google-site-verification: googlebaca44933768a824.html Intresting AION hack vector - Old Royal Hack Forum

Announcement

Collapse
No announcement yet.

Intresting AION hack vector

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Intresting AION hack vector

    Intresting hack from Fyyre:
    403 Forbidden
    http://fyyre.ivory-tower.de/aion/afk_okay.rar


    I'm not interested so much in the hack as I am the vehicle for delivery. The hack itself disables the AFK timer.

    It's compiled as: d3dx9_38.dll

    You stick it in bin32, and walla, the hack is on. The dll wraps the system library by the same name ( LoadLibrary followed by dozens of GerProcAddress). At somepoint it loads Game.dll, calls CreateGameInstance and does this:

    Code:
    .text:00402DCB sub_402DCB      proc near               ; CODE XREF: DllEntryPoint+25p
.text:00402DCB                 pusha
.text:00402DCC                 push    offset ModuleName ; "game.dll"
.text:00402DD1                 call    ds:GetModuleHandleA
.text:00402DD7                 test    eax, eax
.text:00402DD9                 jz      short loc_402E3A
.text:00402DDB                 mov     dword_404002, eax
.text:00402DE0                 push    eax
.text:00402DE1                 push    offset aCreategameinst ; "CreateGameInstance"
.text:00402DE6                 push    eax             ; hModule
.text:00402DE7                 call    ds:GetProcAddress
.text:00402DED                 cmp     byte ptr [eax], 0B8h
.text:00402DF0                 jnz     short loc_402E3A
.text:00402DF2                 pop     eax
.text:00402DF3                 xor     ecx, ecx
.text:00402DF5                 mov     ecx, [eax+3Ch]
.text:00402DF8                 mov     ecx, [eax+ecx+1Ch]
.text:00402DFC                 mov     edi, dword_404002
.text:00402E02                 mov     eax, 40771B00h
.text:00402E07                 mov     bl, 1
.text:00402E09                 call    sub_402E3C
.text:00402E0E                 add     edi, 2
.text:00402E11                 mov     byte ptr [edi], 0EBh
.text:00402E14                 mov     dword_404014, 1
.text:00402E1E                 mov     dword_40400E, 1
.text:00402E28                 push    offset aD3dx9_dll ; "d3dx9.dll"
.text:00402E2D                 call    ds:GetModuleHandleA
.text:00402E33                 push    eax             ; hLibModule
.text:00402E34                 call    ds:DisableThreadLibraryCalls
.text:00402E3A
.text:00402E3A loc_402E3A:                             ; CODE XREF: sub_402DCB+Ej
.text:00402E3A                                         ; sub_402DCB+25j
.text:00402E3A                 popa
.text:00402E3B                 retn
.text:00402E3B sub_402DCB      endp ; sp-analysis failed
.text:00402E3B
    I'm amazed this works. I guess it pays to run FileMon and always look for "File not found" messages as self-loading entry points to some games.
    Rules - Buy Royal Hack or HL2hook - Donate

    Tags: None
    #2
    Originally posted by Guffy
    You stick it in bin32, and walla, the hack is on. The dll wraps the system library by the same name ( LoadLibrary followed by dozens of GerProcAddress).
    Oh noes, german militant version of GetProcAddress D:
    lolmaoman: Germans are born with a lifetime x22 login engraved into their birth certificates. True story.
    I DONT HAVE TEAMVIEWER AND IM NOT GOING TO GIVE ANY 24/7 ONLINE SUPPORT VIA STEAM, XFIRE OR OTHER IM PROGRAMS SO DONT BOTHER ASKING. THANKS.

    Comment

      #3
      Originally posted by mencore View Post
      Oh noes, german militant version of GetProcAddress D:
      lol epic
      Follow me on Twitter

      Comment

        #4
        Originally posted by mencore View Post
        Oh noes, german militant version of GetProcAddress D:
        lmao.
        Rules - Buy Royal Hack or HL2hook - Donate

        Comment

        Previous template Next
        Working...
        X

        We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

        By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

        I Agree