One more question when I open tibia.exe with olly and find address it got base 0x400000 or random aslr base? yes I got aslr on
One more question when I open tibia.exe with olly and find address it got base 0x400000 or random aslr base? yes I got aslr on
This is dll code, and this is plication code:Code:#include <windows.h> #include <winsock.h> #include <string> #pragma comment(lib,"ws2_32.lib") #include <Psapi.h> #pragma comment( lib, "psapi" ) using namespace std; HANDLE hFile; DWORD baseAddress = 0; DWORD GetModuleBase(HANDLE hProc, string &sModuleName) { HMODULE hModules[1024]; char szBuf[50]; DWORD cbNeeded; DWORD dwBase = -1; if(EnumProcessModules(hProc, hModules, sizeof(hModules), &cbNeeded)) { for(DWORD i = 0; i < (cbNeeded/sizeof(HMODULE)); i++) { if(GetModuleBaseName(hProc, hModules[i],szBuf, sizeof(szBuf))) { if(sModuleName.compare(szBuf) == 0) { dwBase = (DWORD)hModules[i]; break; } } } } return dwBase; } int __stdcall MyRecv(SOCKET s, char* buf, int len, int flags) { int bytes = recv(s, buf, len, flags); if (bytes > 0) { DWORD written; WriteFile(hFile,buf,bytes,&written,NULL); } return bytes; } void Initialize() { HWND tibiaWindow; HANDLE hProcess; tibiaWindow = FindWindow("TibiaClient", NULL); DWORD PID; GetWindowThreadProcessId(tibiaWindow, &PID ); hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID); string name = "Tibia.exe"; baseAddress = GetModuleBase(hProcess, name); DWORD dwOldProtect, dwNewProtect, funcAddress, origAddress; funcAddress = (DWORD)&MyRecv; origAddress = (DWORD)((int*)0x357994+baseAddress); //recv pointer VirtualProtect((LPVOID)origAddress, 4, PAGE_READWRITE, &dwOldProtect); memcpy((LPVOID)origAddress, &funcAddress, 4); VirtualProtect((LPVOID)origAddress, 4, dwOldProtect, &dwNewProtect); hFile = CreateFile("C:\\tibia recv.bin",GENERIC_WRITE,FILE_SHARE_READ,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL); } void Uninitialize() { CloseHandle(hFile); } BOOL APIENTRY DllMain( HMODULE hModule,DWORD ul_reason_for_call,LPVOID lpReserved) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: MessageBox(NULL, "dll loaded","",MB_OKCANCEL); Initialize(); break; case DLL_PROCESS_DETACH: Uninitialize(); break; } return TRUE; }and the stream deast go to file, and i don't know why.Code:#include <windows.h> #include <psapi.h> #pragma comment(lib,"psapi.lib") void InjectDLL(HANDLE hProc) { const char DLLname[] = "mydll.dll"; DWORD MemorySize = sizeof(DLLname)+1; void* memory = VirtualAllocEx(hProc,NULL,MemorySize,MEM_COMMIT | MEM_RESERVE,PAGE_READWRITE); SIZE_T wrtn; WriteProcessMemory(hProc,memory,DLLname,MemorySize,&wrtn); DWORD ThreadID; HANDLE thread = CreateRemoteThread(hProc,NULL,0,(LPTHREAD_START_ROUTINE)LoadLibrary,memory,0,&ThreadID); WaitForSingleObject(thread,INFINITE); CloseHandle(thread); VirtualFreeEx(hProc,memory,0,MEM_RELEASE); } int main() { const DWORD ProcessIDMaxSize = 1000; DWORD ProcessID[ProcessIDMaxSize]; DWORD ProcessesCount; EnumProcesses(ProcessID,ProcessIDMaxSize,&ProcessesCount); ProcessesCount /= sizeof(DWORD); DWORD i = 0; for(; i < ProcessesCount; i++) if(ProcessID[i]) { HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, ProcessID[i]); if(hProc) { const DWORD StrSize = 256; char str[StrSize]; GetModuleBaseName(hProc,NULL,str,StrSize); if(!memcmp(str,"Tibia.exe",9)) { InjectDLL(hProc); CloseHandle(hProc); return 0; } CloseHandle(hProc); } } if(i == ProcessesCount) MessageBox(0,"Cant find \"Tibia.exe\"",0,0); return 0; }
Yes don't blame me it's not my code but i wan't to learn smth
I am getting informations but smth like that "ദ냿쩵規蛼슰䀜騄哥㦀䲫뺅ഊ꽔쩵規蛼슰䀜騄" I can't read Chinease. I developed the codeI wan't it to hex, is there some kind of crypting?Code:#include <winsock.h> #include <string> #pragma comment(lib,"ws2_32.lib") #include <Psapi.h> #pragma comment( lib, "psapi" ) using namespace std; HANDLE hFile; DWORD baseAddress = 0; DWORD recvaddress = 0x357994; DWORD GetModuleBase(HANDLE hProc, string &sModuleName) { HMODULE hModules[1024]; char szBuf[50]; DWORD cbNeeded; DWORD dwBase = -1; if(EnumProcessModules(hProc, hModules, sizeof(hModules), &cbNeeded)) { for(DWORD i = 0; i < (cbNeeded/sizeof(HMODULE)); i++) { if(GetModuleBaseName(hProc, hModules[i],szBuf, sizeof(szBuf))) { if(sModuleName.compare(szBuf) == 0) { dwBase = (DWORD)hModules[i]; break; } } } } return dwBase; } DWORD Rebase(DWORD address) { HWND tibiaWindow; HANDLE hProcess; tibiaWindow = FindWindow("TibiaClient", NULL); DWORD PID; GetWindowThreadProcessId(tibiaWindow, &PID ); hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID); string name = "Tibia.exe"; DWORD rebase = GetModuleBase(hProcess, name); address+=rebase; MessageBoxA(NULL, "rebase","",MB_OKCANCEL); return address; } int __stdcall MyRecv(SOCKET s, char* buf, int len, int flags) { int bytes = recv(s, buf, len, flags); if (bytes > 0) { DWORD written; WriteFile(hFile,buf,bytes,&written,NULL); } return bytes; } void Initialize() { recvaddress = Rebase(recvaddress); DWORD dwOldProtect, dwNewProtect, funcAddress, origAddress; funcAddress = (DWORD)&MyRecv; origAddress = (DWORD)recvaddress; //recv pointer VirtualProtect((LPVOID)origAddress, 4, PAGE_READWRITE, &dwOldProtect); memcpy((LPVOID)origAddress, &funcAddress, 4); VirtualProtect((LPVOID)origAddress, 4, dwOldProtect, &dwNewProtect); hFile = CreateFile("C:\\tibia recv.txt",GENERIC_WRITE,FILE_SHARE_READ,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL); } void Uninitialize() { CloseHandle(hFile); } BOOL APIENTRY DllMain( HMODULE hModule,DWORD ul_reason_for_call,LPVOID lpReserved) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: MessageBox(NULL, "dll loaded","",MB_OKCANCEL); Initialize(); break; case DLL_PROCESS_DETACH: Uninitialize(); break; } return TRUE; }
Atleast I'm getting something ;] better than nothing.
Assuming you are reading the correct data, if you want to write it as hex you can do:
All with the using namespace std; at top.Code:int __stdcall MyRecv(SOCKET s, char* buf, int len, int flags) { int bytes = recv(s, buf, len, flags); ofstream myfile; myfile.open ("example.txt"); for(int i = 0; i < bytes; i++) { myfile << (BYTE)buf[i] << hex << ", "; } myfile.close(); return bytes; }
And #include <fstream>
thanks bro
if its printing chars instead of numbers try casting it to int instead of byte
this is what im getting from:Code:, , ř, , &, >, J, ľ, , K, U, , , *, Č, Č, o, , 0, >, Ď, , , , Ż, , ę, j, Ţ, , , ă, , , ŕ, t, Š, J, ű, ť, ő, r, D, ć, /n, , š, , ,, , |, , , , , Q, , đ, /n, , , , , T, „, d, Ľ, Y, , , , ő, Ń, Ć, , ř, y, ž, , , /n, , w, , q, , ř, Ő, ,, $, ˝, ›, , , e, U, ř, G, Ż, R, T, Ř, y, +, , 3, O, $, m, , /n , , , , *, , ţ, Ś, `, Ż, ń, o, , ű, /n , , ^, , , 0, J, ľ, , K, U, , , *, #, , Z, O, &, , e, , /n <, , , , ‰, , #, , A, T, K, –, 4, v, 6, j, X, #, ş, —, , , , ě, , :, w, ţ, *, ŕ, I, ‚, z, ˙, `, *, , /, ž, q, 7, ], , ľ, , , , , ›, y, , R, ˙, V, , g, ŕ, 6, , ˘, \, ą, /n , , p, , , ;, “, ), ş, Y, , , p, ™, Ń, Ć, , ř, y, ž, , , /n , , ř, , &, >, J, ľ, , K, U, , , *, Č, Č, o, , 0, >, Ď, , /n , , y, , ĺ, , ř, Ő, ,, $, ˝, ›, , , e, U, ř, G, Ż, R, T, Ř, , , , , ?, [, Ě, , /n , , b, , W, K, „, d, Ľ, Y, , , , ő, ', _, U, ™, &, Ž, ž, ], /nnow I want learn how to send packets thats my char move to the right, what i should search for?Code:int __stdcall MyRecv(SOCKET s, char* buf, int len, int flags) { int bytes = recv(s, buf, len, flags); if (bytes > 0) { ofstream myfile("D://example.txt",ios::app); for(int i = 0; i < bytes; i++) { myfile << (BYTE)buf[i] << hex << ", "; } myfile << "/n"; myfile.close(); // DWORD written; //WriteFile(hFile,buf,bytes,&written,NULL); } return bytes; }
Cast to DWORD or int or something numeric if you want output as integers. Remember BYTE is just unsigned charCode:myfile << (BYTE)buf[i] << hex << ", ";
casting to int:Code:84, 1, ffffffb5, ffffffaf, 15, 5f, ffffff93, fffffffe, ffffffa7, 8, 6c, ffffffe1, ffffffdc, 7a, ffffff99, ffffff92, ffffffaf, ffffffea, ffffff9d, 40, ffffffff, fffffffb, ffffffff, ffffffc9, 11, ffffffca, ffffffdd, fffffff4, 29, 33, ffffff82, 4a, ffffff94, 1, 49, 7c, 30, fffffff1, ffffffd4, 53, ffffffc5, ffffff82, ffffff98, ffffffc7, ffffffb4, 33, 42, 10, 6b, e, ffffffb0, ffffffd9, ffffff98, ffffffef, 26, 0, ffffffb2, fffffff9, ffffffe5, 2d, 42, ffffffe8, ffffff8e, 5a, 68, ffffff93, ffffffad, fffffffb, 48, 8, fffffff9, 53, ffffffe4, d, ffffff87, 8, 0, ffffffba, 6b, 62, ffffffae, ffffffd6, 10, ffffff95, ffffffea, 3a, 46, 5c, 48, ffffffd6, 3c, 79, ffffffc5, ffffffb3, 7e, 4a, 35, 7e, ffffff88, ffffffc7, ffffff9c, ffffff91, ffffffc4, ffffff83, 9, ffffffad, 10, 4f, 19, ffffffd2, ffffffff, ffffffc9, 11, ffffffca, ffffffdd, fffffff4, 29, 33, ffffffdd, 3c, ffffffe8, ffffffde, 51, ffffffb6, ffffffe3, ffffff90, ffffffd4, 53, ffffffc5, ffffff82, ffffff98, ffffffc7, ffffffb4, 33, ffffffae, ffffffe1, ffffff92, 75, fffffffc, fffffff0, ffffff88, ffffff9e, ffffff82, 3d, 52, 42, ffffffbb, d, ffffffd5, 8, ffffff96, 7d, ffffffea, 69, 35, 72, 10, 26, fffffff9, 53, ffffffe4, d, ffffff87, 8, 0, ffffffba, 6b, 62, ffffffae, ffffffd6, 10, ffffff95, ffffffea, 3a, 7f, 4, 78, 52, fffffff2, ffffffa4, 5e, 68, ffffff87, 53, fffffff1, ffffffae, ffffffe1, ffffff99, 17, ffffffcf, 1d, 32, ffffffcc, fffffff8, 66, ffffffbe, ffffffed, ffffff8b, ffffffd4, 53, ffffffc5, ffffff82, ffffff98, ffffffc7, ffffffb4, 33, ffffff96, 7d, ffffffea, 69, 35, 72, 10, 26, ffffffb8, 16, ffffff9f, ffffffd2, c, ffffffe1, 15, 6d, ffffffd4, 53, ffffffc5, ffffff82, ffffff98, ffffffc7, ffffffb4, 33, ffffff96, 7d, ffffffea, 69, 35, 72, 10, 26, fffffff9, 53, ffffffe4, d, ffffff87, 8, 0, ffffffba, 28, fffffff3, 9, 19, 27, ffffffda, 5e, 2b, ffffffbe, 38, ffffff81, fffffffa, 15, 36, 56, ffffffc7, 77, ffffffc0, ffffffab, ffffff98, 3e, ffffffaf, ffffffb6, 59, ffffffe5, ffffffb2, ffffffcc, ffffffa5, ffffffe4, ffffff88, ffffffdf, 5b, 2f, ffffffe1, ffffffef, ffffff97, ffffff9b, 7b, 14, ffffffa5, ffffffca, ffffff8a, ffffffa9, 18, ffffffeb, ffffffcb, 7c, ffffffbe, 6d, 3e, ffffffde, 1a, 69, ffffff99, ffffffe1, 47, 7e, 2e, ffffffda, 6e, 21, fffffff1, 27, 52, 7a, fffffff3, ffffffe4, fffffffd, ffffff85, ffffffab, ffffffe2, ffffffa6, 38, 2d, 5b, ffffffd2, 4f, ffffffb4, 20, 36, ffffffb5, 73, 4c, 3, ffffff90, ffffff8e, fffffff4, 11, ffffff9d, 65, ffffffb2, ffffffda, ffffff90, ffffffce, 5b, ffffffde, /n 20, 0, ffffffc3, 7, fffffffd, 3c, 6f, d, ffffffc9, 7b, 78, 76, 62, b, 5d, 7e, ffffffda, ffffffa3, ffffffcf, ffffff8e, ffffff97, 5b, /n 60, 1, ffffffb9, ffffffa2, 70, ffffff82, 3a, ffffffc8, ffffffb5, 18, 29, ffffff99, ffffff88, 26, ffffffa6, ffffff8b, ffffffbb, ffffffe0, 7e, ffffff97, 7d, 5, 46, 5c, 48, ffffffd6, 3c, 79, ffffffc5, ffffffb3, 7e, 4a, 35, 7e, ffffff88, ffffffc7, ffffff9c, ffffff91, 1d, 32, ffffffcc, fffffff8, 66, ffffffbe, ffffffed, ffffff8b, ffffffd4, 53, ffffffc5, ffffff82, ffffff98, ffffffc7, ffffffb4, 33, ffffffb9, ffffffcd, 12, 10, ffffffd4, ffffff8e, 13, 32, 1d, 32, ffffffcc, fffffff8, 66, ffffffbe, ffffffed, ffffff8b, ffffffd4, 53, ffffffc5, ffffff82, ffffff98, ffffffc7, ffffffb4, 33, 5c, ffffffe4, 12, ffffffa2, ffffffb3, 27, ffffffd1, 3c, 1d, 32, ffffffcc, fffffff8, 66, ffffffbe, ffffffed, ffffff8b, ffffffd4, 53, ffffffc5, ffffff82, ffffff98, ffffffc7, ffffffb4, 33, ffffff96, 7d, ffffffea, 69, 35, 72, 10, 26, ffffff96, fffffff9, 5c, ffffff95, 10, ffffff85, 49, ffffffa9, ffffffb0, ffffffb6, 36, 40, 9, 72, ffffffb0, ffffffc0, ffffff86, 3a, 62, fffffff3, 21, 72, ffffffff, 72, 1d, 32, ffffffcc, fffffff8, 66, ffffffbe, ffffffed, ffffff8b, ffffffd4, 53, ffffffc5, ffffff82, ffffff98, ffffffc7, ffffffb4, 33, ffffffe5, a, ffffffb2, 76, ffffffd6, ffffff88, ffffffca, 65, 36, 42, ffffffd0, 77, 12, 74, fffffffb, 25, ffffffd4, 53, ffffffc5, ffffff82, ffffff98, ffffffc7, ffffffb4, 33, ffffff96, 7d, ffffffea, 69, 35, 72, 10, 26, fffffff9, 53, ffffffe4, d, ffffff87, 8, 0, ffffffba, ffffffc1, 5f, ffffffdc, 54, ffffffd0, 48, ffffffab, ffffffcd, ffffff96, 7d, ffffffea, 69, 35, 72, 10, 26, fffffff9, 53, ffffffe4, d, ffffff87, 8, 0, ffffffba, 6b, 62, ffffffae, ffffffd6, 10, ffffff95, ffffffea, 3a, 22, ffffffc5, ffffffde, ffffffad, 66, ffffffe0, ffffffd0, ffffffb3, ffffffb6, ffffffd8, 2c, ffffffcd, 2e, fffffff1, 3d, 4e, ffffffe5, ffffffb2, ffffffcc, ffffffa5, ffffffe4, ffffff88, ffffffdf, 5b, 2f, ffffffe1, ffffffef, ffffff97, ffffff9b, 7b, 14, ffffffa5, ffffffca, ffffff8a, ffffffa9, 18, ffffffeb, ffffffcb, 7c, ffffffbe, 6d, 3e, ffffffde, 1a, 69, ffffff99, ffffffe1, 47, 7e, 2e, ffffffda, 6e, 21, fffffff1, 27, 52, 7a, fffffff3, ffffffe4, fffffffd, ffffff85, ffffffab, ffffffe2, ffffffa6, 77, ffffffc0, ffffffab, ffffff98, 3e, ffffffaf, ffffffb6, 59, 35, 3a, ffffffd8, 12, 18, 43, 56, ffffff93, 43, ffffffa8, ffffffab, ffffff9b, ffffff89, 77, b, ffffffaa, fffffffa, 54, ffffff96, 45, a, 56, ffffff8f, 22, /n 20, 0, 2a, 6, ffffff8c, 2c, 18, 29, ffffff8e, ffffff9a, 3d, 7, 20, d, ffffffbe, ffffffb7, ffffffc3, b, 37, ffffff95, ffffff8c, ffffffb4, /n 12, 0, 44, 3, 34, e, 3f, 1d, ffffffb7, ffffffbd, 34, 72, 7b, 52, /n