The Power of MHS: Generic Packet Sniffer/Editor

Submit Tutorials Related to Memory Hacking Software

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

Postby L. Spiro » Wed Feb 13, 2008 9:56 am

My methods work about the same on all anti-cheats (citation needed).
And no, I am not working on Warden. For all I know MHS already bypasses it.

I am working on nProtect Game Guard.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby erichumale » Sun Feb 17, 2008 11:52 am

just wondering, in the new release of MHS (MHS4.0.0.14) can it function packet editor on maple story now? like using this tutorial, to create our own packet editor since the last version of MHS couldnt debug maple
erichumale
Hackleberry Fin
 
Posts: 25
Joined: Mon Feb 11, 2008 12:47 am

Postby erichumale » Sun Feb 17, 2008 12:08 pm

after setting breakpoint for (the bold one) send function

71AB428A | 8BFF | MOV EDI, EDI |
71AB428C | 55 | PUSH EBP |
71AB428D | 8BEC | MOV EBP, ESP | ;moves stack pointer into EBP
71AB428F | 83EC 10 | SUB ESP, 10 |


it asks me whether i want to attach the debugger or not. and IF i press yes and then load maple, that restarts my comp. and if i press no, and load maple, it let me go on maple but nothing shows up on the code editor window. so either way, i cant see any packets =S
erichumale
Hackleberry Fin
 
Posts: 25
Joined: Mon Feb 11, 2008 12:47 am

Postby Zyphyr » Sun Feb 17, 2008 12:41 pm

im still having trouble at the same spot with the newer version.

No packets show up in the code editor after the end of the 1st part.


Another thing, that script at the bottom, does that add all 3 break points for me? Do i add all 4 scipts then compile, or one at a time?
Zyphyr
I Ask A Lot Of Questions
 
Posts: 14
Joined: Sun Feb 10, 2008 12:35 pm

Postby erichumale » Sun Feb 17, 2008 12:53 pm

i think i have the same problem with zyphyr

no packets shown in the script editor window

but one of my bigger problem is that i know we need to attach the debugger, but wheneveri attach it and go on maple story, it restarts my computer lol
erichumale
Hackleberry Fin
 
Posts: 25
Joined: Mon Feb 11, 2008 12:47 am

Postby L. Spiro » Sun Feb 17, 2008 9:12 pm

That is because nProtect Game Guard restarts your computer when a debugger is detected on Maple Story.

Attaching is the first step. I can make the debugger attachment undetected in the next release or the one after.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby Zyphyr » Sun Feb 17, 2008 9:49 pm

well... it hasnt made me reboot yet, but is still don't see any packets...
Zyphyr
I Ask A Lot Of Questions
 
Posts: 14
Joined: Sun Feb 10, 2008 12:35 pm

Postby Areks » Tue Feb 19, 2008 7:24 am

Since maplestory is server sided and the only method I know is searching values and changing them for single player games, I thought I'd eventually learn packet editing, but maple can't be packet edited..? I'm not sure if I'm interpreting the above posts correctly :/

Edit: OOPs, didn't see your last post Spiro. Sorry.
NOMOARQUESTIONS.

Well, maybe one. Would learning C++ help me with the whole packet editing deal? I've been learning the basics slowly the past few weeks, and I'm hoping it will help me with all of this.
Areks
Hackleberry Fin
 
Posts: 29
Joined: Tue Feb 05, 2008 10:15 am

Postby L. Spiro » Tue Feb 19, 2008 2:57 pm

There are many ways to edit packets, and if you plan to go the eay route of using L. Spiro Script you should leanr C/C++.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby erichumale » Tue Feb 19, 2008 4:40 pm

i'm planning to learn C++

well i guess what more people are having problem with is just

Attach debugger = reboot/cant see any packets
not attaching debugger = wont work


i guess its not about editing packets in MHS that people are having difficulties with
think that people cant read the packets

oh im talking about maple story atm, L spiro, were you talking about other game that works perfectly fine with packet editing with MHS?
erichumale
Hackleberry Fin
 
Posts: 25
Joined: Mon Feb 11, 2008 12:47 am

Postby L. Spiro » Tue Feb 19, 2008 10:21 pm

It works on games that do not block the Debugger. Of course.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby erichumale » Sat Feb 23, 2008 11:42 am

i'm practising using this on other games atm
and i have a lil question that i dont know how to solve it

if you want to compare the packet to something or change the packet around, you'd do so directly after the ReadProcessMemory call. Make any changes to byte array packet as you want, then WriteProcessMemory(GetCurProcessHandle(), (void *)ptr, packet, len, NULL);.

i dont really understand how to change the packet and then send it.. T_T
help pleaase
erichumale
Hackleberry Fin
 
Posts: 25
Joined: Mon Feb 11, 2008 12:47 am

Postby mezzo » Sat Feb 23, 2008 9:20 pm

check out Shynd's other tutorial "InfernoRose Packet - Using Script Breakpoint Handling" in the code submission section.
It deals with changing the packet contents before sending.
- No thanks, I already have a penguin -
User avatar
mezzo
El Mariachi
 
Posts: 739
Joined: Mon Apr 30, 2007 10:27 pm
Location: Antwerp

Postby Noname » Sat Jul 19, 2008 5:00 am

I would just like to say "Holy Crap, that's freakin' awesome".

One Moment, *closes jaw.


Dude that is amazing, and thank you for showing the power of MHS. Now if I could just get a start. But that definitely opens up doors.


I think that is what MHS is all about. Opening the doors and giving you the crowbar to unlock them yourself, all you have to do is take the time to open them yourself, and you sir certainly have done that.
Noname
Hackleberry Fin
 
Posts: 22
Joined: Sun Jul 13, 2008 4:24 am

Postby Lodrik » Sun Nov 09, 2008 9:20 am

Great tutorial!
Unfortunately I just get every 5 minutes or something like this a packet, I think that the send(); function gets used by the protection system and the game uses WSASend();.
The recv(); bp does not return any packet data at all, but I think it is just the game. The game actually encrypts its packets but I first just want to get a packet editor/sender to work. After this works good I will try to find the encryption routine.

Im pretty new to this kind of things but I understood many parts of your tutorial, I just have some questions left:

I found some more functions like sendto, recvto, WSASend in ws2_32.dll which are not documented in your tutorial.
Are those functions doing the same like send(); or recv();?

How did you find 'EBP+0x00;
EBP+0x04;
EBP+0x08;
EBP+0x0c;
EBP+0x10;
EBP+0x14'?

Is it the same in sendto, recvto and WSASend functions?
Did you 'open' the stack and just noted the address down?
I tried to activate the stack tab in the disassembler but no luck yet.
I looked into the help file but there are not any information about it.

How did you find out where the breakpoint has to be set?
Did you look for a specific piece of code or is it just random?
How do we know when the stack gets realigned?

I look forward to your answers. :)
Lodrik
I Have A Few Questions
 
Posts: 2
Joined: Sun Nov 09, 2008 8:52 am

PreviousNext

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 0 guests

cron