[Release] KalClient Hookbase (Int+Ps)

Page 1 of 6 1 23 Last »
01/13/2011 19:13 syntex#1
Hello everyone

This Source is for learning purpose only. If you have any questions just write them down.


If you like to extend this source - please upload your changes and share with the community.

[Only registered and activated users can see links. Click Here To Register...]

Have fun ;)

Greetings:
ZeroTen
Kealy aka Sun
01/13/2011 19:22 hehepwnz#2
i will check this out, thx

edit:

Code:
if(GetAsyncKeyState(VK_F3 & 1)) // HotKey F3
		{
			KalClient::Chat(lightblue," DWORD: %d - INT: %i - STRING: %s",25000,25,"STRING");
			Sleep(500); // avoid keyspam
		}
Also ich mag Sleep nicht soooo, wie wäre es mit:

Code:
if(GetAsyncKeyState(VK_F3 & 1)) // HotKey F3
{
KalClient::Chat(lightblue," DWORD: %d - INT: %i - STRING: %s",25000,25,"STRING");
			
                        while(GetAsyncKeyState(VK_F3)) // HotKey F3
                        {
                        }
}
:P
01/13/2011 19:31 syntex#3
ah its pretty clean written and easy to implenent in already excisting projects.

Currently it has Chat,Notice,Datopen ptr hook.

If anyone has wishes tell me and I add them. I might try to code a hackshield proof hook, dunno how they detect detours on normal funcs (maybe patternscan or return check who knows?)


@edit,
it was just for example (to execute the functions I hooked).

If we could hook Opendat for example I would like to do smth like that:
if("Login")
QuickSendHook(Login)
if("Login2")
QuickSendHook(Login2)

you could handle dat actions ingame with own functions, would be useful but hooks get detected thou hackshield (opcode check , or return check I dunno). I need more creativity on hooks ;p
01/13/2011 21:12 th3hitman#4
Nice Release michi!Didnt know u where releasing so soon :D
01/13/2011 22:44 Thiesius#5
HackShield-Scanner loads the memory and then creates CRC from it. If generatedCRC != correctCRC -> Notify engine message callback -> Memory manipulation detected -> Exit Process.
The CRC function is checked by Themida's Integrity check and probably even some kind of HackShield's self-integrity-check. Also altering engine callback is not good idea as you won't be able to respond to 0x03 packet.

As far I remember the CRC was generated from 0x1000 big memory chunks inside engine.exe (Including packet functions etc.).

Anyways -> good job on finding function calls.

#EDIT:
This is basically the output of hackshield if you are detected.
(ModName: engine.exe(00400000h) Addr:00573000h, 6364F81Bh != F9C775AAh)

[Addr] = Start address of checked region. So modification is probably between 00573000h and 00574000h in this example.
[n0 != n1] = CRC is not obviously matching
01/13/2011 23:10 syntex#6
Quote:
Originally Posted by Thiesius View Post
HackShield-Scanner loads the memory and then creates CRC from it. If generatedCRC != correctCRC -> Notify engine message callback -> Memory manipulation detected -> Exit Process.
The CRC function is checked by Themida's Integrity check and probably even some kind of HackShield's self-integrity-check. Also altering engine callback is not good idea as you won't be able to respond to 0x03 packet.

As far I remember the CRC was generated from 0x1000 big memory chunks inside engine.exe (Including packet functions etc.).

Anyways -> good job on finding function calls.

#EDIT:
This is basically the output of hackshield if you are detected.
(ModName: engine.exe(00400000h) Addr:00573000h, 6364F81Bh != F9C775AAh)

[Addr] = Start address of checked region. So modification is probably between 00573000h and 00574000h in this example.
[n0 != n1] = CRC is not obviously matching
what about let it scan the real engine and use another one to work with?!
01/13/2011 23:17 Fremo.#7
syntex released was :awesome:

Heutn' besonderer tag oder wat ;D
01/13/2011 23:18 Thiesius#8
I'm not sure what do you mean.

However my bypass was inline asm hook, that checked read location and if the Hackshield was just about to read the region I switched the pointer to original bytes (backup) instead modified and after that I switched the pointer back to engine. However the integrity check had to be cracked too.

But atm there are like 3 checks (or maybe more) that has to be modified (not easy stuff ofcourse -> Themida is not cheap protection)
01/13/2011 23:27 syntex#9
Quote:
Originally Posted by Thiesius View Post
I'm not sure what do you mean.

However my bypass was inline asm hook, that checked read location and if the Hackshield was just about to read the region I switched the pointer to original bytes (backup) instead modified and after that I switched the pointer back to engine. However the integrity check had to be cracked too.

But atm there are like 3 checks (or maybe more) that has to be modified (not easy stuff ofcourse -> Themida is not cheap protection)
yea its alot of work finding those and crack them , not worth it while IAT/EAT hooks work without any issues ;)

I dont need those hooks but they would be useful to have.
01/14/2011 00:36 bloodx#10
hmmm Look's quit good... gogo make more :P
01/14/2011 12:44 syntex#11
I gonna add cooldown for skills when I find some sparetime :)

if you have more wishes I add them, im thinkin of adding quicksend and recv hook but dunno what you guys think... if you made something new just add it and reupp I will add it on first page.
01/14/2011 13:47 pamz12#12
dude what happened to you? you sound like you're supporting leechers all sudden ^^^^ hehe
01/14/2011 14:09 syntex#13
its time to quit ;)

it might be useful for newbies to start learning ..
01/14/2011 14:41 hehepwnz#14
time to quit?
blocked? :P
01/14/2011 14:42 bloodx#15
time to Release things ;D Let's fuck up kal hehehehehehe :]
Page 1 of 6 1 23 Last »