Results 1 to 7 of 7

Thread: Find packet receive

  1. #1

    Find packet receive

    I am trying to find out packet structure of mmorpg game however I was unable to find a place in assembly where the packet data is being received. I have tried setting breakpoint on winsock recv, recvfrom, ReadFile but they are never called.
    API monitor also doesn't see anything called when the packet is received by the client(only sees winsock send). How can i find a place where packet is received?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    there are more functions, you could check out: ReadFileEx, WSARecv, WSARecvEx, WSARecvFrom. That won't probably help you too much. Also there's unlikely possibility that there's a separate process, getting the packets. You could also try disconnecting and then trying to find out the spot where the timeout gets handled.

  3. #3
    Try to find where the packet is being sent in ollydbg and then follow it from there.

  4. #4
    Also, try using other tools, another round about method is to use Wireshark, when you track down your process's traffic, you can filter it to just show the receiving data, then that data dump you can try and do a binary search for the data(in olly), although timing is key because the data that wireshark intercepted may have already been tampered/decrypted by the game client, if encryption is involved.

  5. #5
    perfect! There are also tools for replaying packet dumps. That may help you. Not too hard to find. Getting them to work on windows may bring difficulties
    And never forget DirectPlay

  6. #6
    Capture-BAT is one such tool

  7. #7
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Use Process Monitor, filter on your process's network sends/receives, double click on a send/receive event, and look at the call stack. Tada!

Similar Threads

  1. Encrypted packet decryption
    By Rhijaen in forum The Newbie Forum
    Replies: 3
    Last Post: January 11th, 2007, 22:51
  2. Advertising in IP-packet or virii??
    By evaluator in forum Off Topic
    Replies: 14
    Last Post: August 23rd, 2005, 13:20
  3. Which tool is better for packet sniffing/modifying?
    By RottenFish in forum The Newbie Forum
    Replies: 6
    Last Post: April 12th, 2004, 21:17
  4. Lame email I often receive.
    By Woodmann in forum Off Topic
    Replies: 14
    Last Post: November 8th, 2003, 13:44
  5. What to do when you receive ' Feature has expired' Flexlm Error
    By festrie in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: March 27th, 2001, 19:53


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts