Menu
What's new
RunUO Community

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

SpyUO - a C# UO packet hooker

M

MuadDib

Wanderer
Kudos on the key work mates. I run a packet list site that also has a download for UOLog that Folko made before SpyUO (where the clients.cfg comes from), this has been a very helpful thread for me to keep the clients.cfg download updated.

Thanks for all your hard work :)
 
HellRazor

HellRazor

Knight
Awesome. I don't like or use the 3D client but I don't begrudge anyone who does and its nice to see keys being posted for it. SpyUO somehow seems incomplete without both 2D and 3D client keys. :)
 
A

arul

Sorceror
Try those ..

Code: 
45AD77EE: "5.0.7.2 2D"        41AA8D 5 1 434910 7 6

Anyway, here's an experimental version of SpyUO that heuristically retrieves the locations of sen/rec buffers when the client starts. Sources coming soon.
 

Attachments

  • SpyUO.2.0b.rar
    74 KB · Views: 298
M

Makar20

Wanderer
That release is good Arul. You forgot to include the zlib dll in the package though ;-) Theres a bug. it wont attach when the client just starts up. it has to be attached when your already in the game
 
S

Smjert

Sorceror
Sorry i'm a bit confused.. how i have to use Jeff's keys?

These keys are written in a different way:
Code: 
45AD77EE: "5.0.7.2 T2A"       41AA8D 5 1 434910 7 6

And how i can get the timestamp?

(i followed Folko's guide, he said "Open client.exe in UltraEdit and search the PE header. It is on top of the file and starts with "PE", in 4.0.0l it's at 0x0138. Skip the next WORD and the next DWORD and you'll have the TimeStamp in Little Endian. To convert it to human readable Big Endian, reverse the bytes")

Then i found the letters PE in line 00000120h, but how can i skip WORD and DWORD??
 
Jeff

Jeff

Lord
Smjert;654641 said:
Sorry i'm a bit confused.. how i have to use Jeff's keys?

These keys are written in a different way:
Code: 
45AD77EE: "5.0.7.2 T2A"       41AA8D 5 1 434910 7 6

And how i can get the timestamp?

(i followed Folko's guide, he said "Open client.exe in UltraEdit and search the PE header. It is on top of the file and starts with "PE", in 4.0.0l it's at 0x0138. Skip the next WORD and the next DWORD and you'll have the TimeStamp in Little Endian. To convert it to human readable Big Endian, reverse the bytes")

Then i found the letters PE in line 00000120h, but how can i skip WORD and DWORD??
Click to expand...

Code: 
"5.0.8.2 2D"     2F5325 7 D A2BF52 7 F

Better?

anyway, skipping a WORD by just counting 2 bytes or 16 bits,

WORD = 16bit
DWORD = 32bit
 
S

Smjert

Sorceror
Code: 
Code:

"5.0.8.2 2D"     2F5325 7 D A2BF52 7 F

Better?
Ah wow.. I thought that it had to begin with a 4 or something like that XD

Edit:
I found the timestamp, added this line

45D23436: "5.0.8.2 T2A" 2F5325 7 D A2BF52 7 F

and i got: Error reading Clients.cfg--->System.FormatException: One of the identified items was in an invalid format
 
J

jaynigs

Wanderer
Thanks for confirming they work,

Perhaps you could try these for 3D also?

Code: 
45D234F2: "5.0.8.2 3D"       48E1F2 6 1 4A0A23 2 6

Thanks
 
You must log in or register to reply here.
Top