Hide XOR CabalMain

[MaViAhXr]

I share the source code to hide the XOR CabalMain.
cabalmain.exe XOR on CabalMain.exe leave it by default.
change your own xor encypt with hook dll to exe.

you need : Dev C++

PHP Code:

//===================================//
// XOR CHANGE
// Royal Cabal
// http://www.royalcabal.com
// MaviaCode
//===================================//

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>

void Ganti(void *adr, void *ptr, int size)
{
    DWORD OldProtection;
    VirtualProtect(adr,size,PAGE_EXECUTE_READWRITE, &OldProtection);
    memcpy(adr,ptr,size);
    VirtualProtect(adr,size,OldProtection, &OldProtection);
}

void WritePointer(unsigned long ulBase, int iOffset, int iValue)
{ 
  if (!IsBadReadPtr((VOID*)ulBase, sizeof(unsigned long))) {
    if (!IsBadWritePtr((void*)(*(unsigned long*)ulBase + iOffset), sizeof(unsigned long)))
    { *(int*)(*(unsigned long*)ulBase + iOffset) = iValue; }
  }
}

void GantiXOR() { 
//while(1){
            //Enkripsian XOR meh teu ka to'ong
            DWORD XOR1, XOR2, XOR3, XOR4 = 0;
            DWORD CABALMAIN = (DWORD)GetModuleHandleA("CabalMain.exe");
            if (CABALMAIN > 0) {
                XOR1 = (DWORD)0x4A832F;
                XOR2 = (DWORD)0x4A831E;
                XOR3 = (DWORD)0x4A830C;
                XOR4 = (DWORD)0x4A82FA;
                Ganti((void *)(XOR1),(void*)(PBYTE)"\x35\x92\x00\x00\x00", 5); // XOR 1 = 92
                Ganti((void *)(XOR2),(void*)(PBYTE)"\x83\xF0\x66", 3); // XOR 2 = 66
                Ganti((void *)(XOR3),(void*)(PBYTE)"\x83\xF0\x66", 3); // XOR 3 = 66
                Ganti((void *)(XOR4),(void*)(PBYTE)"\x83\xF0\x66", 3); // XOR 4 = 66
            }
            Sleep(100);
//    }
}

BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
if (dwReason == DLL_PROCESS_ATTACH) {
    if(dwReason == DLL_PROCESS_ATTACH){
    CreateThread(0, 0, (LPTHREAD_START_ROUTINE)GantiXOR, 0, 0, 0);
    }else if(dwReason == DLL_PROCESS_DETACH){
    }
}
return TRUE;
} 


Compile and hook it to CabalMain.exe.
sorry my english bad

[MentaL]

[Dens666]

Awesome, explain also how to hook it as .dll into the .exe
This is a nice way to fix a shugoz trainer, leave cabalmain empty and hook into it whole code from other .dll.
i think it should work ^^ gonna test soon.

[vodikatm]

It does not make much difference using these methods. After the game open it will write the original xor in the same place again, just go to the cheat engine that xor will appear, lol.

[PwrDex]

Not bad idea but i tell you a more better solution.
CabalMain handling dec's mainly... If you can take away enc-dec modules and going to dec loading than you can do your own encryption for files...

[x30unlimited]

ehem, mem dump ? useless ? who do ya think will look for the xor in ur main ? while it's packed and not running ?

[noexp]

@x30unlimited
I know this topic is not about that, but the long Ago played on your ep4 server, would you pass me some information, I'm already there are some days trying but no one answers me, you can tell me the type of channel used in Tierra del Bruto.


I am very grateful.


Thank you

[Dens666]

@x30unlimited
I know this topic is not about that, but the long Ago played on your ep4 server, would you pass me some information, I'm already there are some days trying but no one answers me, you can tell me the type of channel used in Tierra del Bruto.


I am very grateful.


Thank you

Are u tard? i already told u ...
16781392 = Nation Tierra Gloriosa 52-79
33558608 = Nation Tierra Gloriosa 80-109
50335824 = Nation Tierra Gloriosa 110-139
67113040 = Nation Tierra Gloriosa 140-169
83890256 = Nation Tierra Gloriosa 170-190

[x30unlimited]

type of channel used in Tierra del Bruto

it's not coded in ep8, so it ain't related to channel type :D and i didn't have an ep4 server :P

[kolipri]

When I hook it on cabalmain then run the cabalmain stop working any idea? thanks!

[kolipri]

after I compiled and hook to my cabalmain when I start my cabalmain I got an error Microsoft visual c++ runtime library error. How do I fix it! thanks!

[vodikatm]

after I compiled and hook to my cabalmain when I start my cabalmain I got an error Microsoft visual c++ runtime library error. How do I fix it! thanks!

Understand this and nothing is the same. If the player suspends the cabalmain.exe process and goes to the xors addresses with the cheat engine it will get its xors anyway. If you have knowledge in c ++ I recommend you to rewrite the functions of xors and make a hook, through that you will be free to do a direct encryption on the function.

[kolipri]

Understand this and nothing is the same. If the player suspends the cabalmain.exe process and goes to the xors addresses with the cheat engine it will get its xors anyway. If you have knowledge in c ++ I recommend you to rewrite the functions of xors and make a hook, through that you will be free to do a direct encryption on the function.

That is the big problem I dont have knowledge about c++ But I understand some function because I have basic knowledge about vb.net. but any way thank you so much!

[vodikatm]

That is the big problem I dont have knowledge about c++ But I understand some function because I have basic knowledge about vb.net. but any way thank you so much!

There is no secret, the xor function receives only one parameter, and is used in a case

[kolipri]

There is no secret, the xor function receives only one parameter, and is used in a case

Yes I see that only one Offset address for the four xor key! But dont have an idea about debugging but will try my self! thanks for the clue!!!