Using MCommand (07 again)

[ThePhailure772]

MCommand.h

Code:

#include "Empathy.h"
#include "MUID.h"
#include "Addresses.h"
#include "MCommandParameter.h"
#include "Enums.h"

struct MCommandDesc;

typedef MCommandDesc* (__thiscall* MCommandDescTypedef)(MCommandDesc*, uint32_t, const char*, const char*, int);
MCommandDescTypedef MCommandDescConstructor = reinterpret_cast<MCommandDescTypedef>(MCommandDesc__MCommandDescAddress);


struct MCommandManager
{
    void AddCommandDesc(MCommandDesc* command)
    {
        ((void (__thiscall*)(LPVOID, MCommandDesc*))MCommandManager__AddCommandDescAddress) (this, command);
    }
};


struct MCommandDesc
{
    LPVOID m_pPolymoprhism;
    uint32_t m_nCommandId;
    char m_szName[256];
    char m_szDescription[256];
    uint32_t m_nFlag;
    std::vector<MCommandParameterDesc*> m_pParameterDescs;

    MCommandDesc(uint32_t commandId, const char* name, const char* description, uint32_t flag)
    {
        MCommandDescConstructor (this, commandId, name, description, flag);
    }

    void AddParamDesc(MCommandParameterDesc* param)
    {
        ((void (__thiscall*)(LPVOID, MCommandParameterDesc*))MCommandDesc__AddParameterDescAddress) (this, param);
    }
};

struct MCommand
{
    LPVOID CMemPool;
    MCommand* m_pNextCommand;
    MUID m_uidSender;
    MUID m_uidReceiver;
    MCommandDesc* m_pCommandDesc;
    std::vector<MCommandParameter*> m_pCommandParams;
    BYTE m_nSerialNumber;

    bool AddParameter(MCommandParameter* param)
    {
        return ((bool (__thiscall *)(LPVOID,MCommandParameter*))MCommand__AddParameterAddress) (this, param);
    }

    bool GetParameter(void *pValue, int i, MCommandParameterType type, int bufferSize)
    {
        return ((bool (__thiscall *)(LPVOID,LPVOID,int,MCommandParameterType,int))MCommand__GetParameterAddress) (this, pValue, i, type, bufferSize);
    }

    MCommandParameter* GetParameter(uint32_t i)
    {
        return ((MCommandParameter* (__thiscall*)(LPVOID, uint32_t))MCommand__GetParameterAddress2)(this, i);
    }
    static MCommand* Create(uint32_t packetId)
    {
        return ((MCommand* (__cdecl*)(uint32_t))ZNewCMDAddress)(packetId);
    }

    static void Post(MCommand* packet)
    {
        _asm
        {
            mov eax, ZGetGameClientAddress
            call eax
            push packet
            mov edx, [eax]
            mov ecx,eax
            call [edx+0x30]
        }
    }
};

struct MPacketHeader
{
    uint16_t nMsg;
    uint16_t nSize;
    uint16_t nCheckSum;
};

struct MPacketCrypterKey
{
    char szKey[32];
};

struct MPacketCrypter
{
    LPVOID m_pPolymoprhism;
    MPacketCrypterKey m_Key;
};

struct MCommandBuilder
{
    LPVOID m_pPolymoprhism;
    MUID m_uidSender;
    MUID m_uidReceiver;
    MCommandManager* m_pCommandManager;
    char m_Buffer[0x4000];
    uint32_t m_nBufferNext;
    std::list<MCommand*> m_CommandList;
    std::list<MPacketHeader*> m_NetCmdList;
    MPacketCrypter* m_pPacketCrypter;
};

MCommandParameters.h

Code:

#include "Empathy.h"
#include "MUID.h"
#include "Addresses.h"

struct MCommandParameterDesc;
struct MCommandParameterInt;
struct MCommandParameterUInt;
struct MCommandParameterString;
struct MCommandParameterFloat;
struct MCommandParameterMUID;
struct MCommandParameterBlob;

typedef MCommandParameterDesc* (__thiscall* MCommandParameterDescTypedef)(MCommandParameterDesc*, uint32_t, const char*);
typedef MCommandParameterInt* (__thiscall* MCommandParameterIntTypedef) (MCommandParameterInt*, int);
typedef MCommandParameterUInt* (__thiscall* MCommandParameterUIntTypedef) (MCommandParameterUInt*, uint32_t);
typedef MCommandParameterString* (__thiscall* MCommandParameterStringTypedef) (MCommandParameterString*, char*);
typedef MCommandParameterFloat* (__thiscall* MCommandParameterFloatTypedef) (MCommandParameterFloat*, float);
typedef MCommandParameterMUID* (__thiscall* MCommandParameterMUIDTypedef) (MCommandParameterMUID*, MUID*);
typedef MCommandParameterBlob* (__thiscall* MCommandParameterBlobTypedef) (MCommandParameterBlob*, LPVOID, int);

MCommandParameterDescTypedef MCommandParameterDescConstructor = reinterpret_cast<MCommandParameterDescTypedef>(MCommandParameterDesc__MCommandParameterDescAddress);
MCommandParameterIntTypedef MCommandParameterIntConstructor = reinterpret_cast<MCommandParameterIntTypedef>(MCommandParameterInt__MCommandParameterIntAddress);
MCommandParameterUIntTypedef MCommandParameterUIntConstructor = reinterpret_cast<MCommandParameterUIntTypedef>(MCommandParameterUInt__MCommandParameterUIntAddress);
MCommandParameterStringTypedef MCommandParameterStringConstructor = reinterpret_cast<MCommandParameterStringTypedef>(MCommandParameterString__MCommandParameterStringAddress);
MCommandParameterFloatTypedef MCommandParameterFloatConstructor = reinterpret_cast<MCommandParameterFloatTypedef>(MCommandParameterFloat__MCommandParameterFloatAddress);
MCommandParameterMUIDTypedef MCommandParameterMUIDConstructor = reinterpret_cast<MCommandParameterMUIDTypedef>(MCommandParameterMUID__MCommandParameterMUIDAddress);
MCommandParameterBlobTypedef MCommandParameterBlobConstructor = reinterpret_cast<MCommandParameterBlobTypedef>(MCommandParameterBlob__MCommandParameterBlobAddress);



struct MCommandParameterDesc
{
    LPVOID m_pPolymoprhism;
    uint32_t m_nParamType;
    char m_szDescription[64];
    std::vector<LPVOID> m_pParameterConditions;

    MCommandParameterDesc(uint32_t type, const char* desc)
    {
        MCommandParameterDescConstructor(this, type, desc);
    }
};

struct MCommandParameter
{
    LPVOID m_pPolymoprhism;
    uint32_t m_nParamType;
};

struct MCommandParameterInt : public MCommandParameter
{
    int m_Value;

    MCommandParameterInt(int value)
    {
        MCommandParameterIntConstructor (this, value);
    }
};

struct MCommandParameterUInt : public MCommandParameter
{
    uint32_t m_Value;

    MCommandParameterUInt(uint32_t value)
    {
        MCommandParameterUIntConstructor (this, value);
    }
};

struct MCommandParameterString : public MCommandParameter
{
    char* m_Value;

    MCommandParameterString(char* value)
    {
        MCommandParameterStringConstructor (this, value);
    }
};

struct MCommandParameterMUID : public MCommandParameter
{
    MUID m_Value;

    MCommandParameterMUID(MUID* value)
    {
        MCommandParameterMUIDConstructor (this, value);
    }
};

struct MCommandParameterBlob : public MCommandParameter
{
    char* m_Value;
    int m_nSize;

    static void MakeBlobHeader(char* data, int elementCount, int elementSize)
    {    
        int total = (elementCount * elementSize) + 8;

        data = new char[total+4];
        memcpy(data, &total, 4);
        memcpy(data+4, &elementSize, 4);
        memcpy(data+8, &elementCount, 4);
    }

    static char* MMakeBlobArray(int nOneBlobSize, int nBlobCount)
    {
        char *result;
        
        result = new char[(nBlobCount * nOneBlobSize + 8)];
        *((DWORD *)result + 1) = nBlobCount;
        *(DWORD *)result = nOneBlobSize;
        return result;
    }


    static char *MGetBlobArrayElement(char *pBlob, uint32_t i)
    {
        char *result;
      
        if (i < 0 || i >= *((DWORD *)pBlob + 1))
          result = 0;
        else
          result = pBlob + (i * *(DWORD *)pBlob + 8);
      
        return result;
    }


    MCommandParameterBlob(LPVOID value, int size)
    {
        MCommandParameterBlobConstructor (this, value, size);
    }
};

Addresses (07)

Code:

static uint32_t MAddSharedCommandTableAddress = 0x0051D6D0;
static uint32_t ZNewCMDAddress = 0x004C3B60;
static uint32_t MCommand__AddParameterAddress = 0x00507C00;
static uint32_t MCommand__GetParameterAddress = 0x00507010;
static uint32_t MCommand__GetParameterAddress2 = 0x00506FD0;
static uint32_t MCommandDesc__MCommandDescAddress = 0x005079B0;
static uint32_t MCommandParameterDesc__MCommandParameterDescAddress = 0x00506F20;
static uint32_t MCommandManager__AddCommandDescAddress = 0x00514FA0;
static uint32_t MCommandDesc__AddParameterDescAddress = 0x005083A0;
static uint32_t MCommandParameterInt__MCommandParameterIntAddress = 0x00505AF0;
static uint32_t MCommandParameterUInt__MCommandParameterUIntAddress = 0x00505C20;
static uint32_t MCommandParameterString__MCommandParameterStringAddress = 0x00505DD0;
static uint32_t MCommandParameterFloat__MCommandParameterFloatAddress = 0x00505CF0;
static uint32_t MCommandParameterMUID__MCommandParameterMUIDAddress = 0x005068E0;
static uint32_t MCommandParameterBlob__MCommandParameterBlobAddress = 0x00505FD0;
static uint32_t ZGameClient__OnCommandAddress = 0x004C7990;

Enum

Code:

enum MCommandParameterType
{
    MPT_INT,
    MPT_UINT,
    MPT_FLOAT,
    MPT_BOOL,
    MPT_STRING,
    MPT_VECTOR,
    MPT_POS,
    MPT_DIR,
    MPT_COLOR,
    MPT_MUID,
    MPT_BLOB,
    MPT_CHAR,
    MPT_UCHAR,
    MPT_SHORT,
    MPT_USHORT,
    MPT_INT64,
    MPT_UINT64,
    MPT_SVECTOR
};

Example of creating and sending:

Code:

        auto command = MCommand::Create(0xD136);
        auto file = new MCommandParameterString(argv[1]);

        command->AddParameter(file);
        MCommand::Post(command);

Example of extracting:

Code:

    if (pCommand->m_pCommandDesc->m_nCommandId == 0x515)
    {
        MUID uidPlayer;
        char szStage[256];
        bool isPrivate;
        char szPassword[64];

        pCommand->GetParameter(&uidPlayer, 0, MPT_MUID, -1);
    
        if (uidPlayer.uidHigh != pCommand->m_uidSender.uidHigh)
        {
            instance->DisconnectObject(&uidPlayer);
            return false;
        }

        if (!pCommand->GetParameter(szStage, 1, MPT_STRING, 256) ||
            !pCommand->GetParameter(&isPrivate, 2, MPT_BOOL, -1) ||
            !pCommand->GetParameter(szPassword, 3, MPT_STRING, 64))
        {
            return false;
        }

        instance->OnStageCreate(&uidPlayer, szStage, isPrivate, szPassword);
        return true;
    }

Example of Adding custom packets:

Code:

CDetour MAddSharedCommandTableDet;
void MAddSharedCommandTableHook (MCommandManager* pCommandManager, int nSharedType)
{
    MCommandDesc* sexCommand = new MCommandDesc(0xD135, "Dreams.Sex.Change", "Changes character sex in-game", 1);
    MCommandParameterDesc* sexDesc = new MCommandParameterDesc (0, "nSex");
    
    sexCommand->AddParamDesc(sexDesc);

    pCommandManager->AddCommandDesc (sexCommand);
    pCommandManager->AddParamDesc (sexDesc);

    printf ("Added sex change packet.\n");

    MCommandDesc* configRehash = new MCommandDesc(0xD136, "Dreams.Config.Rehash", "Reloads config file on the fly", 1);
    MCommandParameterDesc* configDesc = new MCommandParameterDesc (4, "szFile");
    
    configRehash->AddParamDesc(configDesc);

    pCommandManager->AddCommandDesc (configRehash);
    pCommandManager->AddParamDesc (configDesc);

    printf ("Added config rehashing packet.\n");

    MCommandDesc* color = new MCommandDesc(0xD137, "Dreams.Server.RequestColors", "Allows for on-the fly dynamic loading of custom colors", 1);
    pCommandManager->AddCommandDesc(color);


    MCommandDesc* colorResponse = new MCommandDesc(0xD138, "Dreams.Server.RehashColors", "Allows for on-the fly dynamic loading of custom colors", 1);
    MCommandParameterDesc* colorBlob = new MCommandParameterDesc (10, "ColorInfo");

    colorResponse->AddParamDesc(colorBlob);

    pCommandManager->AddCommandDesc(colorResponse);
    pCommandManager->AddParamDesc(colorBlob);

    auto ban = new MCommandDesc(0xD149, "Dreams.Server.Ban", "Bans specified user", 1);
    auto user = new MCommandParameterDesc(4, "szUser");
    auto reason = new MCommandParameterDesc(4, "szReason");

    pCommandManager->AddCommandDesc(ban);
    ban->AddParamDesc(user);
    ban->AddParamDesc(reason);
}

[MentaL]

[00niels00]

Can you send the VC++ project?
Anyways your stuff is great ;)

[dacharles]

btw, how you hook OnCommand? to get the packets... or what you hook to check if one of your packets arrived?

[Evil[]Power]

Nice release needed that too.. mm thanks

[R3apingSaint]

btw, how you hook OnCommand? to get the packets... or what you hook to check if one of your packets arrived?

Code:

CDetour MMatchServer__OnCommand;
void WINAI MMatchServer__OnCommandhook(MCommand *pCmd)
{
    switch(pCmd->pCmdDesc->m_nCommandID)
    {
        case 0xlolololol:
        {
            do_your_stuff();
            break;
        }
    }
}

example based from his code.

[dacharles]

Code:

CDetour MMatchServer__OnCommand;
void WINAI MMatchServer__OnCommandhook(MCommand *pCmd)
{
    switch(pCmd->pCmdDesc->m_nCommandID)
    {
        case 0xlolololol:
        {
            do_your_stuff();
            break;
        }
    }
}

example based from his code.

http://forum.ragezone.com/f496/dev-h...on-fix-690994/

I use that, and sometimes it crash and sometimes it works good and is tested just by me.

Edit: wait, "void WINAPI" will make any difference?...

[R3apingSaint]

yes i meant to write WINAPI instead of WINAI. im just waking up so forgive me if im wrong but WINAPI is just

Code:

#define WINAPI __stdcall

if you use that function and it sometimes crashes then id suggest using what thephailure772 reversed and look up on it yourself.
fyi if you are going to need a lot of "if and else" statements then id highly suggest using the switch loop, its easier on your application or dll.

[Linear88]

http://forum.ragezone.com/f496/dev-h...on-fix-690994/

I use that, and sometimes it crash and sometimes it works good and is tested just by me.

Edit: wait, "void WINAPI" will make any difference?...

WINAPI = __stdcall

Use a boolean as the function type for MCommand instead.

About this:
http://forum.ragezone.com/f496/dev-h...on-fix-690994/

Avoid using __asm to get your parameters, and use the structures instead...

[dacharles]

I'm using the structures of phailure and it works for the first packets(I print every packetID that is passed on OnCommand), then it crash with the bool __stdcall.

There is any other solution?

[Linear88]

Don't create any pointer variables in your hook, and use return true for readability.

[GentleTouch]

Can someone please declare everything that is required to get MCommandParameterVector working for me please? I've tried but shit just isnt working.