Cheat Engine

[pkedpker]

Hello,
As most of you used this packet editor made in dephi called rEdoX packet editor.

Recently it got detected by hackshield like a 2 weeks ago from this post.

Anyways my question is not relating to the packet editing capabilities of it. But just one feature it had..

You can Go to Extras->Connect->Capture Connects then run Redirect Connection.

Which was what I used to communicate with my hack tool which was just a proxy.

Now since rEdoX is not open source I believe only the GUI and strings were detected couldn't really make it undetected.

But I'm wondering if such a standalone program exists the has the ability to just do Capture Connects & Redirect Connection based on process.


Also I attempted to hook ws_32.dll's connect then on connectCallBack change the sockaddr ip to localhost but injecting dll's seems to be detected as well. What can i do?

[atom0s]

There are two commonly used functions to prepare the connection structure in Winsock that is passed to 'connect' when a connection is being created:

inet_addr:
http://msdn.microsoft.com/en-us/library/ms738563%28VS.85%29.aspx

gethostbyname:
http://msdn.microsoft.com/en-us/library/ms738524%28VS.85%29.aspx

Your best bet is to debug the application, if you are able to, and locate which of these (or other) methods are used to create their connection structure for pass to 'connect' etc.

You could also hook connect itself and alter the second parameter as well if you wish to take that route. Hooking one of the first two would be a cleaner route if they are used though.

[pkedpker]

ya i solved it, problem is I have to inject it before hackshield loads it takes a bit of timing haha but works perfectly.

Anyone wondering here is the source