|
You last visited: Today at 23:57
Advertisement
[Release/Guide] Bot
Discussion on [Release/Guide] Bot within the Kal Hacks, Bots, Cheats & Exploits forum part of the Kal Online category.
07/26/2011, 16:55
|
#16
|
elite*gold: 0 
Join Date: Jun 2006
Posts: 1,203
Received Thanks: 366
|
Quote:
Originally Posted by ciotobylo
could you make a teleport bot for private server with an attack hack+og and relase pls?
|
wtf is a teleport bot ? xD do it move from town to town, nonstop  ?
& what's "attack hack+og and relase pls"?
|
|
|
|
07/26/2011, 19:35
|
#17
|
elite*gold: 0
Join Date: Oct 2007
Posts: 1,255
Received Thanks: 200
|
ich hab mich jetzt noch nich so extrem mit beschäftigt aber ich bin mir nich sicher wie ich das mit der anzahl der LAs machen soll wenn ich als bsp nehme ich brauche 3 LAs damit das mob wirklich tod is müste das dann so in ewtwa aussehn oder bin ich total auf dem falschen weg? :
Code:
{
int i =1;
for (i=0; i<4; i++)
{
Count << i << endl;
ich glaub ich hab gerade richtige grütze produziert
|
|
|
|
|
07/26/2011, 19:51
|
#18
|
elite*gold: 0
Join Date: Jun 2006
Posts: 1,203
Received Thanks: 366
|
mach
int anzahl = 3;
for(int i = 0;i<anzahl;i++)
{
psend->attackskill(0x12,1,pRecv->Mob[KC->target].MID); //Nich zu genau auf das achten xD
}
|
|
|
|
|
07/26/2011, 20:08
|
#19
|
elite*gold: 0
Join Date: Oct 2007
Posts: 1,255
Received Thanks: 200
|
hmmm ich glaub am we werd ich mal den c++ wälzer auspacken und mich nochmals reinlesen. Ma schuan wie weit ich komme bevor ich den nerfenzusammenbruch kriege xD
|
|
|
|
|
07/26/2011, 20:19
|
#20
|
elite*gold: 0
Join Date: Jun 2006
Posts: 1,203
Received Thanks: 366
|
ahwas... ist ziemlich simpel was für int-kal zu machen... & wenn man sieht dass du es versuchst, wirste auch sicherlich hilfe bekommen..
|
|
|
|
|
07/26/2011, 22:00
|
#21
|
elite*gold: 0
Join Date: May 2008
Posts: 682
Received Thanks: 208
|
yap, die leute die ihre sachen selber machen, bekommen eig auch hilfe... nur die leute die was runterladen und einem dann damit aufn sack gehen sind sehr unbeliebt
|
|
|
|
|
07/27/2011, 03:58
|
#22
|
elite*gold: 42
Join Date: Jun 2008
Posts: 5,425
Received Thanks: 1,888
|
Quote:
Originally Posted by KillerExtreme
ich hab mich jetzt noch nich so extrem mit beschäftigt aber ich bin mir nich sicher wie ich das mit der anzahl der LAs machen soll wenn ich als bsp nehme ich brauche 3 LAs damit das mob wirklich tod is müste das dann so in ewtwa aussehn oder bin ich total auf dem falschen weg? :
Code:
{
int i =1;
for (i=0; i<4; i++)
{
Count << i << endl;
ich glaub ich hab gerade richtige grütze produziert |
Code:
SendPacket(0x0D,"bbd",18,1,attacker);
SendPacket(0x0D,"bbd",18,1,attacker);
SendPacket(0x0D,"bbd",18,1,attacker);
|
|
|
|
|
07/27/2011, 12:13
|
#23
|
elite*gold: 0
Join Date: Oct 2007
Posts: 1,255
Received Thanks: 200
|
hab mal ne frage um rings belts usw in revis zu verballern muss man da nicht zum npc hin laufen oder hat der npc mal keine range begrenzung?
wenn ich speedhack in die dll reinnehmen will leuft das am besten über nin pointer oder?
|
|
|
|
|
07/27/2011, 12:43
|
#24
|
elite*gold: 42
Join Date: Jun 2008
Posts: 5,425
Received Thanks: 1,888
|
Quote:
Originally Posted by KillerExtreme
hab mal ne frage um rings belts usw in revis zu verballern muss man da nicht zum npc hin laufen oder hat der npc mal keine range begrenzung?
wenn ich speedhack in die dll reinnehmen will leuft das am besten über nin pointer oder?
|
1. Nö, geht überall
2. Meak hat afaik iwo die pattern gepostet.
|
|
|
|
|
07/27/2011, 12:56
|
#25
|
elite*gold: 0
Join Date: Dec 2010
Posts: 1,196
Received Thanks: 682
|
das päcket für revis wurde hier mal gepostet.
ich glaub von katze, bin mir aber nicht sicher
|
|
|
|
|
07/27/2011, 15:52
|
#26
|
elite*gold: 0
Join Date: Feb 2008
Posts: 1,105
Received Thanks: 186
|
Quote:
on recv packet 0x07
if((ItemID >= 205) && (ItemID <= 207))
{
SendPacket(0x51,"bd",0,ID);
printf("Trinket/Ring/Belt made to Stone of Revision!\n");
}
|
here u are
|
|
|
|
|
07/27/2011, 19:21
|
#27
|
elite*gold: 220
Join Date: Jun 2007
Posts: 3,768
Received Thanks: 1,126
|
ja im main thread i-wann mal aber hat kein interessiert der base+speed pattern^^
|
|
|
|
|
07/27/2011, 19:31
|
#28
|
elite*gold: 0
Join Date: Oct 2007
Posts: 1,255
Received Thanks: 200
|
naja egal xD ich werd ma schaun is eh nur nin kleines extra erstmal will ich auf die reihe kriegen alles was hir steht zum laufen zu kriegen 
|
|
|
|
|
07/27/2011, 20:00
|
#29
|
elite*gold: 42
Join Date: Jun 2008
Posts: 5,425
Received Thanks: 1,888
|
Quote:
Originally Posted by RunzelEier
das päcket für revis wurde hier mal gepostet.
ich glaub von katze, bin mir aber nicht sicher
|
Es steht sogar in meinem text drin ;o
|
|
|
|
|
07/31/2011, 11:06
|
#30
|
elite*gold: 55
Join Date: Mar 2006
Posts: 4,582
Received Thanks: 1,539
|
Brauch ich glaub nicht viel zu sagen, kleine Zusammenstellung von den Sachen die gepostet wurden.
Exports.def
Code:
EXPORTS
DirectSoundCaptureCreate=__E__0__ @6
DirectSoundCaptureCreate8=__E__1__ @12
DirectSoundCaptureEnumerateA=__E__2__ @7
DirectSoundCaptureEnumerateW=__E__3__ @8
DirectSoundCreate=__E__4__ @1
DirectSoundCreate8=__E__5__ @11
DirectSoundEnumerateA=__E__6__ @2
DirectSoundEnumerateW=__E__7__ @3
DirectSoundFullDuplexCreate=__E__8__ @10
DllCanUnloadNow=__E__9__ @4
DllGetClassObject=__E__10__ @5
GetDeviceID=__E__11__ @9
DllMain.cpp
Code:
#include <Windows.h>
#include <process.h>
FARPROC dsoundFunction[12] = {0};
HMODULE dsound_Orginal = (HMODULE)INVALID_HANDLE_VALUE;
HANDLE hMainThread = INVALID_HANDLE_VALUE;
unsigned int uiMainThreadID = 0;
extern unsigned int __stdcall MainThread(void * pParams);
BOOL APIENTRY DllMain(_In_ HANDLE _HDllHandle, _In_ DWORD _Reason, _In_opt_ LPVOID _Reserved)
{
switch(_Reason){
case DLL_PROCESS_ATTACH:
dsound_Orginal = LoadLibrary("dsound_.dll");
hMainThread = (HANDLE)_beginthreadex(NULL, 0, &MainThread, NULL, NULL, &uiMainThreadID);
dsoundFunction[0] = GetProcAddress(dsound_Orginal,"DirectSoundCaptureCreate");
dsoundFunction[1] = GetProcAddress(dsound_Orginal,"DirectSoundCaptureCreate8");
dsoundFunction[2] = GetProcAddress(dsound_Orginal,"DirectSoundCaptureEnumerateA");
dsoundFunction[3] = GetProcAddress(dsound_Orginal,"DirectSoundCaptureEnumerateW");
dsoundFunction[4] = GetProcAddress(dsound_Orginal,"DirectSoundCreate");
dsoundFunction[5] = GetProcAddress(dsound_Orginal,"DirectSoundCreate8");
dsoundFunction[6] = GetProcAddress(dsound_Orginal,"DirectSoundEnumerateA");
dsoundFunction[7] = GetProcAddress(dsound_Orginal,"DirectSoundEnumerateW");
dsoundFunction[8] = GetProcAddress(dsound_Orginal,"DirectSoundFullDuplexCreate");
dsoundFunction[9] = GetProcAddress(dsound_Orginal,"DllCanUnloadNow");
dsoundFunction[10] = GetProcAddress(dsound_Orginal,"DllGetClassObject");
dsoundFunction[11] = GetProcAddress(dsound_Orginal,"GetDeviceID");
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
// DirectSoundCaptureCreate
extern "C" __declspec(naked) void __stdcall __E__0__()
{
__asm
{
jmp dsoundFunction[0*4];
}
}
// DirectSoundCaptureCreate8
extern "C" __declspec(naked) void __stdcall __E__1__()
{
__asm
{
jmp dsoundFunction[1*4];
}
}
// DirectSoundCaptureEnumerateA
extern "C" __declspec(naked) void __stdcall __E__2__()
{
__asm
{
jmp dsoundFunction[2*4];
}
}
// DirectSoundCaptureEnumerateW
extern "C" __declspec(naked) void __stdcall __E__3__()
{
__asm
{
jmp dsoundFunction[3*4];
}
}
// DirectSoundCreate
extern "C" __declspec(naked) void __stdcall __E__4__()
{
__asm
{
jmp dsoundFunction[4*4];
}
}
// DirectSoundCreate8
extern "C" __declspec(naked) void __stdcall __E__5__()
{
__asm
{
jmp dsoundFunction[5*4];
}
}
// DirectSoundEnumerateA
extern "C" __declspec(naked) void __stdcall __E__6__()
{
__asm
{
jmp dsoundFunction[6*4];
}
}
// DirectSoundEnumerateW
extern "C" __declspec(naked) void __stdcall __E__7__()
{
__asm
{
jmp dsoundFunction[7*4];
}
}
// DirectSoundFullDuplexCreate
extern "C" __declspec(naked) void __stdcall __E__8__()
{
__asm
{
jmp dsoundFunction[8*4];
}
}
// DllCanUnloadNow
extern "C" __declspec(naked) void __stdcall __E__9__()
{
__asm
{
jmp dsoundFunction[9*4];
}
}
// DllGetClassObject
extern "C" __declspec(naked) void __stdcall __E__10__()
{
__asm
{
jmp dsoundFunction[10*4];
}
}
// GetDeviceID
extern "C" __declspec(naked) void __stdcall __E__11__()
{
__asm
{
jmp dsoundFunction[11*4];
}
}
Main.cpp
Code:
#include "main.h"
extern HANDLE hMainThread;
extern int (__stdcall *DetourRecv)(SOCKET Socket,char *Buffer, int Length, int Flags);
extern int __stdcall FilterRecv(SOCKET Socket,char *Buffer, int iLength, int iFlags);
extern int engineSend(BYTE Header,LPCSTR szFormat,...);
extern DWORD __stdcall DebugConsole(LPVOID*);
unsigned int __stdcall MainThread(void * pParams)
{
AllocConsole();
int HandleIn = _open_osfhandle((long)GetStdHandle(STD_INPUT_HANDLE), _O_TEXT);
int HandleOut = _open_osfhandle((long)GetStdHandle(STD_OUTPUT_HANDLE), _O_TEXT);
FILE *In = _fdopen(HandleIn, "r");
FILE *Out = _fdopen(HandleOut, "w");
*stdin = *In;
*stdout = *Out;
SetConsoleTitle("Debug Console");
DetourRecv = (int (__stdcall *)(SOCKET, char *, int, int))DetourFunction((PBYTE)recv,(PBYTE)FilterRecv);
CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)DebugConsole,NULL,NULL,0);
CloseHandle(hMainThread);
_endthreadex(0);
return NULL;
}
DWORD _stdcall DebugConsole(LPVOID*){
char szDebugHandle[255]={0};
while(true){
std::cin >> szDebugHandle;
if(strcmp(szDebugHandle,"test") == 0)
{
}
}
return NULL;
}
Main.h
Code:
#ifndef MAIN_H
#define MAIN_H
#include <WinSock2.h>
#include <detours.h>
#include <Windows.h>
#include <iostream>
#include <io.h>
#include <fcntl.h>
#include <process.h>
#include <math.h>
#include <stdio.h>
#pragma comment(lib, "detours.lib")
#pragma comment(lib, "ws2_32.lib")
#define INST_NOP 0x90
#define INST_CALL 0xe8
#define INST_JMP 0xe9
#define INST_BYTE 0x00
#define SHORT_JZ 0x74
#define orange 16594
#define lightblue 15073034
#define violett 12615808
#define green 32768
#define pink 16751615
#define blue 15453831
#define red 255
#endif MAIN_H
send.cpp
Code:
#include "main.h"
extern DWORD dwFindPattern(DWORD dwAddress,DWORD dwLen, BYTE *bMask, char * szMask);
DWORD dwEngineSendA = dwFindPattern(0x401000,0x2bc000,(BYTE*)"\x55\x8B\xEC\x83\xEC\x18\x83\x3D\x00\x00\x00\x00\x00\x00\x00\x33\xC0","xxxxxxxx???????xx");
DWORD dwEngineSendB = dwFindPattern(dwEngineSendA+1,0x2bc000,(BYTE*)"\x55\x8B\xEC\x83\xEC\x18\x83\x3D\x00\x00\x00\x00\x00\x00\x00\x33\xC0","xxxxxxxx???????xx");
DWORD dwEngineBack = dwEngineSendB + 0x06;
__declspec( naked ) int engineSend(BYTE Header,LPCSTR szFormat,...){
__asm push ebp;
__asm mov ebp, esp;
__asm sub esp, 18h;
__asm jmp dwEngineBack;
}
recv.cpp
Code:
#include "main.h"
int (__stdcall *DetourRecv)(SOCKET Socket, char *Buffer, int Length, int Flags);
extern int engineSend(BYTE Header,LPCSTR szFormat,...);
extern void KalChat(int color,char* mFormat,...);
/*
WORD size;
memcpy((void*)&size,(void*)((DWORD)szBuffer),2);
int i;
{
for (i=0;i<=size;i++)
{
printf("%02x ",(BYTE)szBuffer[i]);
}
printf("\n\n");
break;
*/
enum Packets {PlayerAppear=0x32,
MonsterAppear=0x33,
Item=0x36,
MonsterAni=0x3d,
FirstPacket=0x2a};
struct Items
{
DWORD dwItemID;
DWORD AchseX;
DWORD AchseY;
}Itemx;
struct Monsters
{
DWORD dwMonsterUID;
DWORD dwMonsterUIDx;
DWORD dwMonsterX;
DWORD dwMonsterY;
}Monster;
void MyRecv(char* szBuffer,int iLenght)
{
/*WORD size;
memcpy((void*)&size,(void*)((DWORD)szBuffer),2);
int i;
for (i=0;i<=size;i++)
{
printf("%02x ",(BYTE)szBuffer[i]);
}
printf("\n\n");
*/
switch(szBuffer[2])
{
case FirstPacket:
/*
Send Login?!
*/
break;
case PlayerAppear:
break;
case Item:
Itemx.dwItemID = *(DWORD*)&szBuffer[5];
Itemx.AchseX = *(DWORD*)&szBuffer[5+4];
Itemx.AchseY = *(DWORD*)&szBuffer[5+4+4];
engineSend(0x1D,"ddd",Itemx.dwItemID,Itemx.AchseX/32,Itemx.AchseY/32);
break;
case MonsterAppear:
break;
case MonsterAni:
Monster.dwMonsterUID = *(DWORD*)&szBuffer[3];
engineSend(0x0D,"bbd",1,1,Monster.dwMonsterUID);
break;
}
}
/*
Thanks to ILikeItEasy
*/
int ASyncPos = 0;
int FinalSize = 0;
int __stdcall FilterRecv(SOCKET Socket,char *Buffer, int iLength, int iFlags)
{
if (ASyncPos==FinalSize && FinalSize>0)
{
MyRecv(Buffer, ASyncPos);
ASyncPos = 0;
}
int RecvRET = DetourRecv(Socket, Buffer, iLength, iFlags);
if (RecvRET<0)
{
return RecvRET;
}
if (ASyncPos==0)
FinalSize = *((short int*) Buffer);
ASyncPos+=RecvRET;
return RecvRET;
}
Functions.cpp
Code:
#include "main.h"
bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask )
return false;
return (*szMask) == NULL;
}
DWORD dwFindPattern(DWORD dwAddress,DWORD dwLen, BYTE *bMask, char * szMask) {
for(DWORD i=0;i<dwLen;i++)
if( bDataCompare( (BYTE*)( dwAddress+i ),bMask,szMask) )
return (DWORD)(dwAddress+i);
return NULL;
}
LPVOID MemcpyEx(DWORD lpDest, DWORD lpSource, int len)
{
DWORD oldSourceProt,oldDestProt=0;
VirtualProtect((LPVOID)lpSource,len,PAGE_EXECUTE_READWRITE,&oldSourceProt);
VirtualProtect((LPVOID)lpDest,len,PAGE_EXECUTE_READWRITE,&oldDestProt);
memcpy((void*)lpDest,(void*)lpSource,len);
VirtualProtect((LPVOID)lpDest,len,oldDestProt,&oldDestProt);
VirtualProtect((LPVOID)lpSource,len,oldSourceProt,&oldSourceProt);
return (LPVOID)lpDest;
};
DWORD Intercept(int instruction, DWORD lpSource, DWORD lpDest, int len)
{
DWORD realtarget;
LPBYTE buffer = new BYTE[len];
memset(buffer,0x90,len);
if (instruction != INST_NOP && len >= 5)
{
buffer[(len-5)] = instruction;
DWORD dwJMP = (DWORD)lpDest - (lpSource + 5 + (len-5));
memcpy(&realtarget,(void*)(lpSource+1),4);
realtarget = realtarget+lpSource+5;
memcpy(buffer + 1 + (len-5),&dwJMP,4);
}
if (instruction == SHORT_JZ)
{
buffer[0]=instruction;
buffer[1]=(BYTE)lpDest;
}
if (instruction == INST_BYTE)
{
buffer[0]=(BYTE)lpDest;
}
MemcpyEx(lpSource, (DWORD) buffer, len);// Call to intercept
delete[] buffer;
return realtarget;
}
/*
Thanks to Syntex (:
*/
typedef int (__cdecl * Chat_org)(char, char*, int);
BYTE pChat[] = {0x55,0x8B,0xEC,0x83,0x3D,0x48,0x2B,0x86,0x00,0x00,0x74,0x17,0x8B,0x45,0x10,0x50}; // pattern //
char * mChat = "xxx????????xxxx"; // mask //
unsigned long Chat_add = dwFindPattern( 0x00400000,0x00700000,pChat,mChat);
void KalChat(int color,char* mFormat,...){
char* mText = new char[255];
va_list args;
va_start(args, mFormat);
vsprintf_s(mText,255,mFormat,args);
va_end(args);
((Chat_org)Chat_add)(0,mText,color);
}
|
|
|
|
Similar Threads
|
[RELEASE] Crazy Tao Guide and Release with working server programs and database
07/08/2020 - Private Server - 143 Replies
TOO MUCH SPAM AND TOO MUCH MESSAGES. PLEASE LOCK TOPIC.
THANKS GUYS AND HAVE A NICE DAY :D
Check Links Below For Information on Current Status Of Crazy Tao Server
|
[Release]Best Guide ever!
01/13/2009 - CO2 PServer Guides & Releases - 9 Replies
Greatest Guide Ever
What you need:
A Brain
A Finger
Steps:
|
[GUIDE] Item Filter Guide | Cabal Crafting & Dungeon Guide by Dewa Gempak.
06/15/2008 - Cabal Guides & Templates - 5 Replies
Since its his work, just SHARING it here, i just gonna link his URL from his work. because i dont like copy and pasting other ppl's guides:
http://119.110.98.150:90/ipb/index.php?showtopic= 1145
Q#1: Does it work with CabalRider (PH)?
A#1: Yes, it works, i tried it personally myself.
Q#2: I'm too dumb to understand it, how to make it work.
A#2: Try reading it again and again, if u still don't know how, don't use it then sleep.gif
|
All times are GMT +1. The time now is 23:57.
|
|
![[Release/Guide] Bot](https://www.elitepvpers.com/forum/iconimages/kal-hacks-bots-cheats-exploits/release-guide-bot_ltr.gif){kind=small}
