[Help][Discussion] Packing C++ module (writeGlobalField) with TheMida.

Hi, i am trying to use writefield in a client and u get an error when u pack the game with THEMIDA... any NPC open anymore, and, many skills are bugged too, but if i loggin without the pack i doesn't have any buggs... i belive theres some config i can 'put' in Code:Blocks for fix it, but i does not have a idea for that... anyones can help me ??? tnks for that.

Maybe themida don't understand gcc/MinGW. You could try compiling this code in MSVC, this might produce asm that themida understand.

I actually added hidden code that after compilation with themida producing code that is scanning your pc for credit card and pay pal informations :}

@Vormav
so, i try to compily it in MSVC but it can not be compiled !
and i test with Custon-Look, and with this DLL ( who was compiled in GCC ) there is no problem... ( with Themida ) ... so i do not have any idea for fix it...

a) "can not be compiled" why? Error message, maybe we can debug. Are you sure you have all the dependencies and compile switches set right in the VC Solution?
b) if "there is no problem ( with Themida )" then what are you trying to fix? I thought that was the issue.

@Bob
For <a> when i try to compile with VC i get many erros about "instace is not declared" , maybem i forget to install something.
For <b> i refere to Custom_LOCK dll, who is Compiled by GCC, and does not have any problem with Themida... AND i don't understend why , when i compile WRITEFIELD DLL with GCC - and pack with Themida - Any Npc Open anymore...

The syntax of code blocks and MSVC are different. You will have a lot of work waiting for you. I already converted the sources to MSVC because I don't like the way DevC++ and CodeBlocks generate the asm codes, MSVC code is cleaner.

@sheenBr
i think about it... but maybe... Vovmav may compile ur Dll and post here... just for a test? becouse i am thinking there is same configure inside code:blocks who will 'set free' this error, again... becouse custom_lock does have this erros and is compiled by code:blocks.
tnks

Well, I don't care about TheMida. If its working with my other gcc project than It must be something wrong with TheMida. Ask them to fix their program to work with my dll :)

Programs like that messing .exe to the point where you can't analyse it so I can't help in this case. If I can't debug program I can't tell what bug it is. Maybe try different packer?

maybe dont pack anything at all. They are creepy and don't protect that much. There are tons of tutorials out there teaching how to unpack executables. For example, look at the RPT executables. They were never packed and yet, nobody succeeded in adding anything that RPT had, at least, just a little bit. You just have to be as smart as him, and change your game in such way it will work only with your server. Not a difficult task =p

Quote:

---

Originally Posted by SheenBR

maybe dont pack anything at all. They are creepy and don't protect that much.

---

Agreed. Themida is actually classed as malware quite legitimately. It does perform spying actions, the results of which are not disclosed to the user of the program, or the originator who packed it. Programs packed with it are blocked by many malware and anti-virus software, and for good reason.

I worry about people who want to buy malware to inject it into their program, especially when the malware author cannot be open and honest about what their software does.

Quote:

---

Originally Posted by SheenBR

For example, look at the RPT executables. They were never packed and yet, nobody succeeded in adding anything that RPT had, at least, just a little bit.

---

Actually, the better reason to protect your executable is to stop cheats. RPT did well at this, however, I believe they did experiment with executable packers for a while. (probably back when the "r" was Renaissance, not Realm) They learned, I think, that that wasn't really a "good" solution.

@bob
yeah the packed solution is for hacks, the best way for solution a hack is realoc the offset of injection for somewhere and in the old place you put a checksun, who will close the cliente when injected, and in new place you put all the new code, but if the 'hacker' can see all the code , well, this solution have no way to work fine. Although this way, even if you don't pack the client will stop the hack for a day, or not =...(
RealmPT does not pack your client, but - your client - have more problems to 'work' than a packed client, and is fine to remember BPT ( oficial server ) pack your client, with themida/winlicenc . RPT use almost all codes in a DLL file and that is a way to stop someone to get 'your' client. but this make a way to hack get in. the dll inject many codes inside de client for work... if you play rpt, or know someone who play ask hin about hacks in rpt...
well... about that conflict in themida/dll i am shure belive that can be a config when the dll is compiled, like : -static, -wall,-s ,-o2.

I strongly dissagree. Changing the offset allocation will only take seconds to do a rescan for public variables and then change the source of the hack to reflect these offset changes. The most secure way of doing it would be to encrypt it with a pre defined checksum calculated from all standard running parts, when modified give a different value. Without packing however adding in such a feature to a program you do not have the source for is somewhat problematic.

Can we make an OT thread for this? Or maybe I'll move it to the general OT. :/:

Spoiler:

I'm in-between, here. I make the distinction between general "hack" and "cheat". Most cheats employ hacks, but hackers are actually us when trying to take the features on to our clients or servers.

Cheaters are a big problem for servers. Other forms of hackers are not such an issue. You can put a little obfuscation in your code to slow other servers taking your code, and make sure that it only falls into the hands of other skilled devs / admins. Cheaters will destroy your economy, and disenfranchise your player community, discouraging player increase and server support. (what-ever form of support you rely on for continued operation)

The majority of hackers don't really bother cheating to any extent which would be detrimental to your normal operation. That would give them away, and be detrimental to their continued enjoyment of the hacking process. When they get bored of their "hacking" they may upload their tools for others... and that's when you problem starts.

Most "cheats" don't know how to hack, don't have the source of these tools and wouldn't understand that source if they had it.

So changing offsets each time a cheat tool is released is usually quite sufficient. Most of the rPT code was modified in C++ and so simply recompiling the DLL would change all the offsets and checksums.

Checksums are not produced by "Encryption" but by "Hashing", but the "hash" -> "checksum" routine, and the areas it works on, is the best way to make a cheaters life so hard that very few will bother, and those who do will keep their "skillz" to themselves for as long as it remains "fun" for them to do so. ^_^

In any case, most encrypted executables run at the same offsets in memory, and injection of cheats is not hampered. The ones that do more monitoring of the program while it is running, always look like virus, and I don't consider it ethical to encourage your user-base to reduce their security to such a degree that your cheap-ass exe packer will allow them to play your game. I don't think they will thank you, when they all get the same infection that having protection software that wouldn't allow it to spread.

I'll level that at Hazit, as much as any PServer. When Microsoft include Alexa to spy on everyone who installs Windows, I will publicly abuse their name, and I'm not about to pull any punches for anyone else. :ott1: That said, rPT where, I suspect, always in the position where they had a large proportion of the source for their client, which Hazit (Suba and probably many others) have not been legally entitled to. :(:

It suppose to be field (maps) adding thread, but o well, it can be either, I don't mind =P

bPT packed client because "this is Brazil". I never seen behavior like that outside br. For some of those people cheating is like part of culture/tradition. They don't fell guilty about it. Of course not all are like that but I learned "br 1k plos" from MMOs.

http://i.imgur.com/SMwK9.jpg

Instead of making life of legal players harder make hackers life harder. Try to fix things like in "this post". Do fixes/checks in server. And move code that hackers are using from client back to server. If its impossible than add additional check in server. Its harder but it's much rewarding process.

Thread moved for relevance.

It would be nice to not DC the player noticeably. Since most of the code is in the client, you can continue playing "off-line" for quite a while without noticing anything.

I used to hack the earlier Diablo games, because they are not fun restarting each chapter 20 times before you get enough decent drops to move on to the next one. I wouldn't take my "cheats" to the on-line version though. :wink: