SpyUO - a C# UO packet hooker - Page 5 - RunUO

arul · 05-17-2006, 12:19 PM

Client.cfg values for 5.0.2a

Code:

44627FD0: "5.0.2a 2D"        41A90D 5 7 434520 7 6

arul · 05-18-2006, 01:39 PM

Client.cfg values for 5.0.2b

Code:

446B9D85: "5.0.2b 2D"        41A6FD 5 7 4342F0 7 6

pinco · 06-03-2006, 09:08 AM

post the 3d keys too plz

arul · 06-16-2006, 11:24 AM

Client.cfg values for 5.0.2c

Code:

4491BE15: "5.0.2c 2D"        41A6FD 5 7 4342C0 7 6

BladeWise · 06-20-2006, 02:01 PM

Uhmm... I used the tutorial with client 5.0.2b.
I tried to follow tre tutorial (both the difficult and the easy part), but I found these problems:
1. With "hard" part I can follow him until he says encrypted data size should be 0x3E... my size is 4... moreover I don't know where I should read the TOS value... (my bad!)
2. With the easy part, I found that the address containing the "], 33h" is at 0041A826, and is into the subroutine at address 0041A810... 0041A6FD is the address in the above routine for "push ebp", so why is it?. About the SendBuffer, the tutorial says we need to find the "mov bp, ax"... I found it 0041A6FD, and the corresponding routine is 0041A6D0...
so... can anyone explain me what's wrong?

arul · 06-20-2006, 02:11 PM

yeah, the tutorial seems to be outdated a bit... TOS stands for Top of the stack.
"push ebp" at 0041A6D pushes the address of the buffer onto the stack.

BladeWise · 06-22-2006, 06:18 AM

Oh, I know the meaning of TOS, but I don't know where I can read it

So, could you please explain (even in brief) what kind of addresses we need?

Folko · 07-08-2006, 06:52 AM

You can get OllyDbg here. This screenshot shows OllyDbg in action, the window with the stack view is the lower right one. The top of the stack is the first entry in that list.

_Epila_ · 07-20-2006, 11:32 PM

Is there any packet list?

HannibalX · 07-29-2006, 12:01 AM

Is there a more up to date tutorial? I was trying to find the hooks for the 5.0.2f client... having a hard time with the old tutorial.

arul · 07-29-2006, 12:36 AM

Client.cfg values for 5.0.2f

Code:

44B30695: "5.0.2f 2D"        41A6FD 5 7 4342C0 7 6

HannibalX · 07-31-2006, 10:16 AM

Thanks Arul.

Based on your new values... I compared the 5.0.2f dasm against 5.0.2g... and here are the values for client 5.0.2g 2D (one again... unchanged offsets, wierd! however, these are tested and working)

Code:

44B30695: "5.0.2g 2D"        41A6FD 5 7 4342C0 7 6

HannibalX · 08-23-2006, 02:29 AM

For client 5.0.4a

Code:

44EB7F3F: "5.0.4a 2D"	     41A7CD 5 7 434570 7 6

snicker7 · 08-24-2006, 09:05 PM

client 5.0.4b

Code:

44ECD61B: "5.0.4b 2D"        41A85D 5 7 4346E0 7 6

jaynigs · 08-30-2006, 10:28 AM

Client 5.0.4c

Code:

44F49697: "5.0.4c 2D"        41A85D 5 7 4346E0 7 6

pinco · 08-31-2006, 02:35 AM

someone has the 3d client keys?

jaynigs · 09-14-2006, 07:35 AM

Client 5.0.4d 2D

Code:

450882B1: "5.0.4d 2D"        41A85D 5 7 434590 7 6

Client 5.0.4d 3D

Code:

45088348: "5.0.4d 3D"        48E330 6 5 4A0B10 2 6

pinco · 09-14-2006, 09:05 AM

wonderfull thanks

jaynigs · 09-23-2006, 07:56 AM

Code:

451304C2: "5.0.4e 2D"        41A85D 5 7 434590 7 6
45130565: "5.0.4e 3D"        48E330 6 5 4A0B10 2 6

pinco · 09-27-2006, 04:55 PM

jaynigs, you are the heir of phenos for spyuo

MalGanis · 10-16-2006, 12:09 PM

I hope it works:

Code:

452E9E80: "5.0.5a 2D"        41A85D 5 7 434590 7 6

MalGanis · 10-21-2006, 09:02 AM

Code:

45368944: "5.0.5b 2D"        41A85D 5 7 434590 7 6

MalGanis · 10-31-2006, 08:24 AM

Code:

45425AB3: "5.0.6a 2D"        41A8F0 5 7 4345E0 7 6

MalGanis · 11-01-2006, 06:59 PM

Code:

4546B86E: "5.0.6b 2D"        41A8F0 5 7 4345E0 7 6

MalGanis · 11-14-2006, 06:09 AM

Code:

454FD2B7: "5.0.6c 2D"        41A8F0 5 7 4345E0 7 6

05-17-2006, 12:19 PM	#101 (permalink)
arul Forum Expert Join Date: Jan 2005 Location: Hic sunt leones ... Age: 21 Posts: 1,289	Client.cfg values for 5.0.2a Code: 44627FD0: "5.0.2a 2D" 41A90D 5 7 434520 7 6 __________________ Angels are falling the very last time, down they're burning in hate and decline, unfaithful and violent we're breaking the spell, we're god, we're scissor, in heaven and hell!

05-18-2006, 01:39 PM	#102 (permalink)
arul Forum Expert Join Date: Jan 2005 Location: Hic sunt leones ... Age: 21 Posts: 1,289	Client.cfg values for 5.0.2b Code: 446B9D85: "5.0.2b 2D" 41A6FD 5 7 4342F0 7 6 __________________ Angels are falling the very last time, down they're burning in hate and decline, unfaithful and violent we're breaking the spell, we're god, we're scissor, in heaven and hell!

06-16-2006, 11:24 AM	#104 (permalink)
arul Forum Expert Join Date: Jan 2005 Location: Hic sunt leones ... Age: 21 Posts: 1,289	Client.cfg values for 5.0.2c Code: 4491BE15: "5.0.2c 2D" 41A6FD 5 7 4342C0 7 6 __________________ Angels are falling the very last time, down they're burning in hate and decline, unfaithful and violent we're breaking the spell, we're god, we're scissor, in heaven and hell!

06-20-2006, 02:01 PM	#105 (permalink)
BladeWise Forum Newbie Join Date: Jun 2003 Location: Italy Age: 27 Posts: 64	Uhmm... I used the tutorial with client 5.0.2b. I tried to follow tre tutorial (both the difficult and the easy part), but I found these problems: 1. With "hard" part I can follow him until he says encrypted data size should be 0x3E... my size is 4... moreover I don't know where I should read the TOS value... (my bad!) 2. With the easy part, I found that the address containing the "], 33h" is at 0041A826, and is into the subroutine at address 0041A810... 0041A6FD is the address in the above routine for "push ebp", so why is it?. About the SendBuffer, the tutorial says we need to find the "mov bp, ax"... I found it 0041A6FD, and the corresponding routine is 0041A6D0... so... can anyone explain me what's wrong? Last edited by BladeWise; 06-22-2006 at 06:16 AM.

06-20-2006, 02:11 PM	#106 (permalink)
arul Forum Expert Join Date: Jan 2005 Location: Hic sunt leones ... Age: 21 Posts: 1,289	yeah, the tutorial seems to be outdated a bit... TOS stands for Top of the stack. "push ebp" at 0041A6D pushes the address of the buffer onto the stack. __________________ Angels are falling the very last time, down they're burning in hate and decline, unfaithful and violent we're breaking the spell, we're god, we're scissor, in heaven and hell!

06-03-2006, 09:08 AM	#103 (permalink)
pinco Forum Novice Join Date: Aug 2003 Posts: 124	post the 3d keys too plz

06-22-2006, 06:18 AM	#107 (permalink)
BladeWise Forum Newbie Join Date: Jun 2003 Location: Italy Age: 27 Posts: 64	Oh, I know the meaning of TOS, but I don't know where I can read it So, could you please explain (even in brief) what kind of addresses we need?

07-08-2006, 06:52 AM	#108 (permalink)
Folko Forum Newbie Join Date: Sep 2002 Location: World citizen Posts: 7	You can get OllyDbg here. This screenshot shows OllyDbg in action, the window with the stack view is the lower right one. The top of the stack is the first entry in that list.

07-20-2006, 11:32 PM	#109 (permalink)
_Epila_ Newbie Join Date: Dec 2005 Posts: 29	Is there any packet list?

07-29-2006, 12:01 AM	#110 (permalink)
HannibalX Forum Newbie Join Date: Feb 2004 Posts: 35	Is there a more up to date tutorial? I was trying to find the hooks for the 5.0.2f client... having a hard time with the old tutorial.

07-29-2006, 12:36 AM	#111 (permalink)
arul Forum Expert Join Date: Jan 2005 Location: Hic sunt leones ... Age: 21 Posts: 1,289	Client.cfg values for 5.0.2f Code: 44B30695: "5.0.2f 2D" 41A6FD 5 7 4342C0 7 6 __________________ Angels are falling the very last time, down they're burning in hate and decline, unfaithful and violent we're breaking the spell, we're god, we're scissor, in heaven and hell!

07-31-2006, 10:16 AM	#112 (permalink)
HannibalX Forum Newbie Join Date: Feb 2004 Posts: 35	Thanks Arul. Based on your new values... I compared the 5.0.2f dasm against 5.0.2g... and here are the values for client 5.0.2g 2D (one again... unchanged offsets, wierd! however, these are tested and working) Code: 44B30695: "5.0.2g 2D" 41A6FD 5 7 4342C0 7 6

08-23-2006, 02:29 AM	#113 (permalink)
HannibalX Forum Newbie Join Date: Feb 2004 Posts: 35	For client 5.0.4a Code: 44EB7F3F: "5.0.4a 2D" 41A7CD 5 7 434570 7 6

08-24-2006, 09:05 PM	#114 (permalink)
snicker7 Forum Expert Join Date: Dec 2005 Posts: 465	client 5.0.4b Code: 44ECD61B: "5.0.4b 2D" 41A85D 5 7 4346E0 7 6

08-30-2006, 10:28 AM	#115 (permalink)
jaynigs Forum Expert Join Date: Mar 2003 Location: England Age: 35 Posts: 986	Client 5.0.4c Code: 44F49697: "5.0.4c 2D" 41A85D 5 7 4346E0 7 6

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

08-31-2006, 02:35 AM	#116 (permalink)
pinco Forum Novice Join Date: Aug 2003 Posts: 124	someone has the 3d client keys?

09-14-2006, 07:35 AM	#117 (permalink)
jaynigs Forum Expert Join Date: Mar 2003 Location: England Age: 35 Posts: 986	Client 5.0.4d 2D Code: 450882B1: "5.0.4d 2D" 41A85D 5 7 434590 7 6 Client 5.0.4d 3D Code: 45088348: "5.0.4d 3D" 48E330 6 5 4A0B10 2 6 Last edited by jaynigs; 09-14-2006 at 08:19 AM.

09-14-2006, 09:05 AM	#118 (permalink)
pinco Forum Novice Join Date: Aug 2003 Posts: 124	wonderfull thanks

09-23-2006, 07:56 AM	#119 (permalink)
jaynigs Forum Expert Join Date: Mar 2003 Location: England Age: 35 Posts: 986	Code: 451304C2: "5.0.4e 2D" 41A85D 5 7 434590 7 6 45130565: "5.0.4e 3D" 48E330 6 5 4A0B10 2 6

09-27-2006, 04:55 PM	#120 (permalink)
pinco Forum Novice Join Date: Aug 2003 Posts: 124	jaynigs, you are the heir of phenos for spyuo

10-16-2006, 12:09 PM	#121 (permalink)
MalGanis Forum Novice Join Date: Dec 2005 Location: Slovenia Age: 23 Posts: 339	I hope it works: Code: 452E9E80: "5.0.5a 2D" 41A85D 5 7 434590 7 6

10-21-2006, 09:02 AM	#122 (permalink)
MalGanis Forum Novice Join Date: Dec 2005 Location: Slovenia Age: 23 Posts: 339	Code: 45368944: "5.0.5b 2D" 41A85D 5 7 434590 7 6

10-31-2006, 08:24 AM	#123 (permalink)
MalGanis Forum Novice Join Date: Dec 2005 Location: Slovenia Age: 23 Posts: 339	Code: 45425AB3: "5.0.6a 2D" 41A8F0 5 7 4345E0 7 6

11-01-2006, 06:59 PM	#124 (permalink)
MalGanis Forum Novice Join Date: Dec 2005 Location: Slovenia Age: 23 Posts: 339	Code: 4546B86E: "5.0.6b 2D" 41A8F0 5 7 4345E0 7 6

11-14-2006, 06:09 AM	#125 (permalink)
MalGanis Forum Novice Join Date: Dec 2005 Location: Slovenia Age: 23 Posts: 339	Code: 454FD2B7: "5.0.6c 2D" 41A8F0 5 7 4345E0 7 6

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode