論壇 › 舊代碼存放區(TWMS) › TWMS 201 Hook Recv Packet

祤痕 發表於 2017-10-6 20:10:10

TWMS 201 Hook Recv Packet

本帖最後由 祤痕 於 2017-10-6 20:11 編輯


// TWMS 201 Hook Recv Packet
// Author : t4si
// Blog : https://blog.tasi.tw
Alloc(InterlockedIncrementHook, 256)
Label(HookESP)
Alloc(HookRecv, 512)
Label(GetPacket)
Label(Lab1)
Label(Lab2)
RegisterSymbol(HookRecv)
RegisterSymbol(pPacket)
RegisterSymbol(nPcket)
Alloc(pPacket, 4)
Alloc(nPcket, 4)

InterlockedIncrementHook:
cmp , 006AA7D7
je HookESP
cmp , 006AA7EE
je HookESP
cmp , 006AA7FD
je HookESP
jmp InterlockedIncrement
HookESP:
Mov ,HookRecv
jmp InterlockedIncrement


HookRecv:
mov ,eax
push 00
mov ecx,
call 00B33BE0
test eax,eax
je Lab1
mov ecx,
add ecx,40
call 00B34C80
Lab1:
cmp dword ptr ,00
jle Lab2
cmp dword ptr ,00
jg Lab2
mov eax,
mov ecx,
push ecx
mov ecx,
add ecx,68
call 00B34650
movzx edx,ax
cmp edx,0000FF36
je Lab3
jmp 00B2F78A // Skip
Lab3: // 00B2F799
mov ecx,
add ecx,68
call 00B347B0
cmp eax,00040000
jna Lab2
jmp 00B2F7AB // Skip
Lab2: // 00B2F7B7
cmp dword ptr ,02
jne 00B2F823 // back Loop
mov eax,
add eax,68
push eax
lea ecx,
call 006AA570   // CInPacket::CInPacket
mov ,00000000
mov ecx,
push ecx
mov edx,
mov eax,
push eax
lea ecx,
call 006AA820 // CInPacket::DecryptData
lea ecx,
call GetPacket
jmp 00B2F7E9 // Skipped

GetPacket:
push esi
mov esi,
add esi, 4 // packet data
mov , esi
mov esi,
sub esi, 4
mov , esi
pop esi
jmp 00B2F7E9

02A0B158:
DD InterlockedIncrementHook

02A0B158:
DD InterlockedIncrement
Dealloc(InterlockedIncrementHook)
Dealloc(HookRecv)
Dealloc(pPacket)
Dealloc(nPacket)Screenshot :

cool8892187 發表於 2017-10-6 20:23:29

請問這個的功能是?

Anonymous 發表於 2017-10-6 20:36:17

cool8892187 發表於 2017-10-6 20:23
請問這個的功能是?

收封包

tusbasa002 發表於 2017-10-12 17:32:34

請問樓主有收包那有發包的嗎?

7802398 發表於 2017-10-12 20:37:22

丟ce使用嗎@@?
能用在私服嗎xDDD????
雖然我不會修封包....

prt 發表於 2017-10-19 10:32:18

大大

// TwMS 202.1 Hook Recv Packet
// Author : t4si
// Blog : https://blog.tasi.tw
Alloc(InterlockedIncrementHook, 256)
Label(HookESP)
Alloc(HookRecv, 512)
Label(GetPacket)
Label(Lab1)
Label(Lab2)
RegisterSymbol(HookRecv)
RegisterSymbol(pPacket)
RegisterSymbol(nPcket)
Alloc(pPacket, 4)
Alloc(nPcket, 4)

InterlockedIncrementHook:
cmp , 006AA957
je HookESP
cmp , 006AA96E
je HookESP
cmp , 006AA97D
je HookESP
jmp InterlockedIncrement
HookESP:
Mov ,HookRecv
jmp InterlockedIncrement


HookRecv:
mov ,eax
push 00
mov ecx,
call 00B33520
test eax,eax
je Lab1
mov ecx,
add ecx,40
call 00B345F0
Lab1:
cmp dword ptr ,00
jle Lab2
cmp dword ptr ,00
jg Lab2
mov eax,
mov ecx,
push ecx
mov ecx,
add ecx,68
call 00B33F90
movzx edx,ax
cmp edx,0000FF35
je Lab3
jmp 00B2F0DA // Skip
Lab3: // 00B2F0E9
mov ecx,
add ecx,68
call 00B340F0
cmp eax,00040000
jna Lab2
jmp 00B2F0FB // Skip
Lab2: // 00B2F107
cmp dword ptr ,02
jne 00B2F173 // back Loop
mov eax,
add eax,68
push eax
lea ecx,
call 006AA570   // CInPacket::CInPacket
mov ,00000000
mov ecx,
push ecx
mov edx,
mov eax,
push eax
lea ecx,
call 006AA9A0 // CInPacket::DecryptData
lea ecx,
call GetPacket
jmp 00B2F139 // Skipped

GetPacket:
push esi
mov esi,
add esi, 4 // packet data
mov , esi
mov esi,
sub esi, 4
mov , esi
pop esi
jmp 00B2F139

02A0F158:
DD InterlockedIncrementHook

02A0F158:
DD InterlockedIncrement
Dealloc(InterlockedIncrementHook)
Dealloc(HookRecv)
Dealloc(pPacket)
Dealloc(nPacket) 我不確定我這樣更新隊ㄟ  我不道怎麼測是@@

查看完整版本: TWMS 201 Hook Recv Packet