I'm having a bit weird problem with that. I've managed to hook recv function directly in winsock dll and i can sniff the data being exchanged between client and server. I guess that they are encrypted because i didn't hook recv in engine exactly but in dll.
In main thread:
OurRecv func:
This works and i'm getting sniffed data but only for a while. After minute or so it just stops receiving data. My guess was that maybe it somehow maganed to unhook function so i was checking if some func addresses changed but it wasn't it. Trying to hook again also doesn't work. The wird think is that hook on send function seems to be working all the time.
So is the game using some alternative function to recv data? Even that i know asm i don't know how to use olly so it can be useful. Tried to set a bp on loadlibrary in engine so i can look when ehsvc.dll is loaded or doing the same with recv but i guess i was doing something wrong because i failed ;)
Any idea how to solve the problem?
In main thread:
Code:
RealRecv = (RecvPtr)GetProcAddress(GetModuleHandle(L"ws2_32.dll"), "recv"); RealRecv = (RecvPtr)Detour((BYTE*)RealRecv, (BYTE*)&OurRecv, 5);
Code:
INT WINAPI OurRecv(SOCKET sock, CHAR* buf, INT len, INT flags)
{
cout << "Received: ";
for(int i=0;i<strlen(buf);i++)
cout << hex << static_cast<WORD>(buf[i]) << ' ';
cout << '\n';
return RealRecv(sock, buf, len, flags);
}
So is the game using some alternative function to recv data? Even that i know asm i don't know how to use olly so it can be useful. Tried to set a bp on loadlibrary in engine so i can look when ehsvc.dll is loaded or doing the same with recv but i guess i was doing something wrong because i failed ;)
Any idea how to solve the problem?