You last visited: Today at 00:18
Advertisement
[Release]Shaiya Packet Editor
Discussion on [Release]Shaiya Packet Editor within the Shaiya Hacks, Bots, Cheats & Exploits forum part of the Shaiya category.
10/09/2009, 19:11
#1
elite*gold: 115
Join Date: Oct 2007
Posts: 9,390
Received Thanks: 12,344
[Release]Shaiya Packet Editor
Just a small remade of my old packet editor in
. I've just tested it on the German client, but it searches for signatures which means it should also work with other clients. If it doesn't, please upload the game.exe so I can fix it.
Usage:
1. Run the launcher of Shaiya.
2. Execute "injector.exe" in the RAR-archive attached.
3. Start the game.
Source Code:
At first I search for the internal function of the game which encrypts and sends packets so we can detour that function later. To archieve this I'm looking for a special signature which should be the same on every client. The function then saves the address of that function in the global variable
Address .
Code:
DWORD Address = 0;
DWORD ReturnAddress = 0;
bool ScanForAddress()
{
DWORD Base = 0x00400000;
DWORD SizeOfCode;
DWORD i = Base;
while ((memcmp((void *)i, "PE", 4)) && (i <= Base + 0x1000))
i++;
if (i <= Base + 0x1000)
SizeOfCode = *(DWORD *)(i + 0x1C);
BYTE Signature[] = {0x8B, 0xCB, 0x8B, 0xD1, 0xC1, 0xE9, 0x02, 0x8D, 0x43, 0x02,
0x66, 0x89, 0x44, 0x24, 0x20};
Address = dwFindPattern(Base + 0x1000, SizeOfCode, Signature, "xxxxxxxxxxxxxxx") - 0x38;
ReturnAddress = Address + 6;
if (Address)
return true;
else
return false;
}
bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask )
return false;
return (*szMask) == NULL;
}
DWORD dwFindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
for(DWORD i=0; i < dwLen; i++)
if( bDataCompare( (BYTE*)( dwAddress+i ),bMask,szMask) )
return (DWORD)(dwAddress+i);
return 0;
}
I copied the functions dwFindPattern() and bDataCompare() from here:
Here's the code to detour the internal send function. After the detour is set, every time a packet is sent the function
Detour() is called.
Code:
char *buf;
int len;
void __declspec(naked) Detour()
{
__asm
{
pushad
pushfd
mov ebp, esp
mov eax, [esp+0x28]
mov buf, eax;
mov eax, [esp+0x2C]
mov len, eax;
}
//Here you can call a function which displays the packet.
//[I]buf[/I] is a pointer to the packet and len indicates the length of it.
__asm
{
popfd
popad
push ebp
mov ebp, esp
and esp, 0xFFFFFFF8
jmp ReturnAddress
}
}
void SetDetour()
{
do
{
ScanForAddress();
Sleep(1);
}
while (!Address);
DWORD temp;
VirtualProtect((void *)Address, 5, PAGE_EXECUTE_READWRITE, &temp);
*(BYTE *)(Address) = 0xE9;
*(DWORD *)(Address + 1) = (DWORD)&Detour - Address - 5;
}
And here's the code to send a packet. Basically I just call a function pointer to the internal send function.
Code:
void SendPacket(char *buf, int len)
{
void (* InternalCall)(char *, int) = (void (__cdecl *)(char *,int)) Address;
(* InternalCall)(buf, len);
}
Attached Files
091010.rar
(10.6 KB, 23130 views)
10/09/2009, 19:20
#2
elite*gold: 20
Join Date: Jun 2009
Posts: 790
Received Thanks: 2,727
Awesome, tested on US version and works. Thanks
10/10/2009, 09:45
#3
elite*gold: 0
Join Date: Feb 2009
Posts: 4,507
Received Thanks: 3,086
Quote:
Originally Posted by
Disconnect
Just a small remade of my old packet editor in
. I've just tested it on the German client, but it searches for signatures which means it should also work with other clients. If it doesn't, please upload the game.exe so I can fix it.
Usage:
1. Run the launcher of Shaiya.
2. Execute "injector.exe" in the RAR-archive attached.
3. Start the game.
Source Code:
At first I search for the internal function of the game which encrypts and sends packets so we can detour that function later. To archieve this I'm looking for a special signature which should be the same on every client. The function then saves the address of that function in the global variable
Address .
Code:
DWORD Address = 0;
DWORD ReturnAddress = 0;
bool ScanForAddress()
{
DWORD Base = 0x00400000;
DWORD SizeOfCode;
DWORD i = Base;
while ((memcmp((void *)i, "PE", 4)) && (i <= Base + 0x1000))
i++;
if (i <= Base + 0x1000)
SizeOfCode = *(DWORD *)(i + 0x1C);
BYTE Signature[] = {0x8B, 0xCB, 0x8B, 0xD1, 0xC1, 0xE9, 0x02, 0x8D, 0x43, 0x02,
0x66, 0x89, 0x44, 0x24, 0x20};
Address = dwFindPattern(Base + 0x1000, SizeOfCode, Signature, "xxxxxxxxxxxxxxx") - 0x38;
ReturnAddress = Address + 6;
if (Address)
return true;
else
return false;
}
bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask )
return false;
return (*szMask) == NULL;
}
DWORD dwFindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
for(DWORD i=0; i < dwLen; i++)
if( bDataCompare( (BYTE*)( dwAddress+i ),bMask,szMask) )
return (DWORD)(dwAddress+i);
return 0;
}
I copied the functions dwFindPattern() and bDataCompare() from here:
Here's the code to detour the internal send function. After the detour is set, every time a packet is sent the function
Detour() is called.
Code:
char *buf;
int len;
void __declspec(naked) Detour()
{
__asm
{
pushad
pushfd
mov ebp, esp
mov eax, [esp+0x28]
mov buf, eax;
mov eax, [esp+0x2C]
mov len, eax;
}
//Here you can call a function which displays the packet.
//[I]buf[/I] is a pointer to the packet and len indicates the length of it.
__asm
{
popfd
popad
push ebp
mov ebp, esp
and esp, 0xFFFFFFF8
jmp ReturnAddress
}
}
void SetDetour()
{
do
{
ScanForAddress();
Sleep(1);
}
while (!Address);
DWORD temp;
VirtualProtect((void *)Address, 5, PAGE_EXECUTE_READWRITE, &temp);
*(BYTE *)(Address) = 0xE9;
*(DWORD *)(Address + 1) = (DWORD)&Detour - Address - 5;
}
And here's the code to send a packet. Basically I just call a function pointer to the internal send function.
Code:
void SendPacket(char *buf, int len)
{
void (* InternalCall)(char *, int) = (void (__cdecl *)(char *,int)) Address;
(* InternalCall)(buf, len);
}
nice tool!thank you for updating the old one
works on shaiyaDE without problems =)
best regards
Poly
10/10/2009, 11:29
#4
elite*gold: 0
Join Date: Mar 2009
Posts: 182
Received Thanks: 56
K at wat i can use this thing ? Wat he dose ?
Hmmmm
10/10/2009, 15:49
#5
elite*gold: 0
Join Date: Aug 2009
Posts: 11
Received Thanks: 5
kannst du auf deutsch auch schreiben bitte
10/10/2009, 16:07
#6
elite*gold: 0
Join Date: Feb 2009
Posts: 4,507
Received Thanks: 3,086
Quote:
Originally Posted by
Disconnect
Es ist nur ein kleines Upadte aus meinem alten Thread:
. Ich habe es nur mit dem deutschen Client getestet, aber es sucht nanch ähnlichkeiten also sollte es auch mit anderen clienten funktionieren. Sollte es das nicht tun, ladet eure game.exe hoch damit ich es fixen kann
gebrauch:
1. Starte den Shaiya-Launcher
2. extrahiere die injector.exe im rar-archiv
3. starte das spiel
Source Code:
At first I search for the internal function of the game which encrypts and sends packets so we can detour that function later. To archieve this I'm looking for a special signature which should be the same on every client. The function then saves the address of that function in the global variable
Address .
Code:
DWORD Address = 0;
DWORD ReturnAddress = 0;
bool ScanForAddress()
{
DWORD Base = 0x00400000;
DWORD SizeOfCode;
DWORD i = Base;
while ((memcmp((void *)i, "PE", 4)) && (i <= Base + 0x1000))
i++;
if (i <= Base + 0x1000)
SizeOfCode = *(DWORD *)(i + 0x1C);
BYTE Signature[] = {0x8B, 0xCB, 0x8B, 0xD1, 0xC1, 0xE9, 0x02, 0x8D, 0x43, 0x02,
0x66, 0x89, 0x44, 0x24, 0x20};
Address = dwFindPattern(Base + 0x1000, SizeOfCode, Signature, "xxxxxxxxxxxxxxx") - 0x38;
ReturnAddress = Address + 6;
if (Address)
return true;
else
return false;
}
bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask )
return false;
return (*szMask) == NULL;
}
DWORD dwFindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
for(DWORD i=0; i < dwLen; i++)
if( bDataCompare( (BYTE*)( dwAddress+i ),bMask,szMask) )
return (DWORD)(dwAddress+i);
return 0;
}
I copied the functions dwFindPattern() and bDataCompare() from here:
Here's the code to detour the internal send function. After the detour is set, every time a packet is sent the function
Detour() is called.
Code:
char *buf;
int len;
void __declspec(naked) Detour()
{
__asm
{
pushad
pushfd
mov ebp, esp
mov eax, [esp+0x28]
mov buf, eax;
mov eax, [esp+0x2C]
mov len, eax;
}
//Here you can call a function which displays the packet.
//[I]buf[/I] is a pointer to the packet and len indicates the length of it.
__asm
{
popfd
popad
push ebp
mov ebp, esp
and esp, 0xFFFFFFF8
jmp ReturnAddress
}
}
void SetDetour()
{
do
{
ScanForAddress();
Sleep(1);
}
while (!Address);
DWORD temp;
VirtualProtect((void *)Address, 5, PAGE_EXECUTE_READWRITE, &temp);
*(BYTE *)(Address) = 0xE9;
*(DWORD *)(Address + 1) = (DWORD)&Detour - Address - 5;
}
And here's the code to send a packet. Basically I just call a function pointer to the internal send function.
Code:
void SendPacket(char *buf, int len)
{
void (* InternalCall)(char *, int) = (void (__cdecl *)(char *,int)) Address;
(* InternalCall)(buf, len);
}
Quote:
Originally Posted by
3nergiz3r
kannst du auf deutsch auch schreiben bitte
habe den wichtigsten teil für dich übersetzt(siehe zitat)
MfG
poly
10/10/2009, 16:11
#7
elite*gold: 0
Join Date: Aug 2009
Posts: 11
Received Thanks: 5
ich danke dir
aber ich habe gerade getested und nicht funktioniert by tr server oder ich habe falsch gemacht
wie kann man das tun ? wo muss ich Source Code: schreiben? kannst du ein screenshot zeigen
dann es wird sehr leicht zu verstehen
10/10/2009, 16:58
#8
elite*gold: 115
Join Date: Oct 2007
Posts: 9,390
Received Thanks: 12,344
Updated
Now the Packet Editor also shows packets sent by the server and you get a small welcome-message after logging in.
10/11/2009, 02:03
#9
elite*gold: 20
Join Date: Jun 2009
Posts: 790
Received Thanks: 2,727
Quote:
Originally Posted by
Disconnect
Updated
Now the Packet Editor also shows packets sent by the server and you get a small welcome-message after logging in.
Nice message! I like that, I think I might put something like that into my programs. Seeing that some kid on youtube was claiming my releases as his own! lol.
10/11/2009, 10:50
#10
elite*gold: 0
Join Date: Apr 2009
Posts: 1,017
Received Thanks: 1,161
But for what is this tool good for? Can someone explain what it does?
10/11/2009, 11:55
#11
elite*gold: 0
Join Date: Feb 2009
Posts: 4,507
Received Thanks: 3,086
Quote:
Originally Posted by
MC Flip
But for what is this tool good for? Can someone explain what it does?
you get the packets the gameserver is sending to your computer
best regards
Poly
10/11/2009, 13:54
#12
elite*gold: 115
Join Date: Oct 2007
Posts: 9,390
Received Thanks: 12,344
I'm currently working on a packet based bot.
10/11/2009, 13:57
#13
elite*gold: 0
Join Date: Apr 2009
Posts: 1,017
Received Thanks: 1,161
But what are these " packets" exactly and for what are they good for?
10/12/2009, 10:01
#14
elite*gold: 0
Join Date: Aug 2006
Posts: 38
Received Thanks: 1
A feature to hide one type or the other would be extremely useful. For example, I am trying to monitor my SEND packets for some things, but in certain areas with lots of people, it gets horribly flooded with RECV packets, thus making it more difficult to sort out what I am looking at.
10/12/2009, 19:01
#15
elite*gold: 0
Join Date: Aug 2009
Posts: 11
Received Thanks: 5
ich habe vesucht aber habe ich nicht geschafft .
kann jemand erklären wie kann man das tun? oder einfach ein video
Similar Threads
Shaiya Packet Editor
05/20/2012 - Shaiya - 10 Replies
Is it possible to send 1 packet, that NPC's my whole inventory? If so may someone please post the code for it, ty much would be appreciated.
All times are GMT +2. The time now is 00:18 .