Originally posted by giacometti@Jan 12 2007, 02:33
Quote:
just kill the client or make it sense to let it open?
Well, It does. The reason I am thinking is a pratical issue. If you have like 10 conquers loaded, re-opening and re-setting the bots can be really boring... Anyway, killing the client is what we have in hands, at least it works for the moment.
found a solution to disconnect without killing process (a bit complicated but works)
1. inject a dll in Co which can give us the socket handle at a fix address (hooking function send() of ws2_32.dll by inline hooking)
2. a proggy that closes that socket by means of DuplicateHandle (2 params: Co processID and sockhandle as int)
Originally posted by coder62+Jan 12 2007, 00:55--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (coder62 @ Jan 12 2007, 00:55)</td></tr><tr><td id='QUOTE'>
Quote:
Originally posted by -Maybe It's Maybelline@Jan 11 2007, 23:15 <!--QuoteBegin--giacometti
Quote:
@Jan 11 2007, 21:55 So now how could we make a disconnect funtion? I dont know if writing to memory could help us (or me! ). Maybe learn how to hook winsock connection and close from there...
There are many ways, more common is using softice and debugging Co to find out the functions offset for logging out. The easiest way would be making a service control and just dc the lan, but alot of people still use a modem so it wont work that way.
softice sucks [/b][/quote]
Yea, for those who can't handle it.
ok elementary you lost me lol..maybe u can give me a better example of hooking or rather injecting this dll into it ..,
as far as disconnecting im not too worried about..just finding the bluename value of the other player first lol, Maybe u can use a packet Editor to capture the packets of when u jump back and forth and d/c yourself..then maybe resend that packet to the client causing it to error out..I could have a memory writing one but it'll crash the whol client not just d/c you.
Originally posted by Maybe It's Maybelline+Jan 12 2007, 12:58--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Maybe It's Maybelline @ Jan 12 2007, 12:58)</td></tr><tr><td id='QUOTE'>
Quote:
Originally posted by -coder62@Jan 12 2007, 00:55
Quote:
Originally posted by -Maybe It's Maybelline@Jan 11 2007, 23:15 <!--QuoteBegin--giacometti
Quote:
Quote:
@Jan 11 2007, 21:55 So now how could we make a disconnect funtion? I dont know if writing to memory could help us (or me! ). Maybe learn how to hook winsock connection and close from there...
There are many ways, more common is using softice and debugging Co to find out the functions offset for logging out. The easiest way would be making a service control and just dc the lan, but alot of people still use a modem so it wont work that way.
softice sucks
Yea, for those who can't handle it. [/b][/quote]
ollydbg = free and does all i need why using a not free debugger that sits such deep in the system like softice does without having any real benefits
and to the disconnect things i have an easier way to you:
if you want to disconnect write "c3" at "4889f4" after you dced write "8d" to the same function it blocks the send function so you dont send anymore the onlinecheck packets and dc so with writing 8d you reenable the send function.
Originally posted by blinko@Jan 12 2007, 13:59 ok elementary you lost me lol..maybe u can give me a better example of hooking or rather injecting this dll into it ..,
as far as disconnecting im not too worried about..just finding the bluename value of the other player first lol, Maybe u can use a packet Editor to capture the packets of when u jump back and forth and d/c yourself..then maybe resend that packet to the client causing it to error out..I could have a memory writing one but it'll crash the whol client not just d/c you.
1.Inline hooking is done in a DLL in which i rewrite entrypoint of function send() from ws2_32.dll to a push address of my function then a ret
delphi code for it:
function IHook(DllName:Pchar;ProcName:Pchar;NewProc:Pointer ;var ACode:NewCode;var BackupCode:Oldcode):Pointer;
var LHandle:THandle;
pointer;
cRead:cardinal;
cWrite:cardinal;
begin
Result:=Nil;
LHandle:= LoadLibrary(Dllname);
if LHandle<>0 then begin
p:=GetProcAddress(LHandle,ProcName);
if p<>NIL then begin
ReadProcessMemory(INVALID_HANDLE_VALUE,p,@BackupCo de,6,cRead);
WriteProcessMemory(INVALID_HANDLE_VALUE,p,@ACode,6 ,cWrite);
Result:=P;
end;
end;
end;
inside my function i put back the BackupCode (which is overwritten by the 6 bytes of push addr, ret) and call to old send :
function sendw(s: integer; var Buf; len, flags: Integer): Integer; stdcall;
begin
//restore old call
WriteProcessMemory(INVALID_HANDLE_VALUE,p_send,@OC ode_send,6,eWrite);
oldsend:=p_send;
result:=oldsend(s,buf,len,flags);
//restore new
WriteProcessMemory(INVALID_HANDLE_VALUE,p_send,@NC ode_send,6,eWrite);
//here i log the socket and packet
logs(s,buf,len);
end;
another method to my first one the first one takes it times this does almost instant dc:
offset1:004889F4
offset2:004889FA
write to offset1:00516f7c0d8b
write to offset2:c300000e7de8
do any action ingame that send something, instead of sending something it will be redirected to the winsock close function and you will be dced instant
to restore it for normal working
write to offset1:08b70f04418d
write to ofset2:516f68b95051
advantage you dont need to inject anything and even can use it in tools like autoit.
Originally posted by coder62+Jan 12 2007, 14:15--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (coder62 @ Jan 12 2007, 14:15)</td></tr><tr><td id='QUOTE'>
Quote:
Originally posted by -Maybe It's Maybelline@Jan 12 2007, 12:58
Quote:
Originally posted by -coder62@Jan 12 2007, 00:55
Quote:
Originally posted by -Maybe It's Maybelline@Jan 11 2007, 23:15 <!--QuoteBegin--giacometti
Quote:
Quote:
Quote:
@Jan 11 2007, 21:55 So now how could we make a disconnect funtion? I dont know if writing to memory could help us (or me! ). Maybe learn how to hook winsock connection and close from there...
There are many ways, more common is using softice and debugging Co to find out the functions offset for logging out. The easiest way would be making a service control and just dc the lan, but alot of people still use a modem so it wont work that way.
softice sucks
Yea, for those who can't handle it.
ollydbg = free and does all i need why using a not free debugger that sits such deep in the system like softice does without having any real benefits [/b][/quote]
No benefits? Maybe not for you, some games and tools really depend on it and softice has much more functions and tools than ollydbg offers, I dont wanna have to use 41351 tools just to get the same result as SoftIce or IDA does.
ok, Im a CS student, and I've taken software engineering and all that ****, but ya'll are programming in VB and Im not familiar with that, since ur just modifying memory it is possible to do this in other languages right? like java or C?
Originally posted by MonkFox@Jan 12 2007, 21:14 ok, Im a CS student, and I've taken software engineering and all that ****, but ya'll are programming in VB and Im not familiar with that, since ur just modifying memory it is possible to do this in other languages right? like java or C?
Justin Fox
It's possible in every language that offers you somehow access to the Windows Debugging Functions.
Since Java runs in a Virtual Machine its a bit more complicated than in other languages, but there is
a toolkit which does most of the work for you:
[ASK] about memory address 09/30/2010 - Perfect World - 46 Replies Can anyone please tell me things about memory address like base address/pointer/offset/base address ?
like in PWI, we have :
Base_Address=10862540 , or in hex = A5BFCC
Base_AddressFZ=10863676, or in hex = A5C43C
does Base_AddressFZ mean a pointer ? because we can directly use that memory address without using offset and Base_Address.
for example, we have the offset for HP in PWI -> HP_OffSet=1140, when using nomad memory in autoit, to get to this HP memory address, we have to...
about memory address 09/13/2010 - CO2 Programming - 4 Replies hello peeps
i am trying to make a program that shows how much gold i have in my inventory without having to open it up all the time
i have been searching on how to do this in vb6 and vb.net but i cant find anything that is what i am looking for so i came here to see if there was anyone that could point me in the right way on how to do this
Memory Address 04/01/2010 - CO2 Programming - 8 Replies Hi,
i think there is a new problem , Tq done something??
When i go and try to find my hp base address with cheat engine,
I can find the current hp,only thing i can find is max hp which is of no use,can some one tell me what is going on!!!
thank you
memory address 01/23/2008 - Conquer Online 2 - 0 Replies any1 can make a memory address on monster count?using cheat engine perhaps?
Memory Address Help 06/15/2006 - Conquer Online 2 - 3 Replies Currently I am trying to make a simple program to tell you if your health goes down. So far I just cannot get the value of HP via memory... well I can in a way; I end up with an address that counts your HP by 256s.... (I could not find the HP using exact value searches, so I did increase/decreased by X) I think this is a one-byte address, but I always thought HP was a 4-byte address, and I do have TSearch searching for 4-byte values. Here is my HP versus what the "256" HP address
reads (I...
). Maybe learn how to hook winsock connection and close from there...
[/b][/quote]
ointer;
