GW2 Memory Thread

[shuuky]

Nutzt jemand c++ für seinen gw2 hack?

[LordKill]

ja ich wieso?

[shuuky]

Hast du oder evtl. jemand ander lust es ein bischen open source zu machen, damit man davon lernen kann, wie der code aufgebaut ist ect?

Kannst ja auch dir wichtige hacks ect. rauslassen wenn du sie nicht vö willst.

[Xereon]

Quote:

Originally Posted by shuuky

Hast du oder evtl. jemand ander lust es ein bischen open source zu machen, damit man davon lernen kann, wie der code aufgebaut ist ect?

Kannst ja auch dir wichtige hacks ect. rauslassen wenn du sie nicht vö willst.

Objektorientierte Programmierung



Sorry, aber das ist nichts was speziell mit Hacks sondern mit Programmieren im Allgemein zu tuen hat. Zu jener Thematik gibt es Dutzende von Büchern und die verschiedene Techniken, Patterns und Paradigma lassen sich nicht anhand eines einziges Programmes verstehen. Außerdem sind Hacks / Bots normalerweise nicht gerade die besten Beispiele für OOP oder einen guten Stil. Wenn du nur in c++ interessiert wirst du es sowieso schwieriger haben, da die Sprache doch ihre ganz eigenen Kniffe hat (constness,templates, RAII, value semantics um nur ein paar zu nennen). Guter c++ code ist rar! Wenn du trotzdem nicht von c++ abhälts rate ich dir die Poco libs anzusehen; mit Abstand einer der saubersten und objektorientiertesten c++ libs, die es so gibt.

[piotr55]

Quote:

Originally Posted by shuuky

Hast du oder evtl. jemand ander lust es ein bischen open source zu machen, damit man davon lernen kann, wie der code aufgebaut ist ect?

Kannst ja auch dir wichtige hacks ect. rauslassen wenn du sie nicht vö willst.

Also wenn du allgemein c++ näher kennenlernen möchtest, solltest du vlt nicht gleich hackspezifisch durchstarten. es gibt unzählige beginner tuts für c++ um einfach einsteigen zu können. Wenn du wirklich objektorientiert proggen möchtest, solltest du c++ eher meiden. mein tipp für oop ist java. eignet sich aber nicht für hacks.

solltest du dir einfach nur nen teleporter bauen wollen zum testen, schau dir mal den c# code zum auslesen der char koordinaten an, den djmatrix1987 gepostet hat. den code kann man simple ändern um die werte nicht zu lesen sondern zu schreiben.

gruß piotr

[djmatrix1987]

So the first step is done Map is finished. Here a preview of the GW2 bot.

[piotr55]

Quote:

Originally Posted by djmatrix1987

So the first step is done Map is finished. Here a preview of the GW2 bot.

Nice was wirds wenns fertig ist? nen bot mit wegpunkten oder wie?

gruß piotr

[djmatrix1987]

Wird ein richtiger Bot mit Wegpunkten, diese mann dan auf der Karte zeichnen kann. Im Moment sind die Wegpunkte ingame auch auf der Karte vorhanden und die Rüssi / Händler.

[midi12]

Quote:

Originally Posted by Cencil

Packet encryption for sending packets (imagebase already added)

Code:

  off_NetworkClass            = $015C1DD4; // [15754]
  off_EncryptCallAdd          = $1CC;      // [15754]
  off_EncryptPacket           = $00A62190; // [15754]

procedure EncryptPacket(pBuffer, pTargetBuffer: Pointer; bufferSize: Integer);
const
  // delphi __thiscall hekk, ignore _eax and _edx and reverse the order
  gw2Encrypt: procedure( _eax, _edx, pThis, pTargetBuffer, pBuffer: Pointer; bufferSize: Integer) = Pointer(off_EncryptPacket); 
begin
  gw2Encrypt(nil, nil, Pointer(PCardinal(off_NetworkClass)^ + off_EncryptCallAdd), pTargetBuffer, pBuffer, bufferSize);
end;

After the encryption you have to send your packet immediately or the server will receive wrong encrypted packets by the client. Just put the targetbuffer into the winsock send function, so easy.

Hi, first thanks for these offsets, this is very interresting, i tried to implement this to a c++ dll. Hooks on EncryptPacket and send are applying fine but when EncryptPacket is called, the game instantly crashes :/

Here is the code i do in my hooked EncryptPacket & send :

Code:

VOID __fastcall m_PacketEncrypt(VOID* pTargetBuffer, VOID* pBuffer, int bufferSize)
{
	DWORD NetClassptr = *(DWORD*)(gw2_base + NetworkClass);
	VOID* EncryptCallAdd = *(VOID**)(NetClassptr + EncryptCall);

	/*for(int i = 0; i < bufferSize; i++)
	{
		cout << hex << pBuffer[i];
	}*/

	cout << "m_PacketEncrypt()" << endl;
	cout << hex << NetClassptr << endl;
	cout << hex << EncryptCallAdd << endl;
	cout << hex << (const char*)pBuffer << endl;
	cout << hex << (const char*)pTargetBuffer << endl;
	cout << bufferSize << endl;
	cout << "m_PacketEncrypt()" << endl;
	cout << "_________________" << endl;

	//m_send(m_s, (const char*)pTargetBuffer, bufferSize, NULL); 

	return pPacketEncrypt(NULL, NULL, EncryptCallAdd, pTargetBuffer, pBuffer, bufferSize);
}

int WINAPI m_send(SOCKET s, const char* buf, int len, int flags)
{
	cout << "m_send()" << endl;
	cout << buf << endl;
	cout << len << endl;
	cout << flags << endl;
	cout << "m_send()" << endl;
	cout << "________" << endl;

	m_s = s;
	
	return pSend(s, buf, len, flags);
}

Can help me plz ? winsock send hook work pretty but not packet enc

[Cencil]

I'm sure there are better ways to send packets. GW2 puts all packets into a list and sends it, there is a high chance that your encryption will fail if you do it in your own thread.

Still had no time to completely reverse it.

return pPacketEncrypt(NULL, NULL, EncryptCallAdd, pTargetBuffer, pBuffer, bufferSize);

Looks wrong, EncryptCallAdd should be the first parameter (as you use msfastcall). Also you don't need to add the base to the offset, I already did it.

If your code is a detour you should also add edx and ecx as the first parameters
VOID __fastcall m_PacketEncrypt(VOID* ecx, VOID * Unused, int bufferSize, VOID* pBuffer, VOID* pTargetBuffer)

Hope this helps.

Anyway here's my detour in delphi, it's crap but hey it works.

Code:

procedure hk_PacketCrypt(_eax, _edx, pThis, pEncryptedBuffer, pBuffer: Pointer; packetSize: Integer);
var
  buffer: Array of Byte;
  i: Integer;
  sLog, sOpName: string;
  wOpCode: Word;
const
  org_PacketCrypt: procedure(_eax, _edx, pThis, pEncryptedBuffer, pBuffer: Pointer; packetSize: Integer) = Pointer($00A62190);
begin
  if (g_bLogOutgoingPackets) then
  begin
    SetLength(buffer, packetSize);
    Move(pBuffer^, buffer[0], packetSize);

    for i := Low(buffer) to High(buffer) do
    begin
      sLog := sLog + IntToHex(buffer[i], 2) + ' ';
    end;

    Move(buffer[0], wOpCode, SizeOf(wOpCode));

    case wOpCode of
      $0D:
        sOpName := 'MovementHeartbeat';
      $0F:
        sOpName := 'CastSpell';
      $21:
        sOpName := 'MoveItem';
      $54:
        sOpName := 'ChatMessage';
      $56:
        sOpName := 'SlashCommand';
      $7C:
        sOpName := 'Unlock bag slot'
      else
        sOpName := 'Unknown';
    end;

    LogConsole ('======================================================');
    LogConsoleF('C->S Packet code: %x (%s) Size: %d', [wOpCode, sOpName, Length(buffer)]);
    LogConsole ('======================================================');
    LogConsole (sLog);
    LogConsole ('======================================================');
  end;

  org_PacketCrypt(_eax, _edx, pThis, pEncryptedBuffer, pBuffer, packetSize);
end;

I'm overwriting the call at 0x00A5D011, else you'll also see the incoming packets.

[Else]

Code:

E-Mail Address - 0x015C0D38

[midi12]

Thanks for the answer, i'm doing like this now but it crash at calling oPacketEncrypt (I cleaned my src a little ^^') (oPacketEncrypt is new name for pPacketEncrypt)

Code:

VOID __fastcall m_PacketEncrypt(VOID* _EAX, VOID* _ECX, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize)
{
	DWORD NetClassptr = *(DWORD*)(NetworkClass);
	DWORD EncryptCallAdd = *(DWORD*)(NetClassptr + EncryptCall);

	cout << "================================" << endl;
	cout << NetClassptr << endl;
	cout << EncryptCallAdd << endl;
	cout << "================================" << endl;

	//m_send(m_s, (const char*)pTargetBuffer, bufferSize, 0);
	return oPacketEncrypt(_EAX, (VOID*)EncryptCallAdd, NULL /*don't find what place here and NULL fail*/, pTargetBuffer, pBuffer, bufferSize);
}

I use MSDetours 1.5 and the call of m_PacketEncrypt works fine now !

In PacketEncrypt(_EAX, (VOID*)EncryptCallAdd, NULL, pTargetBuffer, pBuffer, bufferSize);
I set 3rd parameters as NULL because I didn't know which argument passing to it.

Also after checking
DWORD EncryptCallAdd = *(DWORD*)(NetClassptr + EncryptCall) are set with some random numbers, i'm sure the cast is good and i removed the base adding indeed ><

I'm very new with hooks, i just done on D3DWrapper project, and i search for a deep documentation on, because i had failed to find one good with ggl!

So thanks again for explanation.

PS : how i declare my Hook :

Code:

typedef VOID (__thiscall *tPacketEncrypt)(VOID* _EAX, VOID* _EDX, VOID* pThis, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize);
tPacketEncrypt oPacketEncrypt;
VOID __fastcall m_PacketEncrypt(VOID* _EAX , VOID* _ECX, VOID* pThis, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize);

[Else]

For Constants Data, uvm.:

Code:

 public enum ItemRarities : uint
        {
            Junk = 0,
            Common = 1,
            Fine = 2,
            Masterwork = 3,
            Rare = 4,
            Exotic = 5,
            Legendary = 6,
        }

        public enum AgentAttitudes : uint
        {
            Friendly = 0,
            Hostile = 1,
            Neutral = 2,
            UnattackablePNJ = 3,
        }

        public enum GatheringType : uint
        {
            Herb = 0,
            Wood = 1,
            Mine = 2,
            None = 3,
        }

        public enum ItemTypes : uint
        {
            Armor = 0,
            Back = 1,
            Bag = 2,
            Consumable = 3,
            Container = 4,
            CraftingMaterial = 5,
            Gathering = 6,
            Gizmo = 7,
            MiniDeck = 9,
            Tool = 13,
            Trinket = 15,
            Trophy = 16,
            UpgradeComponent = 17,
            Weapon = 18,
            //NUM_ITEM_TYPES = 19,
        }

        public enum AgentTypes : uint
        {
            Char = 0,
            Gadget = 8,
            Gadget_Attack_Target = 9,
            Item = 13,
        }

        public enum EquipmentSlot : uint
        {
            AquaticHeadgear = 0,
            Chest = 2,
            Boots = 3,
            Gloves = 4,
            Headgear = 5,
            Leggings = 6,
            Shoulders = 7,
            Back = 11,
            Accessory1 = 12,
            Accessory2 = 13,
            Amulet = 14,
            Ring1 = 15,
            Ring2 = 16,
            TownClothesHeadgear = 17,
            TownClothesChest = 18,
            TownClothesGloves = 19,
            TownClothesLeggings = 20,
            TownClothesShoes = 21,
            TownClothesToy = 22,
            AquaticWeapon = 24,
            AlternateAquaticWeapon = 25,
            MainHandWeapon = 29,
            OffHandWeapon = 30,
            AlternateMainHandWeapon = 31,
            AlternateOffHandWeapon = 32,
            ForagingTool = 34,
            LoggingTool = 35,
            MiningTool = 36,
        }

        public enum ItemDurabilities : uint
        {
            Ok = 0,
            Damaged = 1,
            Broken = 2,
        }

        public enum UiFlags : int
        {
            Autoloot = 0x2,
            EnableCameraShake = 0x8,
            UseFreeCamera = 0x10,
            DoubleClickToAttackInteract = 0x100,
            InvertCameraYAxis = 0x1000,
            ShowAllEnemyNames = 0x10000,
            ShowAllNPCNames = 0x20000,
            ShowAllPlayerNames = 0x8000,
            ShowSkillRecharge = 0x80000,
            SimplePartyUI = 0x200000,
            Autotargeting = 0x400000,
            StopAutoAttackingOnTargetChange = 0x800000,
            DoubleTapToEvade = 0x2000000,
            DisableAreaOfEffectRings = 0x1000000,
            FastCastGroundTargeting = 0x4000000,
            PromoteSkillTarget = 0x8000000,
            MeleeAttackAssist = 0x10000000,
        }

        public enum ResolutionMode : uint
        {
            Windowed = 0,
            Fullscreen = 1,
            FullscreenWindowed = 2,
        }

        public enum WeaponType : byte
        {
            Sword = 0,
            Hammer = 1,
            Longbow = 2,
            Shortbow = 3,
            Axe = 4,
            Dagger = 5,
            Greatsword = 6,
            Mace = 7,
            Pistol = 8,
            Rifle = 10,
            Scepter = 11,
            Staff = 12,
            Focus = 13,
            Torch = 14,
            Warhorn = 15,
            Shield = 16,
            Spear = 19,
            HarpoonGun = 20,
            Trident = 21,
        }

        public enum SkillTypes : uint
        {
            Ability = 0,
            Buff = 1,
        }

Source: [B][URL="http://www.**************/forums/mmo/guild-wars-2/gw2-memory-editing/378035-gw2-constant-data-enums-structs-etc.html"]Here[/URL][/B]

[Cencil]

Quote:

Originally Posted by midi12

Thanks for the answer, i'm doing like this now but it crash at calling oPacketEncrypt (I cleaned my src a little ^^') (oPacketEncrypt is new name for pPacketEncrypt)

Code:

VOID __fastcall m_PacketEncrypt(VOID* _EAX, VOID* _ECX, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize)
{
	DWORD NetClassptr = *(DWORD*)(NetworkClass);
	DWORD EncryptCallAdd = *(DWORD*)(NetClassptr + EncryptCall);

	cout << "================================" << endl;
	cout << NetClassptr << endl;
	cout << EncryptCallAdd << endl;
	cout << "================================" << endl;

	//m_send(m_s, (const char*)pTargetBuffer, bufferSize, 0);
	return oPacketEncrypt(_EAX, (VOID*)EncryptCallAdd, NULL /*don't find what place here and NULL fail*/, pTargetBuffer, pBuffer, bufferSize);
}

I use MSDetours 1.5 and the call of m_PacketEncrypt works fine now !

In PacketEncrypt(_EAX, (VOID*)EncryptCallAdd, NULL, pTargetBuffer, pBuffer, bufferSize);
I set 3rd parameters as NULL because I didn't know which argument passing to it.

Also after checking
DWORD EncryptCallAdd = *(DWORD*)(NetClassptr + EncryptCall) are set with some random numbers, i'm sure the cast is good and i removed the base adding indeed ><

I'm very new with hooks, i just done on D3DWrapper project, and i search for a deep documentation on, because i had failed to find one good with ggl!

So thanks again for explanation.

PS : how i declare my Hook :

Code:

typedef VOID (__thiscall *tPacketEncrypt)(VOID* _EAX, VOID* _EDX, VOID* pThis, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize);
tPacketEncrypt oPacketEncrypt;
VOID __fastcall m_PacketEncrypt(VOID* _EAX , VOID* _ECX, VOID* pThis, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize);

Function header should be

VOID __fastcall m_PacketEncrypt(VOID* pThis, VOID* Unused, int bufferSize, VOID* pBuffer, VOID* pTargetBuffer)

typedef VOID (__thiscall *tPacketEncrypt)(VOID* _EAX, VOID* _EDX, VOID* pThis, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize);

should be

typedef VOID (__thiscall *tPacketEncrypt)(VOID* pThis, int bufferSize, VOID* pBuffer, VOID* pTargetBuffer);

and

VOID __fastcall m_PacketEncrypt(VOID* _EAX , VOID* _ECX, VOID* pThis, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize));

should be

VOID __fastcall m_PacketEncrypt(VOID* pThis, VOID* Unused, int bufferSize, VOID* pBuffer, VOID* pTargetBuffer);

Since msfastcall is different than borlands fastcall. My first post was also a bit wrong, I just corrected it.

edit: Just letting you know that the offsets are not working anymore with the latest patch

[midi12]

Quote:

Originally Posted by Cencil

edit: Just letting you know that the offsets are not working anymore with the latest patch

Thanks detouring PacketEncrypt is now working fine, just crashing at original call but i'll work on it (whend using encryptcalladd).
The problem i have is i got a high number of packet throught the hook o_o
I use currently use pThis in oPacketEncrypt because EncryptCallAdd make the program crashing, i'm think it's because of the use of pThis and not of EncryptCallAdd that i got a lot of packet.

And yes new offsets are :

Code:

#define NetworkClass 0x015C1DD4
#define EncryptCall 0x1CC
#define EncryptPacket 0x00A62160

Just EncryptPacket changed !

Ok, this is fixed, i just check pThis is equal to EncryptCall to just log outgoing packet ^^"
But packets are differents than your, eg for Heartbeat i got:

Code:

size : 4
packet : c 0 0 0

Thanks again for help Cencil