(Asm) Send Packet Nostale

Page 1 of 3 1 23
04/25/2014 15:59 reload!#1
Hello guys :D i'd like to send a packet with function Assembly's call(C++),but i don't know the function of Assembly... How to send a packet with Call in C++ ? Can you teach me this? Sorry for my bad english D:
Thank you :D
04/26/2014 15:06 Kingrap#2
You don't know C++, you don't know ASM and you don't know how to reverse.. How you want work on it ? go to study the basic stuffs and after come here that we will help you.. but not 'please give me the code that i do copy and paste' ._.
04/26/2014 17:08 ernilos#3
With the code posted by Doktor. [Only registered and activated users can see links. Click Here To Register...]. You should be able to look how packets are sended/received and reverse it, getting the functions "in air" (cheatEngine debugger) with searching the patterns.
04/26/2014 19:37 return!#4
Thanks for reply ernilos :)
04/27/2014 22:55 return!#5
This is a Doctor's code for packetlogger :
#include <windows.h>
#include <stdio.h>

bool DetourFunc( BYTE* oldFunc, BYTE* newFunc, DWORD len )
{
BYTE* newMem4base = NULL;
DWORD dwOld;

newMem4base = ( BYTE* )malloc( 5+len );

if( newMem4base == NULL )
return false;

for( DWORD i = 0; i < ( len+5 ); i++ )
newMem4base[i] = 0x90;

VirtualProtect( oldFunc, len, PAGE_READWRITE, &dwOld );

memcpy( newMem4base, oldFunc, len );
oldFunc[0] = 0xE8;
*( DWORD* )( oldFunc+0x01 ) = DWORD( newFunc-oldFunc-5 );
oldFunc[5] = 0xE9;
*( DWORD* )( oldFunc+0x06 ) = DWORD( newMem4base-( oldFunc+0x5 )-5 );
newMem4base += len;
newMem4base[0] = 0xE9;
*( DWORD* )( newMem4base+0x01 ) = DWORD( ( oldFunc+10 )-newMem4base-5 );

for( DWORD i = 10; i <len; i++ )
oldFunc[i] = 0x90;

return true;
}
bool bDataCompare(const unsigned char *pData, const unsigned char *bMask, const char *szMask)
{
for(; *szMask; ++szMask, ++pData, ++bMask)
if(*szMask == 'x' && *pData != *bMask )
return false;
return (*szMask) == 0;
}
DWORD dwFindPattern(BYTE *bMask, char *szMask)
{
DWORD dw_Address = 0x00400000;
DWORD dw_Len = 0x00436000;

for(DWORD i = 0; i < dw_Len; i++)
if(bDataCompare((unsigned char*) (dw_Address + i), bMask, szMask) )
return (DWORD) (dw_Address + i);
return 0;
}


void hkSend()
{
char* packet;
_asm
{
pushad
pushfd
MOV packet,EDX
}
printf("Send: %s\n",packet);
_asm
{
popfd
popad
}
}
void hkRecv()
{
char* packet;

_asm
{
pushad
pushfd
MOV packet,EDX
}
printf("Recv: %s\n",packet);
_asm
{
popfd
popad
}
}


DWORD WINAPI tThread(LPVOID param)
{
AllocConsole();
freopen("CONIN$", "r", stdin);
freopen("CONOUT$", "w", stdout);
freopen("CONOUT$", "w", stderr);

/* Send */
BYTE s_bPatter[] = {0x53,0x56,0x8B,0xF2,0x8B,0xD8,0xEB,0x04};
char *s_cPatter = "xxxxxxxx";
DWORD dSend = dwFindPattern(s_bPatter,s_cPatter);
/* Recv */
BYTE r_bPatter[] = {0x55,0x8B,0xEC,0x83,0xC4,0xF4,0x53,0x56,0x57,0x33 ,0xC9,0x89,0x4D,0xF4,0x89,0x55,0xFC,0x8B,0xD8,0x8B ,0x45,0xFC};
char *r_cPatter = "xxxxxxxxxxxxxxxxxxxxxx";
DWORD dRecv = dwFindPattern(r_bPatter,r_cPatter);

DetourFunc( ( BYTE* )dSend, ( BYTE* )&hkSend, 14 );
DetourFunc( ( BYTE* )dRecv, ( BYTE* )&hkRecv, 11 );
return 0x0;
}

BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
CreateThread(nullptr, 0, tThread, nullptr, 0, nullptr);
DisableThreadLibraryCalls(hModule);
break;
}
return TRUE;
}
But i have a problem with function malloc in project Visual studio for .dll
Can you help me?
04/27/2014 23:01 ernilos#6
You may try with calloc if malloc are failing, anyway just with this code you should be okay.
Code:
#include <windows.h>
#include <stdio.h>
bool bDataCompare(const unsigned char *pData, const unsigned char *bMask, const char *szMask)
{
for(; *szMask; ++szMask, ++pData, ++bMask)
if(*szMask == 'x' && *pData != *bMask )
return false;
return (*szMask) == 0;
}
DWORD dwFindPattern(BYTE *bMask, char *szMask)
{
DWORD dw_Address =	0x00400000;
DWORD dw_Len =	0x00436000;

for(DWORD i = 0; i < dw_Len; i++)
if(bDataCompare((unsigned char*) (dw_Address + i), bMask, szMask) )
return (DWORD) (dw_Address + i);
return 0;
}
DWORD WINAPI tThread(LPVOID param)
{
AllocConsole();
freopen("CONIN$", "r", stdin);
freopen("CONOUT$", "w", stdout);
freopen("CONOUT$", "w", stderr);

/* Send */
BYTE s_bPatter[] = {0x53,0x56,0x8B,0xF2,0x8B,0xD8,0xEB,0x04};
char *s_cPatter = "xxxxxxxx";
DWORD dSend = dwFindPattern(s_bPatter,s_cPatter);
/* Recv */
BYTE r_bPatter[] = {0x55,0x8B,0xEC,0x83,0xC4,0xF4,0x53,0x56,0x57,0x33 ,0xC9,0x89,0x4D,0xF4,0x89,0x55,0xFC,0x8B,0xD8,0x8B ,0x45,0xFC};
char *r_cPatter = "xxxxxxxxxxxxxxxxxxxxxx";
DWORD dRecv = dwFindPattern(r_bPatter,r_cPatter);
//Write dRecv and dSend for get the address
return 0x0;
}

BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
CreateThread(nullptr, 0, tThread, nullptr, 0, nullptr);
DisableThreadLibraryCalls(hModule);
break;
}
return TRUE;
}
04/28/2014 14:52 Kingrap#7
Quote:
Originally Posted by ernilos View Post
You may try with calloc if malloc are failing, anyway just with this code you should be okay.
Code:
#include <windows.h>
#include <stdio.h>
bool bDataCompare(const unsigned char *pData, const unsigned char *bMask, const char *szMask)
{
for(; *szMask; ++szMask, ++pData, ++bMask)
if(*szMask == 'x' && *pData != *bMask )
return false;
return (*szMask) == 0;
}
DWORD dwFindPattern(BYTE *bMask, char *szMask)
{
DWORD dw_Address =	0x00400000;
DWORD dw_Len =	0x00436000;

for(DWORD i = 0; i < dw_Len; i++)
if(bDataCompare((unsigned char*) (dw_Address + i), bMask, szMask) )
return (DWORD) (dw_Address + i);
return 0;
}
DWORD WINAPI tThread(LPVOID param)
{
AllocConsole();
freopen("CONIN$", "r", stdin);
freopen("CONOUT$", "w", stdout);
freopen("CONOUT$", "w", stderr);

/* Send */
BYTE s_bPatter[] = {0x53,0x56,0x8B,0xF2,0x8B,0xD8,0xEB,0x04};
char *s_cPatter = "xxxxxxxx";
DWORD dSend = dwFindPattern(s_bPatter,s_cPatter);
/* Recv */
BYTE r_bPatter[] = {0x55,0x8B,0xEC,0x83,0xC4,0xF4,0x53,0x56,0x57,0x33 ,0xC9,0x89,0x4D,0xF4,0x89,0x55,0xFC,0x8B,0xD8,0x8B ,0x45,0xFC};
char *r_cPatter = "xxxxxxxxxxxxxxxxxxxxxx";
DWORD dRecv = dwFindPattern(r_bPatter,r_cPatter);
//Write dRecv and dSend for get the address
return 0x0;
}

BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
CreateThread(nullptr, 0, tThread, nullptr, 0, nullptr);
DisableThreadLibraryCalls(hModule);
break;
}
return TRUE;
}
Him don't know C++, it's useless.. :)
04/28/2014 18:09 return!#8
Nice Code :)
04/28/2014 19:42 Kingrap#9
Quote:
Originally Posted by return! View Post
Nice Code :)
Im "goodbye !"
Him is "e.e"

[14.59.09] goodbye !: appena lo aggiornano ( il 5 del messe prosismo )
[14.59.13] goodbye !: voglio vedere come farai :)
[14.59.30] e.e: Ma per sto mese lo ho *o*
[14.59.41] goodbye !: wow hai scopiazzato sul web
[14.59.43] goodbye !: sei forte !
[14.59.50] e.e: Beh
[14.59.54] e.e: ti fa sentire importante
[14.59.54] e.e: lol
[15.00.01] goodbye !: se lo dici tu

Wow you are strong, you copied the code without know what it do ! *0*

[14.55.49] e.e: e xk cazzo da un problema fropen nel progetto epr dll? xD
[14.56.12] goodbye !: studia e smettila di copiare il codice in giro
[14.56.38] e.e: Asd

If you want do something, okay.. we will help you but first go to study.
05/09/2014 22:35 reload!#10
Ok,ernilos i try with this :
PHP Code:
#include <Windows.h>
#include <stdio.h>
#include <string>
bool bDataCompare(const unsigned char *pData, const unsigned char *bMask, const char *szMask)
{
for(; *szMask; ++szMask, ++pData, ++bMask)
if(*szMask == 'x' && *pData != *bMask )
return false;
return (*szMask) == 0;
}
DWORD dwFindPattern(BYTE *bMaskchar *szMask)
{
DWORD dw_Address =    0x00400000;
DWORD dw_Len =     0x00436000;

for(DWORD i 0dw_Leni++)
if(bDataCompare((unsigned char*) (dw_Address i), bMaskszMask) )
return (DWORD) (dw_Address i);
return 0;
}
class __string
{
private:
 std::size_t length;
 char packet[256];
public:
 __string(char *_Packet)
 {
  length strlen(_Packet);
  memcpy(packet_Packetlength);
  packet[length] = 0;
 }
 
 char *p_char()
 {
  return packet;
 }

 unsigned long size()
 {
  return length;
 }
};
void SEND(unsigned long ADDR,char *packet)
{
    ADDR 0x0051ED8C;
    __asm
    {
        MOV EAXDWORD PTR DS:[0x66C0AC]
        MOV EAXDWORD PTR DS:[EAX]
        MOV EAXDWORD PTR DS:[EAX]
        MOV EDXpacket
        CALL ADDR
    }
}
BOOL APIENTRY DllMain(HMODULE hModuleDWORD ul_reason_for_callLPVOID lpReserved)
{
    BYTE s_bPatter[] = {0x53,0x56,0x8B,0xF2,0x8B,0xD8,0xEB,0x04};
    char *s_cPatter "xxxxxxxx";
    DWORD dSend dwFindPattern(s_bPatter,s_cPatter);
    __string s_Packet "packet";
    SEND(dSends_Packet.p_char());

But i've a problem, if i want to see in the send packet of PacketLogger if the packet was send and the packet was send, but when i send a packet, nostale crash for a few second and when nostale function, packet not show Can you help me? And sorry for bad english
05/09/2014 22:51 Kingrap#11
It still crash because you don't know how it work.. Useless that you continue to leech, you can't continue without study..

Italian version ( him is )

Ti crasha perché ti limiti a lavorare su un qualcosa di cui non conosci un emerita ceppa, smettila di copiare il codice altrui, non puoi pensare di continuare senza metterti sotto con lo studio..
05/09/2014 23:06 ernilos#12
Quote:
Originally Posted by Kingrap View Post
It still crash because you don't know how it work.. Useless that you continue to leech, you can't continue without study..

Italian version ( him is )

Ti crasha perché ti limiti a lavorare su un qualcosa di cui non conosci un emerita ceppa, smettila di copiare il codice altrui, non puoi pensare di continuare senza metterti sotto con lo studio..
¿Why everyone here need's study? lol

I think it get "freeze" cause you're hooking the function ingame, but you created the func in the DLL, you should try in p.server and logging every packet
05/09/2014 23:21 Kingrap#13
Quote:
Originally Posted by ernilos View Post
¿Why everyone here need's study? lol

I think it get "freeze" cause you're hooking the function ingame, but you created the func in the DLL, you should try in p.server and logging every packet
I think it crash for a memory problem.. Him need to reverse with a debugger, look what make the crash and solve it but if you continue to give him the solution him will not study..

¿Why everyone here need's study? because they can't depend by us for all the life.
05/10/2014 00:05 Doktor.#14
Code:
void SendPacket(char *packet) 
{ 
	DWORD addrPtr = 0x66C0AC; // <--
	DWORD addrCall = 0x0051ED8C; 
	__asm 
	{ 
		MOV EAX, DWORD PTR DS:[addrPtr] // <--
		MOV EAX, DWORD PTR DS:[EAX] 
		MOV EAX, DWORD PTR DS:[EAX] 
		MOV EDX, packet 
			CALL addrCall 
	} 
}
Code:
BOOL APIENTRY DllMain(HMODULE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved)
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
		CreateThread(nullptr, 0, tThread, nullptr, 0, nullptr);
		DisableThreadLibraryCalls(hModule); // <-- Without this i got some crashes, maybe it will help u too.
		break;
	}
	return TRUE;
}
05/10/2014 01:06 Kingrap#15
It work perfectly ;)

Code:
#include <iostream>
#include <Windows.h>
 
class __string
{
private:
	std::size_t length;
	char packet[256];
public:
	__string(char *_Packet)
	{
		length = strlen(_Packet);
		memcpy(packet, _Packet, length);
		packet[length] = 0;
	}
 
	char *p_char()
	{
		return packet;
	}
 
	unsigned long size()
	{
		return length;
	}
};
 
bool bDataCompare(const unsigned char *pData, const unsigned char *bMask, const char *szMask)
{
	for (; *szMask; ++szMask, ++pData, ++bMask)
	{
		if (*szMask == 'x' && *pData != *bMask)
		{
			return false;
		}
	}
 
	return (*szMask) == 0;
}
 
unsigned long FindPattern(unsigned char *bMask, char *szMask)
{
	unsigned long address = 0x00400000;
	unsigned long length = 0x00436000;
 
	for (unsigned long i = 0; i < length; i++)
	{
		if (bDataCompare((unsigned char*)(address + i), bMask, szMask))
		{
			return (unsigned long)(address + i);
		}
	}
 
	return 0;
}
 
void Send(unsigned long s_Send, char *s_Packet)
{
	__asm
	{
		mov eax, dword ptr ds : [0x0066C0AC]
		mov eax, dword ptr ds : [eax]
		mov eax, dword ptr ds : [eax]
		mov edx, s_Packet
		call s_Send
	}
}
 
unsigned long __stdcall Main(void *arg)
{
	unsigned char s_bPattern[] = { '\x53', '\x56', '\x8B', '\xF2', '\x8B', '\xD8', '\xEB', '\x04' };
 
	char s_cPattern = "xxxxxxxx";
 
	unsigned long s_Call = FindPattern(s_bPattern, s_cPattern);
 
	__string s_Packet = "c_skill"; // change with packet to send
 
	Send(s_Call, s_Packet.p_char());
 
	return 0;
}
 
unsigned long __stdcall DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpReserved)
{
	switch (dwReason)
	{
	case DLL_PROCESS_ATTACH:
		CreateThread(nullptr, 0, Main, nullptr, 0, nullptr);
		DisableThreadLibraryCalls(hModule);
		break;
	}
 
	return 1;
}
Now you have the code, are you happy ? Then exit from your world !
Page 1 of 3 1 23