
    va_end(args);

    ((Chat_org)Chat_add)(0,mText,color);
}

void CFunction::IngameMiniChat(int color,char* msg, ...){ 
    char* mText = new char[255];
    va_list args;
    va_start(args, msg);
    vsprintf_s(mText,255,msg,args);
    va_end(args);

    ((MiniChat_org)MiniChat_add)(mText,color,1); 
}  

bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
    for(;*szMask;++szMask,++pData,++bMask)
        if(*szMask=='x' && *pData!=*bMask )
            return false;
    return (*szMask) == NULL;
}

DWORD CFunction::dwFindPattern(DWORD dwAddress,DWORD dwLen, BYTE *bMask, char * szMask) {
    for(DWORD i=0;i<dwLen;i++)
        if( bDataCompare( reinterpret_cast<BYTE*>( dwAddress+i ),bMask,szMask) )
            return static_cast<DWORD>(dwAddress+i);
    return NULL;
}
LPVOID CFunction::MemcpyEx(DWORD lpDest, DWORD lpSource, int len)
{
    DWORD oldSourceProt, oldDestProt = 0;
    VirtualProtect(reinterpret_cast<LPVOID>(lpSource),len,PAGE_EXECUTE_READWRITE,&oldSourceProt);
    VirtualProtect(reinterpret_cast<LPVOID>(lpDest),len,PAGE_EXECUTE_READWRITE,&oldDestProt);
    memcpy(reinterpret_cast<void*>(lpDest),reinterpret_cast<void*>(lpSource),len);
    VirtualProtect(reinterpret_cast<LPVOID>(lpDest),len,oldDestProt,&oldDestProt);
    VirtualProtect(reinterpret_cast<LPVOID>(lpSource),len,oldSourceProt,&oldSourceProt);
    return reinterpret_cast<LPVOID>(lpDest);
};

DWORD realtarget;
DWORD CFunction::Intercept(int instruction, DWORD lpSource, DWORD lpDest, int len)
{

    LPBYTE buffer = new BYTE[len];

    memset(buffer,0x90,len);

    if (instruction != INST_NOP && len >= 5)
    {
        buffer[(len - 5)] = instruction;
        DWORD dwJMP = static_cast<DWORD>(lpDest) - (lpSource + 5 + (len - 5));
        memcpy(&realtarget,reinterpret_cast<void*>(lpSource + 1),4);
        realtarget = realtarget + lpSource + 5;
        memcpy(buffer + 1 + (len - 5),&dwJMP,4);
    }
    if (instruction == SHORT_JZ)
    {
        buffer[0] = instruction;
        buffer[1] = static_cast<BYTE>(lpDest);
    }
    if (instruction == INST_BYTE)
    {
        buffer[0] = static_cast<BYTE>(lpDest);
    }
    CFunction::MemcpyEx(lpSource, reinterpret_cast<DWORD>(buffer), len);

    delete[] buffer;
    return realtarget;
}

Function.h

PHP Code:


			
#ifndef FUNCTION_H
#define FUNCTION_H

#define orange 16594
#define lightblue 15073034
#define violett 12615808
#define green 32768
#define pink 16751615
#define blue 15453831
#define red 255

#define INST_NOP 0x90
#define INST_CALL 0xe8
#define INST_JMP 0xe9
#define INST_BYTE 0x00
#define SHORT_JZ 0x74

class CFunction
{
public:
    static DWORD Intercept(int instruction, DWORD lpSource, DWORD lpDest, int len);
    static LPVOID MemcpyEx(DWORD lpDest, DWORD lpSource, int len);
    static DWORD dwFindPattern(DWORD dwAddress,DWORD dwLen, BYTE *bMask, char * szMask);
    static void IngameChat(int color,char* mFormat,...);
    static void IngameMiniChat(int color,char* msg,...);
};


#endif FUNCTION_H

02/24/2012 00:27 hoseta#2

good release thanks, public source's are always good book for learning :]

02/24/2012 01:43 bloodx#3

IngameChat Hook
thx to NOOR/Syron

PHP Code:


			
void __stdcall MyChatBox(char* rw)
{
    if (strcmp(rw,"/Test") == 0)
    {
        //do your stuff..
    }
}
DWORD MyChatBack;
void __declspec( naked ) MyChatHook()
{
    __asm
    {
            add        esp,4
            mov     eax, esp
            push    eax
            call    MyChatBox
            jmp MyChatBack;
    }
}
BYTE pChatBoxHook[] = {0x83,0xC4,0x04,0x85,0xC0,0x74,0x02,0xEB,0x26,0x8B,0x55,0xF8,0x52,0x68,0x00,0x00,0x00,0x00,0x6A,0x11,0xE8, 0x00, 0x00,0x00,0x00};
    char* ChatBoxHook = "xxxxxxxxxxxxxx????xxx????";

    MyChatBack=CFunction::dwFindPattern(0x00400000,0x00700000,pChatBoxHook,ChatBoxHook);
    CFunction::Intercept(INST_JMP,MyChatBack,reinterpret_cast<DWORD>(MyChatHook),9);
    MyChatBack += 0x09;

02/24/2012 10:34 pamz12#4

@above
the right thing i needed thanks alot :)

ty to NOOR too

02/24/2012 16:19 Roronoa Z.#5

da hat wohl jmd ne vorliebe f�r reinterpret_cast gefunden ;D

02/24/2012 16:22 bloodx#6

wozu C-Casts benutzten :P

02/24/2012 17:13 RunzelEier#7

geht schneller und macht das gleiche :P

02/25/2012 18:16 hoseta#8

could some1 help me with recv npc ID ?,
which recv packet i need to use?, have no idea, and i didint try to work with send yet.

02/25/2012 18:24 Kealy#9

Quote:

Originally Posted by bloodx

((*reinterpret_cast<DWORD*>(0x004921F4 + 1)) + (0x004921F4 + 1) + 4)

Quote:

Originally Posted by bloodx

#include <everything.h>

Quote:

Quote:

Originally Posted by Roronoa Z.

da hat wohl jmd ne vorliebe f�r reinterpret_cast gefunden ;D

Quote:

Originally Posted by bloodx

wozu C-Casts benutzten :P

Quote:

Originally Posted by bloodx

if (strcmp(rw,"/Test") == 0)

wozu std::string benutzen ?

Quote:

Originally Posted by bloodx

DWORD MyChatBack;
void __declspec( naked ) MyChatHook()
{
__asm
{
add esp,4
mov eax, esp
push eax
call MyChatBox
jmp MyChatBack;
}
}

[Only registered and activated users can see links. Click Here To Register...]

Lolwut.
Besides the horrible reinterpret_casts, and the pattern search, this looks so fucking much like ZeroTen's ugly source.

02/25/2012 19:01 bloodx#10

Quote:

Originally Posted by Kealy

Lolwut.
Besides the horrible reinterpret_casts, and the pattern search, this looks so fucking much like ZeroTen's ugly source.

Yeah I diddn't checked the includes already had know there are useless one's. c&p from a other Project I had left here.

thx for tip with std::string ;) I will change it for sure.

uhm nah it's not ZeroTen's source.

02/25/2012 19:57 MoepMeep#11

Quote:

Originally Posted by hoseta

could some1 help me with recv npc ID ?,
which recv packet i need to use?, have no idea, and i didint try to work with send yet.

should be 0x34.

02/25/2012 20:21 Kealy#12

Quote:

Originally Posted by bloodx

Yeah I diddn't checked the includes already had know there are useless one's. c&p from a other Project I had left here.

thx for tip with std::string ;) I will change it for sure.

uhm nah it's not ZeroTen's source.

Baah, 'k.
Now I look like the bad guy <:

So, if you want to gear up on efficiency a bit, you should read some [Only registered and activated users can see links. Click Here To Register...], and see how you can use it.
It's there to be used.

Also, like RunzelEier already said, using reinterpret_cast will do exactly the same as C-style cast, it just makes the code more confusing overall, if you overuse it.
And in the end, type-casting doesn't exist in ASM (unless you change from signed/unsigned or change the container width).

You should also learn some [Only registered and activated users can see links. Click Here To Register...], to have a clear understanding of calling conventions and what they imply, the stack and how it reacts upon push/pop, et cetera.
Detouring functions using direct JMP's toward declspec(naked) functions is just a bad design. (that's how ZeroTen does it)
You shouldn't do that unless it's absolutely necessary.
It is always better to reserve a few bytes ahead, and push the necessary variables on the stack, and then call your hook, this way, you can create your own local variables, and use whichever calling convention you like, without having to worry where to jump back.
And it will look a lot better. (because yes, people should care about style)

Detouring class functions should be linked toward __fastcall hooks, and those hooks should NOT be in a class, not even static. It is better to leave them in a namespace, to keep things ordered.
The reason I'm saying this, is because forcing calling conventions on member functions will confuse the compiler, and cause undefined behaviour. (like moving edx into ecx in a __fastcall member function).

Declaring class instances using extern and using static member functions are also a bad design.
The "extern" keyword might be the "approved" way to declare globals, but that's not something you should rely on.
Classes are meant to be used for object-oriented programming, not to be used as a wrapper.
Therefore, static members should only be used within a class if you use a singleton patterning.

So, that's pretty much it =]

02/25/2012 20:30 ilQr#13

hi it is

02/25/2012 21:08 hoseta#14

Quote:

Originally Posted by MoepMeep

should be 0x34.

@MoepMeep, big thanks getting id work fine.

but is there a way to get correct name of npc?

[Only registered and activated users can see links. Click Here To Register...]

02/25/2012 22:14 Kealy#15

Read it from message.dat ?

Page 1 of 2