GW2 Memory Thread

Page 8 of 10

01/14/2013 21:46 buFFy!#106

Quote:

Originally Posted by hans2116

Wie kann man so ein Packetsend Funktion finden??
Vielleicht mit Wireshark oder ollydbg??

OllyDBG w�re ein Anfang ;)

01/14/2013 21:52 TheDarkShadows#107

Quote:

Originally Posted by buFFy!

OllyDBG w�re ein Anfang ;)

Danke
Kennst du ein Paar gute OllyDBG Tutorial ??

01/14/2013 21:58 buFFy!#108

Lenas Reversing for Newbies. Einfach mal googlen.

02/05/2013 19:48 sgt.pootis#109

Hey all. I know this is a rather old thread but IDK where else to post so whatever. I'm having some issues detour the packet funcion, here's the code. Note I'm using Sinners DetourXS.

I'm not familiar with fastcall hooks, so any help would be nice! Thanks.

Code:

/*
void __fastcall sub_A82A50(int a1, int a2, signed int a3)

call example
.text:00C37B8E                 mov     edx, 0Ah
.text:00C37B93                 mov     ecx, eax
.text:00C37B95                 call    sub_A82A50
*/

typedef VOID (__thiscall *tPacketEncrypt)(VOID* pThis, int bufferSize, VOID* pBuffer, VOID* pTargetBuffer);
tPacketEncrypt oPacketEncrypt;
VOID __fastcall m_PacketEncrypt(VOID* pThis, VOID* Unused, int bufferSize, VOID* pBuffer, VOID* pTargetBuffer)
{
	// note EDX, ECX, *
	// use inline asm ???
	return oPacketEncrypt( pThis, bufferSize, pBuffer, pTargetBuffer );
}

void init_hooks()
{
	// todo: sig scans
	oPacketEncrypt = (tPacketEncrypt)DetourCreate( (void*)0x00A82A50, m_PacketEncrypt, DETOUR_TYPE_JMP, 0x5 );
}

This code crashes almost instantly and brings up the send report dialog.

02/05/2013 23:13 Deathsnacks#110

Quote:

Originally Posted by sgt.pootis

This code crashes almost instantly and brings up the send report dialog.

Because that isn't the EncryptPacket function. Thats the PutPacketQueue function.

02/06/2013 01:48 urmomslover#111

w�re sch��n wenn man irgednwie die offsets auch vom andernen porter mal posten k�nnte.

02/06/2013 02:05 sgt.pootis#112

Quote:

Originally Posted by Deathsnacks

Because that isn't the EncryptPacket function. Thats the PutPacketQueue function.

[facepalm] Well no shit. [/facepalm]

This is what happens when you code when sleepys as hell. Oh well. Lmfao

02/07/2013 05:14 sgt.pootis#113

What are the parameters for the function? IDK what the first param is, and I believe the second parameter is a buffer length, and the 3rd parameter is a pointer to the buffer. Is that correct?

02/07/2013 06:58 Ext3h#114

Code:

typedef VOID (__thiscall *tPacketEncrypt)(VOID* pThis, int bufferSize, VOID* pBuffer, VOID* pTargetBuffer);

It's a __thiscall, this means that the first parameter is always a pointer to an object of the class this function belongs to. You were right about the second parameter, thats the size of the buffer in bytes. Third parameter is source buffer. Forth Parameter is named wrong, it's not the destination where the encrypted buffer is written to, but rather a pointer to additional data which will be packed in the package (e.g. pointer to null terminated string for chat messages). The destination is not passed a as parameter.

02/07/2013 07:12 sgt.pootis#115

I see. I figured that much out with google (the "this" pointer that is). What about the PutPacketQueue() function params? Same story?

Code:

typedef void (__fastcall *tPutPacketQueue)( void *pThis, int buffsz, void *pBuff );

02/07/2013 10:55 Deathsnacks#116

Quote:
Originally Posted by sgt.pootis
I see. I figured that much out with google (the "this" pointer that is). What about the PutPacketQueue() function params? Same story?
Code:
typedef void (__fastcall *tPutPacketQueue)( void *pThis, int buffsz, void *pBuff );

Yup.

02/10/2013 15:56 sgt.pootis#117

Can anyone post some up-to-date classes/structures, or some somewhat outdated ones for me to reclass?

Thanks.

09/28/2013 18:03 The Annihilator#118

Well guys a little question for all of you before I'm starting to crash GW2 with a custom DLL for myself:

Are any kind of Anti-Cheat messures in GW2 and it's Launcher implemented? Like scanning for detours or invalid/modified packets/memoryregions and/or do they sent that information with their crashreports?

I've read that claim from MMOMinion that they might at least send some senstive information regarding that in their crashreport and even have a serverside parser for it filtering out any modifications and do autobans. Thats why I'm might be looking into hooking into it first before starting with anything more specific.

Or is that just a false claim, trying to stop people from injecting their dlls with another launcher (really sounds like it as its theoretically so easy to get around that kind of claimed crashreport-detection)?

09/28/2013 19:39 Rhubarb.Trader#119

There is no client side anticheat in gw2. I wouldn't send crash reports just on the rare principal it might be looked at by someone. The only anticheat is server side pattern detection for instance if you sit in one spot for hours with a macro hitting button 1 to kill mobs. They also have a few checks on packets most interesting of which has to do with heartbeat/movement hence the distance bans for teleport hacking. I would try to avoid sending malformed/incorrect values in packets as well.

10/09/2013 10:48 xoraxax#120

Does anyone know how the environment informarion is stored - i mean players, mobs, loot etc which are available on the map around the player (Is it arrays or kinda hashtables or anything else?). And a tip how to find it would be very helpfull too.

Page 8 of 10

« First