/***********************************
Credits to .....?! I don't know o.O
************************************/
int ASyncPos = 0;
int FinalSize = 0;
int WINAPI FilterRecv(SOCKET Socket,char *Buffer, int iLength, int iFlags)
{
if (ASyncPos==FinalSize && FinalSize>0)
{
MyRecv(Buffer, ASyncPos);
ASyncPos = 0;
}
int RecvRET = DetourRecv(Socket, Buffer, iLength, iFlags);
if (RecvRET<0)
{
return RecvRET;
}
if (ASyncPos==0)
FinalSize = *((short int*) Buffer);
ASyncPos+=RecvRET;
return RecvRET;
}
That would be my "MagicRecv" :P
About receive:
Received packets are encrypted. Server sends data size first, then a packet with the data then an unknown packet (sometimes more).
int RecvRET = DetourRecv(Socket, Buffer, iLength, iFlags);
RecvRET returns < 0 (I believe -1) for the unknown packets.
Luckily for most people here, the decrypted packet is stored in the same memory as the encrypted packet (Encrypted data gets replaced by decrypted data).
My MagicRecv waits for the unknown packet to be received before the buffer gets analysed. This gives the kal client enough time to decrypt the received packet.
This way you get a small delay in packet handling, but... imho, it is the next best solution after decrypting the packet yourself
btw..
My original release of the code was:
PHP Code:
int ASyncPos=0;
int FinalSize=0;
int WINAPI __stdcall MyMagicRecv(SOCKET s, const unsigned char* buf, int len, int flags)
{
if (ASyncPos==FinalSize && FinalSize>0)
{
HandlePacket(buf, ASyncPos);
ASyncPos = 0;
}
int ret = OrigRecv(s,buf,len,flags);
if (ret<0)
{
return ret;
}
if (ASyncPos==0)
FinalSize = *((short int*) buf);
ASyncPos+=ret;
return ret;
}
I think the engine calls the recv twice. First time it specifies buffer length to 2, so the buffer receives only length. Then it does few size checks and calls the recv again for full packet.
To get your recv synchronized with send I would recommend (beside direct hook which is the most correct solution) to check for caller address and if you are supposed to get full packet then decrypt it manually. It's useful if you are generating AESKeys (So you don't have to change the source every week) and you don't want synchronize the sendcrypt with recv manually (It doesn't look very nice).
1st: Get first 2 bytes (= size of full packet)
2nd: Get content of packet
3rd: ret < 0 go start your packet handling
any other ret < 0 loops will be ignored until we get a ret=2 for the next start of a packet.
If you have your own decrypt, the principle works about the same.
1st ret>0 --> Toggle=0
2nd ret>=0 --> Toggle=1
Toggle=1 --> copy buffer, decrypt, handle packet
Did anyone come up with the mob-attack-packet yet? I made a bot and unfortunaly i have no direct send-hook so i can't take a look at what an regular left-click-attack-packet looks like
Mensch Leute, hackt doch nicht so auf den blutigen Anfängern rum D:
Ich sollte mir echt tutorials nehmen, statt alles durch learning by doing zu versuchen (das klappt naemlich wie's aussieht nur bei Lua).
Edit:
Weiss jemand wenigstens, ob die gepostete Source im ersten Post noch vernuenftig funktioniert? Falls ja, muss ich meinen kram wohl einfach neu anfangen
Release *Private Hack* Release -->XiaoIJJI Hack RiceBall included 11/14/2008 - GunZ - 8 Replies New Program Hack Work In IJJI Gunz Since 21 OCT 2008
Release - XiaoIJJI V1.0
Non-Crushing Hack =D
Hot Key
ALT+ L - LawnMower
+ M - Insane Massive
+ U - InsaneUpperCut
![[Release]INT Hack Example](https://www.elitepvpers.com/forum/iconimages/kal-hacks-bots-cheats-exploits/release-int-hack-example_ltr.gif){kind=small}
>.<
