View previous topic :: View next topic |
Author |
Message |
ErrorMaker Newbie cheater
Reputation: 0
Joined: 25 Jun 2010 Posts: 21
|
Posted: Fri Jun 25, 2010 7:29 pm Post subject: [VB6] DLL Injection - ws2_32 Hook? |
|
|
Ok i hope this is the right cathegory to post this :p
I'm currently working on a Packetlogger for a Flash Game in VB6. To log packets I've first used the windows "hosts" file to redirect the DNS name of the Habbo Server to localhost, to log packets. But now I want to redirect an IP and not a DNS name to localhost (doesnt work with the windows "hosts" file).
I found a program called rPE Quote: | h t t p : / / e l i t e p v p e r s . d e / f o r u m / e p v p - c o d e r s - r e l e a s e s / 7 8 6 4 0 - r p e - r e d o x - p a c k e t - e d i t o r . h t m l | which has exactly this function, but its not open-source. All i know is that it uses DLL Injection to hook up the ws2_32 functions of processes to redirect IP's to localhost.
I'm really new in DLL Injection and there aren't alot of sources/helps for that in VB6.
But I know that I can't use ActiveX DLL's for DLL Injections, so I've found this VB6 bypass to create Windows Standard DLL's. Quote: | h t t p : / / o r e i l l y . c o m / p u b / a / w i n d o w s / 2 0 0 5 / 0 4 / 2 6 / c r e a t e _ d l l . h t m l ? p a g e = 1 |
I already found those related topics here:
Quote: | h t t p : / / f o r u m . c h e a t e n g i n e . o r g / v i e w t o p i c . p h p ? t = 4 2 4 5 2 6 |
Quote: | h t t p : / / f o r u m . c h e a t e n g i n e . o r g / v i e w t o p i c . p h p ? t = 5 0 8 5 6 4 |
I don't understand how to call my functions of my injected DLL :confused:
Can someone help me Or give me some hints?
- Thanks in advance ErrorMaker
Last edited by ErrorMaker on Sun Jul 11, 2010 10:02 am; edited 2 times in total |
|
Back to top |
|
 |
Stylo Grandmaster Cheater Supreme
Reputation: 3
Joined: 16 May 2007 Posts: 1073 Location: Israel
|
Posted: Sat Jun 26, 2010 2:09 am Post subject: |
|
|
So what exactly your problem is?
calling a functions from an injected dll?!
the injected dll has an entry point which been called when you inject the dll and that's the whole story, not big deal.
tell me if that's what you ment for
_________________
Stylo |
|
Back to top |
|
 |
pkedpker Master Cheater
Reputation: 1
Joined: 11 Oct 2006 Posts: 412
|
Posted: Sat Jun 26, 2010 2:56 am Post subject: |
|
|
since you are trying to make a hack in vb6 you don't need to mess with dll injection.
If you can edit the flash game once and forever with hex editor do that.
Change the game's ip address to 127.0.0.1 and pad it with zero's if the previous ip was very long.
If you cannot edit the game forever then either use cheat engine to find the game's ip and change it to 127.0.0.1 or make your own little CE in vb6 to scans (kinda stupid when you can just hex edit the IP).
Now comes the easy part based on what the flash game connects what port is what you need to create in VB6 as the server listener.
So pretty much your hex edited flash game connects to your VB6 server listener
now that server listener should redirect the connection to another socket now this next socket should connect to ACTUAL game IP:Port.
So what you got is a proxy of both sides the server listener will get all RECV packets of flash game (aka Send packets).
while the next socket will get all RECV packets from server (aka game updates).
You can send packets to either sockets.
_________________
|
|
Back to top |
|
 |
ErrorMaker Newbie cheater
Reputation: 0
Joined: 25 Jun 2010 Posts: 21
|
Posted: Sat Jun 26, 2010 8:04 am Post subject: |
|
|
pkedpker wrote: | since you are trying to make a hack in vb6 you don't need to mess with dll injection.
If you can edit the flash game once and forever with hex editor do that.
Change the game's ip address to 127.0.0.1 and pad it with zero's if the previous ip was very long.
If you cannot edit the game forever then either use cheat engine to find the game's ip and change it to 127.0.0.1 or make your own little CE in vb6 to scans (kinda stupid when you can just hex edit the IP).
Now comes the easy part based on what the flash game connects what port is what you need to create in VB6 as the server listener.
So pretty much your hex edited flash game connects to your VB6 server listener
now that server listener should redirect the connection to another socket now this next socket should connect to ACTUAL game IP:Port.
So what you got is a proxy of both sides the server listener will get all RECV packets of flash game (aka Send packets).
while the next socket will get all RECV packets from server (aka game updates).
You can send packets to either sockets. |
@pkedpker: The IP isn't hardcoded (since the IP is in the html loader which loads the game, you simply can replace the IP in the loader with localhost, but thats not the goal). I've tried to edit it with CE to localhost -> no success
If you wanna try it by yourself to replace that IP with localhost using memory editor, here's the link:
Quote: | h t t p : / / m y h a b b z . n e t / c l i e n t |
You need to register an account.
Server IP: 74.208.11.18
Server Port: 30000
@Style: Ok, so the entry point of the injected dll is normally DllMain, right? But how can I for example replace the "connect" (I think thats the function of ws2_32.dll I need to force an IP to localhost) function? Do I need to find this function in the process memory and replace it by writing to the memory with my function of the injected dll?
I've heard that I also need to get the socket id. Is that true?
|
|
Back to top |
|
 |
Stylo Grandmaster Cheater Supreme
Reputation: 3
Joined: 16 May 2007 Posts: 1073 Location: Israel
|
Posted: Sat Jun 26, 2010 10:08 am Post subject: |
|
|
I don't understand what do you mean by replacing the connect function,
but if you want to get the game's socket id using dll injection you need to hook some of the networking function that uses that socket's id ( like send or recv ).
For that you should redirect the code when those functions are been called by the game to your code and pop the socket's id from it.
_________________
Stylo |
|
Back to top |
|
 |
ErrorMaker Newbie cheater
Reputation: 0
Joined: 25 Jun 2010 Posts: 21
|
Posted: Sat Jun 26, 2010 10:21 am Post subject: |
|
|
I mean that I need to replace the Gameserver IP in the connection function of ws_32.dll with the localhost (by using dll injection), so I can redirect the connection to my packetlogger.
|
|
Back to top |
|
 |
Stylo Grandmaster Cheater Supreme
Reputation: 3
Joined: 16 May 2007 Posts: 1073 Location: Israel
|
Posted: Sat Jun 26, 2010 11:38 am Post subject: |
|
|
Why don't you just hook send and recv functions to get the packets that sent to the game
and handle them however you want?
since no gameserver is running on your localhost the game won't work
_________________
Stylo |
|
Back to top |
|
 |
ErrorMaker Newbie cheater
Reputation: 0
Joined: 25 Jun 2010 Posts: 21
|
Posted: Sat Jun 26, 2010 11:54 am Post subject: |
|
|
Stylo wrote: | Why don't you just hook send and recv functions to get the packets that sent to the game
and handle them however you want?
since no gameserver is running on your localhost the game won't work |
I know I could log and send packets by hooking send and recv functions, but it also works when i set the gameserver ip to localhost and listen with my packetlogger @ localhost.
The only thing i need is to redirect an IP to localhost and I think the best way to do this would be with hooking ws_32.dll
|
|
Back to top |
|
 |
pkedpker Master Cheater
Reputation: 1
Joined: 11 Oct 2006 Posts: 412
|
Posted: Sat Jun 26, 2010 4:08 pm Post subject: |
|
|
I'd recommand taking my advise since the IP is in the HTML then you can skip that step the rest is EASY as SHIT i'll write u a VB6 tool in a few minutes
http://rapidshare.com/files/403065893/test.zip.html
here you go.try it out if thats not what you looking for then i dont know what you mean sorry.
Make sure the IP in the HTML is 127.0.0.1
if you cannot change the IP (I tried myself I couldn't because the HTML has to be hosted on a website some security errors).
Here is a dll you have to Inject it into your browser it redirects port 30000 traffic to the test.exe program i've made above for you
http://rapidshare.com/files/403068247/port3000.zip.htm
ok that dll doesn't inject that well into Google Chrome so I setup a free webs account @ webs.com went to file uploader and uploaded the habbo html file with ip changed to 127.0.0.1 and everything works now!
http://cheathabbos.webs.com
well thats made to login my account (tester123)
and it all worked!
here is a screenshot
_________________
|
|
Back to top |
|
 |
4PR28U How do I cheat?
Reputation: 0
Joined: 27 Jun 2010 Posts: 9
|
Posted: Sun Jun 27, 2010 5:16 am Post subject: Same Problem |
|
|
Hello I work on a new programm. I have the code to inject a dll (vb2008) but I need the functions to hook the send and recv function of the flashgame... can u help me?
If you need more informations tell me
|
|
Back to top |
|
 |
ErrorMaker Newbie cheater
Reputation: 0
Joined: 25 Jun 2010 Posts: 21
|
Posted: Sun Jun 27, 2010 8:23 am Post subject: |
|
|
pkedpker wrote: | I'd recommand taking my advise since the IP is in the HTML then you can skip that step the rest is EASY as SHIT i'll write u a VB6 tool in a few minutes
here you go.try it out if thats not what you looking for then i dont know what you mean sorry.
Make sure the IP in the HTML is localhost
if you cannot change the IP (I tried myself I couldn't because the HTML has to be hosted on a website some security errors).
Here is a dll you have to Inject it into your browser it redirects port 30000 traffic to the test.exe program i've made above for you
ok that dll doesn't inject that well into Google Chrome so I setup a free webs account went to file uploader and uploaded the habbo html file with ip changed to localhost and everything works now!
well thats made to login my account (tester123)
and it all worked!
here is a screenshot |
Thanks for the help
I've already made a Packetlogger which listen on localhost with Port 30000 for incoming connections
Now the problem with that HTML Loader is that when you log into the game (before you're loading the loader) you get an SSO Ticket from the Server (SSO Ticket is related to your account). And you'll find that SSO Ticket in the HTML Loader to check if you're logged in or not. It changes with every login, so I would have to login with my program, capture the SSO Ticket, write a custom loader with localhost instead of gameserver's IP and the SSO Ticket, listen on port 30000 and then load that custom loader.
This way it works, I've already done this, but the problem is, that I would have to write a login routine for each Habbohotel and that sucks.
pkedpker wrote: | Here is a dll you have to Inject it into your browser it redirects port 30000 traffic to the test.exe program i've made above for you |
Worked with IE That's exactlly what I'm looking for In which language did you code this DLL? Could you share the source?
|
|
Back to top |
|
 |
4PR28U How do I cheat?
Reputation: 0
Joined: 27 Jun 2010 Posts: 9
|
Posted: Sat Jul 03, 2010 8:33 am Post subject: |
|
|
Stylo wrote: | So what exactly your problem is?
calling a functions from an injected dll?!
the injected dll has an entry point which been called when you inject the dll and that's the whole story, not big deal.
tell me if that's what you ment for |
I wrote this and I have exactly the same problem you discribe... can u help me please?
|
|
Back to top |
|
 |
Stylo Grandmaster Cheater Supreme
Reputation: 3
Joined: 16 May 2007 Posts: 1073 Location: Israel
|
Posted: Sat Jul 03, 2010 9:48 am Post subject: |
|
|
4PR28U wrote: | Stylo wrote: | So what exactly your problem is?
calling a functions from an injected dll?!
the injected dll has an entry point which been called when you inject the dll and that's the whole story, not big deal.
tell me if that's what you ment for |
I wrote this and I have exactly the same problem you discribe... can u help me please? |
Post the source here
_________________
Stylo |
|
Back to top |
|
 |
4PR28U How do I cheat?
Reputation: 0
Joined: 27 Jun 2010 Posts: 9
|
Posted: Sat Jul 03, 2010 11:06 am Post subject: |
|
|
which source? I need a dll to hook over the send and recv function of the flashgame (darkorbit.de) I have the source to inject a dll but the dll just misses ^^
the dll should send the data to a programm written by me...
|
|
Back to top |
|
 |
Stylo Grandmaster Cheater Supreme
Reputation: 3
Joined: 16 May 2007 Posts: 1073 Location: Israel
|
Posted: Sat Jul 03, 2010 11:42 am Post subject: |
|
|
Then why won't you hook send and recv by yourself?
it's not suppose to be that difficult, especially if you hook it using a code injection in a dll
when a recv or send function is been called pop the 2nd parameter ( aka the packet ) and send it wherever you need
_________________
Stylo |
|
Back to top |
|
 |
|