Here are the articles that I based the code on:
Disclaimer: use the attached code at your own risk.
Those articles describe the code pretty well so I won't really be getting into it. However here is an example on how you can implement the packet logging part for Conquer using the attached code.
Code:
const string ConquerFolder = @"C:\Program Files (x86)\NetDragon\Conquer Online 2.0 - Real"; const string CommandLine = ConquerFolder + "\\Conquer.exe blacknull"; const uint RecvMemoryAddress = 0x00739CE4; const uint SendMemoryAddress = 0x0073A1F7; static void Main(string[] args) { Debugger debugger = new Debugger(); debugger.OpenDebugProcess(CommandLine, ConquerFolder); debugger.OnAttached += OnAttached; debugger.OnMemoryBreakpoint += OnMemoryBreakpoint; while (true) { } } private static void OnMemoryBreakpoint(Debugger Debugger, uint Address, ref CONTEXT context) { if (Address == RecvMemoryAddress) { uint Size = context.Ebx; byte[] Packet = Debugger.ReadByteArray(Debugger.ReadUInt32(context.Ebp - 0x1C), (int)Size); HexDump("Server -> Client", Packet); } else if (Address == SendMemoryAddress) { uint Size = context.Ecx; byte[] Packet = Debugger.ReadByteArray(context.Eax, (int)Size); HexDump("Client -> Server", Packet); } } private static void OnAttached(Debugger Debugger) { Debugger.SetMemoryBreakpoint(RecvMemoryAddress); Debugger.SetMemoryBreakpoint(SendMemoryAddress); }
Next up we subscribe to some events (OnAttached, OnMemoryBreakpoint). OnAttached is a event that is fired when we hit the first breakpoint on the newly created process. We always hit this even if we didn't manually place any breakpoints. When this event is fired it is good time to set our own breakpoints
Code:
private static void OnAttached(Debugger Debugger) { Debugger.SetMemoryBreakpoint(RecvMemoryAddress); Debugger.SetMemoryBreakpoint(SendMemoryAddress); }
The OnMemoryBreakpoint function is just there to keep track when we hit certain breakpoints and as in the example above, we dump the packets from memory when the specific address is hit.
So here is how you can log packets, with not so commonly used way. If you are interested in writing your own debugger / experimenting with it, I would suggest you read those 2 articles, they are pretty good.