:) waitting ... what can i do for your team BoR
:) waitting ... what can i do for your team BoR
# English:Originally Posted by theunknownguy
I think you can use the search and find the program from S@nek[BoR].
- RaGEZONE - MMORPG server development forums - View Profile: MuForum.Info -> Statistics -> Find all threads started by MuForum.Info
# Russian:
Думаю ты можешь воспользоваться поиском и найти программы от S@nek[BoR].
1. MST - MU S@nek Tools;
2. MCS - MU Connect Server;
- 1.0.8.* (Without IOCP);
- 1.0.9.* (With IOCP);
3. MWM - MU WindowMode v3.0.4.19;
4. ML - MU Launcher_v1.0.4.50;
5. MTL - MU Test Launcher;
6. MCMSB - MU Calculation of MonsterSetBase_v1.0.2.48;
7. MCE - MU Calculation of the Experience_v1.0.1.13;
8. SIP - Show My IP_v1.0.2.13;
9. SSU - ServerStartUp_v1.0.4.113;
- I do not understand, this threat?
Can you send us the source for the Anti Hide Process? I'm developing a GG for my private server.
Att,
[CzF]HueyGTO
shut up fenix noob...
and gtfo from rz, we dont need stupid emos/gays like u.
you must shut Up ! dont post anymore in my topic ! you are not welcome !
What do you think if they end up fighting and show who has it longer and we
focus on making a more powerful anticheat
For block hidetoolz to show for "WOW CRACKERS" using HideToolz, force Hidetoolz whit SW_SHOW and detect by window Class/Title
Or use DDK libraries for detect real hidding process and kill him
Last edited by Mulegend; 13-06-10 at 10:24 PM.
Is that suppose to impress me or something?...
Really i am an old fucker on this community i didnt know your team. And if you do this list for show something, its a real FAIL.
Just launchers, IOCP and calculators?...
LOL i dont want to insult you, i really dont, but if thats what it takes to be a "big" team on this community and be saying:
Lol then i guess FHX team (me and holy) where gods for create the new skills in main side and the new panel.Code:"BOR here, BOR that, BOR good coders"
I still consider the last very big team over here was SCFMT, even if its for sale, they deserver the credits.
For you to start telling and using your team names on everything you talk, FIRST, do big projects, CzF have more than twice the list of projects you have and they are all muservers plus other stuff.
Last edited by theunknownguy; 13-06-10 at 11:19 PM.
omg, I got a new concept of arrogance this time :D
Fenix, go to your thread, please dont post kid words here...
Sunlove: try this for HideToolz
HWND HideToolz = FindWindow("obj_Form","HideToolz");
ShowWindow(HideToolz , SW_SHOW);
if(HideToolz)
{
MessageBoxA(FindWindow("MU","MU"),"HideToolz Detected","AntiCheat System",0);
ExitProcess(0);
}
You just get the truth with FHX we never believed the big shit and we do much more...
But wait from you we learn the concept of stealing sources and put decompiled on header... and leaving folder names the same order of files and same names (of folder) knowing it doesnt even appear on PDB... so lame...
Now go back to your hole nobody believes you now, you can still try to remove GameGuard from GMO, if you want i give you a hand =P.
PS: You should talk with your friends of "decompilation" from darkteam, i got some really nasty comments about what you did from there hahhahaa...
I am here defending my friend sunlove and he is not continuing this project anymore...Fenix, go to your thread, please dont post kid words here...
Sunlove: try this for HideToolz
HWND HideToolz = FindWindow("obj_Form","HideToolz");
ShowWindow(HideToolz , SW_SHOW);
if(HideToolz)
{
MessageBoxA(FindWindow("MU","MU"),"HideToolz Detected","AntiCheat System",0);
ExitProcess(0);
}
And detection by caption is kids words agaisnt HideToolz, do you even know some security?... sad
Just userland prevention by removing those stupid hooks from HideToolz. Or detection by heuristic from module scanner trough ollydbg. Remember hidetoolz doesnt work for kernel hook in x64, patch guard does it works...
Last edited by theunknownguy; 14-06-10 at 12:34 AM.
i know fenix, but stop with fighting...
and i know about windows detection, if u edit exe that "fix" dont work...
better mode is making a hidden process skan, cuz hidetoolz start, WindowHide, ProcessHide, but if u can hide main whit ring0 WPE, Cheat Engine and anothers dont work....
i am a not profesional, i am learning c++, any ppl when start are newbie, but whit time and exp maybe i will be a better
Code:void HideProcess( char* input ) { PEPROCESS PeProcess = NULL; PLIST_ENTRY pNextEntry, pListHead; PLIST_ENTRY BeforeProcess,Process,AfterProcess; PeProcess = PsGetCurrentProcess(); if(!PeProcess) return; if( IsListEmpty( &PeProcess->ActiveProcessLinks ) ) return; else { pListHead = &PeProcess->ActiveProcessLinks; pNextEntry = pListHead->Flink; while(pNextEntry != pListHead) { PeProcess = CONTAINING_RECORD( pNextEntry,EPROCESS,ActiveProcessLinks ); if(PeProcess->ActiveThreads) { if( !IsListEmpty( &PeProcess->ThreadListHead ) ) { if( _strnicmp( PeProcess->ImageFileName, input ,strlen(input) ) == 0 ) { Process = pNextEntry; BeforeProcess = pNextEntry->Blink; AfterProcess = pNextEntry->Flink; BeforeProcess->Flink = Process->Flink; AfterProcess->Blink = Process->Blink; return; } } } PeProcess = NULL; pNextEntry = pNextEntry->Flink; } } return; }
Last edited by Mulegend; 14-06-10 at 12:44 AM.
You old in this community you know old teams we dont used to be saying we are good coders and show a list of our works. I am just trying to prove that old teams do much more than new guys and never believed nothing...
The hide process will work with SSDT hook on kernel, since x64 got patchguard i doubt alot it would work...
The technique you use is called DKOM and is so old my grandma would laugh if it still working, but its a good technique for x32 versions.
You dont need to do anything like that to stop hidetoolz, you just use user land protection and a driver that check for SSDT changes, if anything changed then you can just close the game. Also you can add a secure list by module address range, that would match AV security, in this way youll let AV work and rootkits and other bullshits out.
This kind of technique is not much used, works only for anti cheats, since in all cases the attacker wants to play and you can be free to close the game with any modification detected...
Cheat Engine uses his own and non usefull virtual machine that is so easy to detect that my grandma would laugh of it. Again with a good heuristic scan and also easy to crash by any non handled opcode that would rise an exception handled by Cheat engine first.
Still in all cases man this project is not going to be updated, SunLove doesnt have time, he is a grow up man and need money and time for feed his family.
Last edited by theunknownguy; 14-06-10 at 12:51 AM.
i am reading for that coding method, but my c++ is very basic, for me this a new world...KDOM is discontinued method, but u know how check main integrity for any modification?
If you want to check against DKOM you just can use the struct you paste above:
Code:pNextEntry->Blink; AfterProcess = pNextEntry->Flink;
Usually it points to the next address of the struct, the size of this struct has i remember is undocumented, but you can make an aproximation, with this way you can check if FLink points to an adress twice the range that you aproximate, it means DKOM.
For SSDT hook bullshit is so easy you can just restore the original SSDT values, or do a module range address checker wich is a little more complex. This involves getting the range of the original SSDT offsets to Kernel APIs and check if the range match with the new offsets, if its in the range you can be sure that its not hooked.Code:Range = You calculate the struct sizeof Detection = .If (Offset FLink > Range*2)
Ofc this technique have a weakness, guy could writte the hook into the range, but who does that?, kernel is very compressed and you might touch any fucking byte used by initialised section and the result is BDOS.
At least both ways detect allmost all rootkits xD.
Add this too in anti hack DB:
MU AutoClicker Elite
MU AutoClicker Avanta
Reply With Quote