Newbie Spellweaver
- Joined
- Sep 14, 2007
- Messages
- 86
- Reaction score
- 85
// lst.cpp : 定义 DLL 应用程序的导出函数。//
#include "stdafx.h"
#include "HookManager.h"
#include "PacketManager.h"
#include "Protocol.h"
Crack g_Crack;
LPBYTE g_CrackAttachHookAddr = (LPBYTE)GetProcAddress(GetModuleHandle("kernel32.dll"), "GetStartupInfoA");
LPBYTE g_MultiByteToWideChar = (LPBYTE)GetProcAddress(GetModuleHandle("kernel32.dll"), "MultiByteToWideChar");
LPBYTE g_WideCharToMultiByte = (LPBYTE)GetProcAddress(GetModuleHandle("kernel32.dll"), "WideCharToMultiByte");
//LPBYTE g_CrackReturnAddr = (LPBYTE)0x00CD1960;
void Crack::Load()
{
GetBuffer((LPVOID)g_CrackAttachHookAddr, this->m_AttachRestoreBuff, 5);
SetOp((LPVOID)g_CrackAttachHookAddr, (LPVOID)Crack::ProcAttach, JMP);
GetBuffer((LPVOID)g_MultiByteToWideChar, this->m_MultiByteToWideChar, 5);
GetBuffer((LPVOID)g_WideCharToMultiByte, this->m_WideCharToMultiByte, 5);
}
__declspec(naked) void Crack::ProcAttach()
{
__asm
{
pushad
pushfd
call dword ptr ds : [Crack::ProcLoading]
popfd
popad
jmp dword ptr ds : [g_CrackAttachHookAddr]
}
}
void Crack::ProcLoading()
{
g_Crack.ProcCrack();
SetBuffer((LPVOID)g_CrackAttachHookAddr, g_Crack.m_AttachRestoreBuff, 5);
}
void Crack::ProcCrack()
{
HookThis_JMP((DWORD)&ParsePacket, 0x00C19CF5); // 1.18.70
HookThis_JMP((DWORD)&SendPacket, 0x00BAEBDD); // 1.18.70
//char MUName[] = "<LST>奇迹S12";
//char *NameAddress = (char*)(0x14C5948);
//memset(NameAddress, 0, strlen(MUName)+1);
//memcpy(NameAddress, MUName, strlen(MUName));
HookThis_JMP(0x00A3A86EF, 0x00BAEEC5);//1.18.70
//0A31625F - 0F84 F6348CF6 je main.00BD975B
//JE>>jmp
HookThis_JMP(0x00BEAA7F, 0x0A327E33);//1.18.70
SetRange((LPVOID)0x0A327E38, 1, 0x90);//1.18.70
//00510FD3 E8 AEE1FFFF call main.0050F186
//0A2D539E 55 push ebp
HookThis(0x0A317ED0, 0x0051087E);
HookThis(0x0A317ED0, 0x00511238);
HookThis(0x0A317ED0, 0x0051196A);
HookThis(0x0A317ED0, 0x00511DB6);
////ERROR
//setNumeric<BYTE>(0x00C36002, SJMP);
//跳MU
BYTE MU_JMP[] = { 0xEB,0x4B };
SetBuffer((LPVOID)0x005069DC, MU_JMP, sizeof(MU_JMP));//1.18.70
BYTE MU_JMP1[] = { 0xE9,0xBA,0x00,0x00,0x00,0x90 };
SetBuffer((LPVOID)0x00506E1E, MU_JMP1, sizeof(MU_JMP1));//1.18.70
//MuError Disable Enc Text
SetRange((LPVOID)0x00D42114, 32, 0x90);//1.18.70
//跳GG Disable redirect gg start
BYTE GG_JMP[] = { 0xE9,0x88,0x00,0x00,0x00,0x90 };
SetBuffer((LPVOID)0x00507524, GG_JMP, sizeof(GG_JMP));//1.18.70
BYTE GG_JMP1[] = { 0xEB,0x19 };
SetBuffer((LPVOID)0x005074E1, GG_JMP1, sizeof(GG_JMP1));//1.18.70
//Remove GameGuard
setNumeric<BYTE>(0x0050CFD2, SJMP);//1.18.70
setNumeric<BYTE>(0x00CC296F, SJMP);//1.18.70
setNumeric<BYTE>(0x00CC2AA8, SJMP);//1.18.70
//中文
setNumeric<BYTE>(0x015964E0, 0x86);//1.18.70
//创建中文角色
SetRange((LPVOID)0x00460DE2, 13,0x90);
SetByte(0x004BC12C, 0xEB);
SetByte(0x00AD5F93, 0xEB);
SetByte(0x00AD5F94, 0x43);
SetByte(0x00B100D2, 0xEB);
////二次加密跳过
SetRange((LPVOID)0x00C7B11C, 2, 0x90);//1.18.70
//加速
//setNumeric<BYTE>(0x00512F62 + 1, 1);//1.18.70
//setNumeric<BYTE>(0x00512F8A + 3, 1);//1.18.70
//NPC
//setNumeric<BYTE>(0x00BFAB9B+1, 0x35);//1.18.70
//跳ItemtooltipBmd
setNumeric<BYTE>(0x0085216E, 0xEB);//1.18.70
//跳itemsetoptiontext
setNumeric<BYTE>(0x00529b6c, 0xEB);//1.18.70
//masterskillTooltip
setNumeric<BYTE>(0x00b02eb5, 0xEB);//1.18.70
//SkillToolTipText
BYTE SKILL_JMP[] = { 0xE9,0xAD,0x00,0x00,0x00,0x90 };
SetBuffer((LPVOID)0x00CCA2F8, SKILL_JMP, sizeof(SKILL_JMP));//1.18.70
char ip[256] = { '\0' };
int Prot;
char path[256] = { '\0' };
GetModuleFileName(NULL, ip, MAX_PATH);
int nSize = strlen(ip);
do
{
if (ip[nSize] == '\\')
{
ip[nSize + 1] = '\0';
break;
}
nSize--;
} while (nSize != 0);
wsprintfA(path, "%s\\%s", ip, "config.ini");
GetPrivateProfileStringA("LOGIN", "IpAddress", "127.0.0.1", ip, 256, ".\\config.ini");
//sscanf("qiji.mpc.cn","%s", ip);
CopyMemory((LPVOID)0x01596520, ip, strlen(ip) + 1);//1.18.70
Prot = GetPrivateProfileInt("LOGIN", "Port", 44405, ".\\config.ini");
setNumeric<int>(0x01595A54, Prot);//1.18.70
char MainVersion[6] = "23446";
char *Version = (char*)(0x0159F3C8);//1.18.70
memset(Version, 0, 6);
memcpy(Version, MainVersion, strlen(MainVersion));
char MainSerial[17] = "fughy683dfu7teqg";
char *SERIAL = (char*)(0x0159F3C8 + 8);//1.18.70
memset(SERIAL, 0, 17);
memcpy(SERIAL, MainSerial, strlen(MainSerial));
//HookThis_JMP((DWORD)&MyMultiByte, 0x0051e968); // S13
//HookThis_JMP((DWORD)&MyMultiByte1, 0x0051E9A8); // S13
//HookThis_JMP((DWORD)&MyWideChar, 0x00A34ADD); // S12
//HookThis_JMP((DWORD)&MyWideChar1, 0x00A34B0E); // S12
//SetRange((LPVOID)0x0A2DA30A, 9, 0x90);
//HookThis_JMP((DWORD)&MySendp, 0x0A2DA30A);
}
void __declspec(naked) MySendp()
{
//0A2DA30A 8B45 08 mov eax, dword ptr ss : [ebp + 0x8]
// 0A2DA30D 8985 F8FAFFFF mov dword ptr ss : [ebp - 0x508], eax
// 0A2DA313 81BD F8FAFFFF F>cmp dword ptr ss : [ebp - 0x508], 0xFD
static DWORD MyJmp = 0x0A2DA313;
__asm
{
mov eax, dword ptr ss : [ebp + 0x0C];
push eax;
call gLog;
mov eax, dword ptr ss : [ebp + 0x8];
mov dword ptr ss : [ebp - 0x508], eax;
jmp[MyJmp];
}
}
void gLog(BYTE * pMsg)
{
BYTE iLen;
switch (pMsg[0])
{
case 0xC1:
iLen = pMsg[1];
break;
case 0xC2:
iLen = pMsg[2];
default:
break;
}
char buff[_MAX_PATH] = { 0 };
_getcwd(buff, sizeof(buff));
strcat(buff, "\\Send.txt");
std::ofstream ofs(buff, std::ios::app);//建立ofstream对像。
ofs << std::hex;
for (int i = 0; i<iLen; i++)
{
ofs << "0x" << (static_cast<short>(pMsg[i]) & 0xff) << " ";
}
ofs << "\r\n";
ofs.close();
return;
}
void __declspec(naked)MyWideChar()
{
static DWORD MyAddr = 0x3A8;
static DWORD MyJmp = 0x00A34AE5;
__asm
{
push MyAddr;
call WideCharToMultiByte;
jmp[MyJmp];
}
}
void __declspec(naked)MyWideChar1()
{
static DWORD MyAddr = 0x3A8;
static DWORD MyJmp = 0x00A34B16;
__asm
{
push MyAddr;
call WideCharToMultiByte;
jmp[MyJmp];
}
}
void __declspec(naked)MyMultiByte()
{
static DWORD MyAddr = 0x3A8;
static DWORD MyJmp = 0x0051e973;
__asm
{
push eax;
push 0;
push MyAddr
call dword ptr ds : [0x137E210];
jmp[MyJmp];
}
}
void __declspec(naked)MyMultiByte1()
{
static DWORD MyAddr = 0x3A8;
static DWORD MyJmp = 0x0051E9B3;
__asm
{
push eax;
push 0;
push MyAddr;
call dword ptr ds : [0x137E210];
jmp[MyJmp];
}
}
// -------------------------------------------------------------------------------
void __declspec(naked) muSendPacket(BYTE* buff, int len)
{
__asm
{
PUSH EBP;
MOV EBP, ESP;
MOV EAX, len;
PUSH EAX;
PUSH buff;
MOV ECX, DWORD PTR DS : [MU_SENDER_CLASS];
MOV EDX, MU_SEND_PACKET;
CALL EDX;
MOV ESP, EBP;
POP EBP;
RETN;
}
}
void SendPacket(BYTE* lpMsg, DWORD size, int enc, int unk1)
{
//if (lpMsg[2] == 0x0E || lpMsg[2] == 0x03 || lpMsg[2] == 0x19 || lpMsg[2] == 0x32)
//{
// lpMsg[0] = 0xC3;
//}
static BYTE send[8192];
memcpy(send, lpMsg, size);
if (enc)
{
if (lpMsg[0] == 0xC1)
{
BYTE save = lpMsg[1];
lpMsg[1] = (*(BYTE*)(MAIN_PACKET_SERIAL))++;
size = gPacketManager.Encrypt(&send[2], &lpMsg[1], (size - 1)) + 2;
lpMsg[1] = save;
send[0] = 0xC3;
send[1] = size;
}
else if (lpMsg[0] == 0xC2)
{
BYTE save = lpMsg[2];
lpMsg[2] = (*(BYTE*)(MAIN_PACKET_SERIAL))++;
size = gPacketManager.Encrypt(&send[3], &lpMsg[2], (size - 2)) + 3;
lpMsg[2] = save;
send[0] = 0xC4;
send[1] = HIBYTE(size);
send[2] = LOBYTE(size);
}
}
muSendPacket(send, size);
}
void ParsePacket(void* PackStream, int unk1, int unk2)
{
BYTE* buff;
while (true)
{
__asm {
MOV ECX, PackStream;
MOV EDX, PARSE_PACKET_STREAM;
CALL EDX;
MOV buff, EAX;
}
if (!buff)
break;
BYTE DecBuff[7024];
unsigned int DecSize;
int proto;
int size;
int enc;
switch (buff[0])
{
case 0xC1:
proto = buff[2];
size = buff[1];
enc = 0;
break;
case 0xC2:
proto = buff[3];
size = *(WORD*)&buff[1];
enc = 0;
break;
case 0xC3:
enc = 1;
size = buff[1];
DecSize = gPacketManager.Decrypt(&DecBuff[1], &buff[2], size - 2);
DecBuff[0] = 0xC1;
DecBuff[1] = DecSize + 2;
size = DecSize + 2;
buff = DecBuff;
proto = DecBuff[2];
break;
case 0xC4:
enc = 1;
size = MAKEWORD(buff[2], buff[1]);
DecSize = gPacketManager.Decrypt(&DecBuff[2], &buff[3], size - 3);
DecBuff[0] = 0xC2;
DecBuff[2] = LOBYTE(DecSize + 3);
DecBuff[1] = HIBYTE(DecSize + 3);
size = DecSize + 3;
buff = DecBuff;
proto = buff[3];
break;
}
if (unk1 == 1)
{
typedef int(*tProtocolCore2)(int, int, BYTE*, int, int);
tProtocolCore2 ProtocolCore2 = (tProtocolCore2)PROTOCOL_CORE1;
ProtocolCore2(unk2, proto, buff, size, enc);
}
else
{
typedef int(*tProtocolCore)(int, BYTE*, int, int);
tProtocolCore ProtocolCore = (tProtocolCore)PROTOCOL_CORE2;
bool bUseClientProtocolCore = CliProtocolCore(buff, proto, size, enc); // DLL protocolcore
if (bUseClientProtocolCore)
{
ProtocolCore(proto, buff, size, enc); // Main.exe protocolcore
}
}
}
}
I don't know where your source code comes from.
The client part of the source code for you
Client:1.18.70
Code:// lst.cpp : 定义 DLL 应用程序的导出函数。// #include "stdafx.h" #include "HookManager.h" #include "PacketManager.h" #include "Protocol.h" Crack g_Crack; LPBYTE g_CrackAttachHookAddr = (LPBYTE)GetProcAddress(GetModuleHandle("kernel32.dll"), "GetStartupInfoA"); LPBYTE g_MultiByteToWideChar = (LPBYTE)GetProcAddress(GetModuleHandle("kernel32.dll"), "MultiByteToWideChar"); LPBYTE g_WideCharToMultiByte = (LPBYTE)GetProcAddress(GetModuleHandle("kernel32.dll"), "WideCharToMultiByte"); //LPBYTE g_CrackReturnAddr = (LPBYTE)0x00CD1960; void Crack::Load() { GetBuffer((LPVOID)g_CrackAttachHookAddr, this->m_AttachRestoreBuff, 5); SetOp((LPVOID)g_CrackAttachHookAddr, (LPVOID)Crack::ProcAttach, JMP); GetBuffer((LPVOID)g_MultiByteToWideChar, this->m_MultiByteToWideChar, 5); GetBuffer((LPVOID)g_WideCharToMultiByte, this->m_WideCharToMultiByte, 5); } __declspec(naked) void Crack::ProcAttach() { __asm { pushad pushfd call dword ptr ds : [Crack::ProcLoading] popfd popad jmp dword ptr ds : [g_CrackAttachHookAddr] } } void Crack::ProcLoading() { g_Crack.ProcCrack(); SetBuffer((LPVOID)g_CrackAttachHookAddr, g_Crack.m_AttachRestoreBuff, 5); } void Crack::ProcCrack() { HookThis_JMP((DWORD)&ParsePacket, 0x00C19CF5); // 1.18.70 HookThis_JMP((DWORD)&SendPacket, 0x00BAEBDD); // 1.18.70 //char MUName[] = "<LST>奇迹S12"; //char *NameAddress = (char*)(0x14C5948); //memset(NameAddress, 0, strlen(MUName)+1); //memcpy(NameAddress, MUName, strlen(MUName)); HookThis_JMP(0x00A3A86EF, 0x00BAEEC5);//1.18.70 //0A31625F - 0F84 F6348CF6 je main.00BD975B //JE>>jmp HookThis_JMP(0x00BEAA7F, 0x0A327E33);//1.18.70 SetRange((LPVOID)0x0A327E38, 1, 0x90);//1.18.70 //00510FD3 E8 AEE1FFFF call main.0050F186 //0A2D539E 55 push ebp HookThis(0x0A317ED0, 0x0051087E); HookThis(0x0A317ED0, 0x00511238); HookThis(0x0A317ED0, 0x0051196A); HookThis(0x0A317ED0, 0x00511DB6); ////ERROR //setNumeric<BYTE>(0x00C36002, SJMP); //跳MU BYTE MU_JMP[] = { 0xEB,0x4B }; SetBuffer((LPVOID)0x005069DC, MU_JMP, sizeof(MU_JMP));//1.18.70 BYTE MU_JMP1[] = { 0xE9,0xBA,0x00,0x00,0x00,0x90 }; SetBuffer((LPVOID)0x00506E1E, MU_JMP1, sizeof(MU_JMP1));//1.18.70 //MuError Disable Enc Text SetRange((LPVOID)0x00D42114, 32, 0x90);//1.18.70 //跳GG Disable redirect gg start BYTE GG_JMP[] = { 0xE9,0x88,0x00,0x00,0x00,0x90 }; SetBuffer((LPVOID)0x00507524, GG_JMP, sizeof(GG_JMP));//1.18.70 BYTE GG_JMP1[] = { 0xEB,0x19 }; SetBuffer((LPVOID)0x005074E1, GG_JMP1, sizeof(GG_JMP1));//1.18.70 //Remove GameGuard setNumeric<BYTE>(0x0050CFD2, SJMP);//1.18.70 setNumeric<BYTE>(0x00CC296F, SJMP);//1.18.70 setNumeric<BYTE>(0x00CC2AA8, SJMP);//1.18.70 //中文 setNumeric<BYTE>(0x015964E0, 0x86);//1.18.70 //创建中文角色 SetRange((LPVOID)0x00460DE2, 13,0x90); SetByte(0x004BC12C, 0xEB); SetByte(0x00AD5F93, 0xEB); SetByte(0x00AD5F94, 0x43); SetByte(0x00B100D2, 0xEB); ////二次加密跳过 SetRange((LPVOID)0x00C7B11C, 2, 0x90);//1.18.70 //加速 //setNumeric<BYTE>(0x00512F62 + 1, 1);//1.18.70 //setNumeric<BYTE>(0x00512F8A + 3, 1);//1.18.70 //NPC //setNumeric<BYTE>(0x00BFAB9B+1, 0x35);//1.18.70 //跳ItemtooltipBmd setNumeric<BYTE>(0x0085216E, 0xEB);//1.18.70 //跳itemsetoptiontext setNumeric<BYTE>(0x00529b6c, 0xEB);//1.18.70 //masterskillTooltip setNumeric<BYTE>(0x00b02eb5, 0xEB);//1.18.70 //SkillToolTipText BYTE SKILL_JMP[] = { 0xE9,0xAD,0x00,0x00,0x00,0x90 }; SetBuffer((LPVOID)0x00CCA2F8, SKILL_JMP, sizeof(SKILL_JMP));//1.18.70 char ip[256] = { '\0' }; int Prot; char path[256] = { '\0' }; GetModuleFileName(NULL, ip, MAX_PATH); int nSize = strlen(ip); do { if (ip[nSize] == '\\') { ip[nSize + 1] = '\0'; break; } nSize--; } while (nSize != 0); wsprintfA(path, "%s\\%s", ip, "config.ini"); GetPrivateProfileStringA("LOGIN", "IpAddress", "127.0.0.1", ip, 256, ".\\config.ini"); //sscanf("qiji.mpc.cn","%s", ip); CopyMemory((LPVOID)0x01596520, ip, strlen(ip) + 1);//1.18.70 Prot = GetPrivateProfileInt("LOGIN", "Port", 44405, ".\\config.ini"); setNumeric<int>(0x01595A54, Prot);//1.18.70 char MainVersion[6] = "23446"; char *Version = (char*)(0x0159F3C8);//1.18.70 memset(Version, 0, 6); memcpy(Version, MainVersion, strlen(MainVersion)); char MainSerial[17] = "fughy683dfu7teqg"; char *SERIAL = (char*)(0x0159F3C8 + 8);//1.18.70 memset(SERIAL, 0, 17); memcpy(SERIAL, MainSerial, strlen(MainSerial)); //HookThis_JMP((DWORD)&MyMultiByte, 0x0051e968); // S13 //HookThis_JMP((DWORD)&MyMultiByte1, 0x0051E9A8); // S13 //HookThis_JMP((DWORD)&MyWideChar, 0x00A34ADD); // S12 //HookThis_JMP((DWORD)&MyWideChar1, 0x00A34B0E); // S12 //SetRange((LPVOID)0x0A2DA30A, 9, 0x90); //HookThis_JMP((DWORD)&MySendp, 0x0A2DA30A); } void __declspec(naked) MySendp() { //0A2DA30A 8B45 08 mov eax, dword ptr ss : [ebp + 0x8] // 0A2DA30D 8985 F8FAFFFF mov dword ptr ss : [ebp - 0x508], eax // 0A2DA313 81BD F8FAFFFF F>cmp dword ptr ss : [ebp - 0x508], 0xFD static DWORD MyJmp = 0x0A2DA313; __asm { mov eax, dword ptr ss : [ebp + 0x0C]; push eax; call gLog; mov eax, dword ptr ss : [ebp + 0x8]; mov dword ptr ss : [ebp - 0x508], eax; jmp[MyJmp]; } } void gLog(BYTE * pMsg) { BYTE iLen; switch (pMsg[0]) { case 0xC1: iLen = pMsg[1]; break; case 0xC2: iLen = pMsg[2]; default: break; } char buff[_MAX_PATH] = { 0 }; _getcwd(buff, sizeof(buff)); strcat(buff, "\\Send.txt"); std::ofstream ofs(buff, std::ios::app);//建立ofstream对像。 ofs << std::hex; for (int i = 0; i<iLen; i++) { ofs << "0x" << (static_cast<short>(pMsg[i]) & 0xff) << " "; } ofs << "\r\n"; ofs.close(); return; } void __declspec(naked)MyWideChar() { static DWORD MyAddr = 0x3A8; static DWORD MyJmp = 0x00A34AE5; __asm { push MyAddr; call WideCharToMultiByte; jmp[MyJmp]; } } void __declspec(naked)MyWideChar1() { static DWORD MyAddr = 0x3A8; static DWORD MyJmp = 0x00A34B16; __asm { push MyAddr; call WideCharToMultiByte; jmp[MyJmp]; } } void __declspec(naked)MyMultiByte() { static DWORD MyAddr = 0x3A8; static DWORD MyJmp = 0x0051e973; __asm { push eax; push 0; push MyAddr call dword ptr ds : [0x137E210]; jmp[MyJmp]; } } void __declspec(naked)MyMultiByte1() { static DWORD MyAddr = 0x3A8; static DWORD MyJmp = 0x0051E9B3; __asm { push eax; push 0; push MyAddr; call dword ptr ds : [0x137E210]; jmp[MyJmp]; } } // ------------------------------------------------------------------------------- void __declspec(naked) muSendPacket(BYTE* buff, int len) { __asm { PUSH EBP; MOV EBP, ESP; MOV EAX, len; PUSH EAX; PUSH buff; MOV ECX, DWORD PTR DS : [MU_SENDER_CLASS]; MOV EDX, MU_SEND_PACKET; CALL EDX; MOV ESP, EBP; POP EBP; RETN; } } void SendPacket(BYTE* lpMsg, DWORD size, int enc, int unk1) { //if (lpMsg[2] == 0x0E || lpMsg[2] == 0x03 || lpMsg[2] == 0x19 || lpMsg[2] == 0x32) //{ // lpMsg[0] = 0xC3; //} static BYTE send[8192]; memcpy(send, lpMsg, size); if (enc) { if (lpMsg[0] == 0xC1) { BYTE save = lpMsg[1]; lpMsg[1] = (*(BYTE*)(MAIN_PACKET_SERIAL))++; size = gPacketManager.Encrypt(&send[2], &lpMsg[1], (size - 1)) + 2; lpMsg[1] = save; send[0] = 0xC3; send[1] = size; } else if (lpMsg[0] == 0xC2) { BYTE save = lpMsg[2]; lpMsg[2] = (*(BYTE*)(MAIN_PACKET_SERIAL))++; size = gPacketManager.Encrypt(&send[3], &lpMsg[2], (size - 2)) + 3; lpMsg[2] = save; send[0] = 0xC4; send[1] = HIBYTE(size); send[2] = LOBYTE(size); } } muSendPacket(send, size); } void ParsePacket(void* PackStream, int unk1, int unk2) { BYTE* buff; while (true) { __asm { MOV ECX, PackStream; MOV EDX, PARSE_PACKET_STREAM; CALL EDX; MOV buff, EAX; } if (!buff) break; BYTE DecBuff[7024]; unsigned int DecSize; int proto; int size; int enc; switch (buff[0]) { case 0xC1: proto = buff[2]; size = buff[1]; enc = 0; break; case 0xC2: proto = buff[3]; size = *(WORD*)&buff[1]; enc = 0; break; case 0xC3: enc = 1; size = buff[1]; DecSize = gPacketManager.Decrypt(&DecBuff[1], &buff[2], size - 2); DecBuff[0] = 0xC1; DecBuff[1] = DecSize + 2; size = DecSize + 2; buff = DecBuff; proto = DecBuff[2]; break; case 0xC4: enc = 1; size = MAKEWORD(buff[2], buff[1]); DecSize = gPacketManager.Decrypt(&DecBuff[2], &buff[3], size - 3); DecBuff[0] = 0xC2; DecBuff[2] = LOBYTE(DecSize + 3); DecBuff[1] = HIBYTE(DecSize + 3); size = DecSize + 3; buff = DecBuff; proto = buff[3]; break; } if (unk1 == 1) { typedef int(*tProtocolCore2)(int, int, BYTE*, int, int); tProtocolCore2 ProtocolCore2 = (tProtocolCore2)PROTOCOL_CORE1; ProtocolCore2(unk2, proto, buff, size, enc); } else { typedef int(*tProtocolCore)(int, BYTE*, int, int); tProtocolCore ProtocolCore = (tProtocolCore)PROTOCOL_CORE2; bool bUseClientProtocolCore = CliProtocolCore(buff, proto, size, enc); // DLL protocolcore if (bUseClientProtocolCore) { ProtocolCore(proto, buff, size, enc); // Main.exe protocolcore } } } }
They got your PC. RIP !I don't know where your source code comes from.
I only have this link
You must be registered to see links提取码: 8nwb
- - - Updated - - -
Encryption and decryption use XTeam, Protrcol uses IGC
Can you share your HookManager? need methods like GetBuffer,setNumeric,HookThis_JMP and other
Plz, share full server and client, thanksWell i have made some progress.
Xteam Client source Copy
Xteam Client source Copy
Is it equally effective?X-Team client dont have it. I found it in IGCN sources.
Some progress:
no way. IGCN dont use this client.How to get IGCN client 1.18.70 sources
Well i have made some progress.