A couple of code snippets.

[Justei]

So, lately I have found myself wondering why people don't attempt making new, better hackshields. In general the hackshields out there suck pretty badly.

So, I'm going to make things easier for a couple of you now and release a couple of snippets that can help you out.

PLEASE READ ALL THE TEXT BEFORE ASKING QUESTIONS

I am taking the snippets from the source code of my latest KalOnline project (namely Elmo, a hackshield that's private for KalmaX 2006
(link: KalmaX - 2006 Stuck In Time )).

So, this code is compiled and works fine in Visual C++ 6.0.
I used a proxy dll to run it and well, if you don't know how to do that then I recommend staying away from modding the client anyway lol.

First snippet, most requested so far. How to change icon of kal window after injection:

Code:

hwndWindow = FindWindow(NULL, "KalOnline");
            SetWindowText(hwndWindow, "KalOnline - KalmaX 2006 [Protected by Elmo] - Coded by: Justei. Extra credits: MaX");
            
            if(ServerSelected == 0 && IconLoop < 500){
                
                HANDLE hIcon = LoadImage(NULL, "data/sesame/icon.ico", IMAGE_ICON, 32, 32, LR_LOADFROMFILE);
                if(hIcon){
                SendMessage(hwndWindow, WM_SETICON, ICON_BIG, (LPARAM)hIcon);
                }else{
                // Insert a logging function or whatever here...
                }


                HANDLE hIconSm = LoadImage(NULL, "data/sesame/icon.ico", IMAGE_ICON, 16, 16, LR_LOADFROMFILE);
                if(hIconSm){
                SendMessage(hwndWindow, WM_SETICON, ICON_SMALL, (LPARAM)hIconSm);
                }else{
                // Insert a logging function or whatever here...
                }
                IconLoop++;
            }

How to check for autobattle
(not sure this works 100%, but the function is good to have in general to fetch info from .ini files).

Code:

        char curdir[4096];
        char inifile[4096];

        GetCurrentDirectory(4000, curdir);
        sprintf(inifile, "%s\\system.ini", curdir);
        // check for autobattle, sigh...
        char autobattle[256];
        GetPrivateProfileString("CLIENTVERSION", "AUTO_BATTLE", "null", autobattle, 4000, inifile);
        if(strcmp(autobattle, "2") == 0){
            // KickPlayer.
        }

Check if a file exists, so u can check if ppl put .dll files in the same folder:

Code:

bool FileExist(string FileName) {
  struct stat stFileInfo;
  bool blnReturn;
  int intStat;

  intStat = stat(FileName.c_str(),&stFileInfo);
  if(intStat == 0) {
    blnReturn = true;
  } else {

    blnReturn = false;
  }
  
  return(blnReturn);
}

Check what windows are open:

Code:

char WinText[200] = {NULL};
 
    if(!hwnd || !IsWindowVisible(hwnd))
        return 1;
 
    GetWindowTextA(hwnd,WinText,sizeof(WinText));

  // Example of how to use.
   if(strcmp(WinText, "Let's Engine 3.0 by Be_Sk8 - www.LetsPlayCheats.navega.uni.cc") == 0){
        // KickPlayer(); just kick player...
    }

HOW TO MAKE YOUR PROXY DLL's TUTORIAL
http://www.codeproject.com/KB/DLL/Cr...ProxyDLLs.aspx


More functions I have in stock are(All work in realtime etc.):

• Check what dll files are loaded into the client
• Check what processes are running
• Check what windows are open
• Check if client is being hooked by another dll (Detoured packets.)
• Check for speedhack.
• MemCpyEx ofc.
• Recv/Send packets without disturbing Kocp/Kosp.
• GM bot check (Lets a gm check a player if he's a BOT etc).
• Make sure player can't remove d4 doors etc.
• Also a d3d hook.
• And a lot more that I don't remember atm...

I will however keep these parts to myself for now, just want to see people develop something and not just leech first, then I can help out if someone can't figure some part of a function out for themselves.
This should get you started at least.

Good Luck!

[MentaL]

[ASN]

WoW, impressive

So, lately I have found myself wondering why people don't attempt making new, better hackshields. In general the hackshields out there suck pretty badly.

Answer is simply ;p

WHO?

and about autobattle isnt it easier to delete it from engine?;p (but yea script is useful)

[Arturasult]

looks great but couldnt people simple just replace your dll with there own?
wouldnt you require some server side modifications also?

[ASN]

looks great but couldnt people simple just replace your dll with there own?

Good point :P Justei is he right?xd

[Justei]

looks great but couldnt people simple just replace your dll with there own?
wouldnt you require some server side modifications also?

Good point :P Justei is he right?xd

Yes, and for that you need to hook the server to send a heartbeat. Which is why I didn't release the whole source (it contains a packet recv/send function). I want people to do something for themselves as well. These functions are just one step on the way to get people to start doing SOMETHING for themselves.

However you CAN make the dll stick pretty well anyway. One example is using byte replacement or memory editing to make the client:
change pk password when engine runs, so if u run client without your own dll it will load with wrong pk and configs wont load. OR set config to connect to wrong port, and then your DLL corrects that.
Or crypt configs and make your dll decrypt, so if u load without your dll it wont work etc.

And a lot of other ways.

Combine that with a simple heartbeat from server client, and u wont be able to remove the hackshield without a big hassle.

[General]

I'm interested in creating client sided dll's, but I'm not familiar with programming... A setup and some base source files for the dll would help a lot, since I'm a total newb in that. I've got quite a lot experience with ASM and Delphi, just not with visual studio and C++

[Justei]

I'm interested in creating client sided dll's, but I'm not familiar with programming... A setup and some base source files for the dll would help a lot, since I'm a total newb in that. I've got quite a lot experience with ASM and Delphi, just not with visual studio and C++

Okay, well I'll post a guide on how to make proxy dll's later today/tomorrow along with source. It's not hard at all to be honest. Although I recommend learning some C++ basics.

ASM will help you LOADS in this so kudos on that.

[Zen]

as much as I will probably be flamed for this, theres some good proxy DLL tutorials/sources at epvp if you have a look.

[Arturasult]

i've only dabbled a bit in C++, dont know much about it, only c#.

i had a look at injecting in C# and found some nice tutorials on it (using some c++ to load the C#)

maybe i will have a crack at this some time.

[Justei]

as much as I will probably be flamed for this, theres some good proxy DLL tutorials/sources at epvp if you have a look.

Yeah, Indeed, but the best one there is actually just a copy off another tutorial from another site, so I'll just post that one in a sec.

i've only dabbled a bit in C++, dont know much about it, only c#.

i had a look at injecting in C# and found some nice tutorials on it (using some c++ to load the C#)

maybe i will have a crack at this some time.

I recommend it, its fun :)

[Zen]

Will give it a try when I get home from university tonight.

Will be using this tutorial to learn C++ (have been coding C# and PHP for years, never tried C++ at all, the syntax seems familiar but I think that starting from basics is the go for me)

YouTube - antiRTFM's Channel

[Zen]

Also Justei (this is half because its relevant and half so this thread doesn't get hidden under the 5 million 6month+ old threads some dickhead bumped)

YouTube - The Simpsons - Elmo Knows Were You Live (720p HD)

[Justei]

lol, elmo<3 im gonna release more info when i get home tonight. Considering making a sticky with a collection of all code snippets, packet lists, etc. As well as containing guides on how to work with it.

[Zen]

I know this is a really silly question, but where are the functions and variables you're referring to there actually coming from? (eg ServerSelected)

I only started playing with C++ the other day, so far I'm loving it, so clean :D

[Justei]

I know this is a really silly question, but where are the functions and variables you're referring to there actually coming from? (eg ServerSelected)

I only started playing with C++ the other day, so far I'm loving it, so clean :D

Umm, yeah that 1 is actually a variable I set when the server is selected ( I check what packets come in and thats it, if you want I can add u on MSN and share some more source with ya, don't wanna release too much without people doing something themselves :) )

And yeah, C++ is a lot of fun.

[Zen]

Sent you a PM.

Thanks.

[Arturasult]

So I was doing a little thinking and talking to Zen after I came across SwordProxy and noticed that TDA has edit the chat packet to add "...hic!" on the end of each message (similar to chatting while drunk in WoW).

So I had the idea of making all clients connect to the proxy and the proxy connects to the server and then I could monitor all Skill Execute packets and check if some one was using a cooldown hack by recording times when skills were executed, the only problem with this approach would be that it may become very laggy running 400 or so people through the proxy.

So I figured the better alternative would be to use a server side dll, that would hook onto a function that would tell me when a skill was used, having a look at the 1909 list I found:

CPlayerSkill::ExcuteSkill Adr 0x0047FF70

I also found KalHooks source by tda and found he had a memory intercept function, Perhaps this would do the job.

However I'm not to sure how to hook this CPlayerSkill::Execute skill, would I have to cycle each player and add the memory intercept, or is it just a static function I can hook and find the PID and the Skill ID.

After finding that it would be a matter of recording each skill execute from each player and sticking it in an array with the time it was executed, then the next time they execute a skill you can see the time different between the two and compare it to a list of skill cooldown times to see if they are using cooldown hacks (with some consideration to lag ofc)

I think this would be a good way to stop cooldown hacking and I'm surprised that they didn't put this in the main server in the first place.

I don't really know how easy/possible this is as I'm new to C++ and even newer to hooking.

[General]

AyleN's way is to add a jump in each skill function to Extended.dll and there the check is being made...

[Justei]

I personally would start with a client sided check, and then make it have a connection with the server and check some there as well.

Edit: Also keep in mind that a blacklist of cheatengines etc is pretty much all you need to get rid of 99% of the "hackers", most "hackers" just use released .dll files and UCE's, so if u blacklist their UCE's and then also blacklist their .dll's so they can't inject them (By checking what modules are loaded into the process), you pretty much get rid of 99% of the hackers lol.

[Arturasult]

I personally would start with a client sided check, and then make it have a connection with the server and check some there as well.

Edit: Also keep in mind that a blacklist of cheatengines etc is pretty much all you need to get rid of 99% of the "hackers", most "hackers" just use released .dll files and UCE's, so if u blacklist their UCE's and then also blacklist their .dll's so they can't inject them (By checking what modules are loaded into the process), you pretty much get rid of 99% of the hackers lol.

Yes that's true however it means you need to be always updating your blacklist, if you do everything server side and trust nothing from the client then it shouldn't matter when some one creates a new hack.

[Justei]

Yes that's true however it means you need to be always updating your blacklist, if you do everything server side and trust nothing from the client then it shouldn't matter when some one creates a new hack.

Not necessairely, all you gotta do is make server side send a list with the blacklist when u connect... Not very hard :P.

[Arturasult]

Not necessairely, all you gotta do is make server side send a list with the blacklist when u connect... Not very hard :P.

but that can be bypassed, anything on the client side can be changed are faked. If such a client side system became popular enough people would make replacement dll's to bypass it, while they cant touch anything server side (theoretically).

[Justei]

but that can be bypassed, anything on the client side can be changed are faked. If such a client side system became popular enough people would make replacement dll's to bypass it, while they cant touch anything server side (theoretically).

Ofc u can do that, but you can make it hard enough so that it's not worth it for a hacker, also you can still make checkups on the client so that you make sure everything that's running is as it should :P...

Keep in mind that this is KalOnline nothing bigger than that, 99.9% of all the "hackers" are script kiddies, with this you easily eliminate most of em, and if you make your own hackshield you can update it every day if you want and render the cheats useless every day pretty much.

I'm not debating wether to implement a server side check, I'm just saying that checking twice is better than once. I do server side checks as well.

[General]

The way GBL did it, was pattern scans... I found out that CheatEngine used a module that were in all other uce's based on CE. So a simple pattern scan of the memory of all processes did the trick. It just took a lot of CPU load

[Justei]

The way GBL did it, was pattern scans... I found out that CheatEngine used a module that were in all other uce's based on CE. So a simple pattern scan of the memory of all processes did the trick. It just took a lot of CPU load

Yeah I thought of that, and the CPU problem was one of the reasons I didn't go through with it yet, but yeah might take a look at it and find a way that doesn't take too much CPU.