int packet hack source

zilvis69 · 02/09/2010, 22:36

Hey all,
i wanted to ask why when i run this dll

from this source on int , the command window appears ( for 2 seconds) and dissapears what should i do to make it always open? ( sorry im kinda noob at this, but trying to understand all this packet hacking

)

Mahatma · 02/09/2010, 22:43

put a sleep at the begining be4 the cmdbox opens
inix uses freeconsole at every kal start...

katze123 · 02/09/2010, 22:54

the hackshield will detect it....

zilvis69 · 02/09/2010, 23:00

yea i noticed that.. but is there any way i can prevent that ? Anything i can change in the source?

Thiesius · 02/09/2010, 23:06

Well, there are few ways. But none of them I know, will help you much.

You can add some routines which will prevent hackshield from scanning this memory address. But I cannot help you with that, because I didn't bypassed hackshield yet. They added some new features to HShield, so it isn't as easy as it was before update.

AFAIK the Hackshield message for memory manipulation is 0x2000000B (I noticed that in the stack).

zilvis69 · 02/09/2010, 23:08

^_^ im going to sleep, i dont think that i will be able to do something like that for now.. xD anyway thanks

Mahatma · 02/09/2010, 23:15

for me there is just a check at the start...then everything works fine...

Thiesius · 02/09/2010, 23:22

But you use ws2_32 functions to sniff and calling SendPacketMain to send, right?

meak1 · 02/09/2010, 23:39

jeah oO but we talk about the console here^^ and jeah the console works after kal start

Thiesius · 02/09/2010, 23:51

Right, console has multiple usage options. You can simply use it to control your speed hack, Z-Coord hack or CoolDown/CastTime hack.

Btw has somebody noticed, that all cooldowns has been moved on end of the memory region on Windows 7? WTF?

zilvis69 · 02/10/2010, 09:30

Quote:

Originally Posted by Mahatma

for me there is just a check at the start...then everything works fine...

how do u do that ^_^?

meak1 · 02/10/2010, 13:11

oO start the console if kal is started??? its not hard ^^

zilvis69 · 02/10/2010, 13:21

i think i misunderstood his post

sorry

Thiesius · 02/10/2010, 13:51

Let me explain:

Code:

void InstallRecvHook()
{
	Intercept(INST_JMP,RecvMain,(DWORD)&RecvHook,5);
}
void InstallSendHook() 
{
	Intercept(INST_JMP,SendPacketMain,(DWORD)&SendPacket,6);


	Intercept(INST_JMP,SniffPacketMain_,(DWORD)&SniffPacket,6);
}

You are detected on those two functions, which replaces first 5 original bytes with JMP from RecvMain, the original kal function, to RecvHook, our modified function. Same for SendPacket.
HShield copy those bytes (from almost whole memory region) and generates hash/crc. If the CRC/hash doesn't match with original, then your game will close.

You can workaround like this:

Quote:

Originally Posted by Thiesius

But you use ws2_32 functions to sniff and calling SendPacketMain to send, right?

You will use ws2_32 recv to sniff what's recieved (clean) and ws2_32 send to sniff what's sent (encrypted) and call SendPacket to send your own packets.

There is more to explain, but I think - this should be enough for start.

But as I said, console can be useful in other ways. You can comment out the recv and send hook and use it for manipulating with Kal-Online memory space. Like modifying speed, Z-Coordinate, Cooldowns and Casttimes or everything which can't be under HShield memory check.