Join VipMods site Today!

"Its' free and it takes less than 1 minute!"

Announcement

Collapse
No announcement yet.

Crossfire S2S Logger

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Crossfire S2S Logger

    If i logging the packet how i know what packet make what?

    Code:
    #include <Windows.h>
    #include <iostream>
    #include <string>
    #include <sstream>
    #include <fstream>
    
    #pragma warning( disable: 4996 )
    
    using namespace std;
    ofstream outfile;
    
    #define dir_log "C:\\STS_LOG.txt" 
    
    void logz(const char *fmt, ...) 
    {
    	outfile.open(dir_log, ios::app);
    	va_list va_alist;
    	char buffer[512] = {0};
    	va_start( va_alist, fmt );
    	vsnprintf(buffer+strlen(buffer), sizeof(buffer) - strlen(buffer), fmt, va_alist );
    	va_end( va_alist );
    	outfile << buffer;
    	outfile.close();
    
    	return;
    }
    bool bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
    {
    	for(;*szMask;++szMask,++pData,++bMask)
    		if(*szMask=='x' && *pData!=*bMask)  
    			return 0;
    	return (*szMask) == NULL;
    }
    
    DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
    {
    	for(DWORD i=0; i<dwLen; i++)
    		if (bCompare((BYTE*)(dwAddress+i),bMask,szMask))  
    			return (DWORD)(dwAddress+i);
    	return 0;
    }
    void *DetourFunction (BYTE *src, const BYTE *dst, const int len)
    {
        BYTE *jmp;
        DWORD dwback;
        DWORD jumpto, newjump;
    
        VirtualProtect(src,len,PAGE_READWRITE,&dwback);
        
        if(src[0] == 0xE9)
        {
            jmp = (BYTE*)malloc(10);
            jumpto = (*(DWORD*)(src+1))+((DWORD)src)+5;
            newjump = (jumpto-(DWORD)(jmp+5));
            jmp[0] = 0xE9;
           *(DWORD*)(jmp+1) = newjump;
            jmp += 5;
            jmp[0] = 0xE9;
           *(DWORD*)(jmp+1) = (DWORD)(src-jmp);
        }
        else
        {
            jmp = (BYTE*)malloc(5+len);
            memcpy(jmp,src,len);
            jmp += len;
            jmp[0] = 0xE9;
           *(DWORD*)(jmp+1) = (DWORD)(src+len-jmp)-5;
        }
        src[0] = 0xE9;
       *(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
    
        for(int i = 5; i < len; i++)
            src[i] = 0x90;
        VirtualProtect(src,len,dwback,&dwback);
        return (jmp-len);
    }
    
    typedef unsigned int ( *tfnSendToServer)(void *pMsg, unsigned __int32 flags);
    
    tfnSendToServer mfnSendToServer;
    
    DWORD dwCache;
    
    unsigned int hooked_SendToServer(void *pMsg, unsigned __int32 flags){
    	__asm pushad;
    
    	log("SendToServer( 0x%02x, 0x%02x );\n{\n", pMsg, flags);
    	VirtualProtect(pMsg, 400, 40, &dwCache);
    	for(unsigned long ul=0;ul<400;ul++){
    		if(!(ul%4)) log("\n");
    		log("0x%02x, ", PBYTE(DWORD(pMsg))[ul]);
    	}
    	VirtualProtect(pMsg, 400, dwCache, 0);
    
    	__asm popad;
    	return pfnSendToServer(pMsg, flags);
    }
    
    void hookthread(void){
    
    	while(!GetModuleHandleA("cshell.dll")) Sleep(100);
    	DWORD STS = (FindPattern((DWORD)GetModuleHandleA("CShell.dll"), 0xFFFFFF, (PBYTE)"\x6A\xFF\x68\x00\x00\x00\x00\x64\xA1\x00\x00\x00\x00\x50\x64\x89\x25\x00\x00\x00\x00\x83\xEC\x74\x89\x4D\x84\x8B\x45\x08\x89\x45\xF0\x83\x7D\xF0\x00\x74\x0D\x8B\x4D\xF0\x8B\x55\xF0"    ,"xxx????xx????xxxx????xxxxxxxxxxxxxxxxxxxxxxxx"));
    	pfnSendToServer = tfnSendToServer(DetourFunction( PBYTE(((DWORD *)STS)[0x57]), PBYTE(hooked_SendToServer), 5));
    
    	log("Hooked STS Function; 0x%02x -> 0x%02x\n", STS, hooked_SendToServer);
    }
    
    bool __stdcall DllMain( HMODULE hthis, DWORD dwReason, DWORD lpUNK ){
    
    	DisableThreadLibraryCalls(hthis);
    
    	if(dwReason==0x01){
    		//CreateThread(0, 0, (LPTHREAD_START_ROUTINE)hookthread, 0, 0, 0);
    		hookthread();
    	}
    	return true;
    }
    http://i47.tinypic.com/eqcdi0.jpg
  • #2

    Are you just begining to code I am sure Corba my be able to help you out..He is very good Nice to see a new face all the best to you dude and good luck



    Comment

    • #3

      I not have now start i coding long time crossfire hacks
      I have only problem by s2s
      http://i47.tinypic.com/eqcdi0.jpg

      Comment

      • #4

        you are not very active here
        would be nice to see if your screen shot in the sig is really true

        Comment

        • #5

          you should download the old FEAR hack posted on UC forums, it shows how to use the S2S for autokill and others. That should help you understand what is passed to S2S.

          Comment

          • #6

            Yes i dont know how use s2s i need any one the teach me in this (in s2s) i know i musst analyze the packet from cf with olly or cheat engine but how i analyze finaly and logg the packet? how i can edit them and send a fake back? how i can s2s block?
            http://i47.tinypic.com/eqcdi0.jpg

            Comment

            • #7

              S2S is used like this,

              Code:
              CAutoMessage cMsg;
              						cMsg.Writeuint8(MID_OBJECT_MESSAGE);
              						cMsg.WriteObject(g_pPlayerMgr->GetMoveMgr()->GetServerObject());
              						cMsg.Writeuint32(MID_MELEEATTACK);
              						cMsg.WriteObject(CharFX->GetServerObj());
              						cMsg.Writeuint32(hNode);
              						cMsg.WriteLTVector(SFMpos);
              						cMsg.WriteLTVector(BonePos);
              						cMsg.Writeint32(g_pGameClientShell->GetServerRealTimeMS());
              						g_pLTClient->SendToServer(cMsg.Read(), MESSAGE_GUARANTEED);
              you need the CAutoMessage struct to recreate information to send.

              what you can do is get the return address, and see how they build the CAutoMessage Struct. then you can use it as the game does.
              Last edited by Luda; 02-17-2015, 12:08 AM.

              Comment

              • #8

                Okay thanks andwhere is the difference"cMsg.Writeuint8" and " cMsg.Writeuint32" ?
                http://i47.tinypic.com/eqcdi0.jpg

                Comment

                Working...
                X
                Back to Top