Okie here it is. Now believe me I know there are bugs in this thing and it isnt meant to be a "grabit-compileit-and useit" type project. This is to give you an idea of WTF is going on in all that C code and make something to use for yourself. As far as the code goes, I had to break a few rules of code formatting I am usually highly against. (i.e. referencing Form objects from public subs, general U LONG LONG workarounds etc..) but it does work.

Note: There is code listed in the getting the PID for win 98/95 but i didnt implement it. If you need this to work for these operating systems you will need to do some coding :) So in other words this will only work in 2000/XP

Edit: Added Bitshift's code for retrieving an offset (thanks for the addition bud) and fixed some little annoying bugs

Enjoy :)

VB Sniffer.rar (http://users.adelphia.net/~jbobo/downloads/vb_sniff.rar)

The source for this would be very nice :)

Please do. It would be nice to see some source code that even a lame winblows programmer can follow. hey, wait a minute. I resemble that remark!

I would be very interested in seeing the VB source. I am pretty familiar with VB6 and VB.Net but this c++ is giving me a headache :)
z

This may sound stupid but this new seq is so confussing to me what is VB once i know what that is I will then know if i am interested or not. The whole idea of needing windows to get the code is scarey for me, And as i am reading all the posts and trying to figure everything out it confusses me more and more.

Unfortuently I am the type of person that needs to see how something is down right in front of me then read it and do it. I learn form seeing it not... well repeating myself. So any expanded information is great then i can try and work from there, it will take me a while to figure it out though /sigh.

I feel like such a tiny fish in a huge ocean and most what is being said in all the forums flies over my head. I reread all the forums everyday and sometimes 3 times a day trying to understand what is being done and how it is being done.

Well enough on that be gentle plz and I will eventually get what is going on just may take me forever.


Sweet I would be interested in that the easier the better for me ;)

While, I haven't used, nor do I plan on using, a key sniffer, I think the greater the diversity in the sniffer kindom the better. So yes pleas e post it :D

He he he, can I write one in qbasic? Hows that for diversity :)

Actually, I just ordered two "for dummies" books on C++, so let's see how dangerous I can really be :)

I also wouldn't mind seeing the code in a more readable "human" layman form...

free baby kitten to the first person to post a working sniffer in forth

i would say cobol.. but then someone might do it

dn

i'll be posting source code within the hour ... please UPS the kitten to me at

Chutney,
c/o George W
1600 Pennsilvania Ave
Washington, DC, 20001

k. thx.

/e wonders what the reaction at the white house would REALLY be upon receipt of a kitten via UPS.

Please don't mention COBOL. I have homework to do in that freaking class... Writing keysniffers in c and c++ and writing COBOL that calculates GPAs... Whats wrong with this picture?!

Lol

<------------- wonders if the VB code is more "readebly" than an c++ p

The more difference the better - ordered Borland c++ p, but dont know if it makes other code than VC

Please do! Qbasic structure would be easy to follow, and most windows users have access to it. People like me, who started on an osborne and upgraded to commodore 64 would probably find it very interesting. I would like to see one in assembly code too...

Dana- VB is Visual Basic. Its based on the old DOS basic language. it was designed for beginners, and is very easy to read.

VB is Visual Basic, to go along with all the rest of Microsoft's Visual languages.

I would like to see the beta code too, so I don't have to learn C++. hehe

I was wondering how long it would be before someone wrote a keysniffer in VB, but I thinking it would be much more 'messy' than using C, because if I understand correctly, the key is 64bit, and VB doesn't have any variables that support a value 64bits long, unless that has changed in VB.NET.

I remember reading that you can "fake" a 64bit value by using VB's "currency" variable and then multiplying the value by 10,000 , but that can lead to problems if you are trying to store a value that will exceed a 64bit limit once it's multiplied by 10,000.

Maybe those problems only apply if you're actually trying to DISPLAY the key, but if not, I'd be interested to see how you dealt with all of VB's madness, please post some code.
:D

VB code would be great - I can use it for more ideas for more of the many sniffer experiments I'm writing (next week I should have my current experiment finished and will post code - this time its a windows service that starts up with your computer, checks if EQ is running every minute, and if it is grabs the key every 10 seconds and if the key is new sends it to SEQ over UDP)

As for VB support for 64-bit variables, a 8-member byte array would work and you just have to write a bit of custom stuff to print it on the screen (sending over UDP just pass it the address of the array and pretend it's a single variable). Or in .NET (any .NET language) you can use a UInt64.

You guys want a Borland Builder version?

All the GUI and RAD of VB but using a real language to program in....

Borland Builder > all :cool:



Visual Basic is the devil. I'm so sorry I'm not a board administrator so that I could delete these satanic notions of using Visual Basic and save your souls. I hope that you all will forgive me when you're burning in the fiery hells of code bloat for not leading you to the light.

And you think I'm just kidding.... ;)

No one said that VB was the 'best' language to write in. But it is very easy for a beginning programmer to follow, and may help people to understand the fundamentals of what we are trying to do. IMHO we should all be writing in assembly code. But in some cases, simpler is better...

Hmm assembler - i think the last assembler routin i did was on apple II - looooooooooong time ago :cool:

Comic Books are easy to read too, but they don't use it in school to teach English classes :)

Honestly, and no offense, but Visual Basic is a scourge and needs to be purged when at all possible. I can stand it if it's used for plugins for other microsoft programs (ie, excel or even internet explorer) ...but to write an application in visual basic from 'scratch', per se, is just wrong somehow. It's like dumping nuclear waste into a beautiful forest...it works, but it's just 'wrong' :)

I'm sorry this is so off-topic, but the subject did mention visual basic..and one must continue the crusades you know

Is the source now contained in the origianal link (rar file) or is it still pending? I am very interested to see the source but don't have a rar extracter and it wanted $30 to get one.

Originally posted by Amadeus [...] but Visual Basic is a scourge and needs to be purged when at all possible. [...]The real scourge is statements like this. What matters is the quality of code and how appropriate the application of a particular technology is to the problem at hand. While I am personally not a big fan of VB, I would be naïve to make a statement that it is never appropriate. Sure there are places where VB is not an appropriate tool to use, but there are just as many places where C, C++, assembly, [insert your language here] are not appropriate as well.

In software development, there are more factors then the geek or coolness factor. You have to consider short-term and long-term costs for both development and maintenance of your code base. You have to consider the skill base of your development, deployment, and maintenance staff. You also have to consider the nature of your staff – will the people writing the code be around for the entire life-cycle of the system or will the software get maintained by different groups of people? Don't forget to ask about what problem you are trying to solve as different languages are stronger and weaker at solving various kinds of problems.

I am not arguing for or against any particular language, but I am saying that you need to look at the whole picture before making a blanket statement.

Finally, if people insist on making blanket statements about VB they need to be sure to distinguish between VB and VB.NET, they are completely different animals.

Edit: spelling

Link to download Winrar

http://download.com.com/3000-2250-10007677.html

bonkersbobcat,

I agree 100% with you. I wasn't going to post anything about his comment either, but I see you couldn't hold back. It is only fair to know what you are talking about before making such accusations on languages you clearly don't understand. Most decent programmers can use many different languages and know when to use the right tool for the job at hand.

Nice Post bonkers,


Ricochet.

My opinions on this.. it wont touch my computer util the source comes out and i personally build it. Visual basic is much easier, and alot of the "script kiddies" out there are being born from the ease of VB with the security holes it allows to be exploited. back when there were true viruses, ( i have yet to see an actual virus in years, these new ones are just worms and trojans) you needed to have actual computer knowledge in assembly. you cant write a virus in a high lvl language such as C or Basic.. also Basic wasnt DOS.. microsoft made a version that came with dos, but the origins are FAR before than. (check out the difference between compiler and an interperater).

To summarize, bring me the source, then i'll build it and test it out. otherwise, too possible to be a passwd stealer IMO.


no offense was ment to anyone in the message, just my own personal opinions.

Ehhh....the first post in this thread is a rar'd VB project UN compiled........

Hehe, well you should have known that people would rag on Visual Basic, but the truth of the matter is that this is the most feature-rich and best working sniffer source posted thus far. Anyway, thanks for posting your source. The only feature that seems to be missing is an "auto-offset finder", which is described in a couple other posts on this board.

I took the ideas from those posts and whipped something up. Just stick a button anywhere you like, name it command8 and post the following code in.......



Private Sub Command8_Click()
Dim SearchVal As String
Dim Buffer As String
Dim Offset As Long
Dim KeyLocation As String
Dim HexKeyLoc As String

SearchVal = Chr(&HC1) & Chr(&HE0) & Chr(&H8) & Chr(&H99) & Chr(&H9) & Chr(&H5)

Mem_Offset.Text = Empty: DoEvents

Open EQ_Path.Text For Binary Access Read As #1
Buffer = Input(LOF(1), #1)
Close #1

Offset = InStr(Buffer, SearchVal)
KeyLocation = KeyLocation & Mid(Buffer, Offset + 6, 3)

HexKeyLoc = Hex(Asc(Mid(KeyLocation, 3, 1))) & Hex(Asc(Mid(KeyLocation, 2, 1))) & Hex(Asc(Mid(KeyLocation, 1, 1)))

Mem_Offset.Text = "&H" & HexKeyLoc
End Sub


I'm sure it can be improved, but it works. Oh, and anyone using this will want to point the EQ_PATH to eqgame.exe, not everquest.exe, otherwise it won't work.

Neato Bitshift! I will add this in and also fix a couple of stupid bugs I have found. and re-upload it :)

Edit: On your code Bitshift, I took the EQ_Path field and stripped the path off of the string and then appended "eqgame.exe". Makes it a bit easier. The new version is uploaded.

Originally posted by spectre
back when there were true viruses, ( i have yet to see an actual virus in years, these new ones are just worms and trojans) you needed to have actual computer knowledge in assembly.

My point exactly, Spec. If you look at EQ through the eyes of an assembly debugger, then you can see PRECISELY what it is doing on your computer. Also, the possibility of PATCHING it comes to mind. I think it was ++ORC that said "with the proper tools, even the hardest nut can be cracked". Let us not discard any tool that may be useful. Your high-tech #6 torx-head driver will do you no good on a phillips head screw ), IMHO.

I'm not really into VB. but the code above doesn't look like a keysniffer. It looks like the VB code that would be used to find the offset where the key is held within eqgame.exe.

Actual keyripping code would need to call API's etc...

Umm Spock...Did you see the link on the starting post on this thread? That is a download to the whole VB project. That code above IS reading the offset within eqgame.exe and is a small addition to the entire project. Bitshift explained that quite explicitly ABOVE the code he posted.

edit: Made this a bit more benign :)

Originally posted by Logic_Dingo
edit: Made this a bit more benign :)

Nice to see cool heads prevailing

UZ <------- still collating...

Sorry, Dingo. There are times when I can look at the same thing, read it 4 times, and still miss the obvious.

I called 1-800-DUMBASS and they're helping me recover.

i apologize.. i spoke without looking it all up.... been a hectic weekend.. had to re-build my whole counterstrike server due to some script kiddie..(didnt NEED to, but its easier than doing a full audit... im just cautious of anything Visual anything, especially VB.. i dont see too many worms being done in anything other than VB these days... (there are more password sniffers out there than you might think..)

If anyone is familiar with spyworks, you can catch the call that eqgame is making to use the key that is stored in memory to decode the information for the client. Once you find the call you can display the key which is the key we want... This does not touch system memory (as far as i know), it would just be intercepting the process and displaying it on screen...

I will be looking into this a little more, do correct me if i'm wrong...

hmmm, this is the wrong place to come looking for help but I thought maybe someone would know whats up before I figure it out. I have not developed in VB since VS 6.0 but I wanted to give this a go. I got my hands on VS 7.0 (.Net), installed and then tryed converting this VB project to VB .Net. I get an error in the conversion that says I don't have design time licenses for CommonDialog and Winsock. Anyone know why installing VS 7.0 would not give me those? Is my installation fubared?
Any help you can give would be appreciated. Thanks.

nm, I figured it out. I had to install VB 6.0 to get the design time licenses.

How would this be altered to be useful on Win98?

Only thing worse than a nerd is a nerd with an opinion :)

Erice2,

Did you actually get the code to convert and work?

Blade_DSS