The project is not finished and is discontinued. I don't need feedback for it, so i think it don't matches the "Applications - Feedback and Discussion" forum and it is not realy a trick or tipp so i just post this in "Genereal Discussion".
First of all, what is it for a program?
It's a advanced cheating tool. Made for one specific game: Sacred 2 Fallen Angel.
I made this tool with permission of the Sacred 2 developers. It was intendet do be used on testing the multiplayer part for cheat safety. However i left the beta test befor release of Sacred 2. So the tool was discontinued and not finished. Anyway it still have some code in it that can be educational for people interessted in such stuff.
Interessting things in it:
- DLL injection
- API hooking
- inline hooking (hooking of the ingame console)
- calling of procedures (print text to the ingame console)
- version independent manipulation of code
- plugin system
Screenshot of S2HackIt in action: http://www.gametreasure.de/bilder/s2hackit03.jpg
If you want to test the tool:
S2HackIt is version independent and will work with every Sacred 2 version i know of, even with the demo version.
Installation of S2HackIt
Extract the .zip to the "system" folder in your Sacred 2 folder.
launching S2HackIt
- launch Sacred 2
- wait until Sacred 2 is complete loaded
- launch the "Injector.exe" located in the S2HackIt folder
After launching it, it hooks itself to the ingame console of Sacred 2. So you can use the ingame console to give S2HackIt commands.
commands
Eject
Unloads S2HackIt. (Uninstalls all hooks and unloads itself: S2HackIt.dll.)
Freeze
Freezes Sacred 2.
Technicaly all threads of Sacred 2 will be suspended. This is including the console. You can use F12 to unfreeze it.
UnFreeze
Unfreezes Sacred 2. This command is only applicable in batch files.
lauching a batch file
Just type in the name of the batch file excluding the extension.
batch files
Just normal ASCII text files with the extension .s2hb.
One command per line. All core commands and plugin commands are usable.
You can launch other batch files from a batch file.
MemPatcher plugin
Plugin for S2HackIt that adds commands for manipulating the memory of Sacred 2.
Patch address data
Overwrites the memory on the specified address with the specified data.
Address and data have to be entered in hex.
PatchPtr pointer_adresse relative_address data
Overwrites the memory on the address the specified pointer is pointing to.
relative_address will be added to the pointer.
PatchMod modul_name relative_address Data
Overwrites the memory in the specified modul.
modul_name is a char string and specifies the module, for example: s2core.dll
relative_address will be added to the base address of the specified modul.
NetHack plugin
It's basicly a winsock hook and adds commands to S2HackIt for logging and manipulating packets.
This plugin is not finished, the filtering of packets don't works and a lot of commands are not implemented. I will list here only the implemented commands.
NetLog
Starts the logging of network packets.
NetShow log-ID
Outputs the hex dump of the spezified packet.
NetFltEx
Sets the filter mode to exclude. (standart)
NetFltIn
Sets the filter mode to include.
NetReLoadFlt
Reloading all filters.
Usefull if you have altered a filter or created a new with a text editor. So you don't have to restart S2HackIt.
NetActFlt filter_name
Activates a filter.
filter_name is the filename of the filter excluding extension.
NetDeActFlt filter_name
Deactivates a filter.
NetHack filter format
NetHack filters are normal ASCII text files with the extension ".flt".
First comes a header:
Code: Select all
NetHack Filter
Version: 1
Type: Check/Edit
Mode: Raw/Event
Direction: In/Out/Any
IP: Number/Any
Port: Number/Any
Only check type is implemented. Check filters are usefull for excluding packets from logging. If the filter result is true the packet will not be logged. You can reverse this by changing the filter mode to include.
The header is followed by a filter pattern:
The filtering of every byte is encoded in 3 chars. The first char is a comparison operator. The 2 following chars are the hex code of the value to compare with. The first byte of a packet will be compared with the first value in the filter, the second byte with the second value and so on.
comparison operators:
= true if byte in packet equals the hex code in the filter
! true if byte in packet unequals the hex code in the filter
> true if byte in packet is bigger than the hex code in the filter
< true if byte in packet is smaller than the hex code in the filter
? don't compares, this is for ignoring bytes in the packet
A special byte filter operation is ^??
It specifies that all following bytes of the packet should be ignored.
If you don't add this to the end of the filter pattern it will filter the packet only if the packet size matches the filter size.
Example:
Code: Select all
NetHack Log Filter
Version: 1
Type: Check
Mode: Raw
Direction: In
IP: Any
Port: Any
Pattern
=EF =FF =FF =CD ??? ??? ??? ??? >04 ^??
I know i wanted to investigate the hook thing a little more, but after looking at the NetHack I think i'm going to check out some packet action and see what i can come up with. Very nice.
