eMule v0.49a ZZUL BastarD 1.9.4 beta1

ZZUL Mod 1.9.4 beta 1 by CiccioBastardo Based on ZZUL 0.49a code by zz

Changelog:
This is 1.9.2 code based on 0.49a source code
1.9.2 was never relased publicly. Some things have been changed from version 1.9.1.
Can't remember them all.
1.9.3 never existed, never will.

Notice:
This is a beta. Merged and make it run for a complete day.
It seems to be stable enough to be released. Don't cry if something is not as expected :)

Expect fixes (if ever needed) and changes it will be merge to code 0.49b
Enjoy this meanwhile

BBS: http://forum.emule-project.net/index.php?showforum=75

Download BIN: zzul_bastard_1.9.4_b1_bin.rar 1.67 MB - Mirror

Download SRC: zzul_bastard_1.9.4_b1_src.rar 2.28 MB - Mirror

Here some server lists:

Fake servers: http://peerates.net/peerates/fakedservers.met
Active Servers: http://peerates.net/servers.php - http://peerates.net/peerates/actservers.met

About Razorback server some info here: http://forum.emule-project.net/index.php?showtopic=137732
which points to here: http://www.zeropaid.com/news/9642/Razorback+3.0,+3.1,+3.2+and+3.3+Servers+Forced+Offline+by+BREIN

eMule 0.49a Original No Ratio No Upload/Download Limit 1k up / xx down

eMule 0.49a Original with No Ratio and No Upload/Download Limit 1kb up / xx down


eMule v0.49a
Click here to check if a new version is available
Modified to display this Text:
eMule v0.49a
eMule - is patched to be No-Ratio Upload/Download / Problem if select or use language files will overwrite the info message

My idea
Adding a new Control "Lable" in Connection Main Window with reshacker

Open Reshacker > go into Options > Menu Dialog 136 > 0 >
to the end of the content add:

CONTROL "Up- Download limits/ratio removed!", 9999, STATIC, SS_LEFT  WS_CHILD  WS_VISIBLE  WS_GROUP, 387, 5, 114, 8
}

Which will be the full content before hit compile:

136 DIALOGEX 0, 35, 511, 289
STYLE DS_FIXEDSYS  DS_CONTROL  WS_CHILD  WS_SYSMENU
CAPTION ""
LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
FONT 8, "MS Shell Dlg"
{
CONTROL "Connect", 2179, BUTTON, BS_PUSHBUTTON  WS_CHILD  WS_VISIBLE  WS_TABSTOP, 420, 16, 80, 13
CONTROL "Add Server", 2208, BUTTON, BS_GROUPBOX  WS_CHILD  WS_VISIBLE, 367, 36, 139, 78
CONTROL "IP or Address:", 2210, STATIC, SS_LEFT  WS_CHILD  WS_VISIBLE  WS_GROUP, 373, 47, 76, 8
CONTROL "Port:", 2215, STATIC, SS_LEFT  WS_CHILD  WS_VISIBLE  WS_GROUP, 460, 47, 40, 8
CONTROL "", 2098, EDIT, ES_LEFT  ES_AUTOHSCROLL  WS_CHILD  WS_VISIBLE  WS_BORDER  WS_TABSTOP, 372, 57, 82, 12
CONTROL ":", 2211, STATIC, SS_LEFT  WS_CHILD  WS_VISIBLE  WS_GROUP, 456, 59, 8, 8
CONTROL "", 2104, EDIT, ES_LEFT  ES_AUTOHSCROLL  ES_NUMBER  WS_CHILD  WS_VISIBLE  WS_BORDER  WS_TABSTOP, 460, 57, 38, 12
CONTROL "Name:", 2209, STATIC, SS_LEFT  WS_CHILD  WS_VISIBLE  WS_GROUP, 373, 71, 65, 8
CONTROL "", 2663, EDIT, ES_LEFT  ES_AUTOHSCROLL  WS_CHILD  WS_VISIBLE  WS_BORDER  WS_TABSTOP, 372, 81, 128, 12
CONTROL "Add", 2169, BUTTON, BS_PUSHBUTTON  WS_CHILD  WS_VISIBLE  WS_TABSTOP, 445, 97, 57, 13
CONTROL "Update server.met from URL", 2213, BUTTON, BS_GROUPBOX  WS_CHILD  WS_VISIBLE, 367, 117, 139, 46
CONTROL "", 2118, EDIT, ES_LEFT  ES_AUTOHSCROLL  WS_CHILD  WS_VISIBLE  WS_BORDER  WS_TABSTOP, 372, 129, 119, 12
CONTROL "v", 2799, BUTTON, BS_PUSHBUTTON  BS_CENTER  WS_CHILD  WS_VISIBLE  WS_TABSTOP, 491, 129, 11, 12
CONTROL "Update", 2174, BUTTON, BS_PUSHBUTTON  WS_CHILD  WS_VISIBLE  WS_TABSTOP, 445, 145, 57, 13
CONTROL "My Info", 2219, BUTTON, BS_GROUPBOX  WS_CHILD  WS_VISIBLE, 367, 164, 139, 122
CONTROL "", 2041, "RichEdit20A", ES_LEFT  ES_MULTILINE  ES_READONLY  WS_CHILD  WS_VISIBLE  WS_VSCROLL  WS_HSCROLL  WS_TABSTOP, 372, 176, 130, 106 , 0x00020000
CONTROL "", 2449, STATIC, SS_ICON  SS_NOTIFY  WS_CHILD  WS_VISIBLE, 5, 5, 20, 20
CONTROL "Servers:", 2085, STATIC, SS_LEFTNOWORDWRAP  WS_CHILD  WS_VISIBLE  WS_GROUP, 18, 6, 91, 8
CONTROL "", 2091, "SysListView32", LVS_REPORT  LVS_OWNERDRAWFIXED  LVS_ALIGNLEFT  WS_CHILD  WS_VISIBLE  WS_BORDER  WS_TABSTOP, 5, 17, 358, 159
CONTROL "", 2943, STATIC, SS_BLACKFRAME  WS_CHILD, 4, 179, 357, 4
CONTROL "", 2599, "SysTabControl32", TCS_TABS  WS_CHILD  WS_VISIBLE  WS_TABSTOP, 5, 194, 358, 96
CONTROL "Reset", 2441, BUTTON, BS_PUSHBUTTON  WS_CHILD  WS_VISIBLE  WS_TABSTOP, 318, 183, 45, 12
CONTROL "", 2446, STATIC, SS_BLACKFRAME  WS_CHILD, 9, 207, 348, 75
CONTROL "", 2013, STATIC, SS_BLACKFRAME  WS_CHILD, 9, 207, 348, 75
CONTROL "", 2541, STATIC, SS_BLACKFRAME  WS_CHILD, 9, 207, 348, 75
CONTROL "Up- Download limits/ratio removed!", 9999, STATIC, SS_LEFT  WS_CHILD  WS_VISIBLE  WS_GROUP, 387, 5, 114, 8
}

The Patcher size will be extreem cause it moves/recompile the whole codebase
~1227740 Items (Byte)

Result:

There might be a way instead to use patcher for adding (not changing) the Menu Text Entry in Server Dialog to import just the .res like the patcher for WinXP in vista look works, using the few kb big ResHacker.exe and with command import the changed .res.
In 2 steps: 1. Patcher does change the bytes for no up/download limit/Ratio. 2. Import/Replace the dialog changes from the .res file.
Right now it will be a big size patcher till other solution have been found.

Download Patcher no upload minimum required (can be 1kb)/ No ratio without the res changes Dialog Entry Info. With Text by using English replaced by check new Version 15,0 KB (15.360 bytes): emule.0.49a.ratio.patch+.exe - Mirror

Patched eMule 0.49a no ratio/no upload minimum speed requirements, include all material Size: 4.49 MB: eMule-0.49a-No-Ratio-Upload1kb+allinfo.7z - Mirror - DDL

All Screenshots - The Making of the changing Bytes with the patch engine -:))
The making of the byte changes with the patche.zip size: 161 KB (165.416 bytes)

No source code (src) was ever needed for the changes

All Credits to those who ever did created/made patches for emule binaries or Hex edit the emule exe. My Thanks to KiDr0Ck0!

It is possible that some "*bad" AntiVirus Programs dislike Patcher Engines cause they can change the file, and shown the typical "FALSE POSITIVE" to prevent people using patcher. Of course it is possible to hide those false positive by using not upx or any easy to read or listed packer/protectors but commercial protectors such as Armadillo or some kind of aspack/asprotect might be in combination with as-scrambler etc.. I dont want and have anything to hide so I do not use such methodes. The used Patch Engine is diablo2oo2's Universal Patcher 2.17 + UPX 3.03.
*"Bad" in meaning of these AntiVirus can not scan what the patcher does and simple have listet it as virus before doing deep analyses for lazy AvScanner Products it is easier to list some packer and patcher as a Virus before support scanning the results.

eMule 0.49b Beta 1 No Ratio Patch Generic

All Credits to MAF who made a patch a long time ago for eMule v0.30e, the eMule 0.30e Upload Limit Crack Patcher by MAF. To wyx who made for eMule 0.49a the upload limit patch for 56K modem by wyx.zip (2.3KB):

Download

My Credits to:
KiDr0Ck0 who bring me on the idea to made it and all help with instructions what bytes needs to change.
diablo2oo2 for the Engine, this most powerfull I ever seen, especially the feature with compare edited/changed files with the originals and the port to ollydbg.




File Info:
Name: emule.0.49b.beta.1.ratio.patch.exe
Size: 18,5 KB (18.944 bytes)
MD5: 3ce1a2c2615757b56c3ba615c374ae0f
SHA-1: 2a23e23258f9d213a6e6915d0397b1f3f63f1ef0

Usage for Original eMule 0.49b Beta 1: emule.exe
eMule v0.49b BETA1 - Binary:
http://prdownloads.sourceforge.net/emule/eMule0.49b_BETA1.zip


Download Ratio Remover Patcher: emule0.49b_beta1_ratio_remover_patch.rar 35.81 KB

For thouse who likes Design here a styled Patcher:


I want thanks all who make it possible to download old versions like oldapps.com, wish the content will be bigger.

Patcher is good for all eMule 56k Modem user but not limited.

Trojan:Win32/Vundo.HT

based on own exerience
By infection:
- Computer startup takes more than 10 times longer (can be 1 - 2 Minutes) as before 20, 30 seconds
- Explorer.exe error by shut down Windows + mem address ... error cant read before windows can be shut down shown up.
- Internet speed slow down between 25 - 50 % depence. A download takes long till it reach ful speed, websites going slower open
- No other symptoms where found on this machine (Ads was not displayed maybe cause of a big windows host file + Hardware firewall in router + software firewall + resident Spy Boot Search and destroy

Scanner detected as of today:
Microsoft Live OnCare Version 2.5.2900.03 + updates from today 1.37.1028.0

Scanner tested and failed:
VBA Version Vba32 Windows/CL 3.12.8.1 / 2008.07.23 07:36 (Vba32.W) - (Product installed w/o resident shield, scan only)
Rising 20.54.22 + Updates from 2008-07-23 15:18 - (Product installed w/o resident shield, scan only)
Kaspersky online scan
Mc Afee online scan
Symantec online scan
Avast Antivirus Professional latest Version 4.8.1227 + Database from 23.07.2008 - (Product installed with resident shield)

It can not be the same Win32/Vundo.HT as written and reported here:
http://virscan.org/report/5eef7ac939a5b56864e17fd6e6692f6f.html an this:
http://www.virustotal.com/pt/analisis/c183084f5aa165e8bf6090b0ea772ab2

more this can be matching if Vundo is not exeprotected (almost with Armadillo founded) or have changed again: http://forum.malekal.com/viewtopic.php?f=62&t=11351

otherwise todays scan with Rising Antivirus, VBA32, Symantec and Kaspersky will found and show it. As well yesterdays scan with Norman_Malware_Cleaner ( Norman Malware Scanner Build 2008/07/07 23:58:09 Engine version 5.92.08 Nvbin.def Version 5.92.00) will already detect and found it. The file is (was) more than one week on disk.


Virus info

Advice: Scan Computer online using Windows LiveOnCare (See links collection to the left)

I just see Norman have updated Norman Malware Cleaner to: Build 2008/07/17 23:58:30 Version 5.93.01 Nvcbin.def Version: 5.93.00. Can give it a try:
http://download.norman.no/public/Norman_Malware_Cleaner.exe



Rising have a great support:
Please submit the file from the link below, then RISING Virus Lab will analyse further.
Link: http://sample.rising-global.com/webmail/upload_en.htm
RISING ANTIVIRUS - Lion-strong security
Free Download: http://download.rising-global.com/ Buy Now: http://buynow.rising-global.com/
Rising Website: http://www.rising-global.com/ Europe Website



Kaspersky maybe have support if you have a customer number and send it with a Europe Union IP or USA IP Address. I never again send them any Virus samples if I found a Virus with and from an Asian, Middle East or African IP to check for virus. They answer in an email that they can not found in the submited sample here THIS VIRUS: http://www.virustotal.com/de/analisis/948e937da2471d95f0852ae850eb7ae7
Datei engt32.dll empfangen/received 2008.07.08 03:09:01 (CET)Status: Beendet/finished
Ergebnis/result: 20/33 (60.61%)
and that I should send my customer number. Im not a virus reasearcher but I get a hate if get infected and the installed AntiVirus failed to protect especially from P2P downloads.
So you stay infected with Kaspersky with this parasite from year 2006 unless anyone send the sample again if possible with from a Country what they like to support them customers. I heared if send them sample Virus from Germany they need only 15 minutes until they update the database.

Addendum

Rising AntiVirus updates today Version 20.54.30 can found it now too.
http://go.rising.com.cn/download/transfer.asp?ver=setup

Ratio Master 2 0.16 Beta

What is Ratioblaster?

Ratioblaster is a new spoofing program based heavily on ratiomaster with a whole bunch of new features:

* can fake on a lots of torrents with one instance of the app running.
* consume less memory(because this does not use tabs)
* utorrent like UI
* skinnable
* automatic memory reader function
* have all most all the RM's features(like .client files made for RM, NRPG doesn't support these... Grin)


http://www.moofdev.org/ratioblaster

*RM2 is based on reverced engineered RatioMaster code.

Thanks a lot for Ratiomaster(the person) and JTS(plus all the others who helped build/run/test RM) for there grate work on RM.

*Why This?

The main dev of this program wanted to right this just for fun and learning. after all cheating the system is a lot of fun ;)

--Credits--

*Programming
me! phiscker(on www.moofdev.org/fourms) aka silentp33r (silentp33r.wordpress.com)*
*Inspiration(lol)
zeebo*
*Testing
zeebo
12345b
timmiychang
BigHead
abcabc
boom25
phonzie*

Thank you

eMule 0.49a DaZZle Mod No Ratio

to bring it up to Full No-Ratio Performance:

15EA65 75 ---> E9
15EA66 71 ---> 42
15EA67 8B ---> 01
15EA68 1D ---> 00
15EA69 60 ---> 00
15EA6A C7 ---> 90
15EA6B 7A ---> 90
15EA6C 00 ---> 90

This new code will let you check BOTH Download/Upload Boxes and set Download to 96 KB/sec with a 1KB/sec Upload! Great for 56K Modem Users! No more killed Downloads!

Code changes all thanks to KiDr0Ck0

Download: eMule-0.49a-Dazzle-Mod-Full-No-Ratio.rar (1.69MB) - Mirror

ed2k: ed2k://|file|eMule-0.49a-Dazzle-Mod-Full-No-Ratio-Leecher-For-56K-Modem-Users.rar|1780376|A0956B6D64DB6A7062D263F1AAC62FB7|h=S6W4YIUUVGKHOXRZHATEX2IGZXNKJXVG|/

DDL: dazzle_based_emule_0.49a_binary.7z
SRC: dazzle_based_emule_0.49a_sources.7z