[request] alissafix with recv hook

[tliu0c]

Quote:

Originally Posted by Blade3575

You talk about it like I think it's impossible to break and no one ever has. It's so stupidly easy to figure it out that anyone with any common sense and a debugger could do it. It's meant to stop people who ruin others game play, and generally they aren't smart enough to figure it out.

Now you are over simplifying it. I think many people here have a debugger and can't do it. I guess they lack common sense then.
Anyways. I look forward to this new abyss.

[jorxixix]

Quote:

Originally Posted by Blade3575

Gave you your answer to your question. Now answer mine. Are you just avoiding it because you know you dug yourself into a hole so deep you can't see the light anymore?

you can keep barking lol.
I don't fight on forums haha.
I'm gonna just ignore your troll messages.

[step29]

Quote:

Originally Posted by tliu0c

I can't wait to see the new stuff in your new abyss. Maybe a new "ban"?

The new OP jump code is now a JA

Quote:

Originally Posted by tliu0c

I think many people here have a debugger and can't do it. I guess they lack common sense then.

This is somewhat true. Hell even I. I'm a novice at ollyDBG and I'm pretty sure there's probably alot more functions then what I know myself.

tho, Olly can be very glitchy sometimes :c (I keep getting that Press SHIFT+F7,F8 or F9 message everytime I try to open anything from olly)

For REing purposes, I use CE because it gives me the ability to RE ASM in real time

[Ayamin]

Quote:

Originally Posted by jorxixix

I think 0x64 made one that is compatible with abyss, but I just don't need this patcher.

You, sir, are and idiot.

Quote:

Originally Posted by jorxixix

Kirisame was the base patcher, you only changed it a little and named it abyss.


why don't you release the one with recv hook ?
have some sharing spirit!

He's done enough








hi

[jorxixix]

Quote:

Originally Posted by Ayamin

You, sir, are and idiot.
He's done enough
hi

you can bark too. I don't care

[step29]

Quote:

Originally Posted by jorxixix

bark

We from dogtown man.
woof woof WOOF!
actually im just a tiger, meow~<3

[tliu0c]

Quote:

Originally Posted by step29

The new OP jump code is now a JA

You've already got the new version?

Quote:

Originally Posted by step29

This is somewhat true. Hell even I. I'm a novice at ollyDBG and I'm pretty sure there's probably alot more functions then what I know myself.

Yea from what your said in that AMA thread, you are pretty novice. If you found that JB instruction yourself then good for you! I think it is a good little reversing practice.

Quote:

Originally Posted by step29

For REing purposes, I use CE because it gives me the ability to RE ASM in real time

What??

[Blade3575]

Quote:

Originally Posted by tliu0c

You've already got the new version?



Yea from what your said in that AMA thread, you are pretty novice. If you found that JB instruction yourself then good for you! I think it is a good little reversing practice.


What??

No, he does not yet. There's still a couple patches I want to add, and one buggy patch.

You know, I'm quite lost as to your goal. Do you want the community to learn or do you just want them to leech and destroy?

[step29]

Quote:

Originally Posted by tliu0c

You've already got the new version?

Quote:

No, he does not yet.

Quote:

Yea from what your said in that AMA thread, you are pretty novice. If you found that JB instruction yourself then good for you! I think it is a good little reversing practice.

I did days after the code was implanted. Unicodes are fun, sometimes they have priorities from start to bottom, when I launched it with pake I noticed a certain text file was not being written, my client was not terminated like it was suppose to, this lead me to doing some trial and error.


XORs are mostly common on Anti-Piracy games (see: Spyro 3), so after looking at that huge fucking list of XORs and CMPs I know I was looking at the right function.


I didn't expect it would be the jump op to bypass it, but weirdly it did
Then I was told not to talk about it to anyone : s, Till now since Blade is writing a new core, I'm pretty sure he's going to give me some harder challenge D:


What's AMA again?

Quote:

What??

It's how I make new mods on my mod_sharker.ini :s

Quote:

Originally Posted by Blade3575

You know, I'm quite lost as to your goal. Do you want the community to learn or do you just want them to leech and destroy?

He want's to do both. He want's to give the community to learn the ability to use a powerful system like Pake, Independently.

[tliu0c]

Quote:

Originally Posted by Blade3575

You know, I'm quite lost as to your goal. Do you want the community to learn or do you just want them to leech and destroy?

Why you ask that
Learn. Otherwise I would have released a modified version of dsound already. right?

Quote:

Originally Posted by step29

I did days after the code was implanted. Unicodes are fun, sometimes they have priorities from start to bottom, when I launched it with pake I noticed a certain text file was not being written, my client was not terminated like it was suppose to, this lead me to doing some trial and error.


XORs are mostly common on Anti-Piracy games (see: Spyro 3), so after looking at that huge fucking list of XORs and CMPs I know I was looking at the right function.

I don’t know about the Unicode and xors. Nor do I know how abyss tries to detect pake. All I see is a pile of suspicious who-knows-what and a couldn’t-be-more-obvious conditional jump that has to be changed.
One thing that intrigued me was how abyss terminates the client. It uses ZwTerminateProcess and sysenter, which is really really weird and maybe sneaky too.

Quote:

Originally Posted by step29

What's AMA again?

That memory modification AMA thread. I’m not sure what AMA is either. Geez that plonecake sure has a warm heart! I mean, I hardly have the patience to glance over the walls of text he said and he wrote all that….Tho I’d say for learning reversing you need a more systematic approach rather than bits of info here and there.

Quote:

Originally Posted by step29

It's how I make new mods on my mod_sharker.ini :s

Once you get the hang of reversing, you will never want to use the debugger on CE ever again.

Quote:

Originally Posted by step29

He want's to do both. He want's to give the community to learn the ability to use a powerful system like Pake, Independently.

Well…Sort of…

[Blade3575]

Quote:

Originally Posted by tliu0c

Why you ask that
Learn. Otherwise I would have released a modified version of dsound already. right?

Then why did you make an Abyss compatible version to begin with? It's an obviously easy edit meant to keep leechers out, not people who know what they're doing or at least have some knowledge. It's more like a trial.

[tliu0c]

Quote:

Originally Posted by Blade3575

Then why did you make an Abyss compatible version to begin with? It's an obviously easy edit meant to keep leechers out, not people who know what they're doing or at least have some knowledge. It's more like a trial.

I can't recall exactly what the reason was. I made it like a month ago. Probably cuz of something you said on that day hit me. But it was an exercise for me too. You know, it's easy to directly edit dsound. But it's not so straightforward to do it in alissafix since alissafix loads before dsound. Don’t worry too much. So far all I heard is people saying it doesn’t work. Nobody said it worked for them lol. I guess people are all using x64 these days.
I am still a little curious on the ZwTerminateProcess. Did you do it on purpose or did the complier make it that way?

[Blade3575]

Quote:

Originally Posted by tliu0c

I can't recall exactly what the reason was. I made it like a month ago. Probably cuz of something you said on that day hit me. But it was an exercise for me too. You know, it's easy to directly edit dsound. But it's not so straightforward to do it in alissafix since alissafix loads before dsound. Don’t worry too much. So far all I heard is people saying it doesn’t work. Nobody said it worked for them lol. I guess people are all using x64 these days.
I am still a little curious on the ZwTerminateProcess. Did you do it on purpose or did the complier make it that way?

Wasn't me who made it. Most of that is actually in ASM, not C/++.

[tliu0c]

Quote:

Originally Posted by Blade3575

Most of that is actually in ASM, not C/++.

What do you mean?

This is what I was talking about.

Code:

04D63096    . |8B1D A439D704     MOV EBX,DWORD PTR DS:[0x4D739A4]       ;  ntdll.ZwTerminateProcess
04D6309C    . |6A 00             PUSH 0x0
04D6309E    . |6A FF             PUSH -0x1
04D630A0    . |64:A1 C0000000    MOV EAX,DWORD PTR FS:[0xC0]
04D630A6    . |85C0              TEST EAX,EAX
04D630A8      |75 09             JNZ SHORT DSOUND.04D630B3
04D630AA    . |8B43 01           MOV EAX,DWORD PTR DS:[EBX+0x1]
04D630AD    . |8D5424 F8         LEA EDX,DWORD PTR SS:[ESP-0x8]
04D630B1    . |0F34              SYSENTER
04D630B3    > |8B43 01           MOV EAX,DWORD PTR DS:[EBX+0x1]
04D630B6    . |33C9              XOR ECX,ECX
04D630B8    . |807B 05 33        CMP BYTE PTR DS:[EBX+0x5],0x33
04D630BC    . |74 03             JE SHORT DSOUND.04D630C1
04D630BE    . |8B4B 06           MOV ECX,DWORD PTR DS:[EBX+0x6]
04D630C1    > |8BD4              MOV EDX,ESP
04D630C3    . |83EC 04           SUB ESP,0x4
04D630C6    . |64:FF25 C0000000  JMP DWORD PTR FS:[0xC0]

You coded this part with inline asm?

[Blade3575]

Quote:

Originally Posted by tliu0c

You coded this part with inline asm?

Not me, but yes, it is in inline ASM.