Packet Senden crash?

02/21/2016 01:06 blackout617#1
Hallo ich habe eine kleine frage also ich versuche es mit einem simple packet ("say Hello") aber das client crasht..Ich habe auch denn string null terminated gemacht aber immer noch das gleiche hier ein paar info über was ich gemacht habe:

English: I Tried to send a simple packet ("say Hello") but the client crashes , i dont know what to do i terminated the string with null ,i hope anyone can help me :) Here some info about what im doing:
Code:
void Player::send_packet(std::string packet)
{
	DWORD callAdr = 0x52BC0C;
	DWORD callPtr = 0x68120C;
	char tempChar[256];
	memcpy(tempChar,packet.c_str(), packet.size());
	for (int i = 0; i < (packet.size()-1); i++)
	{
		tempChar[i] = packet[i];
	}
	tempChar[packet.size()] = 0;
	char* temp = tempChar;
	_asm
	{
			MOV EAX, DWORD PTR DS : [callPtr]
			MOV EAX, DWORD PTR DS : [EAX]
			MOV EDX, temp
			CALL callAdr
	}
	return;

}
Der call zu sendpacket:
Gallery
02/21/2016 01:31 BladeTiger12#2
Versuch mal das:

Code:
void Player::send_packet(std::string packet)
{
	DWORD callAdr = 0x52BC0C;
	DWORD callPtr = 0x68120C;
	char tempChar[256];
	memcpy(tempChar,packet.c_str(), packet.size());
	tempChar[packet.size()] = 0;

	char* temp = tempChar;
	_asm
	{
			MOV EAX, DWORD PTR DS : [callPtr]
			MOV EAX, DWORD PTR DS : [EAX]
                        MOV EAX, DWORD PTR DS : [EAX]
			MOV EDX, temp
			CALL callAdr
	}
	return;

}
Und sicher das callAdr richtig ist?(Wenn das oben nicht klappt probier mal das unten aus)

02/21/2016 02:11 blackout617#3
oohh ich habe grade erst gesehen das ich vergessen habe den for loop zu löschen nach ich memcpy geschrieben habe :) , Leider beides geht nicht , die callAdr muss richtig seinn habe ja von IDA das photo drinn müsste korrekt sein.
02/21/2016 03:31 BladeTiger12#4
Aber die, von deinem Code ausschnitt ist glaube ich nur die Funktion, die das Walk-Packet zusammen setzt und etwas später erst die richtige aufruft.

Habe gerade nachgeschaut ist anscheinend immer noch die 0x52BBC0.

Und was heißt "geht beides nicht"?
Crasht es immer noch oder kommt beim 2 (Das im Spoiler) einfach gar nichts?
Wenn ja, dann hat es funktioniert.
Das "say"-Packet siehst du in deinem eigenen Chat nicht.
02/21/2016 10:50 blackout617#5
Quote:
Originally Posted by BladeTiger12 View Post
Aber die, von deinem Code ausschnitt ist glaube ich nur die Funktion, die das Walk-Packet zusammen setzt und etwas später erst die richtige aufruft.

Habe gerade nachgeschaut ist anscheinend immer noch die 0x52BBC0.

Und was heißt "geht beides nicht"?
Crasht es immer noch oder kommt beim 2 (Das im Spoiler) einfach gar nichts?
Wenn ja, dann hat es funktioniert.
Das "say"-Packet siehst du in deinem eigenen Chat nicht.
nein leider wieder ein crash :/
02/21/2016 13:13 WalrossGreat#6
Because you are doing it wrong. Just debug it, after hit a breakpoint at first line of your function look at stack (to see from where it was called) then go there, you also can see that in current registers:

ECX - the packet (for example "say lol")
EDX - the packet (For example "say")

There is also a function where you need to pass only the full packet (for example "say lol").
Anyway that function would be great place to hook, since the packet is spearated by game .

In your function you have call to function that is calling the "right" function.

BTW Ofc you can use that function which you posted, just full the registers with right values.

I will left the example.
Code:
	__asm
	{
		MOV ECX, fullPacket; // "ncif 3 1791"
		MOV EAX, DWORD PTR DS : [0x68120C];
		MOV EAX, DWORD PTR DS : [EAX];
		MOV EDX, 0x062F804; // ASCII "ncif"
		CALL toCall;
	}
Hope it helps :rolleyes:
02/21/2016 16:12 blackout617#7
Erst mal danke für die hilfe , jetzt habe ich mehr gelernt über ASM dank euch :)
Und ich kann deutsch aber beim schreiben bin ich nicht gut weill ich nicht in deutschland bin , ich bin zeit ich kleinn bin in zypern :D aber Lesen/reden kann ich perfect deutsch(ist meine hauptsprache) also ist besser wenn ihr deutsch schreibt english ist ein bischen slechter :D

Also ich habe es so probiert: ( So i tested this now)
Code:
void Player::send_packet(std::string packet)
{
	//Defs
	char tempChar[256];
	DWORD callPtr = (DWORD)send_packet_callPtr;
	DWORD callAdr = (DWORD)send_packet_callAdr;
	DWORD packetType = 0x630238; // ASCII "rest"
	//Defs end here

	//String work
	memcpy(tempChar, packet.c_str(), packet.size());
	tempChar[packet.size()] = 0;
	char* temp = tempChar;
	//ASM WORK
	_asm
	{
			MOV ECX, temp
			MOV EAX, DWORD PTR DS : [callPtr]
			MOV EAX, DWORD PTR DS : [EAX]
			MOV EDX, packetType
			CALL callAdr
	}
	return;
}
Aber trozttdem ein crash.. (But still crashing)
Hier ein paar bilder die mehr info über mein problem geben werden denke ich .. (Here some info with photos detailed , this will explain more about my problem)

Die function die ich versuche zu callen:(The function that i try to call)
[Only registered and activated users can see links. Click Here To Register...]

Wen das game the function called:(When the game calls it)
[Only registered and activated users can see links. Click Here To Register...]

Wenn meine function ,die function called(When my dll calls it):

[Only registered and activated users can see links. Click Here To Register...]

Wenn das spiel crasht:(When the game crashes)
[Only registered and activated users can see links. Click Here To Register...]

Und ich glaube das ist die funktion die walross meint("There is also a function where you need to pass only the full packet (for example "say lol").") :
[Only registered and activated users can see links. Click Here To Register...]
02/21/2016 17:49 WalrossGreat#8
I don't fully understand what you said (cuz I don't know your lang) but i see that there is particural problem with your packet convertion:
Code:
	memcpy(tempChar, packet.c_str(), packet.size());
	tempChar[packet.size()] = 0;
	char* temp = tempChar;
I suggest you to change the std::string to char* (in your function)
also you can get the size of char* from strlen(var);
So it should looks like:
Code:
        unsigned int _w64 sizeOfChar = strlen(packet)
	memcpy(tempChar, packet, sizeOfChar );
	tempChar[sizeOfChar] = 0;
	char* temp = tempChar;
02/21/2016 18:14 blackout617#9
Quote:
Originally Posted by WalrossGreat View Post
I don't fully understand what you said (cuz I don't know your lang) but i see that there is particural problem with your packet convertion:
Code:
	memcpy(tempChar, packet.c_str(), packet.size());
	tempChar[packet.size()] = 0;
	char* temp = tempChar;
I suggest you to change the std::string to char* (in your function)
also you can get the size of char* from strlen(var);
So it should looks like:
Code:
        unsigned int _w64 sizeOfChar = strlen(packet)
	memcpy(tempChar, packet, sizeOfChar );
	tempChar[sizeOfChar] = 0;
	char* temp = tempChar;
I Think that youre german because of your Username :)) , int the last screenshot i asked if that is the function that you said as "only passing 1packet".
I Don't understand why i should not do it with std::string , but now i changed it with char* and used strlen but still crashing
02/21/2016 18:17 WalrossGreat#10
Yes, that it's right function.

You should use strlen to determine the size of char*, it's probably the best way.

Try to execute it:
Code:
	char* packet = "ncif 3 1791";
	char tempChar[256];
	unsigned int _w64 sizeOfChar = strlen(packet);
	memcpy(tempChar, packet, sizeOfChar);

	tempChar[sizeOfChar] = 0;

	char *temp = tempChar;

	DWORD toCall = 0x052BC0C;

	__asm
	{
		MOV ECX, temp; // "ncif 3 1791"
		MOV EAX, DWORD PTR DS : [0x68120C];
		MOV EAX, DWORD PTR DS : [EAX];
		MOV EDX, 0x062F804; // ASCII "ncif"
		CALL toCall;
	}
It's work great for me.
You also don't need the return if the function is void(as you had it in first post)
02/21/2016 18:56 forsatus#11
You need to know the size of the packet you want to send.
02/21/2016 18:58 blackout617#12
Quote:
Originally Posted by WalrossGreat View Post
Yes, that it's right function.

You should use strlen to determine the size of char*, it's probably the best way.

Try to execute it:
Code:
	char* packet = "ncif 3 1791";
	char tempChar[256];
	unsigned int _w64 sizeOfChar = strlen(packet);
	memcpy(tempChar, packet, sizeOfChar);

	tempChar[sizeOfChar] = 0;

	char *temp = tempChar;

	DWORD toCall = 0x052BC0C;

	__asm
	{
		MOV ECX, temp; // "ncif 3 1791"
		MOV EAX, DWORD PTR DS : [0x68120C];
		MOV EAX, DWORD PTR DS : [EAX];
		MOV EDX, 0x062F804; // ASCII "ncif"
		CALL toCall;
	}
It's work great for me.
You also don't need the return if the function is void(as you had it in first post)
i think i will be going to crazy :(
Its still crashing , at least i copy pasted and make all other things to comments. Just your code and its crashing again..
Here now recorded a short video while trying your code

Quote:
Originally Posted by forsatus View Post
You need to know the size of the packet you want to send.
char* packet = "ncif 3 1791"; //len 11
char tempChar[256];
unsigned int _w64 sizeOfChar = strlen(packet);
i think that will give the size of the packet ? strlen(packet) == 11
02/21/2016 19:04 forsatus#13
Code:
DWORD sendpacketfunc = 0x052BC0C

void Send(CHAR* packet)
{
	DWORD _i32_SendPacketFunc = 0x0052BBC0;

	__asm
	{
		MOV EAX, DWORD PTR DS : [0x0068120C]
		MOV EAX, DWORD PTR DS : [EAX]
		MOV EDX, packet
		CALL sendpacketfunc
	}
}
02/21/2016 19:09 WalrossGreat#14
@forsatus
Why he should take care about this? Since he set the char* i don't see any profits from know the char size

@blackout617
Please post fully code on pastebin, with the DLLMain and the CreateThread if you can.

EDIT:
@forsatus
It's not about this, there isn't only one function that you have to call if you want send packet.
02/21/2016 19:21 blackout617#15
Quote:
Originally Posted by forsatus View Post
You need to know the size of the packet you want to send.
Quote:
Originally Posted by WalrossGreat View Post
@forsatus
Why he should take care about this? Since he set the char* i don't see any profits from know the char size

@blackout617
Please post fully code on pastebin, with the DLLMain and the CreateThread if you can.

EDIT:
@forsatus
It's not about this, there isn't only one function that you have to call if you want send packet.
Here [Only registered and activated users can see links. Click Here To Register...]