Injecting packets to old files (sj/zszc/ecsro)

02/13/2015 22:22 ​Exo#1
Well, I can read the packets everything works fine but, whenever you inject any packet the client simply freezes. Any idea?
02/14/2015 14:22 alexhun#2
use proxy :)
02/14/2015 15:28 ​Exo#3
Quote:
Originally Posted by alexhun View Post
use proxy :)
Dude that's not the problem, I am using a proxy, just when the client is being used and you try to inject the packet it freezes.
03/03/2015 14:50 Devsome#4
I told ya you need to use [Only registered and activated users can see links. Click Here To Register...]

Code:
SilkroadSecurityApi.Proxy.Init();

IntPtr Mutex = WinAPI.CreateMutex(IntPtr.Zero, false, "Silkroad Online Launcher");
IntPtr Mutex2 = WinAPI.CreateMutex(IntPtr.Zero, false, "Ready");

p_Silkroad = new Process();
p_Silkroad.StartInfo.FileName = Loop.sClientPath;
p_Silkroad.StartInfo.Arguments = "0 /4 0 0";
p_Silkroad.Start();


Thread.Sleep(100);
string errors = "";
WinAPI.DoInject(p_Silkroad, "cDetour.dll", out errors);
if (errors.Length != 0)
    Console.WriteLine(errors);

IntPtr whandle = WinAPI.OpenProcess(WinAPI.Rights, 0, (IntPtr)p_Silkroad.Handle);

byte[] AlreadyExecuted = { 0xEB };
WinAPI.WriteBytes((IntPtr)p_Silkroad.Handle, 0x633D6C, AlreadyExecuted, AlreadyExecuted.Length);

Pattern pattern = new Pattern(p_Silkroad);
uint ClientSeedAdress = pattern.FindPattern("55 8B 6C 24 1C 8D 44 24 04 50 FF 15 00 00 00 00 8B 4C 24 04 81 E1 00 00 00 00", "xxxxxxxxxxxx????xxxxxx????") + 0x10;

ASM asm = new ASM();
asm.__ASM("MOV ECX,0x33");
for (byte i = 0; i < 5; i++)
    asm.__ASM("NOP");
asm.InjectIntoProcess(p_Silkroad.Handle, ClientSeedAdress);

WinAPI.CloseHandle(Mutex);
WinAPI.CloseHandle(Mutex2);
FormParty example:

Code:
public static void FormParty()
{
    if (!Global.Player.Party.Formed && Global.Player.Party.iMembers != 4)
    {
        Framework.PacketWriter p_Writer = new Framework.PacketWriter();

        string sText = "My own LTP";

        p_Writer.SetOpcode(Information.Opcode.CLIENT_PARTY_FORM);
        p_Writer.AppendQword(0); // party number, unique id
        p_Writer.AppendByte(4); // Item Distribution
        p_Writer.AppendByte(0); // Type
        p_Writer.AppendByte(1); // MinLevel
        p_Writer.AppendByte(80); // MaxLevel
        p_Writer.AppendWord((ushort)sText.Length);
        p_Writer.AppendString(false, sText);

        Framework.Inject.InjectPacket(p_Writer, Information.Proxy.ClientToServer);

        Global.Player.Party.Formed = true;
    }
}
used MHTC Client
03/04/2015 00:28 gigola123#5
Quote:
Originally Posted by Devsome View Post
I told ya you need to use [Only registered and activated users can see links. Click Here To Register...]

Code:
SilkroadSecurityApi.Proxy.Init();

IntPtr Mutex = WinAPI.CreateMutex(IntPtr.Zero, false, "Silkroad Online Launcher");
IntPtr Mutex2 = WinAPI.CreateMutex(IntPtr.Zero, false, "Ready");

p_Silkroad = new Process();
p_Silkroad.StartInfo.FileName = Loop.sClientPath;
p_Silkroad.StartInfo.Arguments = "0 /4 0 0";
p_Silkroad.Start();


Thread.Sleep(100);
string errors = "";
WinAPI.DoInject(p_Silkroad, "cDetour.dll", out errors);
if (errors.Length != 0)
    Console.WriteLine(errors);

IntPtr whandle = WinAPI.OpenProcess(WinAPI.Rights, 0, (IntPtr)p_Silkroad.Handle);

byte[] AlreadyExecuted = { 0xEB };
WinAPI.WriteBytes((IntPtr)p_Silkroad.Handle, 0x633D6C, AlreadyExecuted, AlreadyExecuted.Length);

Pattern pattern = new Pattern(p_Silkroad);
uint ClientSeedAdress = pattern.FindPattern("55 8B 6C 24 1C 8D 44 24 04 50 FF 15 00 00 00 00 8B 4C 24 04 81 E1 00 00 00 00", "xxxxxxxxxxxx????xxxxxx????") + 0x10;

ASM asm = new ASM();
asm.__ASM("MOV ECX,0x33");
for (byte i = 0; i < 5; i++)
    asm.__ASM("NOP");
asm.InjectIntoProcess(p_Silkroad.Handle, ClientSeedAdress);

WinAPI.CloseHandle(Mutex);
WinAPI.CloseHandle(Mutex2);
FormParty example:

Code:
public static void FormParty()
{
    if (!Global.Player.Party.Formed && Global.Player.Party.iMembers != 4)
    {
        Framework.PacketWriter p_Writer = new Framework.PacketWriter();

        string sText = "My own LTP";

        p_Writer.SetOpcode(Information.Opcode.CLIENT_PARTY_FORM);
        p_Writer.AppendQword(0); // party number, unique id
        p_Writer.AppendByte(4); // Item Distribution
        p_Writer.AppendByte(0); // Type
        p_Writer.AppendByte(1); // MinLevel
        p_Writer.AppendByte(80); // MaxLevel
        p_Writer.AppendWord((ushort)sText.Length);
        p_Writer.AppendString(false, sText);

        Framework.Inject.InjectPacket(p_Writer, Information.Proxy.ClientToServer);

        Global.Player.Party.Formed = true;
    }
}
used MHTC Client
With this ddl with can just "inject" packet without any proxy ?! That pretty nice fuck.
03/07/2015 17:17 ​Exo#6
Still, you guys don't get it..
If I am clientless, it works but when the client is being used which means the client is connected to the proxy it still works but the client just freezes not dc'ing, not crashing, doesn't stop responding. It just freeze.
03/12/2015 16:13 sarkoplata#7
There (was?) some kind of keep alive packet afairemember
03/12/2015 17:59 qqdev#8
That is really weird. Usually you get a DC if you send a malformed packet. Which proxy are you using? Show us code.
03/13/2015 23:05 ​Exo#9
Quote:
Originally Posted by qqdev View Post
That is really weird. Usually you get a DC if you send a malformed packet. Which proxy are you using? Show us code.
That's not the issue, I am sure the proxy isn't the problem, I am already connected and reading the stuff from the client via proxy, the problem is when ever you try to send a packet, try phAnalyzer and you will get what I mean.
03/14/2015 00:58 qqdev#10
Dont have the old server files running.
03/21/2015 16:53 Vinator#11
It's kinda long ago but if I remember correctly the client freezes if you send the wrong security bytes.

I used the phProxy.