Page 4 of 6 FirstFirst ... 23456 LastLast
Results 76 to 100 of 129

Thread: Use your hardware mouse!

  1. #76
    Join Date
    Oct 2012
    Posts
    1,258
    Mentioned
    40 Post(s)
    Quoted
    588 Post(s)

    Default

    Quote Originally Posted by pipilica View Post
    At least the project , i get 11 errors on code , i m starting to think Brandon code is a joke to make us struggle whith it
    http://i.imgur.com/EPw0Mn8.png

  2. #77
    Join Date
    Dec 2007
    Posts
    2,112
    Mentioned
    71 Post(s)
    Quoted
    580 Post(s)

    Default

    Quote Originally Posted by pipilica View Post
    At least the project , i get 11 errors on code , i m starting to think Brandon code is a joke to make us struggle whith it
    With*

    Or you're just sub-human.

  3. #78
    Join Date
    May 2017
    Posts
    22
    Mentioned
    1 Post(s)
    Quoted
    15 Post(s)

    Default

    Quote Originally Posted by acow View Post
    i only get errors in code, Brandon code is wrong or only he knows the mystery and secrets on how to compile it

  4. #79
    Join Date
    Oct 2012
    Posts
    1,258
    Mentioned
    40 Post(s)
    Quoted
    588 Post(s)

    Default

    Quote Originally Posted by pipilica View Post
    i only get errors in code, Brandon code is wrong or only he knows the mystery and secrets on how to compile it
    Kasi is likely in on the conspiracy too. They are both trying to get us off of the holy path that @the bank; has laid out for us... but we comrade, shall persevere inspite of their devious ways.

  5. #80
    Join Date
    Mar 2012
    Location
    127.0.0.1
    Posts
    3,383
    Mentioned
    95 Post(s)
    Quoted
    717 Post(s)

    Default

    Quote Originally Posted by pipilica View Post
    i only get errors in code, Brandon code is wrong or only he knows the mystery and secrets on how to compile it
    http://imgur.com/MeS5WgL

  6. #81
    Join Date
    Dec 2011
    Posts
    2,147
    Mentioned
    221 Post(s)
    Quoted
    1068 Post(s)

  7. #82
    Join Date
    May 2017
    Posts
    22
    Mentioned
    1 Post(s)
    Quoted
    15 Post(s)

    Default

    Quote Originally Posted by Clarity View Post
    It compiled for me too. The issue is on your end.
    What setup?
    Post project if you can

  8. #83
    Join Date
    May 2017
    Posts
    22
    Mentioned
    1 Post(s)
    Quoted
    15 Post(s)

    Default

    Quote Originally Posted by NKN View Post
    The code you compiled in picture you uploaded is different code than code Brandon provided , you compiled something else, the code Brandon provided on page one does not compile , have bugs, i don t know what you compiled, i start to beliefe you are just making fun of people to strugle whith the code.
    This is the code Brandon provided

    #include <windows.h>
    #include <winternl.h>
    #include <TlHelp32.h>
    #include <chrono>
    #include <thread>

    typedef struct _LDR_MODULE
    {
    LIST_ENTRY InLoadOrderModuleList;
    LIST_ENTRY InMemoryOrderModuleList;
    LIST_ENTRY InInitializationOrderModuleList;
    PVOID BaseAddress;
    PVOID EntryPoint;
    ULONG SizeOfImage;
    UNICODE_STRING FullDllName;
    UNICODE_STRING BaseDllName;
    ULONG Flags;
    SHORT LoadCount;
    SHORT TlsIndex;
    LIST_ENTRY HashTableEntry;
    ULONG TimeDateStamp;
    } LDR_MODULE, *PLDR_MODULE;

    typedef struct _ProcessModuleInfo
    {
    std::uint32_t Size;
    std::uint32_t Initialized;
    HANDLE SsHandle;
    LIST_ENTRY LoadOrder;
    LIST_ENTRY InitOrder;
    LIST_ENTRY MemoryOrder;
    } ProcessModuleInfo, *pProcessModuleInfo;


    void* DetourFunction(BYTE *src, const BYTE *dst, const int len);
    typedef HHOOK (__stdcall *SetWindowsHookEx_t)(int idHook, HOOKPROC lpfn, HINSTANCE hMod, DWORD dwThreadId);
    SetWindowsHookEx_t o_SetWindowsHookEx;
    HOOKPROC oMouseHookedProc = NULL;





    LDR_MODULE* GetModuleIterator() //I use assembly here but you can remove it and use GetPEB() from WinAPI.
    {
    #ifndef _USE_GET_PEB_
    void* result = NULL;

    #ifdef INTEL_SYNTAX /**-masm=intel**/
    asm (".intel_syntax noprefix\n");
    #else
    asm (".att_syntax noprefix\n");
    #endif // INTEL_SYNTAX

    #ifndef INTEL_SYNTAX
    asm volatile
    (
    "movl %%FS:0x18, %%eax\n"
    "movl 0x30(%%eax), %%eax\n"
    "movl 0x0C(%%eax), %0\n"
    : "=r" (result) :: "eax"
    );
    #else
    asm volatile
    (
    "mov eax, DWORD PTR [FS:0x18]\n\t"
    "mov eax, DWORD PTR [eax + 0x30]\n\t"
    "mov %0, DWORD PTR [eax + 0x0C]\n"
    : "=r" (result) :: "eax"
    );
    #endif // INTEL_SYNTAX

    return reinterpret_cast<ProcessModuleInfo*>(result)->LoadOrder.Flink;
    #else
    reinterpret_cast<ProcessModuleInfo*>(GetPEB())->LoadOrder.Flink;
    #endif
    }

    void LinkLocalProcessModule(LDR_MODULE* module)
    {
    auto AddLink = [&](LIST_ENTRY* Link)
    {
    Link->Flink->Blink = Link;
    Link->Blink->Flink = Link;
    };

    AddLink(&module->InLoadOrderModuleList);
    AddLink(&module->InMemoryOrderModuleList);
    AddLink(&module->InInitializationOrderModuleList);
    AddLink(&module->HashTableEntry);
    }

    void UnlinkLocalProcessModule(LDR_MODULE* module)
    {
    auto RemoveLink = [](LIST_ENTRY* Link)
    {
    Link->Blink->Flink = Link->Flink;
    Link->Flink->Blink = Link->Blink;
    };

    RemoveLink(&module->InLoadOrderModuleList);
    RemoveLink(&module->InMemoryOrderModuleList);
    RemoveLink(&module->InInitializationOrderModuleList);
    RemoveLink(&module->HashTableEntry);
    }

    void HideSelf(HMODULE self, LDR_MODULE** old)
    {
    LDR_MODULE* module = GetModuleIterator();

    while (module->BaseAddress)
    {
    if (module->BaseAddress == self)
    {
    *old = module;
    UnlinkLocalProcessModule(module);
    }

    module = reinterpret_cast<LDR_MODULE*>(module->InLoadOrderModuleList.Flink);
    }
    }


    LRESULT __stdcall mHookedProc(int Code, WPARAM wParam, LPARAM lParam)
    {
    if (Code == HC_ACTION)
    {
    MSLLHOOKSTRUCT* Info = reinterpret_cast<MSLLHOOKSTRUCT*>(lParam);
    Info->flags &= ~LLMHF_INJECTED; //remove the injected flag.
    Info->flags &= ~LLMHF_LOWER_IL_INJECTED; //remove the injected flag.
    }
    return oMouseHookedProc(Code, wParam, lParam);
    }

    HHOOK __stdcall HOOKED_SetWindowsHookEx(int idHook, HOOKPROC lpfn, HINSTANCE hMod, DWORD dwThreadId)
    {
    if (idHook == WH_MOUSE_LL)
    {
    oMouseHookedProc = (HOOKPROC)DetourFunction((unsigned char*)lpfn, (unsigned char*)&mHookedProc, 6);
    }

    return o_SetWindowsHookEx(idHook, oMouseHookedProc, hMod, dwThreadId);
    }

    void* DetourFunction (BYTE *src, const BYTE *dst, const int len)
    {
    BYTE *jmp = (BYTE*)malloc(len+5);
    DWORD dwBack;

    VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, &dwBack);
    memcpy(jmp, src, len);
    jmp += len;
    jmp[0] = 0xE9; //Assembly JMP instruction.
    *(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
    src[0] = 0xE9;
    *(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
    for (int i=5; i<len; i++)
    src[i]=0x90; //Assembly NOP instruction.
    VirtualProtect(src, len, dwBack, &dwBack);
    return (jmp-len);
    }

    void InitialiseHooks()
    {
    while(!GetModuleHandle("User32.dll")) //hook user32's SetWindowsHookEx function..
    {
    std::this_thread::sleep_for(std::chrono::milliseco nds(100));
    }

    o_SetWindowsHookEx = (SetWindowsHookEx_t) GetProcAddress(GetModuleHandle("User32.dll"), "SetWindowsHookExA");
    o_SetWindowsHookEx = (SetWindowsHookEx_t) DetourFunction((unsigned char*)o_SetWindowsHookEx, (unsigned char*)&HOOKED_SetWindowsHookEx, 5);
    }






    static LDR_MODULE* me = NULL;
    DWORD __stdcall DllMain(HINSTANCE hInst, DWORD nReason, LPVOID Reserved)
    {
    switch(nReason)
    {
    case DLL_PROCESS_ATTACH:
    {
    DisableThreadLibraryCalls(hInst);
    HideSelf(hInst, &me);
    std::thread([&] {InitialiseHooks();}).detach();
    }
    break;

    case DLL_PROCESS_DETACH:
    {
    LinkLocalProcessModule(me);
    }
    break;
    }
    return TRUE;
    }

  9. #84
    Join Date
    May 2017
    Posts
    22
    Mentioned
    1 Post(s)
    Quoted
    15 Post(s)

    Default

    Quote Originally Posted by Kasi View Post
    Just re-iterating on what Brandon said. If you can write your own root-kit, you can probably write your own simple mouse/keyboard detour.

    For anyone wanting to download a hypervisor rootkit. Don't get it from some dodgy guy advertising on a forum. Check out Blue Pill/SubVirt.

    Can confirm, the code def compiles.




    This is the code you provided and you said you compiled it unless you compiled differend code :




    #include <windows.h>
    #include <winternl.h>
    #include <TlHelp32.h>
    #include <chrono>
    #include <thread>
    #include <iostream>

    #ifndef LLKHF_INJECTED
    #define LLKHF_INJECTED 0x00000010
    #endif // LLKHF_INJECTED

    #ifndef LLKHF_LOWER_IL_INJECTED
    #define LLKHF_LOWER_IL_INJECTED 0x00000002
    #endif // LLKHF_LOWER_IL_INJECTED

    #ifndef LLMHF_INJECTED
    #define LLMHF_INJECTED 0x00000001
    #endif // LLMHF_INJECTED

    #ifndef LLMHF_LOWER_IL_INJECTED
    #define LLMHF_LOWER_IL_INJECTED 0x00000002
    #endif // LLMHF_LOWER_IL_INJECTED

    typedef struct _LSA_UNICODE_STRING {
    USHORT Length;
    USHORT MaximumLength;
    PWSTR Buffer;
    } LSA_UNICODE_STRING, *PLSA_UNICODE_STRING, UNICODE_STRING, *PUNICODE_STRING;




    typedef struct _LDR_MODULE
    {
    LIST_ENTRY InLoadOrderModuleList;
    LIST_ENTRY InMemoryOrderModuleList;
    LIST_ENTRY InInitializationOrderModuleList;
    PVOID BaseAddress;
    PVOID EntryPoint;
    ULONG SizeOfImage;
    UNICODE_STRING FullDllName;
    UNICODE_STRING BaseDllName;
    ULONG Flags;
    SHORT LoadCount;
    SHORT TlsIndex;
    LIST_ENTRY HashTableEntry;
    ULONG TimeDateStamp;
    } LDR_MODULE, *PLDR_MODULE;

    typedef struct _ProcessModuleInfo
    {
    std::uint32_t Size;
    std::uint32_t Initialized;
    HANDLE SsHandle;
    LIST_ENTRY LoadOrder;
    LIST_ENTRY InitOrder;
    LIST_ENTRY MemoryOrder;
    } ProcessModuleInfo, *pProcessModuleInfo;


    void* DetourFunction(BYTE *src, const BYTE *dst, const int len);
    typedef HHOOK (__stdcall *SetWindowsHookEx_t)(int idHook, HOOKPROC lpfn, HINSTANCE hMod, DWORD dwThreadId);
    SetWindowsHookEx_t o_SetWindowsHookEx;
    HOOKPROC oMouseHookedProc = NULL;




    ERROR
    LDR_MODULE* GetModuleIterator() //I use assembly here but you can remove it and use GetPEB() from WinAPI.
    {
    #ifndef _USE_GET_PEB_
    void* result = NULL;
    #ifdef INTEL_SYNTAX /**-masm=intel**/
    asm (".intel_syntax noprefix\n");
    #else
    asm (".att_syntax noprefix\n");
    #endif // INTEL_SYNTAX
    #ifndef INTEL_SYNTAX
    asm volatile
    (
    "movl %%FS:0x18, %%eax\n"
    "movl 0x30(%%eax), %%eax\n"
    "movl 0x0C(%%eax), %0\n"
    : "=r" (result) :: "eax"
    );
    #else
    asm volatile
    (
    "mov eax, DWORD PTR [FS:0x18]\n\t"
    "mov eax, DWORD PTR [eax + 0x30]\n\t"
    "mov %0, DWORD PTR [eax + 0x0C]\n"
    : "=r" (result) :: "eax"
    );
    #endif // INTEL_SYNTAX

    return reinterpret_cast<ProcessModuleInfo*>(result)->LoadOrder.Flink;
    #else
    reinterpret_cast<ProcessModuleInfo*>(GetPEB())->LoadOrder.Flink;
    #endif
    }
    void LinkLocalProcessModule(LDR_MODULE* module)
    {
    auto AddLink = [&](LIST_ENTRY* Link)
    {
    Link->Flink->Blink = Link;
    Link->Blink->Flink = Link;
    };
    AddLink(&module->InLoadOrderModuleList);
    AddLink(&module->InMemoryOrderModuleList);
    AddLink(&module->InInitializationOrderModuleList);
    AddLink(&module->HashTableEntry);
    }

    void UnlinkLocalProcessModule(LDR_MODULE* module)
    {
    auto RemoveLink = [](LIST_ENTRY* Link)
    {
    Link->Blink->Flink = Link->Flink;
    Link->Flink->Blink = Link->Blink;
    };
    RemoveLink(&module->InLoadOrderModuleList);
    RemoveLink(&module->InMemoryOrderModuleList);
    RemoveLink(&module->InInitializationOrderModuleList);
    RemoveLink(&module->HashTableEntry);
    }
    ERROR



















    Undefined upward
    void HideSelf(HMODULE self, LDR_MODULE** old)
    {LDR_MODULE* module = GetModuleIterator();

    while (module->BaseAddress)
    {
    if (module->BaseAddress == self)
    {
    *old = module;
    UnlinkLocalProcessModule(module);
    }

    module = reinterpret_cast<LDR_MODULE*>(module->InLoadOrderModuleList.Flink);
    }
    }
    undefinned upward







    LRESULT __stdcall mHookedProc(int Code, WPARAM wParam, LPARAM lParam)
    {
    if (Code == HC_ACTION)
    {
    MSLLHOOKSTRUCT* Info = reinterpret_cast<MSLLHOOKSTRUCT*>(lParam);
    Info->flags &= ~LLMHF_INJECTED; //remove the injected flag.
    Info->flags &= ~LLMHF_LOWER_IL_INJECTED; //remove the injected flag.
    }
    return oMouseHookedProc(Code, wParam, lParam);
    }










    HHOOK __stdcall HOOKED_SetWindowsHookEx(int idHook, HOOKPROC lpfn, HINSTANCE hMod, DWORD dwThreadId)
    {
    if (idHook == WH_MOUSE_LL)
    {
    oMouseHookedProc = (HOOKPROC)DetourFunction((unsigned char*)lpfn, (unsigned char*)&mHookedProc, 6);
    }
    return o_SetWindowsHookEx(idHook, oMouseHookedProc, hMod, dwThreadId);
    }
    void* DetourFunction (BYTE *src, const BYTE *dst, const int len)
    {
    BYTE *jmp = (BYTE*)malloc(len+5);
    DWORD dwBack;

    VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, &dwBack);
    memcpy(jmp, src, len);
    jmp += len;
    jmp[0] = 0xE9; //Assembly JMP instruction.
    *(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
    src[0] = 0xE9;
    *(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
    for (int i=5; i<len; i++)
    src[i]=0x90; //Assembly NOP instruction.
    VirtualProtect(src, len, dwBack, &dwBack);
    return (jmp-len);
    }





    void InitialiseHooks()
    {
    while(!GetModuleHandle("User32.dll")) //hook user32's SetWindowsHookEx function..
    {
    std::this_thread::sleep_for(std::chrono::milliseco nds(100));
    }

    o_SetWindowsHookEx = (SetWindowsHookEx_t) GetProcAddress(GetModuleHandle("User32.dll"), "SetWindowsHookExA");
    o_SetWindowsHookEx = (SetWindowsHookEx_t) DetourFunction((unsigned char*)o_SetWindowsHookEx, (unsigned char*)&HOOKED_SetWindowsHookEx, 5);
    }









    Hide Self Not defined



    static LDR_MODULE* me = NULL;
    DWORD __stdcall DllMain(HINSTANCE hInst, DWORD nReason, LPVOID Reserved)
    {
    switch(nReason)
    {
    case DLL_PROCESS_ATTACH:
    {
    DisableThreadLibraryCalls(hInst);
    HideSelf(hInst, &me);
    std::thread([&] {InitialiseHooks();}).detach();
    }
    break;

    case DLL_PROCESS_DETACH:
    {
    LinkLocalProcessModule(me);
    }
    break;
    }
    return TRUE;
    }

  10. #85
    Join Date
    May 2017
    Posts
    22
    Mentioned
    1 Post(s)
    Quoted
    15 Post(s)

    Default

    ERROR
    LDR_MODULE* GetModuleIterator() //I use assembly here but you can remove it and use GetPEB() from WinAPI.
    {
    #ifndef _USE_GET_PEB_
    void* result = NULL;
    #ifdef INTEL_SYNTAX /**-masm=intel**/
    asm (".intel_syntax noprefix\n");
    #else
    asm (".att_syntax noprefix\n");
    #endif // INTEL_SYNTAX
    #ifndef INTEL_SYNTAX
    asm volatile
    (
    "movl %%FS:0x18, %%eax\n"
    "movl 0x30(%%eax), %%eax\n"
    "movl 0x0C(%%eax), %0\n"
    : "=r" (result) :: "eax"
    );
    #else
    asm volatile
    (
    "mov eax, DWORD PTR [FS:0x18]\n\t"
    "mov eax, DWORD PTR [eax + 0x30]\n\t"
    "mov %0, DWORD PTR [eax + 0x0C]\n"
    : "=r" (result) :: "eax"
    );
    #endif // INTEL_SYNTAX

    return reinterpret_cast<ProcessModuleInfo*>(result)->LoadOrder.Flink;
    #else
    reinterpret_cast<ProcessModuleInfo*>(GetPEB())->LoadOrder.Flink;
    #endif
    }
    void LinkLocalProcessModule(LDR_MODULE* module)
    {
    auto AddLink = [&](LIST_ENTRY* Link)
    {
    Link->Flink->Blink = Link;
    Link->Blink->Flink = Link;
    };
    AddLink(&module->InLoadOrderModuleList);
    AddLink(&module->InMemoryOrderModuleList);
    AddLink(&module->InInitializationOrderModuleList);
    AddLink(&module->HashTableEntry);
    }

    void UnlinkLocalProcessModule(LDR_MODULE* module)
    {
    auto RemoveLink = [](LIST_ENTRY* Link)
    {
    Link->Blink->Flink = Link->Flink;
    Link->Flink->Blink = Link->Blink;
    };
    RemoveLink(&module->InLoadOrderModuleList);
    RemoveLink(&module->InMemoryOrderModuleList);
    RemoveLink(&module->InInitializationOrderModuleList);
    RemoveLink(&module->HashTableEntry);
    }
    ERROR

    This is the part of code which have errors on X points:

    asm Xvolatile - Expected an "("
    X: "=r" (result) :: "eax" - Expected an ")"
    return reinterpret_cast<ProcessModuleInfo*>(result)->LoadOrder.Flink; -return value type does not match the function type
    asm(".att_syntax noprefix\n"); - C++ "asm" ignored, use "_asm"
    asm volatile - syntax error "volatile
    : "=r" (result) :: "eax" - "string": ilegal token on right side of "::"
    return reinterpret_cast<ProcessModuleInfo*>(result)->LoadOrder.Flink; - "return" cannot convert "_LIST_ENTRY" to "LDR_MODULE"

  11. #86
    Join Date
    May 2017
    Posts
    22
    Mentioned
    1 Post(s)
    Quoted
    15 Post(s)

    Default

    Quote Originally Posted by Brandon View Post
    I wrote an anti-jaclib hook before. I don't remember if I shared it or not but I remember writing it.. There was lots of features but the one you seem to be interested in is the MouseHook and KeyboardHook flag removal.. Below should be enough to get you started on writing your own.


    How it works? We get the game to load our code/plugin/dll (use whatever method you want). Then in DLLMain we HIDE ourselves from detection so if the game tries to detect that our module is loaded/injected, it won't. Then we hook the SetWindowsHookEx function. If the game tries to hook the mouse, return our custom hooks instead and keep a pointer to the original function (Trampoline).

    In our trampoline function, we remove the Injection Flags and call the original hook function (don't break the chain). Voila. We are undetected and our mouse and keyboard is undetected. All without the need of a driver.


    C++ Code:
    #include <windows.h>
    #include <winternl.h>
    #include <TlHelp32.h>
    #include <chrono>
    #include <thread>
     
    typedef struct _LDR_MODULE
    {
        LIST_ENTRY              InLoadOrderModuleList;
        LIST_ENTRY              InMemoryOrderModuleList;
        LIST_ENTRY              InInitializationOrderModuleList;
        PVOID                   BaseAddress;
        PVOID                   EntryPoint;
        ULONG                   SizeOfImage;
        UNICODE_STRING          FullDllName;
        UNICODE_STRING          BaseDllName;
        ULONG                   Flags;
        SHORT                   LoadCount;
        SHORT                   TlsIndex;
        LIST_ENTRY              HashTableEntry;
        ULONG                   TimeDateStamp;
    } LDR_MODULE, *PLDR_MODULE;

    typedef struct _ProcessModuleInfo
    {
        std::uint32_t Size;
        std::uint32_t Initialized;
        HANDLE SsHandle;
        LIST_ENTRY LoadOrder;
        LIST_ENTRY InitOrder;
        LIST_ENTRY MemoryOrder;
    } ProcessModuleInfo, *pProcessModuleInfo;


    void* DetourFunction(BYTE *src, const BYTE *dst, const int len);
    typedef HHOOK (__stdcall *SetWindowsHookEx_t)(int idHook, HOOKPROC lpfn, HINSTANCE hMod, DWORD dwThreadId);
    SetWindowsHookEx_t o_SetWindowsHookEx;
    HOOKPROC oMouseHookedProc = NULL;





    LDR_MODULE* GetModuleIterator()  //I use assembly here but you can remove it and use GetPEB() from WinAPI.
    {
        #ifndef _USE_GET_PEB_
            void* result = NULL;

            #ifdef INTEL_SYNTAX     /**-masm=intel**/
            asm (".intel_syntax noprefix\n");
            #else
            asm (".att_syntax noprefix\n");
            #endif // INTEL_SYNTAX

            #ifndef INTEL_SYNTAX
            asm volatile
            (
                "movl %%FS:0x18,   %%eax\n"
                "movl 0x30(%%eax), %%eax\n"
                "movl 0x0C(%%eax), %0\n"
                : "=r" (result) :: "eax"
            );
            #else
            asm volatile
            (
                "mov eax, DWORD PTR [FS:0x18]\n\t"
                "mov eax, DWORD PTR [eax + 0x30]\n\t"
                "mov %0,  DWORD PTR [eax + 0x0C]\n"
                : "=r" (result) :: "eax"
            );
            #endif // INTEL_SYNTAX

            return reinterpret_cast<ProcessModuleInfo*>(result)->LoadOrder.Flink;
        #else
            reinterpret_cast<ProcessModuleInfo*>(GetPEB())->LoadOrder.Flink;
        #endif
    }

    void LinkLocalProcessModule(LDR_MODULE* module)
    {
        auto AddLink = [&](LIST_ENTRY* Link)
        {
            Link->Flink->Blink = Link;
            Link->Blink->Flink = Link;
        };

        AddLink(&module->InLoadOrderModuleList);
        AddLink(&module->InMemoryOrderModuleList);
        AddLink(&module->InInitializationOrderModuleList);
        AddLink(&module->HashTableEntry);
    }

    void UnlinkLocalProcessModule(LDR_MODULE* module)
    {
        auto RemoveLink = [](LIST_ENTRY* Link)
        {
            Link->Blink->Flink = Link->Flink;
            Link->Flink->Blink = Link->Blink;
        };

        RemoveLink(&module->InLoadOrderModuleList);
        RemoveLink(&module->InMemoryOrderModuleList);
        RemoveLink(&module->InInitializationOrderModuleList);
        RemoveLink(&module->HashTableEntry);
    }

    void HideSelf(HMODULE self, LDR_MODULE** old)
    {
        LDR_MODULE* module = GetModuleIterator();

        while (module->BaseAddress)
        {
            if (module->BaseAddress == self)
            {
                *old = module;
                UnlinkLocalProcessModule(module);
            }

            module = reinterpret_cast<LDR_MODULE*>(module->InLoadOrderModuleList.Flink);
        }
    }


    LRESULT __stdcall mHookedProc(int Code, WPARAM wParam, LPARAM lParam)
    {
        if (Code == HC_ACTION)
        {
            MSLLHOOKSTRUCT* Info = reinterpret_cast<MSLLHOOKSTRUCT*>(lParam);
            Info->flags &= ~LLMHF_INJECTED; //remove the injected flag.
            Info->flags &= ~LLMHF_LOWER_IL_INJECTED; //remove the injected flag.
        }
        return oMouseHookedProc(Code, wParam, lParam);
    }

    HHOOK __stdcall HOOKED_SetWindowsHookEx(int idHook, HOOKPROC lpfn, HINSTANCE hMod, DWORD dwThreadId)
    {
        if (idHook == WH_MOUSE_LL)
        {
            oMouseHookedProc = (HOOKPROC)DetourFunction((unsigned char*)lpfn, (unsigned char*)&mHookedProc, 6);
        }

        return o_SetWindowsHookEx(idHook, oMouseHookedProc, hMod, dwThreadId);
    }

    void* DetourFunction (BYTE *src, const BYTE *dst, const int len)
    {
            BYTE *jmp = (BYTE*)malloc(len+5);
            DWORD dwBack;

            VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, &dwBack);
            memcpy(jmp, src, len);
            jmp += len;
            jmp[0] = 0xE9; //Assembly JMP instruction.
            *(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
            src[0] = 0xE9;
            *(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
            for (int i=5; i<len; i++)
            src[i]=0x90; //Assembly NOP instruction.
            VirtualProtect(src, len, dwBack, &dwBack);
            return (jmp-len);
    }

    void InitialiseHooks()
    {
        while(!GetModuleHandle("User32.dll")) //hook user32's SetWindowsHookEx function..
        {
            std::this_thread::sleep_for(std::chrono::milliseconds(100));
        }

        o_SetWindowsHookEx = (SetWindowsHookEx_t) GetProcAddress(GetModuleHandle("User32.dll"), "SetWindowsHookExA");
        o_SetWindowsHookEx = (SetWindowsHookEx_t) DetourFunction((unsigned char*)o_SetWindowsHookEx, (unsigned char*)&HOOKED_SetWindowsHookEx, 5);
    }






    static LDR_MODULE* me = NULL;
    DWORD __stdcall DllMain(HINSTANCE hInst, DWORD nReason, LPVOID Reserved)
    {
        switch(nReason)
        {
            case DLL_PROCESS_ATTACH:
            {
                DisableThreadLibraryCalls(hInst);
                HideSelf(hInst, &me);
                std::thread([&] {InitialiseHooks();}).detach();
            }
            break;

            case DLL_PROCESS_DETACH:
            {
                LinkLocalProcessModule(me);
            }
            break;
        }
        return TRUE;
    }

    Why do you post code whith buggs which doen not compile and claim is good?
    If you want your code to be debugged or make fun of people just say so, you have no ideea what you are doing!

  12. #87
    Join Date
    May 2012
    Location
    Glorious Nippon
    Posts
    1,011
    Mentioned
    50 Post(s)
    Quoted
    505 Post(s)

    Default

    Quote Originally Posted by pipilica View Post
    Why do you post code whith buggs which doen not compile and claim is good?
    If you want your code to be debugged or make fun of people just say so, you have no ideea what you are doing!
    Just write your own. Problem solved!

  13. #88
    Join Date
    Dec 2010
    Posts
    483
    Mentioned
    30 Post(s)
    Quoted
    328 Post(s)

    Default

    Quote Originally Posted by pipilica View Post
    Why do you post code whith buggs which doen not compile and claim is good?
    If you want your code to be debugged or make fun of people just say so, you have no ideea what you are doing!
    VS doesn't support inline-assembly styled in such a manner, and in the case of Intel 64/AMD64 doesn't support inline assembly at all.

    Unfortunately it seems the only person here with no idea what they are doing is you.

  14. #89
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default

    Quote Originally Posted by pipilica View Post
    Why do you post code whith buggs which doen not compile and claim is good?
    If you want your code to be debugged or make fun of people just say so, you have no ideea what you are doing!

    The next time you send me a message, I am going to block you for your stupidity. http://i.imgur.com/5TCRCeg.png


    You are acting like I just told you how to do it but posted no code. Be happy there is actually code there. If I have no idea what I am doing, why do you want to compile my code? Just don't use it! It's not like I'm forcing you to compile it at all. Secondly, it's not my fault you can't read: DON'T USE VISUAL STUDIO.

    If you want to use Visual Studio, you're going to have to rewrite it to remove the inline assembly OR JUST READ THE CODE:

    C++ Code:
    `#ifndef _USE_GET_PEB_`
    Assembly Code Here..
    #else
    Non-Assembly code here..
    #endif

    That will allow it to compile on Visual Studio. But of course your lazy ass couldn't see that.. You shouldn't be compiling anything you don't understand or read.

    Now never message me again. In fact, I am now going to permanently block all your messages (you're the first and only person on my ignore list).

    Have a free one on me (Project, Code, Configuration, Compiled Binary. Compiled using GCC-6.2.0-x86_64_threads-posix - https://sourceforge.net/projects/min...ingw-builds/):


    Here: Blocker.zip

    Good Bye.

    P.S. I don't want your RootKit. You can't even compile code or use code-tags. -_-
    Last edited by Brandon; 07-23-2017 at 02:53 PM.
    I am Ggzz..
    Hackintosher

  15. #90
    Join Date
    Dec 2010
    Posts
    483
    Mentioned
    30 Post(s)
    Quoted
    328 Post(s)

    Default

    Quote Originally Posted by Brandon View Post
    DON'T USE VISUAL STUDIO.
    I mean in all fairness as long as the target is x86 he could still use inline assembly within visual studio with some minor syntaxical changes and doesn't have to use GetPebAddress.

    Not that its clearly worth the time to explain that to Mr. Rootkit however. The fact x64 asm isn't supported in VS is a big pet-peeve of mine.

    https://villavu.com/forum/attachment...9&d=1497531600

  16. #91
    Join Date
    Dec 2011
    Posts
    2,147
    Mentioned
    221 Post(s)
    Quoted
    1068 Post(s)

  17. #92
    Join Date
    Oct 2012
    Posts
    1,258
    Mentioned
    40 Post(s)
    Quoted
    588 Post(s)

    Default

    Quote Originally Posted by Clarity View Post
    Damn sick burn, totally called him out on something pretty much everyone does.
    This guy jerks

  18. #93
    Join Date
    Dec 2009
    Posts
    380
    Mentioned
    0 Post(s)
    Quoted
    8 Post(s)

    Default

    Sorry to dig this thread up but...

    So is there a difference between using SMART vs. another client? Say, using AeroLib for OSRS as an example. If I botted using official client/3rd party client on a Virtual Machine vs. using SMART, would they both set the flag to 1?
    Currently: Playing OSRS legit until I get bored

  19. #94
    Join Date
    Mar 2016
    Posts
    9
    Mentioned
    0 Post(s)
    Quoted
    2 Post(s)

    Default

    Not sure how wine works, but can the same be achieved on simulated OSRS by wine on unix?

  20. #95
    Join Date
    Mar 2017
    Posts
    32
    Mentioned
    1 Post(s)
    Quoted
    10 Post(s)

    Default

    i think both would set off the hardware mouse, using the OSRS client is useful if you assume jagex is detecting clients

  21. #96
    Join Date
    Dec 2011
    Posts
    2,147
    Mentioned
    221 Post(s)
    Quoted
    1068 Post(s)

    Default

    Been discussed a lot on Discord, but perhaps it would be good for someone to firmly answer on this thread:
    If Simba is running on a host computer, and clicks into a VM that has an official RuneScape client running, is it seen as a hardware click, or a virtual/generated click?

  22. #97
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default

    Quote Originally Posted by Clarity View Post
    Been discussed a lot on Discord, but perhaps it would be good for someone to firmly answer on this thread:
    If Simba is running on a host computer, and clicks into a VM that has an official RuneScape client running, is it seen as a hardware click, or a virtual/generated click?

    When you click into a VM, a virtual click is generated by the VM (regardless of Simba or not).. Even hardware clicks are interpreted by VMWare as a virtual click. At least, that was my experience a few years back. I haven't tested this recently.
    I am Ggzz..
    Hackintosher

  23. #98
    Join Date
    Dec 2007
    Posts
    2,112
    Mentioned
    71 Post(s)
    Quoted
    580 Post(s)

    Default

    Quote Originally Posted by Brandon View Post
    When you click into a VM, a virtual click is generated by the VM (regardless of Simba or not).. Even hardware clicks are interpreted by VMWare as a virtual click. At least, that was my experience a few years back. I haven't tested this recently.
    Isn't it dependent on the installed mouse driver? I believe you can perfectly forward HID devices to some VMs (host system loses access to that usb). I also remember reading that default interaction acts as PS/2 input.


    http://www.drdobbs.com/windows/insid...stem/184408943
    For anyone interested in learning how the system event queue works in windows. A little outdated.

  24. #99
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default

    Quote Originally Posted by Kasi View Post
    Isn't it dependent on the installed mouse driver? I believe you can perfectly forward HID devices to some VMs (host system loses access to that usb). I also remember reading that default interaction acts as PS/2 input.


    http://www.drdobbs.com/windows/insid...stem/184408943
    For anyone interested in learning how the system event queue works in windows. A little outdated.

    Correct, but this is under the assumption that the USB is no longer part of the host? If it belongs to the VM that will indeed generate HID.
    However, if the USB port still belongs to the host (the mouse is controlling the host, and not just the guest), then I'm sure it will show as virtual in the guest. At least, that has been my experience.
    I am Ggzz..
    Hackintosher

  25. #100
    Join Date
    Jan 2016
    Posts
    10
    Mentioned
    1 Post(s)
    Quoted
    5 Post(s)

    Default

    Quote Originally Posted by Brandon View Post
    if the USB port still belongs to the host (the mouse is controlling the host, and not just the guest), then I'm sure it will show as virtual in the guest. At least, that has been my experience.
    http://www.altaro.com/hyper-v/hyper-v-usb/

    I'm no Microsoft user, but it looks like it's possible to enable direct USB passthrough to level 2 hypervisor/VM in Windows. I know it's possible on linux to attach a physical or create a virtual mouse in the host, passthrough to the VM, and no one is the wiser.

Page 4 of 6 FirstFirst ... 23456 LastLast

Thread Information

Users Browsing this Thread

There are currently 3 users browsing this thread. (0 members and 3 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •