Register for your free account! | Forgot your password?

You last visited: Today at 16:05

  • Please register to post and access all features, it's quick, easy and FREE!

 

GW2 Memory Thread

Reply
 
Old   #46
 
elite*gold: 97
Join Date: Jun 2007
Posts: 2,246
Received Thanks: 4,850
Quote:
Originally Posted by midi12 View Post
Ok, this is fixed, i just check pThis is equal to EncryptCall to just log outgoing packet ^^"
But packets are differents than your, eg for Heartbeat i got:
Code:
size : 4
packet : c 0 0 0
Thanks again for help Cencil
Yeah with heartbeat I just meant the movement
Change the last flag from 0 to 1 to get an auto sync teleporter with packets

Heartbeat movement packet (packed!) under normal conditions:
uint16 packet code (0x0D)
uint16 time1
uint16 time2
float x
float y
float z
uint8 unk
uint16 flags, just set this **** to 0x1



Cencil is offline  
Thanks
1 User
Old   #47
 
elite*gold: 0
Join Date: Oct 2012
Posts: 6
Received Thanks: 3
Quote:
Originally Posted by Cencil View Post
Yeah with heartbeat I just meant the movement
Lol okay ^^ so yes I got D for opcode when I move ! Thanks for confirmation !

new offsets :
#define EncryptPacket 0x00A69E40
#define NetworkClass 0x015D0754


midi12 is offline  
Thanks
1 User
Old   #48
 
elite*gold: 0
Join Date: Apr 2012
Posts: 7
Received Thanks: 0
Quote:
Originally Posted by Cencil View Post
Yeah with heartbeat I just meant the movement
Change the last flag from 0 to 1 to get an auto sync teleporter with packets

Heartbeat movement packet under normal conditions:
uint16 packet code (0x0D)
uint16 time1
uint16 time2
float x
float y
float z
uint8 unk
uint16 flags, just set this **** to 0x1
If either of you care to help out a newb with this, I'd be appreciative. I'm able to log the packets using Wireshark which I assume are encrypted (none of the movement packets contain 0x0D or 0x0C). I've found the EncryptPacket function in CE as well. I have no idea what to do from here.

Sorry for the probable unintelligent reply but I'm new to packet sniffing etc. I have decent knowledge with programming (including .asm) but am completely stuck in trying to write an autosync teleporter. The easiest approach seems to be by packet manipulation so I thought I'd give it a go. Thanks in advance for any information you may be able to provide.
whitea2 is offline  
Old   #49
 
elite*gold: 0
Join Date: Oct 2012
Posts: 16
Received Thanks: 0
modify the packet data before it gets encrypted


creepsi is offline  
Old   #50
 
elite*gold: 0
Join Date: Apr 2009
Posts: 793
Received Thanks: 365
Quote:
Originally Posted by whitea2 View Post
If either of you care to help out a newb with this, I'd be appreciative. I'm able to log the packets using Wireshark which I assume are encrypted (none of the movement packets contain 0x0D or 0x0C). I've found the EncryptPacket function in CE as well. I have no idea what to do from here.

Sorry for the probable unintelligent reply but I'm new to packet sniffing etc. I have decent knowledge with programming (including .asm) but am completely stuck in trying to write an autosync teleporter. The easiest approach seems to be by packet manipulation so I thought I'd give it a go. Thanks in advance for any information you may be able to provide.
Get away from CE; "reversing" with CE is kid stuff; grab a debuger (either ollydbg or ida) and break at the EncryptPacket function. If its really the right function you should be able to retrieve the buffer. Now walk up the callstack to find the SendPacket function.
Xereon is offline  
Thanks
1 User
Old   #51
 
elite*gold: 0
Join Date: Oct 2012
Posts: 6
Received Thanks: 3
Anyone can share the new mouseovers' pointers & offsets ? I'm not able to retrieves them :/

Quote:
Originally Posted by whitea2 View Post
I'm able to log the packets using Wireshark which I assume are encrypted
Wireshark sniff all packets on your connection, so your will get all packets outgoing from your computer (eg : net browser ect..), a best way to deal with Gw2 packets is WPE Pro tool, who hook winsocks function (send/recv ect) 1.1 and 2.0. So you'll get encrypted packets as you assumed. The only way to deal with unencrypted packets is to detour/hook SendPacket or PacketEncrypt.
Here some ressource to doing this :

C++ :
Detours from Microsoft : http://research.microsoft.com/en-us/projects/detours/ (here is 3.0 but i personnaly use 1.5, which is most firendly to use and don't need to be compiled, just use the .h and .lib)

Hand done detour :
Code:
void *detourFunction(BYTE *src, const BYTE *dst, const int len)
{
	BYTE *jmp = (BYTE*)malloc(len + 5);
	DWORD dwback;

	VirtualProtect(src, len, PAGE_READWRITE, &dwback);
	memcpy(jmp, src, len);
	jmp += len;
	jmp[0] = 0xE9;
	*(DWORD*)(jmp + 1) = (DWORD)(src + len - jmp) - 5;
	src[0] = 0xE9;
	*(DWORD*)(src + 1) = (DWORD)(dst - src) - 5;
	VirtualProtect(src, len, dwback, &dwback);

	return (jmp - len);
}
(Beware this is highly detectable (public) but you can be inspired by this code to do it)

ASM:
Just save registers
copy firsts bytes
replace with a jmp to your own function
recopy copied bytes
???
jmp to last location



I'm not in ASM coding so this is probably wrong, but just a idea how this can be done :/
midi12 is offline  
Thanks
2 Users
Old   #52
 
elite*gold: 0
Join Date: Apr 2007
Posts: 950
Received Thanks: 2,403
Hey Midi, I have an easy way to find mouse over

In olly I do a byte search for this (3B C3 74 5D D9 45 BC 8B 4D C8) which lands you at this code:
You must register and activate your account in order to view images.
Set a breakpoint on the value you want, I usually just find X since y and z are only 4/8 bytes away
From there you can use CE to pointer scan but anyway the current pointers are:

GW2.exe + 12A3C88 offset 0x80 -X
GW2.exe + 12A3C88 offset 0x84 -Y
GW2.exe + 12A3C88 offset 0x88 -Z
*M* is offline  
Thanks
1 User
Old   #53
 
elite*gold: 0
Join Date: Oct 2012
Posts: 6
Received Thanks: 3
Thanks for the explanation !

New offsets :
#define EncryptPacket 0x00A69B50
midi12 is offline  
Old   #54
 
elite*gold: 57
Join Date: Jun 2007
Posts: 10,721
Received Thanks: 5,092
mems updated
_revo is offline  
Thanks
1 User
Old   #55
 
elite*gold: 2
Join Date: Jul 2011
Posts: 148
Received Thanks: 12
Hmm I tried alot of things but still cant figure it out how to do this :S
Can someone send me quick tutorial?
And is it true u can change ur characters level?

Really appreciate it
jultjeboy is offline  
Old   #56
 
elite*gold: 0
Join Date: Apr 2012
Posts: 7
Received Thanks: 0
Quote:
Originally Posted by jultjeboy View Post
Hmm I tried alot of things but still cant figure it out how to do this :S
Can someone send me quick tutorial?

Really appreciate it
If you're referring to memory editing, you can always download Cheat Engine and go through its tutorial. That'll at least get you started.

Quote:
Originally Posted by jultjeboy View Post
And is it true u can change ur characters level?
Never heard that before. Seems highly unlikely as that information is stored on the server.
whitea2 is offline  
Old   #57
 
elite*gold: 0
Join Date: Oct 2012
Posts: 16
Received Thanks: 0
but displayed on the client
creepsi is offline  
Old   #58
 
elite*gold: 0
Join Date: Apr 2012
Posts: 7
Received Thanks: 0
Anyone know the new NetClassPtr? I'd love to get back to trying the packet logger.
whitea2 is offline  
Old   #59
 
elite*gold: 97
Join Date: Jun 2007
Posts: 2,246
Received Thanks: 4,850
Quote:
Originally Posted by whitea2 View Post
Anyone know the new NetClassPtr? I'd love to get back to trying the packet logger.
Code:
  off_NetworkClass            = $015D0754; // [15898]
  off_EncryptCallAdd          = $1CC;      // [15898]
  off_EncryptPacket           = $00A69C60; // [15898]
Cencil is offline  
Thanks
1 User
Old   #60
 
elite*gold: 0
Join Date: Jun 2012
Posts: 28
Received Thanks: 13
Use a pattern or address to find the encrypt packet function in ollydbg. Set a breakpoint at the start of the encrypt function. Let it hit the break point press Alt + K goto the call window first one at the top go there. Set a new breakpoint check what is on the stack in the window.


Rhubarb.Trader is offline  
Reply



« Previous Thread | Next Thread »

Similar Threads
Grand Chase Memory Hacking Brigade Application Thread
Grand Chase Memory Hackers Brigade http://www.elitepvpers.com/forum/customgroupicons/socialgroupicon_1406_1294233999.gif Since i can't do...
34 Replies - Grand Chase
grand chase memory hackers brigade application thread
Grand Chase Memory Hackers Brigade http://www.elitepvpers.com/forum/customgroupicons/socialgroupicon_1406_1294233999.gif Since i can't do...
26 Replies - Grand Chase Philippines
Quick Memory Editor - Alternative Memory Hacking Software
This might be detected or not by GameGuard, I have not tested this on Official servers however it worked perfectly fine on other private servers....
11 Replies - Cabal Hacks, Bots, Cheats, Exploits & Macros
Fragen Zur Memory!!!(Auslesen von Spawn/Memory)
hey leute, ich wollte mal einen bot schreiben und nun bin ich ganz verwirrt. könnte mir jmd bitte schritt für schritt erklären wie das mit Memory...
3 Replies - Guild Wars



All times are GMT +2. The time now is 16:05.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy
Copyright ©2017 elitepvpers All Rights Reserved.