1. SRL Junior Member
Join Date
Mar 2017
Posts
32
Mentioned
1 Post(s)
Quoted
9 Post(s)
Originally Posted by Brandon
The next time you send me a message, I am going to block you for your stupidity. http://i.imgur.com/5TCRCeg.png

You are acting like I just told you how to do it but posted no code. Be happy there is actually code there. If I have no idea what I am doing, why do you want to compile my code? Just don't use it! It's not like I'm forcing you to compile it at all. Secondly, it's not my fault you can't read: DON'T USE VISUAL STUDIO.

If you want to use Visual Studio, you're going to have to rewrite it to remove the inline assembly OR JUST READ THE CODE:

C++ Code:
#ifndef _USE_GET_PEB_ Assembly Code Here..#elseNon-Assembly code here..#endif

That will allow it to compile on Visual Studio. But of course your lazy ass couldn't see that.. You shouldn't be compiling anything you don't understand or read.

Now never message me again. In fact, I am now going to permanently block all your messages (you're the first and only person on my ignore list).

Have a free one on me (Project, Code, Configuration, Compiled Binary. Compiled using GCC-6.2.0-x86_64_threads-posix - https://sourceforge.net/projects/min...ingw-builds/):

Here: Attachment 28191

Good Bye.

P.S. I don't want your RootKit. You can't even compile code or use code-tags. -_-
Hi Brandon, sorry for the noob question but how do you use this?
Last edited by ccesssu; 08-16-2017 at 07:24 AM.

2. Registered User
Join Date
May 2017
Posts
22
Mentioned
1 Post(s)
Quoted
15 Post(s)
Is useless!

3. SRL Junior Member
Join Date
Jul 2009
Posts
125
Mentioned
2 Post(s)
Quoted
54 Post(s)
Originally Posted by pipilica
Is useless!
No it's not just pm Brandon. He surely loves it

But on topic a while back jagex outlawed mousekeys on osrs. How are they going to enforce this? Low level mouse flags would be easiest<-

4. SRL Junior Member
Join Date
Dec 2008
Posts
135
Mentioned
0 Post(s)
Quoted
44 Post(s)
Originally Posted by alar82
No it's not just pm Brandon. He surely loves it

But on topic a while back jagex outlawed mousekeys on osrs. How are they going to enforce this? Low level mouse flags would be easiest<-
when did they disallow mousekeys?

5. Originally Posted by Grunt
when did they disallow mousekeys?
never / jan 2017
http://services.runescape.com/m=news...on?oldschool=1

6. Registered User
Join Date
Oct 2017
Posts
3
Mentioned
0 Post(s)
Quoted
3 Post(s)
Originally Posted by ccesssu
Hi Brandon, sorry for the noob question but how do you use this?
I agree, I am also wishing to know how it is implemented

7. SRL Junior Member
Join Date
Jun 2007
Posts
309
Mentioned
0 Post(s)
Quoted
84 Post(s)
Originally Posted by carrumbum
I agree, I am also wishing to know how it is implemented
i believe by hardware mouse they are referring to the mouse you already use; meaning dont use SMART, use the official client and surrender your mouse to the client

8. Originally Posted by lolskilla
i believe by hardware mouse they are referring to the mouse you already use; meaning dont use SMART, use the official client and surrender your mouse to the client
This is incorrect, unless you use Brandon's method or a VM.

9. Originally Posted by carrumbum
I agree, I am also wishing to know how it is implemented

The source and binaries are attached with a test script as well.. Below, I removed all the assembly and hiding and stuff to show only what is absolutely necessary so everyone can understand it (Source and Binaries):

Test.zip

It can't get any more simple than that.

How it's implemented? Well.. that would take a while to explain, but the basics is that you hook SetWindowsHookEx and hook the functions that are being passed to it.. then you modify the flags and call the original function.

To test this, open cmd and type "HookTest.exe true". Then you run the simba script on the HookTest terminal. You will see that a bunch of message boxes popup saying whether keyboard or mouse is detected.

Close all of it. Open cmd again and type "HookTest.exe". Then run the simba script on the HookTest terminal. You will see keyboard and mouse detected but no popups because the flags were removed..

What is the difference between sending "true" vs. nothing as a parameter to HookTest? Well.. if you send nothing, it loads blocker.dll by default which removes the stupid flags. If you send true, it does not load it and you will get popups.

Basically to use it, you just load blocker.dll before running the game using Simba or w/e loader you want.. I didn't test on NXT.

Note: RS doesn't currently detect keyboard or mouse like the above anyway.. So none of this is really necessary. I just posted it as a solution to the problem stated in the thread because I was curious.
Last edited by Brandon; 10-29-2017 at 07:31 PM.

10. Registered User
Join Date
May 2017
Posts
22
Mentioned
1 Post(s)
Quoted
15 Post(s)
It does nothing, if you run second flag detector detects flags, useless

11. Haven't looked into the files Brandon posted/what you mean, but could possibly be that whoever sets a hook more recently gets to be first in the queue, meaning that if you load the application that will change the flags AFTER jagex has loaded their flag check, you will successfully avoid their flag checking system (Given that they don't set the hook more than once).

12. Originally Posted by pipilica
It does nothing, if you run second flag detector detects flags, useless

Lol useless because you want it to work how you want it.. not how I wrote it.. Write your own then.

So you want it to remove the hooks AFTER Jagex has already requested? I mean sure it can be done, but you can easily just run the game AFTER Simba.. It only has to be done once anyway. Then you don't have to worry about it.

Instead you want to inject the hook after the game is already running.

Fine, here's how you do it.

Install your own hook mouse and keyboard hook after running the game.
Clear the LLMHF_INJECTED and keyboard one respectively.
CallNextHookEx.

It will propagate down the call stack. You don't even need detouring or anything.

You don't need my code for this. There's an example on MSDN already.
Last edited by Brandon; 10-30-2017 at 01:55 PM.

13. Registered User
Join Date
May 2017
Posts
22
Mentioned
1 Post(s)
Quoted
15 Post(s)
Very exposed and naive, it works only if hook removal is runned after detector, all site have to do is restart detector or start a new one and you are cought.

14. Originally Posted by pipilica
Very exposed and naive, it works only if hook removal is runned after detector, all site have to do is restart detector or start a new one and you are cought.

Damn man.. why so negative lol..

It works when the hook is injected before all others. Did you read the source code?

C++ Code:
//Loads the blocker FIRST..LoadLibrary("Blocker.dll");//Loads test hooks AFTER.. IE: Run RS or w/e..thread([] {    SetWindowsHookEx(MouseHook...);    SetWindowsHookEx(KeyboardHook...);}).detach();

Hence, any hooks loaded AFTER the blocker, are all subverted and modified. Any hooks loaded before the blocker will be detected. Secondly, you say that any hooks loaded AFTER will not remove.. I hooked SetWindowsHookEx inside the blocker.dll and subverted/detoured the callbacks? So any hooks that are ran AFTER are modified..

I already mentioned this.. but if you combined your own hooks with the blocker, then it will work fine in both directions because your own hooks will modify ones BEFORE (down the stack) yours and the blocker will modify ones AFTER yours (up the stack/future hooks/already working).

Understand the code first, then ask questions after. Learn WinAPI.. If you want to know something, try asking instead of jumping to conclusions.
Last edited by Brandon; 10-30-2017 at 06:20 PM.

15. Registered User
Join Date
Oct 2017
Posts
1
Mentioned
0 Post(s)
Quoted
0 Post(s)
can someone help me to remove flags using c# instead of c++ ? i have written code already but seems not to be working atm.

public static void InstallHook()
{
if (IsHookInstalled) return;

hModule = Marshal.GetHINSTANCE(AppDomain.CurrentDomain.GetAs semblies()[0].GetModules()[0]);
hookDel = new HookProc(HookProcFunction);

hHook = SetWindowsHookEx(WH_MOUSE_LL, hookDel, hModule, 0);

if (hHook != IntPtr.Zero)
hookInstall = true;
else
throw new Exception("Can't install mouse hook!");
}

static IntPtr HookProcFunction(int nCode, IntPtr wParam, IntPtr lParam)
{
//if (nCode < 0)
// return CallNextHookEx(IntPtr.Zero, nCode, wParam, lParam);

if (nCode == 0)
{

///here i'm removing flags
///i was pretty much confident that this will work but still mouse movements were detected.
///https://github.com/lyanidle/DetectMouseEvents <--- used this code to detect fake mouse moves.

MSLLHOOKSTRUCT mhs = (MSLLHOOKSTRUCT)Marshal.PtrToStructure(lParam, typeof(MSLLHOOKSTRUCT));
mhs.flags = mhs.flags & (int)0x7FFFFFFE;
Marshal.StructureToPtr(mhs, lParam, true);
}

return CallNextHookEx(hHook, nCode, wParam, lParam);
}

16. SRL Junior Member
Join Date
Jul 2009
Posts
125
Mentioned
2 Post(s)
Quoted
54 Post(s)
Doesn't do anything.
Old detector code still shows fake keys. Even if I run Hooktest.exe before simba dll with fake detector.

17. Originally Posted by alar82
Doesn't do anything.
Old detector code still shows fake keys. Even if I run Hooktest.exe before simba dll with fake detector.

So weird that everyone keeps saying that.. Well this is me remoting into my surface book and actually running it to show that it does indeed work. I don't know what else to say.. Also you can see that teamviewer sends keys and mouse to the surface and it is detected. But when I run the app, it is no longer showing the popups.

https://youtu.be/PAhI14C-mDY

18. SRL Junior Member
Join Date
Jul 2009
Posts
125
Mentioned
2 Post(s)
Quoted
54 Post(s)

Old globalhook thing.

19. Originally Posted by alar82

Old globalhook thing.
What old global hook? The one on the left seems to be blocking all. Not sure what that 64bit console is.

20. SRL Junior Member
Join Date
Jul 2009
Posts
125
Mentioned
2 Post(s)
Quoted
54 Post(s)
It shouldn't reach to right console at all if new keyboard hooks are blocked. Its your old code.
Code:
LRESULT CALLBACK MyKeyboardHook(int nCode, WPARAM wParam, LPARAM lParam)
{
if (nCode == HC_ACTION)
{
KBDLLHOOKSTRUCT* keyboardHookPointer = (KBDLLHOOKSTRUCT *)lParam; //Cast.
/*
if ((keyboardHookPointer->flags & LLKHF_LOWER_IL_INJECTED) || (keyboardHookPointer->flags & LLKHF_INJECTED))
{
cout << "kFake \n";
}
else {
cout << "kHardware \n";
}
*/
keyboardHookPointer->dwExtraInfo = 0;
keyboardHookPointer->flags &= ~LLKHF_LOWER_IL_INJECTED; //Remove flag.
keyboardHookPointer->flags &= ~LLKHF_INJECTED; //Remove flag.
}
return CallNextHookEx(_hook, nCode, wParam, lParam); //Give Jagex the modified parameters.
}

void Keyhook()
{

if (!(_hook = SetWindowsHookEx(WH_KEYBOARD_LL, MyKeyboardHook, 0, 0)))
{
MessageBox(NULL, "Failed to install hook!", "Error", MB_ICONERROR);
}
}

LRESULT CALLBACK MyMouseHook(int nCode, WPARAM wParam, LPARAM lParam)
{
if (nCode == HC_ACTION)
{
MSLLHOOKSTRUCT * mouseHookPointer = (MSLLHOOKSTRUCT *)lParam; //Cast.
/*
if ((mouseHookPointer->flags & LLMHF_INJECTED) || (mouseHookPointer->flags & LLMHF_LOWER_IL_INJECTED))
{
cout << "mFake \n";
}
else {
cout << "mHardware \n";
}
*/

mouseHookPointer->dwExtraInfo =0;
mouseHookPointer->flags &= ~LLMHF_LOWER_IL_INJECTED; //Remove flag.
mouseHookPointer->flags &= ~LLMHF_INJECTED; //Remove flag.
}
return CallNextHookEx(_hook2, nCode, wParam, lParam); //Give Jagex the modified parameters.
}

void Mousehook()
{
if (!(_hook2 = SetWindowsHookEx(WH_MOUSE_LL, MyMouseHook, 0, 0)))
{
MessageBox(NULL, "Failed to install hook!", "Error", MB_ICONERROR);
}
}

int StartHookin(){
HookinActive = TRUE;
Keyhook();
Mousehook();
cout << "Passive hooker started \n";
MSG msg;
while (GetMessage(&msg, NULL, 0, 0)>0)
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
cout << "Hooking ended \n";
return 0;
}

21. Registered User
Join Date
May 2017
Posts
22
Mentioned
1 Post(s)
Quoted
15 Post(s)
It does nothing runned before or after detector, detector sees virtual input, your removal aplication removes flags for himself.
Last edited by pipilica; 11-01-2017 at 08:44 AM.

22. @pipilica; If that's actually happening, just inject it into the process you want to work around. That would immediately remedy the issue. I didn't check if the hook works for the entire system, just the process that loaded it because that's how we use SMART and Simba. For NXT, I had it in my own OpenGL32.dll and D3D9.dll.

In any case, for other specific processes you can do:

CreateProcess Suspended, Inject, ResumeProcess.

OR if you want it system-wide (literally for the entire system -- I don't see a use for this though), then hook with WH_KEYBOARD/WH_MOUSE first (a per process hook.. Every process that is started on Windows will get an instance of your hook/dll). Then within that hook, load the blocker which does WH_KEYBOARD_LL/WH_MOUSE_LL (a low level hook). This way, each process gets the dll loaded and the hook will apply to that process automatically.

Example:

WH_KEYBOARD (System will load this .dll into EVERY process).
In WH_KEYBOARD callback -> SetWindowsHookEx(WH_KEYBOARD_LL..);
Last edited by Brandon; 11-01-2017 at 03:19 PM.

23. SRL Junior Member
Join Date
Mar 2017
Posts
32
Mentioned
1 Post(s)
Quoted
9 Post(s)
Have people considered botting on linux? Are there similar flags that jagex could use to detect virtual mouse clicks?

24. @ccesssu: Yes, there are similar flags, but you could just recompile pieces of software to not report that input is synthetic. There may also be other ways to make input look like it is not synthetic. Some layers of the Linux desktop environment may not pass on information on whether or not input was synthetic.

The biggest hurdle right now is making sure everything runs well under Linux. There are a few plugins that use WinAPI extensively, and there are some that were only released for Windows but may support both. If you have the time, please try to run Simba under Linux and report any issues you experience.

25. SRL Member
Join Date
May 2012
Posts
493
Mentioned
23 Post(s)
Quoted
228 Post(s)
Originally Posted by Brandon
@pipilica; If that's actually happening, just inject it into the process you want to work around. That would immediately remedy the issue. I didn't check if the hook works for the entire system, just the process that loaded it because that's how we use SMART and Simba. For NXT, I had it in my own OpenGL32.dll and D3D9.dll.

In any case, for other specific processes you can do:

CreateProcess Suspended, Inject, ResumeProcess.

OR if you want it system-wide (literally for the entire system -- I don't see a use for this though), then hook with WH_KEYBOARD/WH_MOUSE first (a per process hook.. Every process that is started on Windows will get an instance of your hook/dll). Then within that hook, load the blocker which does WH_KEYBOARD_LL/WH_MOUSE_LL (a low level hook). This way, each process gets the dll loaded and the hook will apply to that process automatically.

Example:

WH_KEYBOARD (System will load this .dll into EVERY process).
In WH_KEYBOARD callback -> SetWindowsHookEx(WH_KEYBOARD_LL..);
Could you please spoon feed me and explain how to make NXT load the Blocker.dll file?