Jump to content
Moopler

Raymond

Banned
  • Content Count

    49
  • Joined

  • Last visited

  • Days Won

    4

Raymond last won the day on August 28 2017

Raymond had the most liked content!

Community Reputation

6 Neutral

About Raymond

  • Rank
    New kid on the block

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Raymond

    Help Thread Spoof and Stat Hook

    A̶n̶y̶ ̶i̶d̶e̶a̶s̶ ̶w̶h̶y̶ ̶c̶a̶l̶l̶i̶n̶g̶ ̶C̶U̶s̶e̶r̶L̶o̶c̶a̶l̶:̶:̶T̶r̶y̶D̶o̶i̶n̶g̶M̶a̶g̶i̶c̶A̶t̶t̶a̶c̶k̶ ̶c̶r̶a̶s̶h̶e̶s̶?̶ ̶ ̶I̶ ̶h̶a̶v̶e̶ ̶t̶h̶r̶e̶a̶d̶ ̶s̶p̶o̶o̶f̶ ̶e̶n̶a̶b̶l̶e̶d̶.̶ ̶ ̶ ̶ ̶ ̶A̶l̶s̶o̶ ̶i̶s̶ ̶i̶t̶ ̶n̶o̶r̶m̶a̶l̶ ̶w̶h̶e̶n̶ ̶I̶ ̶h̶o̶o̶k̶ ̶C̶U̶s̶e̶r̶L̶o̶c̶a̶l̶:̶:̶T̶r̶y̶D̶o̶i̶n̶g̶M̶a̶g̶i̶c̶A̶t̶t̶a̶c̶k̶ ̶a̶n̶d̶ ̶u̶s̶e̶ ̶a̶ ̶m̶a̶g̶i̶c̶ ̶a̶t̶t̶a̶c̶k̶ ̶(̶t̶o̶ ̶r̶e̶t̶r̶i̶e̶v̶e̶ ̶i̶t̶'̶s̶ ̶p̶a̶r̶a̶m̶e̶t̶e̶r̶)̶ ̶m̶y̶ ̶m̶a̶p̶l̶e̶s̶t̶o̶r̶y̶ ̶c̶r̶a̶s̶h̶e̶s̶?̶ Forget this question. Just noticed it used an extra parameter from kmst pdb. That's why I was crashing... I put void* unknown. then it worked xd...
  2. Raymond

    Help Thread Spoof and Stat Hook

    Still doesn't work. I thought CWndMan::OnKey call CClientSocket::SendPacket which then trigger the thread id check?!
  3. Raymond

    Help Thread Spoof and Stat Hook

    This script seems to work with sending packets: Packet Sending: But with this script, it doesn't seem to work (tf?): I get or ms just crash
  4. Raymond

    Help Thread Spoof and Stat Hook

    The script in OP use GW_CharacterStat Struct: Your hook works to show max hp/max mp with equips that adds hp/mp? What about exp and max exp?
  5. Raymond

    Help Thread Spoof and Stat Hook

    Seems to works, but sometimes it doesn't. I get this error sometimes when I call a function outside the main thread (yes I have the script enabled)
  6. Raymond

    Help Thread Spoof and Stat Hook

    mov eax, fs:[18] mov eax,[eax+6B8] doesn't seem to work Edit: did you look deeper into blight because i'm pretty sure the thread id pointer is encrypted Here's an old script the opened new years boxes: [ENABLE] //code from here to '[DISABLE]' will be used to enable the cheat define(packet_header, 00809E00) define(packet_byte, 00418BC0) define(packet_word, 00439CD0) define(packet_dword, 00418C10) define(packet_base,012954A4) define(packet_send, 004FA350) define(packet_free, 00438170) label(next) label(again) label(times) 1f000: push ebp mov ebp, esp sub esp, 10 mov ecx, 0129A430 call 0048C8E0 mov ecx, fs:[18] mov dword ptr [ecx+6B8], eax again: push 87 lea ecx, dword ptr [ebp-10] call packet_header call 00D250C0 push eax lea ecx, dword ptr [ebp-10] call packet_dword push 01 lea ecx, dword ptr [ebp-10] call packet_word push 002516C2 // new year's box //push 002516D0 // valuntine's box lea ecx, dword ptr [ebp-10] call packet_dword push next push ecx lea eax, dword ptr [ebp-10] push eax mov ecx, dword ptr [packet_base] push 0040C038 jmp packet_send next: lea ecx, dword ptr [ebp-10] call 00438170 push 100 call Sleep dec dword ptr [times] mov eax, dword ptr [times] test eax, eax jg again mov esp, ebp pop ebp ret times: DD A CreateThread(1f000) [DISABLE]
  7. Raymond

    Help Thread Spoof and Stat Hook

    The current thread spoof in the script database does not work: Enabling this script: My character attack once meaning the call went throught, but I disconnect shortly after. I remember back then to spoof thread id it was something like this: __writefsdword(0x24,threadidpointerhere) // current thread id later it changed to this __writefsdword(0x6B8,threadidpointerhere) // real thread id later it changed to this __writefsdword(0x6B8,DecryptData(threadidpointerhere)) // real thread id is encrypted and we had to use Tsectype SetData And now I think it should be __writefsdword(0x18,threadidpointerhere) // TEB or __writefsdword(0x18,DecryptData(threadidpointerhere)) // TEB and we had to use Tsectype SetData but how to find thread id pointer? fs:[0x00000024] and fs:[0x000006B8] isnt in maplestory anymore but fs:[0x00000018] is and stat hook: I'm only able to get current hp and mp and max hp(without equip) and max mp (without equip) how to get max hp and max mp with equips and how about exp and max exp back then it was simple with CUISTATUSBAR::SETNUMBERVALUE but that doesnt work anymore
  8. Raymond

    Question Arcane Packet Exploit

    alright just wanted to update old script that's all, thanks for replies. [ENABLE] alloc(DispatchMessageA_Hook,128) alloc(SendPacket,128) alloc(SPacket,128) alloc(Packet,64) label(InjectPacket) SPacket:// 16 bytes dd 00 // Unknown 1 dd 00 // Packet Data dd 40 // Packet Size (Take care of the packet size. If your packet is bigger than the size, it will crash.) dd 00 // Unknown 2 // Drop 10 Mesos // [3F 01] [C5 96 14 0D] [0A 00 00 00] // [Header] [TimeStamp] [Mesos Amount] Packet: db C5 96 14 00 0A 00 00 00 SPacket+4: dd Packet SendPacket: /* Uncomment to send packet with non encrypted header. push 013F // Unencrypted header here lea ecx,[SPacket] call 009F2C90 // COutPacket::COutPacket(long) push #8 // Size lea eax, [Packet] push eax // Data lea ecx, [SPacket] call 007C5F30 // COutPacket::EncodeBuffer */ mov ecx,[02C73578] // CClientSocketPtr: 8B 0D ? ? ? ? 85 C9 74 ? 8D ? ? 50 E8 ? ? ? ? 8D ? ? E8 push SPacket push 014942B4 // Search for 90 C3 for fake return address jmp 00E20700 // CClientSocket::SendPacket: Follow call below CClientSocketPtr DispatchMessageA_Hook: push 70 // VK_F1 call GetAsyncKeyState shr ax,#15 cmp ax,1 je InjectPacket mov edi,edi push ebp mov ebp,esp jmp DispatchMessageA+5 InjectPacket: call SendPacket ret DispatchMessageA: jmp DispatchMessageA_Hook [DISABLE] DispatchMessageA: mov edi,edi push ebp mov ebp,esp dealloc(DispatchMessageA_Hook) dealloc(SendPacket) dealloc(SPacket) dealloc(Packet)
  9. Raymond

    Question Arcane Packet Exploit

    Wanting to update old script with non encrypted header... somehow only header get sent??? [ENABLE] alloc(DispatchMessageA_Hook,128) alloc(SendPacket,128) alloc(SPacket,128) alloc(Packet,64) label(InjectPacket) SPacket:// 16 bytes dd 00 // Unknown 1 dd 00 // Packet Data dd 40 // Packet Size (Take care of the packet size. If your packet is bigger than the size, it will crash.) dd 00 // Unknown 2 // Drop 10 Mesos // [3F 01] [C5 96 14 0D] [0A 00 00 00] // [Header] [TimeStamp] [Mesos Amount] Packet: db C5 96 14 00 0A 00 00 00 SPacket+4: dd Packet SendPacket: push 013F // Unencrypted header here lea ecx,[SPacket] call 009F2C90 // COutPacket::COutPacket(long) mov ecx,[02C73578] // CClientSocketPtr: 8B 0D ? ? ? ? 85 C9 74 ? 8D ? ? 50 E8 ? ? ? ? 8D ? ? E8 push SPacket push 014942B4 // Search for 90 C3 for fake return address jmp 00E20700 // CClientSocket::SendPacket: Follow call below CClientSocketPtr DispatchMessageA_Hook: push 70 // VK_F1 call GetAsyncKeyState shr ax,#15 cmp ax,1 je InjectPacket mov edi,edi push ebp mov ebp,esp jmp DispatchMessageA+5 InjectPacket: call SendPacket ret DispatchMessageA: jmp DispatchMessageA_Hook [DISABLE] DispatchMessageA: mov edi,edi push ebp mov ebp,esp dealloc(DispatchMessageA_Hook) dealloc(SendPacket) dealloc(SPacket) dealloc(Packet)
  10. Raymond

    Question Arcane Packet Exploit

    And to set packet data and size we have to use DecodeBuffer? cannot use this struct anymore to set it? #pragma pack(push, 1) struct COutPacket { BOOL fLoopback; union { LPBYTE lpbData; LPVOID lpvData; LPWORD lpwHeader; }; DWORD dwcbData; UINT uOffset; BOOL fEncryptedByShanda; }; #pragma pack(pop)
  11. Raymond

    Question Arcane Packet Exploit

    Script works, but useless for normal people? You don't explain how to get unencrypted header. I modified this one it drop 10 mesos and is it possible to use COutPacket structure instead of Decode Buffer? [enable] alloc(hook,256) alloc(packet, 128) alloc(coutpacket_custom, 48) label(return) label(exit) alloc(_InjectPacket,28) _InjectPacket: mov ecx, [02C73578] // CClientSocket lea eax, [coutpacket_custom] // load packet data push eax // push packet data push 014942B4 // Fake ret (any ret instruction, this one use nop ret) jmp 00E20700 // CClientSocket::SendPacket ret // Drop 10 mesos Packet // [Unencrypted Header] [TimeStamp] [Amount of Mesos] // [3F 01] [AA BB CC 00] [0A 00 00 00] packet: db AA BB CC 00 0A 00 00 00 // 8 Byte 0200AF50: // CAntiRepeat::TryRepeat jmp hook return: hook: pushad push 013F // Unencrypted header here lea ecx, [coutpacket_custom] call 009F2C90 // COutPacket::COutPacket(long) push #8 // Size lea eax, [packet] push eax // Data lea ecx, [coutpacket_custom] call 007C5F30 // EncodeBuffer call _InjectPacket exit: popad db 55 8B EC 8B 01 jmp return [disable] 0200AF50: // 7E ? 83 ? ? 7D ? 8B ? ? 2B ? 3D [Start] db 55 8B EC 8B 01 dealloc(hook) dealloc(coutpacket_custom) dealloc(_InjectPacket) dealloc(packet) is it also possible to have the header in packet: db AA BB CC 00 0A 00 00 00
  12. Raymond

    Question Arcane Packet Exploit

    Since you're willing to "pay" why don't you buy terminal. Packet.h #include <Windows.h> #include <Intrin.h> #include <queue> #pragma pack(push, 1) struct COutPacket { BOOL fLoopback; union { LPBYTE lpbData; LPVOID lpvData; LPWORD lpwHeader; }; DWORD dwcbData; UINT uOffset; BOOL fEncryptedByShanda; }; struct CInPacket { BOOL fLoopback; // 0 INT iState; // 2 union { LPVOID lpvData; struct { DWORD dw; WORD wHeader; } *pHeader; struct { DWORD dw; BYTE bData[0]; } *pData; }; USHORT usLength; // size of preceding struct USHORT usRawSeq; // pData->dw & 0xFFFF // should be DWORD, then SIZE_T, according to jony USHORT usDataLen; // usLength - 4 USHORT usUnknown; // 0xCC UINT uOffset; // sizeof(DWORD) == 4 LPVOID lpv; // idk; 1238E0? }; #pragma pack(pop) void SendPacket(LPBYTE lpBytes, DWORD dwLength); void RecvPacket(LPVOID lpvBytes, USHORT usLength); int TimeStamp(); void EnableInjectPacket(); void DisableInjectPacket(); Packet.cpp: #include "Packet.h" std::queue<COutPacket *> outqueue; std::queue<CInPacket *> inqueue; // DispatchMessageA: FF 15 ? ? ? ? 8D ? ? ? ? ? ? 8B ? ? ? ? ? E8 ? ? ? ? 85 const LPVOID *lppvDispatchMessageA = reinterpret_cast<const LPVOID*>(0x02C7B954); const LPVOID lpvDispatchMessageA_Return = reinterpret_cast<const LPVOID>(0x0216E89A); // CClientSocket::ReturnAddress: 90 C3 const LPVOID lpvCClientSocket__ReturnAddress = reinterpret_cast<const LPVOID>(0x0040105F); // CClientSocketPtr: 8B 0D ? ? ? ? 85 C9 74 ? 8D ? ? 50 E8 ? ? ? ? 8D ? ? E8 const LPVOID *lppvCClientSocketPtr = reinterpret_cast<const LPVOID*>(0x02C73578); // CClientSocket::SendPacket: [Follow call below CClientSocketPtr] typedef void(__fastcall *CClientSocket__SendPacket_t)(LPVOID lpvECX, LPVOID lpvEDX, COutPacket *oPacket); CClientSocket__SendPacket_t CClientSocket__SendPacket = reinterpret_cast<CClientSocket__SendPacket_t>(0x00E20700); // COutPacket::COutPacket(long): E8 ? ? ? ? 8B ? ? C7 ? ? ? ? ? ? E8 ? ? ? ? ? 8D [Follow call] typedef void(__fastcall *COutPacket__COutPacket__long_t)(LPVOID lpvECX, LPVOID lpvEDX, int nType); COutPacket__COutPacket__long_t COutPacket__COutPacket__long = reinterpret_cast<COutPacket__COutPacket__long_t>(0x009F2C90); // 8th function after CClientSocket::SendPacket // CClientSocket::ProcessPacket: 8B ? ? ? ? ? 8D ? ? ? ? ? ? E8 ? ? ? ? 8D ? ? ? ? ? E8 ? ? ? ? 8D ? ? ? ? ? E8 [Follow call below] typedef void(__fastcall *CClientSocket__ProcessPacket_t)(LPVOID lpvECX, LPVOID lpvEDX, CInPacket *iPacket); CClientSocket__ProcessPacket_t CClientSocket__ProcessPacket = reinterpret_cast<CClientSocket__ProcessPacket_t>(0x00E21850); // get_update_time: 8D 8E ? ? 00 00 E8 ? ? ? ? E8 ? ? ? ? 50 [Follow second call] typedef int(_cdecl *get_update_time_t)(); get_update_time_t get_update_time = reinterpret_cast<get_update_time_t>(0x02098B10); int TimeStamp() { return get_update_time(); } void __declspec(naked) InjectOutPacket(COutPacket *oPacket) { __asm { // Set class pointer mov ecx, [lppvCClientSocketPtr] mov ecx, [ecx] // Push oPacket and fake return address push [esp+0x04] push [lpvCClientSocket__ReturnAddress] // Inject packet jmp [CClientSocket__SendPacket] } } void __declspec(naked) InjectInPacket(CInPacket *iPacket) { __asm { // Set class pointer mov ecx, [lppvCClientSocketPtr] mov ecx, [ecx] // Push iPacket and fake return address push [esp+0x04] push [lpvCClientSocket__ReturnAddress] // Inject packet jmp [CClientSocket__ProcessPacket] } } void SendPacket(LPBYTE lpBytes, DWORD dwLength) { COutPacket *oPacket = new COutPacket; SecureZeroMemory(oPacket, sizeof(COutPacket)); oPacket->lpbData = new byte[dwLength]; oPacket->dwcbData = dwLength; memcpy_s(oPacket->lpbData, dwLength, lpBytes, dwLength); outqueue.push(oPacket); } void RecvPacket(LPVOID lpvBytes, USHORT usLength) { CInPacket *iPacket = new CInPacket; SecureZeroMemory(iPacket, sizeof(CInPacket)); iPacket->fLoopback = 0; iPacket->iState = 2; iPacket->lpvData = new byte[usLength]; iPacket->usLength = usLength; iPacket->usDataLen = iPacket->usLength - sizeof(DWORD); iPacket->usUnknown = 0; iPacket->uOffset = 4; memcpy_s(iPacket->lpvData, usLength, lpvBytes, usLength); inqueue.push(iPacket); } LRESULT WINAPI DispatchMessageA_Hook(const MSG *lpmsg) { if (_ReturnAddress() == lpvDispatchMessageA_Return) { try { COutPacket *oPacket; while (!outqueue.empty()) { oPacket = outqueue.front(); outqueue.pop(); InjectOutPacket(oPacket); delete[] oPacket->lpbData; delete oPacket; } CInPacket *iPacket; while (!inqueue.empty()) { iPacket = inqueue.front(); inqueue.pop(); InjectInPacket(iPacket); delete[] iPacket->lpvData; delete iPacket; } } catch (...) { } } return DispatchMessageA(lpmsg); } void EnableInjectPacket() { *(unsigned long*)lppvDispatchMessageA = (unsigned long)DispatchMessageA_Hook; } void DisableInjectPacket() { *(unsigned long*)lppvDispatchMessageA = (unsigned long)DispatchMessageA; } Form1.cpp: #include <Windows.h> #include "MainForm.h" #include "Packet.h" using namespace GMSPacketInjector; void Main(void) { Application::EnableVisualStyles(); Application::SetCompatibleTextRenderingDefault(false); Application::Run(gcnew MainForm); Application::Exit(); } void MainForm::MainForm_FormClosing(System::Object^ sender, System::Windows::Forms::FormClosingEventArgs^ e) { System::Windows::Forms::DialogResult drResult = MessageBox::Show("Are you sure you want to close this program?\n" "Closing this program will also close MapleStory.", "Close MapleStory?", MessageBoxButtons::YesNo, MessageBoxIcon::Question); if (drResult == ::DialogResult::Yes) { TerminateProcess(GetCurrentProcess(), 0); } else if (drResult == ::DialogResult::No) { e->Cancel = true; } } void MainForm::MainForm_Load(System::Object^ sender, System::EventArgs^ e) { static DWORD dwProcessID = GetCurrentProcessId(); this->Text = "[" + dwProcessID + "] GMS Packet Injector"; comboBoxPACKETTYPE->SelectedIndex = 0; this->textBoxPACKET->Enabled = false; this->comboBoxPACKETTYPE->Enabled = false; this->buttonINJECT->Enabled = false; this->labelDELAY->Enabled = false; this->textBoxDELAY->Enabled = false; this->buttonSPAM->Enabled = false; } std::string toHexadecimal(int num) { std::string str; for (int i = 0; i < 4; i++) { char tmp[10]; sprintf(tmp, (i == 0 ? "%02X" : "%02X"), (BYTE)((UINT)(num << 16) >> 16)); num = num >> 8; str += tmp; } return str; } bool IsGoodPacket(String^ strPacket, String^ &strError) { if (strPacket == String::Empty) { strError = "Packet is empty!"; return false; } if ((strPacket->Length) % 2 == 1) { strError = "Packet size is not a multiple of 2!"; return false; } for (int i = 0; i < strPacket->Length; i++) { if (strPacket[i] >= '0' && strPacket[i] <= '9') continue; if (strPacket[i] >= 'A' && strPacket[i] <= 'F') continue; if (strPacket[i] >= 'a' && strPacket[i] <= 'f') continue; if (strPacket[i] == '*') continue; if (strPacket[i] == String::Compare(strPacket, "@TIMESTAMP") == 0) continue; strError = "Invalid character detected in packet!"; return false; } return true; } bool InjectPacket(String^ strPacket, String^ &strError, bool PacketType) { if (!IsGoodPacket(strPacket, strError)) return false; Random^ randObj = gcnew Random(); String^ rawBytes = String::Empty; for (int i = 0; i < strPacket->Length; i++) { if (strPacket[i] == '*') rawBytes += randObj->Next(16).ToString("X"); else rawBytes += strPacket[i]; } using namespace System::Globalization; ::DWORD dwOffset = 0; ::DWORD dwLength = (rawBytes->Length / 2); ::LPBYTE lpBytes = new ::BYTE[dwLength]; for (int i = 0; (dwOffset < dwLength) && ((i + 1) < rawBytes->Length); dwOffset++, i += 2) lpBytes[dwOffset] = Byte::Parse(rawBytes->Substring(i, 2), NumberStyles::HexNumber, CultureInfo::InvariantCulture); try { if (!PacketType) SendPacket(lpBytes, dwLength); else RecvPacket(lpBytes, dwLength); } catch (Exception^) { } finally { delete[] lpBytes; } return true; } void MainForm::buttonINJECT_Click(System::Object^ sender, System::EventArgs^ e) { String^ strError = String::Empty; std::string strTimeStamp = toHexadecimal(TimeStamp()); String^ sTimeStamp = gcnew String(strTimeStamp.c_str()); if (this->comboBoxPACKETTYPE->Text == "Send") { if (!InjectPacket(textBoxPACKET->Text->Replace(" ", "")->Replace("@TIMESTAMP", sTimeStamp), strError, 0)) MessageBox::Show(strError); } else if (this->comboBoxPACKETTYPE->Text == "Recv") { if (!InjectPacket(textBoxPACKET->Text->Replace(" ", "")->Replace("@TIMESTAMP", sTimeStamp), strError, 1)) MessageBox::Show(strError); } } void MainForm::checkBoxPACKETINJECTOR_CheckedChanged(System::Object^ sender, System::EventArgs^ e) { if (this->checkBoxPACKETINJECTOR->Checked) { EnableInjectPacket(); this->textBoxPACKET->Enabled = true; this->comboBoxPACKETTYPE->Enabled = true; this->buttonINJECT->Enabled = true; this->labelDELAY->Enabled = true; this->textBoxDELAY->Enabled = true; this->buttonSPAM->Enabled = true; this->buttonSPAM->Text = "Spam"; } else { DisableInjectPacket(); this->textBoxPACKET->Enabled = false; this->comboBoxPACKETTYPE->Enabled = false; this->buttonINJECT->Enabled = false; this->labelDELAY->Enabled = false; this->textBoxDELAY->Enabled = false; this->buttonSPAM->Enabled = false; this->buttonSPAM->Text = "Spam"; } } int iSpamDelay = 100; void MainForm::textBoxDELAY_TextChanged(System::Object^ sender, System::EventArgs^ e) { iSpamDelay = Convert::ToInt32(this->textBoxDELAY->Text); } void MainForm::buttonSPAM_Click(System::Object^ sender, System::EventArgs^ e) { if (this->buttonSPAM->Text == "Spam") { this->buttonSPAM->Text = "Stop"; this->timerSPAM->Interval = iSpamDelay; this->timerSPAM->Enabled = true; this->textBoxPACKET->Enabled = false; this->comboBoxPACKETTYPE->Enabled = false; this->buttonINJECT->Enabled = false; this->labelDELAY->Enabled = false; this->textBoxDELAY->Enabled = false; } else { this->buttonSPAM->Text = "Spam"; this->timerSPAM->Enabled = false; this->textBoxPACKET->Enabled = true; this->comboBoxPACKETTYPE->Enabled = true; this->buttonINJECT->Enabled = true; this->labelDELAY->Enabled = true; this->textBoxDELAY->Enabled = true; } } void MainForm::timerSPAM_Tick(System::Object^ sender, System::EventArgs^ e) { String^ strError = String::Empty; std::string strTimeStamp = toHexadecimal(TimeStamp()); String^ sTimeStamp = gcnew String(strTimeStamp.c_str()); if (this->comboBoxPACKETTYPE->Text == "Send") { if (!InjectPacket(textBoxPACKET->Text->Replace(" ", "")->Replace("@TIMESTAMP", sTimeStamp), strError, 0)) { this->buttonSPAM->Text = "Spam"; this->timerSPAM->Enabled = false; this->textBoxPACKET->Enabled = true; this->comboBoxPACKETTYPE->Enabled = true; this->buttonINJECT->Enabled = true; this->labelDELAY->Enabled = true; this->textBoxDELAY->Enabled = true; MessageBox::Show(strError); } } else if (this->comboBoxPACKETTYPE->Text == "Recv") { if (!InjectPacket(textBoxPACKET->Text->Replace(" ", "")->Replace("@TIMESTAMP", sTimeStamp), strError, 1)) { this->buttonSPAM->Text = "Spam"; this->timerSPAM->Enabled = false; this->textBoxPACKET->Enabled = true; this->comboBoxPACKETTYPE->Enabled = true; this->buttonINJECT->Enabled = true; this->labelDELAY->Enabled = true; this->textBoxDELAY->Enabled = true; MessageBox::Show(strError); } } } Reference: https://ccplz.net/threads/mini-source-code-packet-sender-cli-c.7733/ https://ccplz.net/threads/release-sendpacket-function-source.41982/ Send inject you have to manually log packet with mapleshark to get header unless some 1337 hacker is able to tweak it to send non encrypted header. Recv inject is broken (does not work) either wrong address outdated structure more check idk updated by unknown on (cannot name site dot com) quoted from unknown
  13. Raymond

    Help Packet Inject Script

    [ENABLE] alloc(DispatchMessageA_Hook,128) alloc(SendPacket,128) alloc(SPacket,128) alloc(Packet,64) label(InjectPacket) SPacket:// 16 bytes dd 00 // Unknown 1 dd 00 // Packet Data dd 40 // Packet Size (Take care of the packet size. If your packet is bigger than the size, it will crash.) dd 00 // Unknown 2 // Drop 10 Mesos // [B8 0F] [C5 96 14 0D] [0A 00 00 00] // [Header] [TimeStamp] [Mesos Amount] Packet: db B8 0F C5 96 14 0D 0A 00 00 00 SPacket+4: dd Packet SendPacket: mov ecx,[02C73578]// CClientSocketPtr: 8B 0D ? ? ? ? 85 C9 74 ? 8D ? ? 50 E8 ? ? ? ? 8D ? ? E8 push SPacket push 0040105F // Search for 90 C3 for fake return address jmp 00E20700 // CClientSocket::SendPacket: Follow call below CClientSocketPtr DispatchMessageA_Hook: push 70 // VK_F1 call GetAsyncKeyState shr ax,#15 cmp ax,1 je InjectPacket mov edi,edi push ebp mov ebp,esp jmp DispatchMessageA+5 InjectPacket: call SendPacket ret DispatchMessageA: jmp DispatchMessageA_Hook [DISABLE] DispatchMessageA: mov edi,edi push ebp mov ebp,esp dealloc(DispatchMessageA_Hook) dealloc(SendPacket) dealloc(SPacket) dealloc(Packet)[/CODE] This work for sending packet with encrypted header. How do you call COutPacket::COutPacket to send with non-encrypted header using the orginal script? [CODE] mov ecx,[02C73578]// CClientSocketPtr: 8B 0D ? ? ? ? 85 C9 74 ? 8D ? ? 50 E8 ? ? ? ? 8D ? ? E8 push SPacket // Packet data push 0040105F // Search for 90 C3 for fake return address jmp 00E20700 // CClientSocket::SendPacket: Follow call below CClientSocketPtr [/CODE]
  14. Raymond

    Help!? GMS Bypass Help Thread

    NGS Updated for GMS (2.12.20.0)
  15. Raymond

    Outdated GMS Script Library v173

    no it still works for some skills i only tried metal press.
×