Originally Posted by
Melody
No, that wasn't the one I meant. I couldn't find *dead*'s one, but here's one
from cameri. What comes to 2 kinds of proxies, they do divide into 2 seperate groups. The categories are , which is pretty simple way to get in middle of the packets. Second is , which is more complicated, yet more effective, and there's some pre-made libs for that so you don't have to mess with opcodes and so.
What comes to NG vs Blackd, right now NG is safer as it uses function hooking, which means it uses tibias own procedures, and therefore eliminates the possibility of sending fucked up packets. Yet IMO blackd remains a lot better, more customizable.
sockets proxy is the middleman between client and server(?)
and
hook proxy is sth, what's linked to client(?)
I love ng's hooking method. can be started whenever and there is not problem with that. blackd's one suxs. ;s
Originally Posted by
Melody
NG's more for people who have never heard of the term script.
I would say if there was no scripts in NG, there would not be so famous and good NG.
I love NG more since I realised that it has own scripting system based on delphi syntax <sup>[source needed]</sup>.
Edit
I think I need some help,
well, I have found recv function pointer
Code:
Tibia 8.50
Found intermodular calls, item 797
Address=00576147
Disassembly=CALL DWORD PTR DS:[<&WS2_32.#16>]
Destination=WS2_32.recv
But what to do next?
I have found interesting source [cpp]#include <windows.h>
#include <iostream>
FARPROC (WINAPI *GetProcAddressOriginal)(HMODULE hModule, LPCSTR lpProcName);
FARPROC __stdcall GetProcAddressHook(HMODULE hModule, LPCSTR lpProcName);
int (WINAPI *osend)(SOCKET s, const char *buf, int len, int flags);
int __stdcall gsend(SOCKET s, const char *buf, int len, int flags);
int (WINAPI *orecv)(SOCKET s, const char *buf, int len, int flags);
int __stdcall grecv(SOCKET s, const char *buf, int len, int flags);
FARPROC __stdcall GetProcAddressHook(HMODULE hModule, LPCSTR lpProcName)
{
FARPROC ret = GetProcAddressOriginal(hModule, lpProcName);
if(HIWORD(lpProcName))
{
printf("%s Detected!\n", lpProcName);
if(!strcmp(lpProcName, "GetProcAddress"))
{
printf("%s Hooked!\n", lpProcName);
return (FARPROC)GetProcAddressHook;
}
}
return ret;
}
int __stdcall gsend(SOCKET s, const char *buf, int len, int flags)
{
int ret = osend(s, buf, len, flags);
printf("Send: %s\n", buf);
return ret;
}
int __stdcall grecv(SOCKET s, const char *buf, int len, int flags)
{
int ret = orecv(s, buf, len, flags);
printf("Recv: %s\n", buf);
return ret;
}
void HookFuncs()
{
FARPROC sendproc = GetProcAddress(GetModuleHandle("WS2_32.DLL"), (const char *)19);
FARPROC recvproc = GetProcAddress(GetModuleHandle("WS2_32.DLL"), (const char *)16);
HookFunction(GetModuleHandle(0), (DWORD)GetProcAddress, (DWORD)GetProcAddressHook, (void **)&GetProcAddressOriginal);
HookFunction(GetModuleHandle(0), (DWORD)sendproc, (DWORD)gsend, (void **)&osend);
HookFunction(GetModuleHandle(0), (DWORD)recvproc, (DWORD)grecv, (void **)&orecv);
}
bool WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID _Reserved)
{
switch(dwReason)
{
case DLL_PROCESS_ATTACH:
printf("Hooking DLL Loaded\n");
HookFuncs();
return true;
break;
case DLL_THREAD_ATTACH:
break;
case DLL_PROCESS_DETACH:
printf("Hooking DLL Unloaded\n");
break;
case DLL_THREAD_DETACH:
break;
}
return true;
}
[/cpp]
I wonder what should be HookFunction()?
Are there any examples of using winsocket receive function on this forum?
For keyword winsocket there is only one result, about xtea.
Reply With Quote
