explore the last function call in the c22 sendpacket function (well not the last one, but the last client function call, before the free(...) call). I was usually able to find the packet information from examining the stack at the very beginning of that function, packet type and structure should be right there. If you can't figure it out for some packets and you know how to work with server binaries, you can get all the information you need about the non-gameworld packets from the gdelivery daemon, search for Protocol::Protocol(uint) function in IDA after applying dwarf, list cross-references and enjoy digging... Although it seems you're looking for homestead features, for which the files haven't been released yet, so I guess that won't be of much help.
I'll look into the first method tomorrow, I'm sure I had found a way to dump all packets a few months ago, I just can't remember now.
ok, so I dug up a bit further and hopefully found something. The best place to bp/detour a function for monitoring these packets seems to be the function that assembles the packet together. To find this function:
-Set a breakpoint on WS2_32.send
-do something in game so the function gets called (it actually gets called twice, the second time is for the real (encrypted) packet, however we'll need the first call)
-go to return address, it'll look something like this:
-scroll up a bit until you see this function call:
-follow that function and set a breakpoint at the very first instruction
information should be stored as follows:
ecx (this):
[] = interface functions pointer
[+4] = packet type array beginning
[+8] = packet type array ending
esp + 08 (first argument):
[] = interface functions pointer
[+4] = packet array beginning
[+8] = packet array ending
for example, I'll try to find out the information about AddFriend packet.
1. the breakpoint hit, we see addresses here
2. I follow ecx in the stack
3. Here I see that the beginning of packet type array is 0x16CE9138 and the ending is 0x16CE913A. So, the packet type fits in two bytes and we can find them at 16CE9138.
4. As seen here
the packet type array has 0x80 0xCA, which is 0xCA packed into cuint.
5. Now we have the packet type, we need to get the packet structure.
6. I follow esp + 8 in the stack
7. Applying the same logic, I follow the packet array beginning address, 218ED6C8
8. Here we have
9. We also know the ending address, so we can get the entire packet:
00 52 E3 E1 00 00 00 00 16 65 00 6C 00 69 00 74 00 65 00 70 00 76 00 70 00 65 00 72 00 73 00 05 53 B4 00
Now I know, from digging up in server binaries before, that the structure is:
self UID (non-reversed) - 00 52 E3 E1
target UID (this is only if the client actually obtained the UID for this character name, in this case it did not, so it leaves it at 0) - 00 00 00 00
name of the character that we're trying to add as a friend - 16 65 00 6C 00 69 00 74 00 65 00 70 00 76 00 70 00 65 00 72 00 73 00
srclsid (source link server id, you can leave it at 0, it's not important) - 05 53 B4 00
hopefully that helps, I guess you should know what to do from here. Also, this is 1.5.3 client since I don't have a higher version one downloaded right now, so unless it has undergone major changes in the past few versions, the functions should still be in place.
OOG dev - How to capture non-interaction outgoing packets?
