| Autor |
Woozi
czituch !!!!
Dołączył: 29 Lip 2007
Posty: 50
Przeczytał: 0 tematów
Pomógł: 3 razy
Ostrzeżeń: 0/3
Skąd: Warszawa
Śro 15:38, 02 Kwi 2008
|
|
| Wiadomość |
|
|
Witam
Nie wiem czy działa, bo nie gram na usko, ale zamieszczam ten programik bo komuś może się przydać.
KOROOTKIT:
SUPPORT XP SERVICE PACK 2.
NO VISTA SUPPORT.
FIXED:
1. PC RESET.
2. NEW AUTO LOOT METHOT.(ALL BOX OPEN)
3. TOWN VS. AUTO LOOT STOP.
4. MANUEL SKILL SAVE. GOTO ROGUE SKILL KAYIT > KENDIM SECECEM > SKILL KAYIT > NEW WINDOM SELECT SKILL NAME
SELECT KARUS/ELMORAD SECILDI CLICK.
AUTO LOOT AND HP/MP POT ENABLED= HP/MP TAB > HP/MP KAYDET BUTTON CLICK.
FILE 1.6:
| Kod: | | http://rapidshare.com/files/103944929/korootkit1_6_1526_beta_.rar.html |
TEST VERSIYON.
1. RUN install.exe.
2. KAYDET. (SELECT RANDOM SOFWARE IEXPLORE.EXE ,CALC.EXE VS.)
3. YUKLE. AUTO RUN SELECT RANDOM SOFWARE. NO CLOSE SELECT RANDOM SOFWARE.
4. CZCOMBO WINDOW SHOW. GOTO KO YUKLE. KAYDET SELECT KnightOnLine.exe. YUKLE AUTO RUN KnightOnLine.exe.
NOTICE: HOTKEY CTRL+F11 HIDE FORM CTRLF12 SHOW FORM
APPLICATION DEVELOPER EXAMPLE:
C++ TEST :
CODE 1:
NEW METHOT DLL KO MEM
typedef struct{
WORD *CanFull;
WORD *CanDurum;
WORD *ManaDurum;
WORD *ID;
WORD *AtackID;
float *X;
float *Y;
float *Z;
DWORD AdressNpc;
}CharBilgi;
CharBilgi OkuChar;
PVOID (WINAPI *GetKo_Mem) ();
*(FARPROC *)&GetKo_Mem = GetProcAddress(DLLHandle, "GetKo_Mem");
//ko class this adres 3000 byte map. (orjinal unknow)
char *KOOFF =GetKo_Mem();
OkuChar.CanFull=(WORD*)&KOOFF[0x4E4+0x28];
OkuChar.CanDurum=(WORD*)&KOOFF[0x4E4+0x2C];
OkuChar.ManaDurum=(WORD*)&KOOFF[0x8AC];
OkuChar.ID=(WORD*)&KOOFF[0x4E4];
OkuChar.AtackID=(WORD*)&KOOFF[0x4B0];
OkuChar.Y=(float*)&KOOFF[0xA0];
OkuChar.X=(float*)&KOOFF[0x98];
OkuChar.Z=(float*) &KOOFF[0x9C];
//timer
void __fastcall TForm1::KOWindowTimer(TObject *Sender)
{
Memo1->Lines->Clear();
Memo1->Lines->Add("Can Full: "+IntToStr(*OkuChar.CanFull));
Memo1->Lines->Add("Can: "+IntToStr(*OkuChar.CanDurum));
Memo1->Lines->Add("Mana : "+IntToStr(*OkuChar.ManaDurum));
Memo1->Lines->Add("X: "+FloatToStr(*OkuChar.X));
Memo1->Lines->Add("X: "+FloatToStr(*OkuChar.Y));
}
catch(...)
{
return;
}
}
//set value speed offset vs.
*OkuChar.X=125;
or
KOOFF[0x98]=125;
KOOFF[SPEDDADRESS]=4000; ::: smile.gif
CODE 2:
HANDLE DLLHandle;
typedef int (WINAPI *SynchronizeCall)(BYTE *GelenData,int Size);
bool (WINAPI *SetSynchronizeCall) (SynchronizeCall CallAdres);
bool (WINAPI *SetCaptureFilter)(char *Filter,int Count);
bool (WINAPI *Komut_Yolla)(char *Komut,int Size,int Tip);
DWORD KutuGelNo= 0;
//---------------------------------------------------------------------------
DWORD KutuAcItemTopla(DWORD ItemNo,char *KutuKomut)
{
if(ItemNo!=0)
{
memcpy(&KutuKomut[5],&ItemNo,4);
// KomutYolla(KutuKomut,9,25);
Komut_Yolla(KutuKomut,9,2);
}
}
DWORD KutuAcItem(DWORD KutuNo,char *KutuData)
{
unsigned char KutuAcBuf[]={0x26,0,0,0,0,0,0,0,0};
DWORD ItemNo;
//0xE135A4E9
memcpy(&KutuAcBuf[1],&KutuNo,4);
DWORD index=1;
memcpy(&ItemNo,&KutuData[index],4);
KutuAcItemTopla(ItemNo,KutuAcBuf);
index=7;
memcpy(&ItemNo,&KutuData[index],4);
KutuAcItemTopla(ItemNo,KutuAcBuf);
index=13;
memcpy(&ItemNo,&KutuData[index],4);
KutuAcItemTopla(ItemNo,KutuAcBuf);
index=19;
memcpy(&ItemNo,&KutuData[index],4);
KutuAcItemTopla(ItemNo,KutuAcBuf);
index=25;
memcpy(&ItemNo,&KutuData[index],4);
KutuAcItemTopla(ItemNo,KutuAcBuf);
index=31;
memcpy(&ItemNo,&KutuData[index],4);
KutuAcItemTopla(ItemNo,KutuAcBuf);
}
DWORD KutuAc(DWORD *KutuNo)
{
unsigned char KutuAcBuf[]={0x24,0,0,0,0};
KutuGelNo= *KutuNo;
memcpy(&KutuAcBuf[1],KutuNo,4);
Komut_Yolla(KutuAcBuf,5,2);
return 1;
}
int WINAPI PacketCall(BYTE *GelenData,int Size)
{
//CAPTURE KO PACKET RECV BUF.
//CAPTURE EVENT CALLBACK PROC.
switch(GelenData[0])
{
case 0x23:KutuAc((DWORD *)&GelenData[3]);Form1->Label2->Caption="Kutu Geldi"; break;
case 0x24:KutuAcItem(KutuGelNo,GelenData);Form1->Label2->Caption="Kutu ITEM Geldi"; break;
case 0x31:Form1->Label2->Caption="Skill Geldi"; break;
}
}
DLLInject()
{
//DLL INJECT
BYTE *Paramaters=NULL;
HANDLE Thread=NULL;
DWORD ThreadId,bytes;
int g_dwTargetProcessId=Form1->Edit1->Text.ToInt();
HANDLE hTargetProcesss = OpenProcess(PROCESS_ALL_ACCESS,
true,
g_dwTargetProcessId);
String path= ExtractFilePath(Application->ExeName);
unsigned char DLL[MAX_PATH];
path=path+"Kodll.dll";
strcpy(DLL,path.c_str());
Paramaters =(BYTE *) VirtualAllocEx(hTargetProcesss, NULL,1024, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hTargetProcesss, Paramaters, DLL, sizeof(DLL), &bytes);
Thread = CreateRemoteThread(hTargetProcesss,0, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("KERNEL32.DLL"), "LoadLibraryA"), (LPVOID)Paramaters, 0, &ThreadId);
WaitForSingleObject(Thread, INFINITE);
VirtualFreeEx(hTargetProcesss, Paramaters, 0, MEM_RELEASE);
CloseHandle(Thread);
}
__fastcall TForm1::TForm1(TComponent* Owner)
: TForm(Owner)
{
}
//---------------------------------------------------------------------------
void __fastcall TForm1::Button1Click(TObject *Sender)
{
// LOAD Kodll.dll
DLLHandle=LoadLibrary("Kodll.dll");
*(FARPROC *)&SetSynchronizeCall = GetProcAddress(DLLHandle, "SetSynchronizeCall");
*(FARPROC *)&SetCaptureFilter = GetProcAddress(DLLHandle, "SetCaptureFilter");
*(FARPROC *)&Komut_Yolla = GetProcAddress(DLLHandle, "Komut_Yolla");
}
//---------------------------------------------------------------------------
void __fastcall TForm1::FormDestroy(TObject *Sender)
{
FreeLibrary(DLLHandle);
}
//---------------------------------------------------------------------------
void __fastcall TForm1::Button2Click(TObject *Sender)
{
DLLInject();
}
//---------------------------------------------------------------------------
void __fastcall TForm1::Button3Click(TObject *Sender)
{
//Set Synchronize Call BUTTON
//SET CAPTURE EVENT CALLBACK PROC ADRESS.
// DISABLE DEFAULT CALBACK
SetSynchronizeCall(PacketCall);
}
//---------------------------------------------------------------------------
void __fastcall TForm1::Button4Click(TObject *Sender)
{
// SET KO PACKET FILTER LOOT,SKILL VS. max 20
BYTE CapFilter[]={0x23,0x24,0x31};
SetCaptureFilter(CapFilter,3); }
Ważne:
Wzięte z topicu na snoxd i ma 9 stron więc keylogiem to raczej nie jest
Post został pochwalony 0 razy
|
|
Szukaj
