SpyUO - a C# UO packet hooker

arul · Apr 28, 2006

pinco:
Haven't tested them, but they should work fine:

Code:

444E1BA9: "5.0.2 3D"        48EE02 6 5 4A0920 2 6

Makar20:
I suggest you start by reading some assembly tutorials, then read this tutorial

Makar20 · Apr 29, 2006

Any chance you got OllyDbg

arul · May 17, 2006

Client.cfg values for 5.0.2a

Code:

44627FD0: "5.0.2a 2D"        41A90D 5 7 434520 7 6

arul · May 18, 2006

Client.cfg values for 5.0.2b

Code:

446B9D85: "5.0.2b 2D"        41A6FD 5 7 4342F0 7 6

pinco · Jun 3, 2006

post the 3d keys too plz

arul · Jun 16, 2006

Client.cfg values for 5.0.2c

Code:

4491BE15: "5.0.2c 2D"        41A6FD 5 7 4342C0 7 6

BladeWise · Jun 20, 2006

Uhmm... I used the tutorial with client 5.0.2b.
I tried to follow tre tutorial (both the difficult and the easy part), but I found these problems:
1. With "hard" part I can follow him until he says encrypted data size should be 0x3E... my size is 4... moreover I don't know where I should read the TOS value... (my bad!)
2. With the easy part, I found that the address containing the "], 33h" is at 0041A826, and is into the subroutine at address 0041A810... 0041A6FD is the address in the above routine for "push ebp", so why is it?. About the SendBuffer, the tutorial says we need to find the "mov bp, ax"... I found it 0041A6FD, and the corresponding routine is 0041A6D0...
so... can anyone explain me what's wrong?

arul · Jun 20, 2006

yeah, the tutorial seems to be outdated a bit... TOS stands for Top of the stack.
"push ebp" at 0041A6D pushes the address of the buffer onto the stack.

BladeWise · Jun 22, 2006

Oh, I know the meaning of TOS, but I don't know where I can read it

So, could you please explain (even in brief) what kind of addresses we need?

Folko · Jul 8, 2006

You can get OllyDbg here. This screenshot shows OllyDbg in action, the window with the stack view is the lower right one. The top of the stack is the first entry in that list.

_Epila_ · Jul 20, 2006

Is there any packet list?

HannibalX · Jul 28, 2006

Is there a more up to date tutorial? I was trying to find the hooks for the 5.0.2f client... having a hard time with the old tutorial.

arul · Jul 28, 2006

Client.cfg values for 5.0.2f

Code:

44B30695: "5.0.2f 2D"        41A6FD 5 7 4342C0 7 6

HannibalX · Jul 31, 2006

Thanks Arul.

Based on your new values... I compared the 5.0.2f dasm against 5.0.2g... and here are the values for client 5.0.2g 2D (one again... unchanged offsets, wierd! however, these are tested and working)

Code:

44B30695: "5.0.2g 2D"        41A6FD 5 7 4342C0 7 6

HannibalX · Aug 23, 2006

For client 5.0.4a

Code:

44EB7F3F: "5.0.4a 2D"	     41A7CD 5 7 434570 7 6

snicker7 · Aug 24, 2006

client 5.0.4b

Code:

44ECD61B: "5.0.4b 2D"        41A85D 5 7 4346E0 7 6

jaynigs · Aug 30, 2006

Client 5.0.4c

Code:

44F49697: "5.0.4c 2D"        41A85D 5 7 4346E0 7 6

pinco · Aug 31, 2006

someone has the 3d client keys?

jaynigs · Sep 14, 2006

Client 5.0.4d 2D

Code:

450882B1: "5.0.4d 2D"        41A85D 5 7 434590 7 6

Client 5.0.4d 3D

Code:

45088348: "5.0.4d 3D"        48E330 6 5 4A0B10 2 6

pinco · Sep 14, 2006

wonderfull thanks

SpyUO - a C# UO packet hooker

Sorceror

Attachments

Wanderer

Sorceror

Sorceror

Sorceror

Sorceror

Wanderer

Sorceror

Wanderer

Sorceror

Sorceror

Wanderer

Sorceror

Wanderer

Wanderer

Sorceror

Wanderer

Sorceror

Wanderer

Sorceror