HGWC Log Viewer

[HLBOT]

I has decoded a file : HGWC\hgwc_20140521_171319.slg
I dont known what is that ? Anyone known it ?

Code:

17:32:39 Called Init( 1966884, 2847 )
17:32:39 HGWC Version [58] / Protocol Version [7]
17:32:39 OS Info : Microsoft Windows XP Professional Service Pack 3 (Build 2600)
17:32:39 Current Directory : C:\SmileGate\CrossFire\
17:32:46 XTrapStart result [0]
17:32:46 Try to connect to IP[xxx.xxx.xxx.xx] PORT[xxxxxx] TryCount[1]
17:32:46 Try to start FWatching : Path[C:\SmileGate\CrossFire]
17:32:46 CClientSession::Close() : m_bConnected [0]
17:32:46 Success to connect
17:32:46 Sent C_HAND_SHAKE packet
17:32:46 Proc Protocol [2019]
17:32:46 Server Time is 2014-01-17 17:31:33
17:32:46 ProcPack Spent Time : 0 ms
17:32:46 Proc Protocol [2002]
17:32:46 Updated new crypt key
17:32:46 Sent C_UPDATE_CRYPT_USERKEY packet
17:32:46 ProcPack Spent Time : 0 ms
17:32:46 Proc Protocol [2025]
17:32:46 ProcPack Spent Time : 0 ms
17:32:46 Proc Protocol [2026]
17:32:46 ProcPack Spent Time : 0 ms
17:32:46 Proc Protocol [2027]
17:32:46 Recv Recovery file : FileName [CShell.dll]
17:32:46 Recv Recovery file : FileName [HGWC.exe]
17:32:46 Recv Recovery file : FileName [rez\rf002.rez]
17:32:46 Recv Recovery file : FileName [rez\RF004.REZ]
17:32:46 Recv Recovery file : FileName [rez\RF096.REZ]
17:32:46 Recv Recovery file : FileName [rez\RF100.REZ]
17:32:46 Recv Recovery file : FileName [rez\RF105.REZ]
17:32:46 Recv Recovery file : FileName [rez\RF152.REZ]
17:32:46 ProcPack Spent Time : 0 ms
17:32:46 Proc Protocol [2028]
17:32:46 ProcPack Spent Time : 0 ms
17:32:46 Proc Protocol [2032]
17:32:46 [INFO]CRC Block : Count [8] / Size(kilo byte) [32]
17:32:46 ProcPack Spent Time : 0 ms
17:32:46 Proc Protocol [2003]
17:32:46 ProcPack Spent Time : 0 ms
17:32:46 Proc Protocol [2004]
17:32:46 Recv CheckSum : FileName [CShell.dll], CRC [0xcc164f4a]
17:32:46 Recv CheckSum : FileName [HGWC.exe], CRC [0x5e13b0c4]
17:32:46 Recv CheckSum : FileName [rez\rf002.rez], CRC [0x817addb4]
17:32:46 Recv CheckSum : FileName [rez\RF004.REZ], CRC [0x04b05ff1]
17:32:46 Recv CheckSum : FileName [rez\RF096.REZ], CRC [0x0b27546e]
17:32:46 Recv CheckSum : FileName [rez\RF100.REZ], CRC [0x3e8b86b7]
17:32:46 Recv CheckSum : FileName [rez\RF105.REZ], CRC [0x9d495063]
17:32:46 Recv CheckSum : FileName [rez\RF152.REZ], CRC [0xbbbbc58b]
17:32:46 ProcPack Spent Time : 0 ms
17:32:46 Proc Protocol [2005]
17:32:46 Called CheckCRC() : UseSleep [0]
17:32:46 Sent C_CRC_CHECK_SUCCESS packet
17:32:46 ProcPack Spent Time : 140 ms
17:32:46 Proc Protocol [2020]
17:32:46 ProcPack Spent Time : 0 ms
17:32:46 Proc Protocol [2022]
17:32:46 ProcPack Spent Time : 0 ms
17:32:46 Proc Protocol [2006]
17:32:46 HACK_PATTERN_START : ID [0]
17:32:46 ProcPack Spent Time : 0 ms
17:32:46 Proc Protocol [2007]
17:32:46 Recv HPI : PSN [8], Checksum [0xff5b078c]
17:32:46 Recv HPI : PSN [7], Checksum [0xcc84069a]
17:32:46 Recv HPI : PSN [9], Checksum [0x61a99a63]
17:32:46 Recv HPI : PSN [4], Checksum [0x9b99cee8]
17:32:46 Recv HPI : PSN [6], Checksum [0x9724b54b]
17:32:46 Recv HPI : PSN [3], Checksum [0x37c4dee7]
17:32:46 Recv HPI : PSN [2], Checksum [0x97a76445]
17:32:46 Recv HPI : PSN [1], Checksum [0x6fed247d]
17:32:46 Recv HPI : PSN [5], Checksum [0xff10ba87]
17:32:46 ProcPack Spent Time : 0 ms
17:32:46 Proc Protocol [2008]
17:32:46 HackPattern Identifier : 0xF4DBDF21
17:32:46 ProcPack Spent Time : 0 ms
17:32:46 Proc Protocol [2015]
17:32:46 MEM_PATTERN_START : ID [-1]
17:32:46 ProcPack Spent Time : 0 ms
17:32:46 Proc Protocol [2017]
17:32:46 MemPattern Identifier : 0x0
17:32:46 ProcPack Spent Time : 0 ms
17:32:46 Proc Protocol [2013]
17:32:48 detected file change : file [C:\SmileGate\CrossFire\hgwc]
17:32:48 ProcPack Spent Time : 2000 ms
17:32:48 It's same as a original file
17:32:48 Called CheckHackPattern() 
17:32:48 NW_Anti_Hacking Info : count [24]
17:32:48 NW PI [3772] : C:\SmileGate\CrossFire\HGWC.exe 
17:32:48 NW PI [2044] : C:\Program Files\Internet Explorer\iexplore.exe 
17:32:48 NW PI [1896] : C:\WINDOWS\system32\ctfmon.exe 
17:32:48 NW PI [1860] : C:\WINDOWS\system32\RunDLL32.exe 
17:32:48 NW PI [1844] : C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 
17:32:48 NW PI [1828] : C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe 
17:32:48 NW PI [1604] : C:\WINDOWS\Explorer.EXE 
17:32:48 NW PI [1596] : C:\WINDOWS\system32\wscntfy.exe 
17:32:48 NW PI [1308] : C:\WINDOWS\system32\spoolsv.exe 
17:32:48 NW PI [1220] : C:\WINDOWS\System32\alg.exe 
17:32:48 NW PI [1136] : C:\WINDOWS\system32\svchost.exe 
17:32:48 NW PI [1008] : C:\WINDOWS\System32\svchost.exe 
17:32:48 NW PI [728] : C:\WINDOWS\system32\lsass.exe 
17:32:48 NW PI [716] : C:\WINDOWS\system32\services.exe 
17:32:48 NW PI [672] : \??\C:\WINDOWS\system32\winlogon.exe 
17:32:48 NW PI [648] : \??\C:\WINDOWS\system32\csrss.exe 
17:32:48 NW PI [600] : \SystemRoot\System32\smss.exe 
17:32:48 NW PI [400] : C:\WINDOWS\system32\nvsvc32.exe 
17:32:48 NW PI [356] : C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe 
17:32:48 NW PI [288] : C:\WINDOWS\system32\KaraokeSer.exe 
17:32:48 NW DLL [1] : C:\WINDOWS\System32\wshtcpip.dll
17:32:48 NW DLL [2] : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll
17:32:48 NW DLL [3] : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll
17:32:48 detected file change : file [C:\SmileGate\CrossFire\XTrap]
17:32:48 NW DLL [4] : C:\WINDOWS\system32\ADVAPI32.dll
17:32:48 NW DLL [5] : C:\WINDOWS\system32\CRYPT32.dll
17:32:48 NW DLL [6] : C:\WINDOWS\system32\DNSAPI.dll
17:32:48 NW DLL [7] : C:\WINDOWS\system32\GDI32.dll
17:32:48 NW DLL [8] : C:\WINDOWS\system32\IMM32.DLL
17:32:48 NW DLL [9] : C:\WINDOWS\system32\LPK.DLL
17:32:48 NW DLL [10] : C:\WINDOWS\system32\MSACM32.dll
17:32:48 NW DLL [11] : C:\WINDOWS\system32\MSASN1.dll
17:32:48 NW DLL [12] : C:\WINDOWS\system32\MSCTF.dll
17:32:48 NW DLL [13] : C:\WINDOWS\system32\MSIMG32.dll
17:32:48 NW DLL [14] : C:\WINDOWS\system32\MSVFW32.dll
17:32:48 NW DLL [15] : C:\WINDOWS\system32\NETAPI32.dll
17:32:48 NW DLL [16] : C:\WINDOWS\system32\Normaliz.dll
17:32:48 NW DLL [17] : C:\WINDOWS\system32\OLEAUT32.dll
17:32:48 NW DLL [18] : C:\WINDOWS\system32\PSAPI.DLL
17:32:48 NW DLL [19] : C:\WINDOWS\system32\RASAPI32.dll
17:32:48 NW DLL [20] : C:\WINDOWS\system32\RPCRT4.dll
17:32:48 NW DLL [21] : C:\WINDOWS\system32\SHELL32.dll
17:32:48 NW DLL [22] : C:\WINDOWS\system32\SHLWAPI.dll
17:32:48 NW DLL [23] : C:\WINDOWS\system32\Secur32.dll
17:32:48 NW DLL [24] : C:\WINDOWS\system32\TAPI32.dll
17:32:48 NW DLL [25] : C:\WINDOWS\system32\USER32.dll
17:32:48 NW DLL [26] : C:\WINDOWS\system32\USERENV.dll
17:32:48 NW DLL [27] : C:\WINDOWS\system32\USP10.dll
17:32:48 NW DLL [28] : C:\WINDOWS\system32\VERSION.dll
17:32:48 NW DLL [29] : C:\WINDOWS\system32\WININET.dll
17:32:48 NW DLL [30] : C:\WINDOWS\system32\WINMM.dll
17:32:48 NW DLL [31] : C:\WINDOWS\system32\WINSPOOL.DRV
17:32:48 NW DLL [32] : C:\WINDOWS\system32\WS2HELP.dll
17:32:48 NW DLL [33] : C:\WINDOWS\system32\WS2_32.dll
17:32:48 NW DLL [34] : C:\WINDOWS\system32\WinHttp.DLL
17:32:48 NW DLL [35] : C:\WINDOWS\system32\avifil32.dll
17:32:48 NW DLL [36] : C:\WINDOWS\system32\comdlg32.dll
17:32:48 NW DLL [37] : C:\WINDOWS\system32\hnetcfg.dll
17:32:48 NW DLL [38] : C:\WINDOWS\system32\iertutil.dll
17:32:48 NW DLL [39] : C:\WINDOWS\system32\imekr61.ime
17:32:48 NW DLL [40] : C:\WINDOWS\system32\iphlpapi.dll
17:32:48 NW DLL [41] : C:\WINDOWS\system32\kernel32.dll
17:32:48 NW DLL [42] : C:\WINDOWS\system32\msctfime.ime
17:32:48 NW DLL [43] : C:\WINDOWS\system32\msv1_0.dll
17:32:48 NW DLL [44] : C:\WINDOWS\system32\msvcrt.dll
17:32:48 NW DLL [45] : C:\WINDOWS\system32\mswsock.dll
17:32:48 NW DLL [46] : C:\WINDOWS\system32\ntdll.dll
17:32:48 NW DLL [47] : C:\WINDOWS\system32\ole32.dll
17:32:48 NW DLL [48] : C:\WINDOWS\system32\oledlg.dll
17:32:48 NW DLL [49] : C:\WINDOWS\system32\rasadhlp.dll
17:32:48 NW DLL [50] : C:\WINDOWS\system32\rasman.dll
17:32:48 NW DLL [51] : C:\WINDOWS\system32\rtutils.dll
17:32:48 NW DLL [52] : C:\WINDOWS\system32\sensapi.dll
17:32:48 NW DLL [53] : C:\WINDOWS\system32\urlmon.dll
17:32:48 NW DLL [54] : C:\WINDOWS\system32\uxtheme.dll
17:32:48 It's same as a original file
17:32:49 Failed to get crc : Path [\??\C:\WINDOWS\system32\csrss.exe]
17:32:49 Failed to get crc : Path [\??\C:\WINDOWS\system32\winlogon.exe]
17:32:49 Failed to get crc : Path [\SystemRoot\System32\smss.exe]
17:32:49 Called CheckHackPattern() 
17:32:49 IW : CreateProcess ProcessId : 2128,ProcessHandle : 0x00000424, PebBaseAddress : 0x7FFDE000
17:32:49 NW_Anti_Hacking Info : count [25]
17:32:49 NW PI [2128] : C:\SmileGate\CrossFire\crossfire.exe 
17:32:49 NW DLL [55] : C:\WINDOWS\system32\Apphelp.dll
17:32:49 NW DLL [56] : C:\WINDOWS\system32\comctl32.dll
17:32:55 Called CheckHackPattern() 
17:32:55 called OnXTrapInit()
17:32:55 Sent C_INITED_XTRAP_ENGINE packet
17:32:55 NW_Anti_Hacking Info : count [26]
17:32:55 NW PI [3288] : C:\SmileGate\CrossFire\Xtrap\Xtrap.xt 
17:32:55 NW DLL [57] : C:\SmileGate\CrossFire\ATL80.DLL
17:32:55 NW DLL [58] : C:\SmileGate\CrossFire\BugTrap.dll
17:32:55 NW DLL [59] : C:\SmileGate\CrossFire\MSVCP80.dll
17:32:55 NW DLL [60] : C:\SmileGate\CrossFire\MSVCR80.dll
17:32:55 NW DLL [61] : C:\SmileGate\CrossFire\Xtrap\XTrapVa.dll
17:32:55 NW DLL [62] : C:\SmileGate\CrossFire\d3dx9_29.dll
17:32:55 NW DLL [63] : C:\SmileGate\CrossFire\ltmsg.dll
17:32:55 NW DLL [64] : C:\WINDOWS\System32\mswsock.dll
17:32:55 NW DLL [65] : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
17:32:55 NW DLL [66] : C:\WINDOWS\system32\CLBCATQ.DLL
17:32:55 NW DLL [67] : C:\WINDOWS\system32\COMRes.dll
17:32:55 NW DLL [68] : C:\WINDOWS\system32\CfgMgr32.dll
17:32:55 NW DLL [69] : C:\WINDOWS\system32\DCIMAN32.dll
17:32:55 NW DLL [70] : C:\WINDOWS\system32\DDraw.dll
17:32:55 NW DLL [71] : C:\WINDOWS\system32\DINPUT8.dll
17:32:55 NW DLL [72] : C:\WINDOWS\system32\IMAGEHLP.dll
17:32:55 NW DLL [73] : C:\WINDOWS\system32\NTMARTA.DLL
17:32:55 NW DLL [74] : C:\WINDOWS\system32\Netapi32.dll
17:32:55 NW DLL [75] : C:\WINDOWS\system32\PSAPI.dll
17:32:55 NW DLL [76] : C:\WINDOWS\system32\SAMLIB.dll
17:32:55 NW DLL [77] : C:\WINDOWS\system32\SetupApi.dll
17:32:55 NW DLL [78] : C:\WINDOWS\system32\WINHTTP.dll
17:32:55 NW DLL [79] : C:\WINDOWS\system32\WLDAP32.dll
17:32:55 NW DLL [80] : C:\WINDOWS\system32\Wintrust.dll
17:32:55 NW DLL [81] : C:\WINDOWS\system32\d3d8.dll
17:32:55 NW DLL [82] : C:\WINDOWS\system32\d3d8thk.dll
17:32:55 NW DLL [83] : C:\WINDOWS\system32\d3d9.dll
17:32:55 NW DLL [84] : C:\WINDOWS\system32\dbghelp.dll
17:32:55 NW DLL [85] : C:\WINDOWS\system32\winmm.dll
17:33:11 Proc Protocol [2006]
17:33:11 HACK_PATTERN_START : ID [0]
17:33:11 ProcPack Spent Time : 0 ms
17:33:11 Proc Protocol [2007]
17:33:11 Recv HPI : PSN [8], Checksum [0xff5b078c]
17:33:11 Recv HPI : PSN [7], Checksum [0xcc84069a]
17:33:11 Recv HPI : PSN [9], Checksum [0x61a99a63]
17:33:11 Recv HPI : PSN [4], Checksum [0x9b99cee8]
17:33:11 Recv HPI : PSN [6], Checksum [0x9724b54b]
17:33:11 Recv HPI : PSN [3], Checksum [0x37c4dee7]
17:33:11 Recv HPI : PSN [2], Checksum [0x97a76445]
17:33:11 Recv HPI : PSN [1], Checksum [0x6fed247d]
17:33:11 Recv HPI : PSN [5], Checksum [0xff10ba87]
17:33:11 ProcPack Spent Time : 0 ms
17:33:11 Proc Protocol [2008]
17:33:11 HackPattern Identifier : 0xF4DBDF21
17:33:11 ProcPack Spent Time : 0 ms
17:33:12 called OnXTrapLogin()
17:33:12 USN [0] user loged-in
17:33:12 Sent C_NOTIFY_USERINFO packet
17:33:14 detected file change : file [C:\SmileGate\CrossFire\rez\bf000.lta]
17:33:14 It's same as a original file
17:33:14 detected file change : file [C:\SmileGate\CrossFire\rez\bf000.lta]
17:33:14 It's same as a original file
17:33:14 detected file change : file [C:\SmileGate\CrossFire\rez]
17:33:14 It's same as a original file
17:33:14 detected file change : file [C:\SmileGate\CrossFire\rez\bf000.lta]
17:33:14 detected file change : file [C:\SmileGate\CrossFire\rez\bf000.lta]
17:33:14 It's same as a original file
17:33:14 It's same as a original file
17:33:20 Proc Protocol [2014]
17:33:20 Sent C_CS_AUTH packet
17:33:20 Called CheckHackPattern() 
17:33:20 NW_Anti_Hacking Info : count [26]
17:33:20 NW DLL [86] : C:\SmileGate\CrossFire\SndDrv.dll
17:33:20 NW DLL [87] : C:\SmileGate\CrossFire\cshell.dll
17:33:20 NW DLL [88] : C:\SmileGate\CrossFire\fmodex.dll
17:33:20 NW DLL [89] : C:\SmileGate\CrossFire\rez\clientfx.fxd
17:33:20 NW DLL [90] : C:\WINDOWS\ime\imkr6_1\imekrcic.dll
17:33:20 NW DLL [91] : C:\WINDOWS\system32\HID.DLL
17:33:20 NW DLL [92] : C:\WINDOWS\system32\KsUser.dll
17:33:20 NW DLL [93] : C:\WINDOWS\system32\MLANG.dll
17:33:20 NW DLL [94] : C:\WINDOWS\system32\SXS.DLL
17:33:20 NW DLL [95] : C:\WINDOWS\system32\WSOCK32.dll
17:33:20 NW DLL [96] : C:\WINDOWS\system32\cryptnet.dll
17:33:20 NW DLL [97] : C:\WINDOWS\system32\dsound.dll
17:33:20 NW DLL [98] : C:\WINDOWS\system32\iac25_32.ax
17:33:20 NW DLL [99] : C:\WINDOWS\system32\ieframe.dll
17:33:20 NW DLL [100] : C:\WINDOWS\system32\imaadp32.acm
17:33:20 NW DLL [101] : C:\WINDOWS\system32\l3codeca.acm
17:33:20 NW DLL [102] : C:\WINDOWS\system32\midimap.dll
17:33:20 NW DLL [103] : C:\WINDOWS\system32\msacm32.drv
17:33:20 NW DLL [104] : C:\WINDOWS\system32\msadp32.acm
17:33:20 NW DLL [105] : C:\WINDOWS\system32\msaud32.acm
17:33:20 NW DLL [106] : C:\WINDOWS\system32\msg711.acm
17:33:20 NW DLL [107] : C:\WINDOWS\system32\msg723.acm
17:33:20 NW DLL [108] : C:\WINDOWS\system32\msgsm32.acm
17:33:20 NW DLL [109] : C:\WINDOWS\system32\mshtml.dll
17:33:20 NW DLL [110] : C:\WINDOWS\system32\msimtf.dll
17:33:20 NW DLL [111] : C:\WINDOWS\system32\msls31.dll
17:33:20 NW DLL [112] : C:\WINDOWS\system32\rsaenh.dll
17:33:20 NW DLL [113] : C:\WINDOWS\system32\sl_anet.acm
17:33:20 NW DLL [114] : C:\WINDOWS\system32\tsd32.dll
17:33:20 NW DLL [115] : C:\WINDOWS\system32\tssoft32.acm
17:33:20 NW DLL [116] : C:\WINDOWS\system32\wdmaud.drv
17:33:20 NW DLL [117] : C:\WINDOWS\system32\xpsp2res.dll
17:33:21 ProcPack Spent Time : 1157 ms
17:33:28 called OnXTrapNotify()
17:33:28 XTrapNotify : XtrapIsRunning [-348], ErrorCode [1], Error_ID [983042], Error_API_ID [589824], Error_GetLastError [109]
17:33:28 Sent C_GOOD_BYE packet
17:33:28 Proc Protocol [2023]
17:33:28 ProcPack Spent Time : 0 ms
17:33:28 Disconnected
17:33:28 Graceful disconnect
17:33:28 CatchError [1012] Param [0]
17:33:28 Called CleanUp()
17:33:28 CClientSession::Disconnect()
17:33:28 CClientSession::Close() : m_bConnected [0]
17:33:28 [NW]Monitoring other module is ended
17:33:28 == Profiler ==

ID	AVERAGE TIME	MAX TIME	COUNT

1	0.000035	0.000254	281

2	0.144102	1.999884	23

3	0.000020	0.000029	7

4	0.738113	1.167520	3

5	0.140932	0.140932	1

6	0.585494	1.159873	4

7	0.000002	0.000007	3
17:33:28 CClientSession::Close() : m_bConnected [0]

[Ende!]

Code:

   const Narea::byte shortLogKey[16] =
   {
      0x08, 0x01, 0xEE, 0x01,
      0xBB, 0x05, 0x99, 0x66,
      0x16, 0x2A, 0x99, 0xAA,
      0x04, 0xCF, 0x02, 0xAF
   };
   Narea::byte longLogKey[128];
   SEEDMakeCryptKey(shortLogKey, longLogKey);

   std::ifstream     in    ("log.slg", std::ios::binary);
   std::wofstream    out   ("decrypted_log.slg");
   static const int  blockSize = 16;
   wchar_t           curBlock[blockSize / sizeof(wchar_t) + 1];
   unsigned          numBytesWritten = 0;
   while(in.good())
   {
      std::streamsize numRead = in.read((char*)curBlock, blockSize).gcount();
      if (numRead == 0) 
         break;
      else if (numRead != blockSize)
      {
         std::cout << "Unexpected EOF " << std::endl;
         break;
      }

      SEEDDecryptDataBlock(longLogKey, curBlock);
      curBlock[8] = 0;

      out << curBlock;
      numBytesWritten += blockSize / sizeof(wchar_t);
   }
   out.flush();

   std::cout << "Done! " << numBytesWritten << " bytes written." << std::endl;

   std::cin.get();
   return 0;

At least that did the trick like 2 years ago. It's HGWC's action log - HGWC is quite verbose when it comes to logging what it's doing. If I remember that correctly, it's possible for the HGWC server to request uploads of these logs btw.

[duvinhhau]

How is Open .slg, Tool ???

( Làm Sao Mở Được File .slg Vậy Giúp Mình !!! Mod Súng ^^ )

[HLBOT]

How is Open .slg, Tool ???

( Làm Sao Mở Được File .slg Vậy Giúp Mình !!! Mod Súng ^^ )

Opened by HGWC Log Viewer. That's code inside file.
(Mod rành không ? Tôi có cả bộ CF chưa nén Rez.)

[duvinhhau]

Cũng Tạm À , Hack Được ^^