Register for your free account! | Forgot your password?

You last visited: Today at 09:40

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement


Advertise with us!

Packet Logger [C#]

Discussion on Packet Logger [C#] within the CO2 Programming forum part of the Conquer Online 2 category.

Reply
 
Old   #1
 
elite*gold: 20
The Black Market: 0/0/0
Join Date: Aug 2005
Posts: 1,734
Received Thanks: 1,000
Packet Logger [C#]

I've worked on this "new" type of packet logger based on a article I saw on Reddit. The basic concept is that I've been messing around with creating a basic windows debugger. This will allow me to set breakpoints programmatically at certain addresses and read information off of the registers. This is more like a self-study on how to write a debugger but it might benefit someone around here.

Here are the articles that I based the code on:



Disclaimer: use the attached code at your own risk.

Those articles describe the code pretty well so I won't really be getting into it. However here is an example on how you can implement the packet logging part for Conquer using the attached code.

Code:
const string ConquerFolder = @"C:\Program Files (x86)\NetDragon\Conquer Online 2.0 - Real";
        const string CommandLine = ConquerFolder + "\\Conquer.exe blacknull";

        const uint RecvMemoryAddress = 0x00739CE4;
        const uint SendMemoryAddress = 0x0073A1F7;

        static void Main(string[] args)
        {
            Debugger debugger = new Debugger();
            debugger.OpenDebugProcess(CommandLine, ConquerFolder);
            debugger.OnAttached += OnAttached;
            debugger.OnMemoryBreakpoint += OnMemoryBreakpoint;

            while (true)
            {

            }
        }
        private static void OnMemoryBreakpoint(Debugger Debugger, uint Address, ref CONTEXT context)
        {
            if (Address == RecvMemoryAddress)
            {
                uint Size = context.Ebx;
                byte[] Packet = Debugger.ReadByteArray(Debugger.ReadUInt32(context.Ebp - 0x1C), (int)Size);
                HexDump("Server -> Client", Packet);
            }
            else if (Address == SendMemoryAddress)
            {
                uint Size = context.Ecx;
                byte[] Packet = Debugger.ReadByteArray(context.Eax, (int)Size);
                HexDump("Client -> Server", Packet);
            }
        }

        private static void OnAttached(Debugger Debugger)
        {
            Debugger.SetMemoryBreakpoint(RecvMemoryAddress);
            Debugger.SetMemoryBreakpoint(SendMemoryAddress);
        }
As you can see it's pretty simple to do and the Debugger class handles most of the not so pretty code. First we create the debugged process based on the arguments we give it. It's possible to attach to a already active process, but it's not included in the code.

Next up we subscribe to some events (OnAttached, OnMemoryBreakpoint). OnAttached is a event that is fired when we hit the first breakpoint on the newly created process. We always hit this even if we didn't manually place any breakpoints. When this event is fired it is good time to set our own breakpoints

Code:
private static void OnAttached(Debugger Debugger)
        {
            Debugger.SetMemoryBreakpoint(RecvMemoryAddress);
            Debugger.SetMemoryBreakpoint(SendMemoryAddress);
        }
Really simply put, it will replace the first byte code at the address with 0xCC (INT3) which is then read by our Debugger class and we revert it back to normal for normal processing.

The OnMemoryBreakpoint function is just there to keep track when we hit certain breakpoints and as in the example above, we dump the packets from memory when the specific address is hit.

So here is how you can log packets, with not so commonly used way. If you are interested in writing your own debugger / experimenting with it, I would suggest you read those 2 articles, they are pretty good.
Attached Files
File Type: zip ConquerDebugger.zip (71.0 KB, 152 views)
tanelipe is offline  
Thanks
4 Users
Old 07/15/2014, 23:29   #2
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Jul 2014
Posts: 402
Received Thanks: 540
I released two years ago, looks very similar to yours.
Do you have a link to the post on reddit by any chance?

Edit:
TQ actually detects the presence of a debugger, even if you change the "BeingDebugged" field in the PEB of the process, so you'll get a one day ban after like 10 minutes, at least if their anti-cheat is enabled.
Best Coder 2014 is offline  
Thanks
1 User
Old 07/15/2014, 23:52   #3
 
elite*gold: 20
The Black Market: 0/0/0
Join Date: Aug 2005
Posts: 1,734
Received Thanks: 1,000
The thread that sparked my interest was this one after i saw that on the reverseengineering subreddit i just googled how to do it and the second article was the first result. I checked again and the reddit discussion barely had any comments regarding the subject.

As for the ban1 issue, I'm not that experienced with the latest detection methods. The debug flag patching is something that I put there when I was having some problems at the beginning. I might need to have a look at what methods they are using for detecting presence..
tanelipe is offline  
Thanks
2 Users
Old 09/04/2014, 05:55   #4
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: May 2014
Posts: 5
Received Thanks: 0
Thanks

Good
tomaspezzi is offline  
Reply

« Help ! | Blowfish C++ »

Similar Threads Similar Threads
Packet Logger Bot
02/20/2013 - Nostale Hacks, Bots, Cheats & Exploits - 4 Replies
Hi guys I know this is useless but so It's good for someone who want to level up his joblevel :) This is working only on danders down on nosville(Best way to level up your joblevel) Thank you Elektrochemie for tell me that I almost forgot to put this here x) ncif 3 1500 u_s 0 3 1500 ncif 3 1500 ncif 3 1487
Packet Logger
08/18/2012 - Nostale - 1 Replies
Hallo , wollte nur mal kurz fragen wie ich meinen user ID rausfinden kann
Packet Logger Help pls
06/13/2012 - Nostale Hacks, Bots, Cheats & Exploits - 1 Replies
Bei dem Packet Logger von Elektrochemie giebt es ja 2 dinger einmal Packtete empfangen und einmal senden, falls jemand dinger hat z.b. Minigame Hack "Codes" zum senden oder empfangen bitte hier rein posten und dazu schreiben ob man dies senden muss oder empfangen! und beim Senden ob man bei Singel Packet oder Multi packet rein schreiben soll_!
Packet Logger
04/21/2012 - Nostale - 0 Replies
I'm wondering if someone can give me a working packet logger? =(
packet logger
07/01/2009 - Perfect World - 25 Replies
Here's a tiny pw packet dumper that gets the packet data out of the client (before it encrypted and after it decrypted) and dumps to the console and to text file. It has some little limitations however, not all login traffic dumped I believe, also there's no 'control messages' ('zero' bytes between packets). How to use: start program | start client; login and have fun. If you're interested in future packed investigations. feel free to icq me (the answer to antispam is 0). Hope this will...



All times are GMT +2. The time now is 09:40.

elitepvpers - play less, get more - Top

Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2024 elitepvpers All Rights Reserved.