• Welcome to Valhalla Legends Archive.
 

[VB6] Memory hooking to view packets?

Started by Fr0z3N, February 05, 2006, 05:14 PM

Previous topic - Next topic
Print
|
Go Down Pages1
User actions

Fr0z3N

February 05, 2006, 05:14 PM
Not sure what to call it, but what I wanna do is hook into the d2 memory (if I'm even correct here) and view the incoming packets IE. too see if you get hostiled or to see if someones dies etc.  I have no idea where to start so help would be nice.  ;D

topaz

#1
February 05, 2006, 07:12 PM
Ethereal
RLY...?

Fr0z3N

#2
February 05, 2006, 08:24 PM
I wanna do it IN my program.

Joe[x86]

#3
February 05, 2006, 08:48 PM Last Edit: February 05, 2006, 08:52 PM by Joe
Reference WinPcap.

EDIT -
Alright, I'll admit, that was way to vague.

WinPcap stands for Windows packet capture library, and it's what's in the background of Ethereal. I've never used it before (as a developer, as an actual user I have, of course), but I asume it'd work something like the Winsock API's, where it fires a callback routine when an event happens. You seem to have gotten those to work fine, so I don't think you'll have much trouble getting WinPcap to work.

A little reminder, though: WinPcap returns the entire packet, not the TCP body. First, you'll need to check if it's even TCP, then see if it's being recieved, then see if the checksum is correct (not required), then see if it's on port 6112. The TCP header is 0x36 bytes long.
Quote from: brew on April 25, 2007, 07:33 PM
that made me feel like a total idiot. this entire thing was useless.

MyndFyre

#4
February 06, 2006, 10:36 AM
Quote from: Joe on February 05, 2006, 08:48 PM
Reference WinPcap.

http://www.winpcap.org/misc/faq.htm#Q-9

QuoteQ-9: Can I use WinPcap with Visual Basic?

A: We don't support Visual Basic and we are not able to provide help on this subject because we don't know enough about it. BeeSync has developed an ActiveX control that integrates winpcap packet capture functionality with Visual Basic or any other programming environment supporting Microsoft ActiveX technology. You can find it at http://www.beesync.com/products.html.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

Fr0z3N

#5
February 06, 2006, 05:31 PM
So thats a yes or no with that? If no, any other ideas?

Joe[x86]

#6
February 06, 2006, 11:09 PM
That's a "yes but we won't tell you how".
Quote from: brew on April 25, 2007, 07:33 PM
that made me feel like a total idiot. this entire thing was useless.

Joe[x86]

#7
February 06, 2006, 11:51 PM
Joe + 45 minutes of boredom + IDE = This
Quote from: brew on April 25, 2007, 07:33 PM
that made me feel like a total idiot. this entire thing was useless.

UserLoser

#8
February 07, 2006, 12:21 AM
Quote from: Joe on February 06, 2006, 11:51 PM
Joe + 45 minutes of boredom + IDE = This

Code Select

'---------------------------------------------------------------------------------------
' Procedure : RemoveVoid
' Author    : Joe[e2]
' Purpose   : Remove a VOID, of specified length.
'---------------------------------------------------------------------------------------

Public Function RemoveVoid(Length As Integer)
    Buffer = Mid(Buffer, Length + 1)
    RemoveVoid = Mid(Buffer, 1, Length)
End Function


That's funny.

UserLoser

#9
February 07, 2006, 03:09 PM
Just the term and function name - "Remove a void"

Fr0z3N

#10
February 13, 2006, 07:13 PM
Quote from: Joe on February 06, 2006, 11:51 PM
Joe + 45 minutes of boredom + IDE = This

After much work trying to get that to work, I have come to one thing I cannot seem to figure out.

Code Select

Private Sub objPacketX_OnPacket(ByVal pPacket As PacketXLibCtl.IPktXPacket)
    If pPacket.Protocol = PktXProtocolTypeTCP Then
        If pPacket.SourcePort = 6112 Then
            Call modProtocol.Parse_Server(pPacket.Data)
        End If
        If pPacket.DestPort = 6112 Then
            Call modProtocol.Parse_Client(pPacket.Data)
        End If
    End If


Both these lines are being highlighted with Type Mismatch

Code Select

            Call modProtocol.Parse_Server(pPacket.Data)

            Call modProtocol.Parse_Client(pPacket.Data)


When I switch them to .DataArray all I am seeing is Sent 0x3F, Received 0x3F over and over. But for some reason they are not working with just .Data

LivedKrad

#11
February 16, 2006, 09:36 PM
Quote from: Fr0z3N on February 13, 2006, 07:13 PM
Quote from: Joe on February 06, 2006, 11:51 PM
Joe + 45 minutes of boredom + IDE = This

After much work trying to get that to work, I have come to one thing I cannot seem to figure out.

Code Select

Private Sub objPacketX_OnPacket(ByVal pPacket As PacketXLibCtl.IPktXPacket)
    If pPacket.Protocol = PktXProtocolTypeTCP Then
        If pPacket.SourcePort = 6112 Then
            Call modProtocol.Parse_Server(pPacket.Data)
        End If
        If pPacket.DestPort = 6112 Then
            Call modProtocol.Parse_Client(pPacket.Data)
        End If
    End If


Both these lines are being highlighted with Type Mismatch

Code Select

            Call modProtocol.Parse_Server(pPacket.Data)

            Call modProtocol.Parse_Client(pPacket.Data)


When I switch them to .DataArray all I am seeing is Sent 0x3F, Received 0x3F over and over. But for some reason they are not working with just .Data

.DataArray is a byte array containing each byte in the message. So if Joe's function is supposed to read some sort of Variant data (which .Data is) then passing an array won't do any good as I think it will only read the first byte. (Not sure, did not download the source).
Print
|
Go Up Pages1
User actions