Hello guys.
when i try to hook send or recv functions xtrap is detect the intercept
can anyone tell me where is the problem ?
when i try to hook send or recv functions xtrap is detect the intercept
can anyone tell me where is the problem ?
Intercept not working on int server ?
07/08/2016 22:05
MenPirate#1
07/08/2016 23:23
nokia999#2
If u read at last few posts u will know that:
a) don't hook recv / send function in kal (or you must patch xtrap to work it)
b) hook recv / send in ws2_32 and place hook 5 bytes after func start to work ( xtrap check this functions prolog).
c) use other magic metods xD
d) 0xfffffffffffff topics about it here and on other forums.....
a) don't hook recv / send function in kal (or you must patch xtrap to work it)
b) hook recv / send in ws2_32 and place hook 5 bytes after func start to work ( xtrap check this functions prolog).
c) use other magic metods xD
d) 0xfffffffffffff topics about it here and on other forums.....
07/09/2016 16:23
MenPirate#3
thanks now hooked is success ,but packet is encrypted right ?Quote:
If u read at last few posts u will know that:
a) don't hook recv / send function in kal (or you must patch xtrap to work it)
b) hook recv / send in ws2_32 and place hook 5 bytes after func start to work ( xtrap check this functions prolog).
c) use other magic metods xD
d) 0xfffffffffffff topics about it here and on other forums.....
07/10/2016 03:25
meak1#4
on Recv not, on Send yes
07/10/2016 03:32
MenPirate#5
Ok thanks meak1, but how to decrypt it ?Quote:
on Recv not, on Send yes
07/10/2016 03:33
meak1#6
you dont need to decrypt, just 'use' the sendQuote:
Ok thanks meak1, but how to decrypt it ?
07/10/2016 07:28
luki180pl#7
If he wants to sniff send packets then yes he need to decrypt.
Or there exist another send function which can be hooked by viable and undetected
Or there exist another send function which can be hooked by viable and undetected
07/10/2016 19:39
meak1#8
you can hook for some minutes or Secounds, its enough to get the Needed Send packetsQuote:
Or there exist another send function which can be hooked by viable and undetected
otherwise, yes u need to decrypt the Packets, have fun
07/12/2016 08:18
MenPirate#9
really i dont understand.Quote:
you dont need to decrypt, just 'use' the send
we hooked winsock send function and this is end point of packet senden.
as i know
step 1: Generate send packet
step 2: Push generated packet to the engine send function
step 3: encrypt the packet
step 4: send the packet to server with winsock send function
and now if i want to send packet to the server i must start from step 3 until step 4
this what i understood, is that correct?
07/12/2016 22:16
nokia999#10
READ THIS..... its easy like 1+1 ffs
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
07/13/2016 15:37
MenPirate#11
Note " im working with int server not private "
thx nokia999
really i understand this tutorial,
as u said if i want sniff the send packet i must decrypt it to be readable,
after that i will going to send my packet to the server already this will be decrypt packet
and we also send the packet with the end point ws2_32.dll send function .
and meak1 said send packet is encrypted this mean the data of packet must go to server encrypted ,
now if i send my decrypted packet the server will understand it?
thx nokia999
really i understand this tutorial,
as u said if i want sniff the send packet i must decrypt it to be readable,
after that i will going to send my packet to the server already this will be decrypt packet
and we also send the packet with the end point ws2_32.dll send function .
and meak1 said send packet is encrypted this mean the data of packet must go to server encrypted ,
now if i send my decrypted packet the server will understand it?
07/13/2016 16:43
nokia999#12
I want that you read from tut i posted link:
DWORD PBACK = 0x000000;// <- U need to get the Back Adress with IDA etc. Or do it with SearchPattern. PBACK = KALONLINE INTERNAL SEND FUNCTION ADRESS + PROLOG !!
#define SendASM __asm{ push ebp };__asm{ mov ebp, esp };__asm{ sub esp, 18h};__asm{ JMP PBACK}; // CHECK WITH IDA PROLOG OF KAL SEND FUNCTION ITS NOW A LITTLE CHANGED, THIS ONE HER IS FROM OLD KALONLINE!!
__declspec(naked) int __cdecl SendPacket (BYTE Header , LPCSTR Format , ... ){SendASM;} // AND THIS IS DEFINITION OF SEND FUNCTION THAT YOU USE IN YOUR DLL. USE LIKE: SendPacket(146, "bbb", 0, 10, 0) - it send move stop by 10 on y axis packet.....
DWORD PBACK = 0x000000;// <- U need to get the Back Adress with IDA etc. Or do it with SearchPattern. PBACK = KALONLINE INTERNAL SEND FUNCTION ADRESS + PROLOG !!
#define SendASM __asm{ push ebp };__asm{ mov ebp, esp };__asm{ sub esp, 18h};__asm{ JMP PBACK}; // CHECK WITH IDA PROLOG OF KAL SEND FUNCTION ITS NOW A LITTLE CHANGED, THIS ONE HER IS FROM OLD KALONLINE!!
__declspec(naked) int __cdecl SendPacket (BYTE Header , LPCSTR Format , ... ){SendASM;} // AND THIS IS DEFINITION OF SEND FUNCTION THAT YOU USE IN YOUR DLL. USE LIKE: SendPacket(146, "bbb", 0, 10, 0) - it send move stop by 10 on y axis packet.....
07/13/2016 17:16
MenPirate#13
dude in int kal we cant detour send function in engine cuz xtrap is detect it....
we hook winsocket function to avoid it ...
we hook winsocket function to avoid it ...
07/13/2016 18:29
nokia999#14
Where you see detour... Just call oryginal kalonline send function like i show you.
You call kalonline send function with parameters thats all not DETOURS / HOOK it^^.
Adress of send function finde with IDA or use pattern search in your dll.
You call kalonline send function with parameters thats all not DETOURS / HOOK it^^.
Adress of send function finde with IDA or use pattern search in your dll.
07/14/2016 22:25
luki180pl#15
Xtra detects changes in engine code section. But it will allow you to use send function as your own