Page 1 of 2 12 LastLast
Results 1 to 15 of 27

Thread: Editing raw packets

  1. #1
    Obelix1987
    Guest

    Editing raw packets

    Hi im new to this olly thing and im trying to learn how to edit raw packets. For example when i type a message with "hi" then how can i change this message to like "go away". Ive read a little and it has to do with brakepoints... . Can anyone help me out with a nice guide how to do this? As far as im now, i can open olly then somehow i cant attach the game im playing but i can open it. (its attachet then too right?) After that i get a message that the process is terminated and i press f9 the problem is that olly keeps saying the procces is terminated.. i can still play the game.. but olly says "terminated" damm i need some serious help. Any help is appreciated.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    xcracx
    Guest

    Editing raw packets

    ok first of all your game has a luncher...

    1) you have to run the luncher executable for running the game
    2) your game has some kind of memory protection options:

    a. some kind of gamehack protect like NProtect,HackShield, IOProtect.. etc
    b. a dll is injected by the luncher that prevent the game to be attached or seen by the taskmanager
    c. debugger protect.. (try using HideOllydbg plugin, but i think its more like those two options above)

    NOTE: if it has any of those cases you need to bypass the protection
    in this case... you need to check if the file is Packed(crypted) which then
    you need to unpack(decrypte) it to view the orginal code that is able to get bypassed

    3) after all that.. for changing the msgbox text it can be like:

    a. most of the cases it will be : PUSH EAX(for msg text) so you'll need to create a code cave that will pop your own msgbox.. (that you will create in another offset)
    b. it will have a call that sets the text string (change it lol)
    c. otherwise look at the code and post it here then

    wish you luck,
    xcracx
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    xcracx
    Guest

    Editing raw packets

    if you did not ment to msgbox .. now that i read your post again
    i think i might made a mistake and explained you something else

    anyways.. you need to check if the file is packed then unpack it..
    then look at the code and

    1) get the routine that sends your packet to the game host then you'll need to program something that uses that routine (depend on the programming language)

    2) use WPE filters.. and replace the "hi" msg packet with "???" msg packet..
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Obelix1987
    Guest

    Editing raw packets

    Thnkx im gonna try a little more with youre answer and yes this wasnt just for a message... you are betweens the lines and did see it right that well we'are trying to duplicate certain items. The problem is that figuring out how to dupe isnt the problem (atleast i think that) but getting the program to work/attach that was the problem. Thnkx anyway now i can do like mre with olly (atleast the first step :P)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Obelix1987
    Guest

    Editing raw packets

    But about the memory protect, the game that im refering to is rose online and i dunnot know if this is protected and even not how. Any suggestions how i could figure this out?. And i can see it in the taskmanager , but i just can attach it.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    xcracx
    Guest

    Editing raw packets

    so for my opinion it has some dll injected

    humm have you tried to use HideDebugger Plugin?

    what error excatly do you get? (if its on olly attaching list.)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    1bitshort
    Guest

    Editing raw packets

    Welcome to Cracking 101
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    skyally
    Guest

    Editing raw packets

    这里发中文可以吗?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    Obelix1987
    Guest

    Editing raw packets

    Where ca i download this Debugger plugin, cant seem to find it.. btw did some tutorials on ollydbg (especially on cracking serials etc, took me on day and now i understand alot more of olly.) Only problem cant find alot of tutorials on how to bypass/find thing with attach.... so ill have to find it out myself. Anyone who can give me a link on where to download the plugin, cant find a working link...
    THnkx
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    Obelix1987
    Guest

    Editing raw packets

    nvmind found a working link and got the plugin/dll in my olly folder ... gonna try if i can attach trose to olly.

    .... still can get it attached... it says; unable to attach to process Trose...

    this debugger is againt dll injection or do i need to do smething completely different for fighting against dll injection.

    GOT it; just use processguard and then i can attach it , tnkx you guys.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Obelix1987
    Guest

    Editing raw packets

    Next thing :P... ok ive attached olly to my client and set a breakpoint on send. Then i logged in and olly popped up, show at the TOS the location of the send call. Then im stuck there are like 3 codes;
    0BF4FF80/00404B00/ Call to send from Trose.00404AFB
    socket = 168
    data = ... bla bla
    so on but the main thing is the code in TOS so ill have to use eather 0BF4FF80
    ... 00404B00 or 00404AFB to get directy on the send call... now i press ctrl + g and then i use one of the codes.. but them im stuck can anyone help me out with the next step.. when im on the send call i need to see the encrypted packets *dont know where* and next ill have to find the clients send function, but how do i find the clients send function ? ....
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  12. #12
    xcracx
    Guest

    Editing raw packets

    gets the code that sends packet to the internet
    should be call that is using the send function which i think you already found

    find the code the creates the packet and tells the send routine you've found the specific data

    and change it at will btw....
    give me your msn messenger for more help
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #13
    crspyjohn
    Guest

    Editing raw packets

    xcracx im working on the same thing and im at the same part heh could you help me out?

    crspyjohn@hotmail.com
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  14. #14
    gulan
    Guest

    Editing raw packets

    can you help me out as well? chensongfeng@hotmail.com
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  15. #15
    eman
    Guest

    Editing raw packets

    same problem oooemanooo@hotmail.com tx
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Source Editing
    By w_a_r_1 in forum The Newbie Forum
    Replies: 1
    Last Post: June 24th, 2009, 16:39
  2. sending packets?
    By supaflly in forum The Newbie Forum
    Replies: 2
    Last Post: November 19th, 2006, 22:45
  3. How to find text from incoming packets?
    By MysTiCy in forum OllyDbg Support Forums
    Replies: 1
    Last Post: November 26th, 2005, 22:56
  4. Resource Editing
    By yan_kur in forum The Newbie Forum
    Replies: 6
    Last Post: March 25th, 2003, 03:35
  5. Editing DOS encrypted files
    By Unregistered in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: October 10th, 2001, 06:28

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •