Jump to content
MaxCheaters Official Group at Discord
--> Place your ad text here <--
  • 0

GOD packets

horato

Asked by horato,

 Share

Question

horato Newbie

horato

Posted
Posted

Hello,

Iam trying to sniff and edit existing l2j packets to be able to connect with my GOD client (dont tell me its waste of time pls, I already know that ^^). Is here anyone able to tell me where I can find the packet structure? Yesterday I had GOD client with protocol 415 and packet structure from this site. It was working nice. Today I updated my GOD client and protocol changed to 411. Ofc it stopped working (CharSelectInfo packet was obviously changed so I cant see my chars in login screen properly) but the structure which PHX shows me seems to be same like in the old version of client.

So how can I get the actual structure? I've tried this guide, but without success.

 

//EDIT: ok, I finally managed to find those packets in engine.dll, they are somewhere around 2045A59E address(or what is it :D). Now, can someone tell me how to read the structure from it? Except the "ddS" part. Or this is the only thing you can get from it and you have to guess what each value stands for? :D

CharSelectionInfo:

 
Address   Hex dump          Command                                  Comments
2048E870    6A 30           PUSH 30
2048E872    68 C8705A20     PUSH OFFSET Engine.205A70C8              ; ASCII "SdSddddddddddffdQfdddddddddddddddddddddddddddddddddddddddddddddddddffdddchhdddddffdd"
2048E877    8B55 78         MOV EDX,DWORD PTR SS:[EBP+78]
2048E87A    8B42 48         MOV EAX,DWORD PTR DS:[EDX+48]
2048E87D    50              PUSH EAX
2048E87E    8BC3            MOV EAX,EBX
2048E880    E8 9BB1FCFF     CALL 20459A20
2048E885    81C4 60010000   ADD ESP,160
2048E88B    8BD8            MOV EBX,EAX
2048E88D    895D 7C         MOV DWORD PTR SS:[EBP+7C],EBX
2048E890    8B4D 48         MOV ECX,DWORD PTR SS:[EBP+48]
2048E893    51              PUSH ECX
2048E894    8BCE            MOV ECX,ESI
2048E896    E8 05C7F4FF     CALL ?SetHairStyle@User@@QAEXH@Z
2048E89B    9B              WAIT
2048E89C    C745 FC 0300000 MOV DWORD PTR SS:[EBP-4],3
2048E8A3    C645 FC 09      MOV BYTE PTR SS:[EBP-4],9
2048E8A7    9B              WAIT
2048E8A8    897E 08         MOV DWORD PTR DS:[ESI+8],EDI
2048E8AB    89BE C8000000   MOV DWORD PTR DS:[ESI+0C8],EDI
2048E8B1    DD45 D4         FLD QWORD PTR SS:[EBP-2C]
2048E8B4    E8 0714D1FF     CALL 2019FCC0
2048E8B9    8986 B4000000   MOV DWORD PTR DS:[ESI+0B4],EAX
2048E8BF    DD45 CC         FLD QWORD PTR SS:[EBP-34]
2048E8C2    E8 F913D1FF     CALL 2019FCC0
2048E8C7    8986 BC000000   MOV DWORD PTR DS:[ESI+0BC],EAX
2048E8CD    8B55 44         MOV EDX,DWORD PTR SS:[EBP+44]
2048E8D0    8996 80000000   MOV DWORD PTR DS:[ESI+80],EDX
2048E8D6    DD45 C0         FLD QWORD PTR SS:[EBP-40]
2048E8D9    E8 E213D1FF     CALL 2019FCC0
2048E8DE    8986 B0000000   MOV DWORD PTR DS:[ESI+0B0],EAX
2048E8E4    DD45 B4         FLD QWORD PTR SS:[EBP-4C]
2048E8E7    E8 D413D1FF     CALL 2019FCC0
2048E8EC    8986 B8000000   MOV DWORD PTR DS:[ESI+0B8],EAX
2048E8F2    0FBE45 69       MOVSX EAX,BYTE PTR SS:[EBP+69]
2048E8F6    8986 5C040000   MOV DWORD PTR DS:[ESI+45C],EAX
2048E8FC    D905 948F6320   FLD DWORD PTR DS:[20638F94]              ; FLOAT 2.000000
2048E902    D95D 64         FSTP DWORD PTR SS:[EBP+64]
2048E905    B8 1F000000     MOV EAX,1F
2048E90A    8945 38         MOV DWORD PTR SS:[EBP+38],EAX
2048E90D    D9E8            FLD1
2048E90F    D95D 58         FSTP DWORD PTR SS:[EBP+58]
2048E912    A8 01           TEST AL,01
2048E914    74 09           JE SHORT 2048E91F
2048E916    D945 58         FLD DWORD PTR SS:[EBP+58]
2048E919    D84D 64         FMUL DWORD PTR SS:[EBP+64]
2048E91C    D95D 58         FSTP DWORD PTR SS:[EBP+58]
2048E91F    D1E8            SHR EAX,1
2048E921    8945 38         MOV DWORD PTR SS:[EBP+38],EAX
2048E924    0F85 38010000   JNE 2048EA62
2048E92A    D945 58         FLD DWORD PTR SS:[EBP+58]
2048E92D    D95D 64         FSTP DWORD PTR SS:[EBP+64]
2048E930    D945 64         FLD DWORD PTR SS:[EBP+64]
2048E933    E8 8813D1FF     CALL 2019FCC0
2048E938    8586 7C030000   TEST DWORD PTR DS:[ESI+37C],EAX
2048E93E    0F95C1          SETNE CL
2048E941    888E 78030000   MOV BYTE PTR DS:[ESI+378],CL
2048E947    81A6 7C030000 F AND DWORD PTR DS:[ESI+37C],7FFFFFFF
2048E951    0FB755 50       MOVZX EDX,WORD PTR SS:[EBP+50]
2048E955    52              PUSH EDX
2048E956    0FB745 4C       MOVZX EAX,WORD PTR SS:[EBP+4C]
2048E95A    50              PUSH EAX
2048E95B    8BCE            MOV ECX,ESI
2048E95D    E8 DEC6F4FF     CALL ?SetAttackItemVariationOption@User@
2048E962    8B86 80040000   MOV EAX,DWORD PTR DS:[ESI+480]
2048E968    3BC7            CMP EAX,EDI
2048E96A    7E 28           JLE SHORT 2048E994
2048E96C    8B8E 80000000   MOV ECX,DWORD PTR DS:[ESI+80]
2048E972    51              PUSH ECX
2048E973    50              PUSH EAX
2048E974    B9 889A8B20     MOV ECX,OFFSET Engine.?GL2GameData@@3VFL
2048E979    E8 D24DF8FF     CALL ?GetTransformData@FL2GameData@@QAEP
2048E97E    3BC7            CMP EAX,EDI
2048E980    74 12           JE SHORT 2048E994
2048E982    8B50 08         MOV EDX,DWORD PTR DS:[EAX+8]
2048E985    8996 8C040000   MOV DWORD PTR DS:[ESI+48C],EDX
2048E98B    8B40 0C         MOV EAX,DWORD PTR DS:[EAX+0C]
2048E98E    8986 38010000   MOV DWORD PTR DS:[ESI+138],EAX
2048E994    8B4D 20         MOV ECX,DWORD PTR SS:[EBP+20]
2048E997    81C1 C0BDF0FF   ADD ECX,FFF0BDC0
2048E99D    898E D0040000   MOV DWORD PTR DS:[ESI+4D0],ECX
2048E9A3    8B55 30         MOV EDX,DWORD PTR SS:[EBP+30]
2048E9A6    8996 D4040000   MOV DWORD PTR DS:[ESI+4D4],EDX
2048E9AC    8B45 14         MOV EAX,DWORD PTR SS:[EBP+14]
2048E9AF    8986 D8040000   MOV DWORD PTR DS:[ESI+4D8],EAX
2048E9B5    8B4D 28         MOV ECX,DWORD PTR SS:[EBP+28]
2048E9B8    898E DC040000   MOV DWORD PTR DS:[ESI+4DC],ECX
2048E9BE    DD45 A8         FLD QWORD PTR SS:[EBP-58]
2048E9C1    DD9E E0040000   FSTP QWORD PTR DS:[ESI+4E0]
2048E9C7    DD45 9C         FLD QWORD PTR SS:[EBP-64]
2048E9CA    DD9E E8040000   FSTP QWORD PTR DS:[ESI+4E8]
2048E9D0    0FBE55 6B       MOVSX EDX,BYTE PTR SS:[EBP+6B]
2048E9D4    8996 68040000   MOV DWORD PTR DS:[ESI+468],EDX
2048E9DA    9B              WAIT
2048E9DB    C745 FC 0300000 MOV DWORD PTR SS:[EBP-4],3
2048E9E2    C645 FC 0B      MOV BYTE PTR SS:[EBP-4],0B
2048E9E6    9B              WAIT
2048E9E7    8D45 40         LEA EAX,[EBP+40]
2048E9EA    50              PUSH EAX
2048E9EB    83C6 1C         ADD ESI,1C
2048E9EE    56              PUSH ESI
2048E9EF    8D4D 00         LEA ECX,[EBP]
2048E9F2    51              PUSH ECX
2048E9F3    E8 D8EBC0FF     CALL 2009D5D0
2048E9F8    9B              WAIT
2048E9F9    C745 FC 0300000 MOV DWORD PTR SS:[EBP-4],3
2048EA00    8345 54 01      ADD DWORD PTR SS:[EBP+54],1
2048EA04  ^ E9 27FCFFFF     JMP 2048E630
2048EA09    8B55 88         MOV EDX,DWORD PTR SS:[EBP-78]
2048EA0C    8955 3C         MOV DWORD PTR SS:[EBP+3C],EDX
2048EA0F    68 A0D36520     PUSH OFFSET Engine.2065D3A0
2048EA14    8D45 3C         LEA EAX,[EBP+3C]
2048EA17    50              PUSH EAX
2048EA18    E8 D511D1FF     CALL 2019FBF2
2048EA1D    8D8D 68FFFFFF   LEA ECX,[EBP-98]
2048EA23    51              PUSH ECX
2048EA24    90              NOP
2048EA25    E8 E612BCF4     CALL ?appExceptionToString@@YAXABVL2Exce
2048EA2A    68 38715A20     PUSH OFFSET Engine.205A7138
2048EA2F    68 68F85620     PUSH OFFSET Engine.2056F868              ; UNICODE "%s"
2048EA34    90              NOP
2048EA35    E8 E61BBCF4     CALL ?appUnwindf@@YAXPB_WZZ
2048EA3A    83C4 0C         ADD ESP,0C
2048EA3D    6A 00           PUSH 0
2048EA3F    6A 00           PUSH 0
2048EA41    E8 AC11D1FF     CALL 2019FBF2
2048EA46    68 38715A20     PUSH OFFSET Engine.205A7138
2048EA4B    68 68F85620     PUSH OFFSET Engine.2056F868              ; UNICODE "%s"
2048EA50    90              NOP
2048EA51    E8 CA1BBCF4     CALL ?appUnwindf@@YAXPB_WZZ
2048EA56    83C4 08         ADD ESP,8
2048EA59    6A 00           PUSH 0
2048EA5B    6A 00           PUSH 0
2048EA5D    E8 9011D1FF     CALL 2019FBF2
2048EA62    D945 64         FLD DWORD PTR SS:[EBP+64]
2048EA65    DCC8            FMUL ST,ST
2048EA67    D95D 64         FSTP DWORD PTR SS:[EBP+64]
2048EA6A  ^ E9 A3FEFFFF     JMP 2048E912
2048EA6F    8B55 98         MOV EDX,DWORD PTR SS:[EBP-68]
2048EA72    8955 34         MOV DWORD PTR SS:[EBP+34],EDX
2048EA75    68 A0D36520     PUSH OFFSET Engine.2065D3A0
2048EA7A    8D45 34         LEA EAX,[EBP+34]
2048EA7D    50              PUSH EAX
2048EA7E    E8 6F11D1FF     CALL 2019FBF2
2048EA83    8D8D 60FFFFFF   LEA ECX,[EBP-0A0]
2048EA89    51              PUSH ECX
2048EA8A    90              NOP
2048EA8B    E8 8012BCF4     CALL ?appExceptionToString@@YAXABVL2Exce
2048EA90    68 34715A20     PUSH OFFSET Engine.205A7134
2048EA95  ^ EB 98           JMP SHORT 2048EA2F
2048EA97    68 34715A20     PUSH OFFSET Engine.205A7134
2048EA9C    68 68F85620     PUSH OFFSET Engine.2056F868              ; UNICODE "%s"
2048EAA1    90              NOP
2048EAA2    E8 791BBCF4     CALL ?appUnwindf@@YAXPB_WZZ
2048EAA7    83C4 08         ADD ESP,8
2048EAAA  ^ EB 91           JMP SHORT 2048EA3D
2048EAAC    8B55 80         MOV EDX,DWORD PTR SS:[EBP-80]
2048EAAF    8955 2C         MOV DWORD PTR SS:[EBP+2C],EDX
2048EAB2    68 A0D36520     PUSH OFFSET Engine.2065D3A0
2048EAB7    8D45 2C         LEA EAX,[EBP+2C]
2048EABA    50              PUSH EAX
2048EABB  ^ EB 84           JMP SHORT 2048EA41
2048EABD    8D8D 58FFFFFF   LEA ECX,[EBP-0A8]
2048EAC3    51              PUSH ECX
2048EAC4    90              NOP
2048EAC5    E8 4612BCF4     CALL ?appExceptionToString@@YAXABVL2Exce
2048EACA    68 C4705A20     PUSH OFFSET Engine.205A70C4
2048EACF    68 68F85620     PUSH OFFSET Engine.2056F868              ; UNICODE "%s"
2048EAD4    8B35 5C505220   MOV ESI,DWORD PTR DS:[2052505C]
2048EADA    FFD6            CALL ESI
2048EADC    8B55 6C         MOV EDX,DWORD PTR SS:[EBP+6C]
2048EADF    52              PUSH EDX
2048EAE0    68 20715A20     PUSH OFFSET Engine.205A7120              ; UNICODE "count=%d"
2048EAE5    FFD6            CALL ESI
2048EAE7    83C4 14         ADD ESP,14
2048EAEA  ^ E9 4EFFFFFF     JMP 2048EA3D
2048EAEF    68 C4705A20     PUSH OFFSET Engine.205A70C4
2048EAF4    68 68F85620     PUSH OFFSET Engine.2056F868              ; UNICODE "%s"
2048EAF9    8B35 5C505220   MOV ESI,DWORD PTR DS:[2052505C]
2048EAFF    FFD6            CALL ESI
2048EB01    8B45 6C         MOV EAX,DWORD PTR SS:[EBP+6C]
2048EB04    50              PUSH EAX
2048EB05    68 20715A20     PUSH OFFSET Engine.205A7120              ; UNICODE "count=%d"
2048EB0A    FFD6            CALL ESI
2048EB0C    83C4 10         ADD ESP,10
2048EB0F  ^ E9 29FFFFFF     JMP 2048EA3D
2048EB14    8B0D 5C778920   MOV ECX,DWORD PTR DS:[?GL2Console@@3PAVU
2048EB1A    8B11            MOV EDX,DWORD PTR DS:[ECX]
2048EB1C    8D45 00         LEA EAX,[EBP]
2048EB1F    50              PUSH EAX
2048EB20    8B92 28010000   MOV EDX,DWORD PTR DS:[EDX+128]
2048EB26    FFD2            CALL EDX
2048EB28    8D4D 00         LEA ECX,[EBP]
2048EB2B    894D E0         MOV DWORD PTR SS:[EBP-20],ECX
2048EB2E    8BD9            MOV EBX,ECX
2048EB30    895D E4         MOV DWORD PTR SS:[EBP-1C],EBX
2048EB33    33FF            XOR EDI,EDI
2048EB35    897D E8         MOV DWORD PTR SS:[EBP-18],EDI
2048EB38    897D EC         MOV DWORD PTR SS:[EBP-14],EDI
2048EB3B    C645 FC 0D      MOV BYTE PTR SS:[EBP-4],0D
2048EB3F    90              NOP
2048EB40    3B7B 04         CMP EDI,DWORD PTR DS:[EBX+4]
2048EB43    7D 1D           JGE SHORT 2048EB62
2048EB45    8D04BF          LEA EAX,[EDI*4+EDI]
2048EB48    8B0B            MOV ECX,DWORD PTR DS:[EBX]
2048EB4A    8B7481 10       MOV ESI,DWORD PTR DS:[EAX*4+ECX+10]
2048EB4E    85F6            TEST ESI,ESI
2048EB50    74 05           JE SHORT 2048EB57
2048EB52    E8 19CFC0FF     CALL 2009BA70
2048EB57    83C7 01         ADD EDI,1
2048EB5A    897D E8         MOV DWORD PTR SS:[EBP-18],EDI
2048EB5D    8B4D E0         MOV ECX,DWORD PTR SS:[EBP-20]
2048EB60  ^ EB DE           JMP SHORT 2048EB40
2048EB62    C645 FC 03      MOV BYTE PTR SS:[EBP-4],3
2048EB66    837D EC 00      CMP DWORD PTR SS:[EBP-14],0
2048EB6A    74 24           JE SHORT 2048EB90
2048EB6C    8D6424 00       LEA ESP,[ESP]
2048EB70    8B41 04         MOV EAX,DWORD PTR DS:[ECX+4]
2048EB73    8D5400 08       LEA EDX,[EAX+EAX+8]
2048EB77    3951 10         CMP DWORD PTR DS:[ECX+10],EDX
2048EB7A    7E 0D           JLE SHORT 2048EB89
2048EB7C    8B41 10         MOV EAX,DWORD PTR DS:[ECX+10]
2048EB7F    99              CDQ
2048EB80    2BC2            SUB EAX,EDX
2048EB82    D1F8            SAR EAX,1
2048EB84    8941 10         MOV DWORD PTR DS:[ECX+10],EAX
2048EB87  ^ EB E7           JMP SHORT 2048EB70
2048EB89    8BF9            MOV EDI,ECX
2048EB8B    E8 E001C9FF     CALL 2011ED70
2048EB90    8D75 00         LEA ESI,[EBP]
2048EB93    E8 58F6C0FF     CALL 2009E1F0
2048EB98    C745 10 0800000 MOV DWORD PTR SS:[EBP+10],8
2048EB9F    8BFE            MOV EDI,ESI
2048EBA1    E8 CA01C9FF     CALL 2011ED70
2048EBA6    8B45 6C         MOV EAX,DWORD PTR SS:[EBP+6C]
2048EBA9    50              PUSH EAX
2048EBAA    68 40715A20     PUSH OFFSET Engine.205A7140              ; UNICODE "(Receive)CharacterSelectionInfo count:%d"
2048EBAF    8B0D D4535220   MOV ECX,DWORD PTR DS:[205253D4]
2048EBB5    8B11            MOV EDX,DWORD PTR DS:[ECX]
2048EBB7    52              PUSH EDX
2048EBB8    90              NOP
2048EBB9    E8 B210BCF4     CALL ?Logf@FOutputDevice@@QAAXPB_WZZ
2048EBBE    83C4 0C         ADD ESP,0C
2048EBC1    C645 FC 0E      MOV BYTE PTR SS:[EBP-4],0E
2048EBC5    C645 FC 01      MOV BYTE PTR SS:[EBP-4],1
2048EBC9    8BC6            MOV EAX,ESI
2048EBCB    50              PUSH EAX
2048EBCC    E8 8FE9C0FF     CALL 2009D560
2048EBD1    C645 FC 00      MOV BYTE PTR SS:[EBP-4],0
2048EBD5    8D8D FCF9FFFF   LEA ECX,[EBP-604]
2048EBDB    E8 A02AF5FF     CALL ??1User@@QAE@XZ
2048EBE0    32C0            XOR AL,AL
2048EBE2    9B              WAIT
2048EBE3    8B4D F4         MOV ECX,DWORD PTR SS:[EBP-0C]
2048EBE6    64:890D 0000000 MOV DWORD PTR FS:[0],ECX
2048EBED    5F              POP EDI
2048EBEE    5E              POP ESI
2048EBEF    5B              POP EBX
2048EBF0    83C5 70         ADD EBP,70
2048EBF3    8BE5            MOV ESP,EBP
2048EBF5    5D              POP EBP
2048EBF6    C3              RETN
2048EBF7    8B8D 78FFFFFF   MOV ECX,DWORD PTR SS:[EBP-88]
2048EBFD    894D 24         MOV DWORD PTR SS:[EBP+24],ECX
2048EC00    68 A0D36520     PUSH OFFSET Engine.2065D3A0
2048EC05    8D55 24         LEA EDX,[EBP+24]
2048EC08    52              PUSH EDX
2048EC09  ^ E9 33FEFFFF     JMP 2048EA41
2048EC0E    8D85 48FFFFFF   LEA EAX,[EBP-0B8]
2048EC14    50              PUSH EAX
2048EC15    E8 F610BCF4     CALL ?appExceptionToString@@YAXABVL2Exce
2048EC1A    90              NOP
2048EC1B    68 68705A20     PUSH OFFSET Engine.205A7068              ; UNICODE "receiveCharacterInfo"
2048EC20    68 68F85620     PUSH OFFSET Engine.2056F868              ; UNICODE "%s"
2048EC25    8B35 5C505220   MOV ESI,DWORD PTR DS:[2052505C]
2048EC2B    FFD6            CALL ESI
2048EC2D    0FBE4D 60       MOVSX ECX,BYTE PTR SS:[EBP+60]
2048EC31    51              PUSH ECX
2048EC32    8B55 5C         MOV EDX,DWORD PTR SS:[EBP+5C]
2048EC35    52              PUSH EDX
2048EC36    8B45 6C         MOV EAX,DWORD PTR SS:[EBP+6C]
2048EC39    50              PUSH EAX
2048EC3A    68 98705A20     PUSH OFFSET Engine.205A7098              ; UNICODE "cnt:%d, Lim:%d, Bd:%d"
2048EC3F    FFD6            CALL ESI
2048EC41    83C4 1C         ADD ESP,1C
2048EC44  ^ E9 F4FDFFFF     JMP 2048EA3D
2048EC49    68 68705A20     PUSH OFFSET Engine.205A7068              ; UNICODE "receiveCharacterInfo"
2048EC4E    68 68F85620     PUSH OFFSET Engine.2056F868              ; UNICODE "%s"
2048EC53    8B35 5C505220   MOV ESI,DWORD PTR DS:[2052505C]
2048EC59    FFD6            CALL ESI
2048EC5B    0FBE4D 60       MOVSX ECX,BYTE PTR SS:[EBP+60]
2048EC5F    51              PUSH ECX
2048EC60    8B55 5C         MOV EDX,DWORD PTR SS:[EBP+5C]
2048EC63    52              PUSH EDX
2048EC64    8B45 6C         MOV EAX,DWORD PTR SS:[EBP+6C]
2048EC67    50              PUSH EAX
2048EC68    68 98705A20     PUSH OFFSET Engine.205A7098              ; UNICODE "cnt:%d, Lim:%d, Bd:%d"
2048EC6D    FFD6            CALL ESI
2048EC6F    83C4 18         ADD ESP,18
2048EC72  ^ E9 C6FDFFFF     JMP 2048EA3D
2048EC77    8B4D 8C         MOV ECX,DWORD PTR SS:[EBP-74]
2048EC7A    894D 1C         MOV DWORD PTR SS:[EBP+1C],ECX
2048EC7D    68 A0D36520     PUSH OFFSET Engine.2065D3A0
2048EC82    8D55 1C         LEA EDX,[EBP+1C]
2048EC85    52              PUSH EDX
2048EC86  ^ E9 B6FDFFFF     JMP 2048EA41
2048EC8B    8D85 50FFFFFF   LEA EAX,[EBP-0B0]
2048EC91    50              PUSH EAX
2048EC92    90              NOP
2048EC93    E8 7810BCF4     CALL ?appExceptionToString@@YAXABVL2Exce
2048EC98    68 2C705A20     PUSH OFFSET Engine.205A702C              ; UNICODE "CharacterSelectionInfoPacket"
2048EC9D  ^ E9 8DFDFFFF     JMP 2048EA2F
2048ECA2    68 2C705A20     PUSH OFFSET Engine.205A702C              ; UNICODE "CharacterSelectionInfoPacket"
2048ECA7    68 68F85620     PUSH OFFSET Engine.2056F868              ; UNICODE "%s"
2048ECAC    90              NOP
2048ECAD    E8 6E19BCF4     CALL ?appUnwindf@@YAXPB_WZZ
2048ECB2    83C4 08         ADD ESP,8
2048ECB5  ^ E9 83FDFFFF     JMP 2048EA3D
2048ECBA    CC              INT3
2048ECBB    CC              INT3
2048ECBC    CC              INT3
2048ECBD    CC              INT3
2048ECBE    CC              INT3
2048ECBF    CC              INT3
2048ECC0    55              PUSH EBP
2048ECC1    8BEC            MOV EBP,ESP
2048ECC3    6A FF           PUSH -1
2048ECC5    68 650C4D20     PUSH OFFSET Engine.204D0C65
2048ECCA    64:A1 00000000  MOV EAX,DWORD PTR FS:[0]
2048ECD0    50              PUSH EAX
2048ECD1    64:8925 0000000 MOV DWORD PTR FS:[0],ESP
2048ECD8    83EC 3C         SUB ESP,3C
2048ECDB    53              PUSH EBX
2048ECDC    56              PUSH ESI
2048ECDD    57              PUSH EDI
2048ECDE    8965 F0         MOV DWORD PTR SS:[EBP-10],ESP
2048ECE1    33FF            XOR EDI,EDI
2048ECE3    897D FC         MOV DWORD PTR SS:[EBP-4],EDI
2048ECE6    8D45 E8         LEA EAX,[EBP-18]
2048ECE9    50              PUSH EAX
2048ECEA    8D4D EC         LEA ECX,[EBP-14]
2048ECED    51              PUSH ECX

Thx

Link to comment
Share on other sites

7 answers to this question

Recommended Posts

  • 0
Tryskell Rising Star

Tryskell

Posted
Posted

The structure is that one "SdSddddddddddffdQfdddddddddddddddddddddddddddddddddddddddddddddddddffdddchhdddddffdd", if it's different from L2J, then edit to fit with. And obviously you have to guess it, if it was so easily, all packets would be filled with infos (some packets lack of infos since the beginning of L2J, and no one never cared about...).

Link to comment
Share on other sites
  • 0
horato Newbie

horato

Posted
  • Author
Posted

aha, thx alot.

 

Well I've edited it to fit what I found but Its not working anyway. I've filled the missing parts with 0x00 maybe thats why :D Next this is that somewhere I found written this: "first PUSH's value is the packet's op code" which is wrong because when I try to send 0x30 instead of current 0x09 client freezes (or better It do nothing). Other problem is that this prescription should start with C which should be the OPcode no?

 

Thx

Link to comment
Share on other sites
  • 0
Tryskell Rising Star

Tryskell

Posted
Posted

As explained on the L2J guide you show, the opcode is in the first line. Some packets got 2 opcodes, they always (so far ?) begin by FE or D0.

 

I'm not sure you read the good section... All packets names shown on your code show others names.

 

(Receive)CharacterSelectionInfo

receiveCharacterInfo

CharacterSelectionInfoPacket

 

Which is completely different.

Link to comment
Share on other sites
  • 0
horato Newbie

horato

Posted
  • Author
Posted

Oh, I got it. This what I found was really the packet but it was missing the part before loop. This is only charName,charID,loginName,... but before this I had to add what I found by examining packet from official server:

writeC(0x01);
writeD(0x00);

Thx again for your help ;)

 

btw. is it possible that ncsoft changed something and you can see push whatever and you will never see the packet id?

Link to comment
Share on other sites
  • 0
horato Newbie

horato

Posted
  • Author
Posted

oh and I would be gratefull if you could tell me how to read packet IDs from engine... I've extracted whole engine to txt but I cant understand it... Sometimes it matches but sometimes it dont... Iam really mad from it ^^

Link to comment
Share on other sites
  • 0
Tryskell Rising Star

Tryskell

Posted
Posted

I'm not a pro in engine.dll, the decryption is only good to get opcode and packet structure, for real examples and to know what is each datatype, you have to use L2PHX or any packet sniffer and make tests until you guess what is what (and feed with correct value).

 

Until the data they added on CharacterInfo is crucial, feeding with blank infos is normally enough.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to question listing


×
×
  • Create New...