[Discussion]The Client ip

[ARTYOMT]

I am not a pro of coding for now but I know the game very much and I am good at setting up servers so I have some experience and I think the client ip is maybe:
1) The launcher or the exe file
2) The patch files
3) The agt extension files
4) The dlls

Maybe I am wrong but I think it can be in the launcher or the patch files.

[MentaL]

[GzFKoron]

Alright thanks, I have installed the client now but its all in korean, so.. yea. lol

I don't really know how I would edit the AGT files, tbh we need a runnable that can be ran without using the launcher, because even if we do find the IP, we need to know the files of the update server, so it would actually work.

[ARTYOMT]

Maybe yes but updating is needed too. But we need to unrar the agt files to make updates and to find the ip and other things.

[GzFKoron]

Maybe yes but updating is needed too. But we need to unrar the agt files to make updates and to find the ip and other things.

I was hoping for now there was some type of skip update.

[MentaL]

if the IP is hardcoded or what not.. thats easy to get around!!! Use edit the windows host list.

C:\Windows\System32\drivers\etc\hosts

[ARTYOMT]

I will try then. Thx

[CheckPoint]

1.The IP appears to be hardcoded on DriftCity.exe
2.Editing /etc/hosts isn't gonna work unfortunately
3.Try setting up a loopback.
4.If you don't want to do that,use the DriftHook I posted

Code:

#define _WIN32_WINNT 0x0501
#include <winsock2.h>
#include <windows.h>
#include <intrin.h>
#include <Detours.h>
#include <stdio.h>
#include <io.h>
#include <fcntl.h>
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "psapi.lib")

typedef int (WINAPI* Prototype_Connect)(SOCKET, const struct sockaddr*, int);
Prototype_Connect Original_Connect;


typedef int (WINAPI *MessageBoxt) (int, char *, char *, int);
MessageBoxt MessageBoxOrg;
int WINAPI MessageBoxHook (int a, char *b, char *c, int d)
{
	  	return MessageBoxOrg(a,b,c,d);
}

int WINAPI Hooked_Connect(SOCKET s, const struct sockaddr* name, int namelen)
{
    sockaddr_in* service = (sockaddr_in*)name;
        unsigned long address = inet_addr("127.0.0.1");
        memcpy(&service->sin_addr, &address, sizeof(unsigned long));
    return Original_Connect(s, name, namelen);
}

void HidePEB(HINSTANCE hModule) {

DWORD dwPEB_LDR_DATA = 0;
	_asm{
		pushad;
		pushfd;
		mov eax, fs:[30h]
			mov eax, [eax+0Ch]
			mov dwPEB_LDR_DATA, eax

InLoadOrderModuleList:
		mov esi, [eax+0Ch]
			mov edx, [eax+10h]

LoopInLoadOrderModuleList: 
		lodsd
			mov esi, eax
			mov ecx, [eax+18h]
			cmp ecx, hModule
			jne SkipA
			mov ebx, [eax]
			mov ecx, [eax+4]
			mov [ecx], ebx
			mov [ebx+4], ecx
			jmp InMemoryOrderModuleList

SkipA:
		cmp edx, esi
			jne LoopInLoadOrderModuleList

InMemoryOrderModuleList:
		mov eax, dwPEB_LDR_DATA
			mov esi, [eax+14h]
			mov edx, [eax+18h]

LoopInMemoryOrderModuleList: 
		lodsd
			mov esi, eax
			mov ecx, [eax+10h]
			cmp ecx, hModule
			jne SkipB
			mov ebx, [eax] 
			mov ecx, [eax+4]
			mov [ecx], ebx
			mov [ebx+4], ecx
			jmp InInitializationOrderModuleList

SkipB:
		cmp edx, esi
			jne LoopInMemoryOrderModuleList

InInitializationOrderModuleList:
		mov eax, dwPEB_LDR_DATA
			mov esi, [eax+1Ch]
			mov edx, [eax+20h]

LoopInInitializationOrderModuleList: 
		lodsd
			mov esi, eax
			mov ecx, [eax+08h]
			cmp ecx, hModule
			jne SkipC
			mov ebx, [eax] 
			mov ecx, [eax+4]
			mov [ecx], ebx
			mov [ebx+4], ecx
			jmp Finished

SkipC:
		cmp edx, esi
			jne LoopInInitializationOrderModuleList

Finished:
		popfd;
		popad;
	}
}



DWORD WINAPI DriftHook(LPVOID lpReserved)
{
    AllocConsole();

    HANDLE handle_out = GetStdHandle(STD_OUTPUT_HANDLE);
    int hCrt = _open_osfhandle((long) handle_out, _O_TEXT);
    FILE* hf_out = _fdopen(hCrt, "w");
    setvbuf(hf_out, NULL, _IONBF, 1);
    *stdout = *hf_out;

    HANDLE handle_in = GetStdHandle(STD_INPUT_HANDLE);
    hCrt = _open_osfhandle((long) handle_in, _O_TEXT);
    FILE* hf_in = _fdopen(hCrt, "r");
    setvbuf(hf_in, NULL, _IONBF, 128);
    *stdin = *hf_in;
	system("title DriftHook");
	printf("DriftHook(C) Cosmos 2010\n");
    printf("Debug mode started!\n");
	Sleep(500);
	printf("Hooks set!\n");
	MessageBoxOrg = (MessageBoxt)DetourFunction ((PBYTE)GetProcAddress (GetModuleHandleA ("user32.dll"), "MessageBoxA"), (PBYTE)MessageBoxHook);
	Sleep(500);
	printf("Redirecting connections to localhost...\n");
	Original_Connect = (Prototype_Connect)DetourFunction((PBYTE)GetProcAddress(GetModuleHandle("ws2_32.dll"), "connect"), (PBYTE)Hooked_Connect);
	Sleep(500);
	printf("Done!\n");
	return true;
}



BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
    UNREFERENCED_PARAMETER(lpReserved);
    if(ul_reason_for_call == DLL_PROCESS_ATTACH)
    {
		HidePEB(hModule);
        DisableThreadLibraryCalls(hModule);
		CreateThread (NULL, NULL, DriftHook, NULL, NULL, NULL);
    }
    return true;
}

[ARTYOMT]

WoW Well done I will try this later

[GzFKoron]

1.The IP appears to be hardcoded on DriftCity.exe
2.Editing /etc/hosts isn't gonna work unfortunately
3.Try setting up a loopback.
4.If you don't want to do that,use the DriftHook I posted

Code:

#define _WIN32_WINNT 0x0501
#include <winsock2.h>
#include <windows.h>
#include <intrin.h>
#include <Detours.h>
#include <stdio.h>
#include <io.h>
#include <fcntl.h>
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "psapi.lib")

typedef int (WINAPI* Prototype_Connect)(SOCKET, const struct sockaddr*, int);
Prototype_Connect Original_Connect;


typedef int (WINAPI *MessageBoxt) (int, char *, char *, int);
MessageBoxt MessageBoxOrg;
int WINAPI MessageBoxHook (int a, char *b, char *c, int d)
{
	  	return MessageBoxOrg(a,b,c,d);
}

int WINAPI Hooked_Connect(SOCKET s, const struct sockaddr* name, int namelen)
{
    sockaddr_in* service = (sockaddr_in*)name;
        unsigned long address = inet_addr("127.0.0.1");
        memcpy(&service->sin_addr, &address, sizeof(unsigned long));
    return Original_Connect(s, name, namelen);
}

void HidePEB(HINSTANCE hModule) {

DWORD dwPEB_LDR_DATA = 0;
	_asm{
		pushad;
		pushfd;
		mov eax, fs:[30h]
			mov eax, [eax+0Ch]
			mov dwPEB_LDR_DATA, eax

InLoadOrderModuleList:
		mov esi, [eax+0Ch]
			mov edx, [eax+10h]

LoopInLoadOrderModuleList: 
		lodsd
			mov esi, eax
			mov ecx, [eax+18h]
			cmp ecx, hModule
			jne SkipA
			mov ebx, [eax]
			mov ecx, [eax+4]
			mov [ecx], ebx
			mov [ebx+4], ecx
			jmp InMemoryOrderModuleList

SkipA:
		cmp edx, esi
			jne LoopInLoadOrderModuleList

InMemoryOrderModuleList:
		mov eax, dwPEB_LDR_DATA
			mov esi, [eax+14h]
			mov edx, [eax+18h]

LoopInMemoryOrderModuleList: 
		lodsd
			mov esi, eax
			mov ecx, [eax+10h]
			cmp ecx, hModule
			jne SkipB
			mov ebx, [eax] 
			mov ecx, [eax+4]
			mov [ecx], ebx
			mov [ebx+4], ecx
			jmp InInitializationOrderModuleList

SkipB:
		cmp edx, esi
			jne LoopInMemoryOrderModuleList

InInitializationOrderModuleList:
		mov eax, dwPEB_LDR_DATA
			mov esi, [eax+1Ch]
			mov edx, [eax+20h]

LoopInInitializationOrderModuleList: 
		lodsd
			mov esi, eax
			mov ecx, [eax+08h]
			cmp ecx, hModule
			jne SkipC
			mov ebx, [eax] 
			mov ecx, [eax+4]
			mov [ecx], ebx
			mov [ebx+4], ecx
			jmp Finished

SkipC:
		cmp edx, esi
			jne LoopInInitializationOrderModuleList

Finished:
		popfd;
		popad;
	}
}



DWORD WINAPI DriftHook(LPVOID lpReserved)
{
    AllocConsole();

    HANDLE handle_out = GetStdHandle(STD_OUTPUT_HANDLE);
    int hCrt = _open_osfhandle((long) handle_out, _O_TEXT);
    FILE* hf_out = _fdopen(hCrt, "w");
    setvbuf(hf_out, NULL, _IONBF, 1);
    *stdout = *hf_out;

    HANDLE handle_in = GetStdHandle(STD_INPUT_HANDLE);
    hCrt = _open_osfhandle((long) handle_in, _O_TEXT);
    FILE* hf_in = _fdopen(hCrt, "r");
    setvbuf(hf_in, NULL, _IONBF, 128);
    *stdin = *hf_in;
	system("title DriftHook");
	printf("DriftHook(C) Cosmos 2010\n");
    printf("Debug mode started!\n");
	Sleep(500);
	printf("Hooks set!\n");
	MessageBoxOrg = (MessageBoxt)DetourFunction ((PBYTE)GetProcAddress (GetModuleHandleA ("user32.dll"), "MessageBoxA"), (PBYTE)MessageBoxHook);
	Sleep(500);
	printf("Redirecting connections to localhost...\n");
	Original_Connect = (Prototype_Connect)DetourFunction((PBYTE)GetProcAddress(GetModuleHandle("ws2_32.dll"), "connect"), (PBYTE)Hooked_Connect);
	Sleep(500);
	printf("Done!\n");
	return true;
}



BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
    UNREFERENCED_PARAMETER(lpReserved);
    if(ul_reason_for_call == DLL_PROCESS_ATTACH)
    {
		HidePEB(hModule);
        DisableThreadLibraryCalls(hModule);
		CreateThread (NULL, NULL, DriftHook, NULL, NULL, NULL);
    }
    return true;
}

Thanks, now I need to learn coding.

[ARTYOMT]

No need just edit ur ip in the code (127.0.0.1) and make it work.

[MentaL]

so if this hardcoded ip you cannot find, why not open up command prompt and run nbtstat -a and check all the outbound connections and find the ip that way.

[CheckPoint]

so if this hardcoded ip you cannot find, why not open up command prompt and run nbtstat -a and check all the outbound connections and find the ip that way.

Tbh,that's not the main issue at the moment.The server files have no database connection,there is no default connection,and the packets appear to be changed since the last update.It would be better to work on an emulator imho.

[Delteros]

Tbh,that's not the main issue at the moment.The server files have no database connection,there is no default connection,and the packets appear to be changed since the last update.It would be better to work on an emulator imho.

If you have the time and skills to make an emulator, then you can make one if you want to.

[MentaL]

so then your main issue is finding an old compatible client then?