May 4, 2007
This have been sitting on my Desktop for a long time, and now I am itching to release it.
This probably will help people making their own bot, or customize MzBot… etc
( Hint: This can be used to bypass ACTools, figure it out yourself! )
Who:
By Zuan, of course. All files signed, do check it.
What:
This is a DLL ( with .lib or .h ), that would use MzBot to provide bypassed SendInput function call.
When:
Now!
Where:
Zuan’s blog!
DL Link: http://filexoom.com/files/2006/12/20/49476/MzBot2%20API%20Beta%202.zip
http://www.divshare.com/download/623977-461
How:
If you know how to do dynamic DLL loading, then you probably know what to do… ( Most of you should know dynamic DLL loading… )
If you don’t, and use BC++ or VC++, then you can use the header file. ( One extra layer with the header, so not so recommended. )
If you use other language, ( except Java and some “You-just-shouldn’t-write-a-bot-with-it” language. ) then you probably can make use of the .lib and .def file…
APIs:
InitMzBot() (DLL) / MzBot_Init() (.h) — Init the module, locate MzBot process, if it return 0, means failed.
AltSendInput() (DLL) / MzBot_SendInput() (.h) — Bypassed function for you to play with. =) Do not call if not init.-ed.
27 Comments | 
MapleStory Hacking, MzBot | 
Permalink
Posted by john0312
March 26, 2007
I was very busy over the past few weeks, so I didn’t really do any MzBot development.
Today, I freed up 2 hour, and added in 2 extra command, and 1 IPC.
Sorry, some rants here:File system is the WORST IPC I have ever tried!
Ok, let me introduce the new features:
- ss command, this command will allow you to send keyboard scan code. Eg:
ss 29
Would help you press the Ctrl key once, which is the attack key.
- mc command, this command will allow you to stimulate a left mouse click. Eg:
mc
Would help you to LeftClick once
- File system IPC. Now your programme can send command to MzBot! With this feature, you can now write a GUI to MzBot, by sending MzBot commands (vs) to it.
Also, you can write your own bot by sending the ss and mc command to MzBot!
How you can do this is:
- Try to access C:\toBzM.comm.instr
- If the file is empty, or not found, MzBot is probably ready.
- Write whatever command you want MzBot to do in the file
- Close the file.
- When the file is empty, or not found again, MzBot have done the command.
By the way, starting from this version, all MzBot from me will be signed, meaning that you can check the integrity of the file.
Note: If your programme is using MzBot for botting function, please do add in “Botting component powered by MzBot”
Download points:
http://filexoom.com/files/2006/12/20/49476/MzBot_Lite-2.0.0-Beta2.zip
http://filexoom.com/files/2006/12/20/49476/MzBot_Lite-2.0.0-Beta2.rar
25 Comments | 
MapleStory Hacking, MzBot | 
Permalink
Posted by john0312
March 13, 2007
As we know, if you start MzBot before you start your UCE, the UCE will screw up. However, there’s a fix to this. I am actually surprised that no body came up with it.
Look for the handler of IOCTL_CE_INITIALIZE in DBKDrv.c, looks like this: (I formatted it a bit so it looks nice)
i=-25;//takes some longer to load now....
while (i=pinp->AddressOfWin32K) &&
((UINT_PTR)PossibleKeServiceDescriptorTableShow[i].ServiceTableAddressOfWin32K+pinp->SizeOfWin32K)) &&
((UINT_PTR)PossibleKeServiceDescriptorTableShow[i].ArgumentTable>=pinp->AddressOfWin32K) &&
((UINT_PTR)PossibleKeServiceDescriptorTableShow[i].ArgumentTableAddressOfWin32K+pinp->SizeOfWin32K)) &&
(PossibleKeServiceDescriptorTableShow[i].TableSizeAssociatedIrp.SystemBuffer=(UINT_PTR)KeServiceDescriptorTableShadow;
DbgPrint("KeServiceDescriptorTableShadow[0]=%p",&KeServiceDescriptorTableShadow[0]);
DbgPrint("KeServiceDescriptorTableShadow[1]=%p",&KeServiceDescriptorTableShadow[1]);
DbgPrint("KeServiceDescriptorTableShadow[2]=%p",&KeServiceDescriptorTableShadow[2]);
DbgPrint("KeServiceDescriptorTableShadow[3]=%p",&KeServiceDescriptorTableShadow[3]);
AddSystemServices();
break;
}
}
i++;
}
Then you replace it with:
if ( (ULONG) ((PSERVICE_DESCRIPTOR_TABLE) (((ULONG)KeServiceDescriptorTable)+0x40))->ServiceTable == (ULONG) KeServiceDescriptorTable->ServiceTable ) {
KeServiceDescriptorTableShadow = (PSERVICE_DESCRIPTOR_TABLE) (((ULONG)KeServiceDescriptorTable)+0x50);
ntStatus=STATUS_SUCCESS;
} else if ( (ULONG) ((PSERVICE_DESCRIPTOR_TABLE) (((ULONG)KeServiceDescriptorTable)+0x140))->ServiceTable == (ULONG) KeServiceDescriptorTable->ServiceTable ) {
KeServiceDescriptorTableShadow = (PSERVICE_DESCRIPTOR_TABLE) (((ULONG)KeServiceDescriptorTable)+0x150);
ntStatus=STATUS_SUCCESS;
} else if ( (ULONG) ((PSERVICE_DESCRIPTOR_TABLE) (((ULONG)KeServiceDescriptorTable)-0x40))->ServiceTable == (ULONG) KeServiceDescriptorTable->ServiceTable ) {
KeServiceDescriptorTableShadow = (PSERVICE_DESCRIPTOR_TABLE) (((ULONG)KeServiceDescriptorTable)-0x30);
ntStatus=STATUS_SUCCESS;
} else if ( (ULONG) ((PSERVICE_DESCRIPTOR_TABLE) (((ULONG)KeServiceDescriptorTable)-0x20))->ServiceTable == (ULONG) KeServiceDescriptorTable->ServiceTable ) {
KeServiceDescriptorTableShadow = (PSERVICE_DESCRIPTOR_TABLE) (((ULONG)KeServiceDescriptorTable)-0x10);
ntStatus=STATUS_SUCCESS;
}
if ( ntStatus == STATUS_SUCCESS ) {
*(UINT_PTR*)Irp->AssociatedIrp.SystemBuffer = (UINT_PTR)KeServiceDescriptorTableShadow;
AddSystemServices();
}
NOTE: I never tried this code before, but I am certain that it will work, if you met any problem, do reply to this post.
6 Comments | 
MapleStory Hacking, MzBot | 
Permalink
Posted by john0312
March 10, 2007
Recently I am quite busy, so only till now that I spend sometime into programming/hacking.
The new version of MzBot — 2.0.0, is now under public beta!
However, don’t be too happy:
- Auto-skills not available.
- It is a “Lite” version, only CLi ( Command Line interface ), HKi ( Hotkey Interface ), since Borland lags the hell outta of my comp.
MzBot’s not yet freezed for 2.0.0, that means there might be other stuffs added in later.
- Auto-skills might be added in later, no time for that one as of now.
- Scripting might be added in later
If you experience any problem, please do notify me. ( Reply to this post perhaps? )
If you want new features, you may contribute to this project. ( I will consider giving you the source. )
( MzBot might be released under GPL later on. )
If you experience problems regarding auto-potting, do post the log ( those that appear on screen. ), while you are auto-potting. ( You might want to just post a line, and tell me where the HP/MP potting position is set to at that time. )
Also, there is a letter for iNCA embedded in the MzBot, just like the previous versions. ( A command would save it to the disk, can you find it? )
I might open up a website as MzBot’s homepage (probably will include an SVN/CVS), but later on, since I am quite busy recently. ( Check back later on. )
Download mirror1:
http://www.live-share.com/files/175157/MzBot_Lite-2.0.0-Beta.zip.html
Download mirror2: http://www.rogepost.com/n/0665053261
File size: ~ 7k
NOTE: If you hate the command prompt ( CLi ), just ignore it and use the hotkey of previous version. ( There’s no change in the hotkeys, although the whole thing is recoded )
EDIT: download mirror 2 added because live-share doesn’t seemed to support Singapore ISPs… AP File Host + AP ISP == Phail!
44 Comments | MapleStory Hacking, MzBot | Permalink
Posted by john0312
February 17, 2007
This have been the major problem for almost all MapleStory cheating community — Leakers, Leechers, and spammers.
There was 3 recent case that discouraged me in great extent:
1. The Rajinn and ZTrainer case:
ZTrainer is one of the internal DA project, just a trainer with most of the usual functions like auto-CC, auto-pot and stuffs, it was made around Aug 2006.
Later, Rajinn was expelled out of the Dark Alliance, the reason being mainly pissing dL off.
However, he already have the ZTrainer source code the time he is expelled. Later, I went to tell him why he is expelled. He is so angry that he asked me to suck his d*ck… ( I ain’t g@y… )
Then, he just renamed ZTrainer into JinnTrainer, without any credit given. Furthermore, he claimed that ZTrainer just sucks…
Halfway through his renaming, he still have the face to come and ask me how to move a label in my ZTrainer… -_-”
2. The Linosal and DA website case:
The Dark Alliance was set up on the new year of 2006, or perhaps before that, by Kenshim and Zaros.
I joined in around April, when I made ZE, the first UCE in the MapleStory hacking history.
Around August, both Kenshim and Zaros went inactive, and I was elected the new leader. I then decided to fork out the DA from the CE Forum. Linosal volunteered to host the new forum.
Everything is fine till this Feb, when all of a sudden, all public can visit the Dark Alliance forum. At first, I thought the DA site is hacked, however, later Linosal say that he “liberated” the forum!
Just to earn a few dollars from the google ads he put up on the site after he “liberate” it, he betrayed all of us…
3. The MzBot issue:
Will be posted in the next blog entry.
16 Comments | MapleStory Hacking, MzBot | Permalink
Posted by john0312
