[Reversed] PlayerLog-Function

irrenhaus · 06/23/2012, 16:47

Hey,
I've found a nice function:

Call at: 5A5120:239

Code:

int __cdecl CreatePlayerLog(void *Log)
{
  char **LoginID; // eax@1
  _UNKNOWN *UnknownVariable; // eax@1
  int *CharID; // eax@3
  int LogStringINT; // edi@5
  _UNKNOWN *UnknownVAR; // eax@7
  int TargetMinusSixteen; // eax@9
  int _EDX; // edx@9
  signed int _ECX; // ecx@9
  int _ECX; // ecx@9
  int result; // eax@11
  int _ECX; // ecx@11
  signed int _EDX; // edx@11
  int _EDX; // edx@11
  const void *LogString; // [sp+18h] [bp-24h]@1
  int TargetType; // [sp+1Ch] [bp-20h]@7
  float posY; // [sp+20h] [bp-1Ch]@5
  float posX; // [sp+24h] [bp-18h]@5
  int MapID; // [sp+28h] [bp-14h]@5
  int TargetID; // [sp+2Ch] [bp-10h]@7
  int IntegerMinusOne; // [sp+34h] [bp-8h]@11
  int LOBYTEVar; // [sp+38h] [bp-4h]@1

  UnknownVariable = UnknownSub();
  LogString = (const void *)((*(int (__thiscall **)(_UNKNOWN *))(*(_DWORD *)UnknownVariable + 12))(UnknownVariable) + 16);
  LOBYTEVar = 0;
  WriteLog(Log, "====================================\n", 37u);
  WriteLog(Log, "Player Info\n", 12u);
  WriteLog(Log, "------------------------------------\n", 37u);// // Arguments: arg1 => Text to Write; arg2 => Text Length ( \n => 1 )
  LoginID = (char **)dword_6F5C88;
  if ( (unsigned int)dword_6F5C9C < 16 )
    LoginID = &dword_6F5C88;
  SPRINTF_CPP(&LogString, "Login ID: %s\n", LoginID);
  WriteLog(Log, LogString, *((_DWORD *)LogString - 3));
  CharID = (int *)dword_6F5CA4;
  if ( (unsigned int)dword_6F5CB8 < 16 )
    CharID = &dword_6F5CA4;
  SPRINTF_CPP(&LogString, "Character ID: %s\n", CharID);
  LogStringINT = (int)LogString;
  WriteLog(Log, LogString, *((_DWORD *)LogString - 3));
  if ( (unsigned __int8)GetMapData(&MapID, &posX, &posY) )
  {
    SPRINTF_CPP(&LogString, "Position: Map=%d, X=%.2f, Z=%.2f\n", MapID, posX, posY);
    LogStringINT = (int)LogString;
    WriteLog(Log, LogString, *((_DWORD *)LogString - 3));
  }
  UnknownVAR = UnknownSub();
  TargetType = (*(int (__thiscall **)(_UNKNOWN *))(*(_DWORD *)UnknownVAR + 12))(UnknownVAR) + 16;
  LOBYTE(LOBYTEVar) = 1;
  if ( (unsigned __int8)GetTarget(&TargetType, &TargetID) )
  {
    SPRINTF_CPP(&LogString, "Target: Type=%s, ID=%u\n", TargetType, TargetID);
    LogStringINT = (int)LogString;
    WriteLog(Log, LogString, *((_DWORD *)LogString - 3));
  }
  WriteLog(Log, L"\n", 1u);
  TargetMinusSixteen = TargetType - 16;
  LOBYTE(LOBYTEVar) = 0;
  _EDX = TargetType - 16 + 12;
  _ECX = -1;
  __asm { lock xadd [edx], ecx }
  if ( _ECX - 1 <= 0 )
    (*(void (__cdecl **)(int))(**(_DWORD **)TargetMinusSixteen + 4))(TargetMinusSixteen);
  result = LogStringINT - 16;
  IntegerMinusOne = -1;
  _ECX = LogStringINT - 16 + 12;
  _EDX = -1;
  __asm { lock xadd [ecx], edx }
  if ( _EDX - 1 <= 0 )
    result = (*(int (__cdecl **)(int))(**(_DWORD **)result + 4))(result);
  return result;
}

It Writes an PlayerLog

a Log could look like this:

Quote:

====================================
Player Info
------------------------------------
Login ID: [LoginID Here]
Character ID: [CharacterID Here]
Position: Map=[MapID Here], X=[XPos Here],Z=[ZPos here]
Target: Type=[TargetType Here], ID=[TargetID Here]

To the Functions:

SPRINTF_CPP => Is just the sprintf Function.

WriteLog:

Code:

// The WriteLog Function adds an Line to the Log //
// lText => The Text that should be written
// lLength => The Length of the Text ('\n' is a break-line and is counted as 1 char
WriteLog(char* lText,DWORD lLength);

GetMapData:

Code:

// The GetMapData Function returns the current Position of the Player and the Map ID //
//there are 3 integer Pointers which gets filled in the Function
// the double Parameter is the PlayerID
GetMapData(double PlayerID,int* mdID,int* mdX,int* mdY);

GetTargetType:

Code:

// The GetTargetType Function returns the Selected Target Type and ID //
// Both Parameters are Pointers which gets filled with the Information //
GetTargetType(int* tType,int* tID);

Now onto the Main thing you can do with it:
1. Hook it and return the given Values
2. Put a CodeCave to get the Logs

i prefer the second one but you have to figure out how it works a Tipp:
LoginID-Log is saved in the EAX register
CharacterID-Log is saved in the EDI register
Position-Log is saved in the EDI register
Target-Log is saved in the EDI register

You can also edit the LogText and send wrong Data

But saving them is more funny because then you can do
pretty awesome things with it!

have fun with reversing.

CAS!

Arcles · 06/23/2012, 17:35

Warte wofuer is das gut? xD

~~ReTuRnD'~~ · 06/23/2012, 17:47

How He Work?
And for what he is good?

Wie geht das ? also was kann man damit machen

BadGamer78 · 06/23/2012, 17:55

Can we conect us in any acount ? =D

irrenhaus · 06/23/2012, 18:12

Damit könnt ihr eure PlayerID,CharacterID auslesen genauso wie die MapID eure Positionen
und das was ihr selektiert.

AnghelescuG · 06/23/2012, 18:13

I think gm's can see that log. I'm a little afraid now to use teleport and even, *dah* do anything because we are spied

)

irrenhaus · 06/23/2012, 20:18

Quote:

Originally Posted by AnghelescuG

I think gm's can see that log. I'm a little afraid now to use teleport and even, *dah* do anything because we are spied )

You can remove that Function and no logs will be written

Address for it is in my first Post!

~~SilverAngel(CZ)~~ · 06/27/2012, 20:50

Nice reversing work man, thanks.