| View previous topic :: View next topic |
| Author |
Message |
gunminiho
Expert Cheater
![]() Reputation: 0
Joined: 15 Dec 2008
Posts: 144
Location: peru
|
 Posted: Fri Dec 03, 2010 9:20 pm Post subject: Packet Sniffing / Sending |
 |
|
Hi i want to ask something about this subject .
i would way that sniffing and sending part aren't really hard to use, but the main reason of this thread its to focus on game itself
example i want to Send some packets to my game , not using WPE, So i understand that i need Send () address + Class address to emulate my SendPacket function and send my own packets trought my own mehod let's say not using anyother third party program but my question is
how can i find those Send() & Class Addresses without knowing the AoB ???
|
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Sat Dec 04, 2010 9:14 am Post subject: |
|
|
Debugging. Find something that you'd assume to be passed to a packet handler sooner or later, such as updates, changes, etc. and follow the flow until you land up hitting the function creating the packet or sending it.
Another easy way is to look for send() / sendto() calls and backtrace the functions that they are in to where they are called from etc. to find the functions using them and so on.
_________________
- Retired. |
|
| Back to top |
|
|
gunminiho
Expert Cheater
![]() Reputation: 0
Joined: 15 Dec 2008
Posts: 144
Location: peru
|
| Posted: Sat Dec 04, 2010 10:32 am Post subject: |
|
|
| Wiccaan wrote: | Debugging. Find something that you'd assume to be passed to a packet handler sooner or later, such as updates, changes, etc. and follow the flow until you land up hitting the function creating the packet or sending it.
Another easy way is to look for send() / sendto() calls and backtrace the functions that they are in to where they are called from etc. to find the functions using them and so on. |
By easier way you mean to look for where Send() or SendTo() are called from ?
Would work " Find Intermodular Calls " from Olly Dbg ?
i should try D:
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Sun Dec 05, 2010 8:25 am Post subject: |
|
|
| gunminiho wrote: | | Wiccaan wrote: | Debugging. Find something that you'd assume to be passed to a packet handler sooner or later, such as updates, changes, etc. and follow the flow until you land up hitting the function creating the packet or sending it.
Another easy way is to look for send() / sendto() calls and backtrace the functions that they are in to where they are called from etc. to find the functions using them and so on. |
By easier way you mean to look for where Send() or SendTo() are called from ?
Would work " Find Intermodular Calls " from Olly Dbg ?
i should try D: |
Sort of, in the main executable (or the module that handles the packets), right click in the code area window and goto:
Search for -> Name (label) in current module
Then when you find the Winsock calls (they may not be labeled, they may show up as their ordinal) you can right click those and choose:
Find References
or
Find References to Import
If you still have issues you can try using a plugin for Olly called 'Command Bar' and use the command:
bp send <hit enter>
And it should put a break on winsock's send command. (You can also do it for sendto etc.) then it should break whenever those are called at the start of the API. Use the stack to trace back to where it was called then.
_________________
- Retired. |
|
| Back to top |
|
|
NoMercy
Master Cheater
![]() Reputation: 1
Joined: 09 Feb 2009
Posts: 289
|
| Posted: Sun Dec 05, 2010 10:22 am Post subject: |
|
|
| In some games you can also go with CE -> find the Address from Send() and take a look at registers, sometimes the right address is there.
|
|
| Back to top |
|
|
zile
Advanced Cheater
![]() Reputation: 0
Joined: 11 Jul 2009
Posts: 75
|
| Posted: Mon Dec 06, 2010 3:10 am Post subject: |
|
|
| Is it possible to just record the packet sent by game through WPE, and then use Send() to send it to the server(without WPE)?
|
|
| Back to top |
|
|
NoMercy
Master Cheater
![]() Reputation: 1
Joined: 09 Feb 2009
Posts: 289
|
| Posted: Mon Dec 06, 2010 8:39 am Post subject: |
|
|
| zile wrote: | | Is it possible to just record the packet sent by game through WPE, and then use Send() to send it to the server(without WPE)? |
Mostlikely the game has his own decryption in which case that will not work.
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Mon Dec 06, 2010 10:45 am Post subject: |
|
|
A lot of games have 'order' numbers in packets now as well which prevent injection using the method you are asking about. Packets will have a number somewhere in the bytes that typically increment per-packet to keep a consistent flow from the engine pushing the packets. Which is when you will need to hook the packet function to inject your packets "correctly".
The order numbers can also be used to ensure the client is synced with the server, if the numbers between the received and sent packets are spaced too far apart the server assume you are either lagging or disconnecting and will either attempt to correct your packet flow and catch you up, or disconnect you.
_________________
- Retired. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
