1

Debug/PacketEditor.log

@@ -1,2 +1,2 @@
   dllmain.cpp
-  PacketEditor.vcxproj -> C:\Users\Erarnitox\source\repos\PacketEditor\Debug\PacketEditor.dll
+  PacketEditor.vcxproj -> C:\Users\Erarnitox\source\repos\PacketEditor\TeraProxy\Debug\PacketEditor.dll

Debug/PacketEditor.tlog/PacketEditor.lastbuildstate

@@ -1,2 +1,2 @@
 #TargetFrameworkVersion=v4.0:PlatformToolSet=v142:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0
-Debug|Win32|C:\Users\Erarnitox\source\repos\PacketEditor\|
+Debug|Win32|C:\Users\Erarnitox\source\repos\PacketEditor\TeraProxy\|

Release/PacketEditor.log

@@ -1,7 +1,8 @@
-  dllmain.cpp
+  pch.cpp
+  dllmain.cpp
   Code wird generiert.
-  1 of 104 functions ( 1.0%) were compiled, the rest were copied from previous compilation.
-    0 functions were new in current compilation
+  103 of 106 functions (97.2%) were compiled, the rest were copied from previous compilation.
+    4 functions were new in current compilation
     1 functions had inline decision re-evaluated but remain unchanged
   Codegenerierung ist abgeschlossen.
-  PacketEditor.vcxproj -> C:\Users\Erarnitox\source\repos\PacketEditor\Release\PacketEditor.dll
+  PacketEditor.vcxproj -> C:\Users\Erarnitox\source\repos\PacketEditor\TeraProxy\Release\PacketEditor.dll

Release/PacketEditor.tlog/PacketEditor.lastbuildstate

@@ -1,2 +1,2 @@
 #TargetFrameworkVersion=v4.0:PlatformToolSet=v142:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0
-Release|Win32|C:\Users\Erarnitox\source\repos\PacketEditor\|
+Release|Win32|C:\Users\Erarnitox\source\repos\PacketEditor\TeraProxy\|

Tera.h

@@ -6,21 +6,22 @@ wchar_t moduleName[] = L"TERA.exe";
 //size_t sendFuncOffset = 0x1045270;
 size_t toHookSend = 1;
 int sendHookLen = 5;
-size_t recvFuncOffset = 0x1045270;
-size_t toHookRecv = 3;
-int recvHookLen = 5;
+//size_t recvFuncOffset = 0x10097D6;
+//int recvHookLen = 6;
 DWORD sentLen;
 char* sentBuffer;
+//DWORD recvLen;
+//char* recvBuffer;
 char* tmpBuffer;
 
 const char* internalSendPattern = "\x55\x8B\xEC\x53\x8B\xD9\x83\x7B\x0C\x00\x74\x54\x8B\x8B\x1C\x00\x02\x00\x85\xC9\x74\x2E\x8B\x01\x8B\x01\x8B\x40\x18\xFF\xD0";
 const char* internalSendMask = "xxxxxxxxxx??xx????xxxxxxx";
 
-const char* internalRecvPattern = "\xAB\xCD\xEF";
-const char* internalRecvMask = "xxx";
+//const char* internalRecvPattern = "\x8B\xCE\x52\xFF\75\xFC\xFF\x50\x10\x85\xDB\x75\x8D\x75\x8D\x5F\x5E\x5B\x8B\xE5";
+//const char* internalRecvMask = "xxxxxxxxxxxx???xxxxx";
 
 bool logSentHook = false;
-bool logRecvHook = false;
+//bool logRecvHook = false;
 
 void* teax;
 void* tebx;
@@ -30,11 +31,20 @@ void* tesi;
 void* tedi;
 void* tebp;
 void* tesp;
-struct MovementPacket {
-	char data[0x18];
-};
+
+/*
+void* reax;
+void* rebx;
+void* recx;
+void* redx;
+void* resi;
+void* redi;
+void* rebp;
+void* resp;
+*/
 
 void printSendBufferToLog();
+void printRecvBufferToLog();
 
 DWORD jmpBackAddrSend;
 void __declspec(naked) sendHookFunc() {
@@ -70,4 +80,39 @@ void __declspec(naked) sendHookFunc() {
         mov ebx, ecx
         jmp[jmpBackAddrSend]
     }
-}
+}
+
+/*
+DWORD jmpBackAddrRecv;
+void __declspec(naked) recvHookFunc() {
+    __asm {
+        mov rebx, ebx
+        mov recx, ecx
+        mov redx, edx
+        mov resi, esi
+        mov redi, edi
+        mov rebp, ebp
+        mov resp, esp
+        mov eax, [esp + 0xC]
+        mov recvBuffer, eax
+        mov sentLen, edx
+    }
+    if (logRecvHook) {
+        printRecvBufferToLog();
+    }
+    __asm {
+        mov eax, reax
+        mov ebx, rebx
+        mov ecx, recx
+        mov edx, redx
+        mov esi, resi
+        mov edi, redi
+        mov ebp, rebp
+        mov esp, resp;
+        mov ecx, esi
+        push edx
+        push[ebp - 04]
+        jmp[jmpBackAddrRecv]
+    }
+}
+*/

dllmain.cpp

@@ -1,4 +1,3 @@
-// dllmain.cpp : Definiert den Einstiegspunkt für die DLL-Anwendung.
 #include "pch.h"
 #include <windows.h>
 #include <iostream>
@@ -11,7 +10,7 @@
 #define MYMENU_EXIT (WM_APP + 100)
 #define SEND_BUTTON (WM_APP + 101)
 #define LOG_SEND (WM_APP + 102)
-#define LOG_RECV (WM_APP + 103)
+//#define LOG_RECV (WM_APP + 103)
 #define CLEAR_BUTTON (WM_APP + 104)
 
 HMODULE inj_hModule;
@@ -123,19 +122,22 @@ LRESULT CALLBACK MessageHandler(HWND hWindow, UINT uMessage, WPARAM wParam, LPAR
                 logSentHook = true;
             }
             break;
-
+/*
         case LOG_RECV:
             LogRecv = IsDlgButtonChecked(hWindow, LOG_RECV);
 #ifdef _DEBUG
             std::cout << "Recv Logging " << ((LogRecv != BST_CHECKED) ? "enabled" : "disabled") << std::endl;
 #endif
             if (LogRecv == BST_CHECKED) {
                 CheckDlgButton(hWindow, LOG_RECV, BST_UNCHECKED);
+                logRecvHook = false;
             }
             else {
                 CheckDlgButton(hWindow, LOG_RECV, BST_CHECKED);
+                logRecvHook = true;
             }
             break;
+*/
         case CLEAR_BUTTON:
             logText.erase(logText.begin(), logText.end());
             SetWindowTextA(hLog, "Cleared! :)\r\nFind Tutorials on Guidedhacking.com!");
@@ -164,9 +166,8 @@ BOOL RegisterDLLWindowClass(const wchar_t szClassName[]) {
     return 1;
 }
 
-void printSendBufferToLog() {
+inline void printSendBufferToLog() {
     char sendID[] = "[SEND] ";
-    char tmp = '0';
 #ifdef _DEBUG
     std::cout << "Sent Packet len: " << std::dec << sentLen << std::endl;
 #endif
@@ -193,6 +194,36 @@ void printSendBufferToLog() {
     SetWindowTextA(hLog, &logText[0]);
 }
 
+/*
+//Might have to use Semapores if Recv and Send run in different threads
+inline void printRecvBufferToLog() {
+    char recvID[] = "[RECV] ";
+#ifdef _DEBUG
+    std::cout << "Recieved Packet len: " << std::dec << recvLen << std::endl;
+#endif
+    while (logText.size() > 4096) {
+        logText.erase(logText.begin(), logText.begin() + 400);
+    }
+    if (logText.size() > 1) {
+        logText.pop_back();
+        logText.push_back('\r');
+        logText.push_back('\n');
+    }
+
+    for (DWORD i = 0; i < recvLen + 7; ++i) {
+        if (i < 7) {
+            logText.push_back(recvID[i]);
+        }
+        else {
+            logText.push_back(hex_chars[((recvBuffer)[i - 7] & 0xF0) >> 4]);
+            logText.push_back(hex_chars[((recvBuffer)[i - 7] & 0x0F) >> 0]);
+            logText.push_back(' ');
+        }
+    }
+    logText.push_back('\0');
+    SetWindowTextA(hLog, &logText[0]);
+}*/
+
 DWORD WINAPI WindowThread(HMODULE hModule){
 
 #ifdef _DEBUG
@@ -207,19 +238,22 @@ DWORD WINAPI WindowThread(HMODULE hModule){
 
     moduleBase = (uintptr_t)GetModuleHandle(moduleName);
     Send = (InternalSend)(ScanInternal(internalSendPattern, internalSendMask, (char*)(moduleBase+ 0x0500000), 0x3000000));
+    //void* toHookRecv = (void*)(moduleBase+0x10097D6);//(ScanInternal(internalRecvPattern, internalRecvMask, (char*)(moduleBase + 0x0500000), 0x3000000));
 
 #ifdef _DEBUG
     std::cout << "send function location:" << std::hex << (int)Send << std::endl;
 #endif // _DEBUG
 
     toHookSend += (size_t)Send;
     jmpBackAddrSend = toHookSend + sendHookLen;
+    //jmpBackAddrRecv = (size_t)toHookRecv + recvHookLen;
 
 #ifdef _DEBUG
     std::cout << "[Send Jump Back Addy:] 0x" << std::hex << jmpBackAddrSend << std::endl;
 #endif
 
     Hook* sendHook = new Hook((void*)toHookSend, (void*)sendHookFunc, sendHookLen);
+    //Hook* recvHook = new Hook(toHookRecv, recvHookFunc, recvHookLen);
 
     MSG messages;
     HMENU hMenu = CreateDLLWindowMenu();
@@ -235,7 +269,7 @@ DWORD WINAPI WindowThread(HMODULE hModule){
     hCraftedPacket = CreateWindowEx(0, L"edit", L"<Packet Data>", WS_TABSTOP | WS_VISIBLE | WS_CHILD | ES_MULTILINE | WS_BORDER, 110, 730, 900, 100, hwnd, NULL, hModule, NULL);
 
     hLogSend = CreateWindowEx(0, L"button", L"Log Send", WS_CHILD | WS_VISIBLE | BS_CHECKBOX, 110, 705, 100, 25, hwnd, (HMENU)LOG_SEND, hModule, NULL);
-    hLogRecv = CreateWindowEx(0, L"button", L"Log Recv", WS_CHILD | WS_VISIBLE | BS_CHECKBOX, 210, 705, 100, 25, hwnd, (HMENU)LOG_RECV, hModule, NULL);
+    //hLogRecv = CreateWindowEx(0, L"button", L"Log Recv", WS_CHILD | WS_VISIBLE | BS_CHECKBOX, 210, 705, 100, 25, hwnd, (HMENU)LOG_RECV, hModule, NULL);
 
     ShowWindow(hwnd, SW_SHOWNORMAL);
     UpdateWindow(hwnd); // redraw window;
@@ -249,7 +283,9 @@ DWORD WINAPI WindowThread(HMODULE hModule){
     }
 
     //exit:
+    //delete recvHook;
     delete sendHook;
+
 
 #ifdef _DEBUG
     if (f != 0) {