[Source Code] AutoInjection

[Cryless~]

There is not much to say, this trick allows you to inject code at Run-time.

Guide:
- Close NosTale /!\ JUST DO IT /!\
- Open NosTale folder and rename EWSF.EWS to EWSF.dll (or no SplashScreen will appear anymore) [optional]
- Compile your code as EWSF.EWS and move it into NosTale folder

Code:

/*
*	A proof-of-concept tool for forcing the client to self inject malicious code at Run-time
*
*	Cryless Domore (@crylessdomore)
*	July 10, 2017
*	https://github.com/crylessdomore/
*/

#include <Windows.h>
#include <detours.h>

BOOL(WINAPI *oFreeLibrary)(HMODULE hLibModule);

FARPROC WINAPI oShowNostaleSplash = NULL;
FARPROC WINAPI oFreeNostaleSplash = NULL;

extern "C" __declspec(dllexport) void __declspec(naked) ShowNostaleSplash()
{
	__asm jmp oShowNostaleSplash
}

extern "C" __declspec(dllexport) void __declspec(naked) FreeNostaleSplash()
{
	__asm jmp oFreeNostaleSplash
}

BOOL WINAPI FreeLibrary_HOOK(HMODULE hLibModule)
{
	char aLibFileName[MAX_PATH];
	GetModuleFileNameA(hLibModule, aLibFileName, sizeof(aLibFileName));

	if (strstr(aLibFileName, "EWSF.EWS")) {
		hLibModule = GetModuleHandleA("EWSF.dll");
	}

	return oFreeLibrary(hLibModule);
}

void OnAttach()
{
	// Write your code here...
	MessageBoxA(NULL, "Hacking involves a different way of looking at problems that no one's thought of.", "Walter O'Brien", MB_OK);
}

BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpvReserved)
{
	switch (dwReason)
	{
	case DLL_PROCESS_ATTACH:
		HMODULE hLibModule = LoadLibraryA("EWSF.dll");
		oShowNostaleSplash = GetProcAddress(hLibModule, "ShowNostaleSplash");
		oFreeNostaleSplash = GetProcAddress(hLibModule, "FreeNostaleSplash");

		oFreeLibrary = FreeLibrary;

		DetourTransactionBegin();
		DetourUpdateThread(GetCurrentThread());
		DetourAttach(&(PVOID&)oFreeLibrary, FreeLibrary_HOOK);
		DetourTransactionCommit();

		DisableThreadLibraryCalls(hInstance);
		CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)OnAttach, NULL, NULL, NULL);
	}

	return TRUE;
}

[Cryless~]

I did not expect to receive so much attention, thank you very much.

ChangeLog:
- NosMall is now working (bugfix)
- Code optimization

[atom0s]

"no one's thought of" lol.. this is nothing new and is commonly done with dinput.dll for various games for the same purpose.

[DarkyZShadow]

Quote:

Originally Posted by atom0s

"no one's thought of" lol.. this is nothing new and is commonly done with dinput.dll for various games for the same purpose.

Of course, that's a basic technique (the proxy DLL) but to my knowledge, nobody has released this method on the Nostale forum.

Best regards,
A random developer

[Cryless~]

Quote:

Originally Posted by atom0s

"no one's thought of" lol.. this is nothing new and is commonly done with dinput.dll for various games for the same purpose.

With what courage do you say that after you did post a generic hook for the 'connect' function in this section?

At least you know who you are, a brainless just like an atom.

[ivanolo7]

What can i do with this hack?

[Pumba98]

Quote:

Originally Posted by ivanolo7

What can i do with this hack?

inject code at runtime
You can do with it whatever you can do with code

[aliazanoor]

Someone Willing to explain or make a video of benifits u can get off injecting on a runtime ?
i can pay if your lazy to reply or explain XD

[Pumba98]

Quote:

Originally Posted by aliazanoor

Someone Willing to explain or make a video of benifits u can get off injecting on a runtime ?
i can pay if your lazy to reply or explain XD

You can load any hacks on every startup without needing to inject it or you could for example steal account data unseen

[ivanolo7]

Quote:

Originally Posted by Pumba98

inject code at runtime
You can do with it whatever you can do with code

For expample you can dupe items or increase your gold?

[Pumba98]

Quote:

Originally Posted by ivanolo7

For expample you can dupe items or increase your gold?

If you know any dupes

[ivanolo7]

Quote:

Originally Posted by Pumba98

If you know any dupes

No one is going to tell me? xDDD

[Pumba98]

Quote:

Originally Posted by ivanolo7

No one is going to tell me? xDDD

There is no public

[aliazanoor]

Any private to buy ?!

[Cryless~]

Quote:

Originally Posted by aliazanoor

Any private to buy ?!

Just open a thread somewhere else and stop spamming!