Pattern and wildcard for hooking in 5517 version

01/15/2021 21:25 diedwarrior#1
Hello all,

I'm trying to start and understand what loaders are and how they actually work, So I tried grabbing CSV3 hooking method and try it for the 5517 version but it seems to not work, stucks in this part:
Code:
BYTE pattern[] = { 0x85, 0xC0, 0x75, 0x00, 0x8B, 0x4E, 0x00, 0xE8, 0x00, 0x00, 0x00, 0x00, 0x83, 0x4D, 0x00, 0x00, 0x8B, 0x00, 0x00 };
	bool wildcards[] = { 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1 };
	PBYTE match = (PBYTE)FindMemoryPattern(pattern, wildcards, 19);

	if (match==NULL)
	{
			sprintf(szDebug, "failed 1", (DWORD)match);
			MessageBoxA(NULL, szDebug, "ERROR", MB_OK);
			return;
		
	}
, after searching, I found that old version of conquer used this pattern:
0x85, 0xC0, 0x75, 0x00, 0x8B, 4E, 0x00, 0xE8, 0x00, 0x00, 0x00, 0x00, 0x83, 0x4D, 0x00, 0x00, 0x8B, 0x00, 0x00 and new version need 4E to be replaced by 4F, however both are not working for a 5517 client, is this correct, am I missing something?

Also another thing, can some one like give me some explanation about what are these and how to understand/find them.

Thanks.
01/16/2021 14:18 darkhc#2
Quote:
Originally Posted by diedwarrior View Post
Hello all,

I'm trying to start and understand what loaders are and how they actually work, So I tried grabbing CSV3 hooking method and try it for the 5517 version but it seems to not work, stucks in this part:
Code:
BYTE pattern[] = { 0x85, 0xC0, 0x75, 0x00, 0x8B, 0x4E, 0x00, 0xE8, 0x00, 0x00, 0x00, 0x00, 0x83, 0x4D, 0x00, 0x00, 0x8B, 0x00, 0x00 };
	bool wildcards[] = { 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1 };
	PBYTE match = (PBYTE)FindMemoryPattern(pattern, wildcards, 19);

	if (match==NULL)
	{
			sprintf(szDebug, "failed 1", (DWORD)match);
			MessageBoxA(NULL, szDebug, "ERROR", MB_OK);
			return;
		
	}
, after searching, I found that old version of conquer used this pattern:
0x85, 0xC0, 0x75, 0x00, 0x8B, 4E, 0x00, 0xE8, 0x00, 0x00, 0x00, 0x00, 0x83, 0x4D, 0x00, 0x00, 0x8B, 0x00, 0x00 and new version need 4E to be replaced by 4F, however both are not working for a 5517 client, is this correct, am I missing something?

Also another thing, can some one like give me some explanation about what are these and how to understand/find them.

Thanks.
You can get the source code of universal conquer loader here: [Only registered and activated users can see links. Click Here To Register...]
01/16/2021 21:53 diedwarrior#3
Quote:
Originally Posted by darkhc View Post
You can get the source code of universal conquer loader here: [Only registered and activated users can see links. Click Here To Register...]
Thanks mate, but it seems that you only support 5600+,I'm targeting 5517, any idea?

Code:
if (ClientVersion >= 5600) {
		//
		//	hook packet processor
		//

		bool wildcards[] = { 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1 };
		PBYTE match = (PBYTE)FindMemoryPattern(pattern_OLD, wildcards, 19);

		if (ClientVersion >= 5700) {
			match = (PBYTE)FindMemoryPattern(pattern_56XX, wildcards, 19);
		}
		if (ClientVersion >= 6000) {
			match = (PBYTE)FindMemoryPattern(pattern_60XX, wildcards, 19);
		}
		if (ClientVersion >= 6600) {
			match = (PBYTE)FindMemoryPattern(pattern_66XX, wildcards, 19);

		}
01/17/2021 12:34 darkhc#4
Quote:
Originally Posted by diedwarrior View Post
Thanks mate, but it seems that you only support 5600+,I'm targeting 5517, any idea?

Code:
if (ClientVersion >= 5600) {
		//
		//	hook packet processor
		//

		bool wildcards[] = { 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1 };
		PBYTE match = (PBYTE)FindMemoryPattern(pattern_OLD, wildcards, 19);

		if (ClientVersion >= 5700) {
			match = (PBYTE)FindMemoryPattern(pattern_56XX, wildcards, 19);
		}
		if (ClientVersion >= 6000) {
			match = (PBYTE)FindMemoryPattern(pattern_60XX, wildcards, 19);
		}
		if (ClientVersion >= 6600) {
			match = (PBYTE)FindMemoryPattern(pattern_66XX, wildcards, 19);

		}
Not use this part of code for 5517 simple!