account authorization packet (1086)

[coolco]

is ther any easy way to force the client to send another packet id isntead? im tring to get some short of protection, i know it can be done with dll injection but that is a bit far of my league xD so if it can be done with another easyer way please let me know

[iBotx]

I guess the only was is to hook over SendMsg/ReceiveMsg or hook over the send and try to decrypt the packet, change ids and re-encrypt it but that'd be a stupid thing to do if you do the steps above would be much better. Rather than that I guess no.

[JaniQ]

You can hook the function that creates the packet and create your own instead.

[teroareboss1]

you can check Angelius bot project. he hook the CNetwork class.



this for last version:

Code:

BYTE pattern[] = { 0x51,0x50,0xB9,0x00,0x00,0x00,0x00,0xE8,0x00,0x00,0x00,0x00,0x5E,0xC3,0x6A,0x04 };
bool wildcards[] = { 0,0,0,1,1,1,1,0,1,1,1,1,0,0,0,0 };
PBYTE  match = (PBYTE)Scan::FindMemoryPattern(pattern, wildcards, sizeof(wildcards));
match += 2;

   // PrintDebugHex("CNetworkmatch: ", (DWORD)match);

DWORD callDstInter;
ReadProcessMemory(GetCurrentProcess(), (LPVOID)(match +1), &callDstInter, sizeof(callDstInter), NULL);//match + 1 for call
NetwordAddress = callDstInter;

Code:

BYTE pattern[] = { 0x6A,0x0C,0xB8,0x00,0x00,0x00,0x00,0xE8,0x00,0x00,0x00,0x00,0x8B,0xF1,0x89,0x75,0xE8,0x33,0xDB,0x39,0x5E,0x18 };
bool wildcards[] = { 0,0,0,1,1,1,1,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0 };
PBYTE  match = (PBYTE)Scan::FindMemoryPattern(pattern, wildcards, sizeof(wildcards));
//PrintDebugHex("CNetworkSend: ", (DWORD)match);
SendPacketAddress = (DWORD)match;

Code:

static void SendToServer(const char* msg, int len)
{
	__asm
	{
	    push len
            PUSH DWORD PTR DS:[msg]
            MOV ECX, NetwordAddress
            CALL SendPacketAddress
	}
}

Special Thanks to Angelius .