[Reversed] PlayerLog-Function

06/23/2012 16:47 irrenhaus#1
Hey,
I've found a nice function:

Call at: 5A5120:239
Code:
int __cdecl CreatePlayerLog(void *Log)
{
  char **LoginID; // eax@1
  _UNKNOWN *UnknownVariable; // eax@1
  int *CharID; // eax@3
  int LogStringINT; // edi@5
  _UNKNOWN *UnknownVAR; // eax@7
  int TargetMinusSixteen; // eax@9
  int _EDX; // edx@9
  signed int _ECX; // ecx@9
  int _ECX; // ecx@9
  int result; // eax@11
  int _ECX; // ecx@11
  signed int _EDX; // edx@11
  int _EDX; // edx@11
  const void *LogString; // [sp+18h] [bp-24h]@1
  int TargetType; // [sp+1Ch] [bp-20h]@7
  float posY; // [sp+20h] [bp-1Ch]@5
  float posX; // [sp+24h] [bp-18h]@5
  int MapID; // [sp+28h] [bp-14h]@5
  int TargetID; // [sp+2Ch] [bp-10h]@7
  int IntegerMinusOne; // [sp+34h] [bp-8h]@11
  int LOBYTEVar; // [sp+38h] [bp-4h]@1

  UnknownVariable = UnknownSub();
  LogString = (const void *)((*(int (__thiscall **)(_UNKNOWN *))(*(_DWORD *)UnknownVariable + 12))(UnknownVariable) + 16);
  LOBYTEVar = 0;
  WriteLog(Log, "====================================\n", 37u);
  WriteLog(Log, "Player Info\n", 12u);
  WriteLog(Log, "------------------------------------\n", 37u);// // Arguments: arg1 => Text to Write; arg2 => Text Length ( \n => 1 )
  LoginID = (char **)dword_6F5C88;
  if ( (unsigned int)dword_6F5C9C < 16 )
    LoginID = &dword_6F5C88;
  SPRINTF_CPP(&LogString, "Login ID: %s\n", LoginID);
  WriteLog(Log, LogString, *((_DWORD *)LogString - 3));
  CharID = (int *)dword_6F5CA4;
  if ( (unsigned int)dword_6F5CB8 < 16 )
    CharID = &dword_6F5CA4;
  SPRINTF_CPP(&LogString, "Character ID: %s\n", CharID);
  LogStringINT = (int)LogString;
  WriteLog(Log, LogString, *((_DWORD *)LogString - 3));
  if ( (unsigned __int8)GetMapData(&MapID, &posX, &posY) )
  {
    SPRINTF_CPP(&LogString, "Position: Map=%d, X=%.2f, Z=%.2f\n", MapID, posX, posY);
    LogStringINT = (int)LogString;
    WriteLog(Log, LogString, *((_DWORD *)LogString - 3));
  }
  UnknownVAR = UnknownSub();
  TargetType = (*(int (__thiscall **)(_UNKNOWN *))(*(_DWORD *)UnknownVAR + 12))(UnknownVAR) + 16;
  LOBYTE(LOBYTEVar) = 1;
  if ( (unsigned __int8)GetTarget(&TargetType, &TargetID) )
  {
    SPRINTF_CPP(&LogString, "Target: Type=%s, ID=%u\n", TargetType, TargetID);
    LogStringINT = (int)LogString;
    WriteLog(Log, LogString, *((_DWORD *)LogString - 3));
  }
  WriteLog(Log, L"\n", 1u);
  TargetMinusSixteen = TargetType - 16;
  LOBYTE(LOBYTEVar) = 0;
  _EDX = TargetType - 16 + 12;
  _ECX = -1;
  __asm { lock xadd [edx], ecx }
  if ( _ECX - 1 <= 0 )
    (*(void (__cdecl **)(int))(**(_DWORD **)TargetMinusSixteen + 4))(TargetMinusSixteen);
  result = LogStringINT - 16;
  IntegerMinusOne = -1;
  _ECX = LogStringINT - 16 + 12;
  _EDX = -1;
  __asm { lock xadd [ecx], edx }
  if ( _EDX - 1 <= 0 )
    result = (*(int (__cdecl **)(int))(**(_DWORD **)result + 4))(result);
  return result;
}
It Writes an PlayerLog

a Log could look like this:
Quote:
====================================
Player Info
------------------------------------
Login ID: [LoginID Here]
Character ID: [CharacterID Here]
Position: Map=[MapID Here], X=[XPos Here],Z=[ZPos here]
Target: Type=[TargetType Here], ID=[TargetID Here]
To the Functions:

SPRINTF_CPP => Is just the sprintf Function.

WriteLog:
Code:
// The WriteLog Function adds an Line to the Log //
// lText => The Text that should be written
// lLength => The Length of the Text ('\n' is a break-line and is counted as 1 char
WriteLog(char* lText,DWORD lLength);
GetMapData:
Code:
// The GetMapData Function returns the current Position of the Player and the Map ID //
//there are 3 integer Pointers which gets filled in the Function
// the double Parameter is the PlayerID
GetMapData(double PlayerID,int* mdID,int* mdX,int* mdY);
GetTargetType:
Code:
// The GetTargetType Function returns the Selected Target Type and ID //
// Both Parameters are Pointers which gets filled with the Information //
GetTargetType(int* tType,int* tID);
Now onto the Main thing you can do with it:
1. Hook it and return the given Values
2. Put a CodeCave to get the Logs

i prefer the second one but you have to figure out how it works a Tipp:
LoginID-Log is saved in the EAX register
CharacterID-Log is saved in the EDI register
Position-Log is saved in the EDI register
Target-Log is saved in the EDI register

You can also edit the LogText and send wrong Data :rolleyes:
But saving them is more funny because then you can do
pretty awesome things with it!

have fun with reversing.

CAS!
06/23/2012 17:35 Arcles#2
Warte wofuer is das gut? xD
06/23/2012 17:47 ReTuRnD'#3
How He Work?
And for what he is good?

Wie geht das ? also was kann man damit machen
06/23/2012 17:55 BadGamer78#4
Can we conect us in any acount ? =D
06/23/2012 18:12 irrenhaus#5
Damit könnt ihr eure PlayerID,CharacterID auslesen genauso wie die MapID eure Positionen
und das was ihr selektiert.
06/23/2012 18:13 AnghelescuG#6
I think gm's can see that log. I'm a little afraid now to use teleport and even, *dah* do anything because we are spied :))
06/23/2012 20:18 irrenhaus#7
Quote:
Originally Posted by AnghelescuG View Post
I think gm's can see that log. I'm a little afraid now to use teleport and even, *dah* do anything because we are spied :))
You can remove that Function and no logs will be written ;) Address for it is in my first Post!
06/27/2012 20:50 SilverAngel(CZ)#8
Nice reversing work man, thanks.