[RELEASE][.NET] Hooking library, take two

~~pro4never~~ · 04/29/2012, 22:54

Quote:

Originally Posted by denominator

Had a look at this and I am impressed, however I've also looked around at trying to make it "clientless" and I did find something about "hidden" on Google but I'm a little confused as to where it would be put?

If somebody would like to whisper me that has enough knowledge on this then I can give a url to the page that I found the "hidden" thing on.

Clientless cannot truly be accomplished with hooking because you are hooking into the client itself. You could hide the client but that's not clientless... you still have one open and the ram/cpu are still being used, you just aren't seeing the client.

I've seen hawtness demonstrating relog functionality using a hook bot so I don't really see a HUGE difference between clientless and cliented in a small bot you make yourself (obviously in a large scale, clientless is a big deal).

Tl:dr. True clientless with a hook based bot is not possible.

denominator · 04/29/2012, 23:06

Yup I know what you mean P4N and yeah the process still runs but silently I guess you could call it?

Regardless the thing I was looking at just hides the stupid console any way lol.

Clientless as in CHROME bot for example.

I got this running as a GUI BUT I have no real idea how to show the packets unlike in the console. I mean with the console you just click and it opens the Conquer.exe and then you can see the packets etc in the console but I don't like using console and prefer to use a GUI so how would I add this to the GUI and in what would I add it to? I mean like a listbox or gridview or what?

Code:

private void button1_Click(object sender, EventArgs e)
        {
            COClient client = new COClient();
            client.Detached += (delegate()
            {
                Console.WriteLine("Client with process Id " + client.ProcessId + " detached");
            });


            client.PacketSent += (delegate(byte[] packet)
            {
                Console.WriteLine("SENT: " + BitConverter.ToString(packet).Replace("-", " "));
            });

            client.PacketReceived += (delegate(byte[] packet)
            {
                Console.WriteLine("RECV: " + BitConverter.ToString(packet).Replace("-", " "));
            });
            client.Start();
            

            Console.Read();

            client.SendPacket(new byte[] { 0, 0 });

For that to work I only need two things BUT I don't see the packets going back and forth >.< This is how the current button one is and works but I want to be able to see the data in the gui somewhere kind of like how CHROME works at the top right or something.

Code:

 private void button1_Click(object sender, EventArgs e)
        {
            COClient client = new COClient();
            client.Start();
        }

Also found I couldn't get this to work but I probably have to use CE to find the addresses and stuff right?

Code:

        private void selectChar_SelectedIndexChanged(object sender, EventArgs e)
        {
                var role = selectChar.SelectedItem as GameUser1;
                if (role != null)
                    selectedChar = role;
        }

ruievmonteiro · 05/04/2012, 14:58

Quote:
Originally Posted by denominator
Yup I know what you mean P4N and yeah the process still runs but silently I guess you could call it?

Regardless the thing I was looking at just hides the stupid console any way lol.

Clientless as in CHROME bot for example.

I got this running as a GUI BUT I have no real idea how to show the packets unlike in the console. I mean with the console you just click and it opens the Conquer.exe and then you can see the packets etc in the console but I don't like using console and prefer to use a GUI so how would I add this to the GUI and in what would I add it to? I mean like a listbox or gridview or what?
Code:
private void button1_Click(object sender, EventArgs e)
        {
            COClient client = new COClient();
            client.Detached += (delegate()
            {
                Console.WriteLine("Client with process Id " + client.ProcessId + " detached");
            });


            client.PacketSent += (delegate(byte[] packet)
            {
                Console.WriteLine("SENT: " + BitConverter.ToString(packet).Replace("-", " "));
            });

            client.PacketReceived += (delegate(byte[] packet)
            {
                Console.WriteLine("RECV: " + BitConverter.ToString(packet).Replace("-", " "));
            });
            client.Start();
            

            Console.Read();

            client.SendPacket(new byte[] { 0, 0 });
For that to work I only need two things BUT I don't see the packets going back and forth >.< This is how the current button one is and works but I want to be able to see the data in the gui somewhere kind of like how CHROME works at the top right or something.
Code:
 private void button1_Click(object sender, EventArgs e)
        {
            COClient client = new COClient();
            client.Start();
        }
Also found I couldn't get this to work but I probably have to use CE to find the addresses and stuff right?
Code:
        private void selectChar_SelectedIndexChanged(object sender, EventArgs e)
        {
                var role = selectChar.SelectedItem as GameUser1;
                if (role != null)
                    selectedChar = role;
        }

See the code of the IAmHawtness first Hooking library. The example has a Working GUI with the old Lib. Just see how it works or try to learn how to program.

Code:

 private void button1_Click(object sender, EventArgs e)
        {
            COClient client = new COClient();
            client.Start();
        }

By doing this you're losing the client. You have to add it to a list or something like that to be able to acess its members after the private void button1_Click function.

denominator · 05/08/2012, 20:38

So something like this? I am still studying it all >.<

~~IAmHawtness~~ · 05/10/2012, 22:16

Update:

HookingV2

Fixed a potential stack overflow bug in the read/write process memory methods
Changed visibility of the GetRemoteProcedureAddress in the HookedProcess class

ConquerTestBot
Very sloppy bot with GUI, rushed it in two days so it's not very well structured, it has a horrible design (both GUI and code wise), but the whole point of it is really just to show what you can do using the hooking framework.

denominator · 05/11/2012, 02:18

Do you use olly or CE to find mapinfopointer and what do you search for to find it o.0?

OELABOELA · 05/14/2012, 12:32

I might jump back into hacking conquer bussiness. This really makes me go and try to create some bot..

tariqx111 · 05/18/2012, 23:27

Good Thank You , but what about attach exists client ?.

~~IAmHawtness~~ · 05/18/2012, 23:46

Quote:

Originally Posted by tariqx111

Good Thank You , but what about attach exists client ?.

I didn't really include that, but hey, you could just download the source and add it

tariqx111 · 05/19/2012, 00:45

Quote:

Originally Posted by IAmHawtness

I didn't really include that, but hey, you could just download the source and add it

ok

, im try to add it but fails

xmen01235 · 05/19/2012, 11:01

Quote:

Originally Posted by IAmHawtness

Because I found the addresses using olly

I had been loving your library since the game encryption become private. But I will still lost when everytime TQ change the address specially this last update. I am not really good in assembly and it is really a pain in my eyes to understand those things. The old address was easy for me to look based only on the landmark but the latest changes, I am so clueless because the landmark was changed dramatically.

I will appreciate if you can give me at least a link on how to do this memory things.

phize · 05/19/2012, 13:19

How about you go read some tutorials on assembly/reverse engineering instead of expecting to get spoonfed?

stickray · 05/29/2012, 15:53

Eww just found this awesome post, and now it isnt workin for Patch 5607

My reversing skills arent enough to fix this, saddly. I hope if you have the time, you can maybe patch this.

Thanks anyway Sir, its a great Code for a Bot Basis.

Belth · 05/30/2012, 22:57

5609 Addresses:
SendPacketFunction = 0x6C8F56
ReceiveLoop = 0x6C9833

This is how I find the addresses:

Recv Loop
1. Search all referenced text strings for "catch error in process msg" without quotes.
2. Trace back until I find "TEST EAX, EAX" followed by "JNZ SHORT <ADDRESS>".

Send Packet Function
1. Search for the binary string "55 8D AC 24 FC DF FF FF B8 04 20 00 00".

Removing the "You can't jump that far." message
1. Search for the constant 186C0.
2. Trace back to the first "JLE <ADDRESS>" command.
3. Replace JLE (7E) with JMP (EB).
*Note: doing this also means that you can attempt to jump further than the server allows (which will disconnect you) so you should validate all jump packets from the client.

Lock client at 60 FPs
1. Search all intermodular calls for Kernel32.Sleep.
2. Trace back and find ADD ECX, 19.
3. Trace back and find LEA EDX, DWORD PTR DS:[ECX+19].
4. Change 19 to another value. The lower the value the higher the FPS and the reverse is true. I use a value of 10 for 60 FPS.

Yes it's very rudimentary as I am as much a noob at this as anyone.

KraHen · 05/31/2012, 18:46

Wow I never realized it was this simple. I guess I`ll start fiddling around with this then.