|
You last visited: Today at 23:13
Advertisement
(ASM) Nostale Send Function
Discussion on (ASM) Nostale Send Function within the Nostale forum part of the MMORPGs category.
11/06/2013, 22:41
|
#1
|
elite*gold: 0
Join Date: Aug 2013
Posts: 154
Received Thanks: 166
|
(ASM) Nostale Send Function
Hi guys, today i have a question and not a release, eheh !
I'm not very good in reverse engineering but i want learn it..
I chose a random packet ( c_skill, it's simple & fast ) and now i want try to write a function that send the packets to server ( dll with gui )
..I haven't problems to make the dll, so easy..
Then i got this with ollydbg:
Code:
0061908B A1 A0B06600 MOV EAX,DWORD PTR DS:[66B0A0]
00619090 8B00 MOV EAX,DWORD PTR DS:[EAX]
00619092 BA F4926100 MOV EDX,nostalex.006192F4 ; ASCII "c_skill"
00619097 E8 F85BF0FF CALL nostalex.0051EC94
0061909C E9 32010000 JMP nostalex.006191D3
006190A1 A1 F8BF6600 MOV EAX,DWORD PTR DS:[66BFF8]
006190A6 8B00 MOV EAX,DWORD PTR DS:[EAX]
006190A8 8B40 40 MOV EAX,DWORD PTR DS:[EAX+40]
I tryed with:
Code:
char *packet = "c_skill";
DWORD send_addr = 0x0051EC94;
_asm
{
MOV EDX, packet
CALL send_addr
}
But the client crash when i click on the button, it's doesn't work..
So i thought i'd had to add this:
Code:
0061908B A1 A0B06600 MOV EAX,DWORD PTR DS:[66B0A0]
00619090 8B00 MOV EAX,DWORD PTR DS:[EAX]
Then i written this:
Code:
char *packet = "c_skill";
DWORD send_addr = 0x0051EC94, send_eax = 0x0066B0A0;
_asm
{
MOV EAX, DWORD PTR DS:[send_eax]
MOV EAX, DWORD PTR DS:[EAX]
MOV EDX, packet
CALL send_addr
}
But i get the same problem..
Somebody, that know how to reverse, can help me ? thanks, i waiting answers..
|
|
|
11/06/2013, 23:10
|
#2
|
elite*gold: 0
Join Date: Apr 2010
Posts: 2,832
Received Thanks: 4,152
|
You have to zoidberg the sendadress pointer.
Code:
char *packet = "c_skill";
DWORD send_addr = const_cast<whoop*>0x0051EC94, send_eax = const_cast<whoop*>0x0066B0A0;
_asm
{
MOV EAX, DWORD WHOOP[PTR DS:[send_eax]]
MOV EAX, DWORD WHOOP[PTR DS:[EAX]]
MOV EDX, WHOOP[packet]
CALL send_addr
}
|
|
|
11/06/2013, 23:21
|
#3
|
elite*gold: 0
Join Date: Aug 2013
Posts: 154
Received Thanks: 166
|
what do exactly the whoop ? and what is the library for it ? thanks man !
|
|
|
11/06/2013, 23:58
|
#4
|
elite*gold: 0
Join Date: Apr 2010
Posts: 2,832
Received Thanks: 4,152
|
Haha no dude, it was a joke.
Your code looks correct.
Code:
char *packet = "c_skill";
DWORD send_addr = 0x0051EC94, send_eax = 0x0066B0A0;
_asm
{
MOV EAX, DWORD PTR DS:[send_eax]
MOV EAX, DWORD PTR DS:[EAX]
MOV EDX, packet
CALL send_addr
}
are you sure that send_addr is correct?
maybe somethings wrong with
char *packet = "c_skill";
i know its working with ansii strings of VCL, so try a 0x00 termination at the end of the packet.
did you try to set a breakpoint at send_addr and see at the register whats different?
|
|
|
11/07/2013, 00:09
|
#5
|
elite*gold: 0
Join Date: Aug 2013
Posts: 154
Received Thanks: 166
|
Quote:
Originally Posted by Elektrochemie
Haha no dude, it was a joke.
Your code looks correct.
Code:
char *packet = "c_skill";
DWORD send_addr = 0x0051EC94, send_eax = 0x0066B0A0;
_asm
{
MOV EAX, DWORD PTR DS:[send_eax]
MOV EAX, DWORD PTR DS:[EAX]
MOV EDX, packet
CALL send_addr
}
are you sure that send_addr is correct?
maybe somethings wrong with
char *packet = "c_skill";
i know its working with ansii strings of VCL, so try a 0x00 termination at the end of the packet.
did you try to set a breakpoint at send_addr and see at the register whats different?
|
Mmmh !! funny the video, ahah XD
You totally fucked me, man ! lol..
A moment and i say you what is wrong in the register at send_addr, the address is right like you can see on the asm code that i written in first post.. and all packets have it ( the call ) after eax and edx.. and with breakpoint i see all packets that client send..
If you want test, it's the download of dll.. only inject to the client xD
PS. I already tryed to add 0x00 at the end of packet but don't change nothing..
------------------------------------------------------------------------------
Ok, i post for you 3 screens..
1) c_skill from client ( normal, not dll ): 2) c_skill from dll:
3) error:
|
|
|
11/07/2013, 14:42
|
#6
|
elite*gold: 0
Join Date: Sep 2010
Posts: 132
Received Thanks: 29
|
Code:
__asm{
mov eax, dwRawPacketPTR
mov eax,DWORD PTR DS:[eax]
mov eax,DWORD PTR DS:[eax]
mov edx, szPacket
call dwSendRawPacket
}
maybe this will help you ;D
|
|
|
11/07/2013, 15:06
|
#7
|
elite*gold: 0
Join Date: Aug 2013
Posts: 154
Received Thanks: 166
|
Thanks PainToTheWorld but it's doesn't work..
dwRawPacketPTR = 0066B0A0 ?
dwSendRawPacket = 0051EC94 ?
I tryed so:
Code:
void SEND_TO_SERVER(char *packet)
{
DWORD send_addr = 0x0051EC94, send_eax = 0x0066B0A0;
__asm
{
mov eax, send_eax
mov eax, DWORD PTR DS:[eax]
mov eax, DWORD PTR DS:[eax]
mov edx, packet
call send_addr
}
}
And when i try to use on the client, this crash :O
|
|
|
11/07/2013, 17:45
|
#8
|
elite*gold: 0
Join Date: Sep 2010
Posts: 132
Received Thanks: 29
|
it crashes? or you just get an access violation message?
it should work.. if you give the function a null-terminated string...
send me your code for testing
|
|
|
11/07/2013, 18:26
|
#9
|
elite*gold: 0
Join Date: Jun 2011
Posts: 87
Received Thanks: 12
|
try this
Quote:
__asm{
MOV EDX,packet
MOV EAX,DWORD PTR DS:[654DDC]//654DDC it's old address you need to put new one
MOV EAX,DWORD PTR DS:[EAX]
MOV EAX,DWORD PTR DS:[EAX]
MOV EAX,DWORD PTR DS:[EAX]
CALL send_addr
}
|
|
|
|
11/07/2013, 19:20
|
#10
|
elite*gold: 0
Join Date: Aug 2013
Posts: 154
Received Thanks: 166
|
Code:
void SEND_TO_SERVER(char *packet)
{
DWORD send_addr = 0x0051EC94, send_eax = 0x0066B0A0;
__asm
{
MOV EDX, packet
MOV EAX, DWORD PTR DS:[send_eax]
MOV EAX, DWORD PTR DS:[EAX]
MOV EAX, DWORD PTR DS:[EAX]
MOV EAX, DWORD PTR DS:[EAX]
CALL send_addr
}
}
doesn't work..
Paint if u read my post i already said to you the code that i've tryed..
it crash, not access violation..
|
|
|
11/07/2013, 20:45
|
#11
|
elite*gold: 237
Join Date: Sep 2012
Posts: 982
Received Thanks: 1,199
|
Look at the function (as example. There are more singlepackets)
Quote:
There u can See the complete sendfunction. copy it 1:1
|
|
|
11/07/2013, 23:43
|
#12
|
elite*gold: 0
Join Date: Aug 2013
Posts: 154
Received Thanks: 166
|
don't change nothing, c_skill do the same.. xD
Code:
00657223 A1 A0B06600 MOV EAX,DWORD PTR DS:[66B0A0]
00657228 8B00 MOV EAX,DWORD PTR DS:[EAX]
0065722A BA F4726500 MOV EDX,nostalex.006572F4 ; ASCII "snap"
0065722F E8 607AECFF CALL nostalex.0051EC94
but i don't know why the function doesn't work..
OK GUYS !!
i tryed with:
Code:
void SEND_TO_SERVER(char *packet)
{
packet[strlen(packet)] = 0;
DWORD SEND_EAX = 0x66B0A0, C_SKILL = 0x006192F4, SEND_ADDR = 0x0051EC94;
__asm
{
MOV EAX, DWORD PTR DS:[SEND_EAX]
MOV EAX, DWORD PTR DS:[EAX]
MOV EAX, DWORD PTR DS:[EAX]
MOV EDX, packet
CALL SEND_ADDR
}
}
And the client crash.. I replaced MOV EDX, packet with MOV EDX, C_SKILL and it worked..
The problem is in char *packet = "c_skill";
Elektrochemie said that nostale client use AnsiString, i need to use it ? embarcadero include it ?
|
|
|
11/09/2013, 15:45
|
#13
|
elite*gold: 0
Join Date: Aug 2013
Posts: 154
Received Thanks: 166
|
Somebody can help me ?
|
|
|
11/09/2013, 17:14
|
#14
|
elite*gold: 20
Join Date: Jan 2012
Posts: 766
Received Thanks: 645
|
Try with this
Code:
void SEND_TO_SERVER(char *packet)
{
packet[strlen(packet)] = 0;
DWORD SEND_EAX = 0x66B0A0, PACKET = &packet, SEND_ADDR = 0x0051EC94;
__asm
{
MOV EAX, DWORD PTR DS:[SEND_EAX]
MOV EAX, DWORD PTR DS:[EAX]
MOV EAX, DWORD PTR DS:[EAX]
MOV EDX, PACKET
CALL SEND_ADDR
}
}
------
Edit i don't want up to 500 posts yet.
You need move the pointer(& <- Show's the pointer) to DWORD i think, then you set at DWORD the pointer of char* :P
|
|
|
11/09/2013, 18:42
|
#15
|
elite*gold: 0
Join Date: Aug 2013
Posts: 154
Received Thanks: 166
|
ernilos it's impossible..
you cantt use char** for initialize a dword entity..
first that you say me.. i already tryed with:
Code:
PACKET = (DWORD)&packet
but doesn't work, client crash <.<
|
|
|
|
|
Similar Threads
|
[Question]Sniff real send function / sent packets
04/02/2013 - Kal Online - 14 Replies
hello again ^^ , sorry for posting too much threads but i really need some help here xD , how can i hook real send function (where packets are still unencrypted) ?
thanks =]
|
(Req) How to Online Games send packet function writing
01/31/2012 - C/C++ - 5 Replies
hello epvp members
i am learning c++ now making basic game bot for knightonline
need a packet sent function how to writing for online games ?
|
KOSP and KOEM send packet function
08/14/2011 - Kal Hacks, Bots, Cheats & Exploits - 1 Replies
Hey, There is KOSP send packet function, but i still need KOEM. Can any1? :)
|
Control Send Function & Hotkeys
03/26/2011 - AutoIt - 0 Replies
Hallo liebe Com!
Ich ahbe mal eine Frage, in einem Spiel gibt es so Spielautomaten, bei denen man 1, 2 oder 3 drücken muss! Es ist eine Art Scher-Stein-Papier. Ich habe ienen "Bug" entdeckt, mit dem man ein bisschen betrügen kann. Doch man muss schnell Die Maus taste klicken können oder schnell eine Taste auf der Tastatur drücken können. Warum Control Send Function? Das Spiel spiele ich im Fenster Modus und mit einer normalen Send Function klappt es leider nicht.. :(.
Hotkeys ? Hotkeys damit...
|
Hshield send function hook
10/11/2008 - Kal Online - 12 Replies
ey kann mir wer nen tipp geben wie man die addressen rauskriegt von int vom hshield für recv und send funktion damit die gehooked wird??
|
All times are GMT +2. The time now is 23:13.
|
|