- Joined
- Nov 21, 2006
- Messages
- 137
- Reaction score
- 39
This is how you can send packets to the server as if it was the native client sending.
For V6.49:
For V6.72:
* I will post codes for version 8.92 and 9.23 later.
Thanks to @c4str0 for the original function.
For V6.49:
Code:
void SendGamePacket(BYTE* lpaddress, WORD len)
{
DWORD* baseaddrpacket = (DWORD*)[B]0x0089EE00[/B];
DWORD* packetfunc = (DWORD*)[B]0x00451370[/B];
memcpy((DWORD*)(*baseaddrpacket + 0x9C), lpaddress, len); *PWORD(*PDWORD(baseaddrpacket) + 0x4098) = len;
__asm
{
pushad mov esi, [baseaddrpacket]
mov esi, [esi]
lea ecx, [esi + 0x80BC]
popad
mov ecx, [baseaddrpacket]
mov ecx, [ecx] mov[ebp - 4], ecx
mov ecx, [packetfunc]
mov[ebp - 8], ecx
push[ebp - 4]
call dword ptr[ebp - 8]
}
}
For V6.72:
Code:
void SendGamePacket(BYTE* lpaddress, WORD len)
{
DWORD* baseaddrpacket = (DWORD*)[B]0x008DA670[/B];
DWORD* packetfunc = (DWORD*)[B]0x004596A0[/B];
memcpy((DWORD*)(*baseaddrpacket + 0x9C), lpaddress, len); *PWORD(*PDWORD(baseaddrpacket) + 0x4098) = len;
__asm
{
pushad mov esi, [baseaddrpacket]
mov esi, [esi]
lea ecx, [esi + 0x80BC]
popad
mov ecx, [baseaddrpacket]
mov ecx, [ecx] mov[ebp - 4], ecx
mov ecx, [packetfunc]
mov[ebp - 8], ecx
push[ebp - 4]
call dword ptr[ebp - 8]
}
}
* I will post codes for version 8.92 and 9.23 later.
Thanks to @c4str0 for the original function.
Last edited: