[Q] Formatting Sending of packets.

Hate123 · 10/10/2010, 12:31

Hello, I have a question regarding the best way of formatting packets with detours. I'm making my own source well to have more fun but am having trouble figuring out the best way to send packets with detours.

I guess the function send(); with detours would be the way? But how do I format it? For example if I want to send that, I dunno, I wanna teleport.

aSynx · 10/10/2010, 13:29

You don't have to detour the send function, if you do, you also have to patch the hackshield or it will be detected.

For the format thingy, it's va_arg function. Possible formats are:

U -> DWORD (not required)
b -> BYTE
w -> WORD
d -> DWORD
s -> STRING
m -> DWORD

So: PacketType (BYTE), Format (String), va_args

You can call it like this:

Code:

__declspec(naked) int __cdecl mysend (BYTE type , LPCSTR format , ... )
{
	__asm
	{
		push ebp
		mov ebp, esp
		sub esp, 0x18
		jmp sendadr
	}
}

Example (teleport to cop)
mysend(0x30,"ww",4,6002);

Hate123 · 10/10/2010, 13:38

Ah thanks

I was messing around with it and was just wondering about the hackshield.
This makes it more clear ^^.

Edit: What's the sendadr?

aSynx · 10/10/2010, 13:45

it's the adress of the function (+6), you can try this pattern to find it (dunno if it still works)

Code:

55 8B EC 83 EC 18 83 3D x x x x 00 74 07 33 C0 E9 x x x x 8A 45 08 A2 x x x 00 83 3D x x x 00 01 75 0C

meak1 · 10/10/2010, 17:12

if u patch the hackshield if it not dedact it u got cl after 10 minutes because the crc packet 0x03 =D

aSynx · 10/10/2010, 18:24

Quote:

Originally Posted by meak1

if u patch the hackshield if it not dedact it u got cl after 10 minutes because the crc packet 0x03 =D

Wieso gehts dann bei mir immer ne Stunde ohne das ich die HS Packets selber schicke.

Hate123 · 10/11/2010, 11:48

Yeah if I understood the german here you should just be able to fake the hackshield? xD

BoXxX · 10/11/2010, 11:55

asynx just said that his kal is staying online for 1hr without sending the hs packets by himself. :q

Hate123 · 10/11/2010, 12:09

ah ok :P

aSynx · 10/11/2010, 12:29

But you don't have to care about the Hackshield as long as you don't detour/patch stuff.

But detouring the api calls is not detected, ws2_32 -> recv, (send is crypted already at this point)