[Release]INT Hack Example

[Verdacht]

You dont get blocked when u buy g70 bow from npc?

[strik3r2k5]

you cant buy it, because the sell price is 0.

[Verdacht]

Hey bloodX i managed to create the proxy dll by thiesius guide. i succeeded in finishing step 2. So next step is coping your php code into the project? How i do this, i dont understand the 3d step in thiesius guide

[strik3r2k5]

:s lern erst einmal die C++ Grundlagen bevor du dich an sowas machst
Denke mal wenn man das Tut. nicht checkt, hat der Rest nicht grad viel Sinn.

[DrogenViech]

Quote:

Originally Posted by RunzelEier

bluberkaka, da ist kein asm drin -.-

Code:

int (__stdcall *DetourRecv)(SOCKET Socket, char *Buffer, int Length, int Flags);
__declspec(naked) int __cdecl SendPacket (BYTE bHeader , LPCSTR szFormat , ... ){
    __asm{
        push ebp
            mov ebp, esp
            sub esp, 18h
    }
    __asm{JMP dwSendBack};
}

[Verdacht]

You have to copy paste the php it into d3dx9_29.cpp? What about the current code which is in the cpp. And wehere do i copy paste? Under the last line of the existing php code.

And then i finish with build?

I tried this but i get orro anyway that it cannot find the def file. I dont know why because its in the proxydll folder. Ive put this in the Linker outputfile: $(OutDir)\$(Exports_Def).def

This correct?

[RunzelEier]

Quote:

Originally Posted by strik3r2k5

:s lern erst einmal die C++ Grundlagen bevor du dich an sowas machst
Denke mal wenn man das Tut. nicht checkt, hat der Rest nicht grad viel Sinn.

thats how it was and thats how it is.

btw das steht auch in thiseus tutorial

[Verdacht]

Switch to Linker/Input and Module definition file will be Exports_Def.def. Save the properties and return to the project. here si were i think i maybe did wrong:

Above is the intstruction and this i did in Linker tab: Linker outputfile: $(OutDir)\$(Exports_Def).def

I am trying to get this right. I am learning alrdy but the video tuturials in youtube are not rlly helping.

Maybe anyone can make vido tutorial of thiesius guide?

[RunzelEier]

there are better resources than youtube!
but why this "$(OutDir)\$(Exports_Def).def"?

simply "Exports_Def.def"

[Verdacht]

oh it said $(OutDir)\$(ProjectName).dll as standard option so i presumed it should be replaced this way but just Exports_Def.def then

This is the code of d3dx9_29.cpp (the file which i added to sources, described like in thiesius guide) :

Quote:

#include <windows.h>
#pragma pack(1)


HINSTANCE hLThis = 0;
HINSTANCE hL = 0;
FARPROC p[332] = {0};

#include <WinSock2.h>
#include "detours.h"
#include <Windows.h>
#include <iostream>
#include <io.h>
#include <fcntl.h>


#pragma comment(lib, "detours.lib")
#pragma comment(lib, "ws2_32.lib")

#pragma pack(push, 1)

void InitConsole() {
AllocConsole();

int HandleIn = _open_osfhandle((long)GetStdHandle(STD_INPUT_HANDL E), _O_TEXT);
int HandleOut = _open_osfhandle((long)GetStdHandle(STD_OUTPUT_HAND LE), _O_TEXT);

FILE *In = _fdopen(HandleIn, "r");
FILE *Out = _fdopen(HandleOut, "w");

*stdin = *In;
*stdout = *Out;

SetConsoleTitleA("KalOnline Reloaded 2011.....");
}
bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask )
return false;
return (*szMask) == NULL;
}

DWORD dwFindPattern(DWORD dwAddress,DWORD dwLen, BYTE *bMask, char * szMask) {
for(DWORD i=0;i<dwLen;i++)
if( bDataCompare( (BYTE*)( dwAddress+i ),bMask,szMask) )
return (DWORD)(dwAddress+i);
return NULL;
}

DWORD dwFakeSend = dwFindPattern(0x401000,0x2bc000,(BYTE*)"\x55\x8B\x EC\x83\xEC\x18\x83\x3D\x00\x00\x00\x00\x00\x00\x00 \x33\xC0","xxxxxxxx???????xx");
DWORD dwRealSendNoCrypt = dwFindPattern(dwFakeSend+1,0x2bc000,(BYTE*)"\x55\x 8B\xEC\x83\xEC\x18\x83\x3D\x00\x00\x00\x00\x00\x00 \x00\x33\xC0","xxxxxxxx???????xx");
DWORD dwSendBack = dwRealSendNoCrypt+0x06;


int (__stdcall *DetourRecv)(SOCKET Socket, char *Buffer, int Length, int Flags);
__declspec(naked) int __cdecl SendPacket (BYTE bHeader , LPCSTR szFormat , ... ){
__asm{
push ebp
mov ebp, esp
sub esp, 18h
}
__asm{JMP dwSendBack};
}


void PlayerAppear(char *szBuffer){
// --- --- ---
}
void MonsterAppear(char *szBuffer){
DWORD dwMonsterIID = *(DWORD*)&szBuffer[5];
int imX = *(DWORD*)&szBuffer[9];
int imY = *(DWORD*)&szBuffer[13];
}
void Item(char *szBuffer){
DWORD dwIID = *(DWORD*)&szBuffer[5];
int iX = *(DWORD*)&szBuffer[5+4];
int iY = *(DWORD*)&szBuffer[5+4+4];
SendPacket(0x1D,"ddd",dwIID,iX/32,iY/32);
}
void MonsterDie(char *szBuffer){
DWORD dwMonsterBehade = *(DWORD*)&szBuffer[3];
SendPacket(0x0D,"bbd",1,1,dwMonsterBehade);
}

void MyRecv(char *szBuffer, int iLength) {
switch(szBuffer[2])
{
case 0x32://Player Appear
PlayerAppear(szBuffer);
break;
case 0x33://Monster Appear
MonsterAppear(szBuffer);
break;
case 0x36://Item Drop
Item(szBuffer);
break;
case 0x3d://Mob Died
MonsterDie(szBuffer);
break;
default:
int iSize = *(int*)&szBuffer[2];
for(int iPack=0;iPack<=iSize,iPack++
{
std::wcout << "%02x " << (BYTE)szBuffer[iPack] << std::endl;
}
std::wcout << "\n" << std::endl;
break;
}
}
/***********************************
Credits to .....?! I don't know o.O
************************************/
int ASyncPos = 0;
int FinalSize = 0;
int WINAPI FilterRecv(SOCKET Socket,char *Buffer, int iLength, int iFlags)
{
if (ASyncPos==FinalSize && FinalSize>0)
...

Do i have to paste the php code of bloddx in here and build it then?

I got stuck at thiesius guide at this part:

Quote:

3] [Creating Cheat]
1] Project Setup
Now create new empty dll project in the Visual Studio and add existing item into source, d3dx9_29.cpp . You can name that project with whatever name, but if you are not experienced, then I recommend naming it d3dx9_29. Now right-click on project and select Properties. First of all, although it’s not really necessary, change the character set to multi-byte, as I don’t want to read cry posts about “My compiler gives me error about strings”. Switch to Linker/Input and Module definition file will be Exports_Def.def. Save the properties and return to the project.

Code:
#include <windows.h>
#pragma pack(1)


HINSTANCE hLThis = 0;
HINSTANCE hL = 0;
FARPROC p[332] = {0};

BOOL WINAPI DllMain(HINSTANCE hInst,DWORD reason,LPVOID)
{
if (reason == DLL_PROCESS_ATTACH)
{
hLThis = hInst;
hL = LoadLibrary(".\\d3dx9_29_.dll");
if (!hL) return false;


p[0] = GetProcAddress(hL,"D3DXAssembleShader");
p[1] = GetProcAddress(hL,"D3DXAssembleShaderFromFileA");
p[2] = GetProcAddress(hL,"D3DXAssembleShaderFromFileW");
p[3] = GetProcAddress(hL,"D3DXAssembleShaderFromResourceA ");
p[4] = GetProcAddress(hL,"D3DXAssembleShaderFromResourceW ");
p[5] = GetProcAddress(hL,"D3DXBoxBoundProbe");
p[6] = GetProcAddress(hL,"D3DXCheckCubeTextureRequirement s");
p[7] = GetProcAddress(hL,"D3DXCheckTextureRequirements");

……Notice LoadLibrary(".\\d3dx9_29_.dll");
It may contain other name which you specified when we was creating proxy-dll skeleton (Like “BadAss-Lib.dll”).
Short explain: You can see main function of dll. On initialization the original library is loaded and all original function addresses are obtained. Read more at: GetProcAddress Function (Windows)

The green part is the last part i understand. But the red part where you see this code and the information i get is rlly not clear. Anyone can help me further in this?

Thx for all help i alrdy got.

[meak1]

I reopen my Multiclient again soon i think

Extras:Autopick+behead target+autologin+speed
if u wanna more features pm me =/

Edit:i think its time to close =/, it helps enough that he released.

Tipp: not just copy&paste u need to learn by urself, not discuss on this thread how copy&paste on the right way, stop now lol.

[strik3r2k5]

Ok, gib mir Tipp was sich geändert hat um Multiclient zum laufen zu bringen

[Verdacht]

Quote:

3] [Creating Cheat]
1] Project Setup
Now create new empty dll project in the Visual Studio and add existing item into source, d3dx9_29.cpp . You can name that project with whatever name, but if you are not experienced, then I recommend naming it d3dx9_29. Now right-click on project and select Properties. First of all, although it’s not really necessary, change the character set to multi-byte, as I don’t want to read cry posts about “My compiler gives me error about strings”. Switch to Linker/Input and Module definition file will be Exports_Def.def. Save the properties and return to the project.
Code:
#include <windows.h>
#pragma pack(1)


HINSTANCE hLThis = 0;
HINSTANCE hL = 0;
FARPROC p[332] = {0};

BOOL WINAPI DllMain(HINSTANCE hInst,DWORD reason,LPVOID)
{
if (reason == DLL_PROCESS_ATTACH)
{
hLThis = hInst;
hL = LoadLibrary(".\\d3dx9_29_.dll");
if (!hL) return false;


p[0] = GetProcAddress(hL,"D3DXAssembleShader");
p[1] = GetProcAddress(hL,"D3DXAssembleShaderFromFileA");
p[2] = GetProcAddress(hL,"D3DXAssembleShaderFromFileW");
p[3] = GetProcAddress(hL,"D3DXAssembleShaderFromResourceA ");
p[4] = GetProcAddress(hL,"D3DXAssembleShaderFromResourceW ");
p[5] = GetProcAddress(hL,"D3DXBoxBoundProbe");
p[6] = GetProcAddress(hL,"D3DXCheckCubeTextureRequirement s");
p[7] = GetProcAddress(hL,"D3DXCheckTextureRequirements");

……Notice LoadLibrary(".\\d3dx9_29_.dll");
It may contain other name which you specified when we was creating proxy-dll skeleton (Like “BadAss-Lib.dll”).
Short explain: You can see main function of dll. On initialization the original library is loaded and all original function addresses are obtained. Read more at: GetProcAddress Function (Windows)

I appreciate your releases meak but i try to create this 1 time myself. But i rlly need some advise. I have a full time job as prolly many have here but not at the it sector, but i have some brains to understand it if i could get some more info at the last steps.
If some people can help me how to fullfill the red part i be forever in your debt.

[meak1]

also an multiclient hat sich nix geändert eig.^^

Edit: @Verdacht jeah but learn by doing, we wanna that ppl learn.. Not source from the full dll

[Verdacht]

Meak you are absolutley right. But i learn it if i see it 1 time how its done. i have absolutely no studies in programming but still i am able to get this far without any background. I am too old to learn from 0. thats why i try to solve it step by step