Created
March 3, 2014 16:41
-
-
Save LordJZ/9328944 to your computer and use it in GitHub Desktop.
Xyla assembly language part
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
; hook for jmp at recv funct 0x004870B7 (build 14333) | |
; JumpAtValue = 0x22222222 | |
; AddPacketValue = 0x33333333 | |
; StorageValue = 0x44444444 | |
; BaseAddressValue=0x55555555 | |
use32 | |
; LINK CREATURE_QUERY | |
; pushfd | |
; pushad | |
; jmp _nolink ; skip linking npcs | |
; mov eax, 0x55555555 ; base address | |
; add eax, 0x477D20 ; OsGetAsyncTimeMs 15354 | |
; call eax | |
; bt eax, 0 | |
; jc _nolink | |
; mov eax, 0x55555555 ; base address | |
; add eax, 0x934A90 ; isInWorld 15354 | |
; mov eax, [eax] | |
; test eax, eax | |
; jz _nolink | |
; mov eax, 0x55555555 ; base address | |
; add eax, 0x9D600C ; counter 15354 | |
; mov ecx, [eax] | |
; cmp ecx, 0x186A0 ; 60000 | |
; jg _nolink | |
; inc ecx | |
; mov [eax], ecx | |
; xor eax, eax | |
; sub esp, 0B0h | |
; mov [esp+09Ch], ecx | |
; mov [esp+0ACh], eax | |
; mov eax, esp | |
; push eax | |
; mov ecx, 0x55555555 ; base address | |
; add ecx, 0x996110 ; WDB_CACHE_CREATURE 15354 | |
; mov eax, 0x55555555 ; base address | |
; add eax, 0x9C140 ; DBCache_CreatureStats_C__SendSingleQuery 15354 | |
; call eax | |
; add esp, 0B0h | |
; _nolink: | |
; popad | |
; popfd | |
; prologue | |
pushfd | |
pushad | |
; cx = opcode | |
; edi = CDataStore* | |
; [bp+8] = WowConnection* | |
mov ecx, ecx | |
mov esi, edi | |
; skip compressed opcodes | |
and ecx, 0FFFFh | |
cmp ecx, 0D40h ; 15595 -- update crap here!!! | |
jz _epilogue | |
bt ecx, 0fh | |
jc _epilogue | |
; calculate conn idx | |
mov ebx, [ebp+8] ; ebx = WowConnection* | |
mov eax, [ebx+14h] ; eax = NetClient* | |
xor edi, edi ; itr | |
_loop: | |
cmp ebx, [eax+edi*4+4640h] | |
jz _callToAddPacket | |
inc edi | |
cmp edi, 4 | |
jl _loop | |
mov edi, 0FFFFFFFFh | |
; CALL TO ADDPACKET | |
_callToAddPacket: | |
push edi ; connectionIndex | |
push 0 ; isSend - isC2S, false | |
mov eax, esi | |
mov ebx, [eax+4] ; buffer | |
sub ebx, [eax+8] ; sub base | |
mov edx, [eax+10h] ; size | |
mov eax, [eax+14h] ; read | |
add ebx, eax ; add read | |
sub edx, eax | |
push edx ; dataLength | |
push ecx ; opcode | |
push ebx ; data | |
mov eax, 0x33333333 | |
call eax | |
; epilogue | |
_epilogue: | |
popad | |
popfd | |
; back | |
and ecx, 0B3FDh ; 15595 REPLACED INSTRUCTION | |
mov edx, 0x22222222 | |
inc edx ; replaced instruction is 6 bytes | |
jmp edx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
; hook for jmp at send funct 0x00486215 (build 14333) | |
; ecx is safe to use | |
; JumpAtValue = 0x22222222 | |
; CloseFileValue = 0x33333333 | |
use32 | |
; prologue | |
pushfd | |
pushad | |
mov eax, 0x33333333 | |
call eax | |
; epilogue | |
_epilogue: | |
popad | |
popfd | |
mov ecx, 0x22222222 | |
jmp ecx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
; hook for jmp at send funct 0x0054B503 (build 14333) | |
; ecx is safe to use | |
; JumpAtValue = 0x22222222 | |
; AddPacketValue = 0x33333333 | |
use32 | |
; replaced instructions | |
add ecx, 2 | |
add edi, ecx | |
; prologue | |
pushfd | |
pushad | |
push eax | |
push ebx | |
push ecx | |
push edx | |
push edi | |
; ebx - size | |
; [bp-Ch] - data | |
; esi - WowConnection* | |
; same checks as in client | |
cmp ebx, 0 | |
jle _epilogue | |
cmp dword [esi+10h], 5 ; wowConnection->State | |
jnz _epilogue | |
mov ecx, [ebp-0Ch] ; ecx = ptr to data | |
mov edx, [ecx] ; edx = opcode | |
; skip hello packet | |
cmp edx, 4C524F57h | |
jz _epilogue | |
; calculate conn idx | |
mov eax, [esi+14h] ; eax = NetClient* | |
xor edi, edi ; itr | |
_loop: | |
cmp esi, [eax+edi*4+4640h] | |
jz _callToAddPacket | |
inc edi | |
cmp edi, 4 | |
jl _loop | |
mov edi, 0FFFFFFFFh | |
; CALL TO ADDPACKET | |
_callToAddPacket: | |
push edi ; connectionIndex | |
push 1 ; isC2S = 1 | |
sub ebx, 4 | |
push ebx ; dataLength | |
push edx ; opcode | |
lea ebx, [ecx+4] | |
push ebx ; data | |
mov eax, 0x33333333 | |
call eax | |
; epilogue | |
_epilogue: | |
pop edi | |
pop edx | |
pop ecx | |
pop ebx | |
pop eax | |
popad | |
popfd | |
mov ecx, 0x22222222 | |
jmp ecx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment