|
You last visited: Today at 01:51
Advertisement
[Release] KalClient Hookbase (Int+Ps)
Discussion on [Release] KalClient Hookbase (Int+Ps) within the Kal Hacks, Bots, Cheats & Exploits forum part of the Kal Online category.
01/13/2011, 19:13
|
#1
|
elite*gold: 46
Join Date: Mar 2006
Posts: 2,589
Received Thanks: 1,198
|
[Release] KalClient Hookbase (Int+Ps)
Hello everyone
This Source is for learning purpose only. If you have any questions just write them down.
If you like to extend this source - please upload your changes and share with the community.
Have fun
Greetings:
ZeroTen
Kealy aka Sun
|
|
|
01/13/2011, 19:22
|
#2
|
elite*gold: 0
Join Date: Jan 2009
Posts: 915
Received Thanks: 134
|
i will check this out, thx
edit:
Code:
if(GetAsyncKeyState(VK_F3 & 1)) // HotKey F3
{
KalClient::Chat(lightblue," DWORD: %d - INT: %i - STRING: %s",25000,25,"STRING");
Sleep(500); // avoid keyspam
}
Also ich mag Sleep nicht soooo, wie wäre es mit:
Code:
if(GetAsyncKeyState(VK_F3 & 1)) // HotKey F3
{
KalClient::Chat(lightblue," DWORD: %d - INT: %i - STRING: %s",25000,25,"STRING");
while(GetAsyncKeyState(VK_F3)) // HotKey F3
{
}
}
:P
|
|
|
01/13/2011, 19:31
|
#3
|
elite*gold: 46
Join Date: Mar 2006
Posts: 2,589
Received Thanks: 1,198
|
ah its pretty clean written and easy to implenent in already excisting projects.
Currently it has Chat,Notice,Datopen ptr hook.
If anyone has wishes tell me and I add them. I might try to code a hackshield proof hook, dunno how they detect detours on normal funcs (maybe patternscan or return check who knows?)
@edit,
it was just for example (to execute the functions I hooked).
If we could hook Opendat for example I would like to do smth like that:
if("Login")
QuickSendHook(Login)
if("Login2")
QuickSendHook(Login2)
you could handle dat actions ingame with own functions, would be useful but hooks get detected thou hackshield (opcode check , or return check I dunno). I need more creativity on hooks ;p
|
|
|
01/13/2011, 21:12
|
#4
|
elite*gold: 0
Join Date: Aug 2007
Posts: 27
Received Thanks: 2
|
Nice Release michi!Didnt know u where releasing so soon
|
|
|
01/13/2011, 22:44
|
#5
|
elite*gold: 0
Join Date: Feb 2009
Posts: 256
Received Thanks: 474
|
HackShield-Scanner loads the memory and then creates CRC from it. If generatedCRC != correctCRC -> Notify engine message callback -> Memory manipulation detected -> Exit Process.
The CRC function is checked by Themida's Integrity check and probably even some kind of HackShield's self-integrity-check. Also altering engine callback is not good idea as you won't be able to respond to 0x03 packet.
As far I remember the CRC was generated from 0x1000 big memory chunks inside engine.exe (Including packet functions etc.).
Anyways -> good job on finding function calls.
#EDIT:
This is basically the output of hackshield if you are detected.
(ModName: engine.exe(00400000h) Addr:00573000h, 6364F81Bh != F9C775AAh)
[Addr] = Start address of checked region. So modification is probably between 00573000h and 00574000h in this example.
[n0 != n1] = CRC is not obviously matching
|
|
|
01/13/2011, 23:10
|
#6
|
elite*gold: 46
Join Date: Mar 2006
Posts: 2,589
Received Thanks: 1,198
|
Quote:
Originally Posted by Thiesius
HackShield-Scanner loads the memory and then creates CRC from it. If generatedCRC != correctCRC -> Notify engine message callback -> Memory manipulation detected -> Exit Process.
The CRC function is checked by Themida's Integrity check and probably even some kind of HackShield's self-integrity-check. Also altering engine callback is not good idea as you won't be able to respond to 0x03 packet.
As far I remember the CRC was generated from 0x1000 big memory chunks inside engine.exe (Including packet functions etc.).
Anyways -> good job on finding function calls.
#EDIT:
This is basically the output of hackshield if you are detected.
(ModName: engine.exe(00400000h) Addr:00573000h, 6364F81Bh != F9C775AAh)
[Addr] = Start address of checked region. So modification is probably between 00573000h and 00574000h in this example.
[n0 != n1] = CRC is not obviously matching
|
what about let it scan the real engine and use another one to work with?!
|
|
|
01/13/2011, 23:17
|
#7
|
elite*gold: 80
Join Date: Oct 2010
Posts: 2,238
Received Thanks: 1,271
|
syntex released was
Heutn' besonderer tag oder wat ;D
|
|
|
01/13/2011, 23:18
|
#8
|
elite*gold: 0
Join Date: Feb 2009
Posts: 256
Received Thanks: 474
|
I'm not sure what do you mean.
However my bypass was inline asm hook, that checked read location and if the Hackshield was just about to read the region I switched the pointer to original bytes (backup) instead modified and after that I switched the pointer back to engine. However the integrity check had to be cracked too.
But atm there are like 3 checks (or maybe more) that has to be modified (not easy stuff ofcourse -> Themida is not cheap protection)
|
|
|
01/13/2011, 23:27
|
#9
|
elite*gold: 46
Join Date: Mar 2006
Posts: 2,589
Received Thanks: 1,198
|
Quote:
Originally Posted by Thiesius
I'm not sure what do you mean.
However my bypass was inline asm hook, that checked read location and if the Hackshield was just about to read the region I switched the pointer to original bytes (backup) instead modified and after that I switched the pointer back to engine. However the integrity check had to be cracked too.
But atm there are like 3 checks (or maybe more) that has to be modified (not easy stuff ofcourse -> Themida is not cheap protection)
|
yea its alot of work finding those and crack them , not worth it while IAT/EAT hooks work without any issues
I dont need those hooks but they would be useful to have.
|
|
|
01/14/2011, 00:36
|
#10
|
elite*gold: 55
Join Date: Mar 2006
Posts: 4,582
Received Thanks: 1,537
|
hmmm Look's quit good... gogo make more :P
|
|
|
01/14/2011, 12:44
|
#11
|
elite*gold: 46
Join Date: Mar 2006
Posts: 2,589
Received Thanks: 1,198
|
I gonna add cooldown for skills when I find some sparetime
if you have more wishes I add them, im thinkin of adding quicksend and recv hook but dunno what you guys think... if you made something new just add it and reupp I will add it on first page.
|
|
|
01/14/2011, 13:47
|
#12
|
elite*gold: 0
Join Date: Feb 2008
Posts: 1,102
Received Thanks: 185
|
dude what happened to you? you sound like you're supporting leechers all sudden ^^^^ hehe
|
|
|
01/14/2011, 14:09
|
#13
|
elite*gold: 46
Join Date: Mar 2006
Posts: 2,589
Received Thanks: 1,198
|
its time to quit
it might be useful for newbies to start learning ..
|
|
|
01/14/2011, 14:41
|
#14
|
elite*gold: 0
Join Date: Jan 2009
Posts: 915
Received Thanks: 134
|
time to quit?
blocked? :P
|
|
|
01/14/2011, 14:42
|
#15
|
elite*gold: 55
Join Date: Mar 2006
Posts: 4,582
Received Thanks: 1,537
|
time to Release things ;D Let's **** up kal hehehehehehe :]
|
|
|
All times are GMT +2. The time now is 01:51.
|
|