Jump to content
Moopler
  • 0
Sign in to follow this  
wshh

Help Packet Inject Script

Question

This is v183 packet inject script can someone please help update this


 

[ENABLE]
alloc(DispatchMessageA_Hook,128)
alloc(SendPacket,128)
alloc(SPacket,128)
alloc(Packet,64)
label(InjectPacket)

SPacket:// 16 bytes
dd 00 // Unknown 1
dd 00 // Packet Data
dd 40 // Packet Size (Take care of the packet size. If your packet is bigger than the size, it will crash.)
dd 00 // Unknown 2

// Drop 10 Mesos
// [B8 0F] [C5 96 14 0D] [0A 00 00 00]
// [Header] [TimeStamp] [Mesos Amount]
Packet:
db B8 0F C5 96 14 0D 0A 00 00 00

SPacket+4:
dd Packet

SendPacket:
mov ecx,[02AF17B4] // CClientSocketPtr: 8B 0D ? ? ? ? 85 C9 74 ? 8D ? ? 50 E8 ? ? ? ? 8D ? ? E8
push SPacket
push 006AF8EC // Search for 90 C3 for fake return address
jmp 00DC6B50 // CClientSocket::SendPacket: Follow call below CClientSocketPtr

DispatchMessageA_Hook:
push 70 // VK_F1
call GetAsyncKeyState
shr ax,#15
cmp ax,1
je InjectPacket
mov edi,edi
push ebp
mov ebp,esp
jmp DispatchMessageA+5

InjectPacket:
call SendPacket
ret

DispatchMessageA:
jmp DispatchMessageA_Hook

[DISABLE]
DispatchMessageA:
mov edi,edi
push ebp
mov ebp,esp

dealloc(DispatchMessageA_Hook)
dealloc(SendPacket)
dealloc(SPacket)
dealloc(Packet)

 

Edited by wshh

Share this post


Link to post

3 answers to this question

Recommended Posts

  • 1

Take this and modify it to your liking.

Just keep the structure of Encode() functions like @Razz's above script, OR go find EncodeBuffer(actually, here ya go 007C5F30) and you'll only need to call COutPacket with the header, EncodeBuffer with alloc'd array of bytes/data + length of data to encode and the SendPacket implementation.

You can also still very easily keep the hotkey implementation with some ::Update() function.

 

PS. If you _really_ want to do it like the original script, you'll need to look up a fake header to pass to the sendpacket function, as COutPacket constructor takes care of that now.

Edited by Erotica
  • Like 2

Share this post


Link to post
  • 0
46 minutes ago, Erotica said:

Take this and modify it to your liking.

Just keep the structure of Encode() functions like @Razz's above script, OR go find EncodeBuffer(actually, here ya go 007C5F30) and you'll only need to call COutPacket with the header, EncodeBuffer with alloc'd array of bytes/data + length of data to encode and the SendPacket implementation.

You can also still very easily keep the hotkey implementation with some ::Update() function.

 

PS. If you _really_ want to do it like the original script, you'll need to look up a fake header to pass to the sendpacket function, as COutPacket constructor takes care of that now.



[ENABLE]
alloc(DispatchMessageA_Hook,128)
alloc(SendPacket,128)
alloc(SPacket,128)
alloc(Packet,64)
label(InjectPacket)

SPacket:// 16 bytes
dd 00 // Unknown 1
dd 00 // Packet Data
dd 40 // Packet Size (Take care of the packet size. If your packet is bigger than the size, it will crash.)
dd 00 // Unknown 2

// Drop 10 Mesos
// [B8 0F] [C5 96 14 0D] [0A 00 00 00]
// [Header] [TimeStamp] [Mesos Amount]
Packet:
db B8 0F C5 96 14 0D 0A 00 00 00

SPacket+4:
dd Packet

SendPacket:
mov ecx,[02C73578]// CClientSocketPtr: 8B 0D ? ? ? ? 85 C9 74 ? 8D ? ? 50 E8 ? ? ? ? 8D ? ? E8
push SPacket
push 0040105F // Search for 90 C3 for fake return address
jmp 00E20700 // CClientSocket::SendPacket: Follow call below CClientSocketPtr

DispatchMessageA_Hook:
push 70 // VK_F1
call GetAsyncKeyState
shr ax,#15
cmp ax,1
je InjectPacket
mov edi,edi
push ebp
mov ebp,esp
jmp DispatchMessageA+5

InjectPacket:
call SendPacket
ret

DispatchMessageA:
jmp DispatchMessageA_Hook

[DISABLE]
DispatchMessageA:
mov edi,edi
push ebp
mov ebp,esp

dealloc(DispatchMessageA_Hook)
dealloc(SendPacket)
dealloc(SPacket)
dealloc(Packet)[/CODE]

 

This work for sending packet with encrypted header. How do you call COutPacket::COutPacket to send with non-encrypted header using the orginal script?

 

[CODE]

mov ecx,[02C73578]// CClientSocketPtr: 8B 0D ? ? ? ? 85 C9 74 ? 8D ? ? 50 E8 ? ? ? ? 8D ? ? E8
push SPacket // Packet data
push 0040105F // Search for 90 C3 for fake return address
jmp 00E20700 // CClientSocket::SendPacket: Follow call below CClientSocketPtr

[/CODE]

Share this post


Link to post
  • 0

Honestly, if you can't even comment correctly, I'll assume you have no basic assembly knowledge either, so I can't really help you out mate.

If I had more faith in you I'd try, but for now, all the info you need is in my initial post.

Edited by Erotica
  • Like 6

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×