[Source Code] AutoInjection

Page 1 of 2 1 2
07/08/2017 18:20 Cryless~#1
There is not much to say, this trick allows you to inject code at Run-time.

[Only registered and activated users can see links. Click Here To Register...]

Guide:
- Close NosTale /!\ JUST DO IT /!\
- Open NosTale folder and rename EWSF.EWS to EWSF.dll (or no SplashScreen will appear anymore) [optional]
- Compile your code as EWSF.EWS and move it into NosTale folder

Code:
/*
*	A proof-of-concept tool for forcing the client to self inject malicious code at Run-time
*
*	Cryless Domore (@crylessdomore)
*	July 10, 2017
*	https://github.com/crylessdomore/
*/

#include <Windows.h>
#include <detours.h>

BOOL(WINAPI *oFreeLibrary)(HMODULE hLibModule);

FARPROC WINAPI oShowNostaleSplash = NULL;
FARPROC WINAPI oFreeNostaleSplash = NULL;

extern "C" __declspec(dllexport) void __declspec(naked) ShowNostaleSplash()
{
	__asm jmp oShowNostaleSplash
}

extern "C" __declspec(dllexport) void __declspec(naked) FreeNostaleSplash()
{
	__asm jmp oFreeNostaleSplash
}

BOOL WINAPI FreeLibrary_HOOK(HMODULE hLibModule)
{
	char aLibFileName[MAX_PATH];
	GetModuleFileNameA(hLibModule, aLibFileName, sizeof(aLibFileName));

	if (strstr(aLibFileName, "EWSF.EWS")) {
		hLibModule = GetModuleHandleA("EWSF.dll");
	}

	return oFreeLibrary(hLibModule);
}

void OnAttach()
{
	// Write your code here...
	MessageBoxA(NULL, "Hacking involves a different way of looking at problems that no one's thought of.", "Walter O'Brien", MB_OK);
}

BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpvReserved)
{
	switch (dwReason)
	{
	case DLL_PROCESS_ATTACH:
		HMODULE hLibModule = LoadLibraryA("EWSF.dll");
		oShowNostaleSplash = GetProcAddress(hLibModule, "ShowNostaleSplash");
		oFreeNostaleSplash = GetProcAddress(hLibModule, "FreeNostaleSplash");

		oFreeLibrary = FreeLibrary;

		DetourTransactionBegin();
		DetourUpdateThread(GetCurrentThread());
		DetourAttach(&(PVOID&)oFreeLibrary, FreeLibrary_HOOK);
		DetourTransactionCommit();

		DisableThreadLibraryCalls(hInstance);
		CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)OnAttach, NULL, NULL, NULL);
	}

	return TRUE;
}
07/10/2017 05:17 Cryless~#2
I did not expect to receive so much attention, thank you very much.

ChangeLog:
- NosMall is now working (bugfix)
- Code optimization
07/11/2017 09:49 atom0s#3
"no one's thought of" lol.. this is nothing new and is commonly done with dinput.dll for various games for the same purpose.
07/11/2017 12:51 DarkyZShadow#4
Quote:
Originally Posted by atom0s View Post
"no one's thought of" lol.. this is nothing new and is commonly done with dinput.dll for various games for the same purpose.
Of course, that's a basic technique (the proxy DLL) but to my knowledge, nobody has released this method on the Nostale forum.

Best regards,
A random developer
07/12/2017 20:37 Cryless~#5
Quote:
Originally Posted by atom0s View Post
"no one's thought of" lol.. this is nothing new and is commonly done with dinput.dll for various games for the same purpose.
With what courage do you say that after you did post a generic hook for the 'connect' function in this section? [Only registered and activated users can see links. Click Here To Register...]

At least you know who you are, a brainless just like an atom. :D
10/04/2017 23:05 ivanolo7#6
What can i do with this hack?
10/04/2017 23:37 Pumba98#7
Quote:
Originally Posted by ivanolo7 View Post
What can i do with this hack?
inject code at runtime :rolleyes:
You can do with it whatever you can do with code
10/05/2017 05:35 aliazanoor#8
Someone Willing to explain or make a video of benifits u can get off injecting on a runtime ?
i can pay if your lazy to reply or explain XD
10/05/2017 07:55 Pumba98#9
Quote:
Originally Posted by aliazanoor View Post
Someone Willing to explain or make a video of benifits u can get off injecting on a runtime ?
i can pay if your lazy to reply or explain XD
You can load any hacks on every startup without needing to inject it or you could for example steal account data unseen
10/05/2017 13:31 ivanolo7#10
Quote:
Originally Posted by Pumba98 View Post
inject code at runtime :rolleyes:
You can do with it whatever you can do with code
For expample you can dupe items or increase your gold?
10/05/2017 13:33 Pumba98#11
Quote:
Originally Posted by ivanolo7 View Post
For expample you can dupe items or increase your gold?
If you know any dupes
10/05/2017 14:16 ivanolo7#12
Quote:
Originally Posted by Pumba98 View Post
If you know any dupes
No one is going to tell me? xDDD
10/05/2017 14:23 Pumba98#13
Quote:
Originally Posted by ivanolo7 View Post
No one is going to tell me? xDDD
There is no public
10/06/2017 05:50 aliazanoor#14
Any private to buy ?!
10/08/2017 11:53 Cryless~#15
Quote:
Originally Posted by aliazanoor View Post
Any private to buy ?!
Just open a thread somewhere else and stop spamming!
Page 1 of 2 1 2