冰楓論壇
標題:
TWMS 201 Hook Recv Packet
[打印本頁]
作者:
祤痕
時間:
2017-10-6 20:10
標題:
TWMS 201 Hook Recv Packet
本帖最後由 祤痕 於 2017-10-6 20:11 編輯
[ENABLE]
// TWMS 201 Hook Recv Packet
// Author : t4si
// Blog : https://blog.tasi.tw
Alloc(InterlockedIncrementHook, 256)
Label(HookESP)
Alloc(HookRecv, 512)
Label(GetPacket)
Label(Lab1)
Label(Lab2)
RegisterSymbol(HookRecv)
RegisterSymbol(pPacket)
RegisterSymbol(nPcket)
Alloc(pPacket, 4)
Alloc(nPcket, 4)
InterlockedIncrementHook:
cmp [esp], 006AA7D7
je HookESP
cmp [esp], 006AA7EE
je HookESP
cmp [esp], 006AA7FD
je HookESP
jmp InterlockedIncrement
HookESP:
Mov [Esp+1C],HookRecv
jmp InterlockedIncrement
HookRecv:
mov [ebp-28],eax
push 00
mov ecx,[ebp-24]
call 00B33BE0
test eax,eax
je Lab1
mov ecx,[ebp-14]
add ecx,40
call 00B34C80
Lab1:
cmp dword ptr [ebp-28],00
jle Lab2
cmp dword ptr [ebp-2C],00
jg Lab2
mov eax,[ebp-14]
mov ecx,[eax+00000090]
push ecx
mov ecx,[ebp-14]
add ecx,68
call 00B34650
movzx edx,ax
cmp edx,0000FF36
je Lab3
jmp 00B2F78A // Skip
Lab3: // 00B2F799
mov ecx,[ebp-14]
add ecx,68
call 00B347B0
cmp eax,00040000
jna Lab2
jmp 00B2F7AB // Skip
Lab2: // 00B2F7B7
cmp dword ptr [ebp-28],02
jne 00B2F823 // back Loop
mov eax,[ebp-14]
add eax,68
push eax
lea ecx,[ebp-48]
call 006AA570 // CInPacket::CInPacket
mov [ebp-04],00000000
mov ecx,[ebp-18]
push ecx
mov edx,[ebp-14]
mov eax,[edx+00000090]
push eax
lea ecx,[ebp-48]
call 006AA820 // CInPacket::DecryptData
lea ecx,[ebp-48]
call GetPacket
jmp 00B2F7E9 // Skipped
GetPacket:
push esi
mov esi, [ecx+8]
add esi, 4 // packet data
mov [pPacket], esi
mov esi, [ecx+c]
sub esi, 4
mov [nPcket], esi
pop esi
jmp 00B2F7E9
02A0B158:
DD InterlockedIncrementHook
[DISABLE]
02A0B158:
DD InterlockedIncrement
Dealloc(InterlockedIncrementHook)
Dealloc(HookRecv)
Dealloc(pPacket)
Dealloc(nPacket)
複製代碼
Screenshot :
2017-10-6 20:09 上傳
下載附件
(566.83 KB)
作者:
cool8892187
時間:
2017-10-6 20:23
請問這個的功能是?
作者:
匿名
時間:
2017-10-6 20:36
cool8892187 發表於 2017-10-6 20:23
請問這個的功能是?
收封包
作者:
tusbasa002
時間:
2017-10-12 17:32
請問樓主有收包那有發包的嗎?
作者:
7802398
時間:
2017-10-12 20:37
丟ce使用嗎@@?
能用在私服嗎xDDD????
雖然我不會修封包....
作者:
prt
時間:
2017-10-19 10:32
大大
[ENABLE]
// TwMS 202.1 Hook Recv Packet
// Author : t4si
// Blog :
https://blog.tasi.tw
Alloc(InterlockedIncrementHook, 256)
Label(HookESP)
Alloc(HookRecv, 512)
Label(GetPacket)
Label(Lab1)
Label(Lab2)
RegisterSymbol(HookRecv)
RegisterSymbol(pPacket)
RegisterSymbol(nPcket)
Alloc(pPacket, 4)
Alloc(nPcket, 4)
InterlockedIncrementHook:
cmp [esp], 006AA957
je HookESP
cmp [esp], 006AA96E
je HookESP
cmp [esp], 006AA97D
je HookESP
jmp InterlockedIncrement
HookESP:
Mov [Esp+1C],HookRecv
jmp InterlockedIncrement
HookRecv:
mov [ebp-28],eax
push 00
mov ecx,[ebp-24]
call 00B33520
test eax,eax
je Lab1
mov ecx,[ebp-14]
add ecx,40
call 00B345F0
Lab1:
cmp dword ptr [ebp-28],00
jle Lab2
cmp dword ptr [ebp-2C],00
jg Lab2
mov eax,[ebp-14]
mov ecx,[eax+00000090]
push ecx
mov ecx,[ebp-14]
add ecx,68
call 00B33F90
movzx edx,ax
cmp edx,0000FF35
je Lab3
jmp 00B2F0DA // Skip
Lab3: // 00B2F0E9
mov ecx,[ebp-14]
add ecx,68
call 00B340F0
cmp eax,00040000
jna Lab2
jmp 00B2F0FB // Skip
Lab2: // 00B2F107
cmp dword ptr [ebp-28],02
jne 00B2F173 // back Loop
mov eax,[ebp-14]
add eax,68
push eax
lea ecx,[ebp-48]
call 006AA570 // CInPacket::CInPacket
mov [ebp-04],00000000
mov ecx,[ebp-18]
push ecx
mov edx,[ebp-14]
mov eax,[edx+00000090]
push eax
lea ecx,[ebp-48]
call 006AA9A0 // CInPacket:
ecryptData
lea ecx,[ebp-48]
call GetPacket
jmp 00B2F139 // Skipped
GetPacket:
push esi
mov esi, [ecx+8]
add esi, 4 // packet data
mov [pPacket], esi
mov esi, [ecx+c]
sub esi, 4
mov [nPcket], esi
pop esi
jmp 00B2F139
02A0F158:
DD InterlockedIncrementHook
[DISABLE]
02A0F158:
DD InterlockedIncrement
Dealloc(InterlockedIncrementHook)
Dealloc(HookRecv)
Dealloc(pPacket)
Dealloc(nPacket) 我不確定我這樣更新隊ㄟ 我不道怎麼測是@@
歡迎光臨 冰楓論壇 (https://bingfong.com/)
Powered by 冰楓
ecryptData