|
You last visited: Today at 14:01
Advertisement
[SOURCE]HOW TO STOP STEAM BOT
Discussion on [SOURCE]HOW TO STOP STEAM BOT within the Kal Online forum part of the MMORPGs category.
08/30/2016, 20:27
|
#1
|
elite*gold: 0 
Join Date: Feb 2008
Posts: 20
Received Thanks: 3
|
[SOURCE]HOW TO STOP STEAM BOT
Hello guys i have been working on a solution to try and save the game from noobs with public code. I hope Inix can see this post and patch this cancer once and for all.
For the people that know what they are doing this is easy to bypass but if you post it publicly I will try my best to keep posting a patch.
Stop ruining the game spoon feeding noobs, if anyone want to support me please start posting fixes aswell.
Code:
BOOL X86DetectInterceptionEAT( HMODULE *lpModule ) {
PIMAGE_DOS_HEADER dwDos = reinterpret_cast< PIMAGE_DOS_HEADER >( lpModule[ 0 ] );
if( dwDos->e_magic == IMAGE_DOS_SIGNATURE ) {
PIMAGE_NT_HEADERS dwHeader = reinterpret_cast< PIMAGE_NT_HEADERS >( reinterpret_cast< DWORD >( dwDos ) +
dwDos->e_lfanew );
if( dwHeader->Signature == IMAGE_NT_SIGNATURE ) {
PIMAGE_EXPORT_DIRECTORY dwAddrOfDir = reinterpret_cast< PIMAGE_EXPORT_DIRECTORY >( ( reinterpret_cast< DWORD >( dwDos ) +
dwHeader->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ].VirtualAddress ) );
PDWORD dwAddrOfNames = reinterpret_cast< PDWORD >( reinterpret_cast< DWORD >( dwDos ) +
dwAddrOfDir->AddressOfNames );
PDWORD dwAddrOfFuncs = reinterpret_cast< PDWORD >( reinterpret_cast< DWORD >( dwDos ) +
dwAddrOfDir->AddressOfFunctions );
PWORD dwAddrOfOrdinals = reinterpret_cast< PWORD >( reinterpret_cast< DWORD >( dwDos ) +
dwAddrOfDir->AddressOfNameOrdinals );
for( DWORD dwEntry = 0; dwEntry < dwAddrOfDir->NumberOfFunctions; dwEntry++ ) {
if( dwAddrOfFuncs[ dwEntry ] ) {
DWORD dwAddress = reinterpret_cast< DWORD >( dwDos ) + dwAddrOfFuncs[ dwEntry ];
HMODULE dwRes = NULL;
if( GetModuleHandleExA( GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, reinterpret_cast< LPCSTR >( dwAddress ), &lpModule[ 4 ] ) ) {
if( lpModule[ 4 ] != lpModule[ 0 ] && lpModule[ 4 ] != lpModule[ 1 ] &&
lpModule[ 4 ] != lpModule[ 2 ] && lpModule[ 4 ] != lpModule[ 3 ] ) {
return TRUE;
}
}
}
}
}
}
return FALSE;
}
BOOL X86DetectInterceptionIAT( HMODULE lpModule ) {
PIMAGE_DOS_HEADER dwDos = reinterpret_cast< PIMAGE_DOS_HEADER >( lpModule );
if( dwDos->e_magic == IMAGE_DOS_SIGNATURE ) {
PIMAGE_NT_HEADERS dwHeader = reinterpret_cast< PIMAGE_NT_HEADERS >( reinterpret_cast< DWORD >( dwDos ) +
dwDos->e_lfanew );
if( dwHeader->Signature == IMAGE_NT_SIGNATURE ) {
PIMAGE_IMPORT_DESCRIPTOR dwAddrOfDir = reinterpret_cast< PIMAGE_IMPORT_DESCRIPTOR >( reinterpret_cast< DWORD >( dwDos ) +
dwHeader->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_IMPORT ].VirtualAddress );
while( dwAddrOfDir->Name ) {
HMODULE dwModule[ 5 ] = {
GetModuleHandleA( reinterpret_cast< PCHAR >( reinterpret_cast< DWORD >( dwDos ) + dwAddrOfDir->Name ) ),
//SYSTEM WIDE RESERVATION
GetModuleHandleA( "KERNEL32.DLL" ),
GetModuleHandleA( "USER32.DLL" ),
GetModuleHandleA( "NTDLL.DLL" ),
NULL
};
if( dwModule[ 0 ] ) {
if( X86DetectInterceptionEAT( dwModule ) ) { //DETECTED EAT HOOK FROM MODULES IN THE IMPORT TABLE
return TRUE;
}
PIMAGE_THUNK_DATA dwAddressOfThunk = reinterpret_cast< PIMAGE_THUNK_DATA >( reinterpret_cast< DWORD >( dwDos ) +
dwAddrOfDir->FirstThunk );
while( dwAddressOfThunk->u1.Function ) {
if( GetModuleHandleExA( GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, reinterpret_cast< LPCSTR >( dwAddressOfThunk->u1.Function ), &dwModule[ 4 ] ) ) {
if( dwModule[ 4 ] != dwModule[ 0 ] && dwModule[ 4 ] != dwModule[ 1 ] &&
dwModule[ 4 ] != dwModule[ 2 ] && dwModule[ 4 ] != dwModule[ 3 ] ) {
return TRUE;
}
}
dwAddressOfThunk++;
}
}
dwAddrOfDir++;
}
}
}
return FALSE;
}
//PUT THIS ON THE MAIN THREAD BEFORE RENDERING THE FRAME WITH A TIMER
//This function already includes the EAT scan on all modules listed in the Import Table
if( !X86DetectInterceptionIAT( GetModuleHandle( 0 ) ) ) {
//user is clean
} else {
//eat or iat changed
}
*Added the EAT Hook detection.
*Added the IAT Hook detection.
TODO:
Dll Wrapper detection.
|
|
|
|
08/30/2016, 20:52
|
#2
|
elite*gold: 0
Join Date: Sep 2008
Posts: 108
Received Thanks: 23
|
Better tell them how to make server side protection. This what you written is as easy to bypass as their new multiclient check
|
|
|
|
|
08/30/2016, 21:01
|
#3
|
elite*gold: 0
Join Date: Feb 2008
Posts: 20
Received Thanks: 3
|
Quote:
Originally Posted by luki180pl
Better tell them how to make server side protection. This what you written is as easy to bypass as their new multiclient check
|
I know luki but as long as you or any other coder dont post the fix it should prevent alot leechers to destroy the game.
Keep in mind that there are not many more ways in ring3 to detect a eat hook. If you want to show a better way and help, please do.
|
|
|
|
|
08/30/2016, 21:06
|
#4
|
elite*gold: 0
Join Date: Sep 2008
Posts: 108
Received Thanks: 23
|
it's not about better or worse way. every clientside protection can be broken. A simple serverside check and gg for inix.
|
|
|
|
|
08/30/2016, 21:49
|
#5
|
elite*gold: 0
Join Date: Oct 2009
Posts: 71
Received Thanks: 70
|
As you can see they wont fix anything xD
They are too stupid or too lazy for it ;]
|
|
|
|
|
08/30/2016, 23:08
|
#6
|
elite*gold: 0
Join Date: Feb 2008
Posts: 1,102
Received Thanks: 185
|
Quote:
Originally Posted by Geleia
I know luki but as long as you or any other coder dont post the fix it should prevent alot leechers to destroy the game.
Keep in mind that there are not many more ways in ring3 to detect a eat hook. If you want to show a better way and help, please do.
|
in the past way better coders than you posted things with intention to destroy the game, so gl with your intentions lal
|
|
|
|
|
08/30/2016, 23:12
|
#7
|
elite*gold: 0
Join Date: Mar 2011
Posts: 130
Received Thanks: 21
|
The moment when do people solve inix problems, although they earn money... Gj anyway !
|
|
|
|
|
08/30/2016, 23:41
|
#8
|
elite*gold: 0
Join Date: Feb 2008
Posts: 20
Received Thanks: 3
|
Quote:
Originally Posted by pamz12
in the past way better coders than you posted things with intention to destroy the game, so gl with your intentions lal
|
Beethoven was deaf and composed wonderfull music better than anyone will ever do, the problem is that he is dead now.
But thx anyways.
*Added IAT Hook detection.
|
|
|
|
|
08/31/2016, 01:06
|
#9
|
elite*gold: 220
Join Date: Jun 2007
Posts: 3,768
Received Thanks: 1,126
|
Quote:
Originally Posted by Geleia
Hello guys i have been working on a solution to try and save the game from noobs with public code. I hope Inix can see this post and patch this cancer once and for all.
For the people that know what they are doing this is easy to bypass but if you post it publicly I will try my best to keep posting a patch.
Stop ruining the game with spoon feeding noobs, if anyone want to support me please start posting fixes aswell.
Code:
BOOL X86DetectInterceptionEAT( HMODULE lpModule, DWORD lpMin, DWORD lpMax ) {
PIMAGE_DOS_HEADER dwDos = reinterpret_cast< PIMAGE_DOS_HEADER >( lpModule );
if( dwDos->e_magic == IMAGE_DOS_SIGNATURE ) {
PIMAGE_NT_HEADERS dwHeader = reinterpret_cast< PIMAGE_NT_HEADERS >( reinterpret_cast< DWORD >( dwDos ) +
dwDos->e_lfanew );
if( dwHeader->Signature == IMAGE_NT_SIGNATURE ) {
PIMAGE_EXPORT_DIRECTORY dwAddrOfDir = reinterpret_cast< PIMAGE_EXPORT_DIRECTORY >( ( reinterpret_cast< DWORD >( dwDos ) +
dwHeader->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ].VirtualAddress ) );
PDWORD dwAddrOfNames = reinterpret_cast< PDWORD >( reinterpret_cast< DWORD >( dwDos ) +
dwAddrOfDir->AddressOfNames );
PDWORD dwAddrOfFuncs = reinterpret_cast< PDWORD >( reinterpret_cast< DWORD >( dwDos ) +
dwAddrOfDir->AddressOfFunctions );
PWORD dwAddrOfOrdinals = reinterpret_cast< PWORD >( reinterpret_cast< DWORD >( dwDos ) +
dwAddrOfDir->AddressOfNameOrdinals );
for( DWORD dwEntry = 0; dwEntry < dwAddrOfDir->NumberOfFunctions; dwEntry++ ) {
if( dwAddrOfFuncs[ dwEntry ] ) {
DWORD dwAddress = reinterpret_cast< DWORD >( dwDos ) + dwAddrOfFuncs[ dwEntry ];
if( dwAddress < lpMin || dwAddress > lpMax ) {
return TRUE;
}
}
}
}
}
return FALSE;
}
//USAGE PUT THIS CODE ON A THREAD THAT IS CALLED ALL TIME
HMODULE dwModule = LoadLibraryA( "WS2_32.DLL" );
MODULEINFO dwInfo;
ZeroMemory( &dwInfo, sizeof( MODULEINFO ) );
if( GetModuleInformation( GetCurrentProcess( ), dwModule, &dwInfo, sizeof( MODULEINFO ) ) ) {
if( !X86DetectInterceptionEAT( dwModule, ( DWORD )dwInfo.lpBaseOfDll, ( DWORD )dwInfo.lpBaseOfDll + dwInfo.SizeOfImage ) ) {
MessageBoxA( NULL, "NO EAT HOOKS ON THE MODULE", NULL, NULL );
}
else {
MessageBoxA( NULL, "EAT HOOK PRESENT, BAN THE NOOB", NULL, NULL );
}
}
//instead of GetModuleInformation we could use CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, ... ) to check all the loaded modules for EAT hooks.
I will now start work on IAT hook detection and will post here when done. |
iat is for noobs, ban all
|
|
|
|
|
08/31/2016, 08:34
|
#10
|
elite*gold: 0
Join Date: Mar 2010
Posts: 22
Received Thanks: 0
|
meybe they fixed something after last update, becouse now my nokia's bots window goses off after character screen, but kal is still running good.
|
|
|
|
|
08/31/2016, 10:40
|
#11
|
elite*gold: 0
Join Date: Oct 2009
Posts: 266
Received Thanks: 47
|
Anyone ples how can i use this?
/ironieoff
|
|
|
|
|
09/02/2016, 20:13
|
#12
|
elite*gold: 120
Join Date: Sep 2007
Posts: 10,497
Received Thanks: 4,420
|
why should they fix anything, server would lose half population then 
|
|
|
|
|
09/02/2016, 22:01
|
#13
|
elite*gold: 0
Join Date: Feb 2008
Posts: 20
Received Thanks: 3
|
Quote:
Originally Posted by exeduz
why should they fix anything, server would lose half population then |
but also could gain more ppl.
loads of ppl quitted due to this issue i knew a few, i dont have anything against cheating when u benefit yourself without harming others. The problem here is that most ppl dont know how to use a cheat and dont even care to thank the real author or make a donation to him. They just want copy paste and **** everybody that plays legit.
|
|
|
|
|
09/03/2016, 15:41
|
#14
|
elite*gold: 0
Join Date: Oct 2009
Posts: 266
Received Thanks: 47
|
Quote:
Originally Posted by Geleia
but also could gain more ppl.
loads of ppl quitted due to this issue i knew a few, i dont have anything against cheating when u benefit yourself without harming others. The problem here is that most ppl dont know how to use a cheat and dont even care to thank the real author or make a donation to him. They just want copy paste and **** everybody that plays legit.
|
Hmm... and u think by hacking for geon and selling them which causes big inflation doesnt hurt anyone? All hackings hurt normal players, doesnt matter at which places.
|
|
|
|
|
09/04/2016, 00:48
|
#15
|
elite*gold: 0
Join Date: Jul 2011
Posts: 72
Received Thanks: 11
|
Quote:
Originally Posted by Geleia
but also could gain more ppl.
loads of ppl quitted due to this issue i knew a few, i dont have anything against cheating when u benefit yourself without harming others. The problem here is that most ppl dont know how to use a cheat and dont even care to thank the real author or make a donation to him. They just want copy paste and **** everybody that plays legit.
|
why are u even on epvpers if you hate bots so much? lol
|
|
|
|
 |
|
Similar Threads
|
Login Issue source stop suddenly
06/06/2013 - CO2 Private Server - 16 Replies
My source stop login suddenly when i login game the source is get Don't Send, i tried a lot of solutions and the bug is still in the source.
Any effort to help will be appreciated
thanks in advance
Regards:
Amir:
|
[Help][5165 Source]Stop auto add items to inventory when killing monsters?
03/30/2012 - CO2 Private Server - 7 Replies
When i kill a monster on my server, it auto add's items and silvers...
How can i stop it?, i don't want it to add anything!(i will add auto add cps later)
Source: NewestCOServer - 5165(To the people that doesn't knows!...)
Here is mob.cs:
using System;
using System.Collections;
using System.Collections.Generic;
|
[Non Stop Non Stop 24/7] For Ever Free MM Service [Non Stop 24/7]
01/10/2012 - Middleman - 38 Replies
ch möchte hier meine Dienste als Middleman anbieten.
Deutsch
✔] Telefon Verifizierung
✔] Seit 3 Monaten registriert
✔] Mehr als 300 Posts
✔] Mind. 10 TBM-Bewertungen
✔] Kein negatives Rating
Welchen Service biete ich an?
|
[Help] Source Stop Button
08/30/2010 - CO2 Private Server - 1 Replies
Hey EPvPers
Im using LOTF 5017 and i want to change the close button of the console like its ENTER now. Now i searched trough the whole source and changed lots to it, but im still stucked at the close key. :)
|
All times are GMT +2. The time now is 14:01.
|
|
![[SOURCE]HOW TO STOP STEAM BOT](https://www.elitepvpers.com/forum/iconimages/kal-online/source-how-stop-steam-bot_ltr.gif){kind=small}
