Register for your free account! | Forgot your password?

You last visited: Today at 10:23

  • Please register to post and access all features, it's quick, easy and FREE!

 

GW2 Memory Thread

Reply
 
Old   #31
 
elite*gold: 0
Join Date: Apr 2006
Posts: 307
Received Thanks: 27
Nutzt jemand c++ für seinen gw2 hack?



shuuky is offline  
Old   #32

 
elite*gold: 41
Join Date: Oct 2007
Posts: 1,947
Received Thanks: 3,118
ja ich wieso?


LordKill is offline  
Old   #33
 
elite*gold: 0
Join Date: Apr 2006
Posts: 307
Received Thanks: 27
Hast du oder evtl. jemand ander lust es ein bischen open source zu machen, damit man davon lernen kann, wie der code aufgebaut ist ect?

Kannst ja auch dir wichtige hacks ect. rauslassen wenn du sie nicht vö willst.
shuuky is offline  
Old   #34
 
elite*gold: 0
Join Date: Apr 2009
Posts: 793
Received Thanks: 365
Quote:
Originally Posted by shuuky View Post
Hast du oder evtl. jemand ander lust es ein bischen open source zu machen, damit man davon lernen kann, wie der code aufgebaut ist ect?

Kannst ja auch dir wichtige hacks ect. rauslassen wenn du sie nicht vö willst.
Objektorientierte Programmierung



Sorry, aber das ist nichts was speziell mit Hacks sondern mit Programmieren im Allgemein zu tuen hat. Zu jener Thematik gibt es Dutzende von Büchern und die verschiedene Techniken, Patterns und Paradigma lassen sich nicht anhand eines einziges Programmes verstehen. Außerdem sind Hacks / Bots normalerweise nicht gerade die besten Beispiele für OOP oder einen guten Stil. Wenn du nur in c++ interessiert wirst du es sowieso schwieriger haben, da die Sprache doch ihre ganz eigenen Kniffe hat (constness,templates, RAII, value semantics um nur ein paar zu nennen). Guter c++ code ist rar! Wenn du trotzdem nicht von c++ abhälts rate ich dir die Poco libs anzusehen; mit Abstand einer der saubersten und objektorientiertesten c++ libs, die es so gibt.


Xereon is offline  
Old   #35
 
elite*gold: 30
Join Date: May 2008
Posts: 201
Received Thanks: 321
Quote:
Originally Posted by shuuky View Post
Hast du oder evtl. jemand ander lust es ein bischen open source zu machen, damit man davon lernen kann, wie der code aufgebaut ist ect?

Kannst ja auch dir wichtige hacks ect. rauslassen wenn du sie nicht vö willst.
Also wenn du allgemein c++ näher kennenlernen möchtest, solltest du vlt nicht gleich hackspezifisch durchstarten. es gibt unzählige beginner tuts für c++ um einfach einsteigen zu können. Wenn du wirklich objektorientiert proggen möchtest, solltest du c++ eher meiden. mein tipp für oop ist java. eignet sich aber nicht für hacks.

solltest du dir einfach nur nen teleporter bauen wollen zum testen, schau dir mal den c# code zum auslesen der char koordinaten an, den djmatrix1987 gepostet hat. den code kann man simple ändern um die werte nicht zu lesen sondern zu schreiben.

gruß piotr
piotr55 is offline  
Old   #36
 
elite*gold: 0
Join Date: Jul 2011
Posts: 5
Received Thanks: 2
So the first step is done Map is finished. Here a preview of the GW2 bot.
djmatrix1987 is offline  
Old   #37
 
elite*gold: 30
Join Date: May 2008
Posts: 201
Received Thanks: 321
Quote:
Originally Posted by djmatrix1987 View Post
So the first step is done Map is finished. Here a preview of the GW2 bot.
Nice was wirds wenns fertig ist? nen bot mit wegpunkten oder wie?

gruß piotr
piotr55 is offline  
Old   #38
 
elite*gold: 0
Join Date: Jul 2011
Posts: 5
Received Thanks: 2
Wird ein richtiger Bot mit Wegpunkten, diese mann dan auf der Karte zeichnen kann. Im Moment sind die Wegpunkte ingame auch auf der Karte vorhanden und die Rüssi / Händler.
djmatrix1987 is offline  
Thanks
2 Users
Old   #39
 
elite*gold: 0
Join Date: Oct 2012
Posts: 6
Received Thanks: 3
Quote:
Originally Posted by Cencil View Post
Packet encryption for sending packets (imagebase already added)

Code:
  off_NetworkClass            = $015C1DD4; // [15754]
  off_EncryptCallAdd          = $1CC;      // [15754]
  off_EncryptPacket           = $00A62190; // [15754]

procedure EncryptPacket(pBuffer, pTargetBuffer: Pointer; bufferSize: Integer);
const
  // delphi __thiscall hekk, ignore _eax and _edx and reverse the order
  gw2Encrypt: procedure( _eax, _edx, pThis, pTargetBuffer, pBuffer: Pointer; bufferSize: Integer) = Pointer(off_EncryptPacket); 
begin
  gw2Encrypt(nil, nil, Pointer(PCardinal(off_NetworkClass)^ + off_EncryptCallAdd), pTargetBuffer, pBuffer, bufferSize);
end;
After the encryption you have to send your packet immediately or the server will receive wrong encrypted packets by the client. Just put the targetbuffer into the winsock send function, so easy.
Hi, first thanks for these offsets, this is very interresting, i tried to implement this to a c++ dll. Hooks on EncryptPacket and send are applying fine but when EncryptPacket is called, the game instantly crashes :/

Here is the code i do in my hooked EncryptPacket & send :

Code:
VOID __fastcall m_PacketEncrypt(VOID* pTargetBuffer, VOID* pBuffer, int bufferSize)
{
	DWORD NetClassptr = *(DWORD*)(gw2_base + NetworkClass);
	VOID* EncryptCallAdd = *(VOID**)(NetClassptr + EncryptCall);

	/*for(int i = 0; i < bufferSize; i++)
	{
		cout << hex << pBuffer[i];
	}*/

	cout << "m_PacketEncrypt()" << endl;
	cout << hex << NetClassptr << endl;
	cout << hex << EncryptCallAdd << endl;
	cout << hex << (const char*)pBuffer << endl;
	cout << hex << (const char*)pTargetBuffer << endl;
	cout << bufferSize << endl;
	cout << "m_PacketEncrypt()" << endl;
	cout << "_________________" << endl;

	//m_send(m_s, (const char*)pTargetBuffer, bufferSize, NULL); 

	return pPacketEncrypt(NULL, NULL, EncryptCallAdd, pTargetBuffer, pBuffer, bufferSize);
}

int WINAPI m_send(SOCKET s, const char* buf, int len, int flags)
{
	cout << "m_send()" << endl;
	cout << buf << endl;
	cout << len << endl;
	cout << flags << endl;
	cout << "m_send()" << endl;
	cout << "________" << endl;

	m_s = s;
	
	return pSend(s, buf, len, flags);
}
Can help me plz ? winsock send hook work pretty but not packet enc
midi12 is offline  
Old   #40
 
elite*gold: 97
Join Date: Jun 2007
Posts: 2,246
Received Thanks: 4,850
I'm sure there are better ways to send packets. GW2 puts all packets into a list and sends it, there is a high chance that your encryption will fail if you do it in your own thread.

Still had no time to completely reverse it.

return pPacketEncrypt(NULL, NULL, EncryptCallAdd, pTargetBuffer, pBuffer, bufferSize);

Looks wrong, EncryptCallAdd should be the first parameter (as you use msfastcall). Also you don't need to add the base to the offset, I already did it.

If your code is a detour you should also add edx and ecx as the first parameters
VOID __fastcall m_PacketEncrypt(VOID* ecx, VOID * Unused, int bufferSize, VOID* pBuffer, VOID* pTargetBuffer)

Hope this helps.

Anyway here's my detour in delphi, it's crap but hey it works.

Code:
procedure hk_PacketCrypt(_eax, _edx, pThis, pEncryptedBuffer, pBuffer: Pointer; packetSize: Integer);
var
  buffer: Array of Byte;
  i: Integer;
  sLog, sOpName: string;
  wOpCode: Word;
const
  org_PacketCrypt: procedure(_eax, _edx, pThis, pEncryptedBuffer, pBuffer: Pointer; packetSize: Integer) = Pointer($00A62190);
begin
  if (g_bLogOutgoingPackets) then
  begin
    SetLength(buffer, packetSize);
    Move(pBuffer^, buffer[0], packetSize);

    for i := Low(buffer) to High(buffer) do
    begin
      sLog := sLog + IntToHex(buffer[i], 2) + ' ';
    end;

    Move(buffer[0], wOpCode, SizeOf(wOpCode));

    case wOpCode of
      $0D:
        sOpName := 'MovementHeartbeat';
      $0F:
        sOpName := 'CastSpell';
      $21:
        sOpName := 'MoveItem';
      $54:
        sOpName := 'ChatMessage';
      $56:
        sOpName := 'SlashCommand';
      $7C:
        sOpName := 'Unlock bag slot'
      else
        sOpName := 'Unknown';
    end;

    LogConsole ('======================================================');
    LogConsoleF('C->S Packet code: %x (%s) Size: %d', [wOpCode, sOpName, Length(buffer)]);
    LogConsole ('======================================================');
    LogConsole (sLog);
    LogConsole ('======================================================');
  end;

  org_PacketCrypt(_eax, _edx, pThis, pEncryptedBuffer, pBuffer, packetSize);
end;
I'm overwriting the call at 0x00A5D011, else you'll also see the incoming packets.
Cencil is offline  
Old   #41

 
elite*gold: 0
The Black Market: 119/0/0
Join Date: Feb 2008
Posts: 3,494
Received Thanks: 1,183
Code:
E-Mail Address - 0x015C0D38
Else is offline  
Old   #42
 
elite*gold: 0
Join Date: Oct 2012
Posts: 6
Received Thanks: 3
Thanks for the answer, i'm doing like this now but it crash at calling oPacketEncrypt (I cleaned my src a little ^^') (oPacketEncrypt is new name for pPacketEncrypt)

Code:
VOID __fastcall m_PacketEncrypt(VOID* _EAX, VOID* _ECX, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize)
{
	DWORD NetClassptr = *(DWORD*)(NetworkClass);
	DWORD EncryptCallAdd = *(DWORD*)(NetClassptr + EncryptCall);

	cout << "================================" << endl;
	cout << NetClassptr << endl;
	cout << EncryptCallAdd << endl;
	cout << "================================" << endl;

	//m_send(m_s, (const char*)pTargetBuffer, bufferSize, 0);
	return oPacketEncrypt(_EAX, (VOID*)EncryptCallAdd, NULL /*don't find what place here and NULL fail*/, pTargetBuffer, pBuffer, bufferSize);
}
I use MSDetours 1.5 and the call of m_PacketEncrypt works fine now !

In PacketEncrypt(_EAX, (VOID*)EncryptCallAdd, NULL, pTargetBuffer, pBuffer, bufferSize);
I set 3rd parameters as NULL because I didn't know which argument passing to it.

Also after checking
DWORD EncryptCallAdd = *(DWORD*)(NetClassptr + EncryptCall) are set with some random numbers, i'm sure the cast is good and i removed the base adding indeed ><

I'm very new with hooks, i just done on D3DWrapper project, and i search for a deep documentation on, because i had failed to find one good with ggl!

So thanks again for explanation.

PS : how i declare my Hook :
Code:
typedef VOID (__thiscall *tPacketEncrypt)(VOID* _EAX, VOID* _EDX, VOID* pThis, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize);
tPacketEncrypt oPacketEncrypt;
VOID __fastcall m_PacketEncrypt(VOID* _EAX , VOID* _ECX, VOID* pThis, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize);
midi12 is offline  
Old   #43

 
elite*gold: 0
The Black Market: 119/0/0
Join Date: Feb 2008
Posts: 3,494
Received Thanks: 1,183
For Constants Data, uvm.:


Code:
 public enum ItemRarities : uint
        {
            Junk = 0,
            Common = 1,
            Fine = 2,
            Masterwork = 3,
            Rare = 4,
            Exotic = 5,
            Legendary = 6,
        }

        public enum AgentAttitudes : uint
        {
            Friendly = 0,
            Hostile = 1,
            Neutral = 2,
            UnattackablePNJ = 3,
        }

        public enum GatheringType : uint
        {
            Herb = 0,
            Wood = 1,
            Mine = 2,
            None = 3,
        }

        public enum ItemTypes : uint
        {
            Armor = 0,
            Back = 1,
            Bag = 2,
            Consumable = 3,
            Container = 4,
            CraftingMaterial = 5,
            Gathering = 6,
            Gizmo = 7,
            MiniDeck = 9,
            Tool = 13,
            Trinket = 15,
            Trophy = 16,
            UpgradeComponent = 17,
            Weapon = 18,
            //NUM_ITEM_TYPES = 19,
        }

        public enum AgentTypes : uint
        {
            Char = 0,
            Gadget = 8,
            Gadget_Attack_Target = 9,
            Item = 13,
        }

        public enum EquipmentSlot : uint
        {
            AquaticHeadgear = 0,
            Chest = 2,
            Boots = 3,
            Gloves = 4,
            Headgear = 5,
            Leggings = 6,
            Shoulders = 7,
            Back = 11,
            Accessory1 = 12,
            Accessory2 = 13,
            Amulet = 14,
            Ring1 = 15,
            Ring2 = 16,
            TownClothesHeadgear = 17,
            TownClothesChest = 18,
            TownClothesGloves = 19,
            TownClothesLeggings = 20,
            TownClothesShoes = 21,
            TownClothesToy = 22,
            AquaticWeapon = 24,
            AlternateAquaticWeapon = 25,
            MainHandWeapon = 29,
            OffHandWeapon = 30,
            AlternateMainHandWeapon = 31,
            AlternateOffHandWeapon = 32,
            ForagingTool = 34,
            LoggingTool = 35,
            MiningTool = 36,
        }

        public enum ItemDurabilities : uint
        {
            Ok = 0,
            Damaged = 1,
            Broken = 2,
        }

        public enum UiFlags : int
        {
            Autoloot = 0x2,
            EnableCameraShake = 0x8,
            UseFreeCamera = 0x10,
            DoubleClickToAttackInteract = 0x100,
            InvertCameraYAxis = 0x1000,
            ShowAllEnemyNames = 0x10000,
            ShowAllNPCNames = 0x20000,
            ShowAllPlayerNames = 0x8000,
            ShowSkillRecharge = 0x80000,
            SimplePartyUI = 0x200000,
            Autotargeting = 0x400000,
            StopAutoAttackingOnTargetChange = 0x800000,
            DoubleTapToEvade = 0x2000000,
            DisableAreaOfEffectRings = 0x1000000,
            FastCastGroundTargeting = 0x4000000,
            PromoteSkillTarget = 0x8000000,
            MeleeAttackAssist = 0x10000000,
        }

        public enum ResolutionMode : uint
        {
            Windowed = 0,
            Fullscreen = 1,
            FullscreenWindowed = 2,
        }

        public enum WeaponType : byte
        {
            Sword = 0,
            Hammer = 1,
            Longbow = 2,
            Shortbow = 3,
            Axe = 4,
            Dagger = 5,
            Greatsword = 6,
            Mace = 7,
            Pistol = 8,
            Rifle = 10,
            Scepter = 11,
            Staff = 12,
            Focus = 13,
            Torch = 14,
            Warhorn = 15,
            Shield = 16,
            Spear = 19,
            HarpoonGun = 20,
            Trident = 21,
        }

        public enum SkillTypes : uint
        {
            Ability = 0,
            Buff = 1,
        }

Source: [B][URL="http://www.**************/forums/mmo/guild-wars-2/gw2-memory-editing/378035-gw2-constant-data-enums-structs-etc.html"]Here[/URL][/B]
Else is offline  
Thanks
1 User
Old   #44
 
elite*gold: 97
Join Date: Jun 2007
Posts: 2,246
Received Thanks: 4,850
Quote:
Originally Posted by midi12 View Post
Thanks for the answer, i'm doing like this now but it crash at calling oPacketEncrypt (I cleaned my src a little ^^') (oPacketEncrypt is new name for pPacketEncrypt)

Code:
VOID __fastcall m_PacketEncrypt(VOID* _EAX, VOID* _ECX, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize)
{
	DWORD NetClassptr = *(DWORD*)(NetworkClass);
	DWORD EncryptCallAdd = *(DWORD*)(NetClassptr + EncryptCall);

	cout << "================================" << endl;
	cout << NetClassptr << endl;
	cout << EncryptCallAdd << endl;
	cout << "================================" << endl;

	//m_send(m_s, (const char*)pTargetBuffer, bufferSize, 0);
	return oPacketEncrypt(_EAX, (VOID*)EncryptCallAdd, NULL /*don't find what place here and NULL fail*/, pTargetBuffer, pBuffer, bufferSize);
}
I use MSDetours 1.5 and the call of m_PacketEncrypt works fine now !

In PacketEncrypt(_EAX, (VOID*)EncryptCallAdd, NULL, pTargetBuffer, pBuffer, bufferSize);
I set 3rd parameters as NULL because I didn't know which argument passing to it.

Also after checking
DWORD EncryptCallAdd = *(DWORD*)(NetClassptr + EncryptCall) are set with some random numbers, i'm sure the cast is good and i removed the base adding indeed ><

I'm very new with hooks, i just done on D3DWrapper project, and i search for a deep documentation on, because i had failed to find one good with ggl!

So thanks again for explanation.

PS : how i declare my Hook :
Code:
typedef VOID (__thiscall *tPacketEncrypt)(VOID* _EAX, VOID* _EDX, VOID* pThis, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize);
tPacketEncrypt oPacketEncrypt;
VOID __fastcall m_PacketEncrypt(VOID* _EAX , VOID* _ECX, VOID* pThis, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize);
Function header should be

VOID __fastcall m_PacketEncrypt(VOID* pThis, VOID* Unused, int bufferSize, VOID* pBuffer, VOID* pTargetBuffer)

typedef VOID (__thiscall *tPacketEncrypt)(VOID* _EAX, VOID* _EDX, VOID* pThis, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize);

should be

typedef VOID (__thiscall *tPacketEncrypt)(VOID* pThis, int bufferSize, VOID* pBuffer, VOID* pTargetBuffer);

and

VOID __fastcall m_PacketEncrypt(VOID* _EAX , VOID* _ECX, VOID* pThis, VOID* pTargetBuffer, VOID* pBuffer, int bufferSize));

should be

VOID __fastcall m_PacketEncrypt(VOID* pThis, VOID* Unused, int bufferSize, VOID* pBuffer, VOID* pTargetBuffer);

Since msfastcall is different than borlands fastcall. My first post was also a bit wrong, I just corrected it.

edit: Just letting you know that the offsets are not working anymore with the latest patch
Cencil is offline  
Thanks
1 User
Old   #45
 
elite*gold: 0
Join Date: Oct 2012
Posts: 6
Received Thanks: 3
Quote:
Originally Posted by Cencil View Post
edit: Just letting you know that the offsets are not working anymore with the latest patch
Thanks detouring PacketEncrypt is now working fine, just crashing at original call but i'll work on it (whend using encryptcalladd).
The problem i have is i got a high number of packet throught the hook o_o
I use currently use pThis in oPacketEncrypt because EncryptCallAdd make the program crashing, i'm think it's because of the use of pThis and not of EncryptCallAdd that i got a lot of packet.

And yes new offsets are :
Code:
#define NetworkClass 0x015C1DD4
#define EncryptCall 0x1CC
#define EncryptPacket 0x00A62160
Just EncryptPacket changed !

Ok, this is fixed, i just check pThis is equal to EncryptCall to just log outgoing packet ^^"
But packets are differents than your, eg for Heartbeat i got:
Code:
size : 4
packet : c 0 0 0
Thanks again for help Cencil


midi12 is offline  
Reply



« Previous Thread | Next Thread »

Similar Threads
Grand Chase Memory Hacking Brigade Application Thread
Grand Chase Memory Hackers Brigade http://www.elitepvpers.com/forum/customgroupicons/socialgroupicon_1406_1294233999.gif Since i can't do...
34 Replies - Grand Chase
grand chase memory hackers brigade application thread
Grand Chase Memory Hackers Brigade http://www.elitepvpers.com/forum/customgroupicons/socialgroupicon_1406_1294233999.gif Since i can't do...
26 Replies - Grand Chase Philippines
Quick Memory Editor - Alternative Memory Hacking Software
This might be detected or not by GameGuard, I have not tested this on Official servers however it worked perfectly fine on other private servers....
11 Replies - Cabal Hacks, Bots, Cheats, Exploits & Macros
Fragen Zur Memory!!!(Auslesen von Spawn/Memory)
hey leute, ich wollte mal einen bot schreiben und nun bin ich ganz verwirrt. könnte mir jmd bitte schritt für schritt erklären wie das mit Memory...
3 Replies - Guild Wars



All times are GMT +2. The time now is 10:23.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2017 elitepvpers All Rights Reserved.