GW2 Memory Thread

buFFy! · 01/14/2013, 21:46

Quote:

Originally Posted by hans2116

Wie kann man so ein Packetsend Funktion finden??
Vielleicht mit Wireshark oder ollydbg??

OllyDBG wäre ein Anfang

TheDarkShadows · 01/14/2013, 21:52

Quote:

Originally Posted by buFFy!

OllyDBG wäre ein Anfang

Danke
Kennst du ein Paar gute OllyDBG Tutorial ??

buFFy! · 01/14/2013, 21:58

Lenas Reversing for Newbies. Einfach mal googlen.

sgt.pootis · 02/05/2013, 19:48

Hey all. I know this is a rather old thread but IDK where else to post so whatever. I'm having some issues detour the packet funcion, here's the code. Note I'm using Sinners DetourXS.

I'm not familiar with fastcall hooks, so any help would be nice! Thanks.

Code:

/*
void __fastcall sub_A82A50(int a1, int a2, signed int a3)

call example
.text:00C37B8E                 mov     edx, 0Ah
.text:00C37B93                 mov     ecx, eax
.text:00C37B95                 call    sub_A82A50
*/

typedef VOID (__thiscall *tPacketEncrypt)(VOID* pThis, int bufferSize, VOID* pBuffer, VOID* pTargetBuffer);
tPacketEncrypt oPacketEncrypt;
VOID __fastcall m_PacketEncrypt(VOID* pThis, VOID* Unused, int bufferSize, VOID* pBuffer, VOID* pTargetBuffer)
{
	// note EDX, ECX, *
	// use inline asm ???
	return oPacketEncrypt( pThis, bufferSize, pBuffer, pTargetBuffer );
}

void init_hooks()
{
	// todo: sig scans
	oPacketEncrypt = (tPacketEncrypt)DetourCreate( (void*)0x00A82A50, m_PacketEncrypt, DETOUR_TYPE_JMP, 0x5 );
}

This code crashes almost instantly and brings up the send report dialog.

Deathsnacks · 02/05/2013, 23:13

Quote:

Originally Posted by sgt.pootis

This code crashes almost instantly and brings up the send report dialog.

Because that isn't the EncryptPacket function. Thats the PutPacketQueue function.

urmomslover · 02/06/2013, 01:48

wäre schöön wenn man irgednwie die offsets auch vom andernen porter mal posten könnte.

sgt.pootis · 02/06/2013, 02:05

Quote:

Originally Posted by Deathsnacks

Because that isn't the EncryptPacket function. Thats the PutPacketQueue function.

[facepalm] Well no ****. [/facepalm]

This is what happens when you code when sleepys as hell. Oh well. *****

sgt.pootis · 02/07/2013, 05:14

What are the parameters for the function? IDK what the first param is, and I believe the second parameter is a buffer length, and the 3rd parameter is a pointer to the buffer. Is that correct?

Ext3h · 02/07/2013, 06:58

Code:

typedef VOID (__thiscall *tPacketEncrypt)(VOID* pThis, int bufferSize, VOID* pBuffer, VOID* pTargetBuffer);

It's a __thiscall, this means that the first parameter is always a pointer to an object of the class this function belongs to. You were right about the second parameter, thats the size of the buffer in bytes. Third parameter is source buffer. Forth Parameter is named wrong, it's not the destination where the encrypted buffer is written to, but rather a pointer to additional data which will be packed in the package (e.g. pointer to null terminated string for chat messages). The destination is not passed a as parameter.

sgt.pootis · 02/07/2013, 07:12

I see. I figured that much out with google (the "this" pointer that is). What about the PutPacketQueue() function params? Same story?

Code:

typedef void (__fastcall *tPutPacketQueue)( void *pThis, int buffsz, void *pBuff );

Deathsnacks · 02/07/2013, 10:55

Quote:
Originally Posted by sgt.pootis
I see. I figured that much out with google (the "this" pointer that is). What about the PutPacketQueue() function params? Same story?
Code:
typedef void (__fastcall *tPutPacketQueue)( void *pThis, int buffsz, void *pBuff );

Yup.

sgt.pootis · 02/10/2013, 15:56

Can anyone post some up-to-date classes/structures, or some somewhat outdated ones for me to reclass?

Thanks.

The Annihilator · 09/28/2013, 18:03

Well guys a little question for all of you before I'm starting to crash GW2 with a custom DLL for myself:

Are any kind of Anti-Cheat messures in GW2 and it's Launcher implemented? Like scanning for detours or invalid/modified packets/memoryregions and/or do they sent that information with their crashreports?

I've read that claim from MMOMinion that they might at least send some senstive information regarding that in their crashreport and even have a serverside parser for it filtering out any modifications and do autobans. Thats why I'm might be looking into hooking into it first before starting with anything more specific.

Or is that just a false claim, trying to stop people from injecting their dlls with another launcher (really sounds like it as its theoretically so easy to get around that kind of claimed crashreport-detection)?

Rhubarb.Trader · 09/28/2013, 19:39

There is no client side anticheat in gw2. I wouldn't send crash reports just on the rare principal it might be looked at by someone. The only anticheat is server side pattern detection for instance if you sit in one spot for hours with a macro hitting button 1 to kill mobs. They also have a few checks on packets most interesting of which has to do with heartbeat/movement hence the distance bans for teleport hacking. I would try to avoid sending malformed/incorrect values in packets as well.

xoraxax · 10/09/2013, 10:48

Does anyone know how the environment informarion is stored - i mean players, mobs, loot etc which are available on the map around the player (Is it arrays or kinda hashtables or anything else?). And a tip how to find it would be very helpfull too.