Packet Senden crash?

[blackout617]

Hallo ich habe eine kleine frage also ich versuche es mit einem simple packet ("say Hello") aber das client crasht..Ich habe auch denn string null terminated gemacht aber immer noch das gleiche hier ein paar info über was ich gemacht habe:

English: I Tried to send a simple packet ("say Hello") but the client crashes , i dont know what to do i terminated the string with null ,i hope anyone can help me Here some info about what im doing:

Code:

void Player::send_packet(std::string packet)
{
	DWORD callAdr = 0x52BC0C;
	DWORD callPtr = 0x68120C;
	char tempChar[256];
	memcpy(tempChar,packet.c_str(), packet.size());
	for (int i = 0; i < (packet.size()-1); i++)
	{
		tempChar[i] = packet[i];
	}
	tempChar[packet.size()] = 0;
	char* temp = tempChar;
	_asm
	{
			MOV EAX, DWORD PTR DS : [callPtr]
			MOV EAX, DWORD PTR DS : [EAX]
			MOV EDX, temp
			CALL callAdr
	}
	return;

}

Der call zu sendpacket:

Gallery 1

[BladeTiger12]

Versuch mal das:

Code:

void Player::send_packet(std::string packet)
{
	DWORD callAdr = 0x52BC0C;
	DWORD callPtr = 0x68120C;
	char tempChar[256];
	memcpy(tempChar,packet.c_str(), packet.size());
	tempChar[packet.size()] = 0;

	char* temp = tempChar;
	_asm
	{
			MOV EAX, DWORD PTR DS : [callPtr]
			MOV EAX, DWORD PTR DS : [EAX]
                        MOV EAX, DWORD PTR DS : [EAX]
			MOV EDX, temp
			CALL callAdr
	}
	return;

}

Und sicher das callAdr richtig ist?(Wenn das oben nicht klappt probier mal das unten aus)

 Spoiler

Code:

void Player::send_packet(std::string packet)
{
	DWORD callAdr = 0x52BBC0;
	DWORD callPtr = 0x68120C;
	char tempChar[256];
	memcpy(tempChar,packet.c_str(), packet.size());
	tempChar[packet.size()] = 0;

	char* temp = tempChar;
	_asm
	{
			MOV EAX, DWORD PTR DS : [callPtr]
			MOV EAX, DWORD PTR DS : [EAX]
			MOV EDX, temp
			CALL callAdr
	}
	return;

}

[blackout617]

oohh ich habe grade erst gesehen das ich vergessen habe den for loop zu löschen nach ich memcpy geschrieben habe , Leider beides geht nicht , die callAdr muss richtig seinn habe ja von IDA das photo drinn müsste korrekt sein.

[BladeTiger12]

Aber die, von deinem Code ausschnitt ist glaube ich nur die Funktion, die das Walk-Packet zusammen setzt und etwas später erst die richtige aufruft.

Habe gerade nachgeschaut ist anscheinend immer noch die 0x52BBC0.

Und was heißt "geht beides nicht"?
Crasht es immer noch oder kommt beim 2 (Das im Spoiler) einfach gar nichts?
Wenn ja, dann hat es funktioniert.
Das "say"-Packet siehst du in deinem eigenen Chat nicht.

[blackout617]

Quote:

Originally Posted by BladeTiger12

Aber die, von deinem Code ausschnitt ist glaube ich nur die Funktion, die das Walk-Packet zusammen setzt und etwas später erst die richtige aufruft.

Habe gerade nachgeschaut ist anscheinend immer noch die 0x52BBC0.

Und was heißt "geht beides nicht"?
Crasht es immer noch oder kommt beim 2 (Das im Spoiler) einfach gar nichts?
Wenn ja, dann hat es funktioniert.
Das "say"-Packet siehst du in deinem eigenen Chat nicht.

nein leider wieder ein crash :/

[WalrossGreat]

Because you are doing it wrong. Just debug it, after hit a breakpoint at first line of your function look at stack (to see from where it was called) then go there, you also can see that in current registers:

ECX - the packet (for example "say lol")
EDX - the packet (For example "say")

There is also a function where you need to pass only the full packet (for example "say lol").
Anyway that function would be great place to hook, since the packet is spearated by game .

In your function you have call to function that is calling the "right" function.

BTW Ofc you can use that function which you posted, just full the registers with right values.

I will left the example.

Code:

	__asm
	{
		MOV ECX, fullPacket; // "ncif 3 1791"
		MOV EAX, DWORD PTR DS : [0x68120C];
		MOV EAX, DWORD PTR DS : [EAX];
		MOV EDX, 0x062F804; // ASCII "ncif"
		CALL toCall;
	}

Hope it helps

[blackout617]

Erst mal danke für die hilfe , jetzt habe ich mehr gelernt über ASM dank euch
Und ich kann deutsch aber beim schreiben bin ich nicht gut weill ich nicht in deutschland bin , ich bin zeit ich kleinn bin in zypern aber Lesen/reden kann ich perfect deutsch(ist meine hauptsprache) also ist besser wenn ihr deutsch schreibt english ist ein bischen slechter

Also ich habe es so probiert: ( So i tested this now)

Code:

void Player::send_packet(std::string packet)
{
	//Defs
	char tempChar[256];
	DWORD callPtr = (DWORD)send_packet_callPtr;
	DWORD callAdr = (DWORD)send_packet_callAdr;
	DWORD packetType = 0x630238; // ASCII "rest"
	//Defs end here

	//String work
	memcpy(tempChar, packet.c_str(), packet.size());
	tempChar[packet.size()] = 0;
	char* temp = tempChar;
	//ASM WORK
	_asm
	{
			MOV ECX, temp
			MOV EAX, DWORD PTR DS : [callPtr]
			MOV EAX, DWORD PTR DS : [EAX]
			MOV EDX, packetType
			CALL callAdr
	}
	return;
}

Aber trozttdem ein crash.. (But still crashing)
Hier ein paar bilder die mehr info über mein problem geben werden denke ich .. (Here some info with photos detailed , this will explain more about my problem)

Die function die ich versuche zu callenThe function that i try to call)


Wen das game the function calledWhen the game calls it)


Wenn meine function ,die function called(When my dll calls it):



Wenn das spiel crashtWhen the game crashes)


Und ich glaube das ist die funktion die walross meint("There is also a function where you need to pass only the full packet (for example "say lol").") :

[WalrossGreat]

I don't fully understand what you said (cuz I don't know your lang) but i see that there is particural problem with your packet convertion:

Code:

	memcpy(tempChar, packet.c_str(), packet.size());
	tempChar[packet.size()] = 0;
	char* temp = tempChar;

I suggest you to change the std::string to char* (in your function)
also you can get the size of char* from strlen(var);
So it should looks like:

Code:

        unsigned int _w64 sizeOfChar = strlen(packet)
	memcpy(tempChar, packet, sizeOfChar );
	tempChar[sizeOfChar] = 0;
	char* temp = tempChar;

[blackout617]

Quote:

Originally Posted by WalrossGreat

I don't fully understand what you said (cuz I don't know your lang) but i see that there is particural problem with your packet convertion:

Code:

	memcpy(tempChar, packet.c_str(), packet.size());
	tempChar[packet.size()] = 0;
	char* temp = tempChar;

I suggest you to change the std::string to char* (in your function)
also you can get the size of char* from strlen(var);
So it should looks like:

Code:

        unsigned int _w64 sizeOfChar = strlen(packet)
	memcpy(tempChar, packet, sizeOfChar );
	tempChar[sizeOfChar] = 0;
	char* temp = tempChar;

I Think that youre german because of your Username ) , int the last screenshot i asked if that is the function that you said as "only passing 1packet".
I Don't understand why i should not do it with std::string , but now i changed it with char* and used strlen but still crashing

[WalrossGreat]

Yes, that it's right function.

You should use strlen to determine the size of char*, it's probably the best way.

Try to execute it:

Code:

	char* packet = "ncif 3 1791";
	char tempChar[256];
	unsigned int _w64 sizeOfChar = strlen(packet);
	memcpy(tempChar, packet, sizeOfChar);

	tempChar[sizeOfChar] = 0;

	char *temp = tempChar;

	DWORD toCall = 0x052BC0C;

	__asm
	{
		MOV ECX, temp; // "ncif 3 1791"
		MOV EAX, DWORD PTR DS : [0x68120C];
		MOV EAX, DWORD PTR DS : [EAX];
		MOV EDX, 0x062F804; // ASCII "ncif"
		CALL toCall;
	}

It's work great for me.
You also don't need the return if the function is void(as you had it in first post)

[forsatus]

You need to know the size of the packet you want to send.

[blackout617]

Quote:

Originally Posted by WalrossGreat

Yes, that it's right function.

You should use strlen to determine the size of char*, it's probably the best way.

Try to execute it:

Code:

	char* packet = "ncif 3 1791";
	char tempChar[256];
	unsigned int _w64 sizeOfChar = strlen(packet);
	memcpy(tempChar, packet, sizeOfChar);

	tempChar[sizeOfChar] = 0;

	char *temp = tempChar;

	DWORD toCall = 0x052BC0C;

	__asm
	{
		MOV ECX, temp; // "ncif 3 1791"
		MOV EAX, DWORD PTR DS : [0x68120C];
		MOV EAX, DWORD PTR DS : [EAX];
		MOV EDX, 0x062F804; // ASCII "ncif"
		CALL toCall;
	}

It's work great for me.
You also don't need the return if the function is void(as you had it in first post)

i think i will be going to crazy
Its still crashing , at least i copy pasted and make all other things to comments. Just your code and its crashing again..
Here now recorded a short video while trying your code

Quote:

Originally Posted by forsatus

You need to know the size of the packet you want to send.

char* packet = "ncif 3 1791"; //len 11
char tempChar[256];
unsigned int _w64 sizeOfChar = strlen(packet);
i think that will give the size of the packet ? strlen(packet) == 11

[forsatus]

Code:

DWORD sendpacketfunc = 0x052BC0C

void Send(CHAR* packet)
{
	DWORD _i32_SendPacketFunc = 0x0052BBC0;

	__asm
	{
		MOV EAX, DWORD PTR DS : [0x0068120C]
		MOV EAX, DWORD PTR DS : [EAX]
		MOV EDX, packet
		CALL sendpacketfunc
	}
}

[WalrossGreat]

@forsatus
Why he should take care about this? Since he set the char* i don't see any profits from know the char size

@blackout617
Please post fully code on pastebin, with the DLLMain and the CreateThread if you can.

EDIT:
@forsatus
It's not about this, there isn't only one function that you have to call if you want send packet.

[blackout617]

Quote:

Originally Posted by forsatus

You need to know the size of the packet you want to send.

Quote:

Originally Posted by WalrossGreat

@forsatus
Why he should take care about this? Since he set the char* i don't see any profits from know the char size

@blackout617
Please post fully code on pastebin, with the DLLMain and the CreateThread if you can.

EDIT:
@forsatus
It's not about this, there isn't only one function that you have to call if you want send packet.

Here