Elite Diviner
- Joined
- Feb 8, 2012
- Messages
- 439
- Reaction score
- 867
Since there are many Tools and Repack Collection, i thought why not opening an little Source Code Collection. Sometimes People browsing some hours here for finding some Snippets or maybe rewrite Code, that already exist.
So here we go:
Basic Intercept and MemoryCopy
DeathArt
Reference: http://forum.ragezone.com/f554/tutorial-c-dll-injection-main-375634/
Sirix Code
(i love his asm style, its the most straight forward coding in kal i think)
Lafreak Snippet
Sirix LA
Striker LA
Striker EXP Table
Strikers Player Lib
Bloodx Player Lib
More Code Examples by Bloodx:
http://forum.ragezone.com/f315/code-examples-911068/
MadKnight Player Lib
More Code Examples by MadKnight:
http://forum.ragezone.com/f554/howto-detour-kal-mainserver-892220/
Or watch at my Releases like
http://forum.ragezone.com/f315/cooldownprotection-905270/
(i often released my Source + compiled DLL)
Player List Iterator
Kealy FPS Limiter
Reference:
http://forum.ragezone.com/f315/fps-limiter-739734/
http://forum.ragezone.com/f241/new-world-kal-everything-826949/
Kealy Sources (coded for NWK)
(beautiful work, best c++ project in kal scene so far)
MoUz KalOnline PacketSystem
(Dont worry this Website is Online since 2006 and i made Backup of this whole Website, when it will be down i will reupload this Website )
Bakabugs 1909 Mainserver Function List
(Very Important List for Function Names in Mainserver)
And i wanted to show you some MadKnight "puke" ^^
This is how i am Coding when i try something, i dont know if its usefull for anyone but take a look
Good luck and Have fun with it, all credits goes to the Owner and Creator of the Source Codes!
*Damn Ragezone Rollback, i hope my post now stays here ^^
So here we go:
Basic Intercept and MemoryCopy
Code:
#define ASM void __declspec(naked)
#define EXPORT __declspec(dllexport) __cdecl
#define THREAD DWORD WINAPI
#define Naked __declspec( naked )
#define INST_NOP 0x90
#define INST_CALL 0xe8
#define INST_JMP 0xe9
#define INST_BYTE 0x00
#define SHORT_JZ 0x74
#define MAXWAIT 100000
DWORD Intercept(int instruction, DWORD lpSource, DWORD lpDest, int len)
{
DWORD realtarget;
LPBYTE buffer = new BYTE[len];
memset(buffer,0x90,len); //Fill out with nops
if (instruction != INST_NOP && len >= 5)
{
buffer[(len-5)] = instruction;
DWORD dwJMP = (DWORD)lpDest - (lpSource + 5 + (len-5));
memcpy(&realtarget,(void*)(lpSource+1),4);
realtarget = realtarget+lpSource+5;
memcpy(buffer + 1 + (len-5),&dwJMP,4);
}
if (instruction == SHORT_JZ)
{
buffer[0]=instruction;
buffer[1]=(BYTE)lpDest;
}
if (instruction == INST_BYTE)
{
buffer[0]=(BYTE)lpDest;
}
MemcpyEx(lpSource, (DWORD) buffer, len);
delete[] buffer;
return realtarget;
}
MemoryCopy(DWORD destination, DWORD source, int length)
{
DWORD oldSource = 0;
DWORD oldDestination = 0;
VirtualProtect((LPVOID)source,length,PAGE_EXECUTE_READWRITE,&oldSource);
VirtualProtect((LPVOID)destination,length,PAGE_EXECUTE_READWRITE,&oldDestination);
memcpy((void*)destination,(void*)source,length);
VirtualProtect((LPVOID)destination,length,oldDestination,&oldDestination);
VirtualProtect((LPVOID)source,length,oldSource,&oldSource);
}
Reference: http://forum.ragezone.com/f554/tutorial-c-dll-injection-main-375634/
Code:
///
/// Broadcast a message to all players ingame.
///
void KalHook::ShowServerMessage(LPCSTR text)
{
DWORD addr = 0x00450910;
__asm {
push text
push 0x004B4484
push 0x0F
call addr
add esp, 0x0C
}
}
///
/// Kicks a user from the server using the players UserId.
///
void KalHook::KickUser(DWORD userId)
{
__asm {
push eax
push ecx
push edx
push ebx
}
DWORD kick = 0x00452E60;
DWORD s = 0x004B4DE8;
DWORD x = (DWORD)0x2D;
__asm {
push 1
push s
push x
push userId
call kick
add ESP, 0x10
}
__asm {
pop ebx
pop edx
pop ecx
pop eax
}
}
KalHook::SetLevelUpPoints(BYTE points)
{
BYTE code[] = {0x83 , 0xC1 , points};
MemoryCopy(0x00459149,(DWORD)&code,3);
}
void KalHook::ShowInfo(LPCSTR text,Color color)
{
DWORD infoAddress;
switch(color)
{
case Color::BLUE:
infoAddress = 0x00432860;
break;
case Color::RED:
infoAddress = 0x004328C0;
break;
case Color::BLACK:
default:
infoAddress = 0x00432890;
break;
}
__asm {
push 1
push text
call infoAddress
add esp,8
}
}
(i love his asm style, its the most straight forward coding in kal i think)
Code:
#define JumpTo(adr) __asm mov edx, adr __asm jmp edx
static DWORD versionstamp = 0;
void _declspec (naked) WelcomePacket()
{
DWORD sock;
__asm MOV ECX, DWORD PTR SS:[EBP-0x178];
__asm MOV sock, ECX
if(versionstamp == 0){
versionstamp = GetTickCount();
}
Server::CSocket::Write(sock,0x2a,"dbdddIbbbdddddddddddddd",
0x03a4bc1c,
0x2b,
0x4e0d8b35,
versionstamp, //0x4c75cd8c
0x07f7f661,
0x00000400,
0x00000200,
1,
0x12,
2,
0x1e252039,
0x8e849e09,
0x9da5bf99,
0x96b88387,
0x9988bab3,
0xbe9dbe8b,
0xeaf09bac,
0xcbd1e0e7,
0xd6edf3d7,
0xe6d4f8e1,
0xf3d0f7d9,
0x89f5d0ce,
0xe3f49590,
*(DWORD*)(sock+0x10)
);
__asm
{
MOV EDX,DWORD PTR SS:[EBP-0x178]
MOV EAX,DWORD PTR SS:[EBP-0x0C8]
MOV DWORD PTR DS:[EDX+0x80],EAX
MOV ECX,DWORD PTR SS:[EBP-0x178]
MOV EDX,DWORD PTR SS:[EBP-0x0C8]
MOV DWORD PTR DS:[ECX+0x7C],EDX
}
JumpTo(0x0049568B);
}
#pragma pack(push,1)
struct S_chargen
{
BYTE cls;
BYTE str;
BYTE hth;
BYTE itl;
BYTE wis;
BYTE agi;
BYTE face;
BYTE hair;
};
void PacketFix(BYTE Type, unsigned char* packet)
{
switch(Type)
{
//Acc
case 0x00: //Restore Char
break;
case 0x01: //HS
break;
case 0x02: //Login
break;
case 0x03: //HS
break;
case 0x04: //chargen
{
//sbbbbbbbb
int* len = new int;
*len = strlen((char*)(packet+3));
if(*len > 3) {
S_chargen* tmp = new S_chargen;
//out
tmp->cls = *(BYTE*)&packet[*len+1];
tmp->str = (BYTE)*(WORD*)&packet[*len+1+1];
tmp->hth = (BYTE)*(WORD*)&packet[*len+1+1+2];
tmp->itl = (BYTE)*(WORD*)&packet[*len+1+1+2+2];
tmp->wis = (BYTE)*(WORD*)&packet[*len+1+1+2+2+2];
tmp->agi = (BYTE)*(WORD*)&packet[*len+1+1+2+2+2+2];
tmp->face = *(BYTE*)&packet[*len+1+1+2+2+2+2+2];
tmp->hair = *(BYTE*)&packet[*len+1+1+2+2+2+2+2+1];
//in
memcpy((packet+*len+1),&tmp,8);
delete tmp;
}
delete len;
break;
}
case 0x05: //Ping
break;
case 0x06: //Namecheck
break;
case 0x07: //Delete Char
break;
case 0x08: //Connect
break;
case 0x09: //Check Version
break;
case 0x0a: //LoadPlayer
break;
case 0x0b: //CPlayer::GameStart ( BOOL set - dwZcoord )
break;
case 0x0f: //OnTeleport
*(BYTE*)&packet[2] = 0x12;
break;
case 0x10: //relog
*(BYTE*)&packet[2] = 0x13;
break;
case 0x11: //move
*(BYTE*)&packet[2] = 0x14;
break;
case 0x12: //move stop
*(BYTE*)&packet[2] = 0x15;
break;
case 0x13: //Talk To NPC
*(BYTE*)&packet[2] = 0x16;
break;
case 0x14: //Merchant Get Tax
*(BYTE*)&packet[2] = 0x17;
break;
case 0x15: //Merchant Buy
*(BYTE*)&packet[2] = 0x18;
break;
case 0x16: //Merchant Sell
*(BYTE*)&packet[2] = 0x19;
break;
case 0x17: //DropItem
*(BYTE*)&packet[2] = 0x1a;
break;
case 0x18: //Quit Game
*(BYTE*)&packet[2] = 0x1b;;
break;
case 0x19: //Trade insert item
*(BYTE*)&packet[2] = 0x1c;
break;
case 0x0c: //Attack
*(BYTE*)&packet[2] = 0x0f;
break;
case 0x0d: //Attack with Skill
*(BYTE*)&packet[2] = 0x10;
break;
case 0x0e: //Chat
*(BYTE*)&packet[2] = 0x11;
break;
case 0x1b: //Stat Up
*(BYTE*)&packet[2] = 0x1e;
break;
case 0x1c: //Rest
*(BYTE*)&packet[2] = 0x1f;
break;
case 0x1d: //Pick Item
*(BYTE*)&packet[2] = 0x20;
break;
case 0x1e: //Use Item
*(BYTE*)&packet[2] = 0x21;
break;
case 0x1f: //Request Trade
*(BYTE*)&packet[2] = 0x22;
break;
case 0x20: //OnAskTrade
*(BYTE*)&packet[2] = 0x23;
break;
case 0x21: //Cancel Trade
*(BYTE*)&packet[2] = 0x24;
break;
case 0x22: //Revive
*(BYTE*)&packet[2] = 0x25;
break;
case 0x26: //LearnSkill
*(BYTE*)&packet[2] = 0x29;
break;
case 0x27: //SkillUp
*(BYTE*)&packet[2] = 0x2a;
break;
case 0x28: //Skill (Prep Ani)
*(BYTE*)&packet[2] = 0x2b;
break;
case 0x29: //Request Party
*(BYTE*)&packet[2] = 0x2c;
break;
case 0x2a: //Party Onask
*(BYTE*)&packet[2] = 0x2d;
break;
case 0x2b: //guild {...}
*(BYTE*)&packet[2] = 0x2e;
break;
case 0x2c: //Party Leave
*(BYTE*)&packet[2] = 0x2f;
break;
case 0x2d: //Party kick
*(BYTE*)&packet[2] = 0x30;
break;
case 0x2e: //StorageKeeper CheckIn
*(BYTE*)&packet[2] = 0x31;
break;
case 0x2f: //StorageKeeper CheckOut
*(BYTE*)&packet[2] = 0x32;
break;
case 0x30: //CQuest::CallProces
*(BYTE*)&packet[2] = 0x33;
break;
case 0x31: //Storage Keeper Show Invent
*(BYTE*)&packet[2] = 0x34;
break;
case 0x32: //guildwar? weiss nicht
*(BYTE*)&packet[2] = 0x36;
break;
case 0x33: //Statue Save
*(BYTE*)&packet[2] = 0x38;
break;
case 0x34: //Pimp
*(BYTE*)&packet[2] = 0x39;
break;
case 0x35: //Player Shop AddItem
*(BYTE*)&packet[2] = 0x3a;
break;
case 0x36: //Player Shop RemoveItem???
*(BYTE*)&packet[2] = 0x3b;
break;
case 0x37: //Player Shop RemoveItem???
*(BYTE*)&packet[2] = 0x3c;
break;
case 0x38: //Ani (Dance)
*(BYTE*)&packet[2] = 0x3d;
break;
case 0x39: //Trade confirm
*(BYTE*)&packet[2] = 0x3e;
break;
case 0x3a: //Destroy Item
*(BYTE*)&packet[2] = 0x3f;
break;
case 0x3b: //Friendlist
*(BYTE*)&packet[2] = 0x40;
break;
case 0x3c: // dress item
*(BYTE*)&packet[2] = 0x41;
break;
case 0x3d: // undress item
*(BYTE*)&packet[2] = 0x42;
break;
case 0x3e: //Cancel PlayerShop
*(BYTE*)&packet[2] = 0x43;
break;
case 0x3f: //CancelFishing
*(BYTE*)&packet[2] = 0x45;
break;
case 0x40: //Check Playershop Shop
*(BYTE*)&packet[2] = 0x46;
break;
case 0x41: //Buy Playershop
*(BYTE*)&packet[2] = 0x47;
break;
case 0x42: //is cooking
*(BYTE*)&packet[2] = 0x49;
break;
case 0x43: //CPlayer::RevivalSkill ( Accept MageRevive )
*(BYTE*)&packet[2] = 0x4a;
break;
case 0x44: //CPlayerSkill::Redistribute -> CPlayer::RemoveItem ( use StoneOfChance)
*(BYTE*)&packet[2] = 0x4b;
break;
case 0x46: //CPlayer::InitStat use StoneofBirth
*(BYTE*)&packet[2] = 0x4e;
break;
case 0x47: //Request AssaList
*(BYTE*)&packet[2] = 0x4f;
break;
case 0x48: //Request Duel
*(BYTE*)&packet[2] = 0x50;
break;
case 0x49: //Duel OnAsk
*(BYTE*)&packet[2] = 0x51;
break;
case 0x4a: //CPlayer::Transform
*(BYTE*)&packet[2] = 0x52;
break;
case 0x4b: //CPlayer::Bless
*(BYTE*)&packet[2] = 0x53;
break;
case 0x4c: //CPlayerSkill::ExcuteTransformSkill
*(BYTE*)&packet[2] = 0x54;
break;
case 0x4d: //CPlayer::MLMProcess Teacher/Student
*(BYTE*)&packet[2] = 0x55;
break;
case 0x4e: //gstate
*(BYTE*)&packet[2] = 0x58;
break;
case 0x4f: //Skillbar
*(BYTE*)&packet[2] = 0x59;
break;
case 0x50: //moving/saving
*(BYTE*)&packet[2] = 0x5a;
break;
case 0x51: //Blacksmith
*(BYTE*)&packet[2] = 0x5b;
break;
case 0x52: //FL Parcel
*(BYTE*)&packet[2] = 0x5c;
break;
case 0x53: //Cancel Open Treasure Box
*(BYTE*)&packet[2] = 0x5d;
break;
case 0x54: //Open Treasure Box
*(BYTE*)&packet[2] = 0x5e;
break;
case 0x55: //change guildname
*(BYTE*)&packet[2] = 0x5f;
break;
case 0x56: //change playername
*(BYTE*)&packet[2] = 0x60;
break;
case 0x57: //Teleport (fisher?)
*(BYTE*)&packet[2] = 0x61;
break;
case 0x58: //Mix
*(BYTE*)&packet[2] = 0x62;
break;
case 0x75: //2nd Pass
break;
default:
//unknown Packet
break;
}
}
void _declspec (naked) TypeFix()
{
__asm
{
SUB ESP, 0x10
MOV ECX,DWORD PTR SS:[EBP-0x14]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-0x14]
MOVZX EAX,BYTE PTR DS:[EDX+2]
PUSH EAX
CALL PacketFix
ADD ESP, 0x10
MOV EAX, DWORD PTR SS:[EBP-0x14]
PUSH EAX
MOV EDX, 0x00494930
MOV ECX, DWORD PTR SS:[EBP-0x1C]
CALL EDX
}
JumpTo(0x004946E1);
}
DWORD OwnAppearC(DWORD player)
{
Server::CPlayer::Write(player,0x32,"dsbdddwImbbIssdbdddIIb",
*(DWORD*)(player+0x1C), //PID
(char*)player+0x20, //Name
((*(BYTE*)(player+0x1CC))+0x80), //klasse
*(DWORD*)(player+0x14C), //x
*(DWORD*)(player+0x150), //y
*(DWORD*)(player+0x154), //z
*(WORD*)(player+0x15C), //direction
(INT64)(*(DWORD*)(player+0x118)), //gstate
player+0x41c, //gear
0x0E,
*(BYTE*)(player+0x22C), //face
*(BYTE*)(player+0x230), //hair
*(INT64*)(player+0x120), //mstate
Server::CPlayer::GetGuildClassTitle(player),
Server::CPlayer::GetGuildName(player),
*(DWORD*)(player+0x1E0), //item wearstate?
*(BYTE*)(player+0x458), //tranform
*(DWORD*)(player+0x200), //?
0, //d
0, //d
(INT64)0, //I
(INT64)0, //I
0 //b
);
return Server::CObject::WriteInSightExclusive(0x32,"dsbdddwImbbIssdbdddIIb",
*(DWORD*)(player+0x1C), //PID
(char*)player+0x20, //Name
(*(BYTE*)(player+0x1CC)), //klasse
*(DWORD*)(player+0x14C), //x
*(DWORD*)(player+0x150), //y
*(DWORD*)(player+0x154), //z
*(WORD*)(player+0x15C), //direction
(INT64)(*(DWORD*)(player+0x118)), //gstate
player+0x41c, //gear
0x0E,
*(BYTE*)(player+0x22C), //face
*(BYTE*)(player+0x230), //hair
*(INT64*)(player+0x120), //mstate
Server::CPlayer::GetGuildClassTitle(player),
Server::CPlayer::GetGuildName(player),
*(DWORD*)(player+0x1E0), //item wearstate?
*(BYTE*)(player+0x458), //tranform
*(DWORD*)(player+0x200), //?
0, //d
0, //d
(INT64)0, //I
(INT64)0, //I
0 //b
);
}
void _declspec (naked) OwnAppear()
{
__asm
{
mov ecx, dword ptr ss:[ebp-8]
push ecx
call OwnAppearC
MOV DWORD PTR SS:[EBP-4],EAX
pop ecx
};
JumpTo(0x0045841D);
}
void SendAppearC(DWORD receiver, DWORD player)
{
Server::CPlayer::Write(receiver,0x32,"dsbdddwImbbIssdbdddIIb",
*(DWORD*)(player+0x1C), //PID
(char*)player+0x20, //Name
(*(BYTE*)(player+0x1CC)), //klasse
*(DWORD*)(player+0x14C), //x
*(DWORD*)(player+0x150), //y
*(DWORD*)(player+0x154), //z
*(WORD*)(player+0x15C), //direction
(INT64)(*(DWORD*)(player+0x118)), //gstate
player+0x41c, //gear
0x0E,
*(BYTE*)(player+0x22C), //face
*(BYTE*)(player+0x230), //hair
*(INT64*)(player+0x120), //mstate
Server::CPlayer::GetGuildClassTitle(player),
Server::CPlayer::GetGuildName(player),
*(DWORD*)(player+0x1E0), //item wearstate?
*(BYTE*)(player+0x458), //tranform
*(DWORD*)(player+0x200), //?
0, //d
0, //d
(INT64)0, //I
(INT64)0, //I
0 //b
);
}
void _declspec (naked) SendAppear()
{
__asm
{
mov ecx, dword ptr ss:[ebp-8]
push ecx
mov edx, dword ptr ss:[ebp-4]
push edx
call SendAppearC
pop ecx
push edx
};
JumpTo(0x004514A9);
}
DWORD SaveAppear(DWORD player)
{
return Server::CObject::WriteInSightExclusive(0x32,"dsbdddwImbbIssdbdddIIb",
*(DWORD*)(player+0x1C), //PID
(char*)player+0x20, //Name
(*(BYTE*)(player+0x1CC)), //klasse
*(DWORD*)(player+0x14C), //x
*(DWORD*)(player+0x150), //y
*(DWORD*)(player+0x154), //z
*(WORD*)(player+0x15C), //direction
(INT64)(*(DWORD*)(player+0x118)), //gstate
player+0x41c, //gear
0x0E,
*(BYTE*)(player+0x22C), //face
*(BYTE*)(player+0x230), //hair
*(INT64*)(player+0x120), //mstate
Server::CPlayer::GetGuildClassTitle(player),
Server::CPlayer::GetGuildName(player),
*(DWORD*)(player+0x1E0), //item wearstate?
*(BYTE*)(player+0x458), //tranform
*(DWORD*)(player+0x200), //?
0, //d
0, //d
(INT64)0, //I
(INT64)0, //I
0 //b
);
}
void _declspec (naked) TeleAppear()
{
DWORD player;
__asm
{
MOV EDX,DWORD PTR SS:[EBP-0x0C]
push EDX
call SaveAppear
pop edx
MOV DWORD PTR SS:[EBP-4],EAX
};
JumpTo(0x0045D093);
}
void _declspec (naked) MapAppear()
{
__asm
{
MOV EDX,DWORD PTR SS:[EBP+8]
push EDX
call SaveAppear
pop edx
MOV DWORD PTR SS:[EBP-0x78],EAX
};
JumpTo(0x004918F6);
}
void FixGStateC(DWORD player)
{
Server::CChar::WriteInSight(player,0x2e,"dI",*(DWORD*)(player+0x1C),(INT64)(*(DWORD*)(player+0x118)));
}
void FixGStateGeneric(DWORD player)
{
Server::CPlayer::Write(player,0x2e,"dI",*(DWORD*)(player+0x1C),(INT64)(*(DWORD*)(player+0x118)));
}
void __declspec (naked) FixGState()
{
__asm MOV EDX,DWORD PTR SS:[EBP-4]
__asm push EDX
__asm call FixGStateC
__asm pop edx
__asm MOV ESP,EBP
__asm POP EBP
__asm RETN 4
}
void __declspec (naked) FixGStateTP()
{
__asm MOV EAX,DWORD PTR SS:[EBP-0x0C]
__asm push EAX
__asm call FixGStateGeneric
__asm pop eax
JumpTo(0x0045CF56);
}
void __declspec (naked) FixGStateONPVP()
{
__asm MOV EAX,DWORD PTR SS:[EBP-0x0C]
__asm push EAX
__asm call FixGStateGeneric
__asm pop eax
JumpTo(0x00460655);
}
void __declspec (naked) FixGStateONPVP2()
{
__asm MOV ECX,DWORD PTR SS:[EBP-4]
__asm push ECX
__asm call FixGStateGeneric
__asm pop ecx
JumpTo(0x0046069C);
}
void __declspec (naked) FixGStatePVP()
{
__asm MOV EDX,DWORD PTR SS:[EBP-8]
__asm push EDX
__asm call FixGStateGeneric
__asm pop edx
JumpTo(0x00460808);
}
void __declspec (naked) FixGStateENDPVP()
{
__asm MOV EDX,DWORD PTR SS:[EBP-8]
__asm push EDX
__asm call FixGStateGeneric
__asm pop edx
JumpTo(0x00460A3E);
}
DWORD GetMaxHP(DWORD player)
{
DWORD hp;
__asm mov edx, 0x0043A200
__asm mov ecx, player
__asm call edx
__asm mov hp, eax
return hp;
}
DWORD MGetOperatorName(DWORD monster)
{
DWORD op;
__asm MOV EAX, monster
__asm MOV EDX, DWORD PTR DS:[EAX]
__asm MOV ECX, monster
__asm CALL DWORD PTR DS:[EDX+0x0F0]
__asm mov op, eax
return op;
}
DWORD MobGetGuildName(DWORD monster)
{
DWORD guild;
__asm MOV EDX, monster
__asm MOV EAX, DWORD PTR DS:[EDX]
__asm MOV ECX, monster
__asm CALL DWORD PTR DS:[EAX+0x0E0]
__asm mov guild, eax
return guild;
}
void CMobInSight(DWORD monster)
{
Server::CChar::WriteInSight(monster,0x33,"wdddwddIIsbdsIIb",
*(WORD*)((*(DWORD*)(monster+0x1B8))+0x3C), //index
*(DWORD*)(monster+0x1C), //id
*(DWORD*)(monster+0x14C), //x
*(DWORD*)(monster+0x150), //y
*(WORD*)(monster+0x15C), //direction
*(DWORD*)(monster+0x110), //CurHP
GetMaxHP(monster), //maxhp
(INT64)(*(DWORD*)(monster+0x118)), //gstate
*(INT64*)(monster+0x120), //mstate
MobGetGuildName(monster), //GetGuildName
*(BYTE*)((*(DWORD*)(monster+0x1B8))+0x40), //??
*(DWORD*)(monster+0x20C), // ?
MGetOperatorName(monster), //GetOperatorName
(INT64)0, //??
(INT64)0, //??
0); //?
}
void CMobWrite(DWORD monster, DWORD player)
{
Server::CPlayer::Write(player,0x33,"wdddwddIIsbdsIIb",
*(WORD*)((*(DWORD*)(monster+0x1B8))+0x3C), //index
*(DWORD*)(monster+0x1C), //id
*(DWORD*)(monster+0x14C), //x
*(DWORD*)(monster+0x150), //x
*(WORD*)(monster+0x15C), //direction
*(DWORD*)(monster+0x110), //CurHP
GetMaxHP(monster), //maxhp
(INT64)(*(DWORD*)(monster+0x118)), //gstate
*(INT64*)(monster+0x120), //mstate
MobGetGuildName(monster), //Server::CPlayer::GetGuildName
*(BYTE*)((*(DWORD*)(monster+0x1B8))+0x40), //index
*(DWORD*)(monster+0x20C), // ?
MGetOperatorName(monster), //GetOperatorName
(INT64)0,
(INT64)0,
0);
}
void __declspec (naked) MobCreate()
{
__asm MOV ECX,DWORD PTR SS:[EBP-4]
__asm push ECX
__asm call CMobInSight
__asm pop ECX
__asm mov edx, 0x00412EB0
__asm MOV ECX,DWORD PTR SS:[EBP-4]
__asm CALL edx
__asm MOV EAX,1
__asm MOV ESP,EBP
__asm POP EBP
__asm RETN
}
void __declspec (naked) SendMobCreate()
{
__asm MOV EDX,DWORD PTR SS:[EBP+8]
__asm push edx
__asm MOV ECX,DWORD PTR SS:[EBP-4]
__asm push ECX
__asm call CMobWrite
__asm pop edx
__asm pop ECX
__asm MOV ESP,EBP
__asm POP EBP
__asm RETN
}
void __declspec (naked) SendMobRealCreate()
{
__asm MOV EDX,DWORD PTR SS:[EBP-4]
__asm push edx
__asm MOV ECX,DWORD PTR SS:[EBP-8]
__asm push ECX
__asm call CMobWrite
__asm pop edx
__asm pop ECX
JumpTo(0x0043AB77);
}
void __declspec (naked) SendLordCreate()
{
__asm MOV EDX,DWORD PTR SS:[EBP-4]
__asm push edx
__asm call CMobInSight
__asm pop edx
JumpTo(0x004403F1);
}
void __declspec (naked) SendMobGuildCreate()
{
__asm MOV EDX,DWORD PTR SS:[EBP-4]
__asm push edx
__asm call CMobInSight
__asm pop edx
JumpTo(0x00441516);
}
void __declspec (naked) SendMobMagicCreate()
{
__asm MOV EDX,DWORD PTR SS:[EBP-4]
__asm push edx
__asm call CMobInSight
__asm pop edx
__asm mov edx, 0x00412EB0
__asm MOV ECX,DWORD PTR SS:[EBP-4]
__asm CALL edx
__asm MOV EAX,DWORD PTR SS:[EBP-4]
__asm MOV ESP,EBP
__asm POP EBP
__asm RETN
}
void __declspec (naked) SendMobMasterCreate()
{
__asm MOV EDX,DWORD PTR SS:[EBP-8]
__asm push edx
__asm call CMobInSight
__asm pop edx
__asm mov edx, 0x00412EB0
__asm MOV ECX,DWORD PTR SS:[EBP-8]
__asm CALL edx
__asm MOV ESP,EBP
__asm POP EBP
__asm RETN
}
void __declspec (naked) SendMobQueenCreate()
{
__asm MOV EDX,DWORD PTR SS:[EBP-8]
__asm push edx
__asm call CMobInSight
__asm pop edx
__asm mov edx, 0x00412EB0
__asm MOV ECX,DWORD PTR SS:[EBP-8]
__asm CALL edx
__asm MOV ESP,EBP
__asm POP EBP
__asm RETN
}
void __declspec (naked) SendMobNestCreate()
{
__asm MOV EDX,DWORD PTR SS:[EBP-8]
__asm push edx
__asm call CMobInSight
__asm pop edx
__asm mov edx, 0x00412EB0
__asm MOV ECX,DWORD PTR SS:[EBP-8]
__asm CALL edx
__asm MOV ESP,EBP
__asm POP EBP
__asm RETN
}
void __declspec (naked) SendMobSiegeCreate()
{
__asm MOV EDX,DWORD PTR SS:[EBP-4]
__asm push edx
__asm call CMobInSight
__asm pop edx
__asm mov edx, 0x00412EB0
__asm MOV ECX,DWORD PTR SS:[EBP-4]
__asm CALL edx
__asm MOV ESP,EBP
__asm POP EBP
__asm RETN
}
void __declspec (naked) SendMobCanonballCreate()
{
__asm MOV EDX,DWORD PTR SS:[EBP-4]
__asm push edx
__asm call CMobInSight
__asm pop edx
__asm mov edx, 0x00412EB0
__asm MOV ECX,DWORD PTR SS:[EBP-4]
__asm CALL edx
__asm MOV ESP,EBP
__asm POP EBP
__asm RETN
}
#define otp 1001
#define evasion 1002
#define aspeed 1003
#define absorb 1004
#define attack 1005
#define defense 1006
#define agility 1007
#define health 1008
#define intelligence 1009
#define mspeed 1010
#define magic 1011
#define maxatk 1012
#define mxhp 1013
#define maxmp 1014
#define maxmagic 1015
#define minatk 1016
#define minmagatk 1017
#define strength 1018
#define wisdom 1019
int GetCharData(DWORD player, int art)
{
int ret;
switch(art)
{
case otp:
__asm mov edx, 0x0043DB60
__asm mov ecx, player
__asm call edx
__asm mov ret, eax
break;
case evasion:
__asm mov edx, 0x0043DB90
__asm mov ecx, player
__asm call edx
__asm mov ret, eax
break;
case aspeed:
__asm mov edx, 0x0043D8E0
__asm mov ecx, player
__asm call edx
__asm mov ret, eax
break;
case minatk:
__asm mov edx, 0x0043D8E0
__asm mov ecx, player
__asm call edx
__asm mov ret, eax
break;
case maxatk:
__asm mov edx, 0x0043D9A0
__asm mov ecx, player
__asm call edx
__asm mov ret, eax
break;
}
return ret;
}
void StatUpAgi(DWORD player, short int up)
{
Server::CPlayer::Write(player,0x45,"bwwwwww",
up, //agi
GetCharData(player,otp),
GetCharData(player,evasion),
0, //?
GetCharData(player,minatk),
GetCharData(player,maxatk)
);
}
void __declspec (naked) FixAgiUp1()
{
__asm MOV EDX,DWORD PTR SS:[EBP-0x3C]
__asm push edx
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm push ecx
__asm call StatUpAgi
__asm pop edx
__asm pop ecx
JumpTo(0x004597D1);
}
void __declspec (naked) FixAgiUp2()
{
__asm MOV EDX,DWORD PTR SS:[EBP-0x3C]
__asm push edx
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm push ecx
__asm call StatUpAgi
__asm pop edx
__asm pop ecx
JumpTo(0x0045B059);
}
void __declspec (naked) FixAgiUp3()
{
__asm MOV EDX,DWORD PTR SS:[EBP-0x3C]
__asm push edx
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm push ecx
__asm call StatUpAgi
__asm pop edx
__asm pop ecx
JumpTo(0x0045C6AA);
}
#pragma pack(push,1)
struct S_Inventory
{
WORD index;
DWORD iid;
BYTE prefix;
DWORD info;
DWORD amount;
BYTE maxend;
BYTE curend;
BYTE setgem;
BYTE xatk;
BYTE xmagic;
BYTE xdefense;
BYTE xhit;
BYTE xevasion;
WORD xprotect;
BYTE upgrlvl;
BYTE upgrrate;
BYTE a1;
BYTE a2;
BYTE a3;
DWORD a4;
BYTE a5;
WORD a6;
WORD a7;
WORD a8;
WORD a9;
BYTE a10;
BYTE a11;
BYTE a12;
BYTE a13;
BYTE a14;
BYTE a15;
BYTE a16;
BYTE a17;
BYTE a18;
};
void FixInvPacket(DWORD player, unsigned char* packet)
{
BYTE sz = *(BYTE*)&packet[3];
S_Inventory* Items = new S_Inventory[sz];
for(int i=0,c=4;i<sz;i++) {
Items[i].iid = *(DWORD*)&packet[c];c+=4;
Items[i].index = *(WORD*)&packet[c];c+=2;
Items[i].prefix = *(BYTE*)&packet[c];c++;
Items[i].info = *(DWORD*)&packet[c];c+=4;
Items[i].amount = *(DWORD*)&packet[c];c+=4;
Items[i].maxend = *(BYTE*)&packet[c];c++;
Items[i].curend = *(BYTE*)&packet[c];c++;
Items[i].setgem = *(BYTE*)&packet[c];c++;
Items[i].xatk = *(BYTE*)&packet[c];c++;
Items[i].xmagic = *(BYTE*)&packet[c];c++;
Items[i].xdefense = *(BYTE*)&packet[c];c++;
Items[i].xhit = *(BYTE*)&packet[c];c++;
Items[i].xevasion = *(BYTE*)&packet[c];c++;
Items[i].xprotect = (WORD)(*(BYTE*)&packet[c]);c++;
Items[i].upgrlvl = *(BYTE*)&packet[c];c++;
Items[i].upgrrate = *(BYTE*)&packet[c];c++;
Items[i].a1 = 0;
Items[i].a2 = 0;
Items[i].a3 = 0;
Items[i].a4 = 0;
Items[i].a5 = 0;
Items[i].a6 = 0;
Items[i].a7 = 0;
Items[i].a8 = 0;
Items[i].a9 = 0;
Items[i].a10 = 0;
Items[i].a11 = 0;
Items[i].a12 = 0;
Items[i].a13 = 0;
Items[i].a14 = 0;
Items[i].a15 = 0;
Items[i].a16 = 0;
Items[i].a17 = 0;
Items[i].a18 = 0;
continue;
}
Server::CPlayer::Write(player,0x04,"bm",sz,&*Items,(52*sz)); //52-8
delete [] Items;
}
void __declspec (naked) FixInventory()
{
__asm MOV EAX,DWORD PTR SS:[EBP-4]
__asm push eax
__asm MOV ECX,DWORD PTR SS:[EBP-0x20]
__asm push ecx
__asm call FixInvPacket
__asm pop EAX
__asm pop ecx
JumpTo(0x00458044);
}
void FixSendItemPacket(DWORD player, unsigned char* packet)
{
S_Inventory* Items = new S_Inventory[1];
int c = 3;
Items[0].iid = *(DWORD*)&packet[c];c+=4;
Items[0].index = *(WORD*)&packet[c];c+=2;
Items[0].prefix = *(BYTE*)&packet[c];c++;
Items[0].info = *(DWORD*)&packet[c];c+=4;
Items[0].amount = *(DWORD*)&packet[c];c+=4;
Items[0].maxend = *(BYTE*)&packet[c];c++;
Items[0].curend = *(BYTE*)&packet[c];c++;
Items[0].setgem = *(BYTE*)&packet[c];c++;
Items[0].xatk = *(BYTE*)&packet[c];c++;
Items[0].xmagic = *(BYTE*)&packet[c];c++;
Items[0].xdefense = *(BYTE*)&packet[c];c++;
Items[0].xhit = *(BYTE*)&packet[c];c++;
Items[0].xevasion = *(BYTE*)&packet[c];c++;
Items[0].xprotect = (WORD)(*(BYTE*)&packet[c]);c++;
Items[0].upgrlvl = *(BYTE*)&packet[c];c++;
Items[0].upgrrate = *(BYTE*)&packet[c];c++;
Items[0].a1 = 0;
Items[0].a2 = 0;
Items[0].a3 = 0;
Items[0].a4 = 0;
Items[0].a5 = 0;
Items[0].a6 = 0;
Items[0].a7 = 0;
Items[0].a8 = 0;
Items[0].a9 = 0;
Items[0].a10 = 0;
Items[0].a11 = 0;
Items[0].a12 = 0;
Items[0].a13 = 0;
Items[0].a14 = 0;
Items[0].a15 = 0;
Items[0].a16 = 0;
Items[0].a17 = 0;
Items[0].a18 = 0;
Server::CPlayer::Write(player,(BYTE)packet[2],"m",&*Items,52); //52-8
delete [] Items;
}
void __declspec (naked) FixSendItemInfo()
{
__asm MOV EAX,DWORD PTR SS:[EBP-4]
__asm push eax
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm push ecx
__asm call FixSendItemPacket
__asm pop EAX
__asm pop ecx
__asm mov edx, 0x00401070
__asm MOV ECX,DWORD PTR SS:[EBP-4]
__asm CALL edx
__asm MOV ESP,EBP
__asm POP EBP
__asm RETN 8
}
DWORD BYTEAdd = 0x004189A0;
DWORD WORDAdd = 0x0042F960;
DWORD DWORDAdd = 0x0044F9B0;
void __declspec (naked) FixInventoryGen()
{
//maxend
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV DWORD PTR DS:[ECX],EAX
__asm MOV ECX,DWORD PTR SS:[EBP-0x20]
__asm PUSH 0
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV EDX,DWORD PTR DS:[ECX]
__asm PUSH EDX
__asm call BYTEAdd
__asm ADD ESP,8
//curend
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV DWORD PTR DS:[ECX],EAX
__asm MOV ECX,DWORD PTR SS:[EBP-0x20]
__asm PUSH 0
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV EDX,DWORD PTR DS:[ECX]
__asm PUSH EDX
__asm call BYTEAdd
__asm ADD ESP,8
//setgem
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV DWORD PTR DS:[ECX],EAX
__asm MOV ECX,DWORD PTR SS:[EBP-0x20]
__asm PUSH 0
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV EDX,DWORD PTR DS:[ECX]
__asm PUSH EDX
__asm call BYTEAdd
__asm ADD ESP,8
//xatk
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV DWORD PTR DS:[ECX],EAX
__asm MOV ECX,DWORD PTR SS:[EBP-0x20]
__asm PUSH 0
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV EDX,DWORD PTR DS:[ECX]
__asm PUSH EDX
__asm call BYTEAdd
__asm ADD ESP,8
//xmagic
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV DWORD PTR DS:[ECX],EAX
__asm MOV ECX,DWORD PTR SS:[EBP-0x20]
__asm PUSH 0
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV EDX,DWORD PTR DS:[ECX]
__asm PUSH EDX
__asm call BYTEAdd
__asm ADD ESP,8
//xdefense
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV DWORD PTR DS:[ECX],EAX
__asm MOV ECX,DWORD PTR SS:[EBP-0x20]
__asm PUSH 0
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV EDX,DWORD PTR DS:[ECX]
__asm PUSH EDX
__asm call BYTEAdd
__asm ADD ESP,8
//xhit
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV DWORD PTR DS:[ECX],EAX
__asm MOV ECX,DWORD PTR SS:[EBP-0x20]
__asm PUSH 0
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV EDX,DWORD PTR DS:[ECX]
__asm PUSH EDX
__asm call BYTEAdd
__asm ADD ESP,8
//xevasion
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV DWORD PTR DS:[ECX],EAX
__asm MOV ECX,DWORD PTR SS:[EBP-0x20]
__asm PUSH 0
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV EDX,DWORD PTR DS:[ECX]
__asm PUSH EDX
__asm call BYTEAdd
__asm ADD ESP,8
//protect
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV DWORD PTR DS:[ECX],EAX
__asm MOV ECX,DWORD PTR SS:[EBP-0x20]
__asm PUSH 0
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV EDX,DWORD PTR DS:[ECX]
__asm PUSH EDX
__asm call BYTEAdd
__asm ADD ESP,8
//upgrlvl
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV DWORD PTR DS:[ECX],EAX
__asm MOV ECX,DWORD PTR SS:[EBP-0x20]
__asm PUSH 0
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV EDX,DWORD PTR DS:[ECX]
__asm PUSH EDX
__asm call BYTEAdd
__asm ADD ESP,8
//upgrrate
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV DWORD PTR DS:[ECX],EAX
__asm MOV ECX,DWORD PTR SS:[EBP-0x20]
__asm PUSH 0
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm MOV EDX,DWORD PTR DS:[ECX]
__asm PUSH EDX
__asm call BYTEAdd
__asm ADD ESP,8
//fin
__asm MOV EDX,DWORD PTR SS:[EBP+8]
__asm MOV DWORD PTR DS:[EDX],EAX
__asm MOV ESP,EBP
__asm POP EBP
__asm RETN 8
}
void SendItemDrop(DWORD player, DWORD item)
{
Server::CPlayer::Write(player,0x36,"wddddd",
*(WORD*)((*(DWORD*)(item+0x28))+0x40), //index
*(DWORD*)(item+0x1c), //iid
*(DWORD*)(item+0x3c), //x
*(DWORD*)(item+0x40), //y
0xffffffff, //?
*(DWORD*)(item+0x34));
}
DWORD PrepItemDrop(DWORD item, int x, int y)
{
return Server::CObject::WriteInSightExclusive(0x36,"wddddd",
*(WORD*)((*(DWORD*)(item+0x28))+0x40), //index
*(DWORD*)(item+0x1c), //iid
x,
y,
0xffffffff, //?
*(DWORD*)(item+0x34));
}
void __declspec (naked) FixItemDrop1()
{
__asm MOV ECX,DWORD PTR SS:[EBP-4]
__asm PUSH ECX
__asm MOV EDX, DWORD PTR SS:[EBP+8]
__asm push EDX
__asm call SendItemDrop
__asm pop ECX
__asm pop edx
__asm MOV ESP,EBP
__asm POP EBP
__asm RETN 8
}
void __declspec (naked) FixItemDrop2()
{
__asm MOV ECX,DWORD PTR SS:[EBP+0x0C]
__asm MOV EDX,DWORD PTR DS:[ECX+4]
__asm push edx
__asm MOV EAX,DWORD PTR SS:[EBP+0x0C]
__asm MOV ECX,DWORD PTR DS:[EAX]
__asm push ECX
__asm MOV EDX,DWORD PTR SS:[EBP-0x24]
__asm push EDX
__asm call PrepItemDrop
__asm MOV DWORD PTR SS:[EBP-4],EAX
__asm pop edx
__asm pop ecx
__asm pop edx
JumpTo(0x00426FDC);
}
void __declspec (naked) FixItemDrop3()
{
__asm MOV ECX,DWORD PTR SS:[EBP+0x0C]
__asm MOV EDX,DWORD PTR DS:[ECX+4]
__asm push edx
__asm MOV EAX,DWORD PTR SS:[EBP+0x0C]
__asm MOV ECX,DWORD PTR DS:[EAX]
__asm push ECX
__asm MOV EDX,DWORD PTR SS:[EBP-0x14]
__asm push EDX
__asm call PrepItemDrop
__asm MOV DWORD PTR SS:[EBP-4],EAX
__asm pop edx
__asm pop ecx
__asm pop edx
JumpTo(0x0042DF09);
}
void FixSendCreateNPC1(DWORD player, DWORD npc, DWORD gun)
{
Server::CPlayer::Write(player,0x34,"dwbdddwId",
*(DWORD*)(npc+0x1c), //id
*(WORD*)(npc+0x1c0),
*(BYTE*)(npc+0x1c4),
*(DWORD*)(npc+0x14c), //x
*(DWORD*)(npc+0x150), //y
*(DWORD*)(npc+0x154), //z
*(WORD*)(npc+0x15C), //direction
(INT64)*(DWORD*)(npc+0x118), //effect?
gun //war
);
}
void FixSendCreateNPC2(DWORD npc, DWORD gun)
{
Server::CChar::WriteInSight(npc,0x34,"dwbdddwId",
*(DWORD*)(npc+0x1c), //id
*(WORD*)(npc+0x1c0),
*(BYTE*)(npc+0x1c4),
*(DWORD*)(npc+0x14c), //x
*(DWORD*)(npc+0x150), //y
*(DWORD*)(npc+0x154), //z
*(WORD*)(npc+0x15C), //direction
(INT64)*(DWORD*)(npc+0x118), //effect?
gun //war
);
}
void __declspec (naked) FixNPC1()
{
__asm mov ecx, 0
__asm push ecx
__asm MOV EDX,DWORD PTR SS:[EBP-4]
__asm push edx
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm push ecx
__asm call FixSendCreateNPC1
__asm pop ecx
__asm pop edx
__asm pop ecx
__asm MOV ESP,EBP
__asm POP EBP
__asm RETN 8
}
void __declspec (naked) FixNPC2()
{
__asm mov ecx, 0
__asm push ecx
__asm MOV EDX,DWORD PTR SS:[EBP-4]
__asm push edx
__asm call FixSendCreateNPC2
__asm pop ecx
__asm pop edx
__asm mov EDX, 0x00412EB0
__asm MOV ECX,DWORD PTR SS:[EBP-4]
__asm CALL edx
__asm MOV ESP,EBP
__asm POP EBP
__asm RETN 4
}
void __declspec (naked) FixNPC3()
{
__asm MOV EAX,DWORD PTR SS:[EBP-4]
__asm MOV ECX,DWORD PTR DS:[EAX+0x1FC]
__asm push ecx
__asm MOV EDX,DWORD PTR SS:[EBP-4]
__asm push edx
__asm call FixSendCreateNPC2
__asm pop ecx
__asm pop edx
__asm mov EDX, 0x00412EB0
__asm MOV ECX,DWORD PTR SS:[EBP-4]
__asm CALL edx
__asm MOV ESP,EBP
__asm POP EBP
__asm RETN 4
}
void __declspec (naked) FixNPC4()
{
__asm MOV EAX,DWORD PTR SS:[EBP-4]
__asm MOV ECX,DWORD PTR DS:[EAX+0x1FC]
__asm push ecx
__asm MOV EDX,DWORD PTR SS:[EBP-4]
__asm push edx
__asm MOV ECX,DWORD PTR SS:[EBP+8]
__asm push ecx
__asm call FixSendCreateNPC1
__asm pop ecx
__asm pop edx
__asm pop ecx
__asm MOV ESP,EBP
__asm POP EBP
__asm RETN 8
}
void FriendParse(DWORD player, unsigned char* packet)
{
// aufbau 0x12
// bb <dsbdb>
// subheader, charcount
// foreach charcount pid, name, online, id, type
BYTE sz = *(BYTE*)&packet[4];
if(sz >= 1) {
unsigned char* FList = new unsigned char[((35*sz))];
int l = 0;
for(int i=0,c=5;i<sz;i++) {
*(DWORD*)&FList[l] = *(DWORD*)&packet[c];c+=4,l+=4;
char* name = (char*)(packet+c);
memcpy(&FList[l],&packet[c],(strlen(name)+1));c+=(strlen(name)+1),l+=(strlen(name)+1);
FList[l] = IsPlayerOn(name); l++;//online
*(DWORD*)&FList[l] = GetPlayerID(name); l+=4; //id
FList[l] = 0; l++;//type
continue;
}
Server::CPlayer::Write(player,0x12,"bbm",*(BYTE*)&packet[3],sz,FList,l);
delete [] FList;
}
}
void __declspec (naked) FixFLGameStart()
{
__asm MOV EAX,DWORD PTR SS:[EBP-0x480]
__asm push EAX
__asm MOV ECX,DWORD PTR SS:[EBP-0x564]
__asm push ecx
__asm call FriendParse
__asm pop EAX
__asm pop ecx
__asm mov edx, 0x0049F65E
__asm MOV ECX, DWORD PTR SS:[EBP-0x10]
__asm call edx
__asm POP EDI
__asm MOV ESP,EBP
__asm POP EBP
__asm RETN 0x0C
}
void __declspec (naked) FixFLRefresh()
{
__asm MOV EAX,DWORD PTR SS:[EBP-0x4D0]
__asm push EAX
__asm MOV ECX,DWORD PTR SS:[EBP-0x564]
__asm push ecx
__asm call FriendParse
__asm pop EAX
__asm pop ecx
__asm mov edx, 0x0049F65E
__asm MOV ECX, DWORD PTR SS:[EBP-0x10]
__asm call edx
__asm POP EDI
__asm MOV ESP,EBP
__asm POP EBP
__asm RETN 0x0C
}
void FriendAdd(DWORD player, DWORD id, char* name)
{
Server::CPlayer::Write(player,0x12,"bdsbdb",0,id,name,IsPlayerOn(name),GetPlayerID(name),0);
}
void __declspec (naked) FixFLAdd()
{
__asm LEA EAX,[EBP-0x474]
__asm PUSH EAX
__asm MOV EDX,DWORD PTR SS:[EBP-0x4D0]
__asm push EDX
__asm MOV ECX,DWORD PTR SS:[EBP-0x564]
__asm push ecx
__asm call FriendAdd
__asm pop EAX
__asm pop edx
__asm pop ecx
JumpTo(0x00467C51);
}
#pragma pack(push,1)
struct S_Skill
{
BYTE skill;
BYTE grade;
DWORD time;
};
void FixSkillArray(DWORD player, unsigned char* packet)
{
BYTE sz = *(BYTE*)&packet[0];
if(sz >= 1) {
S_Skill* Skills = new S_Skill[sz];
for(int i=0,c=1;i<sz;i++) {
Skills[i].skill = *(BYTE*)&packet[c];c++;
Skills[i].grade = *(BYTE*)&packet[c];c++;
Skills[i].time = 0;
continue;
}
Server::CPlayer::Write(player,0x10,"bm",sz,&*Skills,(sz*6));
delete [] Skills;
}
}
void __declspec (naked) FixSkills()
{
__asm MOV EDX, DWORD PTR SS:[EBP-0x0C]
__asm PUSH EDX
__asm MOV EAX,DWORD PTR SS:[EBP-0x0A4]
__asm PUSH EAX
__asm call FixSkillArray
__asm pop EDX
__asm pop eax
JumpTo(0x004570B0);
}
void SendMState(DWORD player)
{
Server::CPlayer::Write(player, 0x15, "I", (INT64)(*(DWORD*)(player+0x128)));
}
void __declspec (naked) FixMState()
{
__asm MOV ECX,DWORD PTR SS:[EBP-4]
__asm push ECX
__asm call SendMState
__asm pop ECX
__asm MOV ESP,EBP
__asm POP EBP
__asm RETN 4
}
void __stdcall InitWindow()
{
//RECV Crypt
//MemWrite(0x0049463D,0x90,23);
//Send Crypt
//MemWrite(0x0049488E,0x90,32);
//Egggrade no limit
//MemWrite(0x00494A0E,0x90,5);
//MemWrite(0x00494A90,0x90,5);
//speedhack
//MemWrite(0x0042F215,0x90,5);
//thief to parser
//strcpy_s((char*)0x4B5C68,sizeof("thief"),"thief");
//8er party
//MemWrite(0x44da11,8,1);
//guildtime
BYTE pGuildtime[] = {0x05, 0x10, 0x0E, 0x00, 0x00};
MemWrite(0x00413F55,pGuildtime,5);
MemWrite(0x0041427D,pGuildtime,5);
MemWrite(0x00414967,pGuildtime,5);
//Fix Version
//MemWrite(0x00494E76,0xEB,1);
//mystats
strcpy_s((char*)0x4BABE0,sizeof("bsbwwwwwwwwwwwwwbIwwwwwwbbbbbd"),"bsbwwwwwwwwwwwwwbIwwwwwwbbbbbd");
//statup
strcpy_s((char*)0x4BAC5C,sizeof("bwwwwww"),"bwwwwww");
strcpy_s((char*)0x4BAC64,sizeof("bwwww"),"bwwww");
strcpy_s((char*)0x4BAC54,sizeof("bwwwww"),"bwwwww");
//fix packets
DetourFunction((PBYTE)0x00494D71, (PBYTE)WelcomePacket);
//gstate
//player subgstate
DetourFunction((PBYTE)0x004418F3, (PBYTE)FixGState);
//monster addgstate
DetourFunction((PBYTE)0x00449233, (PBYTE)FixGState);
//gstate onteleport
DetourFunction((PBYTE)0x0045CF32, (PBYTE)FixGStateTP);
//gstate on askpvp
DetourFunction((PBYTE)0x00460631, (PBYTE)FixGStateONPVP);
DetourFunction((PBYTE)0x00460676, (PBYTE)FixGStateONPVP2);
//gstate onpvp
DetourFunction((PBYTE)0x004607E4, (PBYTE)FixGStatePVP);
//gstate endpvp
DetourFunction((PBYTE)0x00460A1A, (PBYTE)FixGStateENDPVP);
//Player Appear
//CPlayer::GameStart
DetourFunction((PBYTE)0x0045829C, (PBYTE)OwnAppear);
//CPlayer::SendCreate
DetourFunction((PBYTE)0x004513EB, (PBYTE)SendAppear);
//CPlayer::OnTeleport
DetourFunction((PBYTE)0x0045CFD6, (PBYTE)TeleAppear);
//CSMap::ReadLock
DetourFunction((PBYTE)0x00491838, (PBYTE)MapAppear);
//Monster Appear
//Create Monster
DetourFunction((PBYTE)0x0043A13E, (PBYTE)MobCreate);
//SendCreate Monster
DetourFunction((PBYTE)0x0043A4D7, (PBYTE)SendMobCreate);
//CMonsterReal::SendCreate
DetourFunction((PBYTE)0x0043AACF, (PBYTE)SendMobRealCreate);
//CMonsterTowerBoss::Create
DetourFunction((PBYTE)0x00440341, (PBYTE)SendLordCreate);
//CMonsterGuildWar::Create
DetourFunction((PBYTE)0x0044146C, (PBYTE)SendMobGuildCreate);
//CMonsterMagic::Create
DetourFunction((PBYTE)0x00441F6F, (PBYTE)SendMobMagicCreate);
//CMonsterMaguniMaster::Create
DetourFunction((PBYTE)0x00442D2F, (PBYTE)SendMobMasterCreate);
//CMonsterBigBirdMother::Create
DetourFunction((PBYTE)0x00443282, (PBYTE)SendMobQueenCreate);
//CMonsterBigBirdMaster::Create
DetourFunction((PBYTE)0x004441CD, (PBYTE)SendMobNestCreate);
//CMonsterSiegeGun::Create
DetourFunction((PBYTE)0x0044495A, (PBYTE)SendMobSiegeCreate);
//CMonsterSiegeGunBall::Create
DetourFunction((PBYTE)0x004451E8, (PBYTE)SendMobCanonballCreate);
//Fix Statup
DetourFunction((PBYTE)0x00458F39, (PBYTE)FixAgiUp1);
DetourFunction((PBYTE)0x0045A53A, (PBYTE)FixAgiUp2);
DetourFunction((PBYTE)0x0045BE3D, (PBYTE)FixAgiUp3);
//Fix Inventory
DetourFunction((PBYTE)0x00458032, (PBYTE)FixInventory);
DetourFunction((PBYTE)0x00426801, (PBYTE)FixInventoryGen);
DetourFunction((PBYTE)0x00427485, (PBYTE)FixSendItemInfo);
//Fix ItemDrop
//CItem::SendCreate
DetourFunction((PBYTE)0x00426987, (PBYTE)FixItemDrop1);
//CItem::Drop
DetourFunction((PBYTE)0x00426FA5, (PBYTE)FixItemDrop2);
//CItemMoney::Drop
DetourFunction((PBYTE)0x0042DED2, (PBYTE)FixItemDrop3);
//NPC appear
//CNPC::SendCreate
DetourFunction((PBYTE)0x004491B7, (PBYTE)FixNPC1);
//CNPC::Show
DetourFunction((PBYTE)0x00449520, (PBYTE)FixNPC2);
//CNPCSiegeGunStone::Show
DetourFunction((PBYTE)0x0044ABF4, (PBYTE)FixNPC3);
//CNPCSiegeGunStone::SendCreate
DetourFunction((PBYTE)0x0044ACB7, (PBYTE)FixNPC4);
//Friendlist
//Gamestart
DetourFunction((PBYTE)0x00467FC2, (PBYTE)FixFLGameStart);
//Refresh
DetourFunction((PBYTE)0x004681C2, (PBYTE)FixFLRefresh);
//Add
DetourFunction((PBYTE)0x00467C01, (PBYTE)FixFLAdd);
//fix skills
DetourFunction((PBYTE)0x0045708F, (PBYTE)FixSkills);
//fix mstate
//CPlayer::AddMStateEx
DetourFunction((PBYTE)0x00451DB3, (PBYTE)FixMState);
//CPlayer::SubMStateEx
DetourFunction((PBYTE)0x00451E83, (PBYTE)FixMState);
//fix send types
DetourFunction((PBYTE)0x004946D5, (PBYTE)TypeFix);
}
Code:
namespace Hooks
{
void __fastcall BlessingOfHealth(int Skill, void* _edx, int Player, int Target, int a3)
{
IChar IPlayer((void*)Player);
IChar ITarget((void*)Target);
ISkill ISkill((void*)Skill);
if(ITarget.IsParty())
{
int ObjectsAround = ITarget.GetObjectListAround(5);
while(ObjectsAround)
{
IChar IMember((void*)*(DWORD*)ObjectsAround);
if(IMember.GetParty() == ITarget.GetParty() && IPlayer.IsValid() && IMember.IsValid())
{
IMember.CancelBuff(47);
IMember.Buff(47, 1800, 8 * ISkill.GetGrade() + 3);
CChar::WriteInSight(IPlayer.GetOffset(), 63, "bddbbwwb", ISkill.GetIndex(), IPlayer.GetID(), IMember.GetID(), 1, ISkill.GetGrade(), 0, 0, 0);
}
ObjectsAround = CBaseList::Pop((void*)ObjectsAround);
}
}
else
{
ITarget.CancelBuff(47);
ITarget.Buff(47,1800, 8 * ISkill.GetGrade() + 3);
}
}
}
if(skillID == 36) // Spin Blade
{
int area = 90;
int* pX = CChar::GetX((int)Player);
int* pY = CChar::GetY((int)Player);
bool first = true;
for(int x = 1; x < 15000; x++)
{
void* Object = CMonster::FindMonster(x);
if(Object
&& *CChar::GetX((int)Object) < *pX + area
&& *CChar::GetX((int)Object) > *pX - area
&& *CChar::GetY((int)Object) < *pY + area
&& *CChar::GetY((int)Object) > *pY - area)
{
nAoe = true;
//////////////////////////////////////
CChar::ActionBeforeDmg(Object);
const int* const pCurHp = CChar::GetCurHP(Object);
nDmg = CChar::GetAttack((void*)Player) * 10;
EB = 0;
nHit = true;
bool finish = false;
if((nDmg+EB) >= *pCurHp)
{
nDmg = *pCurHp - 1;
EB = 0;
finish = true;
}
if(nHit)
CMonster::Hit((int)Player, Object, nDmg, EB);
else
nDmg = 0;
if(finish){
for(int ab = 0; ab < 10; ab++){
*(DWORD *)((int)Player + 1448) = 0;
CMonster::Kill(x, (int)Player);
}
}
if(first)
CChar::WriteInSight(Player, 0x3f, "bddbbwwb", skillID, CPlayer::GetPlayerID((int)Player), x, 1, 1, nDmg, EB, nHit);
else
CChar::WriteInSight(Player, 10, "bbddww", 1, skillID, CPlayer::GetPlayerID((int)Player), x, nDmg, EB);
first = false;
//////////////////////////////////
}
}
if(first)
CChar::WriteInSight(Player, 0x3f, "bddbbwwb", skillID, CPlayer::GetPlayerID((int)Player), CPlayer::GetPlayerID((int)Player), 1, 1, nDmg, EB, false);
Sleep(450);
}
Code:
#pragma comment(lib, "detours.lib")
#pragma comment(lib, "Ws2_32.lib")
#undef UNICODE
#include <cstdio>
#include <Winsock2.h>
#include <ws2tcpip.h>
#include <windows.h>
#include <detours.h> //*IMPORTANT: Look at path if compiler error
//Prototypes
int (WINAPI *pSend)(SOCKET s, const char* buf, int len, int flags) = send;
int WINAPI MySend(SOCKET s, const char* buf, int len, int flags);
int (WINAPI *pRecv)(SOCKET s, char* buf, int len, int flags) = recv;
int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags);
//Log files
FILE* pSendLogFile;
FILE* pRecvLogFile;
/**
INT APIENTRY DllMain(HMODULE hDLL, DWORD Reason, LPVOID Reserved)
{
switch(Reason)
{
case DLL_PROCESS_ATTACH: //Do standard detouring
DisableThreadLibraryCalls(hDLL);
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)pSend, MySend);
if(DetourTransactionCommit() == NO_ERROR)
OutputDebugString("send() detoured successfully");
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)pRecv, MyRecv);
if(DetourTransactionCommit() == NO_ERROR)
OutputDebugString("recv() detoured successfully");
break;
case DLL_PROCESS_DETACH:
DetourTransactionBegin(); //Detach
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)pSend, MySend);
DetourTransactionCommit();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)pRecv, MyRecv);
DetourTransactionCommit();
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
break;
}
return TRUE;
}
**/
//Open file, write contents, close it
int WINAPI MySend(SOCKET s, const char* buf, int len, int flags)
{
fopen_s(&pSendLogFile, "C:\\SendLog.txt", "a+");
fprintf(pSendLogFile, "%s\n", buf);
fclose(pSendLogFile);
return pSend(s, buf, len, flags);
}
int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags)
{
fopen_s(&pRecvLogFile, "C:\\RecvLog.txt", "a+");
fprintf(pRecvLogFile, "%s\n", buf);
fclose(pRecvLogFile);
return pRecv(s, buf, len, flags);
}
/* Tramplines */
static void (__thiscall* Real_LifeAsorbtion) (void* pSkill, void* pPlayer, char* pPacket, char* pPos) = (void (__thiscall*) (void*, void*, char*, char*))0x00488330;
/* Prototypes */
static unsigned (__thiscall* AverageDamage) (void* pPlayer) = (unsigned (__thiscall*) (void*))0x0043D970;
static bool (__thiscall* CheckHit) (void* pPlayer, void* pTarget, int arg) = (bool (__thiscall*) (void*, void*, int))0x43DA00;
static char* (__cdecl* ReadPacket)(char *pPacket, char *pPos, const char *sFormat, ...) = (char* (__cdecl*)(char*, char*, const char*, ...))0x4975F0;
static void* (__cdecl* FindMonster) (int nID) = (void* (__cdecl*) (int))0x0043A240;
static void* (__cdecl* FindPlayer) (int nID) = (void* (__cdecl*) (int))0x00450810;
static void (__cdecl* WriteInSight) (void* pPlayer, BYTE bType, const char *Format, ...) = ( void (__cdecl*) (void*, BYTE, const char*, ...))0x0040B9E0;
static LONG (__thiscall* ObjectRelease)(void* pOject, LONG lpAddend) = (LONG (__thiscall*)(void*, LONG))0x4239C0;
enum
{
TYPE_PLAYER,
TYPE_MONSTER,
};
void __fastcall Tramp_LifeAsorbtion(void* pSkill, int edx, void* pPlayer, char* pPacket, char* pPos)
{
int nTargetID;
char bType;
ReadPacket(pPacket, pPos, "bd", &bType, &nTargetID);
void* pTarget = 0;
switch(bType)
{
case TYPE_PLAYER:
pTarget = FindPlayer(nTargetID);
break;
case TYPE_MONSTER:
pTarget = FindPlayer(nTargetID);
break;
}
const int nPlayerID = *(int*)(unsigned(pPlayer)+0x1c);
const int nSkillID = *(int*)(unsigned(pSkill)+4);
const int nSkillGrade = *(int*)(unsigned(pSkill)+8);
int nDmg = 0;
bool nHit = false;
if(pTarget)
{
if(CheckHit(pPlayer, pTarget, 10))
{
const int* const pCurHp = (int*)(unsigned(pTarget)+0x110);
nHit = true;
/*
CalcDamage
{
*/
int nDmg = AverageDamage(pPlayer);
if((40 * nSkillGrade + 50) * nDmg / 50 >= *pCurHp - 1)
nDmg = *pCurHp - 1;
else
nDmg = ((40 * nSkillGrade + 50) * nDmg / 50);
const int nMaxDmg = (nSkillGrade * 3300);
while(nDmg > nMaxDmg)
nDmg -= 77;
/*
}
*/
/* prevent hp renew */
if((*(int (__thiscall **)(void*))(*(DWORD *)pTarget + 0x40))(pTarget))
*(DWORD*)((unsigned)pTarget + 0x1d8) = GetTickCount() + 20000;
/* damage the target */
(*(void (__cdecl **)(void*, int, int, int))(*(DWORD*)pTarget+0x58))(pTarget, 7, 0, nDmg);
/* cure the player */
(*(void (__cdecl **)(void*, int, int, int))(*(DWORD*)pPlayer+0x58))(pPlayer, 7, 1, (nDmg * (10 * nSkillGrade + 20) / 50));
/* consume mana */
(*(void (__cdecl **)(void*, int, int, int))(*(DWORD*)pPlayer+0x58))(pPlayer, 8, 0, (*(int (__thiscall **)(void*, DWORD))(*(DWORD *)pSkill + 0x20))(pSkill, 0));
}
(*(void (__thiscall **)(void*, void *))(*(DWORD *)pTarget+0x50))(pTarget, pPlayer);
WriteInSight(pPlayer, 0x3f, "bddbbwwb", nSkillID, nPlayerID, nTargetID, 1, nSkillGrade, nDmg, 0, nHit);
ObjectRelease(pTarget, LONG(pTarget) + 0x160);
}
}
BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved )
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)Real_LifeAsorbtion, Tramp_LifeAsorbtion);
DetourTransactionCommit();
break;
}
case DLL_PROCESS_DETACH:
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)Real_LifeAsorbtion, Tramp_LifeAsorbtion);
DetourTransactionCommit();
break;
}
}
return TRUE;
}
Code:
void Skills::Archer::LifeAbsorbation(LPVOID pAttack)
{
sAttack nAttack(*(sAttack*)pAttack);
sPlayer iPlayer(nAttack.player);
unsigned long targetid;
void* TargetOffset;
unsigned char type,skillgrade = iPlayer.GetSkillGrade(18);
Server::ReadPacketSecure(nAttack.packet,nAttack.packetEnd,"bd",&type,&targetid);
type ? TargetOffset = Server::CTools::FindMonsterBYID(targetid) : TargetOffset = Server::CTools::FindPlayerByID(targetid);
if(skillgrade && TargetOffset)
{
unsigned int nMana = 20+(6*skillgrade);
if(iPlayer.GetCurMP() - nMana >= 0 && iPlayer.IsOkay(TargetOffset)) //signed int __thiscall sub_46AE50(void* attacker, int target, int a3 = 0
{
cAttack mAttack(nAttack.player,TargetOffset);
iPlayer.AddCurMp(nMana*-1);
int nHp = 0;
nHp = mAttack.Attack(static_cast<unsigned int>(((iPlayer.GetAttack())*(skillgrade+1))+((1000*iPlayer.GetAgi())/100)+iPlayer.GetStr()*skillgrade),0,18,true,skillgrade);
if(iPlayer.GetCurHP()+nHp <= iPlayer.GetMaxHP()) iPlayer.AddCurHp(nHp);
else iPlayer.AddCurHp(iPlayer.GetMaxHP()-iPlayer.GetCurHP());
}
else iPlayer.ExcuteSkillFail(18);
}
}
Code:
static unsigned __int64 _ExpTable[] = {
0, 5, 24, 60, 80, 164, 271, 407, 579, 794, 1125, 1543, 2068, 2722,
3534, 4563, 5830, 7385, 9286, 11607, 17493, 21845, 27147, 33593, 41416,
51341, 63394, 78005, 95696, 117090, 166758, 203151, 247043, 299942, 363659,
440404, 532757, 643849, 777437, 938032, 1211834, 1460324, 1758856, 2117449, 2548126,
3065315, 3686331, 4431950, 5327106, 6401717, 10255633, 12320243, 14798389, 17772795,
21342730, 25627317, 30769501, 36940820, 44347118, 53235407, 63902104, 76702906, 92064653,
110499551, 132622249, 159170373, 191028978, 229260177, 275138508, 330193415, 396260232, 1188853398,
1426699190, 1712116603, 2054620005, 2465626643, 2958837208, 3550692535, 4260921625, 5113199283, 12271870776,
14726443120, 17671935710, 21206532706, 31810068850, 38172360013, 45807117133, 54968833525, 65962901170, 94986948540,
113984718984, 136782053544, 164138865195, 196967049519, 315147841592, 378177986472, 453814174732, 544577615260, 653493758732,
980241432400,
};
CREATE_INTERFACE(IExpTable)
class IExpTable
{
public:
IExpTable();
~IExpTable();
};
IExpTable::IExpTable()
{
Interface<IMemory> Memory;
DWORD* ExpPtr = (DWORD*)_ExpTable;
DWORD Exptr2;
DWORD ExpAdr1[] = {0x004592A6,0x004592BE,0x0046337A,0x0046440F,0x00415649,0x0041566F,0x004156B8,0x00415737};
DWORD ExpAdr2[] = {0x00459289,0x004592CB,0x00463387,0x00464407,0x00415650,0x00415667,0x004156B0,0x0041572F};
for(int i = 0;i<sizeof(ExpAdr1)/4;i++)
Memory->Copy((void*)ExpAdr1[i], (void*) &ExpPtr, 4);
Memory->Copy((void*)&Exptr2,(void*)0x00415737,4);
Exptr2 += 0x04;
for(int i = 0;i<sizeof(ExpAdr2)/4;i++)
Memory->Copy((void*)ExpAdr2[i], (void*) &Exptr2, 4);
}
IExpTable::~IExpTable()
{
}
Code:
char* CChar::getName()
{
return (char *) this->offset[32];
}
int CChar::GetPid()
{
return this->offset[7];
}
int CChar::GetLevel(void)
{
return this->offset[15];
}
void CChar::SetLevel(int level)
{
this->offset[15] = level;
}
int CChar::GetType()
{
return this->offset[6];
}
int CChar::GetCurHp()
{
return this->offset[68];
}
int CChar::GetCurMp()
{
return this->offset[69];
}
int CChar::GetMaxHp()
{
return (int)(this + 112) + (int)(this + 84) + (int)(this + 208) * (int)(this + 84) / 100;
//return Server::CChar::GetMaxHp(this->offset);
}
int CChar::GetMaxMp()
{
return (int)(this->offset + 116) + (int)(this->offset + 88) + (int)(this->offset+ 212) * (int)(this->offset + 88) / 100;
//return Server::CChar::GetMaxMp(this->offset);
}
int CChar::GetStr(void)
{
int v2;
v2 = (int)(this->offset + 92) + (int)(this->offset + 64);
return v2 + (int)(this->offset + 188) * v2 / 100;
//return Server::CChar::GetStr(this->offset);
}
int CChar::GetHth(void)
{
int v2;
v2 = (int)(this->offset + 96) + (int)(this->offset + 68);
return v2 + (int) (this->offset + 192) * v2 / 100;
//return Server::CChar::GetHth(this->offset);
}
int CChar::GetAgi(void)
{
int v2; // ST04_4@1
v2 = (int)(this->offset + 108) + (int)(this->offset + 80);
return v2 + (int)(this->offset + 204) * v2 / 100;
//return Server::CChar::GetDex(this->offset);
}
int CChar::GetInt(void)
{
int v2; // ST04_4@1
v2 = (int)(this->offset + 100) + (int)(this->offset + 72);
return v2 + (int)(this->offset + 196) * v2 / 100;
//return Server::CChar::GetInt(this->offset);
}
int CChar::GetWis(void)
{
return Server::CChar::GetWis(this->offset);
}
int CChar::GetMaxPhyAtk(void)
{
return Server::CChar::GetMaxAttack(this->offset);
}
int CChar::GetMinPhyAtk(void)
{
return Server::CChar::GetMinAttack(this->offset);
}
int CChar::GetMaxMagAtk(void)
{
return Server::CChar::GetMaxMagic(this->offset);
}
int CChar::GetMinMagAtk(void)
{
return Server::CChar::GetMinMagic(this->offset);
}
int CChar::GetResist(unsigned char Type)
{
return Server::CChar::GetResist(this->offset,Type);
}
int CChar::GetHit(void)
{
return Server::CChar::GetHit(this->offset);
}
int CChar::GetDodge(void)
{
return Server::CChar::GetDodge(this->offset);
}
int CChar::GetDefense(void)
{
return Server::CChar::GetDefense(this->offset);
}
int CChar::GetFinalDefense(int arg)
{
return Server::CChar::GetFinalDefense(this->offset,arg);
}
int CChar::GetAttackSpeed(void)
{
return Server::CChar::GetASpeed(this->offset);
}
int CChar::GetAbsorb(void)
{
return Server::CChar::GetAbsorb(this->offset);
}
int CChar::GetAttack(void)
{
return Server::CChar::GetAttack(this->offset);
}
int CChar::GetMagic(void)
{
return Server::CChar::GetMagic(this->offset);
}
More Code Examples by Bloodx:
http://forum.ragezone.com/f315/code-examples-911068/
Code:
/*
class cPlayer;
class cPlayer
{
public:
char _0x0000[32];
char Name[20]; //0x0020
char _0x0034[8];
BYTE Level; //0x003C
char _0x003D[3];
WORD Strength; //0x0040
char _0x0042[2];
WORD Health; //0x0044
char _0x0046[2];
WORD Intelligence; //0x0048
char _0x004A[2];
WORD Wisdom; //0x004C
char _0x004E[2];
WORD Agility; //0x0050
char _0x0052[2];
WORD MaxHealth; //0x0054
char _0x0056[2];
WORD Maxmana; //0x0058
char _0x005A[30];
WORD OTP; //0x0078
char _0x007A[2];
WORD Evasion; //0x007C
char _0x007E[2];
WORD minPhy; //0x0080
char _0x0082[2];
WORD maxPhy; //0x0084
char _0x0086[2];
WORD minMagic; //0x0088
char _0x008A[2];
WORD maxMagic; //0x008C
char _0x008E[2];
WORD Defense; //0x0090
char _0x0092[2];
WORD Defense_; //0x0094
char _0x0096[2];
WORD Absorb; //0x0098
char _0x009A[6];
BYTE FireRe; //0x00A0
char _0x00A1[3];
BYTE IceRe; //0x00A4
char _0x00A5[3];
BYTE EleRes; //0x00A8
char _0x00A9[3];
BYTE LightRes; //0x00AC
char _0x00AD[3];
BYTE CurseRes; //0x00B0
char _0x00B1[95];
WORD CurHealth; //0x0110
char _0x0112[2];
WORD CurMana; //0x0114
char _0x0116[54];
DWORD X; //0x014C
DWORD Y; //0x0150
DWORD Z; //0x0154
char _0x0158[104];
DWORD UID; //0x01C0
DWORD PID; //0x01C4
BYTE AdminLevel; //0x01C8
char _0x01C9[3];
BYTE Class; //0x01CC
char _0x01CD[3];
BYTE Job; //0x01D0
char _0x01D1[7];
DWORD EXP; //0x01D8
char _0x01DC[68];
WORD StatPoints; //0x0220
char _0x0222[2];
WORD SkillPoints; //0x0224
char _0x0226[2];
};//Size=0x0228
*/
class cPlayer
{
public:
signed int getMinMagic(int PlayerPointer);
signed int getMaxMagic(int PlayerPointer);
signed int getMinPhy(int PlayerPointer);
signed int getMaxPhy(int PlayerPointer);
short getAdmin(int PlayerPointer);
private:
};
signed int cPlayer::getMinPhy(int PlayerPointer)
{
return *(signed short*)(PlayerPointer + 0x80);
}
signed int cPlayer::getMaxPhy(int PlayerPointer)
{
return *(signed short*)(PlayerPointer + 0x84);
}
signed int cPlayer::getMinMagic(int PlayerPointer)
{
return *(signed short*)(PlayerPointer + 0x88);
}
signed int cPlayer::getMaxMagic(int PlayerPointer)
{
return *(signed short*)(PlayerPointer + 0x8C);
}
short cPlayer::getAdmin(int PlayerPointer)
{
return *(short*)(PlayerPointer + 0x1C8);
}
More Code Examples by MadKnight:
http://forum.ragezone.com/f554/howto-detour-kal-mainserver-892220/
Or watch at my Releases like
http://forum.ragezone.com/f315/cooldownprotection-905270/
(i often released my Source + compiled DLL)
Code:
// ##################################
// # GETTER #
// ##################################
char* Player::GetName()
{
__asm mov eax, [ecx]
__asm add eax, 32
}
int Player::GetLevel()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+60]
}
int Player::GetPid()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+452]
}
int Player::GetAdmin()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+456]
}
int Player::GetClass()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+460]
}
int Player::GetSpeed()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+260]
}
int Player::GetCurHp()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+276]
}
int Player::GetCurMp()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+276]
}
int Player::GetStr()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+64]
}
int Player::GetAgi()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+80]
}
int Player::GetInt()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+72]
}
int Player::GetHp()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+68]
}
int Player::GetXCoord()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+332]
}
int Player::GetYCoord()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+336]
}
int Player::GetZCoord()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+340]
}
int Player::GetMap()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+316]
}
int Player::GetMaxHp()
{
__asm mov edx, 0x0043A200
__asm mov ecx, thispointer
__asm call edx
}
int Player::GetEvasion()
{
__asm mov edx, 0x0043DB90
__asm mov ecx, [ecx]
__asm call edx
}
int Player::GetOtp()
{
__asm mov edx, 0x0043DB60
__asm mov ecx, [ecx]
__asm call edx
}
int Player::GetStatPoints()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+544]
}
int Player::GetSkillPoints()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+548]
}
int Player::GetRange()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+580]
}
int Player::GetMinAtk()
{
__asm mov edx, 0x0043D8E0
__asm mov ecx, [ecx]
__asm call edx
}
int Player::GetMaxAtk()
{
__asm mov edx, 0x0043D9A0
__asm mov ecx, [ecx]
__asm call edx
}
int Player::GetSpeciality(void)
{
__asm mov eax, [ecx]
__asm mov eax, [eax+464]
}
int Player::GetContribute(void)
{
__asm mov eax, [ecx]
__asm mov eax, [eax+468]
}
int Player::GetGRole(void)
{
__asm mov eax, [ecx]
__asm mov eax, [eax+536]
}
int Player::GetKilled()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+552]
}
int Player::GetRage()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+580]
}
int Player::GetPartySize()
{
__asm mov edx, 0x0045FE50
__asm mov ecx, [ecx]
__asm call edx
}
int Player::GetGState()
{
__asm mov eax, [ecx]
__asm mov eax, [eax+280]
}
__int64 Player::GetExp()
{
__asm mov eax, [ecx]
__asm mov eax, [ecx+472]
__asm mov edx, [ecx+476]
__asm retn 8
}
// ##################################
// # SETTER #
// ##################################
void Player::SetName(const char *name)
{
__asm mov eax, [ecx]
__asm mov edx, [ebp+8]
__asm push edx
__asm push 1
__asm xor edx, edx
__asm mov edx, 0x0046D100
__asm mov ecx, eax
__asm call edx
//Server::CPlayer::OnChangePlayerName(this->thispointer,1,name);
}
void Player::SetLevel(int level)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm sub ecx, 1
__asm mov [eax+60], ecx
__asm xor ecx, ecx
__asm mov edx, 0x0045CC00
__asm mov ecx, eax
__asm call edx
}
void Player::SetPid(int pid)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+60], ecx
}
void Player::SetAdmin(int x)
{
__asm mov eax, [ecx]
__asm mov edx, [ebp+8]
__asm mov [eax+456], edx
}
void Player::SetClass(int pclass)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+460], ecx
}
void Player::SetSpeed(int speed)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+260], ecx
}
void Player::SetCurHp(int curhp)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+276], ecx
}
void Player::SetCurMp(int curmp)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+276], ecx
}
void Player::SetStr(int str)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+64], ecx
}
void Player::SetAgi(int agi)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+80], ecx
}
void Player::SetInt(int intel)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+72], ecx
}
void Player::SetHp(int hp)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+68], ecx
}
void Player::SetXCoord(int x)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+332], ecx
}
void Player::SetYCoord(int y)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+336], ecx
}
void Player::SetZCoord(int z)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+340], ecx
}
void Player::SetMap(int map)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+316], ecx
}
void Player::SetStatPoints(int statp)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+544], ecx
}
void Player::SetSkillPoints(int skillp)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+548], ecx
}
void Player::SetRange(int range)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+580], ecx
}
void Player::SetSpeciality(int sepc)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+464], ecx
}
void Player::SetContribute(int contr)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+468], ecx
}
void Player::SetGRole(int grole)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+536], ecx
}
void Player::SetKilled(int killed)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+552], ecx
}
void Player::SetRage(int rage)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+552], ecx
}
void Player::SetGState(int gstate)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov [eax+280], ecx
}
void Player::SetExp(__int64 exp)
{
__asm mov eax, [ecx]
__asm mov ecx, [ebp+8]
__asm mov edx, [ebp+12]
__asm mov [eax+472], ecx
__asm mov [eax+476], edx
}
void Player::CIOCriticalSectionEnter(void)
{
Server::CIOCriticalSection::Enter((void*)((DWORD)this->thispointer+1020));
}
void Player::CIOCriticalSectionLeave(void)
{
Server::CIOCriticalSection::Leave((void*)((DWORD)this->thispointer+1020));
}
//int thisp = (int) thispointer;
// int* coordinates = new int[2];
// coordinates[0] = x;
// coordinates[1] = y;
//__asm push coordinates
void Player::Teleport(int map, int x, int y)
{
__asm mov eax,[ecx]
__asm push eax
int* coord = new int[2];
__asm pop eax
__asm push 0
__asm push 0
__asm mov edi, [coord]
__asm mov ecx, [ebp+12]
__asm mov [edi], ecx
__asm mov ecx, [ebp+16]
__asm mov [edi+4], ecx
__asm push edi
__asm mov edx, [ebp+8]
__asm push edx
__asm mov edx, 0x0045CC90
__asm mov ecx, eax
__asm call edx
}
Socket Player::GetSocket()
{
return new Socket(*(void **)_this[419]);
}
char* Player::GetIP()
{
return inet_ntoa(((struct in_addr*)_this[419])[35]); //419*4 = 1676
}
Inventory Player::GetInventory()
{
return new Inventory(*(void **)_this[267]);
}
void Player::InsertItem(int index, int amount)
{
Server::CItem::InsertItem((int)thispointer,21,index,0,amount,-1);
}
bool Player::isGM()
{
return this->GetAdmin() >= 8;
}
bool Player::isAdmin()
{
return this->GetAdmin() >= 11;
}
void Player::Kick()
{
__asm mov eax,[ecx]
__asm push eax
char b[] = "b";
__asm pop eax
__asm push 1
__asm lea ecx,b
__asm push ecx
__asm push 45
__asm mov edx, [eax+396]
__asm mov ecx, eax
__asm call edx
}
void Player::Hide(bool hide)
{
hide ? Server::CPlayer::CPlayer__AddMState((int)this->thispointer,524288) :
Server::Unknown::CChar__SubMState((int)this->thispointer,524288,0);
}
void Player::SystemMessage(char *message)
{
Server::CPlayer::Write(this->thispointer, 68,"bs",18,message);
}
void Player::Notice(char* notice)
{
Server::CPlayer::Write(this->thispointer, 15,"s",notice);
}
Code:
using namespace std;
void PlayerListIt() // Get whole Player Online list as Vector
{
Server::CIOCriticalSection::Enter((void*)0x4e2078); // Make it Thread Safe
Server::CIOCriticalSection::Enter((void*)0x4e2098); // Protect it against other Accesses
Server::CLink::MoveTo((void*)0x4e200c,(int)0x4e2004);
Server::CIOCriticalSection::Leave((void*)0x4e2098);
int* Playerp = 0;
for ( DWORD i = *(DWORD*)0x4e2004; i != 0x4e2004; i = *(DWORD*)i)//PlayerlistAddressPointer
{
Playerp = (int*)(i-428); // Every Playerpointer is stored 428x4 Bytes far away
//Do Stuff here
}
Server::CIOCriticalSection::Leave((void*)0x4e2078); // We are done
}
Reference:
http://forum.ragezone.com/f315/fps-limiter-739734/
http://forum.ragezone.com/f241/new-world-kal-everything-826949/
Code:
/* Tweaks.h */
#include <iostream>
#include <Windows.h>
using namespace std;
class CTweaks
{
public:
CTweaks(); // Constructor
void HookWorldRefresh(); // World refreshing function hooker
private:
// This function has to be static, otherwise it wouldn't be possible to get a pointer to it.
static WPARAM __thiscall WorldRefresh(void*); // Engine World refreshing thread
typedef int (__cdecl *WREngineFunc)(void); // Unknown WorldRefresh function's prototype
typedef int (__thiscall *RefreshEntities)(void*); // Entity worldrefreshing function's prototype
DWORD WREngineFuncPtr; // Pointer to unknown worldrefreshing function
DWORD RefreshEntitiesPtr; // Pointer to entity worldrefreshing function
BYTE *WREngineActive; // Pointer to possible 'this' instance
int MaxFPS; // Maximum frames per second
int MaxTime; // Maximum milliseconds accepted to engage frame blocker
DWORD SleepTime; // Time to block the frame each round
};
extern CTweaks *Tweaks;
/* Tweaks.cpp */
#include "Tweaks.h"
// Only one single instance of this class is needed
// So there is no need to worry about where nor how we initialize it.
CTweaks *Tweaks = new CTweaks;
CTweaks::CTweaks()
{
// Engine addresses pointers
this->WREngineFuncPtr = 0x004a73b0;
this->RefreshEntitiesPtr = 0x00425960;
this->WREngineActive = (BYTE*)0x006ddf58;
}
void CTweaks::HookWorldRefresh()
{
this->MaxFPS = 30;
// Right here it is possible to load the max fps from a configuration file, or what so ever.
// Example : this->MaxFPS = Config->Engine.FPSLimit;
// Two calls to our WorldRefresh function, only one of them is used, but the second one is just in case.
this->MaxTime = (1000/this->MaxFPS);
Core->Intercept(INST_CALL,0x00505869,(DWORD)this->WorldRefresh,5);
Core->Intercept(INST_CALL,0x00505bfc,(DWORD)this->WorldRefresh,5);
#ifndef SILENT_MODE
cout << "FPS Limiter installed." << endl;
#endif
}
WPARAM __thiscall CTweaks::WorldRefresh(void *thisPointer)
{
// Since this function is running as a thread, InixSoft had to declare it as static (just as done here)
// Therefore, since the 'this' instance can only be used with non-static member functions,
// The calling convention is not __thiscall anymore but __fastcall, and the 'this' pointer is passed as argument.
// EDIT: After some tests, I figured __thiscall is sometimes required, so try it like this.
// If it doesn't work out, change it back to __fastcall
// Default function vars
void *that;
char state;
struct tagMSG Msg;
HACCEL hAccel;
// Our variables
// We will be using high resolution timers
// <3 precision
int PerformanceTime;
unsigned __int64 lpFrequency;
unsigned __int64 lpPerformanceCount;
unsigned __int64 lpPerformanceStep;
// This > That. Ok ?
that = thisPointer;
// Checking for the CPU's frequency, unit is in Herz.
QueryPerformanceFrequency((LARGE_INTEGER*)&lpFrequency);
hAccel = LoadAcceleratorsA(NULL, (LPCSTR)0x71);
Msg.message = 0;
PeekMessageA(&Msg, NULL, WM_NULL, WM_NULL, PM_NOREMOVE);
while (Msg.message != 0x12)
{
// EXTREMELY important!!
// Since we call functions that weren't compiled with the same compiler (type, version, et cetera) as we use
// There are high chances that those functions modify, either the stack or the registers in a way OUR compiler would never expect.
// Such corruption is especially noticeable in loops, causing crashes in most cases.
// This is why it is critical to save the stack before and after those functions are executed.
__asm pushad
if (*((BYTE*)that+0x9d)) state = (!!PeekMessageA(&Msg, NULL, WM_NULL, WM_NULL, PM_REMOVE));
else state = (!!GetMessageA(&Msg, NULL, 0, 0));
if (state)
{
if ((!hAccel) || (!(*(DWORD*)that+0x38)) || (!TranslateAcceleratorA(*((HWND*)that+0x38), hAccel, &Msg)))
{
TranslateMessage(&Msg);
DispatchMessageA(&Msg);
}
// Not quite sure about what this function really does
// I know it's executed when the mouse is moved.
((WREngineFunc)Tweaks->WREngineFuncPtr)();
}
else
{
if ((*((BYTE*)that+0x9d)) && (*(BYTE*)Tweaks->WREngineActive))
{
// Querying the performance count before and after world refreshing function
QueryPerformanceCounter((LARGE_INTEGER*)&lpPerformanceCount);
// This function refreshes the whole kal world, including object movements in time, daytime, et cetera, well, pretty much everything.
// Could also be called rendering function.
int tmpActive = ((RefreshEntities)Tweaks->RefreshEntitiesPtr)(that);
QueryPerformanceCounter((LARGE_INTEGER*)&lpPerformanceStep);
if (tmpActive < 0) SendMessageA(*((HWND*)that+0x38), WM_COMMAND, 0x9C46, 0);
// From here on, we will calculate the difference between the two counters
// And base the time we'll need to block the frames from being displayed for on that amount.
PerformanceTime = (int)(lpFrequency / (lpPerformanceStep-lpPerformanceCount));
if (PerformanceTime) PerformanceTime = 1000 / PerformanceTime;
if (Tweaks->MaxTime > PerformanceTime)
{
// This var could be used as local variable, but let's rather keep it global.
Tweaks->SleepTime = (Tweaks->MaxTime - PerformanceTime);
Sleep(Tweaks->SleepTime);
}
}
}
// Restoring the stack.
__asm popad
}
if (hAccel) DestroyAcceleratorTable(hAccel);
return Msg.wParam;
}
You must be registered to see links
(beautiful work, best c++ project in kal scene so far)
MoUz KalOnline PacketSystem
You must be registered to see links
(Dont worry this Website is Online since 2006 and i made Backup of this whole Website, when it will be down i will reupload this Website )
Bakabugs 1909 Mainserver Function List
You must be registered to see links
(Very Important List for Function Names in Mainserver)
And i wanted to show you some MadKnight "puke" ^^
This is how i am Coding when i try something, i dont know if its usefull for anyone but take a look
Code:
#include <winsock2.h>
#include "../detours 1.5/include/detours.h"
#include "../Server.h"
#include <iostream>
#include "hPacket.h"
#include <fstream>
#include <string>
#include <detours.h>
#include <windows.h>
#include <ctime>
#include "Utilities.h"
#include <MadCore.h>
#include <fcntl.h>
#include <stdio.h>
#include <io.h>
#include <string>
#include <sstream>
#include <iostream>
#pragma comment(lib, "MadLib.lib")
#pragma comment(lib,"ws2_32.lib")
#pragma comment(lib, "detours.lib")
#define DATA_BUFSIZE 32768
using namespace std;
#pragma pack(1)
static void (__thiscall *Process)(void *Socket, const char* Data) = (void (__thiscall*)(void*, const char*))0x00494930;
static void (__cdecl *Write)(void *Player, unsigned char Type, const char* Format, ...) = (void (__cdecl*)(void*, unsigned char, const char*, ...))0x00452e60;
static void (__thiscall *CIOSocket__Read) (int thisp, size_t a2) = (void (__thiscall*)(int thisp, size_t a2))0x00424440;
FILE* pSendLogFile;
FILE* pRecvLogFile;
extern "C" int (WINAPI *pRecv)(SOCKET s, char* buf, int len, int flags) = recv;
int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags);
int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags)
{
printf("TEST");
printf("%s\n", buf);
return pRecv(s, buf, len, flags);
}
HANDLE CreateConsole();
std::ofstream Logger;
HANDLE CreateConsole()
{
int hConHandle = 0;
HANDLE lStdHandle = 0;
FILE *fp = 0;
AllocConsole();
lStdHandle = GetStdHandle(STD_OUTPUT_HANDLE);
hConHandle = _open_osfhandle(PtrToUlong(lStdHandle), _O_TEXT);
fp = _fdopen(hConHandle, "w");
*stdout = *fp;
setvbuf(stdout, NULL, _IONBF, 0);
return lStdHandle;
void print_bytes(const void *object, size_t size)
{
char bytesBuffer[16];
size_t i;
std::stringstream msg (std::stringstream::in | std::stringstream::out);
msg << "[ ";
for(i = 0; i < size; i++)
{
sprintf_s(bytesBuffer, sizeof(bytesBuffer),"%02x ", ((const unsigned char *) object)[i] & 0xff);
msg << bytesBuffer;
}
msg << "]\n";
printf( const_cast<char*>(msg.str().c_str()));
}
vector<vector<unsigned char>> Packet_Content_Filter;
#define CONFIG_FILE "PacketFilterConfig.ini"
void loadFilter()
{
char sMessage[500];
string prefix_content = "[PACKET_CONTENT_FILTER]";
ifstream f;
string s;
string t;
ifstream ifile(CONFIG_FILE);
if (ifile)
{
f.open(CONFIG_FILE, ios::in);
while (!f.eof())
{
getline(f, s);
if (s.substr(0, prefix_content.size()) == prefix_content)
{
getline(f, s);
t = (s.substr(0,1024));
sprintf_s(sMessage, sizeof(sMessage), " [PACKET_CONTENT_FILTER] -> %s installed \n\n", t.c_str());
__asm lea eax, sMessage
__asm push eax
__asm mov edx, printf
__asm call edx
//printf(sMessage);
vector<unsigned char> temp;
std::istringstream hex_chars_stream(t);
unsigned int c;
while (hex_chars_stream >> std::hex >> c)
{
temp.push_back(c);
}
Packet_Content_Filter.push_back(temp);
}
}
}
f.close();
}
BOOL check_bytes(const void *object, size_t size)
{
for (int i=0;i<Packet_Content_Filter.size();i++)
{
int x = 0;
for(x;x<size && x<Packet_Content_Filter.at(i).size();x++)
{
if ( Packet_Content_Filter.at(i).at(x) != 0x00)
if (((const unsigned char *) object)[x] != Packet_Content_Filter.at(i).at(x))
break;
}
if (x == Packet_Content_Filter.at(i).size())
return FALSE;
}
return TRUE;
}
void __fastcall CSocketProcessObserver(void *Socket, void *_edx, char* Data)
{
unsigned short Size;
unsigned char Type;
char* content = ParseData(Data, "wb", &Size, &Type);
time_t t = time(0);
struct tm * now = localtime(&t);
char* ip = inet_ntoa(((struct in_addr*)Socket)[35]);
FILE* pSendLogFile;
char filename[100];
sprintf_s(filename, sizeof(filename),"Log\\MadSnifferLog_%04d_%02d_%02d_%02d_%02d.txt", now->tm_year+1900, now->tm_mon+1,
now->tm_mday, now->tm_hour, now->tm_min);
pSendLogFile = fopen(filename, "a+");
//printf( "%04d/%02d/%02d %02d:%02d:%02d [MadSniffer] Packet from IP:%s \nType: %s (0x%02x) \n",now->tm_year+1900, now->tm_mon,
// now->tm_mday, now->tm_hour, now->tm_min, now->tm_sec , ip, Header(Data) ,Type);
// std::ostringstream msg = print_bytes(Data,Size);
fprintf(pSendLogFile, "%04d/%02d/%02d %02d:%02d:%02d [MadSniffer] Packet from IP:%s - Type: %s (0x%02x) Size:%i \n",now->tm_year+1900, now->tm_mon+1,
now->tm_mday, now->tm_hour, now->tm_min, now->tm_sec , ip, Header(Data) ,Type, Size);
fclose(pSendLogFile);
Process(Socket, Data);
}
char const hexd[16] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B','C','D','E','F'};
std::string byte_2_str(char* bytes, int size) {
std::string str;
//std::string temp;
for (int i = 0; i < size; ++i) {
const char ch = bytes[i];
str.append(&hexd[(ch & 0xF0) >> 4], 1);
str.append(&hexd[ch & 0xF], 1);
str.append(" ");
}
return str;
}
void ParsePacket(char *sPacket, int iLen)
{
IPacket Packet;
Packet.addBuffer(sPacket, iLen);
char bByte = Packet.getByte();
print_bytes(&bByte,iLen);
//return check_bytes(&bByte,iLen);
}
extern "C" int (WINAPI *pWSARecv)(SOCKET,LPWSABUF,DWORD,LPDWORD,LPDWORD,LPWSAOVERLAPPED,LPWSAOVERLAPPED_COMPLETION_ROUTINE) = WSARecv;
int WINAPI MyWSARecv (SOCKET,LPWSABUF,DWORD,LPDWORD,LPDWORD,LPWSAOVERLAPPED,LPWSAOVERLAPPED_COMPLETION_ROUTINE);
typedef int (WINAPI *WSA_recv) (SOCKET, LPWSABUF , DWORD, LPDWORD, LPDWORD, LPWSAOVERLAPPED, LPWSAOVERLAPPED_COMPLETION_ROUTINE );
WSA_recv Recv_original = NULL;
//extern "C" BOOL(WINAPI *pGetQueuedCompletionStatus) (HANDLE, LPDWORD, PULONG_PTR, LPOVERLAPPED *, DWORD) = GetQueuedCompletionStatus;
//BOOL WINAPI MyGetQueuedCompletionStatus (HANDLE, LPDWORD, PULONG_PTR, LPOVERLAPPED *, DWORD);
typedef int (WINAPI *pGetQueuedCompletionStatus_hook) (HANDLE, LPDWORD, PULONG_PTR, LPOVERLAPPED *, DWORD );
pGetQueuedCompletionStatus_hook Q_original = NULL;
char *WSARecvBuffer;
int WINAPI Recv_hook(SOCKET s,LPWSABUF lpBuffers, DWORD dwBufferCount, LPDWORD lpNumberOfBytesRecvd,LPDWORD lpFlags,LPWSAOVERLAPPED lpOverlapped,LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine)
{
bool forward = true;
if (lpBuffers->buf != NULL)
WSARecvBuffer = lpBuffers->buf;
else
WSARecvBuffer = 0;
for (int x = 0; x < (int)dwBufferCount; x++)
if (lpBuffers[x].buf[0] != 0 )
{
IPacket Packet;
Packet.addBuffer(lpBuffers[x].buf, 60);
char bByte = Packet.getByte();
print_bytes(&bByte,60);
forward = check_bytes(&bByte,60);
if(!forward)
Server::Console::WriteBlue("Filtered in WSARecv!");
std::cout << std::endl;
}// ( sizeof(lpBuffers[x].buf) / sizeof(lpBuffers[x].buf[0]) - 1) );
//std::cout << byte_2_str(lpBuffers[x].buf,sizeof(lpBuffers[x].buf)*20); //printf("%s ",lpBuffers[x].buf);
//printf("%x %i %i %s",lpBuffers[x].buf, lpBuffers[x].len, 1, s);
// Sleep(10);
if ( forward)
return Recv_original( s, lpBuffers, dwBufferCount, lpNumberOfBytesRecvd, lpFlags, lpOverlapped, lpCompletionRoutine);
else
return WSA_IO_PENDING;
}
CRITICAL_SECTION cs;
HANDLE t;
BOOL WINAPI MyGetQueuedCompletionStatus (HANDLE CompletionPort, LPDWORD lpBytesTransferred, PULONG_PTR lpCompletionKey, LPOVERLAPPED *lpOverlapped, DWORD dwMilliseconds)
{
EnterCriticalSection(&cs);
t = GetCurrentThread();
//Sleep(10000);
// I wouldn't touch poop here, you may fuckup the proxy
//int retn = Q_original(CompletionPort, lpBytesTransferred, lpCompletionKey, lpOverlapped, dwMilliseconds);
// if ((int)*lpBytesTransferred <= 0)
// return retn;
Server::Console::WriteBlue("%i",lpCompletionKey);
// Server::Console::WriteBlue("%i",*(DWORD *)lpCompletionKey + 20);
bool forward = true;
if (lpBytesTransferred > 0 && WSARecvBuffer)
{
IPacket Packet;
Packet.addBuffer(WSARecvBuffer, 60);
char bByte = Packet.getByte();
print_bytes(&bByte,60);
forward = check_bytes(&bByte,60);
if(!forward)
{
Server::Console::WriteBlue("Filtered in MyGetQueuedCompletionStatus!");
//CloseHandle(t);
//__asm mov edx, 0x00423ED5
// __asm jmp edx
}
Sleep(100);
std::cout << std::endl; std::cout << std::endl;
// HandleMessage(WSARecvBuffer, *lpBytesTransferred, 0, (SOCKET) CompletionPort);
}
LeaveCriticalSection(&cs);
if(forward)
return Q_original(CompletionPort, lpBytesTransferred, lpCompletionKey, lpOverlapped, dwMilliseconds);
else
return 0;
}
/**
void __cdecl CIOSocket__IOThread()
{
HANDLE v0; // eax@1
unsigned __int32 CompletionKey; // [sp+0h] [bp-10h]@2
int v2; // [sp+4h] [bp-Ch]@2
DWORD NumberOfBytesTransferred; // [sp+8h] [bp-8h]@2
LPOVERLAPPED Overlapped; // [sp+Ch] [bp-4h]@2
v0 = GetCurrentThread();
SetThreadIdealProcessor(v0, 32u);
while ( 1 )
{
v2 = GetQueuedCompletionStatus(CompletionPort, &NumberOfBytesTransferred, &CompletionKey, &Overlapped, 4294967295u);
InterlockedIncrement(&RunningThreadCount);
(*(void (__thiscall **)(unsigned __int32, int, DWORD, LPOVERLAPPED))(*(_DWORD *)CompletionKey + 20))(
CompletionKey,
v2,
NumberOfBytesTransferred,
Overlapped);
InterlockedDecrement(&RunningThreadCount);
}
}
**/
BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved )
{
// MadCore core(ul_reason_for_call);
CreateConsole();
//core.Register(&(PVOID&)Process,(PVOID)CSocketProcessObserver);
switch(ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
loadFilter();
InitializeCriticalSection(&cs);
Recv_original = (WSA_recv)DetourFunction((PBYTE)&WSARecv, (PBYTE)&Recv_hook);
Q_original = (pGetQueuedCompletionStatus_hook)DetourFunction((PBYTE)&GetQueuedCompletionStatus, (PBYTE)&MyGetQueuedCompletionStatus);
// Recv_original = (WSA_recv)DetourFunction((PBYTE)0x0042454A, (PBYTE)&Recv_hook);
break;
case DLL_PROCESS_DETACH:
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
break;
}
return TRUE;
//core.RegisterHook(0x0042454A,Recv_hook);
//return core.Run();
}
Good luck and Have fun with it, all credits goes to the Owner and Creator of the Source Codes!
*Damn Ragezone Rollback, i hope my post now stays here ^^
Last edited: