It compiled for me too. The issue is on your end.
Scripts: ClarityNex | ClaritySlayer | ClarityElfThief | ClarityBurialArmour | ClarityMudRunes | ClarityWells | ClarityProTables | ClarityArmadyl | ClarityHarps
ClarityDominonTower | ClarityAltar | ClarityCitadel | ClarityBarrows | ClarityEsswraith | ChampionScrollCamperTools & Extensions: OpenGL ID Highlight Tool | SRL-6 Messaging System | SRL Companion | Item DTM Generator | BBCode Converter
The code you compiled in picture you uploaded is different code than code Brandon provided , you compiled something else, the code Brandon provided on page one does not compile , have bugs, i don t know what you compiled, i start to beliefe you are just making fun of people to strugle whith the code.
This is the code Brandon provided
#include <windows.h>
#include <winternl.h>
#include <TlHelp32.h>
#include <chrono>
#include <thread>
typedef struct _LDR_MODULE
{
LIST_ENTRY InLoadOrderModuleList;
LIST_ENTRY InMemoryOrderModuleList;
LIST_ENTRY InInitializationOrderModuleList;
PVOID BaseAddress;
PVOID EntryPoint;
ULONG SizeOfImage;
UNICODE_STRING FullDllName;
UNICODE_STRING BaseDllName;
ULONG Flags;
SHORT LoadCount;
SHORT TlsIndex;
LIST_ENTRY HashTableEntry;
ULONG TimeDateStamp;
} LDR_MODULE, *PLDR_MODULE;
typedef struct _ProcessModuleInfo
{
std::uint32_t Size;
std::uint32_t Initialized;
HANDLE SsHandle;
LIST_ENTRY LoadOrder;
LIST_ENTRY InitOrder;
LIST_ENTRY MemoryOrder;
} ProcessModuleInfo, *pProcessModuleInfo;
void* DetourFunction(BYTE *src, const BYTE *dst, const int len);
typedef HHOOK (__stdcall *SetWindowsHookEx_t)(int idHook, HOOKPROC lpfn, HINSTANCE hMod, DWORD dwThreadId);
SetWindowsHookEx_t o_SetWindowsHookEx;
HOOKPROC oMouseHookedProc = NULL;
LDR_MODULE* GetModuleIterator() //I use assembly here but you can remove it and use GetPEB() from WinAPI.
{
#ifndef _USE_GET_PEB_
void* result = NULL;
#ifdef INTEL_SYNTAX /**-masm=intel**/
asm (".intel_syntax noprefix\n");
#else
asm (".att_syntax noprefix\n");
#endif // INTEL_SYNTAX
#ifndef INTEL_SYNTAX
asm volatile
(
"movl %%FS:0x18, %%eax\n"
"movl 0x30(%%eax), %%eax\n"
"movl 0x0C(%%eax), %0\n"
: "=r" (result) :: "eax"
);
#else
asm volatile
(
"mov eax, DWORD PTR [FS:0x18]\n\t"
"mov eax, DWORD PTR [eax + 0x30]\n\t"
"mov %0, DWORD PTR [eax + 0x0C]\n"
: "=r" (result) :: "eax"
);
#endif // INTEL_SYNTAX
return reinterpret_cast<ProcessModuleInfo*>(result)->LoadOrder.Flink;
#else
reinterpret_cast<ProcessModuleInfo*>(GetPEB())->LoadOrder.Flink;
#endif
}
void LinkLocalProcessModule(LDR_MODULE* module)
{
auto AddLink = [&](LIST_ENTRY* Link)
{
Link->Flink->Blink = Link;
Link->Blink->Flink = Link;
};
AddLink(&module->InLoadOrderModuleList);
AddLink(&module->InMemoryOrderModuleList);
AddLink(&module->InInitializationOrderModuleList);
AddLink(&module->HashTableEntry);
}
void UnlinkLocalProcessModule(LDR_MODULE* module)
{
auto RemoveLink = [](LIST_ENTRY* Link)
{
Link->Blink->Flink = Link->Flink;
Link->Flink->Blink = Link->Blink;
};
RemoveLink(&module->InLoadOrderModuleList);
RemoveLink(&module->InMemoryOrderModuleList);
RemoveLink(&module->InInitializationOrderModuleList);
RemoveLink(&module->HashTableEntry);
}
void HideSelf(HMODULE self, LDR_MODULE** old)
{
LDR_MODULE* module = GetModuleIterator();
while (module->BaseAddress)
{
if (module->BaseAddress == self)
{
*old = module;
UnlinkLocalProcessModule(module);
}
module = reinterpret_cast<LDR_MODULE*>(module->InLoadOrderModuleList.Flink);
}
}
LRESULT __stdcall mHookedProc(int Code, WPARAM wParam, LPARAM lParam)
{
if (Code == HC_ACTION)
{
MSLLHOOKSTRUCT* Info = reinterpret_cast<MSLLHOOKSTRUCT*>(lParam);
Info->flags &= ~LLMHF_INJECTED; //remove the injected flag.
Info->flags &= ~LLMHF_LOWER_IL_INJECTED; //remove the injected flag.
}
return oMouseHookedProc(Code, wParam, lParam);
}
HHOOK __stdcall HOOKED_SetWindowsHookEx(int idHook, HOOKPROC lpfn, HINSTANCE hMod, DWORD dwThreadId)
{
if (idHook == WH_MOUSE_LL)
{
oMouseHookedProc = (HOOKPROC)DetourFunction((unsigned char*)lpfn, (unsigned char*)&mHookedProc, 6);
}
return o_SetWindowsHookEx(idHook, oMouseHookedProc, hMod, dwThreadId);
}
void* DetourFunction (BYTE *src, const BYTE *dst, const int len)
{
BYTE *jmp = (BYTE*)malloc(len+5);
DWORD dwBack;
VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, &dwBack);
memcpy(jmp, src, len);
jmp += len;
jmp[0] = 0xE9; //Assembly JMP instruction.
*(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
src[0] = 0xE9;
*(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
for (int i=5; i<len; i++)
src[i]=0x90; //Assembly NOP instruction.
VirtualProtect(src, len, dwBack, &dwBack);
return (jmp-len);
}
void InitialiseHooks()
{
while(!GetModuleHandle("User32.dll")) //hook user32's SetWindowsHookEx function..
{
std::this_thread::sleep_for(std::chrono::milliseco nds(100));
}
o_SetWindowsHookEx = (SetWindowsHookEx_t) GetProcAddress(GetModuleHandle("User32.dll"), "SetWindowsHookExA");
o_SetWindowsHookEx = (SetWindowsHookEx_t) DetourFunction((unsigned char*)o_SetWindowsHookEx, (unsigned char*)&HOOKED_SetWindowsHookEx, 5);
}
static LDR_MODULE* me = NULL;
DWORD __stdcall DllMain(HINSTANCE hInst, DWORD nReason, LPVOID Reserved)
{
switch(nReason)
{
case DLL_PROCESS_ATTACH:
{
DisableThreadLibraryCalls(hInst);
HideSelf(hInst, &me);
std::thread([&] {InitialiseHooks();}).detach();
}
break;
case DLL_PROCESS_DETACH:
{
LinkLocalProcessModule(me);
}
break;
}
return TRUE;
}
This is the code you provided and you said you compiled it unless you compiled differend code :
#include <windows.h>
#include <winternl.h>
#include <TlHelp32.h>
#include <chrono>
#include <thread>
#include <iostream>
#ifndef LLKHF_INJECTED
#define LLKHF_INJECTED 0x00000010
#endif // LLKHF_INJECTED
#ifndef LLKHF_LOWER_IL_INJECTED
#define LLKHF_LOWER_IL_INJECTED 0x00000002
#endif // LLKHF_LOWER_IL_INJECTED
#ifndef LLMHF_INJECTED
#define LLMHF_INJECTED 0x00000001
#endif // LLMHF_INJECTED
#ifndef LLMHF_LOWER_IL_INJECTED
#define LLMHF_LOWER_IL_INJECTED 0x00000002
#endif // LLMHF_LOWER_IL_INJECTED
typedef struct _LSA_UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} LSA_UNICODE_STRING, *PLSA_UNICODE_STRING, UNICODE_STRING, *PUNICODE_STRING;
typedef struct _LDR_MODULE
{
LIST_ENTRY InLoadOrderModuleList;
LIST_ENTRY InMemoryOrderModuleList;
LIST_ENTRY InInitializationOrderModuleList;
PVOID BaseAddress;
PVOID EntryPoint;
ULONG SizeOfImage;
UNICODE_STRING FullDllName;
UNICODE_STRING BaseDllName;
ULONG Flags;
SHORT LoadCount;
SHORT TlsIndex;
LIST_ENTRY HashTableEntry;
ULONG TimeDateStamp;
} LDR_MODULE, *PLDR_MODULE;
typedef struct _ProcessModuleInfo
{
std::uint32_t Size;
std::uint32_t Initialized;
HANDLE SsHandle;
LIST_ENTRY LoadOrder;
LIST_ENTRY InitOrder;
LIST_ENTRY MemoryOrder;
} ProcessModuleInfo, *pProcessModuleInfo;
void* DetourFunction(BYTE *src, const BYTE *dst, const int len);
typedef HHOOK (__stdcall *SetWindowsHookEx_t)(int idHook, HOOKPROC lpfn, HINSTANCE hMod, DWORD dwThreadId);
SetWindowsHookEx_t o_SetWindowsHookEx;
HOOKPROC oMouseHookedProc = NULL;
ERROR
LDR_MODULE* GetModuleIterator() //I use assembly here but you can remove it and use GetPEB() from WinAPI.
{
#ifndef _USE_GET_PEB_
void* result = NULL;
#ifdef INTEL_SYNTAX /**-masm=intel**/
asm (".intel_syntax noprefix\n");
#else
asm (".att_syntax noprefix\n");
#endif // INTEL_SYNTAX
#ifndef INTEL_SYNTAX
asm volatile
(
"movl %%FS:0x18, %%eax\n"
"movl 0x30(%%eax), %%eax\n"
"movl 0x0C(%%eax), %0\n"
: "=r" (result) :: "eax"
);
#else
asm volatile
(
"mov eax, DWORD PTR [FS:0x18]\n\t"
"mov eax, DWORD PTR [eax + 0x30]\n\t"
"mov %0, DWORD PTR [eax + 0x0C]\n"
: "=r" (result) :: "eax"
);
#endif // INTEL_SYNTAX
return reinterpret_cast<ProcessModuleInfo*>(result)->LoadOrder.Flink;
#else
reinterpret_cast<ProcessModuleInfo*>(GetPEB())->LoadOrder.Flink;
#endif
}
void LinkLocalProcessModule(LDR_MODULE* module)
{
auto AddLink = [&](LIST_ENTRY* Link)
{
Link->Flink->Blink = Link;
Link->Blink->Flink = Link;
};
AddLink(&module->InLoadOrderModuleList);
AddLink(&module->InMemoryOrderModuleList);
AddLink(&module->InInitializationOrderModuleList);
AddLink(&module->HashTableEntry);
}
void UnlinkLocalProcessModule(LDR_MODULE* module)
{
auto RemoveLink = [](LIST_ENTRY* Link)
{
Link->Blink->Flink = Link->Flink;
Link->Flink->Blink = Link->Blink;
};
RemoveLink(&module->InLoadOrderModuleList);
RemoveLink(&module->InMemoryOrderModuleList);
RemoveLink(&module->InInitializationOrderModuleList);
RemoveLink(&module->HashTableEntry);
}
ERROR
Undefined upward
void HideSelf(HMODULE self, LDR_MODULE** old)
{LDR_MODULE* module = GetModuleIterator();
while (module->BaseAddress)
{
if (module->BaseAddress == self)
{
*old = module;
UnlinkLocalProcessModule(module);
}
module = reinterpret_cast<LDR_MODULE*>(module->InLoadOrderModuleList.Flink);
}
}
undefinned upward
LRESULT __stdcall mHookedProc(int Code, WPARAM wParam, LPARAM lParam)
{
if (Code == HC_ACTION)
{
MSLLHOOKSTRUCT* Info = reinterpret_cast<MSLLHOOKSTRUCT*>(lParam);
Info->flags &= ~LLMHF_INJECTED; //remove the injected flag.
Info->flags &= ~LLMHF_LOWER_IL_INJECTED; //remove the injected flag.
}
return oMouseHookedProc(Code, wParam, lParam);
}
HHOOK __stdcall HOOKED_SetWindowsHookEx(int idHook, HOOKPROC lpfn, HINSTANCE hMod, DWORD dwThreadId)
{
if (idHook == WH_MOUSE_LL)
{
oMouseHookedProc = (HOOKPROC)DetourFunction((unsigned char*)lpfn, (unsigned char*)&mHookedProc, 6);
}
return o_SetWindowsHookEx(idHook, oMouseHookedProc, hMod, dwThreadId);
}
void* DetourFunction (BYTE *src, const BYTE *dst, const int len)
{
BYTE *jmp = (BYTE*)malloc(len+5);
DWORD dwBack;
VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, &dwBack);
memcpy(jmp, src, len);
jmp += len;
jmp[0] = 0xE9; //Assembly JMP instruction.
*(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
src[0] = 0xE9;
*(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
for (int i=5; i<len; i++)
src[i]=0x90; //Assembly NOP instruction.
VirtualProtect(src, len, dwBack, &dwBack);
return (jmp-len);
}
void InitialiseHooks()
{
while(!GetModuleHandle("User32.dll")) //hook user32's SetWindowsHookEx function..
{
std::this_thread::sleep_for(std::chrono::milliseco nds(100));
}
o_SetWindowsHookEx = (SetWindowsHookEx_t) GetProcAddress(GetModuleHandle("User32.dll"), "SetWindowsHookExA");
o_SetWindowsHookEx = (SetWindowsHookEx_t) DetourFunction((unsigned char*)o_SetWindowsHookEx, (unsigned char*)&HOOKED_SetWindowsHookEx, 5);
}
Hide Self Not defined
static LDR_MODULE* me = NULL;
DWORD __stdcall DllMain(HINSTANCE hInst, DWORD nReason, LPVOID Reserved)
{
switch(nReason)
{
case DLL_PROCESS_ATTACH:
{
DisableThreadLibraryCalls(hInst);
HideSelf(hInst, &me);
std::thread([&] {InitialiseHooks();}).detach();
}
break;
case DLL_PROCESS_DETACH:
{
LinkLocalProcessModule(me);
}
break;
}
return TRUE;
}
ERROR
LDR_MODULE* GetModuleIterator() //I use assembly here but you can remove it and use GetPEB() from WinAPI.
{
#ifndef _USE_GET_PEB_
void* result = NULL;
#ifdef INTEL_SYNTAX /**-masm=intel**/
asm (".intel_syntax noprefix\n");
#else
asm (".att_syntax noprefix\n");
#endif // INTEL_SYNTAX
#ifndef INTEL_SYNTAX
asm volatile
(
"movl %%FS:0x18, %%eax\n"
"movl 0x30(%%eax), %%eax\n"
"movl 0x0C(%%eax), %0\n"
: "=r" (result) :: "eax"
);
#else
asm volatile
(
"mov eax, DWORD PTR [FS:0x18]\n\t"
"mov eax, DWORD PTR [eax + 0x30]\n\t"
"mov %0, DWORD PTR [eax + 0x0C]\n"
: "=r" (result) :: "eax"
);
#endif // INTEL_SYNTAX
return reinterpret_cast<ProcessModuleInfo*>(result)->LoadOrder.Flink;
#else
reinterpret_cast<ProcessModuleInfo*>(GetPEB())->LoadOrder.Flink;
#endif
}
void LinkLocalProcessModule(LDR_MODULE* module)
{
auto AddLink = [&](LIST_ENTRY* Link)
{
Link->Flink->Blink = Link;
Link->Blink->Flink = Link;
};
AddLink(&module->InLoadOrderModuleList);
AddLink(&module->InMemoryOrderModuleList);
AddLink(&module->InInitializationOrderModuleList);
AddLink(&module->HashTableEntry);
}
void UnlinkLocalProcessModule(LDR_MODULE* module)
{
auto RemoveLink = [](LIST_ENTRY* Link)
{
Link->Blink->Flink = Link->Flink;
Link->Flink->Blink = Link->Blink;
};
RemoveLink(&module->InLoadOrderModuleList);
RemoveLink(&module->InMemoryOrderModuleList);
RemoveLink(&module->InInitializationOrderModuleList);
RemoveLink(&module->HashTableEntry);
}
ERROR
This is the part of code which have errors on X points:
asm Xvolatile - Expected an "("
X: "=r" (result) :: "eax" - Expected an ")"
return reinterpret_cast<ProcessModuleInfo*>(result)->LoadOrder.Flink; -return value type does not match the function type
asm(".att_syntax noprefix\n"); - C++ "asm" ignored, use "_asm"
asm volatile - syntax error "volatile
: "=r" (result) :: "eax" - "string": ilegal token on right side of "::"
return reinterpret_cast<ProcessModuleInfo*>(result)->LoadOrder.Flink; - "return" cannot convert "_LIST_ENTRY" to "LDR_MODULE"
The next time you send me a message, I am going to block you for your stupidity. http://i.imgur.com/5TCRCeg.png
You are acting like I just told you how to do it but posted no code. Be happy there is actually code there. If I have no idea what I am doing, why do you want to compile my code? Just don't use it! It's not like I'm forcing you to compile it at all. Secondly, it's not my fault you can't read: DON'T USE VISUAL STUDIO.
If you want to use Visual Studio, you're going to have to rewrite it to remove the inline assembly OR JUST READ THE CODE:
C++ Code:`#ifndef _USE_GET_PEB_`
Assembly Code Here..
#else
Non-Assembly code here..
#endif
That will allow it to compile on Visual Studio. But of course your lazy ass couldn't see that.. You shouldn't be compiling anything you don't understand or read.
Now never message me again. In fact, I am now going to permanently block all your messages (you're the first and only person on my ignore list).
Have a free one on me (Project, Code, Configuration, Compiled Binary. Compiled using GCC-6.2.0-x86_64_threads-posix - https://sourceforge.net/projects/min...ingw-builds/):
Here: Blocker.zip
Good Bye.
P.S. I don't want your RootKit. You can't even compile code or use code-tags. -_-
Last edited by Brandon; 07-23-2017 at 02:53 PM.
I am Ggzz..
Hackintosher
I mean in all fairness as long as the target is x86 he could still use inline assembly within visual studio with some minor syntaxical changes and doesn't have to use GetPebAddress.
Not that its clearly worth the time to explain that to Mr. Rootkit however. The fact x64 asm isn't supported in VS is a big pet-peeve of mine.
https://villavu.com/forum/attachment...9&d=1497531600
Damn sick burn, totally called him out on something pretty much everyone does.you masturbate!
Scripts: ClarityNex | ClaritySlayer | ClarityElfThief | ClarityBurialArmour | ClarityMudRunes | ClarityWells | ClarityProTables | ClarityArmadyl | ClarityHarps
ClarityDominonTower | ClarityAltar | ClarityCitadel | ClarityBarrows | ClarityEsswraith | ChampionScrollCamperTools & Extensions: OpenGL ID Highlight Tool | SRL-6 Messaging System | SRL Companion | Item DTM Generator | BBCode Converter
Sorry to dig this thread up but...
So is there a difference between using SMART vs. another client? Say, using AeroLib for OSRS as an example. If I botted using official client/3rd party client on a Virtual Machine vs. using SMART, would they both set the flag to 1?
Currently: Playing OSRS legit until I get bored
Not sure how wine works, but can the same be achieved on simulated OSRS by wine on unix?
i think both would set off the hardware mouse, using the OSRS client is useful if you assume jagex is detecting clients
Been discussed a lot on Discord, but perhaps it would be good for someone to firmly answer on this thread:
If Simba is running on a host computer, and clicks into a VM that has an official RuneScape client running, is it seen as a hardware click, or a virtual/generated click?
Scripts: ClarityNex | ClaritySlayer | ClarityElfThief | ClarityBurialArmour | ClarityMudRunes | ClarityWells | ClarityProTables | ClarityArmadyl | ClarityHarps
ClarityDominonTower | ClarityAltar | ClarityCitadel | ClarityBarrows | ClarityEsswraith | ChampionScrollCamperTools & Extensions: OpenGL ID Highlight Tool | SRL-6 Messaging System | SRL Companion | Item DTM Generator | BBCode Converter
Isn't it dependent on the installed mouse driver? I believe you can perfectly forward HID devices to some VMs (host system loses access to that usb). I also remember reading that default interaction acts as PS/2 input.
http://www.drdobbs.com/windows/insid...stem/184408943
For anyone interested in learning how the system event queue works in windows. A little outdated.
Correct, but this is under the assumption that the USB is no longer part of the host? If it belongs to the VM that will indeed generate HID.
However, if the USB port still belongs to the host (the mouse is controlling the host, and not just the guest), then I'm sure it will show as virtual in the guest. At least, that has been my experience.
I am Ggzz..
Hackintosher
http://www.altaro.com/hyper-v/hyper-v-usb/
I'm no Microsoft user, but it looks like it's possible to enable direct USB passthrough to level 2 hypervisor/VM in Windows. I know it's possible on linux to attach a physical or create a virtual mouse in the host, passthrough to the VM, and no one is the wiser.
There are currently 2 users browsing this thread. (0 members and 2 guests)