PDA

View Full Version : Perma vs. Crytical



Crytical
09-25-2006, 05:09 AM
First I need to fix this and quote CarrierZ

Well, for Warcraft III Blizzard uses DMC (Dynamic Memory Checks) For look if someone changing the memory of Warcraft 3, and if they detect you do, then you will get flagged and soon banned.

Wrong! There is an offset banlist, only specific offsets that have previously been detected are detected again. And what they do is check to make sure the byte count remains the same. Besides, "Dynamic Memory Checks" Lol? You know what Dynamic Memory is? Doesn't look like you have much sense of that, DMC would make NO sense.

Secondly, that maphack isn't your work. For everyone else to realize, Carrierz is a lamer from another web site I can give you to prove it if you PM me out of curiosity.

Third, Cryticalerror.com is a great place for hacks. The old 0-0 Drophack was written by them, and they have two Maphacks currently, both are completely safe on War3. Good team for security programming as well as gamehacking. But to get the best of the gear, it's a paid membership, beings it's 100% safe and nice etc.


Warden is still pretty junky and beatable. One of the biggest problems is just attaching a DLL to the active process War3 with that OpenProcess protection they use (like Starcraft but more intense.) However it is avoidable also, easily by a lot of public releases, and even by the Injector I'm writing myself. I am the Admin @Cryticalerror.com to introduce myself.

Sight
09-25-2006, 02:18 PM
Hello.

SC_Modder
09-25-2006, 02:22 PM
Uhh, enjoy your stay at BWhacks? :P

What sort of OpenProcess protection do they have anyhow? I'm curious.

Crytical
09-25-2006, 03:20 PM
Thank you! And the same as Starcraft in a sense..they disabled debug privelages and you have to manually re-enable them. I've heard a few other methods but don't know them well enough to tell you. The typical, and most common, form of injection - primarily using VB - is what was prevented now by Blizzard. So we need more. I know it's best accomplished in mASM but I suppose VB etc can still do it.

Really the problem = You fail to inject DLLs way more often.

And yes, being the Admin @Crytical I am also the writer of the Drophack and two maphacks, one of the maphacks still being fully safe on Ladder, heh.

Mystic Videl
09-25-2006, 03:34 PM
Welcome to the website, nice little addition you threw out oo.

bulk_4me
09-26-2006, 07:25 AM
You have non-ladder stuff on your forum. =O

Crytical
09-26-2006, 11:53 AM
A lot of Non of course. But using it on ladder = you're banned hah. If you like custom gaming..I could write you a simple MapHack example (open source even!) and upload it here, also, Eventually. Should be a good contribution to bwhacks.

test-acc
09-26-2006, 12:25 PM
Whack a tutorial for it and its gogogo.

Crytical
09-26-2006, 01:56 PM
The ladder stuff is on a PRIVATE board like I said, only honored member stauts and higher can view! haha. And i'll think this tut over for sure, where would it be released?

Crytical
09-26-2006, 02:43 PM
I'm still thinking all of this over, but i wrote something similar to it for you guys, I suppose a tutorial haha!

Here:

http://bwhacks.com/forums/showthread.php?p=325174#post325174

SubZero
09-27-2006, 08:00 AM
Hey Critical, we spoke breifly on gamehacking.com

Evil_Himmler
09-27-2006, 09:19 AM
anyone know if about making a clan channel on battle net....they have told me 10 wc3 cd keys will get it done.

Sight
09-27-2006, 05:33 PM
anyone know if about making a clan channel on battle net....they have told me 10 wc3 cd keys will get it done.
HUH? 10 wc3 keys WILL get it done, now gtfo and stop trying to hi-jack this thread. Anyways back on topic!

Perma
09-27-2006, 08:21 PM
Warden is still pretty junky and beatable.

Hardly.


The typical, and most common, form of injection - primarily using VB - is what was prevented now by Blizzard.

The injection method isn't language specific and all utilized the same set of API calls up until the patch. There was actually only one Visual Basic injection program I ever saw, and it was written by Warz.

Crytical
10-08-2006, 07:51 PM
The injection method isn't language specific



I didn't say it was. You're right but you're not seeing why: It is related to Win32 instead of a specific language, and the language you use to achieve that goal is simply a tool. There are many different ways, and of course different beings they are different languages. Different forms of using the same functions, even, if you get technical. I've seen about three methods of injection, and of course we were attempting to beat OpenProcess protection and debug restrictions long before Starcraft decided to move to them just like Warcraft has used for a long period of time. Try to be open minded here; you can use DLL attachment, or create a new process (This is already different then SetWindowsEx for achieveing the same goal) to write memory, or even through debugging; you can write memory to a game/process in many different ways, that is my point, "injection" is a broader term then you are allowing it to be. Your lack of experience in the field I am in with Warcraft 3 and Warden is causing this msicommunication. Warden has many flaws that are avoidable, I could list about four.



Has an accessible list of offsets to scan and ban if changed
Won't ban them as long as the correct number of bytes exists
Is running from a client-sided file that can be interrupted
It's a bluff that it can bust your hack if you're the only one using it - it has to bust your hack first-hand or becuase they caught you debugging in a ladder game


This post is only to enlighten people, enjoy.

Perma
10-08-2006, 09:37 PM
It's SetWindowsHookEx.

We are talking about mapping a DLL into a target's process, so the term is no broader than I am allowing it to be. You're right, I'm quite inexperienced in dealing with Warden. I am, however, knowledgable enough to know that you are talking completely out of your ass because:


Actual Warden software connects to a remote server to compare against a server-stored banlist
The program maintains comminucation and cannot be interrupted


Now, avoid being egotistical on these forums. I put up with it on your little community but won't hesitate to humiliate you here. If you think we all believe that you achieved at a rudimentary level in a few weeks what experienced hackers have worked months to accomplish, you've got another thing coming.

gamepin126
10-08-2006, 11:42 PM
cannot
I've learned to not use that word anymore. Especially when something relies on a remote server for any kind of auth/checks.

Just saying.

Crytical
10-09-2006, 03:04 AM
1 is true, I left it out. It is indeed in two parts, client and server.
2 is false, your closed minded just becuase it isn't possible for you. I know someone who found how to almost completely disable it.

And for the last part - you've got me beat there, your ego > mine.

bulk_4me
10-09-2006, 06:42 AM
2 is false, your closed minded just becuase it isn't possible for you. I know someone who found how to almost completely disable it.
Got froghack?

Perma
10-09-2006, 07:27 AM
And yes, being the Admin @Crytical I am also the writer of the Drophack and two maphacks, one of the maphacks still being fully safe on Ladder, heh.

More like you're a code stealing bastard who changed a single address from shadowfrench's maphack and called it your own, am I right? Heh. You're so full of **** you believe yourself.

Crytical
10-09-2006, 02:23 PM
Wow lol, you really want to bring that 3-page MSN arguement here?

Look at you dude. The all so gloried Permaphrost. You are the egotistical one. You have done no more then me in reversing, sure with programming yes, but not hacking wise. I've tapped D1 just as good, SC almost as good, and War3 better. Not to mention of course your SC codes were given to you by two other people, who have no idea why you're so over-rated. The MapHack i achieved through studying others, fact, but it is ladder-safe and different. However, the DropHack was completley my work, Win32DASM can be quite helpful. I had to do everything myself for War3, studying and all - you didn't do near that much for you so famed Starcraft. I have everything I need to back it up, including people. You can't get anyone to side with you that they know for a fact I stole credit - just you. I can get two of your closest people to say you ripped most of your work. You use MSDN, Google, and were given a lot of lessons and studied a bit so you learned some things. You've never proven to be more then my equivelant, except your ego outwhitts mine, maybe you can outbluff me?

Anywho, stop adding on nonsense, you're so immature - always trying to get the last word, my last comment wasn't even pointed at you dude, just furthering there information, sad sad.

Perma
10-09-2006, 05:04 PM
EDIT: Don't worry, Crytical, this isn't a personal attack on you. I'm just "furthering everyone's information" that you don't know a god damn thing.

I'm the egotistical one, hey? I don't recall flaunting abilities around on a forum that I don't actually possess.


However, the DropHack was completley my work, Win32DASM can be quite helpful. I had to do everything myself for War3, studying and all - you didn't do near that much for you so famed Starcraft.

You've got me there. I could never be as talented as you; please teach me the art of opening a disassembler. You're right, glancing at a disassembly is far more work than the hours of painstaking debugging I've put into Starcraft. Silly me!


I've tapped D1 just as good, SC almost as good, and War3 better.

Totally, if you mean you've never done anything on your own for any of those three titles and are often too inept to even make stolen code work properly.

The only thing you ever made for Starcraft was a rudimentary mineral hack that only worked on single player, which I walked you through creating, and all of your work in Diablo was based off of mine or someone else's. It took you a full year to figure out how to use TSearch for ****'s sake, and now you authored a maphack? Right.


You use MSDN, Google, and were given a lot of lessons and studied a bit so you learned some things. You've never proven to be more then my equivelant...

I was never given lessons, however you're correct, I studied a great deal. I don't know if you're aware, but that's how you learn things. You, on the other hand, were incapable of learning on your own and paid Jinx[Le] to teach you assembly, and yet you still cannot grasp even the most basic concepts.

I would be happy to prove that you know nothing. Oh, damn - I've already done that by correcting just about every post you make on these forums and yours. I'm frankly amazed you have intelligence enough to operate a computer, nevermind program.


Not to mention of course your SC codes were given to you by two other people, who have no idea why you're so over-rated.

Really? Weird. The only person who ever outsourced anything exclusively to me was Zynastor, and I haven't used any of those sources for a long time. In fact, the only source that made it to a public release was his command engine.


You have done no more then me in reversing, sure with programming yes, but not hacking wise.

Uh. Right. Hell, I probably did more reversing today alone than you did in your entire life.

If you want to try and make yourself sound like some badass hacker, go back to the idiots on your forums. I'm not going to tolerate it here and, fortunately, a lot of this community has already picked up on your stupidity. Now, you have my permission to go die.

Crytical
10-09-2006, 05:42 PM
This is where I apologize to everyone else for me and Perma's fueding. I'm going to be nice and fair here and treat him as my equal. We were friends until he tricked me and backstabbed me and scammed 20$ out of me...i'm the second person he digustingly backstabbed, so I can't help but be a little jumpy, sorry. My mistake for trusting him. Hopefully you all won't do the same.


EDIT: Don't worry, Crytical, this isn't a personal attack on you. I'm just "furthering everyone's information" that you don't know a god damn thing.

I have more evidence against you then you have against me. Besides, I'm actually doing something with what I know, if you noticed.



You've got me there. I could never be as talented as you; please teach me the art of opening a disassembler. You're right, glancing at a disassembly is far more work than the hours of painstaking debugging I've put into Starcraft. Silly me!


I have no need to rip here, we both can make basic things on our own, It's fact. Like I said, I don't say I'm better then you, but equal at least.


Totally, if you mean you've never done anything on your own for any of those three titles and are often too inept to even make stolen code work properly.

I was the first to do and release quite a few things, just as you were. In the end though, we have a stalemate, our famous Parsers, we both ripped Pauls original source then added on our own unique features, each are pretty creative. And just the other night I was working with a friend, and off the top of my head, with the pointer he gave me, I easily put together a Level Revolver for Diablo 1 within seconds, it's an easy game...


[qutote]I was never given lessons, however you're correct,[/quote]

As far as this nifty little paragraph goes, minus the inaccuracies, getting lessons and researching, we've both learned the same exact way. Another equivelant.


Not to mention of course your SC codes were given to you by two other people, who have no idea why you're so over-rated.


You didn't make any point here for me to comment, besides agreeing with both of ourselves.


Uh. Right. Hell, I probably did more reversing today alone than you did in your entire life.

If we compared and backed it up, instead of just stating things, like we both sadly are, I'm sure it'd be nearly equal, i'm ready to do that anytime you are.

Perma
10-09-2006, 06:18 PM
I figured I earned the $20 letting you steal all of my source code and claim it as yours.


I have more evidence against you then you have against me. Besides, I'm actually doing something with what I know, if you noticed.

Really? Post some. I don't need to post any yet because me correcting you is evidence enough. I'm not going to address the rest of your post because I'd just have to reiterate whatever I said earlier.

I'm going to let you believe you're better than me because, like a friend once told me, "Those who can, will, and those who cannot will just steal code." You will never be the first to do anything.

bulk_4me
10-09-2006, 06:20 PM
EDIT: Don't worry, Crytical, this isn't a personal attack on you. I'm just "furthering everyone's information" that you don't know a god damn thing.
:wow:


The only thing you ever made for Starcraft was a rudimentary mineral hack that only worked on single player, which I walked you through creating, and all of your work in Diablo was based off of mine or someone else's. It took you a full year to figure out how to use TSearch for ****'s sake, and now you authored a maphack? Right.
:lol:


I was never given lessons, however you're correct, I studied a great deal. I don't know if you're aware, but that's how you learn things. You, on the other hand, were incapable of learning on your own and paid Jinx[Le] to teach you assembly, and yet you still cannot grasp even the most basic concepts.
:lol: x 9999

Crytical
10-09-2006, 06:22 PM
I figured I earned the $20 letting you steal all of my source code and claim it as yours.

BUSTED! "It was written by Warz, give him credit" Hhahaha 1st) You told me i could release the program just credit you and Warz. Second you KNOW Warz wrote it not you. Third i have a billion MSN logs to support. Fourth you know that's B.S. straight up you're a pathetic liar.



Really? Post some. I don't need to post any yet because me correcting you is evidence enough. More logs I donno if I should reveal this to you yet but if you're not scared get on MSN And I will ;)


And you said you have a lack of self-motivation. It's mutual. But paying for lessons? I deny that straight up. But it won't matter becuase of your thick skull.

Why doesn't a Mod actually do their job and lock this topic? Please.

Perma
10-09-2006, 06:58 PM
BUSTED! "It was written by Warz, give him credit" Hhahaha 1st) You told me i could release the program just credit you and Warz. Second you KNOW Warz wrote it not you. Third i have a billion MSN logs to support. Fourth you know that's B.S. straight up you're a pathetic liar.

I was referring to everything you ever did for Starcraft and Diablo. But okay.



More logs I donno if I should reveal this to you yet but if you're not scared get on MSN And I will ;)


And you said you have a lack of self-motivation. It's mutual. But paying for lessons? I deny that straight up. But it won't matter becuase of your thick skull.

You deny paying for lessons, hey? Okay then.

Crytical
10-10-2006, 03:01 PM
Kind of funny how you immaturely make a post here about something we discussed on MSN Last night. You know for a fact we compared all of our work and i'll again admit equivelance, but it did look bad on your part, heh.

Perma
10-10-2006, 06:25 PM
That's weird. I remember you rambling off a bunch of nonsense about all these TSearch edits you've done and then I explained to you how much that sucks. We compared work?

Crytical
10-10-2006, 08:59 PM
Sure. But you make it sound like all I did was edit values with T-Search or something. I indeed continued to breakpoint and study to advance the hacks, and put them in Address/Mnemonic form.

You're soo elite you can hack without ever needing a memory searcher? You are better!

pandas
10-12-2006, 09:21 AM
*cough*


Perhaps trying to acess EBP-74h through ECX is just a bad idea. I'm personally not sure why'd you use ECX, there must be another way to access it. Think programmatically for an alternative.

I wonder how this guy managed to even convert a maphack...

Lord_Nicon
10-12-2006, 02:55 PM
*cough*



I wonder how this guy managed to even convert a maphack...


i wonder if this guys ever heard of ASM

Perma
10-12-2006, 03:13 PM
*cough*



I wonder how this guy managed to even convert a maphack...

I'm still trying to figure that one out. Probably paid someone to do it for him. But apparently he made his new maphack completely from scratch by searching for text strings.

He's amazing, no?

Crytical
10-12-2006, 04:44 PM
Wow you guys caught me ^.^. Powerful detection skills...I just decided I don't care for criticizm or to argue anymore considering i actually putout for my community and achieve my goals no problem. when i see almost none of you do anything whatsoever. so even if you know more, i'm producing more with what I do. have fun. I'm very self-confident, that's all I need. And i'll help anyone who asks for the help.

(Not counting the bwhacks officials making the awesome inhal etc, good work - this was aimed at active community)

Besides..
Originally Posted by Crytical View Post
Perhaps trying to acess EBP-74h through ECX is just a bad idea. I'm personally not sure why'd you use ECX, there must be another way to access it. Think programmatically for an alternative.


I don't recall what this was about..but I personally seem to do fine with stack frames vs local variables etc. Also..I havent met someome to pay to make my war3 maphack for me. I mean perma will do anything for money, even his mom, but he's not capable of making a war3 maphack so...sorry :P

Perma
10-12-2006, 05:53 PM
Don't speak too soon. By the way, check the downloads forum. Obviously you don't pay much attention to our releases, or the fact that we accurately answer hundreds of programming and hacking related questions. Shame on us for doing so little for our community.

Go back to string searching, assmonger.

Crytical
10-12-2006, 07:07 PM
You totally weont overboard with my words...And you obviouslly lack reading skills to see the large exception. I was only targetting a minority, mostly you and some fooled people, is all. Not bashing BWH at all. I like it.

Perma
10-12-2006, 08:00 PM
By we, I was referring only to me and pandas and not at all encompassing the vast majority of the community who also actively help.


Wow you guys caught me ^.^. Powerful detection skills...I just decided I don't care for criticizm or to argue anymore considering i actually putout for my community and achieve my goals no problem. when i see almost none of you do anything whatsoever. so even if you know more, i'm producing more with what I do. have fun. I'm very self-confident, that's all I need. And i'll help anyone who asks for the help.

(Not counting the bwhacks officials making the awesome inhal etc, good work - this was aimed at active community)


I was only targetting a minority, mostly you and some fooled people, is all.

Right...


I mean perma will do anything for money, even his mom, but he's not capable of making a war3 maphack so...sorry :P

At least my intentions are useful. The only thing you're trying to achieve is a hollow fame that will never have substance so long as you lie to yourself and everyone else. By the way, I'm sure I could make a maphack in a few minutes.

After all, you just have to search for strings, right? :rolleyes:

StarCrap
10-12-2006, 10:34 PM
Jesus, map hacks are so easy to make. I think I made one in my sleep last night, but deleted it this morning in self-disgust. I was disgusted that I even made something so simple in my sleep. I expect more of myself. Once, I made a maphack entirely in hex edit, and mirc script. It was teh hax.

SubZero
10-13-2006, 01:10 AM
Roflcopter.

HTML maphack > you.

Perma
10-13-2006, 06:22 AM
So, Crytical. I was reversing your maphack that you released on your site, and couldn't help but notice some irregularities. The first thing that caught my eyes was this:


* Possible StringData Ref from Data Obj ->"DiabloClass"

It seems as though your additional thread looks for Diablo's window. Continuing through the code, I started to notice some really familiar functions.


:100010C4 80392F cmp byte ptr [ecx], 2F
:100010C7 7540 jne 10001109
:100010C9 60 pushad
:100010CA 8BF1 mov esi, ecx
:100010CC BD21110010 mov ebp, 10001121
:100010D1 BBD8100010 mov ebx, 100010D8
:100010D6 FFE5 jmp ebp
:100010D8 8A4101 mov al, byte ptr [ecx+01]
:100010DB 8A17 mov dl, byte ptr [edi]
:100010DD 84D2 test dl, dl
:100010DF 7416 je 100010F7
:100010E1 38C2 cmp dl, al
:100010E3 740E je 100010F3
:100010E5 80C220 add dl, 20
:100010E8 38C2 cmp dl, al
:100010EA 7407 je 100010F3
:100010EC 80EA40 sub dl, 40
:100010EF 38C2 cmp dl, al
:100010F1 7527 jne 1000111A

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:100010E3(C), :100010EA(C)
|
:100010F3 47 inc edi
:100010F4 41 inc ecx
:100010F5 FFE3 jmp ebx

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:100010DF(C)
|
:100010F7 8A57FF mov dl, byte ptr [edi-01]
:100010FA 80FA20 cmp dl, 20
:100010FD 7404 je 10001103
:100010FF 84C0 test al, al
:10001101 7517 jne 1000111A

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:100010FD(C)
|
:10001103 FF5508 call [ebp+08]
:10001106 61 popad
:10001107 B001 mov al, 01

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:100010C7(C)
|
:10001109 80392F cmp byte ptr [ecx], 2F
:1000110C 7406 je 10001114
:1000110E FF2503300010 jmp dword ptr [10003003]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1000110C(C)
|
:10001114 FF2507300010 jmp dword ptr [10003007]


This one caught my eye next. It's, in fact, the exact source code of a Diablo command interpreter that I released at my site. Not sure why you'd throw that in there!


:1000114B 803835 cmp byte ptr [eax], 35
:1000114E 7419 je 10001169
:10001150 803836 cmp byte ptr [eax], 36
:10001153 7414 je 10001169
:10001155 803801 cmp byte ptr [eax], 01
:10001158 740F je 10001169
:1000115A 803802 cmp byte ptr [eax], 02
:1000115D 740A je 10001169
:1000115F 80384E cmp byte ptr [eax], 4E
:10001162 7405 je 10001169
:10001164 80384C cmp byte ptr [eax], 4C
:10001167 750B jne 10001174


The iteration through checking packets in Diablo. Again, directly from my source. Then I started noticing all of the string references:


* Possible StringData Ref from Data Obj ->"[Fear.dll] Inbound packet 0x%s "
->"has been blocked."

* Possible StringData Ref from Data Obj ->"[Fear.dll] Packet alerts will "
->"not be displayed."

* Possible StringData Ref from Data Obj ->"[Fear.dll] Packet alerts will "
->"be displayed on the screen."

Noticing a pattern yet? I am. Looks to me like it's all my work. In fact, the only part of the hack that I didn't recognize was this function below:


* Referenced by a CALL at Address:
|:10001184
|
:10001308 55 push ebp
:10001309 8BEC mov ebp, esp
:1000130B 56 push esi
:1000130C 8B550C mov edx, dword ptr [ebp+0C]
:1000130F 8B7508 mov esi, dword ptr [ebp+08]
:10001312 33C0 xor eax, eax
:10001314 33C9 xor ecx, ecx
:10001316 884208 mov byte ptr [edx+08], al
:10001319 B107 mov cl, 07

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1000132B(C)
|
:1000131B 8BC6 mov eax, esi
:1000131D 240F and al, 0F
:1000131F 3C0A cmp al, 0A
:10001321 1C69 sbb al, 69
:10001323 2F das
:10001324 880411 mov byte ptr [ecx+edx], al
:10001327 C1EE04 shr esi, 04
:1000132A 49 dec ecx
:1000132B 79EE jns 1000131B
:1000132D 5E pop esi
:1000132E C9 leave
:1000132F C20800 ret 0008

I'll be installing Warcraft III later this afternoon to ascertain the function of this particular code, and then I'll be releasing the full source and instructions to it later, if it even does anything. Then I'll probably take a stab at reversing that drophack you posted on your site to see if it's stolen, too.

For more information on how Crytical stole his maphack, see here (http://www.permaonline.com/myspace/crytical1.gif).
You can view the full disassembly to his maphack and look for yourself here (http://www.permaonline.com/files/LightMH2.alf).

test-acc
10-13-2006, 08:18 AM
"You must spread some Reputation around before giving it to Perma again"

Nice work.

Crytical
10-13-2006, 08:47 AM
1st - > It's Drakken or w/e's .DLL Template I used. Same one I posted in my tutorial on this site before you tried bashing me for using it so haha, I only claim credit for the maphack - not the .DLL template i compiled with my asm inside of it. It's in no way your work, don't steal those guy's credit.

2nd - > You can't do crap on War3. Stop pretending I can't just becuase i use someone elses loader/dll template.

3rd -
Then I'll probably take a stab at reversing that drophack you posted on your site to see if it's stolen, too.

Please do :) The offsets/ASM I used is 100% mine (for drophack). You can bash the fact I used someone elses injector and someone elses .DLL template all you want, but the fact that it's MY offsets/ASM is something you can't disprove, if you actually do find exactly what I did, then you will know for sure becuase it won't match anything else, thank you have fun good luck can't wait to see you prove my point. And for the maphack, my public one isn't all mine of course..but the private one my Honored Members still use safely on ladder is another story, something you'll never get to dasm becuase you're scum only fools trust.


I hope no one here is actually stupid enough to think just becuase you're finding some wierd things about how I might have used another .DLL template or loader has ANYTHING WHATSOEVER to do with the Hack not being mine?

You try to make such a joke out of the string search thing just becuase you obviouslly can't comprehend what I was getting at and because you're guessing I'm talking about your poor level of string searching which isn't capable of achieving what I did right? I meant something furhter.

Stop the immature, jealous, rage, Perma. And LOL? You proved I own you - you sunk so low as to post MSN logs. End of game I win.

Perma
10-13-2006, 11:40 AM
This is a game? That's funny. I thought this was me accurately disproving your claim to have a brain stem. Your post was largely pre-pubescent whining, so I'll just disregard that and continue with my reversing analysis.

The file contains all of the source code of Fear, the Diablo plugin I wrote and open sourced on my website. That's undeniable. You didn't even have intelligence enough to remove those features? What's the matter, had some basic compilation errors and didn't know how to correct them? You didn't even change the classname that was passed to FindWindow!

Anyway, I decided to cross reference Fear's disassembly against yours. I was wrong about the previous function, it's in Fear. The only difference in your file is the following:


* Referenced by a CALL at Address:
|:10001248
|
:1000126D 6A01 push 00000001
:1000126F 684A310010 push 1000314A
:10001274 6823092A6F push 6F2A0923
:10001279 E882FDFFFF call 10001000
:1000127E 6A02 push 00000002
:10001280 684B310010 push 1000314B
:10001285 6824092A6F push 6F2A0924
:1000128A E871FDFFFF call 10001000
:1000128F 6A01 push 00000001 |
:10001291 684D310010 push 1000314D
:10001296 6826092A6F push 6F2A0926
:1000129B E860FDFFFF call 10001000
:100012A0 6A02 push 00000002
:100012A2 684E310010 push 1000314E
:100012A7 6827092A6F push 6F2A0927
:100012AC E84FFDFFFF call 10001000
:100012B1 6A01 push 00000001
:100012B3 6850310010 push 10003150
:100012B8 68E8D4176F push 6F17D4E8
:100012BD E83EFDFFFF call 10001000
:100012C2 6A01 push 00000001
:100012C4 6851310010 push 10003151
:100012C9 68E9D4176F push 6F17D4E9
:100012CE E82DFDFFFF call 10001000
:100012D3 6A01 push 00000001
:100012D5 6852310010 push 10003152
:100012DA 68EAD4176F push 6F17D4EA
:100012DF E81CFDFFFF call 10001000
:100012E4 6A01 push 00000001
:100012E6 6853310010 push 10003153
:100012EB 68EBD4176F push 6F17D4EB
:100012F0 E80BFDFFFF call 10001000
:100012F5 6A02 push 00000002
:100012F7 6854310010 push 10003154
:100012FC 68ECD4176F push 6F17D4EC
:10001301 E8FAFCFFFF call 10001000
:10001306 C3 ret


This is a table of local variables to be written to Warcraft 3 on the file's startup. It's easy enough to interpret. The format is as follows:


push [length]
push [local variable]
push [target address]
call 10001000

The function at 10001000 is the WriteMem function from the template that Crytical used to create this file. So, essentially, there are no hooks - no additional code. No sign of intelligence. I'm on my lunch break at work but when I return I will post the values of each variable that's being written so that everyone can make their own stolen maphacks.

Also, if anyone knows where I can get an up to date copy of a maphack written by shadowfrench, I'd love to reverse that as well and cross reference the two pieces of work. Send me a private message if you do.

You can find the disassembly of Fear that I used to cross reference here (http://www.permaonline.com/files/Fear.alf).
I released Fear, a Diablo packet manipulation tool, open source a while back. It's available here (http://www.permaonline.com/files/fearsrc.zip).

bulk_4me
10-13-2006, 02:26 PM
http://www.securegamers.com/shadowfrench/

Crytical
10-13-2006, 04:41 PM
Wow wierd. He doesn't have any drophacks! Anywho...I just realized, beings the DropHack was patched from ladder, it's no longer of use to me. If anyone would like me to give them the source and offset to prove I wrote it myself, and it is unique in every way, Feel free to PM me. Also I respect privacy unlike Perma, So I won't post his newby logs.


Next. You guys should read this (I'm leaving):


http://www.bwhacks.com/forums/showthread.php?p=334816#post334816

bulk_4me
10-13-2006, 04:45 PM
Mmmmkay...

Perma
10-13-2006, 05:25 PM
Thank you to bulk and test-acc for providing me with links. After a few minutes reading through the disassembly of shadowfrench's maphack (http://www.permaonline.com/files/Shadowfrench.alf), I came across a similar table of addresses that he had stored. There were several of these tables linked together for different versions of the game. The most recent version is listed below.


* Possible StringData Ref from Code Obj ->"1.20e"
|
:0040DE65 68FC374000 push 004037FC
:0040DE6A FFD7 call edi
:0040DE6C 85C0 test eax, eax
:0040DE6E 0F85D4020000 jne 0040E148

* Reference To: MSVBVM60.__vbaUI1I2, Ord:0000h
|
:0040DE74 8B3580104000 mov esi, dword ptr [00401080]
:0040DE7A B9E8000000 mov ecx, 000000E8
:0040DE7F C785C4FEFFFF306B406F mov dword ptr [ebp+FFFFFEC4], 6F406B30
:0040DE89 C785C8FEFFFF4E6B406F mov dword ptr [ebp+FFFFFEC8], 6F406B4E
:0040DE93 C785CCFEFFFF536B406F mov dword ptr [ebp+FFFFFECC], 6F406B53
:0040DE9D C785D0FEFFFFC5072A6F mov dword ptr [ebp+FFFFFED0], 6F2A07C5
:0040DEA7 C785D4FEFFFFC8072A6F mov dword ptr [ebp+FFFFFED4], 6F2A07C8
:0040DEB1 C785BCFEFFFF23092A6F mov dword ptr [ebp+FFFFFEBC], 6F2A0923
:0040DEBB C785C0FEFFFF26092A6F mov dword ptr [ebp+FFFFFEC0], 6F2A0926
:0040DEC5 C785D8FEFFFF338E306F mov dword ptr [ebp+FFFFFED8], 6F308E33
:0040DECF C785DCFEFFFF3A8E306F mov dword ptr [ebp+FFFFFEDC], 6F308E3A
:0040DED9 C785E0FEFFFF2543076F mov dword ptr [ebp+FFFFFEE0], 6F074325
:0040DEE3 C785E4FEFFFF2B43076F mov dword ptr [ebp+FFFFFEE4], 6F07432B
:0040DEED C785E8FEFFFFDCE6176F mov dword ptr [ebp+FFFFFEE8], 6F17E6DC
:0040DEF7 C785ECFEFFFFE2E6176F mov dword ptr [ebp+FFFFFEEC], 6F17E6E2
:0040DF01 C785F0FEFFFFD535076F mov dword ptr [ebp+FFFFFEF0], 6F0735D5
:0040DF0B C785F4FEFFFFE135076F mov dword ptr [ebp+FFFFFEF4], 6F0735E1
:0040DF15 C78530FFFFFFFCFE296F mov dword ptr [ebp+FFFFFF30], 6F29FEFC
:0040DF1F C78534FFFFFF14FF296F mov dword ptr [ebp+FFFFFF34], 6F29FF14
:0040DF29 C7853CFFFFFF127C146F mov dword ptr [ebp+FFFFFF3C], 6F147C12
:0040DF33 C78540FFFFFF177C146F mov dword ptr [ebp+FFFFFF40], 6F147C17
:0040DF3D C78544FFFFFFF486146F mov dword ptr [ebp+FFFFFF44], 6F1486F4
:0040DF47 C78548FFFFFFFB86146F mov dword ptr [ebp+FFFFFF48], 6F1486FB
:0040DF51 C7854CFFFFFFF769406F mov dword ptr [ebp+FFFFFF4C], 6F4069F7
:0040DF5B C78550FFFFFFD07C146F mov dword ptr [ebp+FFFFFF50], 6F147CD0
:0040DF65 C78554FFFFFFC41C326F mov dword ptr [ebp+FFFFFF54], 6F321CC4
:0040DF6F C78558FFFFFFC61C326F mov dword ptr [ebp+FFFFFF58], 6F321CC6
:0040DF79 C7855CFFFFFFD71C326F mov dword ptr [ebp+FFFFFF5C], 6F321CD7
:0040DF83 C78560FFFFFFD91C326F mov dword ptr [ebp+FFFFFF60], 6F321CD9
:0040DF8D C78564FFFFFFDD4D126F mov dword ptr [ebp+FFFFFF64], 6F124DDD
:0040DF97 C78568FFFFFFDF4D126F mov dword ptr [ebp+FFFFFF68], 6F124DDF
:0040DFA1 C78538FFFFFFA891146F mov dword ptr [ebp+FFFFFF38], 6F1491A8
:0040DFAB C7850CFFFFFFA7D51B6F mov dword ptr [ebp+FFFFFF0C], 6F1BD5A7
:0040DFB5 C78510FFFFFFBBD51B6F mov dword ptr [ebp+FFFFFF10], 6F1BD5BB
:0040DFBF C78514FFFFFF5E6E166F mov dword ptr [ebp+FFFFFF14], 6F166E5E
:0040DFC9 C78518FFFFFF0AFE166F mov dword ptr [ebp+FFFFFF18], 6F16FE0A
:0040DFD3 C7851CFFFFFF18DC126F mov dword ptr [ebp+FFFFFF1C], 6F12DC18
:0040DFDD C78520FFFFFF58DC126F mov dword ptr [ebp+FFFFFF20], 6F12DC58
:0040DFE7 C78528FFFFFF33F1176F mov dword ptr [ebp+FFFFFF28], 6F17F133
:0040DFF1 C7852CFFFFFF50F1176F mov dword ptr [ebp+FFFFFF2C], 6F17F150
:0040DFFB C78524FFFFFFFCCF1A6F mov dword ptr [ebp+FFFFFF24], 6F1ACFFC
:0040E005 C785F8FEFFFFE8D4176F mov dword ptr [ebp+FFFFFEF8], 6F17D4E8
:0040E00F FFD6 call esi
:0040E011 B95F000000 mov ecx, 0000005F
:0040E016 8885FCFEFFFF mov byte ptr [ebp+FFFFFEFC], al
:0040E01C FFD6 call esi
:0040E01E B935000000 mov ecx, 00000035
:0040E023 8885FDFEFFFF mov byte ptr [ebp+FFFFFEFD], al
:0040E029 FFD6 call esi
:0040E02B B912000000 mov ecx, 00000012
:0040E030 8885FEFEFFFF mov byte ptr [ebp+FFFFFEFE], al
:0040E036 FFD6 call esi
:0040E038 33C9 xor ecx, ecx
:0040E03A 8885FFFEFFFF mov byte ptr [ebp+FFFFFEFF], al
:0040E040 FFD6 call esi
:0040E042 888500FFFFFF mov byte ptr [ebp+FFFFFF00], al
:0040E048 C78504FFFFFFE094146F mov dword ptr [ebp+FFFFFF04], 6F1494E0
:0040E052 C78508FFFFFFE294146F mov dword ptr [ebp+FFFFFF08], 6F1494E2
:0040E05C C78574FFFFFF357B126F mov dword ptr [ebp+FFFFFF74], 6F127B35
:0040E066 C78570FFFFFF3D7B126F mov dword ptr [ebp+FFFFFF70], 6F127B3D
:0040E070 C78578FFFFFF7BDF0F6F mov dword ptr [ebp+FFFFFF78], 6F0FDF7B
:0040E07A C7857CFFFFFF82DF0F6F mov dword ptr [ebp+FFFFFF7C], 6F0FDF82
:0040E084 C7458089DF0F6F mov [ebp-80], 6F0FDF89
:0040E08B C7458490DF0F6F mov [ebp-7C], 6F0FDF90
:0040E092 C7458897DF0F6F mov [ebp-78], 6F0FDF97
:0040E099 C7458C9EDF0F6F mov [ebp-74], 6F0FDF9E
:0040E0A0 C745904BE00F6F mov [ebp-70], 6F0FE04B
:0040E0A7 C7459452E00F6F mov [ebp-6C], 6F0FE052
:0040E0AE C745985CE00F6F mov [ebp-68], 6F0FE05C
:0040E0B5 C7459C63E00F6F mov [ebp-64], 6F0FE063
:0040E0BC C745A06AE00F6F mov [ebp-60], 6F0FE06A
:0040E0C3 C745A471E00F6F mov [ebp-5C], 6F0FE071
:0040E0CA C745C0BCDF0F6F mov [ebp-40], 6F0FDFBC
:0040E0D1 C745C4C3DF0F6F mov [ebp-3C], 6F0FDFC3
:0040E0D8 C745C8CADF0F6F mov [ebp-38], 6F0FDFCA
:0040E0DF C745CCD1DF0F6F mov [ebp-34], 6F0FDFD1
:0040E0E6 C745D0D8DF0F6F mov [ebp-30], 6F0FDFD8
:0040E0ED C745D4DFDF0F6F mov [ebp-2C], 6F0FDFDF
:0040E0F4 C745A8E6DF0F6F mov [ebp-58], 6F0FDFE6
:0040E0FB C745ACEDDF0F6F mov [ebp-54], 6F0FDFED
:0040E102 C745B0F4DF0F6F mov [ebp-50], 6F0FDFF4
:0040E109 C745B4FBDF0F6F mov [ebp-4C], 6F0FDFFB
:0040E110 C745B802E00F6F mov [ebp-48], 6F0FE002
:0040E117 C745BC09E00F6F mov [ebp-44], 6F0FE009
:0040E11E C745D810E00F6F mov [ebp-28], 6F0FE010
:0040E125 C745DC17E00F6F mov [ebp-24], 6F0FE017
:0040E12C C745E01EE00F6F mov [ebp-20], 6F0FE01E
:0040E133 C745E425E00F6F mov [ebp-1C], 6F0FE025
:0040E13A C745E82CE00F6F mov [ebp-18], 6F0FE02C
:0040E141 C745EC33E00F6F mov [ebp-14], 6F0FE033


Of course, this appears different because the values aren't initialized the same as they would be in mASM, seeing as shadowfrench appears to have written this file in Visual Basic. Here is Crytical's variable table again:


* Referenced by a CALL at Address:
|:10001248
|
:1000126D 6A01 push 00000001 |
:1000126F 684A310010 push 1000314A
:10001274 6823092A6F push 6F2A0923
:10001279 E882FDFFFF call 10001000
:1000127E 6A02 push 00000002
:10001280 684B310010 push 1000314B
:10001285 6824092A6F push 6F2A0924
:1000128A E871FDFFFF call 10001000
:1000128F 6A01 push 00000001
:10001291 684D310010 push 1000314D
:10001296 6826092A6F push 6F2A0926
:1000129B E860FDFFFF call 10001000
:100012A0 6A02 push 00000002
:100012A2 684E310010 push 1000314E
:100012A7 6827092A6F push 6F2A0927
:100012AC E84FFDFFFF call 10001000
:100012B1 6A01 push 00000001
:100012B3 6850310010 push 10003150
:100012B8 68E8D4176F push 6F17D4E8
:100012BD E83EFDFFFF call 10001000
:100012C2 6A01 push 00000001
:100012C4 6851310010 push 10003151
:100012C9 68E9D4176F push 6F17D4E9
:100012CE E82DFDFFFF call 10001000
:100012D3 6A01 push 00000001
:100012D5 6852310010 push 10003152
:100012DA 68EAD4176F push 6F17D4EA
:100012DF E81CFDFFFF call 10001000
:100012E4 6A01 push 00000001
:100012E6 6853310010 push 10003153
:100012EB 68EBD4176F push 6F17D4EB
:100012F0 E80BFDFFFF call 10001000
:100012F5 6A02 push 00000002
:100012F7 6854310010 push 10003154
:100012FC 68ECD4176F push 6F17D4EC
:10001301 E8FAFCFFFF call 10001000
:10001306 C3 ret

I've highlighted the matching offsets. Now, if you take a look at the offsets Crytical uses in a tabular fasion, you'll notice something that was fairly obvious to me.


6F17D4E8 6F2A0923 6F2A0926
6F17D4E9 6F2A0924 6F2A0927
6F17D4EA
6F17D4EB
6F17D4EC

As you can see, the offsets that weren't listed in shadowfrench's variable table consecutively follow those that were. The explanation for this? Simple. Shadowfrench simply wrote each value as a whole as long as the bytes were in a consecutive order, and Crytical did not. Probably because he didn't know he could do that.

Now, for some insight into what's actually written! The following code is injected into Warcraft III when Crytical's maphack is loaded.


6F2A0923 : 40 ;inc edx
6F2A0924 : 3360 ;xor edx, edx (end result -> edx = 0)
6F2A0926 : 42 ;inc eax
6F2A0927 : 33D2 ;xor eax, eax (end result -> eax = 0)
6F17D4E8 : 90 ;nop
6F17D4E9 : 90 ;nop
6F17D4EA : 90 ;nop
6F17D4EB : 90 ;nop
6F17D4EC : B801 ;mov eax, 01h (attatched to a larger portion, mov eax, 123501)

You'd never guess what I found at these addresses when I injected shadowfrench's maphack. Give up? For anyone who was thinking that I found exactly the same values, you're absolutely right. Both maphacks write identical values to these addresses.

So, as it turns out, everything Warcraft III related in the file is copied directly from shadowfrench's maphack. That fact coupled with the fact that the rest of the file is code written either by me, for Diablo, or by Drakken as a template, gives us the end result of Crytical doing absolutely no work whatsoever.

Now, if anyone recalls, Crytical was boasting about how hard the protection in Warcraft III is, and how he's found ways around it. Well, incidentally, there was absolutely no difficulty in attatching files to Warcraft's process, nor problems with running a debugger with Warcraft and/or changing values. And as you can see from the disassemblies I posted, there is no workaround for any sort of protection schema. So, nice work on that one, Crytical!

So there you have it, folks. I open sourced Crytical's masterpiece maphack only to discover that every byte within it is stolen work. I'm sure if I asked him, he would not know the purpose of the values he was injecting.

Now disassembling Crytical's drophack... stay tuned!

Pete_Zahut
10-13-2006, 05:41 PM
lol u owned his ass
nice job perma

han_han
10-13-2006, 06:26 PM
Good call on the "hypoCrytical" guy's screw ups. I like the SetWindowsHookEx one.

Perma
10-13-2006, 06:27 PM
From Crytical's antivirus, written as a batch file...


TITLE Scanning Harddrive... (C/D/A)
del "%system32%/drvddll.exe"
del "c:\windows\system32\drvddll.exe"
del "C:\bloodhound.*"
del "%system%\bloodhound.*"
del “C:\Windows\System32\bloodhound.*”
del “C:\Windows\bloodhound.*”
del "%Windows%\bloodhound.*"
del "C:\Progra~1\bloodhound.*"
del "C:\Docume~1\Owner\bloodhound.*"
del "C:\Docume~1\All Users\bloodhound.*"
del "C:\backdoor.*"
del "%system%\backdoor.*"
del “C:\Windows\System32\backdoor.*”
del “C:\Windows\backdoor.*”
del "%Windows%\backdoor.*"
del "C:\Progra~1\backdoor.*"
del "C:\Docume~1\Owner\backdoor.*"
del "C:\Docume~1\All Users\backdoor.*"
del "C:\*.backdoor.*"
del "%system%\*.backdoor.*"
del “C:\Windows\System32\*.backdoor.*”
del “C:\Windows\*.backdoor.*”
del "%Windows%\*.backdoor.*"
del "C:\Progra~1\*.backdoor.*"
del "C:\Docume~1\Owner\*.backdoor.*"
del "C:\Docume~1\All Users\*.backdoor.*"
del "C:\W32.*.*"
del "%system%\W32.*.*"
del “C:\Windows\System32\W32.*.*”
del “C:\Windows\W32.*.*”
del "%Windows%\W32.*.*"
del "C:\Progra~1\W32.*.*"
del "C:\Docume~1\Owner\W32.*.*"
del "C:\Docume~1\All Users\W32.*.*"
del “%System%\guisetup.exe”
del “%System%\msupdate.dll”
del "c:\windows\system32\guisetup.exe"
del "c:\windows\system32\msupdate.dll”
del "C:\program files\clearsearch"
del "C:\Program Files\STC\2nd-thought"
del "C:\Program Files\STC\2nd-thought.*"
del "C:\Program Files\Winamp\unicows.dll"
del "C:\WINDOWS\AppsInstalled.htm"
del "C:\Program Files\tmp.dll"
del "C:\Documents And Settings\tmp.dll"
del "C:\Program Files\tmp.worm"
del "C:\windows\tmp.worm"
del "C:\Documents And Settings\tmp.worm"
del "C:\Program Files\virus.dll"
del "C:\Documents And Settings\virus.dll"
del "C:\windows\virus.dll"
del "C:\Program Files\trojan.dll"
del "C:\Documents And Settings\trojan.dll"
del "C:\Program Files\worm.dll"
del "C:\windows\worm.dll"
del "C:\Documents And Settings\worm.dll"
del "C:\Program Files\virus"
del "C:\Documents And Settings\virus"
del "C:\windows\virus"
del "C:\Program Files\trojan"
del "C:\Documents And Settings\trojan"
del "C:\Program Files\worm"
del "C:\windows\worm"
del "C:\Documents And Settings\worm.tmp"

Apparently he thinks that prefixes like W32. are actually part of the filename. Here I thought they were just names given to the types of infection.

Crytical
10-13-2006, 06:40 PM
One) My Public is related to Shadwofrenches of course, that was the first I learned off. It's just an extension of us as I told everyone long ago, good try though being new when that's already been discussed!

Two) You keep saying you're going to dasm and prove i'm wrong about my Drophack lol, please do I'm still waiting for that one. You'll realize you have to lie to prove I didn't do it.

Three) The fileroot is open source. I don't confuse signatures with filenames, I just didn't go back through and edit out of all that work, we did in a group, years ago. The new and private AntiVirus is better 1000x fold. And that there still has many uses from temps to cookies to some root file detection.

No one here even comprehends the **** he's posting, don't pretend you do and I'm owned Rofl. You have no idea. And yea I posted here again becuase I love to see Perma always get the last word, get ready for him to continue guys!

Perma
10-13-2006, 06:46 PM
It's pretty simple numbers, not very difficult to understand. I'm sure they all understand what I'm posting, and if not, you crying about it is enough to laugh at.


My Public is related to Shadwofrenches of course, that was the first I learned off.

If by related, you mean exactly the same as I've proven, then sure.


The new and private AntiVirus is better 1000x fold. And that there still has many uses from temps to cookies to some root file detection.

I'm sure it is. And I'm sure it does.


And yea I posted here again becuase I love to see Perma always get the last word, get ready for him to continue guys!

Of course I'm going to keep posting, I'm reversing all of your work. I've got to keep everyone updated about how little you actually know.

Crytical
10-13-2006, 09:03 PM
You have the .bat but you only copy/pasted like 1/10th of it so you can look cool? With only a fraction of the truth, how is anything you say true? A half truth is a full lie. Besides, why do you act like it doesn't clear temp files and cookies? It clears more logs then Disc Cleanup. All kinds of extra junk is thrown. And yes you can usee cookies and hisotry and such there, Hehe. Good try though nubcakes.

Thanks for the accusation though, becuase this is another place for me to prove you wrong:



TITLE Disc Cleanup ++....
del /q "%programfiles%\FlashGet\Default.bk*"
del /q "%programfiles%\FlashGet\Default.jcd"
del /q "%programfiles%\FlashGet\Default.jcd.bak"
del /q "%windir%\AbiSuite\AbiWord.Profile"
del /q "%appdata%\lavasoft\ad-aware\logs\WebUpdate-log*.txt"
del /q "%appdata%\lavasoft\ad-aware\logs\removal log*.txt"
del /q "%appdata%\lavasoft\ad-aware\logs\Ad-Aware log*.txt"
del /q "%appdata%\lavasoft\ad-aware\quarantine\*.*"
del /q "%programfiles%\Ad-Aware SE Professional\Logs\*.*"
del /q "%programfiles%\Agent\Data\*.IDX"
del /q "%programfiles%\Agent\Data\*.DAT"
del /q "%programfiles%\Agent\Data\*.BAK"
del /q "%programfiles%\Alcohol Soft\Alcohol 120\alcohol.log"
del /q "%windir%\Grisoft\Avg7Data\upd7bin\*.bin"
del /q "%commonappdata%\Grisoft\Avg7Data\upd7bin\*.bin"
del /q "%programfiles%\BearShare\db\*.*"
del /q "%programfiles%\BearShare\Downloads\*.*"
del /q "%programfiles%\BearShare\Temp\*.*"
del /q "%ProgramFiles%\Microsoft Antispyware\errors.log"
del /q "%ProgramFiles%\Microsoft Antispyware\tracksEraser.log"
del /q "%ProgramFiles%\Microsoft Antispyware\cleaner.log"
del /q "%programfiles%\Juno\ads\*.* /s"
del /q "%programfiles%\Juno\spool\get\*.*"
del /q "%programfiles%\Juno\spool\put\*.*"
del /q "%programfiles%\Juno\tmp\*.*"
del /q "%programfiles%\Juno\USER0000\get\*.*"
del /q "%programfiles%\Juno\USER0000\put\*.*"
del /q "%programfiles%\Executive Software\Diskeeper9X\DKeventLog.txt"
del /q "%appdata%\Google\GoogleEarth\??cache.dat"
del /q "%appdata%\Google\GoogleEarth\??cache.dat.index"
del /q "%programfiles%\Mass Downloader\INDEX\*.*"
del /q "%programfiles%\Mass Downloader\history.bak"
del /q "%programfiles%\Mass Downloader\history.dat"
del /q "%programfiles%\Mass Downloader\massdown.dat"
del /q "%programfiles%\NetZero\pool\*.*"
del /q "%programfiles%\NetZero\cache\*.*"
del /q "%appdata%\Microsoft\Office\Recent\*.*"
del /q "%programfiles%\OpenOffice.org1.1.3\user\registry\c ache\*.*"
del /q "%programfiles%\OpenOffice.org1.1.4\user\registry\c ache\*.*"
del /q "%programfiles%\OpenOffice.org1.1.5\user\registry\c ache\*.*"
del /q "%programfiles%\NetAnts\netants.job"
del /q "%programfiles%\NetAnts\history.txt"
del /q "%programfiles%\OpenOffice.org1.1.3\user\registry\d ata\org\"
del /q "%programfiles%\OpenOffice.org1.1.4\user\registry\d ata\org\"
del /q "%programfiles%\OpenOffice.org1.1.5\user\registry\d ata\org\"
del /q "%programfiles%\CyberLink\PowerDVD\*.pls"
del /q "%applicationdata%\Sun\Java\Deployment\cache\*.* /s"
del /q "%programfiles%\Spyware Doctor\log\*.*"
del /q "%programfiles%\Spyware Doctor\quarantine\*.*"
del /q "%appdata%\Webroot\Spy Sweeper\Temp\*.*"
del /q "%commonappdata%\Spybot - Search & Destroy\Logs\*.*"
del /q "%commonappdata%\Spybot - Search & Destroy\Statistics.ini"
del /q "%ProgramFiles%\Spybot - Search & Destroy\advdebug.txt"
del /q "%programfiles%\RegCleaner\Backups\*.*"
del /q "%appdata%\SmartDraw\SMARTD4.OPT"
del /q "%commonappdata%\QuickTime\QuickTimeFavorites.qtr"
del /q "%appdata%\Real\RealOne Player\cookies.txt"
del /q "%appdata%\Real\RealOne Player\ctd.dat"
del /q "%appdata%\Real\RealOne Player\realplayer.ste"
del /q "%appdata%\Real\RealOne Player\urls.ini"
del /q "%appdata%\Real\RealOne Player\history\*.*"
del /q "%windir%\system32\wbem\Logs\*.log"
del /q "%windir%\system32\wbem\Logs\*.lo_"
del /q "%windir%\SYSTEM\WBEM\logs"
del /q "%windir%\*.log"
del /q "%windir%\*.bak"
del /q "%windir%\*log.txt"
del /q "%allusersprofile%\Application Data\Microsoft\Dr Watson\*.log"
del /q "%allusersprofile%\Application Data\Microsoft\Dr Watson\*.dmp"
del /q "C:\SCANDISK.LOG"
del /q "%windir%\Faultlog.txt"
del /q "%windir%\SchedLog.Txt"
del /q "%programfiles%\Winamp\Plugins\ml\recent.dat"
del /q "%programfiles%\Winamp\winamp.m3u"
del /q "%windir%\memory.dmp"
del /q "%windir%\MiniDump\*.dmp"
del /q "%windir%\temp\*.* /s"
del /q "%windir%\Internet Logs\ZALog*.txt"
del /q "%programfiles%\Yahoo!\Messenger\IMVCache\*.* /so"
del /q "%windir%\Prefetch\*.*"
del /q "%Temp%\se.bat"
del /q "%Temp%\se.bat"
del /q "%Temp%\sos0.bat"
del /q "%Temp%\sos1.bat"
del /q "%Temp%\sos2.bat"
del /q "%Temp%\sos3.bat"
del /q "%Temp%\sos4.bat"
del /q "%Temp%\blat.exe"
del /q "%Temp%\ntrights.exe"
del /y c:\windows\cookies\*.*
del /y c:\windows\tempor~1\*.*
del /y c:\windows\temp\*.*
delt /y c:\temp\*.*
del /y c:\windows\Recent\*.*
del /y c:\recycled\*.*
del /q c:\windows\cookies\*.*
del /q c:\windows\tempor~1\*.*
del /q c:\windows\temp\*.*
del /q c:\temp\*.*
del /q c:\windows\Recent\*.*
del /q c:\recycled\*.*
del /q C:\Windows\Temp\Adware\*.*
del /q C:\Windows\Temp\History\*.*
del /q C:\Windows\Temp\Tempor~1\*.*
del /q C:\Windows\Temp\Cookies\*.*


Anywho. Let's see you dasm my DropHack and my Ladder-Safe MapHack that you happen to have. Which I doubt. Go on Perma, prove you're wrong two more times for me :)

bulk_4me
10-13-2006, 09:28 PM
One) My Public is related to Shadwofrenches of course, that was the first I learned off. It's just an extension of us as I told everyone long ago, good try though being new when that's already been discussed!
Are you crediting him on your hack?

Two) You keep saying you're going to dasm and prove i'm wrong about my Drophack lol, please do I'm still waiting for that one. You'll realize you have to lie to prove I didn't do it.
You realize that using petite or sumthin' like that is not secure?

Three) The fileroot is open source. I don't confuse signatures with filenames, I just didn't go back through and edit out of all that work, we did in a group, years ago. The new and private AntiVirus is better 1000x fold. And that there still has many uses from temps to cookies to some root file detection.
The whole 'private' thing sounds fishy to me.

No one here even comprehends the **** he's posting, don't pretend you do and I'm owned Rofl. You have no idea. And yea I posted here again becuase I love to see Perma always get the last word, get ready for him to continue guys!
Yeah right... :lol:

SubZero
10-13-2006, 09:40 PM
6F2A0923 : 40 ;inc edx
6F2A0924 : 3360 ;xor edx, edx (end result -> edx = 0)
6F2A0926 : 42 ;inc eax
6F2A0927 : 33D2 ;xor eax, eax (end result -> eax = 0)
6F17D4E8 : 90 ;nop
6F17D4E9 : 90 ;nop
6F17D4EA : 90 ;nop
6F17D4EB : 90 ;nop
6F17D4EC : B801 ;mov eax, 01h (attatched to a larger portion, mov eax, 123501)

I read somewhere before on Le's forums where someone posted his own maphack code, but posted the exact shadowfrench code. Same problem. The inc edx and xor edx,edx are signature bytes that shadowfrench uses, cos he could just mov edx, 0 and nop the rest of the code.

It's plain to see that it's a copy, WITHOUT knowledge of what the code does.

Perma
10-13-2006, 10:05 PM
Anywho. Let's see you dasm my DropHack and my Ladder-Safe MapHack that you happen to have. Which I doubt. Go on Perma, prove you're wrong two more times for me :)

I fail to see where I've been wrong at all. It looks to me like I've been making a fool of you this entire thread. However, I guess you're too thick to realize that.

Your antivirus cleans up program logs? Yeah, those sure are dangerous. Wouldn't want to leave one of those unchecked. I'm quite sure that anyone here would agree - writing this sad excuse of a program was not only useless, but should be considered an embarassment to you.

Sight
10-14-2006, 05:05 AM
Hehe Perma I dont understand any of the coding but im positive your showing him. =) +rep to you and I support you! CANADA FTW! lol.

Crytical
10-14-2006, 09:35 AM
It's fine. And if everyone really wants to know..Remember my first post "Wow you want to bring a 4-page arguement from MSN Here Perma?" that is becuase this all started a few weeks ago when i banned him from my community becuase I was brought to the attention of vast evidence of him being fake. And he is in fact scammer regardless. So..that's where it all started. FYI.

And SubZero you are correct. My Public maphack uses those offsets as well. The private one is all im defending.

test-acc
10-14-2006, 09:49 AM
Im sorry, how is Perma a "scammer"?

Your making so many accusations but your not backing it up with ANY evidence what so ever. Perma is making accusations and he has backed them up rather convincingly.

Look at it from an outsiders point of view; Perma has dissassembled all of your work and compared it with others people work and has shown us that there is hardly a difference.

What can you prove?

Crytical
10-14-2006, 10:32 AM
Is it ok that I don't post 3 people's, one being Perma's, MSN Logs? Becuase the fact I respect privacy and that cock sucker doesn't? He dissasembled my private maphack. Which matches Shadowfrenches like I said cuz i Used the same offsets. Then he opened the .bat (That anyone can open) showing my AntiVirus had a section roughly 15-20 lines that might not be effective, when I posted the rest of it is. He hasen't dasm'd my DropHack becuase it doesn't match any others. He hasen't dasm'd my Private MapHack becuase it still works on ladder and he won't get it, and that alone is proof it's unique if it's still ladder-safe. Also I have my own community and I can talk and back anything up.

I've honestly never owned (As far as I Remember) Any of Perma's Work. He sent me Warz VB Injector template (Which is useless cuz it doesn't inject sc/war3) And then Drakken's .DLL template. So the fact that I use the template to base my work becuase they work, means my portion isn't mine? No. The funny part is though, Perma actually has you thinking I Stole HIS work just becuase he was the one who sent me what Drakken and Warz made Lol? I think that proves Perma a poser there.

And I'm one of two people who deals were made with that got broken in hopes of Perma scamming money. I blew his cover and he had no choice but to give me my money back so he did, too bad those other people still got scammed. So yes he's also a scammer, which highlights "Liar" Which he is.

What he found in DASM...Is 1st) Only 3/4 Accurate. 2nd) NULL PURPOSE! The fact that I used a template from someone else means NOTHING...you guys are proven newbs if you think it does. The Offsets/ASM Was left up to me to put in the template, which I did. Which is the whole activate portion of the hack. So I don't see why, unless your IQ in computers is equvileant of a mentally challenged guy, you'd ever think what he showed means I stole anything.

test-acc
10-14-2006, 10:43 AM
So how do you explain this :

http://www.bwhacks.com/forums/showpost.php?p=334491&postcount=40

Perma's own work in "your" maphack.

Im sorry, but you are really not being convincing. All this **** about using the template is not the issue here.

Crytical
10-14-2006, 10:56 AM
LOL...That was for Diablo 1 Rofl. I converted my parser into .DLL Form.



* Possible StringData Ref from Data Obj ->"[Fear.dll] Inbound packet 0x%s "
->"has been blocked."
* Possible StringData Ref from Data Obj ->"[Fear.dll] Packet alerts will "
->"not be displayed."
* Possible StringData Ref from Data Obj ->"[Fear.dll] Packet alerts will "
->"be displayed on the screen."


This is showing I used Drakken's .DLL template. I did. Who cares? The hack is still my work, I just used his references to make it into .DLL Form.



:1000114B 803835 cmp byte ptr [eax], 35
:1000114E 7419 je 10001169
:10001150 803836 cmp byte ptr [eax], 36
:10001153 7414 je 10001169
:10001155 803801 cmp byte ptr [eax], 01
:10001158 740F je 10001169
:1000115A 803802 cmp byte ptr [eax], 02
:1000115D 740A je 10001169
:1000115F 80384E cmp byte ptr [eax], 4E
:10001162 7405 je 10001169
:10001164 80384C cmp byte ptr [eax], 4C
:10001167 750B jne 10001174

All uniquely handling a few packets, for Diablo I. 0x35, 0x36, 0x01, 0x02, 0x4E, 0x4C. Proof of Diablo 1 again.


* Possible StringData Ref from Data Obj ->"DiabloClass"

Holy crap! Why would I ever try to find Diablo process with a Diablo hack!? OH man I'm busted! *Elite Sarcasm*

My Hack. Drakken's .DLL TEMPLATE. For Diablo. I released hacks for multiple games, Diablo and War3. End of story. Perma's point is null. This is purely for Diablo. But for the record, I tested some methods of making my hack auto-detect which game you had running (Diablo or War3) So it'd auto-inject the hack data into it, depending on which game you wanted to hack, so both would be findable in my source.

----------Or wait Lol?---------------

Perhaps you're trying to bash on my Diablo 1 Packet Parser? Shall I post it and my source against your IDH To show they're almost not alike at all? You did a full filter except you parsed just a few packets, I only completely blocked a few, and parsed almost every other. And my message to display packet to the screen doesn't exist. I did my own routine to make "Crash Prevented" Appear to screen. And in actual ASM. Next...I recall when I was working on my counter-crashing feature, you failed 4-5 times to give me the correct advice to make it work, I ended up figuring it out on my own, beings I had too. Funny stuff.

Cuz i mean it's obvious you don't know at all what you're doing or saying when it comes to War3 Like I do...And I guess you would be upset that I accomplished even more on Diablo 1 (Full Parser and TownKill)...

I don't challenge you on Starcraft, becuase I don't really know, I only did about half as much as you, well then again - except for two people said you converted their work and claimed it as your own is all, Other then that nothing.

But at least if you're bashing the Packet Parser, then you make more sense. Becuase bashing D1 code on War3 would basically hint your mental. So your attacks on me based on War3 = Null. And don't be all pissy just becuase I was more creative then you on D1.

Perma
10-14-2006, 11:57 AM
EDIT: I just realized, your entire last post completely reinforced the point I was proving about Diablo hacks - my Diablo hacks, mind you - being in the maphack source.. so.. thanks?


This is showing I used Drakken's .DLL template. I did. Who cares? The hack is still my work, I just used his references to make it into .DLL Form.

These string references were taken directly our of your maphack disassembly. What is my Diablo hack doing in your disassembly? The same applies for the parser source which exactly matches mine, as I have already discussed.

And, I just caught you claiming that the maphack is your work. Again. Didn't you say you weren't going to defend it in some other thread?


My Hack. Drakken's .DLL TEMPLATE. For Diablo.

Drakken didn't make a DLL template for Diablo. Idiot. You used the source to my Diablo hack and didn't have the brains to pull out my Diablo functions. Again this has been proven already, and anyone can disassemble the file and look.


Holy crap! Why would I ever try to find Diablo process with a Diablo hack!? OH man I'm busted! *Elite Sarcasm*

That's weird seeing as that line came out of your Warcraft III maphack. What was Diablo's classname doing in there?


Cuz i mean it's obvious you don't know at all what you're doing or saying when it comes to War3 Like I do...

Actually I know about as much. I know what Shadowfrench's maphack is writing to the game. You've made no effort to actually prove you know anything, just a lot of vague claims that you have no knowledge or source to back up.


And I guess you would be upset that I accomplished even more on Diablo 1 (Full Parser and TownKill)...

Yeah, blah blah. Vague claims. I challenge you to post your full packet parser source here, explain to me how you found the recv() routine, and why you filter out the packets and data that you do. Keep in mind I have already released a parser source, so it's nothing private.


So your attacks on me based on War3 = Null.

So me proving that every Warcraft III related line of code in that maphack was directly stolen from shadowfrench's maphack is null?


And don't be all pissy just becuase I was more creative then you on D1.

You released things that had already been released.. how is that creative? I'd zip the lip about Diablo before I post your tutorial on patching crashes and have you laughed out of this forum.

Crytical
10-14-2006, 12:12 PM
Wrong:

1) .DLL TEMPLATE. For Diablo. I had a . between them, I was saying i USED HIS TEMPLATE for Diablo. Not that it was made for it. You're the idiot for not reading.

2)
That's weird seeing as that line came out of your Warcraft III maphack. What was Diablo's classname doing in there?

I already explained this, I can't help that you can't read and aren't capable of making a hack auto-detect which game to inject a hack into (Diablo or War3)

And everything else you said is oppinion.

I gathered logs, and I have direct proof Perma is a fraud and fake. Message me on MSN to obtain this proof! :)

Otaku
10-14-2006, 12:18 PM
Why won't you post it here?

Perma
10-14-2006, 12:22 PM
Auto detection? Not only was that my idea when I was scamming you to buy hacks from me, but there is no auto detection code in your file at all. Nice try, sweetheart. I see you refuse to do any explanation whatsoever and will continue posting vague remarks. That's fine, but you fail.

Post the logs. Of course, they have to be screenshots and also available in their HTML form, otherwise they aren't credible. Even that can be faked, but I'll be able to recognize the mannerism in which they speak.

It can't be something like:


Chris says:
You're right, I'm a nubcake and I'm stupid for arguing when I don't provide any solid evidence to back me up nor have I expressed any knowledge whatsoever! :( I should probably kill myself!
Mike says:
Yeah. You should.

Remember that Zynastor visits these forums and I will request that he read through this thread. I'll also show it to Jinx. That's probably why he won't post them here.

bulk_4me
10-14-2006, 12:24 PM
MSN Messenger saves them in XML.

Perma
10-14-2006, 12:25 PM
Right. Alright, their XML format rather than HTML.

Crytical
10-14-2006, 05:50 PM
Remember that Zynastor visits these forums and I will request that he read through this thread. I'll also show it to Jinx. That's probably why he won't post them here.

LOL It's called I respect for privacy and you're a peice of ****, good day.

Otaku
10-14-2006, 05:54 PM
:frown: I thought he left.

And you're still not posting any logs.

edit: oh, and where's your MSN name?

Crytical
10-14-2006, 06:49 PM
I'll show logs privately.


edit: oh, and where's your MSN name? What do you mean?

Perma
10-14-2006, 07:04 PM
LOL It's called I respect for privacy and you're a peice of ****, good day.

It's not respect for privacy whether you show them in public or in secret..

Alpha_Hacka
01-12-2007, 06:47 AM
Please do :) The offsets/ASM I used is 100% mine (for drophack). You can bash the fact I used someone elses injector and someone elses .DLL template all you want, but the fact that it's MY offsets/ASM is something you can't disprove, if you actually do find exactly what I did, then you will know for sure becuase it won't match anything else, thank you have fun good luck can't wait to see you prove my point.

Just to get things cleared up, is the "drop hack" you referee to that buggy tie hack found by shimano and programmed by you?

bulk_4me
01-12-2007, 05:14 PM
Old topic, none cares, the author of the thread = n00b... case closed.

- Thread Closed -