[DiscordArchive] What hex value are you searching for the Opcode?
[DiscordArchive] What hex value are you searching for the Opcode?
Original source
What hex value are you searching for the Opcode?
rektbyfaith
08-17-2024, 03:47 PM #1Archived author: _mrfade_ • Posted: 2024-08-17T15:47:36.110000+00:00
Original source
What hex value are you searching for the Opcode?
Original source
Yes
rektbyfaith
08-17-2024, 03:48 PM #2Archived author: MaxtorCoder • Posted: 2024-08-17T15:48:19.494000+00:00
Original source
Yes
Original source
Because I kinda just patched up an old IDA script to dump out their vmts via the Put with msg
rektbyfaith
08-17-2024, 03:48 PM #3Archived author: _mrfade_ • Posted: 2024-08-17T15:48:28.709000+00:00
Original source
Because I kinda just patched up an old IDA script to dump out their vmts via the Put with msg
Original source
You don’t have to do that with cmsg
rektbyfaith
08-17-2024, 03:49 PM #4Archived author: MaxtorCoder • Posted: 2024-08-17T15:49:58.583000+00:00
Original source
You don’t have to do that with cmsg
Original source
Ah maybe I should be a bit more clear lol - So originally I hooked NetSend2 and I am reading the OPcodes and dumping out the buffer as such :
[CMSG_MOVE_SPLINE_DONE 0x3A18 (14872)]
```
10 52 c9 77 bd 1 0 0 0 0 0 0 8 0 0 0 18 3a f e0 4e df 94 5 94 45 8 0 8 0 0 0 2 0 0 0 0 0 0 93 9c fc 6 9 60 13 c6 74 4 ac 42 d3 c9 68 42 57 68 43 40 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 20 0 0 0 0 0 0 0 0 80 64 0 7f bf 38 b4 b4 3d 0 0 0 0 b0 0 7c 3
```
My next goal is to try actually make sense of the byte buffer and parse it's contents kinda like Wpp but haven't had much luck. Hence why I tried hooking the Jam send in hopes that the structure would be a little more noob friendly
rektbyfaith
08-17-2024, 03:53 PM #5Archived author: _mrfade_ • Posted: 2024-08-17T15:53:28.014000+00:00
Original source
Ah maybe I should be a bit more clear lol - So originally I hooked NetSend2 and I am reading the OPcodes and dumping out the buffer as such :
[CMSG_MOVE_SPLINE_DONE 0x3A18 (14872)]
```
10 52 c9 77 bd 1 0 0 0 0 0 0 8 0 0 0 18 3a f e0 4e df 94 5 94 45 8 0 8 0 0 0 2 0 0 0 0 0 0 93 9c fc 6 9 60 13 c6 74 4 ac 42 d3 c9 68 42 57 68 43 40 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 20 0 0 0 0 0 0 0 0 80 64 0 7f bf 38 b4 b4 3d 0 0 0 0 b0 0 7c 3
```
My next goal is to try actually make sense of the byte buffer and parse it's contents kinda like Wpp but haven't had much luck. Hence why I tried hooking the Jam send in hopes that the structure would be a little more noob friendly
Original source
I've been reading over TC a lot :
https://github.com/TrinityCore/TrinityCo...ets.h#L582
But I'd assume the byte buffer is packed ?
rektbyfaith
08-17-2024, 03:54 PM #6Archived author: _mrfade_ • Posted: 2024-08-17T15:54:25.773000+00:00
Original source
I've been reading over TC a lot :
https://github.com/TrinityCore/TrinityCo...ets.h#L582
But I'd assume the byte buffer is packed ?
Original source
I know what you meant lol
rektbyfaith
08-17-2024, 03:57 PM #7Archived author: MaxtorCoder • Posted: 2024-08-17T15:57:56.260000+00:00
Original source
I know what you meant lol
Original source
That’s what I’ve been helping you with
rektbyfaith
08-17-2024, 03:58 PM #8Archived author: MaxtorCoder • Posted: 2024-08-17T15:58:07.487000+00:00
Original source
That’s what I’ve been helping you with
Original source
But again, structures are not known when sent over network
rektbyfaith
08-17-2024, 03:58 PM #9Archived author: MaxtorCoder • Posted: 2024-08-17T15:58:18.789000+00:00
Original source
But again, structures are not known when sent over network
Original source
It’s just (encrypted) byte data
rektbyfaith
08-17-2024, 03:58 PM #10Archived author: MaxtorCoder • Posted: 2024-08-17T15:58:27.848000+00:00
Original source
It’s just (encrypted) byte data
1 Guest(s)
1 Guest(s)