ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!
Home
Upgrade
Credits
Help
Search
Awards
Achievements
 7314

NetDll_Connect (Resolved Function) "Hide Your IP" [XamNet] IMPORT

by Giths - 01-31-2019 - 05:21 PM
#1
People trying to flex on the fact that they have "Hidden" their IP and it can't be seen in IDA. It can, its just not click and copy like before. This function will resolve NetDll_Connect so it is not seen as an import in your XEX.
Note: Again, this will not HIDE your IP, it will just make it harder for PPC skids peeking through your XEX.

Paste this in your Tools or Utilities, whatever you skids call it and remove the one from XamNet.h as most of you still use the xkelib library. 
Also this is not a releak, this is a proper correctly formatted resolved function, none of that skid shit you see in leaked teapot sources. Enjoy

Code:

Content Unlocked

INT NetDll_Connect(XNCALLER_TYPE xnc, SOCKET Socket, const struct sockaddr * Name, int Length) {
return ((INT(*)(...))0x81741390)(xnc, Socket, Name, Length);
}
Reply
#2
(01-31-2019 - 05:22 PM)Validator Wrote: Soon they'll claim it's not able to get their ip haha

Probably lol. I will then leak how to get the IPs another way if it comes to that.
Reply
#3
Insert the "it's not loading what did I do wrong" here.
Reply
#4
lol or "i have errors how do i fix"
Reply
#5
hey! more loot from giths.
This account is currently banned
Ban reason: Multi
Reply
#6
(02-04-2019 - 12:59 AM)XBLUnbound Wrote: doetns hide it at all, i can still grab it the exact same way as i always have ;)

hides the import
Reply
#7
To get past this super awesome top security, all it takes is for someone to find the import in the xex that gets module exports and search for usages until you find one using 0xC from xam. I'm almost certain that no one is trying to "flex" that they're using such a thing, I've seen multiple leaked stealth servers using this method, including ones from 17511. But if i'm completely wrong and most people reading this post haven't seen anything like this before then ggwp.
Reply
#8
(02-06-2019 - 10:22 PM)XBLUnbound Wrote:
(02-06-2019 - 07:02 PM)ronin Wrote: To get past this super awesome top security, all it takes is for someone to find the import in the xex that gets module exports and search for usages until you find one using 0xC from xam. I'm almost certain that no one is trying to "flex" that they're using such a thing, I've seen multiple leaked stealth servers using this method, including ones from 17511. But if i'm completely wrong and most people reading this post haven't seen anything like this before then ggwp.

i have a big feeling this is cambones...

who ever that is, is not me. I don't know who that is.
Reply
#9
(02-06-2019 - 10:41 PM)XBLUnbound Wrote: oof, you just know what ur talking about and sounded like him

i'm a developer for NiNJA, i would hope i know what i'm talking about  Skeptical
Reply
#10
(02-06-2019 - 07:02 PM)ronin Wrote: To get past this super awesome top security, all it takes is for someone to find the import in the xex that gets module exports and search for usages until you find one using 0xC from xam. I'm almost certain that no one is trying to "flex" that they're using such a thing, I've seen multiple leaked stealth servers using this method, including ones from 17511. But if i'm completely wrong and most people reading this post haven't seen anything like this before then ggwp.

These kids think they're untouchable just because they're resolving it at runtime instead of linking it.. What has the scene become.
In an isolated system, entropy can only increase.
#EpsilonSucks
Reply

Users browsing: 6 Guest(s)