SpyUO - a C# UO packet hooker

Smjert · Feb 22, 2007

It works

jaynigs · Feb 22, 2007

Smjert;655645 said:
It works

Thanks smjert, i was unable to test them, now i know they both work, i can go and watch some tv now

Amdir · Apr 5, 2007

Anyone have got the new key for 5.0.9.x clients?

MuadDib · Apr 6, 2007

4609984d: "5.0.9.1 T2a" 41aaa1 5 7 41a939 7 6 ;

Amdir · Apr 6, 2007

Don't work

(packed gump)

Thk anyway

MalGanis · Apr 8, 2007

Try this one:

Code:

4609984D: "5.0.9.1 2D"       41A970 5 1 434850 7 6

But rather than delaing with keys, use Spyuo 2.0 by Arul

HellRazor · Apr 9, 2007

MalGanis;671613 said:
Try this one:

Code:

4609984D: "5.0.9.1 2D" 41A970 5 1 434850 7 6

But rather than delaing with keys, use Spyuo 2.0 by Arul

Where can I find this?

MalGanis · Apr 9, 2007

One page back (6), its 3 post from teh bottom.

HellRazor · Apr 9, 2007

Aha, thank you! I was looking for a new thread, didn't realize he had posted it in this one.

HellRazor · Apr 9, 2007

arul;638023 said:
Try those ..

Code:

45AD77EE: "5.0.7.2 2D" 41AA8D 5 1 434910 7 6

Anyway, here's an experimental version of SpyUO that heuristically retrieves the locations of sen/rec buffers when the client starts. Sources coming soon.

Don't forget the sources Arul!

They allow people to learn and to continue the good work!

crova · Jul 22, 2007

Hi all

i have a problem with SpyUO 2 .. when i run the exe i have this error:

System.DllNotFoundException: Impossible to load "findaddr.dll"

Can someone help me? or maybe has someone the source code of this version?

Thnx in advance

Kamuflaro · Jul 23, 2007

Anyone sharing the keys for 6.0.1.3 or 6.0.1.7?

arul · Jul 23, 2007

findaddr.dll is compiled against vc8 runtime, so if you don't have the runtime installed it will throw that error.

As this is a problem for a lot of people, here is a tool that will tell you the recv/sendv buffer locations. It's compiled against standard msvcrt.dll so it should run on any windows machine.

Please note that the last client I tested it with was 6.0.1.6, with every new version of the client it is less probable that the keys will work or even found properly.

Usage: keysfinder.exe client_exe_location here
Example usage: keysfinder.exe c:\uo\client.exe

Sources included in the archive.

Cheers.

crova · Jul 23, 2007

arul;699747 said:
findaddr.dll is compiled against vc8 runtime, so if you don't have the runtime installed it will throw that error.

As this is a problem for a lot of people, here is a tool that will tell you the recv/sendv buffer locations. It's compiled against standard msvcrt.dll so it should run on any windows machine.

Please note that the last client I tested it with was 6.0.1.6, with every new version of the client it is less probable that the keys will work or even found properly.

Usage: keysfinder.exe client_exe_location here
Example usage: keysfinder.exe c:\uo\client.exe

Sources included in the archive.

Cheers.

Thnx m8

Kamuflaro · Jul 23, 2007

thanks it seems to be working:
464AD29D: "6.0.1.3 2D" 41A98D 5 7 434A50 7 6
But it crashes on certain receives for me (output buffer too small):

Code:

System.ArgumentException: Der Ausgabe-Zeichenpuffer zu klein für die verschlüsselten Zeichen. Verschlüsselung von Unicode (UTF-8) in Ausweichposition System.Text.DecoderReplacementFallback.
Parametername: chars
   bei System.Text.Encoding.ThrowCharsOverflow()
   bei System.Text.Encoding.ThrowCharsOverflow(DecoderNLS decoder, Boolean nothingDecoded)
   bei System.Text.UTF8Encoding.GetChars(Byte* bytes, Int32 byteCount, Char* chars, Int32 charCount, DecoderNLS baseDecoder)
   bei System.Text.DecoderNLS.GetChars(Byte* bytes, Int32 byteCount, Char* chars, Int32 charCount, Boolean flush)
   bei System.Text.DecoderNLS.GetChars(Byte[] bytes, Int32 byteIndex, Int32 byteCount, Char[] chars, Int32 charIndex, Boolean flush)
   bei System.Text.DecoderNLS.GetChars(Byte[] bytes, Int32 byteIndex, Int32 byteCount, Char[] chars, Int32 charIndex)
   bei System.IO.BinaryReader.InternalReadOneChar()
   bei System.IO.BinaryReader.Read()
   bei System.IO.BinaryReader.PeekChar()
   bei Ultima.StringList..ctor(String language)
   bei SpyUO.Packets.LocalizedList..cctor()

arul · Jul 23, 2007

Kamuflaro;699770 said:

thanks it seems to be working:
464AD29D: "6.0.1.3 2D" 41A98D 5 7 434A50 7 6
But it crashes on certain receives for me (output buffer too small):

Code:

System.ArgumentException: Der Ausgabe-Zeichenpuffer zu klein für die verschlüsselten Zeichen. Verschlüsselung von Unicode (UTF-8) in Ausweichposition System.Text.DecoderReplacementFallback.
Parametername: chars
   bei System.Text.Encoding.ThrowCharsOverflow()
   bei System.Text.Encoding.ThrowCharsOverflow(DecoderNLS decoder, Boolean nothingDecoded)
   bei System.Text.UTF8Encoding.GetChars(Byte* bytes, Int32 byteCount, Char* chars, Int32 charCount, DecoderNLS baseDecoder)
   bei System.Text.DecoderNLS.GetChars(Byte* bytes, Int32 byteCount, Char* chars, Int32 charCount, Boolean flush)
   bei System.Text.DecoderNLS.GetChars(Byte[] bytes, Int32 byteIndex, Int32 byteCount, Char[] chars, Int32 charIndex, Boolean flush)
   bei System.Text.DecoderNLS.GetChars(Byte[] bytes, Int32 byteIndex, Int32 byteCount, Char[] chars, Int32 charIndex)
   bei System.IO.BinaryReader.InternalReadOneChar()
   bei System.IO.BinaryReader.Read()
   bei System.IO.BinaryReader.PeekChar()
   bei Ultima.StringList..ctor(String language)
   bei SpyUO.Packets.LocalizedList..cctor()

Seems that BinaryReader.PeekChar() or text encoder respectively, is somehow bugged when using non-english version of .net framework.

I'll include the fix in my version of UO SDK later this evening.

CEO · Jul 23, 2007

Here's the info for latest client, though I think some source code modification is needed to make it work completely.

468e740b: "6.0.1.7 2D" 41A90D 5 7 434A90 7 6

crova · Jul 25, 2007

Kamuflaro;699770 said:

thanks it seems to be working:
464AD29D: "6.0.1.3 2D" 41A98D 5 7 434A50 7 6
But it crashes on certain receives for me (output buffer too small):

Code:

System.ArgumentException: Der Ausgabe-Zeichenpuffer zu klein für die verschlüsselten Zeichen. Verschlüsselung von Unicode (UTF-8) in Ausweichposition System.Text.DecoderReplacementFallback.
Parametername: chars
   bei System.Text.Encoding.ThrowCharsOverflow()
   bei System.Text.Encoding.ThrowCharsOverflow(DecoderNLS decoder, Boolean nothingDecoded)
   bei System.Text.UTF8Encoding.GetChars(Byte* bytes, Int32 byteCount, Char* chars, Int32 charCount, DecoderNLS baseDecoder)
   bei System.Text.DecoderNLS.GetChars(Byte* bytes, Int32 byteCount, Char* chars, Int32 charCount, Boolean flush)
   bei System.Text.DecoderNLS.GetChars(Byte[] bytes, Int32 byteIndex, Int32 byteCount, Char[] chars, Int32 charIndex, Boolean flush)
   bei System.Text.DecoderNLS.GetChars(Byte[] bytes, Int32 byteIndex, Int32 byteCount, Char[] chars, Int32 charIndex)
   bei System.IO.BinaryReader.InternalReadOneChar()
   bei System.IO.BinaryReader.Read()
   bei System.IO.BinaryReader.PeekChar()
   bei Ultima.StringList..ctor(String language)
   bei SpyUO.Packets.LocalizedList..cctor()

i have the same error ç_ç

Smjert · Aug 27, 2007

Here's the 6.0.1.10 keys (thanks to arul keysfinder)

Code:

46B268F2: "6.0.1.10 2D"	     41A09D 5 7 434A80 7 6

AndrewWood · Nov 13, 2007

arul;638023 said:
Anyway, here's an experimental version of SpyUO that heuristically retrieves the locations of sen/rec buffers when the client starts. Sources coming soon.

Any hope yet on these sources? I just started coding C# last week but it's pretty simple. I'd be glad to help keep this thing going. I know the WIN API very well and understand asm also.

Either way, don't let the proj die. Great thread and much thanks for the offsets.

SpyUO - a C# UO packet hooker

Sorceror

Wanderer

Wanderer

Wanderer

Wanderer

Sorceror

Knight

Sorceror

Knight

Knight

Sorceror

Page

Sorceror

Attachments

Sorceror

Page

Sorceror

Sorceror

Sorceror

Sorceror

Wanderer