Hi guys/girls.
Are you annoyed with people always using hacks on your server? Well here I ease you into the basics to help prevent this. In this part I cover adding checks for detecting if there is any irregularities in certain values and working out a balance between execute occurrence of the detection code and not lagging the game too much.
You will need:
So first we need to understand what the hack is doing and how it works. Let’s have a look at vac (vacuum hack, it draws as many mobs as defined towards the player). Both editing the data.pak/info.csv or using CE vac script, do exactly the same thing. Only difference is if you edit the data.pak/info.csv than the game loads those modified values, but if you use the CE script vac than it modifies the values of all mobs that come into your screen, so it edits as you play. Now because we know how they work, we must choose how we are gonna do this and where we should add this code. Well cause we’re better off checking both at the same time, then that means we are best of just looking at the CE vac script and editing there.
Now let’s just decide we only want to make a check for DwExploreRange. So only parts that are of interest to us in the script is the offset where the script is injected and the pointer to DwExploreRange.
Offset = 00450BCD
DwExploreRange = [eax]
Now let’s look at the info.csv and see what numbers mobs usually have for DwExploreRange. The numbers normally consist from 0 – 6, so it’s safe to say anything 7 or higher has been modified by the player/hacker. So now we just need to create the check for this.
So what happens here is it compares the dword value at pointer eax with 6, if it’s less than or equal then the jump is taken and it skips the call to ExitProcess.
Ok now that we’ve done that part all we got to do now, is add the code into the dekaron.exe. So this is where we use the offset, provided in the CE script to choose where to put our code. Now knowing that if they use CE only code that’s after that offset is modified anything prior for that mob, is normal. So we have to put it after.
So why don’t we just make the check the code right below it, at offset 004508D3. And then we just need to add the jump to new code at another offset, since there’s too much code then can fit.
Now you can also check to see if any code has been modified. So maybe you’d want to add checks seeing if any of your added code got modified or if the CE has been enabled at a certain address.
here I will be covering encryption/decryption to help make it harder for your work to be bypassed. As well as adding certain needed values/files into the dekaron.exe so they can’t just swap your anti hack dekaron.exe with an unmodified one.
First off for encryption/decryption I’ll give a basic example and explain what’s going on then I’ll just give you some ideas of what you could do. Here’s a basic encryption, showing the pointer address encrypted.
So as you can see ebx holds the address of the encrypted bytes, then ecx is cleared and is then used as the pointer for the byte as well as the amount of loops it needs to do till it leaves function. The encryption is basic just subtracting 1 from each of the 3 bytes in the address in the pointer in the compare command, so all the decryption is doing, is reversing that. Hence the inc byte ptr [ecx+ebx], it’s adding 1 onto each of the 3 bytes in the address. So after the code is run it would be decrypted as 450BCD, then the check could be run etc.
You can have the decryption at any stage in the game and then call the decrypted function much later on. If you have any specific calls you don’t want found you can encrypt them, as well as most of your code. The benefits are that they won’t be able to find references to the command, calls to the command, understand the code unless they either execute it or have the decryption algorithm.
Now to create the dekaron.exe so it can’t be bypassed by simply swapping it with another unedited one. What you must do is add some specific file to the dekaron.exe and remove it from the data.pak. So normal dekaron.exe’s don’t have enough files to run.
Well eax holds an address which contains the string of the ip, for your server. So you could have the ip written somewhere in the dekaron.exe then move the address into eax. Then in the file that contains that ip (either loginlist or channellist, i forget which one this address is for, sorry) and just replace each character with 9′s or whatever you want.
Though if you just leave it like that, it is easy for someone to just copy it and put it back into the files. But if you mix the encryption with this, it can work very well.
this is the latest tutorial so far and maybe the last. Here I’ll just show a basic program that will check for a process then end the game. But i will explain what you can do. Here is the code snippet of the win32 C program.
The point of the separate program is to not let the game do everything, cause it will cause too much lag. So cause this is a separate program you are free to build it how you want, whether you want it to be used for detecting if ollydbg, CE or any other hacking software programs are running. This snippet is the simplest form, all it does is search for the the title “Cheat Engine 5.5″ and if it finds that, than it terminates the process Game, which is the dekaron.exe. Now it’s up to you to make the program you want to be responsible for letting hacking software running while the game is active.
Like the one i made (different from the quick example i whipped up), gets created when the dekaron.exe is launched. Then it searches all processes for specific information, while writing a ‘safety’ check to the dekaron.exe. If it finds lets say CE running then the program will terminate the game and end. Though I’ve added things so if people do edit the program, then the dekaron.exe won’t work. Some of the functions i used are
Credits:
Bottomy
Are you annoyed with people always using hacks on your server? Well here I ease you into the basics to help prevent this. In this part I cover adding checks for detecting if there is any irregularities in certain values and working out a balance between execute occurrence of the detection code and not lagging the game too much.
You will need:
- Dekaron.exe (Can be found in your bin folder in main games directory)
- OllyDbg
- Some knowledge of hacks
So first we need to understand what the hack is doing and how it works. Let’s have a look at vac (vacuum hack, it draws as many mobs as defined towards the player). Both editing the data.pak/info.csv or using CE vac script, do exactly the same thing. Only difference is if you edit the data.pak/info.csv than the game loads those modified values, but if you use the CE script vac than it modifies the values of all mobs that come into your screen, so it edits as you play. Now because we know how they work, we must choose how we are gonna do this and where we should add this code. Well cause we’re better off checking both at the same time, then that means we are best of just looking at the CE vac script and editing there.
PHP Code:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
00450BCD:
jmp newmem
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//DwExploreRange eax
mov [eax+08],00000020//DwSight eax+08
mov [eax+04],00000020//DwPersuitRange eax+04
//DwAvoidRange eax+0C
mov [eax+10],00000064//DwExploreStandDelay eax+10
mov [eax+14],00000064//DwExploreMoveDelay eax+14
mov [eax+18],00000064//DwStandDelay eax+18
mov [eax+1C],00000064//DwMoveDelay eax+1C
//DwFollowMyMasterRange eax+20
//DwStopMasterNear eax+24
//DwWarpMyMasterRange eax+28
mov [eax+2C],00000064//DwCallTeamPossibelHP eax+2C
mov [eax+30],00000020//DwCallTeamCount eax+30
mov [eax+34],00000000//DwBlockNFirstAttack eax+34//mov [eax+38],00000020//dwCallTeamCell byte[eax+38]
//dwFollowTarget eax+3C
//dwSpecialAttackStartHP
//dwSpecialMeleeAttackRate
//dwSpecialRangeAttackRate
//DwPowerAttacjStartHP
//dwPowerMeleeAttackProbable
//dwPowerRangeAttackProbable
//mov [eax+40],00000000//DwUnderAttackAggro eax+40
//mov [eax+44],00000000//DwMeleeAttackRangeInAggro eax+44
//mov [eax+48],00000000//DwRangeAttackRangeInAggro eax+48
//DwSightInAggro eax+4C
//DwDefeatAggro eax+50
mov [eax+54],00000000//DwBlockedAggro eax+54
mov [eax+58],00000000//DwSlideAggro eax+58
mov [eax+5C],00000000//DwHealAggro eax+5C
//DwMasterUnderAttackAggro eax+50
//DwMasterDefeatAggro eax+54
//DwMasterBlockingAggro eax+58
//DwMasterSlideAggro eax+5C
//DwCOmplusionUnderAttackAggro eax+60
//dwMaxSummonsMonsterCount eax+64
//dwReSummonsMonsterTick eax+68
//dwMaxSummonsMonsterRange eax+6C
//dwSummonsStartPcCountPatternType eax+70
originalcode:
mov edx,[eax+1c]
mov [ecx+20],edx
mov edx,10 // number spawn
mov [eax+8c],edx
mov edx,64 // time delay spawn
mov [eax+90],edx
mov edx,30 // # follow monster
mov [eax+3C],edx
//mov [ecx+20],edx // # follow my master
exit:
jmp returnhere
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
00450BCD:
mov edx,[eax+1c]
mov [ecx+20],edx
Offset = 00450BCD
DwExploreRange = [eax]
Now let’s look at the info.csv and see what numbers mobs usually have for DwExploreRange. The numbers normally consist from 0 – 6, so it’s safe to say anything 7 or higher has been modified by the player/hacker. So now we just need to create the check for this.
PHP Code:
cmp dword ptr [eax], 6
jle SkipCrash
push 0
call ExitProcess
SkipCrash:
Ok now that we’ve done that part all we got to do now, is add the code into the dekaron.exe. So this is where we use the offset, provided in the CE script to choose where to put our code. Now knowing that if they use CE only code that’s after that offset is modified anything prior for that mob, is normal. So we have to put it after.
PHP Code:
00450BCD . 8B50 1C MOV EDX,DWORD PTR DS:[EAX+1C]
00450BD0 . 8951 20 MOV DWORD PTR DS:[ECX+20],EDX
00450BD3 . 8B50 20 MOV EDX,DWORD PTR DS:[EAX+20]
00450BD6 . 8951 24 MOV DWORD PTR DS:[ECX+24],EDX
PHP Code:
00450BCD . 8B50 1C MOV EDX,DWORD PTR DS:[EAX+1C]
00450BD0 . 8951 20 MOV DWORD PTR DS:[ECX+20],EDX
00450BD3 E9 C3A85400 JMP dekaron_.0099B49B
00450BD8 90 NOP
0099B49B 8338 06 CMP DWORD PTR DS:[EAX],6
0099B49E ^0F8E 3457ABFF JLE dekaron_.00450BD8
0099B4A4 6A 00 PUSH 0
0099B4A6 E8 3F19E87B CALL kernel32.ExitProcess
PHP Code:
00450BCD . 8B50 1C MOV EDX,DWORD PTR DS:[EAX+1C]
00450BD0 . 8951 20 MOV DWORD PTR DS:[ECX+20],EDX
00450BD3 813D CD0B4500 8>CMP DWORD PTR DS:[450BCD],891C508B
je Skip
push 0
call ExitProcess
Skip:
First off for encryption/decryption I’ll give a basic example and explain what’s going on then I’ll just give you some ideas of what you could do. Here’s a basic encryption, showing the pointer address encrypted.
PHP Code:
00800A62 > BB 740A8000 MOV EBX,dekaron_.00800A74
00800A67 2BC9 SUB ECX,ECX
00800A69 FE0419 INC BYTE PTR DS:[ECX+EBX]
00800A6C 41 INC ECX
00800A6D 83F9 03 CMP ECX,3
00800A70 ^75 F7 JNZ SHORT dekaron_.00800A69
00800A72 813D CC0A4400 8>CMP DWORD PTR DS:[440ACC],891C508B
You can have the decryption at any stage in the game and then call the decrypted function much later on. If you have any specific calls you don’t want found you can encrypt them, as well as most of your code. The benefits are that they won’t be able to find references to the command, calls to the command, understand the code unless they either execute it or have the decryption algorithm.
Now to create the dekaron.exe so it can’t be bypassed by simply swapping it with another unedited one. What you must do is add some specific file to the dekaron.exe and remove it from the data.pak. So normal dekaron.exe’s don’t have enough files to run.
PHP Code:
004E13C3 . FF52 10 CALL DWORD PTR DS:[EDX+10]
004E13C6 . 50 PUSH EAX
004E13C7 FF15 E0C39900 CALL DWORD PTR DS:[<&ws2_32.inet_addr>]
Though if you just leave it like that, it is easy for someone to just copy it and put it back into the files. But if you mix the encryption with this, it can work very well.
this is the latest tutorial so far and maybe the last. Here I’ll just show a basic program that will check for a process then end the game. But i will explain what you can do. Here is the code snippet of the win32 C program.
HTML Code:
DWORD Gamepid;
HWND hwnd = FindWindow(NULL, "Dekaron");
GetWindowThreadProcessId(hwnd, &Gamepid);
HANDLE Game = OpenProcess(PROCESS_ALL_ACCESS, 0, Gamepid);
for ( ; ; )
{
if (FindWindow(NULL, "Cheat Engine 5.5"))
{
TerminateProcess(Game, 0);
return 0;
}
Sleep(2000);
}
return 0;
Like the one i made (different from the quick example i whipped up), gets created when the dekaron.exe is launched. Then it searches all processes for specific information, while writing a ‘safety’ check to the dekaron.exe. If it finds lets say CE running then the program will terminate the game and end. Though I’ve added things so if people do edit the program, then the dekaron.exe won’t work. Some of the functions i used are
- FindWindow()
- GetWindowThreadProcessId()
- EnumProcess()
- ReadProcessMemory()
- WriteProcessMemory()
- TerminateProcess()
Credits:
Bottomy
