[Tutorial] C++ DLL injection for Main Server

[Bloodfreak913]

Re: [Guide] C++ DLL injection for Main Server

luca has post the function but function is not start

so i think you need a call to start the castel war

 

[DeathArt]

Re: [Guide] C++ DLL injection for Main Server

Both your adressed crashed the server on attempt to call, them, also calling CWar::Start crash it as well.

 

[Bloodfreak913]

Re: [Guide] C++ DLL injection for Main Server

arg haha xD hmmm bad .... when you jmp with ida to the call...there are somem ore call's etc... i look later for it

 

[DeathArt]

Re: [Guide] C++ DLL injection for Main Server

Me > Kal

Custom wars ftw.?-)

 

[DeathArt]

Re: [Guide] C++ DLL injection for Main Server

Now I wish I could find out how to stop it again,lol.

 

[Bloodfreak913]

Re: [Guide] C++ DLL injection for Main Server

hehe nice what call was it now hehe

when you found start easy to find stop ?

 

[DeathArt]

Re: [Guide] C++ DLL injection for Main Server

No, it's not. Because this is how you start

///
/// Starting Castle Siege
///
DWORD enableSiege  = 0x0041C440; // CWar::Start
DWORD startSiege   = 0x00419E10; // CCastle::WarBegin

__asm {
    call enableSiege
    call startSiege
}

But there is no option to shut it down. I tried calling CCastle::SetWarRemainSecondTime, but it do not appears to be working.

///
/// Attempting to stop the castle siege (not working)
///
DWORD stopSiege    = 0x0041BAF0; // CCastle::SetWarRemainSecondTime
__asm {
    push 1
    call stopSiege
}

Nothing happends ingame, so it's definitive not stopping. Also calling CCastle::WarEnd do NOT work!

 

[BakaBug]

Re: [Guide] C++ DLL injection for Main Server

Nice that you got use of my list

Btw.. there are much nicer ways to call a function ~.~

like this..

//Some type definitions.. xD
typedef int (* TOneParamter)(int);
typedef int (* TZeroParamter)();

//some functions xD
TOneParamter Caste_SetWarRemainSecondTime = (TOneParamter)0x0041BAF0; 
TZeroParamter Caste_Start = (TZeroParamter)0x0041C440; 
TZeroParamter Caste_WarBegin = (TZeroParamter)0x00419E10; 

....
int MyEvent::Start()
{
          Caste_Start();
          Caste_WarBegin();
}
....
int MyEvent::End()
{
          //You said doesn't work.. hmm I only use it to demonstrate xD
          Caste_SetWarRemainSecondTime(1);
}
...

Get ride of ASM
And much nicer to read.. I think.. But do as you want

 

[SYNT3X]

Re: [Guide] C++ DLL injection for Main Server

yea that was my idea for the custom war snippet baka,
exactly the same..

b4 you start the war set a war time , and then start it .. so it will shutdown it self because of the time

and a other Idea of me..
set time to 0 to end war!

dunno I have to try my self but I have no time my gf is waiting ,
but bloodx and me will do some new addons..

and DeathArt thanks for the good tutorial ..
everyone who wants could understand , and ASM can be learned fast (not everything) but the basics to understand ..

 

[DeathArt]

Re: [Guide] C++ DLL injection for Main Server

Well, the CCastle::SetWarRemainSecondTime don't work Tested it allready.

Making memory pointers to methods is ofcource a option, and rather simple,
but I somehow like to attempt a raw ASM workaround first. Because I really don't like pointers.

And yeah, ASM is simple, say if we define a simple function, like this

function MyFunction(int arg1,int arg2)
{
    // function here
}

Then the ASM to call it is the following:
(Yes, parameters in revered order, that's how it's surposed to be)

DWORD myFunction = 0x000000; // memory address

int arg1 = 1;
int arg2 = 2;

__asm {
    push arg2
    push arg1
    call myFunction
}

 

[BakaBug]

Re: [Guide] C++ DLL injection for Main Server

Well, the CCastle::SetWarRemainSecondTime don't work Tested it allready.

Making memory pointers to methods is ofcource a option, and rather simple,
but I somehow like to attempt a raw ASM workaround first. Because I really don't like pointers.

And yeah, ASM is simple, say if we define a simple function, like this

function MyFunction(int arg1,int arg2)
{
__fastcall would be in asm:[/SIZE]
    // function here
}

Then the ASM to call it is the following:
(Yes, parameters in revered order, that's how it's surposed to be)

DWORD myFunction = 0x000000; // memory address

int arg1 = 1;
int arg2 = 2;

__asm {
    push arg2
    push arg1
    call myFunction
}

than I hope for you don't duck-up the stack .. but don't care

when you really want to use asm .. why don't use macros

#define Call2Par(x, a, b) __asm{push b; push a; mov edx,x; call edx;}
...
...
Call2Par(0x0000555,Para1,Para2); //would automatical generate your asm ~.~
//should .. I am not sure.. didn't use macros for a long time..

Should work too .. ...
It's fast and easy to write some asm codes..
But you wont know what the compiler does before it
and after it..

there are many functiosn types like:
__stdcall
__cdcdel (<-i think it's thisway written)
__fastcall
__thiscall

__stdcall would be in asm:

push para3
push para2
push para1
call function

in c++ it would be:

typedef int (* TFunctionType(int,int,int);

__cdcdel would be in asm:

push para3
push para2
push para1
call function
add esp,0x0C //i think esp need to get moved..

in c++ it would be:

typedef int (__cdcdel* TFunctionType(int,int,int);

__fastcall would be in asm:

push para3
push para2
push para1
mov ecx,classe //most time used ECX
mov edx,classe //also able to use, maybe ebx i am not sure xD
call function

in c++ it would be:

typedef int (__fastcall* TFunctionType(int myECX,int myEDX, int,int,int);

__thiscall.. would be like __fastcall


And the functions in MainSvr are ..yeah most of functions of classes..
mean you need to use "__fastcall" otherwise the function wont know whos the owner..

This also means you first need to steal the owner.. or better get a pointer to the owner.. or you can't use the function right !


Like this:
sampel:

//i onyl suse this to show basic the parametrs of the functiosn aren't right !!!
void CustomMob()
{
  DWORD MyMOB=CMob_Create(...); //you will get a pointer to a class .. this function is i belive a __stdcall
  CMob_Spawn(MyMOB,NULL,...); //this function would be a __fastcall 
   //it's the same like using MyMob->Spawn .. but since we can't use it..
  CMob_Delete(MyMOB,NULL); //again __fastcall or the function wont know whos the owner !!
}

/*
 I don't know if this functions are existing 
or you use these so..
I only wanted to show why it's important to use __fastcall xD
At these functions.. 
*/

 

[SYNT3X]

Re: [Guide] C++ DLL injection for Main Server

is there a way to merge the injects with KOCP?

 

[DeathArt]

Re: [Guide] C++ DLL injection for Main Server

when you really want to use asm .. why don't use macros

Because macro's, and also typedefintions in some cases, is creating extremly messy code, and totaly destroying readability.
For me it's important to create easy-to-read and easy-to-scale code. Something iknow you don't care much about.

I do wonder why you find fastcall so important? Are you doing a external hook?
When the hook is done by overriding a existing DLL, it should allready be in the right thread, and thus have the right owner.

From the looks of it, most of the kalonline functions are actually defined static, due to the horrible threading system of C++, and thus no real issues using stdcall.

P.S. It's named __cdcall , and afaik it's a Visual C++ only method.

is there a way to merge the injects with KOCP?

You should be able to override any DLL, allowing you to have multiple injectors.
However, you could easy end up with some really fucked memory handling, causing the world to implode.

(Also, I assume you meant KOSP? C = Client, S = Server).

 

[SYNT3X]

Re: [Guide] C++ DLL injection for Main Server

yes ... my fault
I mean KOSP (the Serverside version), because KOSP already inject stuff into the MainSvr :x sooo ..

is there a work around?!

 

[BakaBug]

Re: [Guide] C++ DLL injection for Main Server

I do wonder why you find fastcall so important? Are you doing a external hook?
When the hook is done by overriding a existing DLL, it should allready be in the right thread, and thus have the right owner.

From the looks of it, most of the kalonline functions are actually defined static, due to the horrible threading system of C++, and thus no real issues using stdcall.

Hmm I don't think they are static..
is there a way to make class functiosn static ? Mean I don't know..

When Inix does:

  CMob* MyMob = new CMob();
  MyMob->Spawn();
  MyMob->Move();

whatever we would need to do (with fastcall)

  //some how get MyMob
  CMob_spawn(MyMob,NULL,...);
  CMob_move(MyMob,NULL,...);

hmhm.. But aslong as it works for you . .everything is fine ? or ?

 

[DeathArt]

Re: [Guide] C++ DLL injection for Main Server

So far , static calls on the CCastle methods worked fine.

Example on static function

namespace MyNamespace
{
    class MyClass
    {
        public:
            static void DoStuff(int arg1);
    }
}

namespace MyNamespace
{
    MyClass::DoStuff(int arg1)
    {
        // do stuff
    }
}

and example on use

#include "MyClass.h"

using namespace MyNamespace;

int Main()
{
    MyClass::DoStuff();
}

 

[cristy_abaddon]

Re: [Guide] C++ DLL injection for Main Server

---------------------------
MainSvrT.exe - Entrypoint not found
---------------------------
Can't find entrypoint from GetUserNameA in DLL-file KalHooks.dll.
---------------------------
OK
---------------------------

same error like you,
KalHooks - 0 error(s), 1 warning(s)
========== Rebuild All: 1 succeeded, 0 failed, 0 skipped ==========
dllmain.cpp(11) : warning C4273: 'GetUserNameA' : inconsistent dll linkage

anyone know how to solve this please?
googled it,lots of solution,none worked =/

 

[DeathArt]

Re: [Guide] C++ DLL injection for Main Server

Exports.def is VERY important, and as said, you cannot use the Express version of Visual Studio for this !

 

[cristy_abaddon]

Re: [Guide] C++ DLL injection for Main Server

aha thank you very much
look at atachament (visual studio express)

 

[DeathArt]

Re: [Guide] C++ DLL injection for Main Server

It's not a resource file, and you still cannot use the Express version.