int packet hack source

02/09/2010 22:36 zilvis69#1

Hey all,
i wanted to ask why when i run this dll [Only registered and activated users can see links. Click Here To Register...]
from this source on int , the command window appears ( for 2 seconds) and dissapears what should i do to make it always open? ( sorry im kinda noob at this, but trying to understand all this packet hacking :D)

02/09/2010 22:43 Mahatma#2

put a sleep at the begining be4 the cmdbox opens
inix uses freeconsole at every kal start...

02/09/2010 22:54 katze123#3

the hackshield will detect it....

02/09/2010 23:00 zilvis69#4

yea i noticed that.. but is there any way i can prevent that ? Anything i can change in the source?

02/09/2010 23:06 Thiesius#5

Well, there are few ways. But none of them I know, will help you much.

You can add some routines which will prevent hackshield from scanning this memory address. But I cannot help you with that, because I didn't bypassed hackshield yet. They added some new features to HShield, so it isn't as easy as it was before update.

AFAIK the Hackshield message for memory manipulation is 0x2000000B (I noticed that in the stack).

02/09/2010 23:08 zilvis69#6

^_^ im going to sleep, i dont think that i will be able to do something like that for now.. xD anyway thanks :D

02/09/2010 23:15 Mahatma#7

for me there is just a check at the start...then everything works fine...

02/09/2010 23:22 Thiesius#8

But you use ws2_32 functions to sniff and calling SendPacketMain to send, right?

02/09/2010 23:39 meak1#9

jeah oO but we talk about the console here^^ and jeah the console works after kal start

02/09/2010 23:51 Thiesius#10

Right, console has multiple usage options. You can simply use it to control your speed hack, Z-Coord hack or CoolDown/CastTime hack.

Btw has somebody noticed, that all cooldowns has been moved on end of the memory region on Windows 7? WTF?

02/10/2010 09:30 zilvis69#11

Quote:

Originally Posted by Mahatma

for me there is just a check at the start...then everything works fine...

how do u do that ^_^?

02/10/2010 13:11 meak1#12

oO start the console if kal is started??? its not hard ^^

02/10/2010 13:21 zilvis69#13

i think i misunderstood his post :D sorry

02/10/2010 13:51 Thiesius#14

Let me explain:

Code:

void InstallRecvHook()
{
	Intercept(INST_JMP,RecvMain,(DWORD)&RecvHook,5);
}
void InstallSendHook() 
{
	Intercept(INST_JMP,SendPacketMain,(DWORD)&SendPacket,6);


	Intercept(INST_JMP,SniffPacketMain_,(DWORD)&SniffPacket,6);
}

You are detected on those two functions, which replaces first 5 original bytes with JMP from RecvMain, the original kal function, to RecvHook, our modified function. Same for SendPacket.
HShield copy those bytes (from almost whole memory region) and generates hash/crc. If the CRC/hash doesn't match with original, then your game will close.

You can workaround like this:

Quote:

Originally Posted by Thiesius

But you use ws2_32 functions to sniff and calling SendPacketMain to send, right?

You will use ws2_32 recv to sniff what's recieved (clean) and ws2_32 send to sniff what's sent (encrypted) and call SendPacket to send your own packets.

There is more to explain, but I think - this should be enough for start.

But as I said, console can be useful in other ways. You can comment out the recv and send hook and use it for manipulating with Kal-Online memory space. Like modifying speed, Z-Coordinate, Cooldowns and Casttimes or everything which can't be under HShield memory check.