Don't just press, HOLD it.Originally Posted by AdminSS
Try to move some icon on your desktop (like copy a folder with CTRL key)
Worst bug ever...
No idea why happens (thinking like a developer)
[]'s
Don't just press, HOLD it.
Try to move some icon on your desktop (like copy a folder with CTRL key)
Worst bug ever...
No idea why happens (thinking like a developer)
[]'s
Hi all, i fix this bug with comodo firewall who also have a sandbox policy (Defense+) for running certain aplications in a sandboxed process.
The bug happens because main.exe tries to install global hooks, and multiple hooks cause the bug when you press ctrl... (it's a larger explanation but it doesn't matter at this time)
if you sandbox every instance of every main.exe the bug disapear, as simple as that.
you have to install & enable the Defense+ feature, end the first time you execute the main.exe, Defense+ will prompt for running main.exe in a sandbox or not, just press sandbox button, later will prompt for the global hooks (2 times usually, 2 different hooks), just select dont allow the global hook to be loaded, an mark the "remember this answer" (or something like that), and that's it.
the next time only will ask for running or not in a sandbox.
cheers from argentina men
hope this will be usefull for u
Oh im running win7 64b, amd960 8gb ddr31600 gpu2gbddr5 season6 clients with mu helper runing in at 7 windows/instances of main.exe opened at the same time, with no problem at all, i can press ctrl an kill an press any otrer key normally, works just fine.
thx for bumping a 3 month old topic.
*close request
That's it, removed SetWindowsHook function from main, and whoa! when pressing CTRL client is not freezing anymore ^_^Hi all, i fix this bug with comodo firewall who also have a sandbox policy (Defense+) for running certain aplications in a sandboxed process.
The bug happens because main.exe tries to install global hooks, and multiple hooks cause the bug when you press ctrl... (it's a larger explanation but it doesn't matter at this time)
if you sandbox every instance of every main.exe the bug disapear, as simple as that.
you have to install & enable the Defense+ feature, end the first time you execute the main.exe, Defense+ will prompt for running main.exe in a sandbox or not, just press sandbox button, later will prompt for the global hooks (2 times usually, 2 different hooks), just select dont allow the global hook to be loaded, an mark the "remember this answer" (or something like that), and that's it.
the next time only will ask for running or not in a sandbox.
cheers from argentina men
hope this will be usefull for u
Oh im running win7 64b, amd960 8gb ddr31600 gpu2gbddr5 season6 clients with mu helper runing in at 7 windows/instances of main.exe opened at the same time, with no problem at all, i can press ctrl an kill an press any otrer key normally, works just fine.
where did you do that? how did you do it?
tnx
1.03K
SetByte(0x0052D49B,0x02); and whoa
Attach the file or post the memory region.
I did different...
Open Ollydbg
Load Main.exe
Press Ctrl + N
Search SetWindowsHookExA
follow the second call (NOT JMP, JUST CALL)
when u see some like thisCode:References in main_104:.text to USER32.SetWindowsHookExA Address Disassembly Comment CALL DWORD PTR DS:[<&USER32.SetWindowsHo USER32.SetWindowsHookExA CALL DWORD PTR DS:[<&USER32.SetWindowsHo USER32.SetWindowsHookExA JMP DWORD PTR DS:[<&USER32.SetWindowsHoo USER32.SetWindowsHookExA
Changue 0x0D to 0x02Code:PUSH 0D CALL DWORD PTR DS:[<&USER32.SetWindowsHo>; USER32.SetWindowsHookExA MOV EDX,DWORD PTR SS:[EBP-4] MOV DWORD PTR DS:[EDX],EAX
0x0D = 13 [WH_KEYBOARD_LL (13)]
0x02 = 2 [WH_KEYBOARD (2)]
More info SetWindowsHookEx function (Windows)
1.03K JPN:
004BD479
1.03Y JPN:
004C7F49
1.04 JPN S6EP3:
0052D49B
1.04D GMO S6EP3:
0052101B
Last edited by Mulegend; 08-05-13 at 07:33 PM.
Bad idea... I wouldn't if I was you.
Both functions has the same signature, but the lParam has different meaning.
lParam is a pointer to a structure on LowLevelKeyboardProc (type = 13)
lParam is just a map of bit flags on KeyboardProc (type = 2).
So, depending on how the the callback process this information you can crash your main.
GG.
ok, ok ok ok ok ok
Test it and told me about your crash
GG
Ok, you win, you are a genius.
Code:0046D29D |. 6A 00 push 0 ; /ThreadID = 0 0046D29F |. 8B4D 08 mov ecx,dword ptr ss:[ebp+8] ; | 0046D2A2 |. 51 push ecx ; |hModule 0046D2A3 |. 68 85D34600 push 0046D385 ; |Hookproc = main.0046D385 0046D2A8 |. 6A 0D push 0D ; |HookType = 13. 0046D2AA |. FF15 60347000 call dword ptr ds:[<&user32.SetWindowsHookExA>] ; \SetWindowsHookExALet's look at the MSDN again, shall we?Code:0046D385 /. 55 push ebp ... 0046D3AB |> 8B4D 10 mov ecx,dword ptr ss:[ebp+10]; lParam (if you didn't know) 0046D3AE |. 894D FC mov dword ptr ss:[ebp-4],ecx 0046D3B1 |. 8B55 FC mov edx,dword ptr ss:[ebp-4] 0046D3B4 |. 8B02 mov eax,dword ptr ds:[edx] ; ops, look here, a pointer! ...
KeyboardProc callback function (Windows)
So it's just a number! That will be a treated as a memory address and if you are lucky, maybe, you can read that address, otherwise, a lovely exception will be thrown and your main will crash.lParam
The repeat count, scan code, extended-key flag, context code, previous key-state flag, and transition-state flag. For more information about the lParam parameter, see Keystroke Message Flags. The following table describes the bits of this value.
Simple as that.
I did what you said there i changed 0x0D for 0x02 but its still freezing, this is the result (s2 main)
In this hook, just call LL Hook, but works as a simple hook...
Do you understand ? You need read (main code), before open your mouth
i never told it is not a pointer
Code:LRESULT __userpurge sub_521120<eax>(int a1<ebx>, int a2<edi>, int nCode, WPARAM wParam, LPARAM lParam) { void *v6; // eax@13 int v7; // eax@13 unsigned int v8; // [sp+0h] [bp-Ch]@4 if ( !nCode && wParam >= 0x100 && wParam <= 0x101 ) { v8 = *(_DWORD *)lParam; if ( *(_DWORD *)lParam == 27 ) { if ( sub_790F40(a1, a2, 17) == 1 ) return 1; } else { if ( v8 > 0x5A && v8 <= 0x5C && !*(_DWORD *)&dword_E60974 ) return 1; } } v6 = sub_5210B0(a1, a2); v7 = sub_5210A0(v6); return CallNextHookEx((HHOOK)v7, nCode, wParam, lParam); }
Last edited by Mulegend; 11-05-13 at 06:26 PM.
So, this means that i need to make an external hook and do the thing you posted? or just do the thing that you posted?
Who can help me? i can't find this SetWindowsHook in main.exe =(
Reply With Quote