Jump to content


  • Content count

  • Joined

  • Last visited

  • Days Won


NewSprux2.0? last won the day on May 17

NewSprux2.0? had the most liked content!

Community Reputation

386 Excellent

About NewSprux2.0?

  • Rank
    Advanced Moopler

Recent Profile Visitors

5,256 profile views
  1. NewSprux2.0?

    Help Hooking ws2_32.dll send/recv functions

    Yes, if it is raw packets then byte arrays are just ... well... a sequence of bytes 😛 Strings can be both char-strings and wchar-strings. In a regular string (char-string) every character is 1 byte long. In a wchar-string (wide char), every character is 2 bytes.
  2. NewSprux2.0?

    Help Hooking ws2_32.dll send/recv functions

    Could also look like some kind of wrong encoding (utf8 vs unicode vs ascii).
  3. NewSprux2.0?

    Help Hooking ws2_32.dll send/recv functions

    It appears that the hook address is not allocated in the given process.
  4. NewSprux2.0?

    Help Hooking ws2_32.dll send/recv functions

    Haha didn't notice, my bad
  5. NewSprux2.0?

    Help Hooking ws2_32.dll send/recv functions

    @Erotica he uses WriteProcessMemory so I think he's writing from a remote procesS
  6. NewSprux2.0?

    Help Hooking ws2_32.dll send/recv functions

    The problem is that you calculate the address for a local function then write the jump to a remote process where the local function doesn't exist.
  7. NewSprux2.0?

    Help Hooking ws2_32.dll send/recv functions

    I didn't actually bother reading through the code-snippets to check for minor mistakes, but another good method is to use Cheat Engine to read the address you're trying to hook ; Does it do what you want it to do? If not, you've got an issue in the hooking logic. If it does in fact do what you want (turn the instructions into a jmp to the function), then you can check the hook for errors. Upon a quick glance on the function you use, I see the error pretty clearly: You hook "send" (the exported api from ws2_32), but in your hook you call 'send'. In other words, you're calling your own hook from inside the hook, resulting in a never-ending loop.
  8. An easier approach would be to find the hide/show UI window function, figure out where it's called from, attempt to call it from that map, if it isn't accessed, keep backtracing. When you figure out where it "stops" allowing you, you'll know what it's comparing against - now you make a static pointer to that offset and read what sets that value from the map-packet.
  9. NewSprux2.0?

    Question kms ngs crc

    One word: Rekt
  10. NewSprux2.0?

    Question kms ngs crc

    Bear in mind that this guy (@gfasdg) just posted the following on a Discord channel: "My ransomware that I've distributed to random people has earned me 1.5 bitcoins so far, and more is coming in by the day."
  11. NewSprux2.0?

    Question Body Pressure - Aran - mob effect removal

    On the original servers, the mob buffs are taken into consideration when determining legitimacy of client-to-server damage packets. Therefore this cannot be bypassed. You can force the mobs to get hit regardless, but the damage will be discarded by the server.
  12. NewSprux2.0?

    Other Debugging Challenge

    That makes no sense. The shr instruction accesses the register, not the value pointed to by the register.
  13. NewSprux2.0?

    Other Debugging Challenge

    Well, let's assume the instruction is 'dec'. For the 'dec' instruction to be a hit with any break-on-access breakpoints, the instruction must have a memory type operand. That is to say, the instruction must have the form of 'dec unknown ptr [...]'. if this is the case, the only reason I can imagine, is that the address is actually pointed to by a temporary variable, that we're decreasing, which changes after the loop. Or the memory is a null-pointer, and the memory points to an unallocated 0x00000000 address. However, this is not compatible with what you said in the OP: "... the resulting hit is an instruction that doesn't access that location".
  14. NewSprux2.0?

    Other Debugging Challenge

    Any hint on the instruction?
  15. NewSprux2.0?

    Release NexonGameThreat (NexonGameSecurity bypass)

    That is interesting indeed. I'll look into it tomorrow