[Release] PacketLogger

Quote:

Originally Posted by BladeTiger12 Hello Elitepvpers, today I release my new PacketLogger for NosTale. I thought to create a new one, because Doktor.'s one doesn't really work well and Elektrochemie's one do not save the filters. (Annoying :D) There are not much functions, but I hope it will be usefull for some people. Btw: Mouse over a Packet u will see the full. Here are some Pictures: Gallery TCP Feature (for developers)  Spoiler Explanation  Spoiler You can use every programming language that supports the TCP protocol! [Only registered and activated users can see links. Click Here To Register...] - A TCP Server in the PacketLogger to communicate with the Client (proxy-like). - For IP:Port look in titlebar of the PacketLogger. [Only registered and activated users can see links. Click Here To Register...] Actually pretty easy to use. You can connect as much clients as you want to this server. I also uploaded in the archive some example AutoIt scripts. Maybe it's useful for someone. So first of all: All packets have the same format as NosTale (Space splitted) The first item is a number: 0 for receive, 1 for send Packet. E.g.: PHP Code: packet = receiveFromPacketLogger(); splitted = split(packet, ' '); type = splitted[0]; header = splitted[1]; if type == 0 then "RECEIVE PACKET" if type == 1 then "SEND PACKET"  Same is for sending back to PacketLogger: PHP Code: sendPacket = "1 walk 22 33 1"; <- 1 is for send recvPacket = "0 gold 2329392"; <- 0 is for recv sendToPacketLogger(sendPacket); sendToPacketLogger(recvPacket);  That's it. You can do whatever you want with it. Have fun. Helpful Snippets:  Spoiler Python "GetPacketLoggerPorts" Snippet by [Only registered and activated users can see links. Click Here To Register...] Post: [Only registered and activated users can see links. Click Here To Register...]  Spoiler Code: from typing import List from psutil import process_iter, AccessDenied, Process def get_processes(substring: str) -> List[Process]: processes = [] for process in process_iter(): try: if substring in process.name(): processes.append(process) except AccessDenied as err: pass return processes def get_nostale_packet_logger_ports() -> List[int]: processes = get_processes("NostaleClientX.exe") ports = [] for process in processes: for connection in process.connections(): if connection.laddr and connection.laddr.ip == "127.0.0.1": ports.append(connection.laddr.port) return ports Useful Python Functions for Memory Editing/PacketLogger Helper-Functions by [Only registered and activated users can see links. Click Here To Register...] Post: [Only registered and activated users can see links. Click Here To Register...] Github Repository: [Only registered and activated users can see links. Click Here To Register...] TCP Feature applications:  Spoiler DPS Counter by [Only registered and activated users can see links. Click Here To Register...] Link to thread: [Only registered and activated users can see links. Click Here To Register...] Fish bot by [Only registered and activated users can see links. Click Here To Register...] Thread: [Only registered and activated users can see links. Click Here To Register...] Github Repo: [Only registered and activated users can see links. Click Here To Register...] Put every file from "PacketLogger" folder in the archive into the NosTale folder! You just need to inject the "PacketLogger.dll" nothing else! When u get errors during inject try to download: - [Only registered and activated users can see links. Click Here To Register...] - [Only registered and activated users can see links. Click Here To Register...] (Scroll down) Ty to [Only registered and activated users can see links. Click Here To Register...] for the picture [Only registered and activated users can see links. Click Here To Register...] Downloads in attachment and that's it. Have fun with it :). Updates:  Spoiler 12.04.2022: - Fixed pattern of recv function - Fixed encoding 08.04.2022: - Fixed special characters (Thanks to: Hatz~ :> [Only registered and activated users can see links. Click Here To Register...]) 14.02.2020: (Downloads 1751) - Added TCP Server to communicate with NosTale over Packetlogger 18.04.2019: (Downloads: 295) - Fixed patterns for Vendetta 05.03.2019: (Downloads: 1621) - Fixed bot for Vendetta 16.07.2017: - Now you can mark selected packets - You can activate/deactivate filter's. 18.07.2017 - Little bug fix 08.08.2018 - Fixed the pointers/patterns Here is the Virustotal: [Only registered and activated users can see links. Click Here To Register...] GitLab Repo: [Only registered and activated users can see links. Click Here To Register...] I've used QT(just google it) and PolyHook 2.0([Only registered and activated users can see links. Click Here To Register...]). I won't help you to set up the project, do it by yourself.

Quote:

Originally Posted by KanimaNT probably stupid question but did anyone try to inject it into DynZen server? it seems crashing for me

Quote:

Originally Posted by Limoo It doesn't (crash) or at least a few weeks ago you could inject it

	// Recv & Hook
	{
		const byte abSignature[] = { 0x55, 0x8B, 0xEC, 0x83, 0xC4, 0xF0, 0x53, 0x56, 0x57, 0x33, 0xC9, 0x89, 0x4D, 0xF4, 0x89, 0x4D, 0xF0, 0x89, 0x55, 0xFC, 0x8B, 0xD8, 0x8B, 0x45, 0xFC };
		const char *szMask = "xxxxx?xxxxxxx?xx?xx?xxxx?";
		ReadPattern(EAddress::ARecvHook, abSignature, szMask);

		s_mapAddress[EAddress::ARecvPacket] = s_mapAddress[EAddress::ARecvHook];
	}

	// Send & Hook
	{
		// Official
		const byte abSignature[] = { 0x53, 0x56, 0x8B, 0xF2, 0x8B, 0xD8, 0xEB, 0x04, 0xEB, 0x05, 0x39, 0x19, 0x8B, 0xD6, 0x8B, 0xC3, 0xE8, 0xFF, 0xFF, 0xFF, 0xFF, 0x84, 0xC0, 0x74, 0x1A };
		const char *szMask = "xxxxxxxxxxxxxxxxx????xxxx";
		
		ReadPattern(EAddress::ASendHook, abSignature, szMask);
		
		s_mapAddress[EAddress::ASendPacket] = s_mapAddress[EAddress::ASendHook];
	}

	// Send & Hook Vendetta
	if (!s_mapAddress[EAddress::ASendHook]) {
		const byte abSignature[] = { 0x53, 0x56, 0x57, 0x8B, 0xFA, 0x8B, 0xF0, 0xB3, 0x01, 0xEB, 0x04, 0xEB, 0x05 };
		const char* szMask = "xxxxxxxxxx?x?";
		ReadPattern(EAddress::ASendHook, abSignature, szMask);

		s_mapAddress[EAddress::ASendPacket] = s_mapAddress[EAddress::ASendHook];
	}

	// Packet Class Pointer
	{
		const byte abSignature[] = { 0xA1, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x00, 0x80, 0x78, 0x60, 0x00, 0x74, 0x1B, 0x84, 0xDB };
		const char *szMask = "x????xxxxxxxxxx";
		ReadPattern(EAddress::APacketClassPointer, abSignature, szMask, 1);
	}

Quote:

Originally Posted by KanimaNT DynZen uses different client version. That's why patterns should be changed (same as for vendetta few years ago). Code: // Recv & Hook { const byte abSignature[] = { 0x55, 0x8B, 0xEC, 0x83, 0xC4, 0xF0, 0x53, 0x56, 0x57, 0x33, 0xC9, 0x89, 0x4D, 0xF4, 0x89, 0x4D, 0xF0, 0x89, 0x55, 0xFC, 0x8B, 0xD8, 0x8B, 0x45, 0xFC }; const char *szMask = "xxxxx?xxxxxxx?xx?xx?xxxx?"; ReadPattern(EAddress::ARecvHook, abSignature, szMask); s_mapAddress[EAddress::ARecvPacket] = s_mapAddress[EAddress::ARecvHook]; } // Send & Hook { // Official const byte abSignature[] = { 0x53, 0x56, 0x8B, 0xF2, 0x8B, 0xD8, 0xEB, 0x04, 0xEB, 0x05, 0x39, 0x19, 0x8B, 0xD6, 0x8B, 0xC3, 0xE8, 0xFF, 0xFF, 0xFF, 0xFF, 0x84, 0xC0, 0x74, 0x1A }; const char *szMask = "xxxxxxxxxxxxxxxxx????xxxx"; ReadPattern(EAddress::ASendHook, abSignature, szMask); s_mapAddress[EAddress::ASendPacket] = s_mapAddress[EAddress::ASendHook]; } // Send & Hook Vendetta if (!s_mapAddress[EAddress::ASendHook]) { const byte abSignature[] = { 0x53, 0x56, 0x57, 0x8B, 0xFA, 0x8B, 0xF0, 0xB3, 0x01, 0xEB, 0x04, 0xEB, 0x05 }; const char* szMask = "xxxxxxxxxx?x?"; ReadPattern(EAddress::ASendHook, abSignature, szMask); s_mapAddress[EAddress::ASendPacket] = s_mapAddress[EAddress::ASendHook]; } // Packet Class Pointer { const byte abSignature[] = { 0xA1, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x00, 0x80, 0x78, 0x60, 0x00, 0x74, 0x1B, 0x84, 0xDB }; const char *szMask = "x????xxxxxxxxxx"; ReadPattern(EAddress::APacketClassPointer, abSignature, szMask, 1); } I've been trying to find correct patterns..but to be fair I have no idea what I was doing. All kind of reverse eng stuff is pure black magic for me. Maybe someone will be able to find correct patterns and then push a suggestion to creator.

Quote:

Originally Posted by PvePowa When i inject the PacketLogger.dll, the game crash. I've got the text :: 'Dll injected', and then the app shut down. Any one had the same issue in the past?

Quote:

Originally Posted by FI0w @[Only registered and activated users can see links. Click Here To Register...] Could you add some kind of recv catch so that the client dont crash if too less arguments?(simple asm catch should reach)

Quote:

Originally Posted by XxmimoixX Hello, Someone have tp packet ? I try a lot of tp packet on send but it doesnt work example : n_run 26 0 1 ID

Quote:

Originally Posted by XxmimoixX I make a program based on this packet logger few years ago and make many tp button like go in nosville/act4/5/6/7 so yes we can (2 years ago it's worked). I dont speak about tp like random pos i know it's not possible, i speak about the warp tp method, i think it's fixed now. Example of packet for tp i use : [Only registered and activated users can see links. Click Here To Register...]

Quote:

Originally Posted by Limoo You can still use n_run tp but you need an NPC. For example n_run 16 1 2 2777 (2777 is a big lettuce in nosville meadows) You need to stay in range. (5 cells max)

Quote:

Originally Posted by BladeTiger12 Hello Elitepvpers, today I release my new PacketLogger for NosTale. I thought to create a new one, because Doktor.'s one doesn't really work well and Elektrochemie's one do not save the filters. (Annoying :D) There are not much functions, but I hope it will be usefull for some people. Btw: Mouse over a Packet u will see the full. Here are some Pictures: Gallery TCP Feature (for developers)  Spoiler Explanation  Spoiler You can use every programming language that supports the TCP protocol! [Only registered and activated users can see links. Click Here To Register...] - A TCP Server in the PacketLogger to communicate with the Client (proxy-like). - For IP:Port look in titlebar of the PacketLogger. [Only registered and activated users can see links. Click Here To Register...] Actually pretty easy to use. You can connect as much clients as you want to this server. I also uploaded in the archive some example AutoIt scripts. Maybe it's useful for someone. So first of all: All packets have the same format as NosTale (Space splitted) The first item is a number: 0 for receive, 1 for send Packet. E.g.: PHP Code: packet = receiveFromPacketLogger(); splitted = split(packet, ' '); type = splitted[0]; header = splitted[1]; if type == 0 then "RECEIVE PACKET" if type == 1 then "SEND PACKET"  Same is for sending back to PacketLogger: PHP Code: sendPacket = "1 walk 22 33 1"; <- 1 is for send recvPacket = "0 gold 2329392"; <- 0 is for recv sendToPacketLogger(sendPacket); sendToPacketLogger(recvPacket);  That's it. You can do whatever you want with it. Have fun. Helpful Snippets:  Spoiler Python "GetPacketLoggerPorts" Snippet by [Only registered and activated users can see links. Click Here To Register...] Post: [Only registered and activated users can see links. Click Here To Register...]  Spoiler Code: from typing import List from psutil import process_iter, AccessDenied, Process def get_processes(substring: str) -> List[Process]: processes = [] for process in process_iter(): try: if substring in process.name(): processes.append(process) except AccessDenied as err: pass return processes def get_nostale_packet_logger_ports() -> List[int]: processes = get_processes("NostaleClientX.exe") ports = [] for process in processes: for connection in process.connections(): if connection.laddr and connection.laddr.ip == "127.0.0.1": ports.append(connection.laddr.port) return ports Useful Python Functions for Memory Editing/PacketLogger Helper-Functions by [Only registered and activated users can see links. Click Here To Register...] Post: [Only registered and activated users can see links. Click Here To Register...] Github Repository: [Only registered and activated users can see links. Click Here To Register...] TCP Feature applications:  Spoiler DPS Counter by [Only registered and activated users can see links. Click Here To Register...] Link to thread: [Only registered and activated users can see links. Click Here To Register...] Fish bot by [Only registered and activated users can see links. Click Here To Register...] Thread: [Only registered and activated users can see links. Click Here To Register...] Github Repo: [Only registered and activated users can see links. Click Here To Register...] Put every file from "PacketLogger" folder in the archive into the NosTale folder! You just need to inject the "PacketLogger.dll" nothing else! When u get errors during inject try to download: - [Only registered and activated users can see links. Click Here To Register...] - [Only registered and activated users can see links. Click Here To Register...] (Scroll down) Ty to [Only registered and activated users can see links. Click Here To Register...] for the picture [Only registered and activated users can see links. Click Here To Register...] Downloads in attachment and that's it. Have fun with it :). Updates:  Spoiler 12.04.2022: - Fixed pattern of recv function - Fixed encoding 08.04.2022: - Fixed special characters (Thanks to: Hatz~ :> [Only registered and activated users can see links. Click Here To Register...]) 14.02.2020: (Downloads 1751) - Added TCP Server to communicate with NosTale over Packetlogger 18.04.2019: (Downloads: 295) - Fixed patterns for Vendetta 05.03.2019: (Downloads: 1621) - Fixed bot for Vendetta 16.07.2017: - Now you can mark selected packets - You can activate/deactivate filter's. 18.07.2017 - Little bug fix 08.08.2018 - Fixed the pointers/patterns Here is the Virustotal: [Only registered and activated users can see links. Click Here To Register...] GitLab Repo: [Only registered and activated users can see links. Click Here To Register...] I've used QT(just google it) and PolyHook 2.0([Only registered and activated users can see links. Click Here To Register...]). I won't help you to set up the project, do it by yourself.