| View previous topic :: View next topic |
| Author |
Message |
~NJ
Grandmaster Cheater Supreme
 Reputation: 0
Joined: 09 Mar 2007
Posts: 1417
Location: sitting outside of the forum
|
 Posted: Sat Nov 29, 2008 12:34 am Post subject: [Delphi]Sent and Received Packet Filtering (like WPE-PRO) |
 |
|
I'm trying to develop a little filter system for users to filter certain packets in a game. The functionality I'm after is something like what WPE-PRO offers with it's filters.
I've hooked into the ws2_32.dll to intercept all packets however, I'm having trouble replacing the packet data before the packet get's formally receieved or sent.
This is all in Delphi by the way. I can provide some source if needed. I currently have a hook that simply outputs packets and then the packet is sent or received normally. But instead I need something that would output the packet and then instead of sending or receiving the packet normally, would have parameters for the packet data that should be sent/received. It's kinda hard to explain so if I need to clarify anything, let me know.
_________________
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25821
Location: The netherlands
|
| Posted: Sat Nov 29, 2008 11:14 am Post subject: |
|
|
Why don't you just change the packet data in your hook ?
You already have one that mindlessly stubs it to the original function. Before calling the original function you can edit the data buffer you got in the parameters to what you want.
anyhow,
http://ce.colddot.nl/browser/Cheat%20Engine/plugin/packet%20editor/cepe/packetfilter.pas
on the send function before calling the original function I send a message to my handler and then wait till it's done (sendmessage) In the handler I can then edit the data and even parameters. (like size of message)
in the recv function I call the original function first, and then call my handler to edit the received buffer. Finally returning to the caller
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
~NJ
Grandmaster Cheater Supreme
Reputation: 0
Joined: 09 Mar 2007
Posts: 1417
Location: sitting outside of the forum
|
| Posted: Sat Nov 29, 2008 6:35 pm Post subject: |
|
|
Can you please explain to me how you used your hook? I've tried numerous times the method you explain but the original function I have doesn't accept parameters and is written in assembly.
Here is what I have:
| Code: | function unhookedSend:Integer; assembler; stdcall;
asm
mov edi, edi
push ebp
mov esp, ebp
jmp [realSend];
end; |
realSend is defined on form create as:
| Code: | | realSend := Pointer(DWord(GetProcAddress(GetModuleHandle('ws2_32.dll'), 'send')) + 5); |
So when my hookSend function is done with dealing with the packet it hands on to the function above without any parameters and it does it's thing. I need a new function here that would accept the parameters that I would supply it with instead of using the original parameters.
The link you gave me looks awesome, but everytime I try to implement something like that, I just get an access violation error when I attempt to do anything that involves packets being sent.
I was also wondering how I should hook into my application. For example, this is what I have on the form create function:
| Code: |
hook(GetProcAddress(GetModuleHandle('ws2_32.dll'), 'send'), @hookSend);
|
and the hook function is as follows:
| Code: | procedure hook(tFunc, nFunc:Pointer);
var
jmpTo: DWord;
oldProtect: Cardinal;
begin
jmpTo := DWord(nFunc) - DWord(tFunc) - 5;
VirtualProtect(tFunc, 5, PAGE_EXECUTE_READWRITE, @oldProtect);
pbyte(tFunc)^ := $e9;
pdword(DWord(tFunc)+1)^ := jmpTo;
end; |
Thanks so much![/code]
_________________
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Sat Nov 29, 2008 6:54 pm Post subject: |
|
|
| ~NJ wrote: | Can you please explain to me how you used your hook? I've tried numerous times the method you explain but the original function I have doesn't accept parameters and is written in assembly.
Here is what I have:
| Code: | function unhookedSend:Integer; assembler; stdcall;
asm
mov edi, edi
push ebp
mov esp, ebp
jmp [realSend];
end; |
realSend is defined on form create as:
| Code: | | realSend := Pointer(DWord(GetProcAddress(GetModuleHandle('ws2_32.dll'), 'send')) + 5); |
So when my hookSend function is done with dealing with the packet it hands on to the function above without any parameters and it does it's thing. I need a new function here that would accept the parameters that I would supply it with instead of using the original parameters.
The link you gave me looks awesome, but everytime I try to implement something like that, I just get an access violation error when I attempt to do anything that involves packets being sent.
I was also wondering how I should hook into my application. For example, this is what I have on the form create function:
| Code: |
hook(GetProcAddress(GetModuleHandle('ws2_32.dll'), 'send'), @hookSend);
|
and the hook function is as follows:
| Code: | procedure hook(tFunc, nFunc:Pointer);
var
jmpTo: DWord;
oldProtect: Cardinal;
begin
jmpTo := DWord(nFunc) - DWord(tFunc) - 5;
VirtualProtect(tFunc, 5, PAGE_EXECUTE_READWRITE, @oldProtect);
pbyte(tFunc)^ := $e9;
pdword(DWord(tFunc)+1)^ := jmpTo;
end; |
Thanks so much![/code] |
o... T.t
For the bypassed version of the function u still need to define the variables that come in right? If you don't then delphi thinks that no variables are going in and therefore it fails.
And if your trying to make this for maplestory flyff or any game with encryption, then try to hook before the packet is encrypted instead of at the winapi calls.
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Sat Nov 29, 2008 6:58 pm Post subject: |
|
|
| this is the method i'm using. first of all i get addresses of send/recv and then replace the preamble respectively with a jump which acts as a detour to my hook function. inside the hook function, i move ebp+4,8,C,10 to a register and then filter by testing the register/memory that i move it into for a given condition. say you want to just edit the buffer, then one of the arguments is a pointer to the buffer. so as long as you let the packet be the same length and don't change the format of it then you should be able to change the data inside it.
|
|
| Back to top |
|
|
~NJ
Grandmaster Cheater Supreme
Reputation: 0
Joined: 09 Mar 2007
Posts: 1417
Location: sitting outside of the forum
|
| Posted: Sat Nov 29, 2008 7:44 pm Post subject: |
|
|
Can you please copy and paste your function that you use to send the packet after you have done what with you want with them.
For example, after I have displayed the sent packets etc. I call to unhookedsend. What do you call to instead? Copy and paste please. The function SHOULD have parameters.
_________________
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Sat Nov 29, 2008 7:53 pm Post subject: |
|
|
| mine doesn't edit packets for the time being but it's very easy. take your lpbuf and dereference it and scan through from that address to that address + len for the thing you want to replace. when you find it, replace it, then jmp back to send+5.
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Sun Nov 30, 2008 9:40 am Post subject: |
|
|
| Goto MSDN library and search up the connect function as well as the send functions.
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Mon Dec 01, 2008 4:27 pm Post subject: |
|
|
okay i did a little more work on my packet sniffer now and made it so it scans through the contents of the place pointed to by lpBuffer for the size packet length. when it matches the filter parameter i set, it copies length, socket id descriptor + flags into a permanent memory buffer.
it then dynamically allocates memory of size packet length, copies contents of lpBuffer into there then when i wanna send the packet again, i had it so on a press of a hotkey, it will call send with parameters socket descriptor id, pointer to the dynamically allocated memory, length of packet + recorded flags.
editing should not be too hard if i bother to add that. i expect as long as you keep the packet's format (header, etc. intact) and change the packet length argument, then it should be okay.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
