Did you know? elitepvpers has its own image host, epvpimg.com.
[Release] Dekaron Packet Monitor
This is a discussion on [Release] Dekaron Packet Monitor within the Dekaron Exploits, Hacks, Bots, Tools & Macros forum part of the Dekaron category; Hi.
I've coded a tool to intercept and log the packets sent between the Dekaron game client and server. This ...
I've coded a tool to intercept and log the packets sent between the Dekaron game client and server. This tool is targeted to Global Dekaron and similar version clients, but will work on the older private servers too.
This is not a cheating application, this application merely allows to collect info that can be used to create cheats, emulators, bots and more.
There are two different applications in this project, a logger and a viewer. The logger logs the traffic and writes it into a .dpm data file, which the viewer can read. This way you can easily open and analyze different saved sessions. Realtime packet monitoring is not possible.
This application is written in MASM.
This application supports custom packet parser plugins, more of them further down.
If you have analyzed packets and their contents, post the research, makes my job much faster!
This application is able to work while XignCode is running, so no worries about that.
Some antivirus software might flag the files in the package as malware, but they are completely clean. If you do not trust these files, don't tell me about it, just don't use them!
~Screenshots~
-Loader-
-Viewer-
~Packet parser plugin~
If you are interested in coding your own packet data parser, it's fully possible.
Spoiler:
The data parser is a DLL file named "parse.dll" with 2 exports.
GetPacketType and ParsePacketData
Both exports will be called for each packet that is handled by the viewer.
argOpcode = Packet opcode
argData = Address of packet data
argSize = Size of packet data (only data, excluding header)
argWriteBuffer = Address of buffer that should receive an ANSI text string
argID = Packet origin: ID_SERVER (0x1) or ID_CLIENT (0x2)
The exported functions must be in __stdcall calling convention, meaning that the function must pop its own arguments from the stack before return.
Notes!
1) GetPacketType must return a pointer to an ANSI text string!
2) ParsePacketData must write in the write buffer, if the parser doesn't have any data to write, it must at least write a terminating NULL character in the buffer! The return value does not matter.
3) Because of a bug in HexEdit.dll, it should be mapped at address 0x10000000, which means other modules should be mapped at other addresses. As HexEdit.dll is loaded after the parser I recommend using ImageBase 0x20000000+
~Instructions~
Spoiler:
1) Execute loader.exe
2) Write the name of the process in the field (default: dekaron.exe)
3) Click Launch
4) An entry in the box says: "Waiting..."
5) Start your Dekaron client, the logger will autoinject
6) When you have quit logging you can use the viewer to check the data
~Update History~
~2012-09-13~
+ Initial release
~2012-09-15~
+ Viewer: Opcode filter added
+ Viewer: Fixed overlapping list entries when new file is loaded after first load
+ Viewer: Fixed crash on non complete last packet
+ Parser: New packets recognized (check spoiler)
Spoiler:
+ Character create
+ XignCode (not complete)
+ DIL drop
+ Object pickup
+ Item drop
+ Npc start
+ Npc close
+ Npc menu click
+ Login confirm
+ Nexon auth
~2012-09-16~
+ Viewer: Fixed memory leak caused by never freeing used solid brush objects
+ Viewer: Fixed detail window "SizeOfData" value
+ Viewer: Fixed detail window bug leaving the last data byte out
+ Viewer: Added filter to hide all ping packets
+ Viewer: Added filter to hide the general action packet (050D0000)
+ Parser: Fixed the character create packet handler (wrong opcode in last patch)
~2012-09-17~
+ Parser: Fixed XignCode question packet
+ Parser: Fixed object pickup packet
+ Parser: Added Logout send and recv
+ Parser: Added character screen char name packet
~2013-03-15~
+ Viewer: Re-coded partially, new GUI
+ Parser: Re-coded, supports only a few packets at the moment
+ Undetected by XignCode again
DOWNLOAD -> PRESS THANKS!
DO NOT SUPPORT LEECHING!
You can use ollyDBG and match the right coding or with this now if you use Cheat engine you can capture the coding much easier too now by using the bytes because Hellspiders awesome tool is decoding making it that much easier to use cheat engine now and easier to manipulate the game just saying
You must edit it with some external application. My tool just tells what is received and sent so that people know what they should look for when they edit or make stuff.
![[Release] Dekaron Packet Monitor](http://cdn.elitepvpers.org/forum/iconimages/dekaron-exploits-hacks-bots-tools-macros/release-dekaron-packet-monitor_ltr.gif){kind=small}
[Release] Dekaron Packet Monitor
