[Guide] Client Based Packet Injection in Silkroad

soadmania · 08/14/2009, 22:48

i suggest proxy+analyzer. it s so easy.

ReillyKlevre · 08/15/2009, 08:51

Quote:

Originally Posted by maxbot

Yeah, that's how everyone probably does it for C->S opcodes. For those who don't know how to get them anyway, here are binary strings for some most used C->S opcodes (I guess they haven't changed) :

Not everyone :x

The most important thing to notice is that no new opcodes have been added or deleted from 1.203 - 1.205. What this means is that the order of opcodes remains the same in all clients.

For Server to Client opcodes it's pretty easy to get because there's a switch table which you can parse easily, as for Client to Server packets since they all injected they need to be called by the function that injectes packets, this is fairly easy to distinguish by looking a few similar functions for Client to Server packets.

And since this has mostly been done manually by everyone before and since a few weeks have passed after the last update, no real harm can be done by posting this I guess:

maxbot · 08/15/2009, 13:07

@Klevre

Notice the word 'probably' :P

I knew you weren't using binary strings since you're too lazy to search for all C->S opcodes on that way

soadmania · 08/17/2009, 03:09

im tired of that creepy errors. there s no Resource in my Add list.

pushedx · 08/17/2009, 03:28

Quote:

Originally Posted by soadmania

im tired of that creepy errors. there s no Resource in my Add list.

Visual Studio 2008 express edition does not support the GUI editing features that Visual Studio 2008 has. You have to either not use GUIs, create your own GUI through the Win32 API instead, or "upgrade" to Visual Studio 2008.

hack0r89 · 08/19/2009, 14:48

Quote:

Originally Posted by ReillyKlevre

And since this has mostly been done manually by everyone before and since a few weeks have passed after the last update, no real harm can be done by posting this I guess:

nice one
you used a sig based opcode finder, didnt you?

konserwa · 01/10/2010, 15:30

some one can give source to show how it work ?

Scarabol · 01/27/2011, 18:44

Hey guys,

i need some help with this:

Code:

	// The location of the hook
	// Binary Search pattern for Olly: 8B 11 8B 42 2C 57 
	// MOV EDX,[ECX]
	// MOV EAX,[EDX+2C] <- Patch
	// PUSH EDI
	#define SEND_HOOK 0x7418A2

What does "Patch" in line 4 mean?
Where can i get the SEND_HOOK Code from?

I already updated
#define SEND_ECX 0xF45830
#define SEND_CALL 0x801680
but i cant get any value for SEND_HOOK

Thanks in advance
Scarabol

bootdisk · 01/27/2011, 19:16

This may be?

Quote:

// The location of the hook
// Binary Search pattern for Olly: 8B 11 8B 42 2C 57

Scarabol · 01/27/2011, 22:14

Yes, i looked for that but all that olly says is:

Code:

CPU Disasm
Address   Hex dump          Command                                  Comments
0082D081  |.  8B11          MOV EDX,DWORD PTR DS:[ECX]
0082D083  |.  8B42 2C       MOV EAX,DWORD PTR DS:[EDX+2C]
0082D086  |.  57            PUSH EDI

Thanks in advance
Scarabol

lesderid · 01/27/2011, 22:39

>.<

Scarabol · 01/28/2011, 06:44

???

cyberninjah · 06/21/2013, 14:57

anyone have the binary search patterns for packet receive ?

vitalka · 06/22/2013, 00:34

edxloader source have this

cyberninjah · 08/01/2013, 13:21

i try to update this so it works with the vsro clients but i keep failing in finding the right addy's anyone succeed to update this for vsro??