12Re%ef$#%!!E#@#$@E@!

Post by **ooo1** » Sat Feb 12, 2011 12:48 am

PE does required a brain =.=. BTW, I am lazy to learn PE...

Post by **helohelo1** » Sat Feb 12, 2011 2:37 am

I released Ripe SEA if anyone can fix the send, there will be mesos glitch.

Post by **justcool91** » Sat Feb 12, 2011 9:14 am

so this required Packet Sender 1.0.3????
can rls a super tubi???

Post by **Raiden** » Sat Feb 12, 2011 12:30 pm

helohelo1 wrote:I released Ripe SEA if anyone can fix the send, there will be mesos glitch.

Try updating Egy`s Packet Sender source. Google it.

*I sense that PE era of MSEA is gonna start.

Post by **helohelo1** » Sat Feb 12, 2011 1:30 pm

Ok. Riu has decided to release the Ripe SEA after he stop receiving payment for updates. Look forward for Fully working PE soon.

Code: Select all

@helohelo No. Once a new patch for MSEA is out, and I'm no longer paid, I will release a full version with working send/recv.

Raiden, u can start posting more packets, riu might release the fully version when msea has a new patch.

The msea moderator banned my forum account, damn I sure to make them pay for it after the PE, of course we exploit the mesos glitch together and make the server crash.

PS.. will release server crash packet after the release of PE.

Post by **helohelo1** » Sat Feb 12, 2011 1:54 pm

dllmain.header file

Code: Select all

#include <Windows.h>
#include <tchar.h>
#include <stdlib.h>
#include <CommCtrl.h>
#include "resource.h"

extern HINSTANCE g_h_main_instance;


DWORD WINAPI CreateGUIThread(__in LPVOID lParam);
INT_PTR CALLBACK DialogProc(__in HWND hwndDlg,__in UINT uMsg,__in WPARAM wParam,__in LPARAM lParam);

struct PACKET {
	DWORD Null;
	LPVOID lpData;
	DWORD nSize;
	DWORD Null2;
};
/* Define your own packet structs here as you reverse ms packet structures */
struct CCPacket
{
  byte w26Header[2];
   byte ZeroBaseChannel[1];
   byte CC1[4];
};
struct mobTelePacket
{
	WORD w37Header;
	byte dwMobId[4];  // DWORD made sizeof(mobTelePacket) = 8 for some reason
};

typedef DWORD (__stdcall *SENDPACKET)(PACKET *Buffer);

char* atohx(char* dst, const char * src);
void WINAPI SendaPacket(__in LPCSTR lpPacketStr);
void WINAPI msSendBuffer(__inout LPVOID lpPacket, __in SIZE_T cb);
//BOOL WINAPI IsPacketSniffed();
void eraseAllBlanks(char*);

dllmain c++

Code: Select all

#include "dllmain.h"
HINSTANCE g_h_main_instance;

SENDPACKET SendPacket;

char* Buffer = NULL;

DWORD SendAddy = 0x004BCB57; //B8 ?? ?? ?? ?? E8 ?? ?? ?? ?? 51 56 57 8B F9 8D 77 ?? 8B CE 89 75 F0 E8 ?? ?? ?? ?? 8B 47 ?? 33
DWORD ClassAddy = 0x0048EC86; //8b 0d ?? ?? ?? ?? 83 65 ?? ?? 8d 45 ?? 50 e8 ?? ?? ?? ?? 83 4d ?? ?? 8d 4d ?? c7 46
DWORD PESendJmp = SendAddy + 5;
DWORD PEClass = *(DWORD*)&Buffer[ClassAddy+2];


void eraseAllBlanks(char *src){
char *dst = src;

while (*src != 0){
if (*src != ' '){
*dst++ = *src; // copy
}
src++;
}
*dst = 0;
}

inline char* atohx(char* dst, const char * src){
	char *ret = dst;
	for(int lsb, msb; *src; src += 2){	
		msb = tolower(*src);
		lsb = tolower(*(src + 1));
		msb -= isdigit(msb) ? 0x30 : 0x57;
		lsb -= isdigit(lsb) ? 0x30 : 0x57;
		if((msb < 0x0 || msb > 0xf) || (lsb < 0x0 || lsb > 0xf)){
			*ret = 0;
			return NULL;
		}
		*dst++ = (char)(lsb | (msb << 4));  
	}
	*dst = 0;
	return ret;
}

void WINAPI SendaPacket(__in LPCSTR lpPacketStr){
	SIZE_T stLen = strlen( lpPacketStr );
	SendPacket = (SENDPACKET)PESendJmp;
	PACKET Packet;
	Packet.Null = 0;
	Packet.Null2 = 0;	
	Packet.nSize = stLen/2;
	byte bPacket[150];
	Packet.lpData = atohx((char*)bPacket, lpPacketStr);

	_asm{
		mov ecx, PEClass
		mov ecx, [ecx]
	}
	SendPacket( &Packet );
}

DWORD WINAPI CreateGUIThread(__in LPVOID lParam){
	DialogBox(g_h_main_instance, MAKEINTRESOURCE(IDD_DIALOG), 0, DialogProc);
	return 0;
}

INT_PTR CALLBACK DialogProc(__in HWND hwndDlg,__in UINT uMsg,__in WPARAM wParam,__in LPARAM lParam){

	switch(uMsg){
	case WM_INITDIALOG: 

		return TRUE;

	case WM_COMMAND:
		switch(LOWORD(wParam)){
		case IDC_BUTTON1:
			char buffer[5000];
			GetDlgItemText(hwndDlg,IDC_EDIT1,buffer,5000);
			eraseAllBlanks(buffer);
			SendaPacket(buffer);
			break;

			}
		break;

	case WM_CLOSE:
		MessageBox(0, "Don't Close it lol", "Egy Packet Sender", 0);
		break;
	}

	return 0;
}

BOOL WINAPI DllMain(__in HINSTANCE hinstDLL, __in DWORD fdwReason, __in LPVOID lpvReserved)
{
  switch(fdwReason)
  {
  case DLL_PROCESS_ATTACH:
    g_h_main_instance = hinstDLL;     
    DisableThreadLibraryCalls(hinstDLL);     
    CreateThread(0, 0, CreateGUIThread, 0, 0, 0); 
    break;
  }
  return TRUE;
}

Resource

Code: Select all

#ifndef IDC_STATIC
#define IDC_STATIC (-1)
#endif

#define IDD_DIALOG                              101
#define IDC_BUTTON1                             1000
#define IDC_EDIT1                               1002

Post by **kolokosai** » Sat Feb 12, 2011 2:01 pm

wahs...! RiPE SEA!

Post by **Raiden** » Sat Feb 12, 2011 9:36 pm

helohelo1 wrote:dllmain.header file

Code: Select all

#include <Windows.h>
#include <tchar.h>
#include <stdlib.h>
#include <CommCtrl.h>
#include "resource.h"

extern HINSTANCE g_h_main_instance;


DWORD WINAPI CreateGUIThread(__in LPVOID lParam);
INT_PTR CALLBACK DialogProc(__in HWND hwndDlg,__in UINT uMsg,__in WPARAM wParam,__in LPARAM lParam);

struct PACKET {
	DWORD Null;
	LPVOID lpData;
	DWORD nSize;
	DWORD Null2;
};
/* Define your own packet structs here as you reverse ms packet structures */
struct CCPacket
{
  byte w26Header[2];
   byte ZeroBaseChannel[1];
   byte CC1[4];
};
struct mobTelePacket
{
	WORD w37Header;
	byte dwMobId[4];  // DWORD made sizeof(mobTelePacket) = 8 for some reason
};

typedef DWORD (__stdcall *SENDPACKET)(PACKET *Buffer);

char* atohx(char* dst, const char * src);
void WINAPI SendaPacket(__in LPCSTR lpPacketStr);
void WINAPI msSendBuffer(__inout LPVOID lpPacket, __in SIZE_T cb);
//BOOL WINAPI IsPacketSniffed();
void eraseAllBlanks(char*);

dllmain c++

Code: Select all

#include "dllmain.h"
HINSTANCE g_h_main_instance;

SENDPACKET SendPacket;

char* Buffer = NULL;

DWORD SendAddy = 0x004BCB57; //B8 ?? ?? ?? ?? E8 ?? ?? ?? ?? 51 56 57 8B F9 8D 77 ?? 8B CE 89 75 F0 E8 ?? ?? ?? ?? 8B 47 ?? 33
DWORD ClassAddy = 0x0048EC86; //8b 0d ?? ?? ?? ?? 83 65 ?? ?? 8d 45 ?? 50 e8 ?? ?? ?? ?? 83 4d ?? ?? 8d 4d ?? c7 46
DWORD PESendJmp = SendAddy + 5;
DWORD PEClass = *(DWORD*)&Buffer[ClassAddy+2];


void eraseAllBlanks(char *src){
char *dst = src;

while (*src != 0){
if (*src != ' '){
*dst++ = *src; // copy
}
src++;
}
*dst = 0;
}

inline char* atohx(char* dst, const char * src){
	char *ret = dst;
	for(int lsb, msb; *src; src += 2){	
		msb = tolower(*src);
		lsb = tolower(*(src + 1));
		msb -= isdigit(msb) ? 0x30 : 0x57;
		lsb -= isdigit(lsb) ? 0x30 : 0x57;
		if((msb < 0x0 || msb > 0xf) || (lsb < 0x0 || lsb > 0xf)){
			*ret = 0;
			return NULL;
		}
		*dst++ = (char)(lsb | (msb << 4));  
	}
	*dst = 0;
	return ret;
}

void WINAPI SendaPacket(__in LPCSTR lpPacketStr){
	SIZE_T stLen = strlen( lpPacketStr );
	SendPacket = (SENDPACKET)PESendJmp;
	PACKET Packet;
	Packet.Null = 0;
	Packet.Null2 = 0;	
	Packet.nSize = stLen/2;
	byte bPacket[150];
	Packet.lpData = atohx((char*)bPacket, lpPacketStr);

	_asm{
		mov ecx, PEClass
		mov ecx, [ecx]
	}
	SendPacket( &Packet );
}

DWORD WINAPI CreateGUIThread(__in LPVOID lParam){
	DialogBox(g_h_main_instance, MAKEINTRESOURCE(IDD_DIALOG), 0, DialogProc);
	return 0;
}

INT_PTR CALLBACK DialogProc(__in HWND hwndDlg,__in UINT uMsg,__in WPARAM wParam,__in LPARAM lParam){

	switch(uMsg){
	case WM_INITDIALOG: 

		return TRUE;

	case WM_COMMAND:
		switch(LOWORD(wParam)){
		case IDC_BUTTON1:
			char buffer[5000];
			GetDlgItemText(hwndDlg,IDC_EDIT1,buffer,5000);
			eraseAllBlanks(buffer);
			SendaPacket(buffer);
			break;

			}
		break;

	case WM_CLOSE:
		MessageBox(0, "Don't Close it lol", "Egy Packet Sender", 0);
		break;
	}

	return 0;
}

BOOL WINAPI DllMain(__in HINSTANCE hinstDLL, __in DWORD fdwReason, __in LPVOID lpvReserved)
{
  switch(fdwReason)
  {
  case DLL_PROCESS_ATTACH:
    g_h_main_instance = hinstDLL;     
    DisableThreadLibraryCalls(hinstDLL);     
    CreateThread(0, 0, CreateGUIThread, 0, 0, 0); 
    break;
  }
  return TRUE;
}

Resource

Code: Select all

#ifndef IDC_STATIC
#define IDC_STATIC (-1)
#endif

#define IDD_DIALOG                              101
#define IDC_BUTTON1                             1000
#define IDC_EDIT1                               1002

=.- I wonder WTF is this. Really. =.-

I know itz a packet sender source. But the addys are GMS v9X.

Post by **SoullessSoul** » Sat Feb 12, 2011 9:43 pm

Raiden wrote:

helohelo1 wrote:dllmain.header file

Code: Select all

#include <Windows.h>
#include <tchar.h>
#include <stdlib.h>
#include <CommCtrl.h>
#include "resource.h"

extern HINSTANCE g_h_main_instance;


DWORD WINAPI CreateGUIThread(__in LPVOID lParam);
INT_PTR CALLBACK DialogProc(__in HWND hwndDlg,__in UINT uMsg,__in WPARAM wParam,__in LPARAM lParam);

struct PACKET {
	DWORD Null;
	LPVOID lpData;
	DWORD nSize;
	DWORD Null2;
};
/* Define your own packet structs here as you reverse ms packet structures */
struct CCPacket
{
  byte w26Header[2];
   byte ZeroBaseChannel[1];
   byte CC1[4];
};
struct mobTelePacket
{
	WORD w37Header;
	byte dwMobId[4];  // DWORD made sizeof(mobTelePacket) = 8 for some reason
};

typedef DWORD (__stdcall *SENDPACKET)(PACKET *Buffer);

char* atohx(char* dst, const char * src);
void WINAPI SendaPacket(__in LPCSTR lpPacketStr);
void WINAPI msSendBuffer(__inout LPVOID lpPacket, __in SIZE_T cb);
//BOOL WINAPI IsPacketSniffed();
void eraseAllBlanks(char*);

dllmain c++

Code: Select all

#include "dllmain.h"
HINSTANCE g_h_main_instance;

SENDPACKET SendPacket;

char* Buffer = NULL;

DWORD SendAddy = 0x004BCB57; //B8 ?? ?? ?? ?? E8 ?? ?? ?? ?? 51 56 57 8B F9 8D 77 ?? 8B CE 89 75 F0 E8 ?? ?? ?? ?? 8B 47 ?? 33
DWORD ClassAddy = 0x0048EC86; //8b 0d ?? ?? ?? ?? 83 65 ?? ?? 8d 45 ?? 50 e8 ?? ?? ?? ?? 83 4d ?? ?? 8d 4d ?? c7 46
DWORD PESendJmp = SendAddy + 5;
DWORD PEClass = *(DWORD*)&Buffer[ClassAddy+2];


void eraseAllBlanks(char *src){
char *dst = src;

while (*src != 0){
if (*src != ' '){
*dst++ = *src; // copy
}
src++;
}
*dst = 0;
}

inline char* atohx(char* dst, const char * src){
	char *ret = dst;
	for(int lsb, msb; *src; src += 2){	
		msb = tolower(*src);
		lsb = tolower(*(src + 1));
		msb -= isdigit(msb) ? 0x30 : 0x57;
		lsb -= isdigit(lsb) ? 0x30 : 0x57;
		if((msb < 0x0 || msb > 0xf) || (lsb < 0x0 || lsb > 0xf)){
			*ret = 0;
			return NULL;
		}
		*dst++ = (char)(lsb | (msb << 4));  
	}
	*dst = 0;
	return ret;
}

void WINAPI SendaPacket(__in LPCSTR lpPacketStr){
	SIZE_T stLen = strlen( lpPacketStr );
	SendPacket = (SENDPACKET)PESendJmp;
	PACKET Packet;
	Packet.Null = 0;
	Packet.Null2 = 0;	
	Packet.nSize = stLen/2;
	byte bPacket[150];
	Packet.lpData = atohx((char*)bPacket, lpPacketStr);

	_asm{
		mov ecx, PEClass
		mov ecx, [ecx]
	}
	SendPacket( &Packet );
}

DWORD WINAPI CreateGUIThread(__in LPVOID lParam){
	DialogBox(g_h_main_instance, MAKEINTRESOURCE(IDD_DIALOG), 0, DialogProc);
	return 0;
}

INT_PTR CALLBACK DialogProc(__in HWND hwndDlg,__in UINT uMsg,__in WPARAM wParam,__in LPARAM lParam){

	switch(uMsg){
	case WM_INITDIALOG: 

		return TRUE;

	case WM_COMMAND:
		switch(LOWORD(wParam)){
		case IDC_BUTTON1:
			char buffer[5000];
			GetDlgItemText(hwndDlg,IDC_EDIT1,buffer,5000);
			eraseAllBlanks(buffer);
			SendaPacket(buffer);
			break;

			}
		break;

	case WM_CLOSE:
		MessageBox(0, "Don't Close it lol", "Egy Packet Sender", 0);
		break;
	}

	return 0;
}

BOOL WINAPI DllMain(__in HINSTANCE hinstDLL, __in DWORD fdwReason, __in LPVOID lpvReserved)
{
  switch(fdwReason)
  {
  case DLL_PROCESS_ATTACH:
    g_h_main_instance = hinstDLL;     
    DisableThreadLibraryCalls(hinstDLL);     
    CreateThread(0, 0, CreateGUIThread, 0, 0, 0); 
    break;
  }
  return TRUE;
}

Resource

Code: Select all

#ifndef IDC_STATIC
#define IDC_STATIC (-1)
#endif

#define IDD_DIALOG                              101
#define IDC_BUTTON1                             1000
#define IDC_EDIT1                               1002

=.- I wonder WTF is this. Really. =.-

I know itz a packet sender source. But the addys are GMS v9X.

i think he asking us to help him update and fix RiPe Sea

Post by **Raiden** » Sat Feb 12, 2011 10:15 pm

ClassAddy is 0x00481E12 (8b 0d ?? ?? ?? ?? 83 65 ?? ?? 8d 45 ?? 50 e8 ?? ?? ?? ?? 83 4d ?? ?? 8d 4d ?? c7 46).

SendAddy is unknown. With GMS`s AoBs(B8 ?? ?? ?? ?? E8 ?? ?? ?? ?? 51 56 57 8B F9 8D 77 ?? 8B CE 89 75 F0 E8 ?? ?? ?? ??) I found 2000+ addresses. WTF~!!

With EMS`s AoB(B8 ?? ?? ?? 00 E8 ?? ?? ?? ?? 83 EC ?? 53 56 8B F1 8D 5E ??) i found 2 (0x009B155D, 0x00B0EB3F) but they are not working.

12Re%ef$#%!!E#@#$@E@!

Re: [Release] MapleSEA v100 Packets

Re: [Release] MapleSEA v100 Packets

Re: [Release] MapleSEA v100 Packets

Re: [Release] MapleSEA v100 Packets

Re: [Release] MapleSEA v100 Packets

Re: [Release] MapleSEA v100 Packets

Re: [Release] MapleSEA v100 Packets

Re: [Release] MapleSEA v100 Packets

Re: [Release] MapleSEA v100 Packets

Re: [Release] MapleSEA v100 Packets