Hi, im searching for the loginpacket in a IDB. The op is 0x00 (0). (v118)
So far I found CLogin_OnPacket
Spoiler:
PHP Code:int __thiscall CLogin::OnPacket(void *this, int a1, int a2)
{
int result; // eax@1
result = a1;
switch ( a1 )
{
case 0:
result = CLogin::OnCheckPasswordResult(a2);
break;
case 1:
result = sub_6B7AB0((int)((char *)this - 8), a2);
break;
case 2:
result = sub_6B7F40(a2);
break;
case 3:
result = sub_6AC770(a2);
break;
case 4:
result = sub_6AA930(a2);
break;
case 5:
result = sub_6AE970(a2);
break;
case 6:
result = sub_6ACF50(a2);
break;
case 7:
result = sub_6B4D70(a2);
break;
case 8:
result = sub_6AAA50(a2);
break;
case 9:
result = sub_6B44C0(a2);
break;
case 10:
result = sub_6B8440(a2);
break;
case 12:
result = sub_6AE880(a2);
break;
case 14:
result = sub_6B33E0(a2);
break;
case 13:
result = sub_6B48E0(a2);
break;
case 11:
result = sub_6B8AC0(a2);
break;
case 25:
result = sub_6AA970(a2);
break;
case 34:
result = sub_6AAA20(a2);
break;
case 28:
result = sub_6AA8E0(a2);
break;
case 29:
result = sub_6AE790(a2);
break;
case 30:
result = sub_6B9080(a2);
break;
case 31:
result = sub_6AA320(a2);
break;
case 32:
result = sub_6AB180(a2);
break;
case 33:
result = sub_6AB1D0(a2);
break;
default:
if ( (unsigned int)(a1 - 211) <= 2 )
JUMPOUT(loc_86B770);
if ( (unsigned int)(a1 - 214) <= 2 )
JUMPOUT(loc_701090);
return result;
}
return result;
}
But I'm not sure where to find the packet structure after this.
CLogin::OnCheckPasswordResult also didn't seen to be it.
Spoiler:
PHP Code:int __thiscall sub_6B7AB0(int this, int a2)
{
int v2; // edi@1
int v3; // ecx@1
int v4; // esi@1
int v5; // ebp@1
int result; // eax@3
int v7; // eax@13
int v8; // eax@16
int v9; // edi@31
int v10; // ebp@31
int v11; // ebx@31
bool v12; // zf@35
int v13; // eax@38
int v14; // [sp-3Ch] [bp-A8h]@31
int v15; // [sp-38h] [bp-A4h]@31
int v16; // [sp-34h] [bp-A0h]@31
int v17; // [sp-30h] [bp-9Ch]@31
int v18; // [sp-2Ch] [bp-98h]@31
int v19; // [sp-28h] [bp-94h]@31
int v20; // [sp-24h] [bp-90h]@31
int v21; // [sp-20h] [bp-8Ch]@31
int v22; // [sp-1Ch] [bp-88h]@31
int v23; // [sp-18h] [bp-84h]@31
int v24; // [sp-14h] [bp-80h]@31
int v25; // [sp-10h] [bp-7Ch]@31
int v26; // [sp-Ch] [bp-78h]@31
signed int v27; // [sp-8h] [bp-74h]@4
int v28; // [sp-4h] [bp-70h]@4
int v29; // [sp+14h] [bp-58h]@31
int v30; // [sp+18h] [bp-54h]@31
int v31; // [sp+1Ch] [bp-50h]@16
int v32; // [sp+20h] [bp-4Ch]@31
int v33; // [sp+24h] [bp-48h]@31
int v34; // [sp+28h] [bp-44h]@1
int v35; // [sp+2Ch] [bp-40h]@31
char v36; // [sp+30h] [bp-3Ch]@31
char v37; // [sp+38h] [bp-34h]@31
int v38; // [sp+40h] [bp-2Ch]@31
int v39; // [sp+44h] [bp-28h]@31
int v40; // [sp+48h] [bp-24h]@31
int v41; // [sp+4Ch] [bp-20h]@31
int v42; // [sp+50h] [bp-1Ch]@31
int v43; // [sp+54h] [bp-18h]@31
int v44; // [sp+58h] [bp-14h]@31
int v45; // [sp+5Ch] [bp-10h]@31
int v46; // [sp+68h] [bp-4h]@13
v2 = this;
v34 = this;
v3 = *(_DWORD *)(this + 396);
*(_DWORD *)(v34 + 472) = 0;
(*(void (__stdcall **)(signed int))(*(_DWORD *)v3 + 64))(3);
v4 = a2;
v5 = (unsigned __int8)CInPacket::Decode1(a2);
*(_BYTE *)(v2 + 580) = CInPacket::Decode1(v4);
if ( dword_116E0CC )
sub_6D5990(1);
result = v5 + 1;
switch ( v5 + 1 )
{
case 0:
case 7:
case 9:
case 10:
v28 = 0;
v27 = 15;
goto LABEL_24;
case 3:
case 4:
v28 = 0;
v27 = 16;
goto LABEL_24;
case 14:
v28 = 0;
v27 = 21;
goto LABEL_24;
case 6:
v28 = 0;
v27 = 20;
goto LABEL_24;
case 5:
v28 = 0;
v27 = 3;
goto LABEL_24;
case 8:
sub_6B4B30(0, 0);
v28 = 0;
v27 = 17;
goto LABEL_24;
case 11:
v28 = 0;
v27 = 19;
goto LABEL_24;
case 12:
v28 = 0;
v27 = 14;
goto LABEL_24;
case 15:
result = sub_6C1600(27);
if ( result )
{
StringPool::GetInstance();
v7 = *(_DWORD *)StringPool::GetString(&a2, 3201);
sub_C76810(v7, 0);
result = a2;
v46 = -1;
if ( a2 )
result = ZXString_char____Release((volatile LONG *)(a2 - 12));
}
break;
case 16:
result = sub_6C1600(26);
if ( result )
{
StringPool::GetInstance();
v8 = *(_DWORD *)StringPool::GetString(&v31, 3201);
v46 = 1;
sub_C76810(v8, 0);
result = v31;
v46 = -1;
if ( v31 )
result = ZXString_char____Release((volatile LONG *)(v31 - 12));
}
break;
case 17:
case 22:
v28 = 0;
v27 = 33;
goto LABEL_24;
case 44:
v28 = 0;
v27 = 72;
goto LABEL_24;
case 45:
v28 = 0;
v27 = 78;
goto LABEL_24;
case 18:
v28 = 0;
v27 = 27;
goto LABEL_24;
case 26:
v28 = 0;
v27 = 40;
goto LABEL_24;
case 39:
v28 = 0;
v27 = 901;
LABEL_24:
result = sub_6C1890(v27, v28);
break;
default:
break;
}
if ( !v5 || v5 == 12 || v5 == 23 )
{
switch ( *(_BYTE *)(v2 + 580) )
{
case 0:
case 1:
if ( dword_116E0CC )
sub_6D5990(0);
v9 = CInPacket::Decode4(v4);
v10 = (unsigned __int8)CInPacket::Decode1(v4);
LOBYTE(v33) = CInPacket::Decode1(v4);
LOBYTE(v32) = CInPacket::Decode1(v4);
CInPacket::Decode1(v4);
CInPacket::DecodeStr(&v30);
v46 = 3;
LOBYTE(v31) = CInPacket::Decode1(v4);
LOBYTE(a2) = CInPacket::Decode1(v4);
CInPacket::DecodeBuffer(&v36, 8);
dword_1173128(&v36, &v42);
CInPacket::DecodeBuffer(&v37, 8);
dword_1173128(&v37, &v38);
v11 = CInPacket::Decode4(v4);
CInPacket::DecodeStr(&v29);
v35 = (int)&v28;
LOBYTE(v46) = 4;
v28 = 0;
sub_431510(&v29);
v27 = v11;
v23 = v38;
v24 = v39;
v22 = 0;
v25 = v40;
v21 = 0;
v26 = v41;
LOBYTE(v46) = 5;
v17 = v42;
v18 = v43;
v19 = v44;
v20 = v45;
v16 = a2;
v15 = v31;
a2 = (int)&v14;
v14 = 0;
sub_431510(&v30);
LOBYTE(v46) = 4;
sub_6ADB90(v9, v10, v33, v32, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23, v24, v25, v26, v27, v28);
a2 = ZAllocEx_ZAllocAnonSelector___Alloc(196);
LOBYTE(v46) = 6;
if ( a2 )
sub_6D87A0(v34);
LOBYTE(v46) = 3;
if ( v29 )
ZXString_char____Release((volatile LONG *)(v29 - 12));
result = v30;
v12 = v30 == 0;
goto LABEL_39;
case 2:
case 3:
result = sub_6C1480(31, 0);
if ( result && !*(_DWORD *)(v2 + 464) )
{
StringPool::GetInstance();
v13 = *(_DWORD *)StringPool::GetString(&v35, 5);
v46 = 2;
sub_C76810(v13, 0);
result = v35;
v12 = v35 == 0;
LABEL_39:
v46 = -1;
if ( !v12 )
result = ZXString_char____Release((volatile LONG *)(result - 12));
}
break;
default:
result = sub_6C1890(15, 0);
break;
}
}
return result;
}
sub_6B7AB0 couldn't render in pseudo code, but that probably has nothing to do with finding the login packet.
Please don't flame :blushing: Im new to all this. I'm just trying to learn. And I've allready learnt a lot from moogra's update guide and Heidi's IDB guide. I just don't fully understand it yet.
Thanks in advance for thinking with me! :thumbup:
- - - Updated - - -
This is the error im having, big chunk of packet problems:
Spoiler:
Code:Received data :
00 D2 71 96 C3 48 86 27 E3 15 E8 3D 90 9D C6 05 53 C9 09 3B 3E FE 17 53 6D 2C 48
F1 49 94 08 94 59 66 D8 B6 EB 2A E6 82 8C F9 5C 5C EF E1 0E BC 18 EF 1B 0F 46 4
B 9B C0 DA 7B 64 69 C6 E2 62 D3 93 3D 4B E5 18 3B CE 5E 92 06 23 6C 40 66 74 6B
64 B2 2E 17 BC B2 9B 0C AE 08 14 9E 94 CB CC 04 8B 45 EF 22 C7 93 57 EB E7 C1 30
1F 1B 61 61 02 57 4E 4B A0 B1 EF 3A 5A D7 42 BE 8C A9 7D
.Êq?├H?'Ò.Þ=??ã.S╔.;>■.Sm,H±I?.?YfÏÂÙ*µ??¨\\´ß.╝.´..FK?└┌{diãÔbË?=KÕ.;╬^?.#l@ftk
d▓..╝▓?.«..??╦╠.?E´"Ã?WÙþ┴0..aa.WNKá▒´:ZÎB¥?®}
Received data : (Unhandled)
00 D2 71 96 C3 48 86 27 E3 15 E8 3D 90 9D C6 05 53 C9 09 3B 3E FE 17 53 6D 2C 48
F1 49 94 08 94 59 66 D8 B6 EB 2A E6 82 8C F9 5C 5C EF E1 0E BC 18 EF 1B 0F 46 4
B 9B C0 DA 7B 64 69 C6 E2 62 D3 93 3D 4B E5 18 3B CE 5E 92 06 23 6C 40 66 74 6B
64 B2 2E 17 BC B2 9B 0C AE 08 14 9E 94 CB CC 04 8B 45 EF 22 C7 93 57 EB E7 C1 30
1F 1B 61 61 02 57 4E 4B A0 B1 EF 3A 5A D7 42 BE 8C A9 7D
.Êq?├H?'Ò.Þ=??ã.S╔.;>■.Sm,H±I?.?YfÏÂÙ*µ??¨\\´ß.╝.´..FK?└┌{diãÔbË?=KÕ.;╬^?.#l@ftk
d▓..╝▓?.«..??╦╠.?E´"Ã?WÙþ┴0..aa.WNKá▒´:ZÎB¥?®}

