Logging Packets

**Jabberwock** · 09-03-2012

Hi I need help with something, I want to log the packets that are sent from the game.

I have done a hook, and it seems to be working well.
The thing is, when I try to read it from a txt file, I see some unique letters and such.
So I figured I have to convert the second perameter of the send function from Winsock.dll to hex.

How can I achive this?

This is my fake function:

Code:

int WINAPI MySend(SOCKET s, const char* buf, int len, int flags)
{
    fopen_s(&pSendLogFile, "C:\\SendLog.txt", "a+");
    fprintf(pSendLogFile, "%s - %d\n", buf, len);
    fclose(pSendLogFile);

    return pSend(s, buf, len, flags);
}

I think I succeeded.

Code:

std::string displayText;
char buffer[32];
unsigned short nStrLength;
short j;

//-----------------------

int WINAPI MySend(SOCKET s, const char* buf, int len, int flags)
{
	displayText = "";

	for (j = 0; j < len; j++)
	{
		
		sprintf_s(buffer, "%0.2X", buf[j]);

		nStrLength = strlen(buffer);
		displayText.push_back(buffer[nStrLength-2]);
		displayText.push_back(buffer[nStrLength-1]);
		displayText.push_back(' ');
	}

	displayText.pop_back();

    fopen_s(&pSendLogFile, "C:\\SendLog.txt", "a+");
    fprintf(pSendLogFile, "%s", displayText);
	fprintf(pSendLogFile, " - %d\n", len);
    fclose(pSendLogFile);

	return pSend(s, buf, len, flags);
}

Found it on the web.

**giniyat101** · 09-03-2012

do something like that:

Code:

int buf_len = len*4; //should be enough i guess
char * buffer = new char char[buf_len]; 
ZeroMemory(buffer, buf_len); //just incase
for (int i=0; i<len; i+= 8)
{
    for (int j=0; j<8; j++)
    {
        if ((i+j) > len) break;
        if (j != 0) sprintf_s(buffer, buf_len", "%s ", buffer);
        sprintf_s(buffer, buf_len, "%s%02X", buffer, (BYTE)buf[i+j]);
    }
    sprintf_s(buffer, buf_len, "%s\n", buffer);
}
delete [] buffer;

**radnomguywfq3** · 09-04-2012

Originally Posted by Jabberwo0ck

Hi I need help with something, I want to log the packets that are sent from the game.

I have done a hook, and it seems to be working well.
The thing is, when I try to read it from a txt file, I see some unique letters and such.
So I figured I have to convert the second perameter of the send function from Winsock.dll to hex.

How can I achive this?

This is my fake function:

Code:

int WINAPI MySend(SOCKET s, const char* buf, int len, int flags)
{
    fopen_s(&pSendLogFile, "C:\\SendLog.txt", "a+");
    fprintf(pSendLogFile, "%s - %d\n", buf, len);
    fclose(pSendLogFile);

    return pSend(s, buf, len, flags);
}

I think I succeeded.

Code:

std::string displayText;
char buffer[32];
unsigned short nStrLength;
short j;

//-----------------------

int WINAPI MySend(SOCKET s, const char* buf, int len, int flags)
{
	displayText = "";

	for (j = 0; j < len; j++)
	{
		
		sprintf_s(buffer, "%0.2X", buf[j]);

		nStrLength = strlen(buffer);
		displayText.push_back(buffer[nStrLength-2]);
		displayText.push_back(buffer[nStrLength-1]);
		displayText.push_back(' ');
	}

	displayText.pop_back();

    fopen_s(&pSendLogFile, "C:\\SendLog.txt", "a+");
    fprintf(pSendLogFile, "%s", displayText);
	fprintf(pSendLogFile, " - %d\n", len);
    fclose(pSendLogFile);

	return pSend(s, buf, len, flags);
}

Found it on the web.

You shouldn't convert anything. Write in the data raw, then open it with a a hex-editor; the data could be anything. You need to open the file with the 'b' flag, as it is a raw binary file.

Also, use fstream. It's a lot less of a pain in the ass.

Code:

std::fsteam fLog("test.txt", fstream::out | fstream::binary);
fLog.write(pData, ulDataLen);

Since you have no means of seperating the messages reasonably, you're better off just leaving it in a stream(write all calls in the same file) unless you know how to figure out the length of each message programatically. Sometimes, the length parameter is the length of the entire message, but a lot of the time the messages are composed of several calls to this function and the app has its internal method of determining the length of the messages.

**Jabberwock** · 09-04-2012

I realized the game uses the UDP connection. The TCP is only for buying items or the chat.

Anyway, what I want to do is get a specific packet that does something unique. Like jumping and other stuff, so I can use it and change the length of the jump by editing that packet.
When simply logging the packets I can't distinguish between them and there are a lot of packets in a second. I think 400 per second.

Thanks about the tips.

I tried with a hex editor, it's not an option for me. As I need to make chamges in real time to the packets.

Now the code is this:

Code:

int WINAPI MySendTo(SOCKET s, const char* buf, int len, int flags, const struct sockaddr *to, int tolen)
{
	int buf_len = len * 8; //should be enough i guess
	char *buffer = new char[buf_len];
	ZeroMemory(buffer, buf_len); //just incase

	for (int i = 0; i < len; i += 8)
	{
		for (int j = 0; j < 8; j++)
		{
			if ((i + j) > len) break;

			if (j != 0) sprintf_s(buffer, buf_len, "%s ", buffer);

			sprintf_s(buffer, buf_len, "%s%02X", buffer, (BYTE)buf[i + j]);
		}

		sprintf_s(buffer, buf_len, "%s ", buffer);
	}

	sprintf_s(buffer, buf_len, "%s\n", buffer);

	fLog.write(buffer, strlen(buffer));

	delete [] buffer;

	return pSendTo(s, buf, len, flags, to, tolen);
}

Thread: Logging Packets

Thread Tools

Display

Logging Packets

The Following User Says Thank You to giniyat101 For This Useful Post:

The Following User Says Thank You to radnomguywfq3 For This Useful Post:

The Following User Says Thank You to Jabberwock For This Useful Post:

Similar Threads

packet editing

Packets & Visual Basic

Boot up Windows before you even log in.

warrock wpe packet info

Sugestion--Post Saved packets (WR)