coz of too much flaming, ill just tell the rest of epvpers,whom didnt understand yet, how to sniff/send packets...
First of all, im nor a pro, neither a newb, so pls dont flame anymore
Before beginning, download NetFramework 3.5 and Microsoft VC++ 2008 (maybe also Microsoft SDKs)
, here you get everything...
Then download in attached files the source (Its the one wich was posted by bloodx, so thanks to him and all the other people)
PACKET
A packet is an easy thing. In kal packets look like this :
For example, the ExecuteSkillPacket :
But this is not all ... it also has some more information, for example the stormpacket :
PHP Code:
0x10,"bdd",43,42133,34213
What it means? 43 stands for the Thunder Storm (mage-43, as far as i know)
the first number is the x-coordinate, the second is the y-coordinate,where u want to place the storm.
There are ofc lots of packet, wich I dont want to mention, so ill show you have to get or better to say, how to sniff the packet.
PACKET SNIFFING
Very very easy, you dont even have to do anything.
You downloaded Framework 3.5, VC++ and the attached source. Now open
KalHack VC++ Project. On the left side you see the header and source files ( Send.h, Recv.h, Stuff.h, dll.cpp )
Click on Send.h and look for this lines
PHP Code:
int Naked SendDetour(DWORD type,LPCSTR format,...)
{
__asm
{
push ebp
mov ebp, esp
sub esp, 14h
}
if (type == 0x02)
{
//(c) by ZeroTen
Intercept(INST_CALL,0x004F203D,0x0052E330,5);
}
//printf(SendText,type,format);
va_list args;
We only need the part
PHP Code:
//printf(SendText,type,format);
. Just delte the // before printf, so it look likes this
PHP Code:
printf(SendText,type,format);
. Also, to sniff the full information of the packet, u also have to go here :
PHP Code:
case 'b': //BYTE
temp=va_arg( args, BYTE);
//printf("%d %d \n",i+1,temp);
break;
case 'd': //DWORD
temp =(DWORD)va_arg( args, DWORD);
//printf(" %d: %d\n",i+1,temp);
if ((i==0)&&(type == 0x1a))
{
dropID = temp;
//printf("ItemID(Dropped): %d\n",dropID);
}
if(type == 0x41)
{
wearID = temp;
}
if(type == 0x42)
{
unwearID = temp;
}
if(type == 0x21)
{
useID = temp;
}
if(type == 0x1d)
{
mobdropID = temp;
}
break;
case 'w': //WORD
// printf(" %d: %d\n",i+1,(WORD)va_arg( args, DWORD));
break;
case 's': //STRING
something=va_arg( args, char*);
//printf(" %d: %s\n",i+1,something);
break;
case 'm':
//printf(" %d: %s\n",i+1,(DWORD)va_arg( args, DWORD));
break;
Also here, delete the //, but only if they are infront of printf!!
Why do we delete them?
// means, that the code wont be involved in your hack, that means, the // delete the code behind it.
What means printf?
printf(""); means, that something will be shown in the console, for example
printf("Hello");, now Hello will be written in your console.
After you did everything, on top of ur monitor is "Erstellen"(dunno how is called in english, its the 5th from the left), click on it and go on "KalHack neu erstellen" ( dunno in english, its the 5th from above ). Now hack getting created. If it looks like this :
PHP Code:
KalHack - 0 Fehler, 0 Warnung(en)
========== Alles neu erstellen: 1 erfolgreich, Fehler bei 0, 0 übersprungen ==========
Just look @ the Errors, if you got no error, its compiled, if not you have to look wich mistakes you made (if there are warnings, it doenst matter)
Now go to folder Debug or Release, where "winmm.dll" is. That is your hack and ur packet sniffer. Put it in your KalFolder and start Kal, a cmd should pop up. (if kal dont start, rename the dll for example hack.dll and inject it via injector, for example KLOAD)
Now ingame you see the packets. They look like above ( for example if u sit down :
PHP Code:
PACKET TYPE:0x1f FORMAT:b
Now under this, u also see :
That means that the BYTE (b; the one after FORMAT) is 0.
Storm packet
PHP Code:
PACKET TYPE:0x10 FORMAT:bdd
1:43
2:32141
3:24123
So you see, there are three information send (b,d,d). b is 43(thunder storm) and the other 2 numbers are x and y coordinates.
Voila, do whatever you want ingame and you see the packet in the cmd window
PACKET SENDING
Packet Sending is also very easy. Ill show you an example on bloodx hack :
dll.cpp
PHP Code:
if (strcmp(input,"D1") == 0)
{
printf("Dancehack Started\n");
dancehack=1;
}
Recv.h
PHP Code:
if (packet[2] == 0x32)
{
DWORD id;
memcpy((void*)&id,(void*)((DWORD)packet+3),4);
char name[255]={0};
memcpy((void*)&name,(void*)((DWORD)packet+7),16);
if (dancehack == 1)
{
int i;
for (i=0;i<6;i++)
{
SendDetour(0x3d,"db",id,14);
}
}
}
The first code from dll.cpp means, that if u write D1 into console, "Dancehack started" will be written in console and dancehack will be set on (dancehack=1). What happens now?
Because dancehack is now =1, that means its on, the prog jump the the second code (Recv.h).
"If packet=0x32" means, that if a player come in your rage, his player name and his id will be sniffed.
PHP Code:
int i;
for (i=0;i<6;i++)
{
This is just a loop, it means, the packet will be send 6 times (u can change the 6 to 100, so the packet will be sent 100 times)
Now you see "SendDetour(0x3d,"db",id,14);". SendDetour is our detour to send packets, and after it you see the packet and his information
Here it comes to packet sending.
Ill show u how to make your own hack.
We make a very very easy packet send, wich isnt even a hack.
You go to dll.cpp and write there
PHP Code:
if (strcmp(input,"packethack") == 0)
{
printf("Packet getting sent\n");
packethack=1;
}
Go to Recv.h and write there
PHP Code:
if (packethack == 1)
{
SendDetour(0x1f,"b",1);
}
Voila, go ingame and write into console "packethack" and your char will sit down
One more thing if u write your hacks :
If u want to send a packet, for example stormpacket, u have to declare the BYTEs and DWORDs.
It wont work like this :
PHP Code:
SendDetour(0x10,"bdd");
It have to look like this :
PHP Code:
SendDetour(0x10,"bdd",43,12321,24123);
So, for every "b" and "d" u have to give it "information".
Also, you do it like this :
PHP Code:
SendDetour(0x10,"bdd",43,xcoordinate,ycoordinate);
But now u think, what means xcoordinate and ycoordinate?
U have to give xcordiante and ycoordinate the information. This is easy too. A good method is to use the "scanf" method.
How u give xcoordinate and ycoordinates information?
Letz make a hack where you can storm with coordinates, that means you can storm wherever you want
dll.cpp
PHP Code:
if (strcmp(input,"setstorm") == 0)
{
printf("Enter X\n");
scanf("%d%*c",&xcoordinate);
printf("Enter Y\n");
scanf("%d%*c",&ycoordinate);
shack=1;
}
Here you see, if u write setstorm in console, then in console stands"Enter X".
Now, the hack wait for you, because scanf means, that you have to enter something. Here you should enter the x coordiante, where u want to storm.
For example, u enter 12345, now xcoordinate is 12345. Then u have to enter
the y coordinate and shack(our stormhack) will be set =1 and the prog jumps to this code:
PHP Code:
if (shack == 1)
{
int i;
for (i=0;i<10;i++)
{
SendDetour(0x10,"bdd",43,xcoordinate,ycoordinate);
}
}
Now u storm 10 times on to the coordinates u entered
ATTENTION: if you make things like "xcoordinate" or "ycoordinate", you have to declare them as a DWORD. Very easy. Just go to the top of dll.cpp and Recv.h and enter :
PHP Code:
DWORD xcoordinate;
DWORD ycoordinate;
Thats all from me, if u have questions feel free to ask
kann mir vllt einer den link geben=?
