Nutzt jemand c++ für seinen gw2 hack?
GW2 Memory Thread
10/17/2012 19:02
shuuky#31
10/17/2012 19:37
LordKill#32
ja ich wieso?
10/17/2012 19:49
shuuky#33
Hast du oder evtl. jemand ander lust es ein bischen open source zu machen, damit man davon lernen kann, wie der code aufgebaut ist ect?
Kannst ja auch dir wichtige hacks ect. rauslassen wenn du sie nicht vö willst.
Kannst ja auch dir wichtige hacks ect. rauslassen wenn du sie nicht vö willst.
10/17/2012 20:44
Xereon#34
Objektorientierte ProgrammierungQuote:
Hast du oder evtl. jemand ander lust es ein bischen open source zu machen, damit man davon lernen kann, wie der code aufgebaut ist ect?
Kannst ja auch dir wichtige hacks ect. rauslassen wenn du sie nicht vö willst.
:rtfm:
Sorry, aber das ist nichts was speziell mit Hacks sondern mit Programmieren im Allgemein zu tuen hat. Zu jener Thematik gibt es Dutzende von Büchern und die verschiedene Techniken, Patterns und Paradigma lassen sich nicht anhand eines einziges Programmes verstehen. Außerdem sind Hacks / Bots normalerweise nicht gerade die besten Beispiele für OOP oder einen guten Stil. Wenn du nur in c++ interessiert wirst du es sowieso schwieriger haben, da die Sprache doch ihre ganz eigenen Kniffe hat (constness,templates, RAII, value semantics um nur ein paar zu nennen). Guter c++ code ist rar! Wenn du trotzdem nicht von c++ abhälts rate ich dir die Poco libs anzusehen; mit Abstand einer der saubersten und objektorientiertesten c++ libs, die es so gibt.
10/17/2012 21:06
piotr55#35
Also wenn du allgemein c++ näher kennenlernen möchtest, solltest du vlt nicht gleich hackspezifisch durchstarten. es gibt unzählige beginner tuts für c++ um einfach einsteigen zu können. Wenn du wirklich objektorientiert proggen möchtest, solltest du c++ eher meiden. mein tipp für oop ist java. eignet sich aber nicht für hacks.Quote:
Kannst ja auch dir wichtige hacks ect. rauslassen wenn du sie nicht vö willst.
solltest du dir einfach nur nen teleporter bauen wollen zum testen, schau dir mal den c# code zum auslesen der char koordinaten an, den djmatrix1987 [Only registered and activated users can see links. Click Here To Register...] gepostet hat. den code kann man simple ändern um die werte nicht zu lesen sondern zu schreiben.
gruß piotr
10/17/2012 23:21
djmatrix1987#36
So the first step is done :) Map is finished. Here a preview of the GW2 bot.
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
10/18/2012 00:04
piotr55#37
Nice :) was wirds wenns fertig ist? nen bot mit wegpunkten oder wie?Quote:
[Only registered and activated users can see links. Click Here To Register...]
gruß piotr
10/18/2012 01:33
djmatrix1987#38
Wird ein richtiger Bot mit Wegpunkten, diese mann dan auf der Karte zeichnen kann. Im Moment sind die Wegpunkte ingame auch auf der Karte vorhanden und die Rüssi / Händler.
10/18/2012 14:21
midi12#39
Hi, first thanks for these offsets, this is very interresting, i tried to implement this to a c++ dll. Hooks on EncryptPacket and send are applying fine but when EncryptPacket is called, the game instantly crashes :/Quote:
After the encryption you have to send your packet immediately or the server will receive wrong encrypted packets by the client. Just put the targetbuffer into the winsock send function, so easy.Code:off_NetworkClass = $015C1DD4; // [15754] off_EncryptCallAdd = $1CC; // [15754] off_EncryptPacket = $00A62190; // [15754] procedure EncryptPacket(pBuffer, pTargetBuffer: Pointer; bufferSize: Integer); const // delphi __thiscall hekk, ignore _eax and _edx and reverse the order gw2Encrypt: procedure( _eax, _edx, pThis, pTargetBuffer, pBuffer: Pointer; bufferSize: Integer) = Pointer(off_EncryptPacket); begin gw2Encrypt(nil, nil, Pointer(PCardinal(off_NetworkClass)^ + off_EncryptCallAdd), pTargetBuffer, pBuffer, bufferSize); end;
Here is the code i do in my hooked EncryptPacket & send :
Code:
VOID __fastcall m_PacketEncrypt(VOID* pTargetBuffer, VOID* pBuffer, int bufferSize)
{
DWORD NetClassptr = *(DWORD*)(gw2_base + NetworkClass);
VOID* EncryptCallAdd = *(VOID**)(NetClassptr + EncryptCall);
/*for(int i = 0; i < bufferSize; i++)
{
cout << hex << pBuffer[i];
}*/
cout << "m_PacketEncrypt()" << endl;
cout << hex << NetClassptr << endl;
cout << hex << EncryptCallAdd << endl;
cout << hex << (const char*)pBuffer << endl;
cout << hex << (const char*)pTargetBuffer << endl;
cout << bufferSize << endl;
cout << "m_PacketEncrypt()" << endl;
cout << "_________________" << endl;
//m_send(m_s, (const char*)pTargetBuffer, bufferSize, NULL);
return pPacketEncrypt(NULL, NULL, EncryptCallAdd, pTargetBuffer, pBuffer, bufferSize);
}
int WINAPI m_send(SOCKET s, const char* buf, int len, int flags)
{
cout << "m_send()" << endl;
cout << buf << endl;
cout << len << endl;
cout << flags << endl;
cout << "m_send()" << endl;
cout << "________" << endl;
m_s = s;
return pSend(s, buf, len, flags);
}
10/18/2012 14:25
Cencil#40
I'm sure there are better ways to send packets. GW2 puts all packets into a list and sends it, there is a high chance that your encryption will fail if you do it in your own thread.
Still had no time to completely reverse it.
return pPacketEncrypt(NULL, NULL, EncryptCallAdd, pTargetBuffer, pBuffer, bufferSize);
Looks wrong, EncryptCallAdd should be the first parameter (as you use msfastcall). Also you don't need to add the base to the offset, I already did it.
If your code is a detour you should also add edx and ecx as the first parameters
VOID __fastcall m_PacketEncrypt(VOID* ecx, VOID * Unused, int bufferSize, VOID* pBuffer, VOID* pTargetBuffer)
Hope this helps.
Anyway here's my detour in delphi, it's crap but hey it works.
I'm overwriting the call at 0x00A5D011, else you'll also see the incoming packets.
Still had no time to completely reverse it.
return pPacketEncrypt(NULL, NULL, EncryptCallAdd, pTargetBuffer, pBuffer, bufferSize);
Looks wrong, EncryptCallAdd should be the first parameter (as you use msfastcall). Also you don't need to add the base to the offset, I already did it.
If your code is a detour you should also add edx and ecx as the first parameters
VOID __fastcall m_PacketEncrypt(VOID* ecx, VOID * Unused, int bufferSize, VOID* pBuffer, VOID* pTargetBuffer)
Hope this helps.
Anyway here's my detour in delphi, it's crap but hey it works.
Code:
procedure hk_PacketCrypt(_eax, _edx, pThis, pEncryptedBuffer, pBuffer: Pointer; packetSize: Integer);
var
buffer: Array of Byte;
i: Integer;
sLog, sOpName: string;
wOpCode: Word;
const
org_PacketCrypt: procedure(_eax, _edx, pThis, pEncryptedBuffer, pBuffer: Pointer; packetSize: Integer) = Pointer($00A62190);
begin
if (g_bLogOutgoingPackets) then
begin
SetLength(buffer, packetSize);
Move(pBuffer^, buffer[0], packetSize);
for i := Low(buffer) to High(buffer) do
begin
sLog := sLog + IntToHex(buffer[i], 2) + ' ';
end;
Move(buffer[0], wOpCode, SizeOf(wOpCode));
case wOpCode of
$0D:
sOpName := 'MovementHeartbeat';
$0F:
sOpName := 'CastSpell';
$21:
sOpName := 'MoveItem';
$54:
sOpName := 'ChatMessage';
$56:
sOpName := 'SlashCommand';
$7C:
sOpName := 'Unlock bag slot'
else
sOpName := 'Unknown';
end;
LogConsole ('======================================================');
LogConsoleF('C->S Packet code: %x (%s) Size: %d', [wOpCode, sOpName, Length(buffer)]);
LogConsole ('======================================================');
LogConsole (sLog);
LogConsole ('======================================================');
end;
org_PacketCrypt(_eax, _edx, pThis, pEncryptedBuffer, pBuffer, packetSize);
end;
10/18/2012 22:03
Else#41
Code:
E-Mail Address - 0x015C0D38
10/18/2012 22:03
midi12#42
Thanks for the answer, i'm doing like this now but it crash at calling oPacketEncrypt (I cleaned my src a little ^^') (oPacketEncrypt is new name for pPacketEncrypt)
I use MSDetours 1.5 and the call of m_PacketEncrypt works fine now !
In PacketEncrypt(_EAX, (VOID*)EncryptCallAdd, NULL, pTargetBuffer, pBuffer, bufferSize);
I set 3rd parameters as NULL because I didn't know which argument passing to it.
Also after checking
DWORD EncryptCallAdd = *(DWORD*)(NetClassptr + EncryptCall) are set with some random numbers, i'm sure the cast is good and i removed the base adding indeed ><
I'm very new with hooks, i just done on D3DWrapper project, and i search for a deep documentation on, because i had failed to find one good with ggl!
So thanks again for explanation.
PS : how i declare my Hook :
Code:
VOID __fastcall m_PacketEncrypt(VOID* _EAX, VOID* _ECX, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize)
{
DWORD NetClassptr = *(DWORD*)(NetworkClass);
DWORD EncryptCallAdd = *(DWORD*)(NetClassptr + EncryptCall);
cout << "================================" << endl;
cout << NetClassptr << endl;
cout << EncryptCallAdd << endl;
cout << "================================" << endl;
//m_send(m_s, (const char*)pTargetBuffer, bufferSize, 0);
return oPacketEncrypt(_EAX, (VOID*)EncryptCallAdd, NULL /*don't find what place here and NULL fail*/, pTargetBuffer, pBuffer, bufferSize);
}
In PacketEncrypt(_EAX, (VOID*)EncryptCallAdd, NULL, pTargetBuffer, pBuffer, bufferSize);
I set 3rd parameters as NULL because I didn't know which argument passing to it.
Also after checking
DWORD EncryptCallAdd = *(DWORD*)(NetClassptr + EncryptCall) are set with some random numbers, i'm sure the cast is good and i removed the base adding indeed ><
I'm very new with hooks, i just done on D3DWrapper project, and i search for a deep documentation on, because i had failed to find one good with ggl!
So thanks again for explanation.
PS : how i declare my Hook :
Code:
typedef VOID (__thiscall *tPacketEncrypt)(VOID* _EAX, VOID* _EDX, VOID* pThis, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize); tPacketEncrypt oPacketEncrypt; VOID __fastcall m_PacketEncrypt(VOID* _EAX , VOID* _ECX, VOID* pThis, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize);
10/18/2012 22:27
Else#43
For Constants Data, uvm.:
Code:
public enum ItemRarities : uint
{
Junk = 0,
Common = 1,
Fine = 2,
Masterwork = 3,
Rare = 4,
Exotic = 5,
Legendary = 6,
}
public enum AgentAttitudes : uint
{
Friendly = 0,
Hostile = 1,
Neutral = 2,
UnattackablePNJ = 3,
}
public enum GatheringType : uint
{
Herb = 0,
Wood = 1,
Mine = 2,
None = 3,
}
public enum ItemTypes : uint
{
Armor = 0,
Back = 1,
Bag = 2,
Consumable = 3,
Container = 4,
CraftingMaterial = 5,
Gathering = 6,
Gizmo = 7,
MiniDeck = 9,
Tool = 13,
Trinket = 15,
Trophy = 16,
UpgradeComponent = 17,
Weapon = 18,
//NUM_ITEM_TYPES = 19,
}
public enum AgentTypes : uint
{
Char = 0,
Gadget = 8,
Gadget_Attack_Target = 9,
Item = 13,
}
public enum EquipmentSlot : uint
{
AquaticHeadgear = 0,
Chest = 2,
Boots = 3,
Gloves = 4,
Headgear = 5,
Leggings = 6,
Shoulders = 7,
Back = 11,
Accessory1 = 12,
Accessory2 = 13,
Amulet = 14,
Ring1 = 15,
Ring2 = 16,
TownClothesHeadgear = 17,
TownClothesChest = 18,
TownClothesGloves = 19,
TownClothesLeggings = 20,
TownClothesShoes = 21,
TownClothesToy = 22,
AquaticWeapon = 24,
AlternateAquaticWeapon = 25,
MainHandWeapon = 29,
OffHandWeapon = 30,
AlternateMainHandWeapon = 31,
AlternateOffHandWeapon = 32,
ForagingTool = 34,
LoggingTool = 35,
MiningTool = 36,
}
public enum ItemDurabilities : uint
{
Ok = 0,
Damaged = 1,
Broken = 2,
}
public enum UiFlags : int
{
Autoloot = 0x2,
EnableCameraShake = 0x8,
UseFreeCamera = 0x10,
DoubleClickToAttackInteract = 0x100,
InvertCameraYAxis = 0x1000,
ShowAllEnemyNames = 0x10000,
ShowAllNPCNames = 0x20000,
ShowAllPlayerNames = 0x8000,
ShowSkillRecharge = 0x80000,
SimplePartyUI = 0x200000,
Autotargeting = 0x400000,
StopAutoAttackingOnTargetChange = 0x800000,
DoubleTapToEvade = 0x2000000,
DisableAreaOfEffectRings = 0x1000000,
FastCastGroundTargeting = 0x4000000,
PromoteSkillTarget = 0x8000000,
MeleeAttackAssist = 0x10000000,
}
public enum ResolutionMode : uint
{
Windowed = 0,
Fullscreen = 1,
FullscreenWindowed = 2,
}
public enum WeaponType : byte
{
Sword = 0,
Hammer = 1,
Longbow = 2,
Shortbow = 3,
Axe = 4,
Dagger = 5,
Greatsword = 6,
Mace = 7,
Pistol = 8,
Rifle = 10,
Scepter = 11,
Staff = 12,
Focus = 13,
Torch = 14,
Warhorn = 15,
Shield = 16,
Spear = 19,
HarpoonGun = 20,
Trident = 21,
}
public enum SkillTypes : uint
{
Ability = 0,
Buff = 1,
}
Source: [B][URL="http://www.**************/forums/mmo/guild-wars-2/gw2-memory-editing/378035-gw2-constant-data-enums-structs-etc.html"]Here[/URL][/B]
10/19/2012 05:06
Cencil#44
Function header should beQuote:
I use MSDetours 1.5 and the call of m_PacketEncrypt works fine now !Code:VOID __fastcall m_PacketEncrypt(VOID* _EAX, VOID* _ECX, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize) { DWORD NetClassptr = *(DWORD*)(NetworkClass); DWORD EncryptCallAdd = *(DWORD*)(NetClassptr + EncryptCall); cout << "================================" << endl; cout << NetClassptr << endl; cout << EncryptCallAdd << endl; cout << "================================" << endl; //m_send(m_s, (const char*)pTargetBuffer, bufferSize, 0); return oPacketEncrypt(_EAX, (VOID*)EncryptCallAdd, NULL /*don't find what place here and NULL fail*/, pTargetBuffer, pBuffer, bufferSize); }
In PacketEncrypt(_EAX, (VOID*)EncryptCallAdd, NULL, pTargetBuffer, pBuffer, bufferSize);
I set 3rd parameters as NULL because I didn't know which argument passing to it.
Also after checking
DWORD EncryptCallAdd = *(DWORD*)(NetClassptr + EncryptCall) are set with some random numbers, i'm sure the cast is good and i removed the base adding indeed ><
I'm very new with hooks, i just done on D3DWrapper project, and i search for a deep documentation on, because i had failed to find one good with ggl!
So thanks again for explanation.
PS : how i declare my Hook :
Code:typedef VOID (__thiscall *tPacketEncrypt)(VOID* _EAX, VOID* _EDX, VOID* pThis, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize); tPacketEncrypt oPacketEncrypt; VOID __fastcall m_PacketEncrypt(VOID* _EAX , VOID* _ECX, VOID* pThis, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize);
VOID __fastcall m_PacketEncrypt(VOID* pThis, VOID* Unused, int bufferSize, VOID* pBuffer, VOID* pTargetBuffer)
typedef VOID (__thiscall *tPacketEncrypt)(VOID* _EAX, VOID* _EDX, VOID* pThis, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize);
should be
typedef VOID (__thiscall *tPacketEncrypt)(VOID* pThis, int bufferSize, VOID* pBuffer, VOID* pTargetBuffer);
and
VOID __fastcall m_PacketEncrypt(VOID* _EAX , VOID* _ECX, VOID* pThis, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize));
should be
VOID __fastcall m_PacketEncrypt(VOID* pThis, VOID* Unused, int bufferSize, VOID* pBuffer, VOID* pTargetBuffer);
Since msfastcall is different than borlands fastcall. My first post was also a bit wrong, I just corrected it.
edit: Just letting you know that the offsets are not working anymore with the latest patch :)
10/20/2012 18:04
midi12#45
Thanks detouring PacketEncrypt is now working fine, just crashing at original call but i'll work on it (whend using encryptcalladd).Quote:
The problem i have is i got a high number of packet throught the hook o_o
I use currently use pThis in oPacketEncrypt because EncryptCallAdd make the program crashing, i'm think it's because of the use of pThis and not of EncryptCallAdd that i got a lot of packet.
And yes new offsets are :
Code:
#define NetworkClass 0x015C1DD4 #define EncryptCall 0x1CC #define EncryptPacket 0x00A62160
Ok, this is fixed, i just check pThis is equal to EncryptCall to just log outgoing packet ^^"
But packets are differents than your, eg for Heartbeat i got:
Code:
size : 4 packet : c 0 0 0