Need help bad

[topgun]

Before the last patch, everything worked perfectly.
But not anymore.
I have now tried 4-5 diffentet keygrappers. No problems getting them to work.
But everysingle one print the following.

OpenProcess failed, Error: 5

Im running it on a Windows XP. Actually i have tried it on 4 PC, but all running XP.
I was using KaL keygrapper before the patch. I have ofcause compiled it with the new offset. Didn't help. Then i have tried a lot of the other keygrappers on the board, same thing.

NEED HELP, im dying here....

[Fletch]

Originally posted by topgun
Before the last patch, everything worked perfectly.
But not anymore.
I have now tried 4-5 diffentet keygrappers. No problems getting them to work.
But everysingle one print the following.

OpenProcess failed, Error: 5

Im running it on a Windows XP. Actually i have tried it on 4 PC, but all running XP.
I was using KaL keygrapper before the patch. I have ofcause compiled it with the new offset. Didn't help. Then i have tried a lot of the other keygrappers on the board, same thing.

NEED HELP, im dying here....

baelang posted this thread about that error.

http://seq.sourceforge.net/showthrea...s+failed+Error

You will need to check what sniffer you are using and either adjust yours or try a new one.

[Mongo222]

I am running a very slightly modified version of hoihoi's code, and I was having the exact same issues. The problem is that SoE has changed the access list on eqgame.exe. I have gotten around this by adding Uncle Ben's debug priveledge code.

Even though this works I highly reccomend that you don't use this code, or sniffers that use a simular method.

SoE has already demonstraited that they are aware of the early key sniffers methods and are reacting to them. The changes in the process access list show this. Which means they are on to this method. Therefor it's probably safe to assume they are in a possition to send information about sniffer use on these older methods back to the server. I have no evidence that they are doing this, but it wouldn't surprise me.

The only reason I am useing this code, and not something based on maggotboy's code is because the only compiler environment I have available to me at the moment is cygwin. As far as I can gather no one has gotten maggotboy's code to compile and work in this envirornment.


Having said that... this code works. I just don't think it's safe anymore. This code should (might) compile in most compiler envirornments. I use cygwin, that's the only place I say it works in for sure.

compile with...

gcc -o thing.exe thing.c -lth32 -lwsock32

Code:

#include <winsock2.h>
#include <stdio.h>
#include <string.h>
#include <tlhelp32.h>
#include <time.h>
#include <unistd.h> 


#define CONF_FILE "c:/senseheading/senseheading.conf"
#define CONF_SIZE 16

struct CONFIG
{
        unsigned long long SessionKeyLocation;
        unsigned int SendInterval;
        char seq_ip[16];
        int seq_port;
} config;

int SendSessionKey(unsigned long long SessionKey);

int readkey (HANDLE hProcess, int useConfig)
{
        while (1)
        {
                unsigned long addr;
                unsigned long long key = 0xffffffffffffffffULL;

                char keypressing;

                if (useConfig == 0)
                {
                        printf ("\nenter offset (ie: 0x00773b90): ");
                        if (scanf ("%08x", &addr) == 1)
                        {
                                printf ("offset:\t0x%08x\n", addr);
                        }
                }
                else
                        addr = config.SessionKeyLocation;

                if (ReadProcessMemory (hProcess, (void *)addr, &key, 8, NULL) == 0)
                {
                        printf ("ReadProcessMemory on 8 bytes at 0x%08x failed: %u\n", addr, GetLastError());
                        return(-1);
                }
                else
                {
                        printf ("Session key:\t0x%016llx\n", (unsigned long long) key);

                        if ( useConfig == 1)
                        {
                                if (SendSessionKey(key) != SOCKET_ERROR)
                                        printf("Sent the session key to %s:%d\n", config.seq_ip, config.seq_port);
                                else
                                        printf("Failed to send the session key to %s:%d\n", config.seq_ip, config.seq_port);
                        }

                        if (config.SendInterval != 0)
                                Sleep(config.SendInterval*1000);
                        else
                        {
                                printf("\nPress some key to continue");
                                scanf("%s", &keypressing);
                        }
                }
        }

        fflush (stdin);
}

int scanproclist ( int useConfig )
{
    HANDLE         hProcessSnap = NULL;
    PROCESSENTRY32 pe32      = {0};
    int retcode = 0;

    //  Take a snapshot of all processes in the system.
    hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

    if (hProcessSnap == INVALID_HANDLE_VALUE)
        return retcode;

    //  Fill in the size of the structure before using it.
    pe32.dwSize = sizeof(PROCESSENTRY32);

    if (Process32First(hProcessSnap, &pe32))
    {
                HANDLE hProcess;

        do
        {
            LPSTR pCurChar;
                        char pName[512];

            // strip path and leave exe filename
            for (pCurChar = (pe32.szExeFile + strlen (pe32.szExeFile));
                 *pCurChar != '\\' && pCurChar != pe32.szExeFile - 1;
                 --pCurChar)

            strcpy(pName, pCurChar);
                        strlwr(pName);

                        if ( (strncmp (pName, "testeqgame", 10) == 0) || (strncmp (pName, "eqgame", 6) == 0) )
                        {
                                printf ("found eqgame - pid = %u\n\n", pe32.th32ProcessID);
                                hProcess = OpenProcess (PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
                                if (hProcess == NULL)
                                {
                                        DWORD dw;
                                        dw = GetLastError();
                                        printf ("OpenProcess failed, error: %u\n", dw);
                                        return retcode;
                                }
                                retcode = readkey (hProcess, useConfig);
                        }
          }
        while (Process32Next(hProcessSnap, &pe32));
    }

    CloseHandle (hProcessSnap);
    return retcode;
}


int ReadConfig (void)
{
        int useConfig = 0;
        char conf_buffer[CONF_SIZE];

        GetPrivateProfileString("Client", "SessionKeyLocation", "0", conf_buffer, CONF_SIZE, CONF_FILE);
        config.SessionKeyLocation = strtol(conf_buffer,NULL,16);

        GetPrivateProfileString("Client", "SendInterval", "0", conf_buffer, CONF_SIZE, CONF_FILE);
        config.SendInterval = atoi(conf_buffer);

        GetPrivateProfileString("ShowEQ", "IP", "0", conf_buffer, CONF_SIZE, CONF_FILE);
        strcpy(config.seq_ip, conf_buffer);

        GetPrivateProfileString("ShowEQ", "Port", "0", conf_buffer, CONF_SIZE, CONF_FILE);
        config.seq_port = atoi(conf_buffer);

        if (config.SessionKeyLocation > 0)
                useConfig = 1;

        return useConfig;
}

int SendSessionKey(unsigned long long SessionKey)
{
        int ret;
        WSADATA wsd;
        SOCKET ssocket;
        SOCKADDR_IN seq;

        if (WSAStartup(MAKEWORD(2, 2), &wsd) != 0)
        {
       printf("WSAStartup failed!\n");
           return SOCKET_ERROR;
        }

        ssocket = socket(AF_INET, SOCK_DGRAM, 0);
        if (ssocket == INVALID_SOCKET)
        {
                printf("socket() failed; %d\n", WSAGetLastError());
                return SOCKET_ERROR;
        }

        seq.sin_family = AF_INET;
        seq.sin_port = htons((short)config.seq_port);
        seq.sin_addr.s_addr = inet_addr(config.seq_ip);

        //ret = sendto(ssocket, &SessionKey, sizeof(unsigned long long), 0, (SOCKADDR *)&seq, sizeof(seq));
        ret = sendto(ssocket, (char *) &SessionKey, sizeof(unsigned long long), 0, (SOCKADDR *)&seq, sizeof(seq)); 
        if (ret == SOCKET_ERROR)
                return SOCKET_ERROR;

        closesocket(ssocket);
        WSACleanup();

        return 0;
}


BOOL enable_debug_privs() /*This function makes it so you can run the program anytime without gettting the OpenProcess error 5 message */ 
{ 
HANDLE hToken; /* process token */ 
TOKEN_PRIVILEGES tp; /* token provileges */ 
TOKEN_PRIVILEGES oldtp; /* old token privileges */ 
DWORD dwSize = sizeof (TOKEN_PRIVILEGES); 
LUID luid; 

if (!OpenProcessToken (GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) 
{ 
if (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED) 
return TRUE; 
printf ("OpenProcessToken() failed: %d\n", GetLastError()); 
return FALSE; 
} 

if (!LookupPrivilegeValue (NULL, SE_DEBUG_NAME, &luid)) 
{ 
printf ("LookupPrivilege() failed: %d\n", GetLastError()); 
CloseHandle (hToken); 
return FALSE; 
} 

ZeroMemory (&tp, sizeof (tp)); 
tp.PrivilegeCount = 1; 
tp.Privileges[0].Luid = luid; 
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; 

/* Adjust Token privileges */ 
if (!AdjustTokenPrivileges (hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), &oldtp, &dwSize)) 
{ 
printf ("AdjustTokenPrivileges() failed: %d\n", GetLastError()); 
CloseHandle (hToken); 
return FALSE; 
} 

return TRUE; 
} 



int main(void)
{

        if (enable_debug_privs() == FALSE) 
                printf ("Can't Enable Debug Privs"); 

        if (ReadConfig() == 1) {
                printf("config file name is: %s \n", CONF_FILE) ;
                while (1) {
                        printf ("scanning for game\n");
                        if (scanproclist(1)==0) Sleep(config.SendInterval*1000);
                        }
                }
        else {
                printf("error reading config file: %s \n", CONF_FILE) ;
                exit (1) ;
                }

        return 0;
}

[Amadeus]

SoE has already demonstraited that they are aware of the early key sniffers methods and are reacting to them. The changes in the process access list show this. Which means they are on to this method. Therefor it's probably safe to assume they are in a possition to send information about sniffer use on these older methods back to the server. I have no evidence that they are doing this, but it wouldn't surprise me.

I've said before, and I'll say it again: EQ sucks without ShowEQ. If they catch me and ban the account, it'll just be another reason to stop paying them $300 a year and try another game.

And, I'm sure there are others like me. I hope someone at Sony is reading it too so they can see how bad their damn game is without at least the amusement that SEQ provides.

[mvern]

>> SoE has already demonstraited that they are aware of the early key sniffers methods and are reacting to them.
>> The changes in the process access list show this.

The changes were made at the same time as passive decryption was broken, before any keysniffers existed. However, the access settings werent being set till you reached char select, thanks to some poor programming work on their part. Looks like they just now finally fixed that so it happens as soon as eq is started. I originaly posted the debug privs code about 3 weeks ago, so they arent exactly trying very hard either

[MisterSpock]

With the current incarnation of eqgame.exe, I don't believe that the debug privs versions of the keysniffers present any risk. As I have said before, it is NOT a trivial task to detect this style of keysniffer. There are things they can do to attempt to make it harder for this type of keysniffer to work, but detection is a whole different ballgame.

[Mongo222]

Thanks for the info mvern, and Mr. Spock.

I feel a better about running the code I posted now.

Mostly i just wanted to make sure that it's clear that if you run the code I posted and you end up banned or something, don't come whining to me.

Also it should be noted that The only thing I take credit for here is gathering a few pieces of code together in the same spot. Anyone should be able to do after reading the boards.

The real credit goes to guys like mvern, hoihoi, uncleben, ect...