[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4712: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3842)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4714: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3842)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4715: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3842)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4716: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3842)
Locating the Packet Table in the 2D clients | JoinUO Forums

Locating the Packet Table in the 2D clients


Site Admin
Posts: 372
Joined: Wed Apr 08, 2009 6:35 am
PostPosted: Sat Feb 12, 2011 7:54 am
Attachments
IDALOG - possible packet tables.txt
(21.49 KiB) Downloaded 1422 times
Packet, old client applied.png
Packet, old client applied.png (1.9 KiB) Viewed 14301 times
Packet, old client.png
Packet, old client.png (2.07 KiB) Viewed 14301 times
Packet, new client applied.png
Packet, new client applied.png (5.55 KiB) Viewed 14301 times
Packet, new client.png
Packet, new client.png (2.59 KiB) Viewed 14301 times
Old client, guessing the array count.png
Old client, guessing the array count.png (34.6 KiB) Viewed 14301 times
Old client, packet table size.png
Old client, packet table size.png (2.51 KiB) Viewed 14301 times
Old client, search for WALK instead.png
Old client, search for WALK instead.png (25.48 KiB) Viewed 14301 times
New client, packet table size and array count.png
New client, packet table size and array count.png (6.02 KiB) Viewed 14301 times
New client, cross reference.png
New client, cross reference.png (12.47 KiB) Viewed 14301 times
New client, text found.png
New client, text found.png (14.85 KiB) Viewed 14301 times
New client, do text search.png
New client, do text search.png (15.95 KiB) Viewed 14301 times
GOD client, packet table structure size and array count.png
GOD client, packet table structure size and array count.png (9.66 KiB) Viewed 14301 times
GOD client, cool table.png
GOD client, cool table.png (9.72 KiB) Viewed 14301 times
GOD client, cross reference.png
GOD client, cross reference.png (21.1 KiB) Viewed 14301 times
GOD client, packet names.png
GOD client, packet names.png (16.45 KiB) Viewed 14301 times
<Derrick> RunUO AI is kind of a functional prototype, which i have hacked into something resembling OSI behavior, but only by complitcating everything

Site Admin
Posts: 65
Joined: Thu Sep 24, 2009 1:43 pm
Location: Was Russia,Moscow; Currently Germany,Berlin
PostPosted: Sat Feb 12, 2011 11:18 am
Awesome! I've seen packets log in god client, ctrl+p as i remember. Sad new clients don't have names.
But there's chance that beta clients have names, since they were build with debug.

Posts: 4
Joined: Tue Dec 20, 2011 6:14 am
PostPosted: Tue Dec 20, 2011 6:17 am
Is it possible to calculate the address and extract the packet table at runtime?

Site Admin
Posts: 372
Joined: Wed Apr 08, 2009 6:35 am
PostPosted: Tue Dec 20, 2011 1:19 pm
Well,

It's possible but you need to know what you are doing.

These are the problems you will need to face and solve:

1) The key feature in the algo above is IDA Pro's FindBinary function. You will need to implement that function in your language of choice.

2) You need access to the code segment of the client
2a) Use ReadProcessMemory (rather slow)
2b) Inject your code in the client's process as a thread (fastest method but also the most complex) (does not work from .NET)
2c) Open the "client.exe", since it's not encrypted you can do the memory search in there and then map the found file address to a memory address (in between solution)
<Derrick> RunUO AI is kind of a functional prototype, which i have hacked into something resembling OSI behavior, but only by complitcating everything

Posts: 4
Joined: Tue Dec 20, 2011 6:14 am
PostPosted: Wed Dec 21, 2011 6:35 pm

Site Admin
Posts: 372
Joined: Wed Apr 08, 2009 6:35 am
PostPosted: Wed Dec 21, 2011 10:34 pm
I'm guessing you are using method 3? If so, you need to convert from a file offset to a virtual address:

You need the function CPortableExecutable::FO2VA.

I'll need to look into those two clients and see why it's not working, I'm guessing it's not finding the correct location?...
<Derrick> RunUO AI is kind of a functional prototype, which i have hacked into something resembling OSI behavior, but only by complitcating everything

Posts: 4
Joined: Tue Dec 20, 2011 6:14 am
PostPosted: Wed Dec 21, 2011 11:51 pm
Here's a screenshot:

Image

Posts: 4
Joined: Tue Dec 20, 2011 6:14 am
PostPosted: Sat Dec 24, 2011 9:35 pm
I just figured out... they replaced the old 0x00 Create Character packet with the new one (0xF8).

Posts: 17
Joined: Wed May 16, 2012 10:07 pm
PostPosted: Thu May 17, 2012 12:20 pm
Does this table contains only Client -> Server packets, or both?

Posts: 17
Joined: Wed May 16, 2012 10:07 pm
PostPosted: Tue May 22, 2012 3:45 am
It's both. There is no difference between client and server in protocol...

Thanks a lot, Batlin. If you don't mind - I'll use your guide for auto detect packet sizes in my UOExt.

Return to UO Client

Who is online

Users browsing this forum: No registered users and 3 guests

cron