[Release]INT Hack Example

[meak1]

jeah google solve it, why u not google create proxy dll c++ or so????

here is enough released now, now its ur turn

Edit: 1minute epvp search function >.<

[thekingisback]

so ... there isnt a dll file in ur forum Blood ... u mean about the Kalonlinehook.dll ?

[strik3r2k5]

Enough tuts for you.
If you still cant run this simple dll, then you should start with 0!

[Verdacht]

Thiesius tutorial appears on many forums like the link you just posted now. I did not found another tutorial with google yet.

[ILikeItEasy]

Quote:

PHP Code:

/***********************************
Credits to .....?! I don't know o.O
************************************/
int ASyncPos = 0;
int FinalSize = 0;
int WINAPI FilterRecv(SOCKET Socket,char *Buffer, int iLength, int iFlags)
{
        if (ASyncPos==FinalSize && FinalSize>0)
    {
        MyRecv(Buffer, ASyncPos);

        ASyncPos = 0;
    }
    int RecvRET = DetourRecv(Socket, Buffer, iLength, iFlags);
    if (RecvRET<0)
    {
        return RecvRET;
    }
    if (ASyncPos==0)
        FinalSize = *((short int*) Buffer);
    ASyncPos+=RecvRET;
    
    return RecvRET;
} 


That would be my "MagicRecv" :P

About receive:
Received packets are encrypted. Server sends data size first, then a packet with the data then an unknown packet (sometimes more).

int RecvRET = DetourRecv(Socket, Buffer, iLength, iFlags);
RecvRET returns < 0 (I believe -1) for the unknown packets.

Luckily for most people here, the decrypted packet is stored in the same memory as the encrypted packet (Encrypted data gets replaced by decrypted data).

My MagicRecv waits for the unknown packet to be received before the buffer gets analysed. This gives the kal client enough time to decrypt the received packet.

This way you get a small delay in packet handling, but... imho, it is the next best solution after decrypting the packet yourself


btw..
My original release of the code was:

PHP Code:

int ASyncPos=0;
int FinalSize=0;

int WINAPI __stdcall MyMagicRecv(SOCKET s, const unsigned char* buf, int len, int flags)
{

    if (ASyncPos==FinalSize && FinalSize>0)
    {
        HandlePacket(buf, ASyncPos);
        ASyncPos = 0;
    }
    int ret = OrigRecv(s,buf,len,flags);
    if (ret<0)
    {
        return ret;
    }
    if (ASyncPos==0)
        FinalSize = *((short int*) buf);
    ASyncPos+=ret;
    return ret;
} 


[Thiesius]

I think the engine calls the recv twice. First time it specifies buffer length to 2, so the buffer receives only length. Then it does few size checks and calls the recv again for full packet.

To get your recv synchronized with send I would recommend (beside direct hook which is the most correct solution) to check for caller address and if you are supposed to get full packet then decrypt it manually. It's useful if you are generating AESKeys (So you don't have to change the source every week) and you don't want synchronize the sendcrypt with recv manually (It doesn't look very nice).

[ILikeItEasy]

Yeah, recv gets size first, then data.

MagicRecv makes 3 loops to get the full packet

1st: Get first 2 bytes (= size of full packet)
2nd: Get content of packet
3rd: ret < 0 go start your packet handling
any other ret < 0 loops will be ignored until we get a ret=2 for the next start of a packet.

If you have your own decrypt, the principle works about the same.
1st ret>0 --> Toggle=0
2nd ret>=0 --> Toggle=1
Toggle=1 --> copy buffer, decrypt, handle packet

ret<0 ignore always

[DrogenViech]

Did anyone come up with the mob-attack-packet yet? I made a bot and unfortunaly i have no direct send-hook so i can't take a look at what an regular left-click-attack-packet looks like

[bloodx]

0x0C-bd-1-MonsterUID

[DrogenViech]

Quote:

Originally Posted by bloodx

0x0C-bd-1-MonsterUID

Oh gott! Danke

Oh ***, Thanks!

[DrogenViech]

Irgendwer 'ne Idee warum das, was ich gebastelt hab' alle paar Stunden crasht? Bekomme oefter auch einfach C/L

Edit:
Die Exception.dmp datei weist mich oefter auf folgende Zeile hin:

if (RecvRET < 0)

Scheint also irgendwas mit dem Receive hook zu tun zu haben.

[MoepMeep]

Quote:

Originally Posted by DrogenViech

Irgendwer 'ne Idee warum das, was ich gebastelt hab' alle paar Stunden crasht? Bekomme oefter auch einfach C/L

Edit:
Die Exception.dmp datei weist mich oefter auf folgende Zeile hin:

if (RecvRET < 0)

Scheint also irgendwas mit dem Receive hook zu tun zu haben.

Haste wohl scheiße zusammengebastelt :>

[meak1]

hm viell. hast du bei deinem "selber" gebasteltem zuviel c&p benutzt =/

[DrogenViech]

Mensch Leute, hackt doch nicht so auf den blutigen Anfängern rum D:
Ich sollte mir echt tutorials nehmen, statt alles durch learning by doing zu versuchen (das klappt naemlich wie's aussieht nur bei Lua).

Edit:
Weiss jemand wenigstens, ob die gepostete Source im ersten Post noch vernuenftig funktioniert? Falls ja, muss ich meinen kram wohl einfach neu anfangen

[MoepMeep]

Lass halt einfach 24Stunden das von Bloodx laufen, dann weißte es :>