New Antihack System !

Hi ! today i release my Project

I - It have :

• MuStart.exe
• SKT.dll
• LConfig.dat

II - It can :

• Anti Hide Hide Process
• Anti Cheat in Cheat DB
• Anti Run As

III - How to use ??

1 - Hook SKT.dll into your main with fuction SKTG

PUSH *to SKT.dll*
CALL DWORD PTR DS:[LoadLibraryA]
OR EAX,EAX
JE *EmptySpace*
PUSH *to SKTG*
PUSH EAX
CALL DWORD PTR DS:[GetProcAddress]
CALL EAX
JMP *EntryPoint*

2 - Open LConfig.dat : Config your website address and forum
3 - Use MuStart to play game

Cheat DB:

rPE rEdoX Packet Editor
Game Gears 2009
SpeederXP 2.32
Game Speed Adjuster 1.0
Game Speeder 1.0
Game Speed Changer 6.3
Game Speed Controller 1.0.0.1
ArtMoney SE v7.30
GameWiz32
Quick Maro 6.5
Xelerator 2.0
Speed Gear 7.1
Speed Gear 7.0
Speed Gear 6.0
SpeederXP 2.26
SpeederXP 2.63
T Search
WinSpeeder
ArtMoney SE v7.32
GameWiz32 new
A Speeder 2008.4.265010
Cheat Engine 5.6
Crazy Speeder 1.05
QUICK MACRO 6.5
Quick Memory Editor 5.2.0.0
Asoftech Speeder
Speed Wizard
MuProxy
Ultimate Cheat 2.0.0.0
aUTO HANOI -- END MY LIST --
Hit Count
HastyMu 1.1.0 NEW
Mush
ArtMoney SE v7.31
Ultimate Cheat
HastyMu v0.1
HastyMu v0.2
Catastrophe v0.1
Catastrophe v0.1
Catastrophe v1.2
WPePro 0.9a
WPePro 0.9a
WPePro 1.3
WPePro 1.3
Permit
Permit
T Search
T Search
Speed Gear 5
Speed Gear 6
WildProxy v1.0 Public
WildProxy v1.0 Public
WildProxy v0.1
WildProxy v0.1
WildProxy v0.2
WildProxy v0.2
WildProxy v0.3
WildProxy v0.3
Speed Hack Simplifier 1.0
Speed Hack Simplifier 1.1
Speed Hack Simplifier 1.2
Cheat Happens v3.9b1
Cheat Happens v3.95b1/b2
Cheat Happens v3.95b3
Cheat Happens v3.96b2
!xSpeed.net 2
!xSpeed.net 3
!xSpeed.net3
!xSpeed.net 6
Cheat Engine 5.0
Cheat Engine 5.1.1
Cheat Engine 5.1
Cheat Engine 5.1
Cheat Engine 5.2
Cheat Engine 5.2
Cheat Engine 5.3
Cheat Engine 5.3
Cheat Engine 5.4
Cheat Engine 5.5
Cheat Engine 5.5
Cheat Engine 5.5
Speed Hack 99.62t
Game Speed Changer
Xelerator 1.4
HastyMu v0.1
HastyMu v0.2
MuPie HG v2
MuPie HG v3
Lipsum v1
Lipsum v2
MuPie v2 Beta


Note : this project is 4 fun ! if you have new hack please post here i will add it into DB hack . Dont change Name File : LConfig.dat , Main.exe , SKTG.dll . Have funs sorry for my english

Credit :
- f1x
- Neo_cracker

Approved

Code:

---

PUSH *to SKT.dll*
CALL DWORD PTR DS:[LoadLibraryA]
OR EAX,EAX
JE *EmptySpace*
PUSH *to SKTG*
PUSH EAX
CALL DWORD PTR DS:[GetProcAddress]
CALL EAX
JMP *EntryPoint*

---

this is realy easy bypass its simply call export function "to SKTG"

can simply be emty DLL with export function "to SKTG" and dll will be accepted by main.exe!

i maybe wrong :cool: however Nice release

edited:

u can do a check function inside DLL very simply ;)

Code:

---

function isThisIsaRealDLL: integer;
begin
 Result := 123121;
 {here do work}
 {more work}
 {maybe start anticheat}
end;

---

or something else ;)

Code:

---

PUSH *to SKT.dll*
CALL DWORD PTR DS:[LoadLibraryA]
OR EAX,EAX
JE *Exit Process*
PUSH *isThisIsaRealDLL*
PUSH EAX
CALL DWORD PTR DS:[GetProcAddress]
CALL EAX
CMP EAX,123121
JE *EntryPoint*

---

Quote:

---

Originally Posted by mauka

Code:

---

PUSH *to SKT.dll*
CALL DWORD PTR DS:[LoadLibraryA]
OR EAX,EAX
JE *EmptySpace*
PUSH *to SKTG*
PUSH EAX
CALL DWORD PTR DS:[GetProcAddress]
CALL EAX
JMP *EntryPoint*

---

this is realy easy bypass its simply call export function "to SKTG"

can simply be emty DLL with export function "to SKTG" and dll will be accepted by main.exe!

i maybe wrong :cool: however Nice release

edited:

u can do a check function very simply ;)

Code:

---

function isThisIsaRealDLL: integer;
begin
 Result := 123121;
 {here do work}
 {more work}
 {maybe start anticheat}
end;

---

or something else ;)

Code:

---

PUSH *to SKT.dll*
CALL DWORD PTR DS:[LoadLibraryA]
OR EAX,EAX
JE *Exit Process*
PUSH *isThisIsaRealDLL*
PUSH EAX
CALL DWORD PTR DS:[GetProcAddress]
CALL EAX
CMP EAX,123121
JE *EntryPoint*

---

---

Thx :) i will release new Update with this Problem ^^ . Because this is frist version . ^^

please add video guide

what kind a prog u talk about 0_o

Add Option in MuStart.exe like: Rezolution, BitRate .... and move LConfig.ini in /Data folder .. :D
Nice release and Good Work

relese the code how do you detect cheat whan it hideen :/
it will be great :D

1 more anti cheat on one neads :S
1 more pece of code evry one needs :D

Quote:

---

Originally Posted by tagegor

I post my release on x-mu.net forum, with a prog, which disabling all AH's using f1x's source.

Lame anticheat... )))

---

What do you expect if its a simple anti cheat + signature byte based...

From a incredible simple source code... :B

Its MUOnline community remember, there still alot of hard work to match other games community, looong way to go xD

Quote:

---

Originally Posted by tagegor

I post my release on x-mu.net forum, with a prog, which disabling all AH's using f1x's source.

Lame anticheat... )))

---

i said : This Project is 4 fun . I dont care ! i am not pro , i am noob but i will try to fix it more security . If u like to help me finish my project then welcome else please leave my topic thx . Sorry for my english !

---------- Post added at 01:31 AM ---------- Previous post was at 01:29 AM ----------

Quote:

---

Originally Posted by TempestMU

hehehe how about ce 5.6

---

please test it . if it's new hack please post here ! i will add it into cheat DB ! thax

---------- Post added at 01:36 AM ---------- Previous post was at 01:31 AM ----------

Quote:

---

Originally Posted by theunknownguy

What do you expect if its a simple anti cheat + signature byte based...

From a incredible simple source code... :B

Its MUOnline community remember, there still alot of hard work to match other games community, looong way to go xD

---

FeN$x i know you long time ago :) you are pro . i respect you ^^

---------- Post added at 01:37 AM ---------- Previous post was at 01:36 AM ----------

Quote:

---

Originally Posted by RapMu-Admin

Add Option in MuStart.exe like: Rezolution, BitRate .... and move LConfig.ini in /Data folder .. :D
Nice release and Good Work

---

I will on next Release ^^

Quote:

---

Originally Posted by Sunlove

i was said : This Project is 4 fun . I dont care ! i am not pro , i am noob but i will try to fix it more security . If u like to help me finish my project then welcome else please leave my topic thx . Sorry for my english !

---------- Post added at 01:31 AM ---------- Previous post was at 01:29 AM ----------


please test it . if it's new hack please post here ! i will add it into cheat DB ! thax

---------- Post added at 01:36 AM ---------- Previous post was at 01:31 AM ----------



FeN$x i know you long time ago :) you are pro . i respect you ^^

---------- Post added at 01:37 AM ---------- Previous post was at 01:36 AM ----------



I will on next Release ^^

---

If you need any help send me your msn, i know alot about security is my real area of working.

Quote:

---

Originally Posted by theunknownguy

If you need any help send me your msn, i know alot about security is my real area of working.

---

thx so much :) i will ^^

Nice release, i'll add this on my server thanks!

FeN$x can u make a anti-cheat for MuOnline Community?

btw,nice free release

Using the launcher is obligatory?, If you do only one hook in the dll to my main work?

Anti Hide Hide Process
User mode?

ring0.. but its api.. so i guesing wtf ^_^ ring0 needs a driver
api can be only ring3 done

can someone hook for me?

can you share source?

Quote:

---

Originally Posted by zolamu

can you share source?

---

Why do you ask about sources when you have the answer here?

Credit :
- f1x <-- sources
- Neo_cracker

All the people are using f1x sources these days.

how i can put it to my client and it should work?

thanks for share:
I'm tested it's working perfect, and can detected HideToolz and hiden processing

Quote:

---

Originally Posted by kewtrewt

Why do you ask about sources when you have the answer here?

Credit :
- f1x <-- sources
- Neo_cracker

All the people are using f1x sources these days.

---

Maybe he is interesting about hidden by driver process detection?

RU
Непонравился релиз только потому что необходимо запускать лаунчер, разработчик не подумал что на многих серверах стоит лаунчер с автоапдейтером например или даже просто с красивым дизайном, этот лаунчер что идёт с античитом тяжело назвать "нормальным"

EN
Launcher - 1\10
Anticheat - 7\10

This is great. I waiting for new update . Good Luck :)

please add screenshot guide

or

Simple main please add

hmm, maybe can you add here source dll ?

Quote:

---

Originally Posted by kewtrewt

Why do you ask about sources when you have the answer here?

Credit :
- f1x <-- sources
- Neo_cracker

All the people are using f1x sources these days.

---

Probably caused the source is this lame:

Code:

---

DetectSignature Proc pAddrToSearch:Dword, pSignature:Dword, SignatureSize:Dword
 xor ebx, ebx
 xor ecx, ecx
 mov eax, pAddrToSearch
 mov edx, pSignature
 .Repeat
  movzx ebx, byte ptr [edx]
  .If (ebx == 0)
      .Break
  .ElseIf (Byte ptr [eax] == bl)
      add ecx, 1
  .Else
      xor ecx, ecx
  .Endif
  add eax, 1
  add edx, 1
 .Until (eax == -1) ;Infinite loop
 .If (ecx == SignatureSize)
  mov eax, 1      ;FOUNDED PERFECT MATCH
 .Else
  xor eax, eax    ;LOL JUST 1 BYTE CHANGED = NOT DETECTED
 .Endif
 Ret
DetectSignature EndP

---

There is and so much reduced, so much faster. Still the same lame detection ^^.

And no i cant do a anti cheat for this community, mine anti cheat is for my company and directed to others company, not for free.

But i trust this project will go far enough for stop MU idiot cheaters. :thumbup1:

Elementary way to bypass the protection.
[ame=http://www.youtube.com/watch?v=6IJc4bOWHVY]YouTube - Bug.avi[/ame]
- Thanks S@nek[BoR] for help.

axaxaxa :D

SKT - sucks

axaxaxa :D

SKT - sucks
--

Absolutely in general the author has considered one that that was necessary KILL all latent processes not at start Launcher and to make them in DLL Lybrary and to put that it repeated each 10 seconds for example.

Quote:

---

Originally Posted by Simp1e[BoR]

Elementary way to bypass the protection.
YouTube - Bug.avi
- Thanks S@nek[BoR] for help.

---

LoL you guys searching bypass on this anti cheat? lol no even i would do that, its just a simple anti cheat for community, nothing for sell, nothing for serious...

Ways to bypass:

Code:

---

- Hook IAT
- DLL injection
- Take a coca cola, F7 with ollydbg and use a little head
- Reedirect code flow to other module

---

Cmaan its more productive to do a video and waste time in how bypass gameguard on GunBound, NeoSteam, whatever...

Way to fix the bug:

- If its a rootkit AKA (Driver -.-) you need to check if SSDT table is modified, you can get original values from ntoskrnl (get ready for AV problems)

- If its x64 dont worry, they wont be able to edit patch guard of microsoft

- If its user land and not a rootkit (probably lame confusing things), then make sure you hook APIs that could be used for cheating or bypassing. DO NOT USE Trampooline hook, its so lame i feel sorry about game security vendors...

- Finally if some one is trying to do a DLL injection you can hook your own LoadLibrary and dont allow anymore modules loaded after you start the program.


Cant share many more tips since they are private. But with that ones youll stop the MU "cheaters" xD

PS: I feel so calm down when i see this kind of strategy for bypass in guys like Simp1e[BoR]. It makes me think what theyll do when new generation of security games comes out ^^.

Quote:

---

Originally Posted by Simp1e[BoR]

axaxaxa :D

SKT - sucks
--

Absolutely in general the author has considered one that that was necessary KILL all latent processes not at start Launcher and to make them in DLL Lybrary and to put that it repeated each 10 seconds for example.

---

I dont care what do u said ! because you are suck very very suck ! why ?

Because :

The frist : i was said : This Project release for Funs . Are you read my post [BoR]? I dont have more time for this Project and i am not support this Project ! i think i release it to help who like it . I need eat and eat need work and work need time ¿¿¿ U know ???

The second: I belive no system can't bypass with alot pro hacker cracker and Programer . I respect alot people : lucianoaibar , FeN$x ... because they are release alot good project and helped alot people in this forum . And [BoR] what can you do ? u try to prove smart . you think you are smart but ... in my mind you are a suck team :) .

The End : [BoR] i dont care what do u said because your team in my mind is a suck team , and U too . This Project End . No Support no Update ;) . Thax FeN$x and mauka :) and who see and comment my topic ! Sorry for my english ! bye

# English:
Sunlove - You should bite your tongue!
You have no right to say that the team "sucks".
I did more programming than you dreamed ... (99% free!)
So before you say stupid about a group of people want to consider head and not the ass ...

# Russian:
Sunlove - Вам стоит прикусить свой язык!
Вы не в праве говорить что команда "отстой".
Я сделал больше программ чем вам снилось... (Причём 99% бесплатных!)
Так что прежде чем сказать глупость про группу людей, стоит подумать головой а не жопой...

Quote:

---

Originally Posted by MuForum.Info

# English:
Sunlove - You should bite your tongue!
You have no right to say that the team "sucks".
I did more programming than you dreamed ... (99% free!)
So before you say stupid about a group of people want to consider head and not the ass ...

# Russian:
Sunlove - Вам стоит прикусить свой язык!
Вы не в праве говорить что команда "отстой".
Я сделал больше программ чем вам снилось... (Причём 99% бесплатных!)
Так что прежде чем сказать глупость про группу людей, стоит подумать головой а не жопой...

---

I think he got a point (SunLove) since your team is saying his project suck, caused they discover a bug?

On a discontinued project, non updated and for free?...

What kind of team does that?.

I can always make a target for you guys break each other head finding bugs. But dont say to other people work that sucks, more if its for free.

PS: A constructive opinnion with a bug always come with words of support and a fix, not with "your project suck" and no bug fix... Just in case...

# English:
1. The head of the team "BoR" - S@nek, J.
- And such a statement on behalf of the team can do only one.
2. I am personally against this project have nothing more than that, I'm no good-bad and not talked about this project.
3. Protection I have my own, which exceeds this hundreds of times, but it is not free.
4. I personally totally free programs that I already do not support ...
5. In a team not one, not two men, and if one person with the team has done something - It does not give the right to insult the whole team!
6. I expect a public apology for insulting the team, so in command of 7 people, and not one!
- If you have a claim to the man with him and talk ...

P.S. -> Sorry for mistake, use translator.


# Russian:
1. Глава команды "BoR" - S@nek, Я.
- И такие заявление от имени команды могу делать только я.
2. Я лично против этого проекта ничего не имею, более того, я ничего хорошего-плохого и не говорил о этом проекте.
3. Защит у меня есть своя, которая превосходит эту в сотни раз, но она не бесплатная.
4. У меня лично полно бесплатных программ, которые я тоже уже не поддерживаю...
5. В команде не один, не два человека, и если один человек с команды что-то сделал - Это не даёт право оскорблять всю команду!
6. Я жду публичного извинения за оскорбление команды, так в команды 7 человек, а не ОДИН!
- Если у вас есть претензии к человеку, с ним и общайтесь...


BoR Team members: S@nek(Head member), Rany, SharedNoob, ZergNM, Zo1b, Leo123, Simp1e.

Quote:

---

Originally Posted by MuForum.Info

# English:
1. The head of the team "BoR" - S@nek, J.
- And such a statement on behalf of the team can do only one.
2. I am personally against this project have nothing more than that, I'm no good-bad and not talked about this project.
3. Protection I have my own, which exceeds this hundreds of times, but it is not free.
4. I personally totally free programs that I already do not support ...
5. In a team not one, not two men, and if one person with the team has done something - It does not give the right to insult the whole team!
6. I expect a public apology for insulting the team, so in command of 7 people, and not one!
- If you have a claim to the man with him and talk ...

P.S. -> Sorry for mistake, use translator.


# Russian:
1. Глава команды "BoR" - S@nek, Я.
- И такие заявление от имени команды могу делать только я.
2. Я лично против этого проекта ничего не имею, более того, я ничего хорошего-плохого и не говорил о этом проекте.
3. Защит у меня есть своя, которая превосходит эту в сотни раз, но она не бесплатная.
4. У меня лично полно бесплатных программ, которые я тоже уже не поддерживаю...
5. В команде не один, не два человека, и если один человек с команды что-то сделал - Это не даёт право оскорблять всю команду!
6. Я жду публичного извинения за оскорбление команды, так в команды 7 человек, а не ОДИН!
- Если у вас есть претензии к человеку, с ним и общайтесь...

---

1. Tell the guy that post to apologise
2. That guy make your team looks very noob
3. You can send me your protection or whatever ill post it unpacked + bypassed with a "it sucks" so you can see what it feel.
4. In a team everyone have an opinnion and if that opinnion is one of the members it count has in representation of the team.
5. Make it all easy and end this discussion with an apologise from the team itself.

# English:
1. Simp1e - recently joined the team, he was a disciple / tester.
2. Each team member has their own opinion, but they are not entitled to make a public statement on behalf of the team!
- Example: Member of Parliament can not declare war on another state, it is the right to make only the country's president, although MP and face of the country!
3. I strongly recommend to take an insult in the direction of the team as "Sunlove" not entitled to it.
4. An apology from the command "BoR" toward "Sunlove" will not be because of the team in his direction there was no abuse.
- The conversation should be between "Sunlove" and "Simp1e", there is nothing here thrust into the team and to incite a war ...

# Russian:
1. Simp1e - Недавно вошел в команду, он ученик/тестер.
2. У каждого члена команды есть своё мнение, но они не вправе делать публичные заявление от имени команды!
- Пример: Депутат парламента не может объявить войну другому государству, это в праве сделать только президент страны, хотя и депутат парламента и лицо страны!
3. Я настоятельно рекомендую забрать оскорбление в сторону команды, так как "Sunlove" не имеет на это право.
4. Извинение со стороны команды "BoR" в сторону "Sunlove" не будет, так как от команды в его сторону оскорблений не было.
- Разговор должен быть между "Sunlove" и "Simp1e", нечего сюда всовывать команды и разжигать войну...

Quote:

---

Originally Posted by MuForum.Info

# English:
1. Simp1e - recently joined the team, he was a disciple / tester.
2. Each team member has their own opinion, but they are not entitled to make a public statement on behalf of the team!
- Example: Member of Parliament can not declare war on another state, it is the right to make only the country's president, although MP and face of the country!
3. I strongly recommend to take an insult in the direction of the team as "Sunlove" not entitled to it.
4. An apology from the command "BoR" toward "Sunlove" will not be because of the team in his direction there was no abuse.
- The conversation should be between "Sunlove" and "Simp1e", there is nothing here thrust into the team and to incite a war ...

# Russian:
1. Simp1e - Недавно вошел в команду, он ученик/тестер.
2. У каждого члена команды есть своё мнение, но они не вправе делать публичные заявление от имени команды!
- Пример: Депутат парламента не может объявить войну другому государству, это в праве сделать только президент страны, хотя и депутат парламента и лицо страны!
3. Я настоятельно рекомендую забрать оскорбление в сторону команды, так как "Sunlove" не имеет на это право.
4. Извинение со стороны команды "BoR" в сторону "Sunlove" не будет, так как от команды в его сторону оскорблений не было.
- Разговор должен быть между "Sunlove" и "Simp1e", нечего сюда всовывать команды и разжигать войну...

---

Well in the end is your team, still whatever you say, it looks noob with that "team member" saying shit.

Do not expect to public anything protected in the name of your team. I will return the favor simp1e made if he doesnt apologise.

I am out of here, good luck sunlove.

hey stop fighting i'm in BoR team and i can say its a great time and there is a good coders.

Its realy funny for me ))))))

To [BoR] Team... and wherefore you waiting? =)))) they mast say what all u good ppls? o_O i dont think so... if anybody hack u anticheat u say same...

And sorry but u regulations in team so funny xDD Recalls me a Feudalism =))

Okey ppls just plz stop making new war...

Simp1e its a big coder in [BoR] Team,he bypassed a free anti-cheat,OMFG!
Fen$x bypass [BoR]'s anti-cheat and we will see what they will do.. ;)

Quote:

---

Originally Posted by Simp1e[BoR]

- Thanks S@nek[BoR] for help.

---

2 members worked on bypassing? OMG
Simp1e megahacker,S@nek megahelper
Nice Team

i think simple didnt wanted to do something bad he mean that its no have a big point to use it or maybe must to upgrade it or fix it so stop flame :S waaaaa idk i'm just trying to relax all XD nice antihack and nice using of filter :)

Quote:

---

Originally Posted by Iulian4ik

Simp1e its a big coder in [BoR] Team,he bypassed a free anti-cheat,OMFG!
Fen$x bypass [BoR]'s anti-cheat and we will see what they will do.. ;)

2 members worked on bypassing? OMG
Simp1e megahacker,S@nek megahelper
Nice Team

---

# English:
You all shut your mouth pawn ...
Do you want to wipe my nose? - So prove this case, show me a program that exceeds mine.
- Gab can all, for this different mind is not necessary ...

# Russian:
Ты вообще закрой свой рот пешка...
Хочешь утереть мне нос? - Так докажи это делом, покажи программу, которая превосходит мои.
- Трепать языком могут все, для этого умом отличаться не надо...

I think Fen$x will show you ;)
just wait,link with your anti-cheat is in his PM

Quote:

---

Originally Posted by Iulian4ik

I think Fen$x will show you ;)
just wait,link with your anti-cheat is in his PM

---

i don't understand why you throw yourself in this fight with no reason insulting a team that proved their quality in their releases.
btw are you threatening with what fen$x can do? This is very insane...

Quote:

---

Originally Posted by Iulian4ik

I think Fen$x will show you ;)
just wait,link with your anti-cheat is in his PM

---

# English:
I do not understand, and then Fen$x and you.
- You want to prove something to me, so prove it personally, but do not call for help someone, a programmer fucking ...
It is specifically about you ...

# Russian:
Я не понимаю, причём тут Fen$x и ты.
- Хочешь что-то доказать мне, так докажи лично, а не зови на помощь кого-то, программист хренов...
Речь идёт конкретно о тебе...

:) see what can i do

Lol i dont have anything agaisnt BOR, in fact i didnt knew it existed, last day leo told me about BOR team never hear of it...

But i do have something about lame people saying "it suck" to a free project.

Its a common sense ethic, if you do something free then at least you get a "thank you", instead of a it "suck".

Well if it suck so much why Simp1e[BoR] doesnt do one, at least share some knowledge, some ideas, instead of a bypass and bad words?.

And yes he got the [BoR] tag on his nick, so every bullshit he says links it to [BoR] team.


Its not about war of flame and bullshit, its about what is good and people that deserve respect for trying to do something with no charge. So can [BoR] team or at least simp1e do a better example of anti cheat?.

Ill be waiting... but for now only lame words reflecting a bad structure of a team, that might have good members, but i also have bad ones...

I at all do not understand about what you. To what to arrange here this circus, I have simply shown as to manage that you fix it, I did not speak towards protection or the Sunlove there is nothing. Simply circus.

Quote:

---

Originally Posted by Simp1e[BoR]

I at all do not understand about what you. To what to arrange here this circus, I have simply shown as to manage that you fix it, I did not speak towards protection or the Sunlove there is nothing. Simply circus.

---

Your incapacity to read what you already post its another lame addition to a team with "good coders" lol...

Circus is comming to post a bypass and saying it suck, rings you any bells?

I do not understand about what you think many developers tell thanks for that that have shown the most simple defect of the program that Fix This Bug and you think that I offend you to me it it is not necessary my purpose was to give idea to the developer

Think there will be to me from it what that advantage?

---------- Post added at 01:16 AM ---------- Previous post was at 01:09 AM ----------

Quote:

---

axaxaxa :D

SKT - sucks
--

Absolutely in general the author has considered one that that was necessary KILL all latent processes not at start Launcher and to make them in DLL Lybrary and to put that it repeated each 10 seconds for example.

---

----

Not I have written this message It has written User "napuk228" read Message
I on the contrary into the account of it have given out idea how to make that it there was I did not state that
"SKT - sucks"!!!!!!!!!!!!!!!!!!!!!!!!! You not so have understood me.


P.S You in general have a logic?

Quote:

---

Originally Posted by Simp1e[BoR]

I do not understand about what you think many developers tell thanks for that that have shown the most simple defect of the program that Fix This Bug and you think that I offend you to me it it is not necessary my purpose was to give idea to the developer

Think there will be to me from it what that advantage?

---------- Post added at 01:16 AM ---------- Previous post was at 01:09 AM ----------



----

Not I have written this message It has written User "napuk228" read Message
I on the contrary into the account of it have given out idea how to make that it there was I did not state that
"SKT - sucks"!!!!!!!!!!!!!!!!!!!!!!!!! You not so have understood me.


P.S You in general have a logic?

---

Lol then what for the bypass + the quote, even the author understand it bad, and everyone seems to be.

What about perfecting your english?
Does that have any logic?...

PS: If you didnt mean the it suck, its ok and we all own you an appology, but cant understand why the bypass knowing its a descontinued project and probably the only one that MU community uses for anti cheat...

At me the translator translates badly... I hope you have understood that I had no to a kind that your project "sucks" Can I has considered to write that it not so but I it had to a kind likely if I like to state it I have written it in 1 message from video.

Quote:

---

Originally Posted by Simp1e[BoR]

At me the translator translates badly... I hope you have understood that I had no to a kind that your project "sucks" Can I has considered to write that it not so but I it had to a kind likely if I like to state it I have written it in 1 message from video.

---

Its not my project, its SunLove i am just defending his project.

And its discontinued, unupdated and allmost the only anti hack of the community.

Recommend you to dont post any other bypass, if you do post a solution and use better translator.

So what for you express opinion on my command without having understood a essence of my message. I could talk itself "SunLove" and tell to it that I had to a kind.

---------- Post added at 01:54 AM ---------- Previous post was at 01:51 AM ----------

Me simply amazes wished to help the developer and here have piled aggression

Quote:

---

Originally Posted by Simp1e[BoR]

So what for you express opinion on my command without having understood a essence of my message. I could talk itself "SunLove" and tell to it that I had to a kind.

---

the essence of your message for everyone seems the same, including SunLove.

Your translator sucks, and SunLove post already. He is not posting anymore since he speak worst english than you...

And for the last time change that fucking translator.

http://babelfish.yahoo.com/

Try this one...

you did see who it did write this Message? " 30 " Message I did not want to to insult him. and it had in I conduct that if we place the alliteration Of kill hide processes of every 10 seconds this problem it will disappear.

Quote:

---

Originally Posted by Simp1e[BoR]

you did see who it did write this Message? " 30 " Message I did not want to to insult him. and it had in I conduct that if we place the alliteration Of kill hide processes of every 10 seconds this problem it will disappear.

---

I dont understand you a shit, but i get your point, you didnt mean to "insult him". It looked that way.

SunLove should not be angry anymore.

The rest of what you post its out of my english lang. Really you need to learn english, the world is not russian xD

you understood that I it had in mind. The matter is far from in the language.

:) waitting ... what can i do for your team BoR

Quote:

---

Originally Posted by theunknownguy

Lol i dont have anything agaisnt BOR, in fact i didnt knew it existed, last day leo told me about BOR team never hear of it...

---

# English:
I think you can use the search and find the program from S@nek[BoR].
- RaGEZONE - MMORPG server development forums - View Profile: MuForum.Info -> Statistics -> Find all threads started by MuForum.Info


# Russian:
Думаю ты можешь воспользоваться поиском и найти программы от S@nek[BoR].

Quote:

---

1. MST - MU S@nek Tools;
2. MCS - MU Connect Server;
- 1.0.8.* (Without IOCP);
- 1.0.9.* (With IOCP);
3. MWM - MU WindowMode v3.0.4.19;
4. ML - MU Launcher_v1.0.4.50;
5. MTL - MU Test Launcher;
6. MCMSB - MU Calculation of MonsterSetBase_v1.0.2.48;
7. MCE - MU Calculation of the Experience_v1.0.1.13;
8. SIP - Show My IP_v1.0.2.13;
9. SSU - ServerStartUp_v1.0.4.113;

---

Quote:

---

Originally Posted by Sunlove

:) waitting ... what can i do for your team BoR

---

- I do not understand, this threat?

Can you send us the source for the Anti Hide Process? I'm developing a GG for my private server.

Att,

[CzF]HueyGTO

shut up fenix noob...
and gtfo from rz, we dont need stupid emos/gays like u.

Quote:

---

Originally Posted by master02

shut up fenix noob...
and gtfo from rz, we dont need stupid emos/gays like u.

---

you must shut Up ! dont post anymore in my topic ! you are not welcome !

What do you think if they end up fighting and show who has it longer and we
focus on making a more powerful anticheat

For block hidetoolz to show for "WOW CRACKERS" using HideToolz, force Hidetoolz whit SW_SHOW and detect by window Class/Title

Or use DDK libraries for detect real hidding process and kill him

Quote:

---

Originally Posted by MuForum.Info

# English:
I think you can use the search and find the program from S@nek[BoR].
- RaGEZONE - MMORPG server development forums - View Profile: MuForum.Info -> Statistics -> Find all threads started by MuForum.Info


# Russian:
Думаю ты можешь воспользоваться поиском и найти программы от S@nek[BoR].

---

Is that suppose to impress me or something?...

Really i am an old fucker on this community i didnt know your team. And if you do this list for show something, its a real FAIL.

Just launchers, IOCP and calculators?...

LOL i dont want to insult you, i really dont, but if thats what it takes to be a "big" team on this community and be saying:

Code:

---

"BOR here, BOR that, BOR good coders"

---

Lol then i guess FHX team (me and holy) where gods for create the new skills in main side and the new panel.


I still consider the last very big team over here was SCFMT, even if its for sale, they deserver the credits.

For you to start telling and using your team names on everything you talk, FIRST, do big projects, CzF have more than twice the list of projects you have and they are all muservers plus other stuff.

Quote:

---

Originally Posted by theunknownguy

Is that suppose to impress me or something?...

Really i am an old fucker on this community i didnt know your team. And if you do this list for show something, its a real FAIL.

Just launchers, IOCP and calculators?...

LOL i dont want to insult you, i really dont, but if thats what it takes to be a "big" team on this community and be saying:

Code:

---

"BOR here, BOR that, BOR good coders"

---

Lol then i guess FHX team (me and holy) where gods for create the new skills in main side and the new panel.


I still consider the last very big team over here was SCFMT, even if its for sale, they deserver the credits.

For you to start telling and using your team names on everything you talk, FIRST, do big projects, CzF have more than twice the list of projects you have and they are all muservers plus other stuff.

---

omg, I got a new concept of arrogance this time :D

Fenix, go to your thread, please dont post kid words here...

Sunlove: try this for HideToolz


HWND HideToolz = FindWindow("obj_Form","HideToolz");
ShowWindow(HideToolz , SW_SHOW);
if(HideToolz)
{
MessageBoxA(FindWindow("MU","MU"),"HideToolz Detected","AntiCheat System",0);
ExitProcess(0);
}

Quote:

---

Originally Posted by Deathway

omg, I got a new concept of arrogance this time :D

---

You just get the truth with FHX we never believed the big shit and we do much more...

But wait from you we learn the concept of stealing sources and put decompiled on header... and leaving folder names the same order of files and same names (of folder) knowing it doesnt even appear on PDB... so lame...

Now go back to your hole nobody believes you now, you can still try to remove GameGuard from GMO, if you want i give you a hand =P.

PS: You should talk with your friends of "decompilation" from darkteam, i got some really nasty comments about what you did from there hahhahaa...

Quote:

---

Fenix, go to your thread, please dont post kid words here...

Sunlove: try this for HideToolz


HWND HideToolz = FindWindow("obj_Form","HideToolz");
ShowWindow(HideToolz , SW_SHOW);
if(HideToolz)
{
MessageBoxA(FindWindow("MU","MU"),"HideToolz Detected","AntiCheat System",0);
ExitProcess(0);
}

---

I am here defending my friend sunlove and he is not continuing this project anymore...

And detection by caption is kids words agaisnt HideToolz, do you even know some security?... sad

Just userland prevention by removing those stupid hooks from HideToolz. Or detection by heuristic from module scanner trough ollydbg. Remember hidetoolz doesnt work for kernel hook in x64, patch guard does it works...

i know fenix, but stop with fighting...
and i know about windows detection, if u edit exe that "fix" dont work...
better mode is making a hidden process skan, cuz hidetoolz start, WindowHide, ProcessHide, but if u can hide main whit ring0 WPE, Cheat Engine and anothers dont work....

i am a not profesional, i am learning c++, any ppl when start are newbie, but whit time and exp maybe i will be a better

Code:

---

void HideProcess( char* input )
{
PEPROCESS PeProcess = NULL;
PLIST_ENTRY        pNextEntry, pListHead;
PLIST_ENTRY BeforeProcess,Process,AfterProcess;
PeProcess = PsGetCurrentProcess();
if(!PeProcess)
return;
if( IsListEmpty( &PeProcess->ActiveProcessLinks ) )
return;
else
{
pListHead = &PeProcess->ActiveProcessLinks;
pNextEntry = pListHead->Flink;
while(pNextEntry != pListHead)
{
PeProcess = CONTAINING_RECORD( pNextEntry,EPROCESS,ActiveProcessLinks );
if(PeProcess->ActiveThreads)
{
if( !IsListEmpty( &PeProcess->ThreadListHead ) )
{
if( _strnicmp( PeProcess->ImageFileName, input ,strlen(input) ) == 0 )
{
Process = pNextEntry;
BeforeProcess = pNextEntry->Blink;
AfterProcess = pNextEntry->Flink;
BeforeProcess->Flink = Process->Flink;
AfterProcess->Blink = Process->Blink;
return;
}
}
}
PeProcess = NULL;
pNextEntry = pNextEntry->Flink;
}
}
return;
}

---

Quote:

---

Originally Posted by Mulegend

i know fenix, but stop with fighting...
and i know about windows detection, if u edit exe that "fix" dont work...
better mode is making a hidden process skan, cuz hidetoolz start, WindowHide, ProcessHide, but if u can hide main whit ring0 WPE, Cheat Engine and anothers dont work....

Code:

---

void HideProcess( char* input )
{
PEPROCESS PeProcess = NULL;
PLIST_ENTRY        pNextEntry, pListHead;
PLIST_ENTRY BeforeProcess,Process,AfterProcess;
PeProcess = PsGetCurrentProcess();
if(!PeProcess)
return;
if( IsListEmpty( &PeProcess->ActiveProcessLinks ) )
return;
else
{
pListHead = &PeProcess->ActiveProcessLinks;
pNextEntry = pListHead->Flink;
while(pNextEntry != pListHead)
{
PeProcess = CONTAINING_RECORD( pNextEntry,EPROCESS,ActiveProcessLinks );
if(PeProcess->ActiveThreads)
{
if( !IsListEmpty( &PeProcess->ThreadListHead ) )
{
if( _strnicmp( PeProcess->ImageFileName, input ,strlen(input) ) == 0 )
{
Process = pNextEntry;
BeforeProcess = pNextEntry->Blink;
AfterProcess = pNextEntry->Flink;
BeforeProcess->Flink = Process->Flink;
AfterProcess->Blink = Process->Blink;
return;
}
}
}
PeProcess = NULL;
pNextEntry = pNextEntry->Flink;
}
}
return;
}

---

---

You old in this community you know old teams we dont used to be saying we are good coders and show a list of our works. I am just trying to prove that old teams do much more than new guys and never believed nothing...

The hide process will work with SSDT hook on kernel, since x64 got patchguard i doubt alot it would work...

The technique you use is called DKOM and is so old my grandma would laugh if it still working, but its a good technique for x32 versions.

You dont need to do anything like that to stop hidetoolz, you just use user land protection and a driver that check for SSDT changes, if anything changed then you can just close the game. Also you can add a secure list by module address range, that would match AV security, in this way youll let AV work and rootkits and other bullshits out.

This kind of technique is not much used, works only for anti cheats, since in all cases the attacker wants to play and you can be free to close the game with any modification detected...

Cheat Engine uses his own and non usefull virtual machine that is so easy to detect that my grandma would laugh of it. Again with a good heuristic scan and also easy to crash by any non handled opcode that would rise an exception handled by Cheat engine first.

Still in all cases man this project is not going to be updated, SunLove doesnt have time, he is a grow up man and need money and time for feed his family.

i am reading for that coding method, but my c++ is very basic, for me this a new world...KDOM is discontinued method, but u know how check main integrity for any modification?

Quote:

---

Originally Posted by Mulegend

i am reading for that coding method, but my c++ is very basic, for me this a new world...KDOM is discontinued method, but u know how check main integrity for any modification?

---

If you want to check against DKOM you just can use the struct you paste above:

Code:

---

pNextEntry->Blink;
AfterProcess = pNextEntry->Flink;

---

Usually it points to the next address of the struct, the size of this struct has i remember is undocumented, but you can make an aproximation, with this way you can check if FLink points to an adress twice the range that you aproximate, it means DKOM.

Code:

---

Range = You calculate the struct sizeof
Detection = .If (Offset FLink > Range*2)

---

For SSDT hook bullshit is so easy you can just restore the original SSDT values, or do a module range address checker wich is a little more complex. This involves getting the range of the original SSDT offsets to Kernel APIs and check if the range match with the new offsets, if its in the range you can be sure that its not hooked.

Ofc this technique have a weakness, guy could writte the hook into the range, but who does that?, kernel is very compressed and you might touch any fucking byte used by initialised section and the result is BDOS.

At least both ways detect allmost all rootkits xD.

Add this too in anti hack DB:
MU AutoClicker Elite
MU AutoClicker Avanta

Quote:

---

Originally Posted by theunknownguy

You just get the truth with FHX we never believed the big shit and we do much more...

But wait from you we learn the concept of stealing sources and put decompiled on header... and leaving folder names the same order of files and same names (of folder) knowing it doesnt even appear on PDB... so lame...

Now go back to your hole nobody believes you now, you can still try to remove GameGuard from GMO, if you want i give you a hand =P.

PS: You should talk with your friends of "decompilation" from darkteam, i got some really nasty comments about what you did from there hahhahaa...

---

Uh i'm so afraid. LOL, about order, you idiot, of course is not from the PDB, is from the EXE, take for example CMonsterHerd functions are the first, that's why i put them on first compilation queue, another FAIL 'probe'. perhaps you know another one? :lol: or all the probes are gone? :D

Quote:

---

Originally Posted by Deathway

Uh i'm so afraid. LOL, about order, you idiot, of course is not from the PDB, is from the EXE, take for example CMonsterHerd functions are the first, that's why i put them on first compilation queue, another FAIL 'probe'. perhaps you know another one? :lol: or all the probes are gone? :D

---

Hahahahah !! its from EXE but not from PDB... priceless...

So the label initialised type saved from PDB comes from where? oh yeah from charlie and the chocolate factory...

Smartass idiot the folder name on all GS WZ are in chinnese, yours match 0.65 source structure and same has the order files, some of them doesnt exist on PDB and you say "lol it exist on EXE".

You such an idiot please read some little about PDB format:

Code:

---

http://support.microsoft.com/kb/121366

---

"Its from EXE, but not from PDB" Deathway... :lol::lol::lol::lol:

Its like:

"Its from EXE, but not from OBJ or LIB"

Man first you give bad name to this community by your lies and now you give a bad name to coders, stop be an idiot and learn something about how Executable works...


PS: I gotta make a list of the bullshit you talk everyday man, i mean is so cool, you gotta be a good clown...

Remember the?:

Code:

---

"You look like a noob that discovery optimisation, still you will use Sleep API".

---

Holy shit ! :lol::lol::lol:

Ladies and gentlemen the "decompiler" of GS WZ... Deathway... (my god...)

Quote:

---

Originally Posted by theunknownguy

Hahahahah !! its from EXE but not from PDB... priceless...

So the label initialised type saved from PDB comes from where? oh yeah from charlie and the chocolate factory...

Smartass idiot the folder name on all GS WZ are in chinnese, yours match 0.65 source structure and same has the order files, some of them doesnt exist on PDB and you say "lol it exist on EXE".

---

such idiot, since you never worked with such compilers, you'll never know, at least could you give me an 'exact' probe, and not something generic as 'initialised label'

And clown, sure, maybe should i post the 'smart probes' you gave with fakeman account about the headers :lol::lol::lol::lol::lol::lol::lol::lol:

oh,Deathway and Fenix still war :D
@SunLove: you are Vietnamese ? If yes can you send me Yahoo in private message ?

Quote:

---

Originally Posted by Deathway

such idiot, since you never worked with such compilers, you'll never know, at least could you give me an 'exact' probe, and not something generic as 'initialised label'

And clown, sure, maybe should i post the 'smart probes' you gave with fakeman account about the headers :lol::lol::lol::lol::lol::lol:

---

Man you got shamed yourself, nothing else to say and fakeman was a friend of mine not an account mine idiot. ^^

But in all cases you just a lier and a idiot that says this kind of shit:

Code:

---

"EXE but not from PDB"

---

Smart... O.O

And now the new one:

Code:

---

"You never work with such compilers"

---

So it depends of the compiler the PDB format?... yes deathway, yes... And pigs would fly some day...

Again for introduction... Deathway the "decompiler" :lol::lol::lol:

PS: I really need to make a signature with all your "Coders Knowledge", it would be a nice laugh for coders, and i mean coders that know at least the format of an Executable file... Wich is not your case...

---------- Post added at 01:30 AM ---------- Previous post was at 01:25 AM ----------

Quote:

---

Originally Posted by tomatoes

oh,Deathway and Fenix still war :D
@SunLove: you are Vietnamese ? If yes can you send me Yahoo in private message ?

---

Not war tomatoes, not war, i am just correcting his lack of knowledge for Portable Executable files. :sleep:

Quote:

---

Originally Posted by theunknownguy

Man you got shamed yourself, nothing else to say and fakeman was a friend of mine not an account mine idiot ^^.

But in all cases you just a lier and a idiot that says this kind of shit:

Code:

---

"EXE but not from PDB"

---

Smart... O.O

And now the new one:

Code:

---

"You never work with such compilers"

---

So it depends of the compiler the PDB format?... yes deathway, yes... And pigs would fly some day...

Again for introduction... Deathway the "decompiler" :lol::lol::lol:

---

and the probe:?:, yes no probe....

Indeed pigs flies on your head, but in any cases where did i said that pdb format depends of compilers? :?: really confused, and ... still missing the probe

Quote:

---

Originally Posted by Deathway

and the probe:?:, yes no probe....

Indeed pigs flies on your head, but in any cases where did i said that pdb format depends of compilers? :?: really confused, and ... still missing the probe

---

Pointless you still havent told me how you got the folder names or the exact order of files. (Even if they are not in EXE (PDB))

But guess what nobody believes you now, so why i am wasting time man?, i already do my job, i just fuck your big lie.

And next time you post an stupid shit, is not bad too put on google:

"Portable Executable + PDB"

Youll get interesting results...

You just bla bla bla and no knowledge, if pigs fly in my head caused i correct you with a microsoft link, i guess pigs fly then :lol::lol:

This happen when you joyn exetools forum and try to "wannabe unpacker". Learn the PE format first and later come and talk. VIP lammer...

PS: Prove that you are an idiot http://support.microsoft.com/kb/121366

Microsoft is your daddy when you have no clue about what to say =D

Quote:

---

Originally Posted by theunknownguy

Pointless you still havent told me how you got the folder names or the exact order of files. (Even if they are not in EXE or PDB)

But guess what nobody believes you now, so why i am wasting time man?, i already do my job, i just fuck your big lie.

And next time you post an stupid shit, is not bad too put on google:

"Portable Executable + PDB"

Youll get interesting results...

You just bla bla bla and no knowledge, if pigs fly in my head caused i correct you with a microsoft link, i guess pigs fly then :lol::lol:

This happen when you joyn exetools forum and try to "wannabe unpacker". Learn the PE format first and later come and talk. Lammer...

---

... lol,
For dummy:
To get the folders names: (in Steps)
1.- Open Olly
2.- Open GameServer.exe
3.- On menu click View -> View Source Files (oh no, the source files and the folders are there oh no:lol: )

About the order ...
Well lets start, if i start with the first function you will see that is cMonsterClass, and then commes the vector templates, then is a separator

Code:

---

std::ctyp>/> \55            PUSH EBP
00411C11  |.  8BEC          MOV EBP,ESP
00411C13  |.  83EC 40      SUB ESP,40
00411C16  |.  53            PUSH EBX
00411C17  |.  56            PUSH ESI
00411C18  |.  57            PUSH EDI
00411C19  |.  33C0          XOR EAX,EAX
00411C1B  |.  A0 D4FD9A08  MOV AL,BYTE PTR DS:[??_B?1???id@?$ctype@>
00411C20  |.  83E0 01      AND EAX,1
00411C23  |.  85C0          TEST EAX,EAX
00411C25  |.  75 0F        JNZ SHORT GameServ.00411C36
00411C27  |.  8A0D D4FD9A08 MOV CL,BYTE PTR DS:[??_B?1???id@?$ctype@>
00411C2D  |.  80C9 01      OR CL,1
00411C30  |.  880D D4FD9A08 MOV BYTE PTR DS:[??_B?1???id@?$ctype@G@s>
00411C36  |>  5F            POP EDI
00411C37  |.  5E            POP ESI
00411C38  |.  5B            POP EBX
00411C39  |.  8BE5          MOV ESP,EBP
00411C3B  |.  5D            POP EBP
00411C3C  \.  C3            RETN

---

then comes KalimaGate, so its very easy to get the compilation order

Any othe probe?:lol::lol::lol::lol::lol:

But of course, this isn't well documented on the net, that's why i laught of your 'arguments0 against my decompilation

Quote:

---

Originally Posted by Deathway

... lol,
For dummy:
To get the folders names: (in Steps)
1.- Open Olly
2.- Open GameServer.exe
3.- On menu click View -> View Source Files (oh no, the source files and the folders are there oh no:lol: )

About the order ...
Well lets start, if i start with the first function you will see that is cMonsterClass, and then commes the vector templates, then is a separator

Code:

---

std::ctyp>/> \55            PUSH EBP
00411C11  |.  8BEC          MOV EBP,ESP
00411C13  |.  83EC 40      SUB ESP,40
00411C16  |.  53            PUSH EBX
00411C17  |.  56            PUSH ESI
00411C18  |.  57            PUSH EDI
00411C19  |.  33C0          XOR EAX,EAX
00411C1B  |.  A0 D4FD9A08  MOV AL,BYTE PTR DS:[??_B?1???id@?$ctype@>
00411C20  |.  83E0 01      AND EAX,1
00411C23  |.  85C0          TEST EAX,EAX
00411C25  |.  75 0F        JNZ SHORT GameServ.00411C36
00411C27  |.  8A0D D4FD9A08 MOV CL,BYTE PTR DS:[??_B?1???id@?$ctype@>
00411C2D  |.  80C9 01      OR CL,1
00411C30  |.  880D D4FD9A08 MOV BYTE PTR DS:[??_B?1???id@?$ctype@G@s>
00411C36  |>  5F            POP EDI
00411C37  |.  5E            POP ESI
00411C38  |.  5B            POP EBX
00411C39  |.  8BE5          MOV ESP,EBP
00411C3B  |.  5D            POP EBP
00411C3C  \.  C3            RETN

---

then comes KalimaGate, so its very easy to get the compilation order

Any othe probe?:lol::lol::lol::lol::lol:

But of course, this isn't well documented on the net, that's why i laught of your 'arguments0 against my decompilation

---

Lol you just play the idiot part dont you? you just pasting the class constructor, wich doesnt mean that order of compiled code blocks is the actual order of source code...


How dumb are you man?

Compiler doesnt assemble in the same order of files where coded, does that means that BloodCastle was coded first? (lame).

Also what about the folder names? most of the ones you use match in 0.65, but for the most odd cases the folders name are not in PDB, so how you get them smartass?.


And here the new phrase of deathway:

Code:

---

"Compiler order match source files order"

---

Deathway the "decompiler" (my god) :lol::lol::lol::lol:

PS: Now i understand why you dont have nothing in RCE, MASM32 or Internal Undocumented forums, people would kill you with such lame arguments you use for explain things...

Quote:

---

Originally Posted by theunknownguy

Lol you just play the idiot part dont you? you just pasting the class constructor, wich doesnt mean that order of compiled code blocks is the actual order of source code...


How dumb are you man?

Compiler doesnt assemble in the same order of files where coded, does that means that BloodCastle was coded first? (lame).

Also what about the folder names? most of the ones you use match in 0.65, but for the most odd cases the folders name are not in PDB, so how you get them smartass?.


And here the new word of deathway:

Code:

---

"Compiler order match source files order"

---

Deathway the "decompiler" (my god) :lol::lol::lol::lol:

---

Oh LOL, CONSTRUCTOR :lol::lol::lol::lol::lol:, thats the best of you in this day, thats a template you idiot, and every template included on files are recompiled again and again, and this is special, because its on the very begginning of the OBJ files.

Code:

---

xlocale:467.  {_Ctype = _Lobj._Getctype(); }

---

However in non-template classes it use this one

Code:

---

$E60    >/.  55            PUSH EBP
00414351  |.  8BEC          MOV EBP,ESP
00414353  |.  83EC 40      SUB ESP,40
00414356  |.  53            PUSH EBX
00414357  |.  56            PUSH ESI
00414358  |.  57            PUSH EDI
00414359  |.  E8 9AD9FEFF  CALL GameServ.00401CF8
0041435E  |.  E8 0D000000  CALL GameServ.$E59
00414363  |.  5F            POP EDI
00414364  |.  5E            POP ESI
00414365  |.  5B            POP EBX
00414366  |.  8BE5          MOV ESP,EBP
00414368  |.  5D            POP EBP
00414369  \.  C3            RETN
0041436A      CC            INT3
0041436B      CC            INT3
0041436C      CC            INT3
0041436D      CC            INT3
0041436E      CC            INT3
0041436F      CC            INT3
$E59    >/$  55            PUSH EBP
00414371  |.  8BEC          MOV EBP,ESP
00414373  |.  83EC 40      SUB ESP,40
00414376  |.  53            PUSH EBX
00414377  |.  56            PUSH ESI
00414378  |.  57            PUSH EDI
00414379  |.  68 FD1C4000  PUSH GameServ.00401CFD                  ; /func = GameServ.00401CFD
0041437E  |.  E8 99211B00  CALL GameServ.atexit                    ; \atexit
00414383  |.  83C4 04      ADD ESP,4
00414386  |.  5F            POP EDI
00414387  |.  5E            POP ESI
00414388  |.  5B            POP EBX
00414389  |.  8BE5          MOV ESP,EBP
0041438B  |.  5D            POP EBP
0041438C  \.  C3            RETN

---

This is on the very beginning of the OBJ files also

Folder names ARE on PDB, at least with the request compilation method, i told you a method. If not just oopen PDB with hex and search 'common'

Compiler just Compile one file at one time, Linker put them on the order, but the IDE pass the order to the linker, and the order is on .dsp file.

Quote:

---

Originally Posted by Deathway

Oh LOL, CONSTRUCTOR :lol::lol::lol::lol::lol:, thats the best of you in this day, thats a template you idiot, and every template included on files are recompiled again and again, and this is special, because its on the very begginning of the OBJ files.

Code:

---

xlocale:467.  {_Ctype = _Lobj._Getctype(); }

---

However in non-template classes it use this one

Code:

---

$E60    >/.  55            PUSH EBP
00414351  |.  8BEC          MOV EBP,ESP
00414353  |.  83EC 40      SUB ESP,40
00414356  |.  53            PUSH EBX
00414357  |.  56            PUSH ESI
00414358  |.  57            PUSH EDI
00414359  |.  E8 9AD9FEFF  CALL GameServ.00401CF8
0041435E  |.  E8 0D000000  CALL GameServ.$E59
00414363  |.  5F            POP EDI
00414364  |.  5E            POP ESI
00414365  |.  5B            POP EBX
00414366  |.  8BE5          MOV ESP,EBP
00414368  |.  5D            POP EBP
00414369  \.  C3            RETN
0041436A      CC            INT3
0041436B      CC            INT3
0041436C      CC            INT3
0041436D      CC            INT3
0041436E      CC            INT3
0041436F      CC            INT3
$E59    >/$  55            PUSH EBP
00414371  |.  8BEC          MOV EBP,ESP
00414373  |.  83EC 40      SUB ESP,40
00414376  |.  53            PUSH EBX
00414377  |.  56            PUSH ESI
00414378  |.  57            PUSH EDI
00414379  |.  68 FD1C4000  PUSH GameServ.00401CFD                  ; /func = GameServ.00401CFD
0041437E  |.  E8 99211B00  CALL GameServ.atexit                    ; \atexit
00414383  |.  83C4 04      ADD ESP,4
00414386  |.  5F            POP EDI
00414387  |.  5E            POP ESI
00414388  |.  5B            POP EBX
00414389  |.  8BE5          MOV ESP,EBP
0041438B  |.  5D            POP EBP
0041438C  \.  C3            RETN

---

This is on the very beginning of the OBJ files also

Folder names ARE on PDB, at least with the request compilation method, i told you a method. If not just oopen PDB with hex and search 'common'

Compiler just Compile one file at one time, Linker put them on the order, but the IDE pass the order to the linker, and the order is on .dsp file.

---

1.- "Template" lol thats not the right word to use it idiot, "constructor" is how its called and not the C++ typecast constructor. We talking about compilers you idiot, get familiar with the therms...

2.- Folder names are not in PDB, they are chinnese folder name and they even translated doesnt match yours, by the very good reason that PDB display the GameServer project, and you include folders that are part of the 0.65.

3.- "Linker" put them in "order" priceless, linker work has a linker for the Import table and export table, and take the already pre compiled OBJ order and link them

4.- Is the main core compilator (ML on microsoft) that put read per file source code, and it doesnt nessesarie match the source files order (you a C++ coder should know it) since new compilers tend to put the vectored initialiser first of each OBJ and later the procedures.

5.- You talking with one of the helpers of a compilator idiot, search for JWasm (JWASM compiler).

And for complete your ignorance about compilers here a source code of a "Linker" fixes the Relocs (if you know whats that):

Code:

---

        ;///////////////////////////////////////////////////
        ;
        ;
        ; Mini Loop que fixea todos los relocs de un bloque
        ;
        ;
        ;///////////////////////////////////////////////////
          .Repeat
        ;-----------------------------------------------------
        ;Checkeo si el type reloc es IMAGE_REL_BASED_HIGHLOW
        ;-----------------------------------------------------
            mov edx, pBlockData
            movzx ecx, word ptr [edx]                                                                                ;Type Reloc
            sar ecx, 0Ch                                                                                                        ;Dejo el primer high bit como el ultimo low bit
            .If (ecx == IMAGE_REL_BASED_HIGHLOW)                                                        ;Si el type es IMAGE_REL_BASED_HIGHLOW
        ;-------------------------------------------------------
        ;Obtengo el reloc offset del bloque
        ;Ultimo LowBit (TypeReloc) + pBlockReloc = Offset Reloc
        ;-------------------------------------------------------
              movzx ecx, word ptr [edx]                                                                        ;Type Reloc
              and ecx, 0FFFh                                                                                                ;Dejo solamente el primer low bit
              mov eax, pBlockReloc
              mov eax, [eax + ecx]                                                                                        ;Reloc offset
        ;-----------------------------------------------------
        ;Offset Reloc + RealBase Address = Real Reloc Offset
        ;Y lo guardo de vuelta en el bloque fixeando el reloc
        ;-----------------------------------------------------
              add eax, RealBaseAddr
              push eax                                                                                                                ;Real Reloc Offset
              mov eax, pBlockReloc
              pop [eax + ecx]                                                                                                ;Guardo el Real Reloc Offset en el bloque
        ;---------------------------------------------------------
        ;Checkeo si ya arreglamos todos los relocs de este bloque
        ;---------------------------------------------------------
            .Endif
            add RelocCounter, 1
            add pBlockData, WORD                                                                                        ;+ SizeOf TypeReloc (WORD) para leer el reloc que viene
            mov eax, RelocTotal
          .Until (RelocCounter >= eax)                                                                                ;Mini Loop hasta que los arreglemos todos los relocs
          And RelocCounter, 0                                                                                                ;Limpiamos para evitar bugs

---

I am not a lammer like you, i got my own JIT compiler, so you cant fool me...

If you want to prove your knowledge lets go to MASM32 forum and start this discussion in the discussion subforum, meaby we can get some good coders opinnion ^^.

Go to sleep lammer, you have no way to beat me with any of your lame excuses and examples, not even knowing how a PE work, or the work of a compiler. You are like light years away from my knowledge. You have no papers on any important forum (wait yes on exetools VIP hhahaha), you fight agaisnt a bullshit called GameGuard and for worst you just copy / paste a source code and add decompiled...

Lol, Jwasm isn't the same as microsoft c++ compiler,
That is a template function, not a constructor (OOP programing), constructor do have __thiscall calling convetion, not the showed above.
and as your point 3 says, it take a precompiled and fix relocs, yes it do take a precompiled obj, but that obj is a file withs string path is on dsp files enviroment, that's why it got an 'order'.
In fact the order can be destroyed by changin multithreading options, optimizations, enabling SSE2 instructions and allocating fixed custom data with static, and inline parameters.

I wouñld go sleep, but sun is rising, so got all the time to unproved your lame arguments

Quote:

---

Originally Posted by Deathway

Lol, Jwasm isn't the same as microsoft c++ compiler,
That is a template function, not a constructor (OOP programing), constructor do have __thiscall calling convetion, not the showed above.
and as your point 3 says, it take a precompiled and fix relocs, yes it do take a precompiled obj, but that obj is a file withs string path is on dsp files enviroment, that's why it got an 'order'.
In fact the order can be destroyed by changin multithreading options, optimizations, enabling SSE2 instructions and allocating fixed custom data with static, and inline parameters.

I wouñld go sleep, but sun is rising, so got all the time to unproved your lame arguments

---

1.- JWASM follows the same syntax has ML (microsoft) is in fact most like a copy / paste from old MASM compiler, so you wrong (it just optimised and improved, but the same logic of compilation follows microsoft).

2.- You cant get the .dsp file from PDB or EXE...

3.- After linker ends, the .dsp file is erased automatic (on C++ compilers too), so you got the .dsp file?

4.- Folder names some of them you include in your source doesnt belong to GameServer project, in fact some of them you can find them in 0.65 source in the part of JoinServer coding, since WZ uses this folder name called "common" how you find it?.

5.- Why you include documents that are present in 0.65 about packets in your relased? but with the differences that say 0.99.60T?...

Quote:

---

In fact the order can be destroyed by changin multithreading options, optimizations, enabling SSE2 instructions and allocating fixed custom data with static, and inline parameters.

---

That is the stupid shit you ever, say, multithread options are enabled by the source code you made, compiler have no recognisition on this (and there are no options for a compiler improve a soft that is multithread).

Optimisation are done by compiler by reading opcode, most of compilers now today uses the "LEA REG32, SCALAR" optimisation, and no optimisation breaks the "order"

Finally the best of best... SSE2 options are allowed in compiler by specifing the version CPU youll work, in now days compiler its done by default or by command line, but on MASM (ML microsoft) or JWASM, you can input it manually on source code and would never break the order.


Why? simple caused compiler doesnt give a shit about the set of instruction, so SSE4 should break the order too? :w00t:

Anymore information you want to share mr. Decompiler?

I think you are running out of arguments and i am running out of boring by answer your "knowledge" when you havent even do a compiler. They all work in the same way...

What you can do is go to bed, keep on university and try to make a real decompilation. Also i can teach you how to make a compiler or teach you some info about PE for do a JIT compiler.

I gotta go now caused i have a project to develop, but no worry i done my job by proving you just no more than fake lamer.

Now its up to public to believe you or dont, but has i told you, i talk with some of your "decompilation" partners and got a nice surprise... :lol::lol:

Responding to your points.

2 and 3.- dsp file isn't deleted, nor is on the PDB, but is created for any project. Is the file that contains all the files included inthe project, take look on the SOURCE folder, theis a GameServer.dsp, if you open with an text editor, you will find all the files and headers of the project, in 'order', and is Read Onlyy because IDE use to rewrite it on every compilation, so to prevent the changes of this order are on 'read nly'.



4.- common folder was found by viewing PDB file, how many times do i need to repeat that. Go olly click 'View' on Menu and click 'View Source Files', there is a list of all the cpp files compiled with its corresponding paths, and of course there is a common folder for the zzzitem.cpp (along with other like MyWinsockBase)
It Do belong to GameServer Project. If it wasn't, it wouldn't appear, like CSimpleModulus class, or CCSauth2 class.

5.- Wow, a big probe, it was an incomplete documentation that i was mading but I discontinued when Pentium suggest me to use a better PDB dump. so it won't be necessary, and rewriting all the documention would be useless, since most of packets didn't changed

Quote:

---

Originally Posted by Deathway

Responding to your points.

2 and 3.- dsp file isn't deleted, nor is on the PDB, but is created for any project. Is the file that contains all the files included inthe project, take look on the SOURCE folder, theis a GameServer.dsp, if you open with an text editor, you will find all the files and headers of the project, in 'order', and is Read Onlyy because IDE use to rewrite it on every compilation, so to prevent the changes of this order are on 'read nly'.



4.- common folder was found by viewing PDB file, how many times do i need to repeat that. Go olly click 'View' on Menu and click 'View Source Files', there is a list of all the cpp files compiled with its corresponding paths, and of course there is a common folder for the zzzitem.cpp (along with other like MyWinsockBase)
It Do belong to GameServer Project. If it wasn't, it wouldn't appear, like CSimpleModulus class, or CCSauth2 class.

5.- Wow, a big probe, it was an incomplete documentation that i was mading but I discontinued when Pentium suggest me to use a better PDB dump. so it won't be necessary, and rewriting all the documention would be useless, since most of packets didn't changed

---

1.- So you found the .dsp file?, any other shit you want to share with public?

2.- Lol i watch with olly and olly sucks for view PDB is not complete, IDA works better and there is no common folder, for the last time, also no include folder, just chinnese folders...

3.- Imcomplete Undocumented, come on, JWASM is source code free, and GNU compiler is too (most advanced compiler) compiler will never break the order for some SSE2 set instruction, multithread, etc. (And will never change PDB format idiot)

And the documentation is the same has the 0.65, you dont even bother to change the author name, how lame is that, you post the document called LOGIN.txt and got WZ team leader project name. My god...

Anyway i am out of here, but take a look to my attachment ^^

Kilsup, Song DD/MM/YY

Javier dedicate yourself to another shit, you really have no clue about what you talk, you only do it caused this is MUOnline, but this bullshit can work you here, or in exetools lame forum, but on MASM32 they wont work i bet ya...


Out of here and good work letting that LOGIN document on the release, you really are a sinic bastard.


READ ATTACHMENT

okeh.. RIP deathway!

ohhhhhhh ppls =))) i think better if this fight are stop xD and u help Sunlove to make a good free anticheat xD

Quote:

---

Originally Posted by Kirgston

ohhhhhhh ppls =))) i think better if this fight are stop xD and u help Sunlove to make a good free anticheat xD

---

I always fight for the truth i think i got cleared all the "Decompilation" lie with the last attachment of WZ document inside deathway released.

So fight is over for me, i want a community build in base of truth and not lies, this happen before with codeus team and the "emulator", and i also fight till i got banned and i could prove that such emulator never existed just WZ original files.

I can help making a free anticheat i just need the guy that wants to make one, SunLove doesnt have time.

Meaby i will help mauka if he continues his anti cheat project.

I work on my own anticheat whit memory dump and window class/caption method...only need make main hidding or detect hidding process for a make a nice anticheat... cuz i have a server, and i add cheats every days... ^^

Quote:

---

Originally Posted by Mulegend

I work on my own anticheat whit memory dump and window class/caption method...only need make main hidding or detect hidding process for a make a nice anticheat... cuz i have a server, and i add cheats every days... ^^

---

Meaby i could assemble some library for Anti cheat developers in ASM for speed and better detection. Library compatible for C++, Delphi, etc, and do an official thread for all C++ coders of this community so you can guys work all together in the same project, in the same thread.

I will try to do one without exposing my own anti cheat wich is for my company. Sounds a good idea...

The best form is hidding main from all cheats, maybe in ASM is to simple..that c++ src, i have problem whit ddk libraries for this...if u help whit that i can post my anticheat or work whit another ppl to make it better..

Quote:

---

Originally Posted by Mulegend

The best form is hidding main from all cheats, maybe in ASM is to simple..that c++ src, i have problem whit ddk libraries for this...if u help whit that i can post my anticheat or work whit another ppl to make it better..

---

I cant promise a good detection method (not heuristic) since 2 different heuristic detection method on my anti cheat.

I can do a library for detect via signature + math probability (something i havent seen in this community anti cheats).

Also can add some simple protections for the anti cheat, like anti API hooking, some virtualized fuctions, etc.

But i will add just basic things, i cant afford to reveal anything that my anti cheat got.

Ill start a thread for this tomorrow and do a quick library, so you and other coders can build a decent anti cheat for community based on source code free.

LOL, the document was relased time ago, if you gave a document that wasn't released with any other package and is inside my decompilation, then I will take it as a probe. Now Look the pic, i don't even need a debugger, just a simple text editor to look the 'common' folder

http://img337.imageshack.us/img337/5454/pdbdump4.jpg

Uploaded with ImageShack.us

So there is folder on PDB :lol:

Quote:

---

Originally Posted by Mulegend

I work on my own anticheat whit memory dump and window class/caption method...only need make main hidding or detect hidding process for a make a nice anticheat... cuz i have a server, and i add cheats every days... ^^

---

sorry but this is stupid method... year ago i post full sources of my launcher with anti-hack and anti-bug. They include window caption and class method... through i can hack my anti-hack i post all of them and going to make better... this is a very stupid idea to scan all memmory and window\clases... but good luck =)

Quote:

---

Originally Posted by Deathway

LOL, the document was relased time ago, if you gave a document that wasn't released with any other package and is inside my decompilation, then I will take it as a probe. Now Look the pic, i don't even need a debugger, just a simple text editor to look the 'common' folder

http://img337.imageshack.us/img337/5454/pdbdump4.jpg

Uploaded with ImageShack.us

So there is folder on PDB :lol:

---

So you can find too the folder SimpleModulus?

And that documents where not released time ago, lol you where the only one that released, they are fresh from 2007, ironic the same date you put for your decompilation :lol::lol: