Jump to content


  • Content count

  • Joined

  • Last visited

  • Days Won


Erotica last won the day on April 30

Erotica had the most liked content!

Community Reputation

148 Excellent


About Erotica

  • Rank
    Rising star

Recent Profile Visitors

2,254 profile views
  1. You can re-write the script fairly easily, or use the lua functionality in CE to do this too. It's a matter of getting the tick count and doing basic subtraction math, how much exactly have you tried before posting this question?
  2. @Roast Go by the CreateMutex example (in above code you're not using the correct return type and so on, not sure why your hook is not correctly allocated though): #include <winsock2.h> #include <Ws2tcpip.h> #pragma comment(lib, "Ws2_32.lib") bool Detour__Send() { static decltype(&send) _send = &send; decltype(&send) send_hook = [](SOCKET s, const char *buf, int len, int flags) -> int { /* your code */ return _send(s, buf, len, flags); }; return SetHook(true, reinterpret_cast<void**>(&_send), send_hook); }
  3. Why inject a dll and call the function in dllmain then o.o plus he writes to same process WriteProcessMemory(GetCurrentProcess()
  4. I too am too lazy to actually read through your posts, well except for the fact that you're writing 6 bytes when only 5 is needed, I suggest using detours as it will do everything for you in this context without you needing to think at all. BOOL SetHook(__in BOOL bInstall, __inout PVOID* ppvTarget, __in PVOID pvDetour) { if (DetourTransactionBegin() != NO_ERROR) return FALSE; if (DetourUpdateThread(GetCurrentThread()) == NO_ERROR) if ((bInstall ? DetourAttach : DetourDetach)(ppvTarget, pvDetour) == NO_ERROR) if (DetourTransactionCommit() == NO_ERROR) return TRUE; DetourTransactionAbort(); return FALSE; } Example detour from Benny's bypass loader, just replace the API in question: BOOL Detour__CreateMutexA() { static decltype(&CreateMutexA) _CreateMutexA = &CreateMutexA; decltype(&CreateMutexA) CreateMutexA_hook = [](LPSECURITY_ATTRIBUTES lpMutexAttributes, BOOL bInitialOwner, LPCSTR lpName) -> HANDLE { if (lpName) { static std::string mutex_name = "WvsClientMtx" + std::to_string(GetCurrentProcessId()); if (!strcmp(lpName, "WvsClientMtx")) { lpName = mutex_name.c_str(); std::vector<char> file_path(MAX_PATH); if (GetModuleFileNameA(GetModuleHandle(NULL), &file_path[0], MAX_PATH)) { std::string temp = std::string(&file_path[0]); if (!LoadLibraryA((temp.substr(0, temp.find_last_of('\\') + 1) + "NexonGameThreat.dll").c_str())) MessageBoxA(NULL, "Failed to load NexonGameThreat.dll", "Loading failure", MB_OK | MB_ICONERROR | MB_TOPMOST | MB_SETFOREGROUND); } } } return _CreateMutexA(lpMutexAttributes, bInitialOwner, lpName); }; return SetHook(TRUE, reinterpret_cast<void**>(&_CreateMutexA), CreateMutexA_hook); } Or an example hooking a maple function: typedef void(__fastcall *CWndMan_t)(void *ecx, void *edx, HWND m_hWnd); auto CWndMan = reinterpret_cast<CWndMan_t>(0x024EFC40); void __fastcall CWndMan_Hook(void *ecx, void *edx, HWND m_hWnd) { std::cout << "\r >>> CWndMan::CWndMan() called. Logging Maple hWnd. \n [$] "; m_hWnd_Maple = m_hWnd; /* also grabbing thread id and writing some shit to a pipe but example is simplified */ CWndMan(ecx, edx, m_hWnd); } /* -- */ SetHook(true, reinterpret_cast<PVOID*>(&CWndMan), &CWndMan_Hook);
  5. if a skill packet is sent(easy to check for, or just send your own) and the reply from the server is "you cannot cast this skill on this map" or whatever the fuck the message is, i doubt there is a way to get around the server sided check. unless you find some other way to inject it that the server does not account for. have you tried various summon injection methods?
  6. Erotica

    Question Maplestory Character Selection Packet

    or this call alternatively if you're more into that, which ends up just reading that pointer:
  7. Erotica

    Question Maplestory Character Selection Packet

    it's your character id innit double click your own char in game and see if same value is in packet to confirm (should be towards the end of the pkt) i confirmed it for you (idc about my pic): → | 013BBF2A | 6B 00 06 00 39 38 39 37 39 39 1A 44 44 00 .... → | 025DDA40 | 47 01 90 F9 AF 29 1A 44 44 00 FF 00 01 00 00 to answer the second part, how it is created, it is sent to the client upon entering character select.
  8. Erotica

    Information Scripts for v162.4

    not if you know what you're doing.
  9. Erotica

    Help maplestory unpack

    There's countless of themida unpack scripts that'll handle the older versions of maple. Maybe even the new versions, I got no idea. He doesn't need any help he just needs to learn to google.
  10. Erotica

    Help maplestory unpack

    Eh, pre-BB as he's asking for it was pretty damn straightforward.
  11. Erotica

    Help C++ Code Cave Crashes

    i regret posting in this thread
  12. Erotica

    Help C++ Code Cave Crashes

    I would advice against mindlessly copy pasting the solution from koreanrice, as he should have explained his solution and you'll learn nothing from it. I can think of a few things that might have happened off the top of my head, but to properly learn what you might be doing wrong (or what VS is annoyingly doing); attach CE to maple and go to 02398220 to see your hook after you've placed it. If the maple process doesn't hang but immediately exits, you'll need to place a breakpoint on the hook address for you to see what went wrong. If you're having trouble seeing anything wrong after examining, feel free to post again, but this is assuming you also know basic assembler syntax and know what each instruction actually does.
  13. You need a crc bypass to edit memory.
  14. No. Nothing at all to do with MSCRC. It has to do with you reading something that isn't there (yet? not available? just wrong?). Bruh