First off, I’d like to state that I am a beginner at coding, so don’t laugh too hard at my code.

Second this is only a front end to Maggotboy's Super Stealth Sniffer V2. The .dll to launch the sniffer is not included in the source. You can go Here (http://seq.sourceforge.net/showthread.php?s=&threadid=2479) do download his code. This program will not fully work without his compiled .dll. Although the offset finder will work without his .dll.

I really liked the functionality of Logic_Dingo’s VB code, but I wanted the security of Maggotboys’s sniffer, so that’s why I put this together. Also I wanted to contribute something to the community instead of sitting on the sidelines.

This program will do the following:

1. A graphical Interface to launch the Super Stealth Sniffer V2
2. Save and Load Settings so you wont have to type them in every time you want to launch the sniffer
3. Will Probe your Everquest executable to find the correct memory offsets
4. When the Sniffer is started the front end will close cleanly.

The code should be easy enough to adapt to any of the other command line siffers.

Instructions for use:

Sniffer
1. After you make the .EXE place it into the same directory as your SS V2 .DLL.
2. Type in all your settings ( Note: The memory Offset field will automatically populate if you use the find offset function)
3. Click save settings (This is optional if you dont want to save any information on your comuter. The program will save a file named settings in the same directory as the .EXE that stores all your options)
4. Click Start Sniffer then the program will exit and kick off your .DLL
5. If you saved your settings, Next time you run the program simply click load settings to populate all the fields.

Find Offset
1. Click Find Offset
2. Browse to either your EQGAME.exe or TESTEQGAME.exe, and hit OK.
3. Click Find Offset and wait until the Key is displayed in the text box
4. Click Close
5. The key you just found is also placed into the memory address text box on Form1

I would like to give a big thanks to Maggotboy for writing a great sniffer, To Logic_Dingo for his VB Sniffer, to Bitshift for his code to find the offsets in the EQ exe, and finally to Eric for helping me with some of the bugs.

Please give me input on what you think of the program and ways to improve it.

Have Fun…


Spot

EDIT: This was written In MS VB6 with SP5 I do not have a copy of .net, so Im not sure if it wil work with .net

Edit 2:

Uploaded a new version with a bug fix, new features, and comments

Bug Fix: Program no longer crashes if the settings file does not exist

New Features: Added a field for custom InstallHook settings
Changed the save file from just settings to settings.ini
The Offset Form will now display an hourglass while finding the offset.

Comments: I placed comments through out the code. The original version had very little comments. Also I placed some documentation at the top of form1.

Edit 3:

Bug Fix: Fixed program crash if you tried to find an offset if Text9.Text was completely blank.

New Features: EQ Filename and Path is now stored in and loaded from the Settings.ini
Added in extra zero’s into the Memory offset Display (For Cosmetic Reasons Only)
Added Version Number
Added Change Loge.txt

Edit 4: I Attached fgay Traders 1.4 Updated .Zip file to the original post.

Edit 5: I Attached fgay Traders 1.5 Updated .Zip file to the original post.

You might have to clear your Browser cache to get the new version. Make sure to check the change log or the doc's as the top of frmMain for Version Number 1.5
Thanks for all the great feedback everybody!

Thanks for the nice little front end, but do you think you could add an option to have a different InstallHook? He does recommend that you change those, but your front end only allows the default one.

Thanks again!

Updated the project to include a new text box to hold an InstallHook Name. It should work fine, but I’m at work right now so I cant test it. I updated the original post with the new code.

Thanks for the suggestion!

Change this line:


RetVal = Shell("rundll32.exe " & Text1.Text & ",InstallHook " & Text2.Text & " " & Text5.Text & " " & Combo1.Text & " " & Text3.Text)

Change "InstallHook" to whatever you changed it to in your own build, and compile the frontend. Shazam, works great!

Thanks!

Yeah I had changed the code and that did work.

I just tried the new version and it works like a champ!

Thanks again.

By the way you might want to fix the crash error if you try to load a config file without actually having one. Just for completness. ;P

Coldbrew,

Yeah, noticed that also. Ill work on a fix for the no settings file crash.

I changed:


Open "settings" For Output As #1

to


Open "settings.ini" For Output As #1

Just for my own benefit, helps me remember where and what I need to edit if I change anything. Be sure to change the 'Load Defaults' event routine filename to match.

Also, I added error trapping to the 'Load Defaults' event, it just bugged me... no pun intended :D

Again, VERY nice job on this overall!

Updated the project with the suggestions you guys made and some other features. Just download it from the original post.

Thanks Again!

Updated the project with some new features and a bug fix. Just download it from the original post.

-- Spot

YAY, pretty spiffer little program bro. Thanx a lot

Was getting sick of running my ugly .bat file; hehe


no biggy, but it don't seem to find the offset, always get one that's 0's. Tried finding it while running and while not running *shrug*

probably just me, but I thought I'd mention it in case it wasn't. Compiled with VB 6.0 on windows xp
.


Thanx again for the purty little GUI

Works very nicely. One small note: on the EQ Memory Offset Finder form it would be nice not to have to type in/browse for the EQ exe every time. I realize you only need to do this when the EQ executables are updated, but since the settings are saved to the INI file, might as well save that setting too.

Messing with VS.NET causes this:



Form1.vb(489) : error BC30451: Name 'Forms' is not declared.
Building satellite assemblies...
Satellite assemblies could not be built because the main project output is missing.

Yes, it's a bit of a mess under .NET. Am playing with it. We shall see.

Uncle Ben,

Make sure you are scanning either the EQGAME.EXE or TESTEQGAME.EXE . if you scan the everquest.exe it will not find the key and display all zeros.

fgay trader,

Version 1.3 does save path to the eq dir and eq exe in the settings.ini . First make sure you are using version 1.3 and second resave your settings after you enter the path and exe.

And I'm really sorry that I cant help out much on the .net front. I Don't have a copy of .net, and I wont have the money waste on it for a while. If you figure out what wrong let me know and I'll add it into the code.

I've made some modifications and fixes to the app and attached is the source code of v1.4.

Here's what i've done:
Bugfix: Application was not unloading properly when closed from GUI w/o launching the sniffer (via the X in upper-right corner).
Bugfix: Fixed launching of the sniffer DLL from folders with spaces in their name (v1.3 was crashing).
Bugfix: Fixed crashing if EQ exe filepath was not entered on Offset finder form (you beat me to it, Spot ;)).
Enhancement: Settings.ini is now a true INI file with Sections and Keys for easy maintenance even outside of the app.
Enhancement: Using Get/WritePrivateProfileString API's to read/write INI files.
Enhancement: Settings are loaded upon application startup if the Settings.ini file is present.
Enhancement: Renamed most of the Forms, Controls and Variables for more readable/manageble code.
Enhancement: Rearranged Tabindex's on both forms.
Validation: Checking for existance of sniffer's DLL before launching it via RunDLL32.exe or saving the settings.
Validation: Checking for a valid EQ executable before scanning them for the key or saving the settings.
Corrections: This app does not need to reside in the same folder as the sniffer DLL - simply include the DLL's path in "Sniffer Name" to launch it from anywhere.
Corrections: Changed #5 under Sniffer Setup to mention new startup functionality.
Misc: General code modularization and some cleanup.


P.S. I use VB6 w/SP5. The code will not compile in .NET as is and I don't feel like installing it right now :p

P.P.S. Many thanks to maggotboy for the sniffer, Spot for the Front End app, and all others who contributes to the SEQ and related projects.

Edit: Attachment moved to the original post.

How about adding ability to pass an argument to the executable to have it load the config, load the dll, and then exit.

Great additions Gfay Trader! I attached your .zip file to my original post in order to alleviate any confusion and to make sure everybody download the latest version. I can’t stress enough how impressed I am with the changes.


:D :D :D :D


--Spot

ColdBrew: Ask and you shall receive ;)

v1.5:

Added a command-line argument to the Front End executable. Passing "1" will attempt to auto-load the values from Settings.ini, launch the sniffer DLL and exit, while passing anything else (or nothing at all) will bring up the GUI.
Trapping for invalid exe's on the Offset finding form.
More error trapping and validation on the main form.
Re-organized entries in Settings.ini.
More code modularization.

ZIP of source attached.

Spot: Thanks for your kind words! Good idea about updating the original post with the new ZIP, can I ask you to do it again? :)

Edit: Attachment moved to the original post in this thread.

Originally posted by fgay trader
ColdBrew: Ask and you shall receive ;)



Wow, that was fast!

Thanks a lot!

FGay Trader,

Ok added it the original post. You should probably delete the attachments from your other two posts just to make sure everybody gets the correct file. Thanks again for the great additions.

--Spot

Dude, this rox!

My mods:


Private Sub cmdStartSniffer_Click()
If Dir(txtSnifferDllPathName.Text) = "" Or Trim(txtInstallHookName.Text) = "" Or Trim(txtSEQIP.Text) = "" Or Trim(txtUDPport.Text) = "" Or Trim(cboExeType.Text) = "" Or Trim(txtMemAddress.Text) = "" Then
Call MsgBox("Some of the required initialization information is missing. Please check the form.", vbOKOnly + vbCritical, "Error Launching Sniffer")
Exit Sub
End If

Call ShellApp("rundll32.exe """ & txtSnifferDllPathName.Text & """," & txtInstallHookName.Text & " " & txtSEQIP.Text & " " & txtUDPport.Text & " " & cboExeType.Text & " " & txtMemAddress.Text)
Call MsgBox("Sniffer Started", vbOKOnly + vbInformation, "Sniffer Front End")
cmdStartSniffer.Visible = False
cmdStopSniff.Visible = True
End Sub(took out the call to unload the form there)

Added this new in there:

Private Sub cmdStopSniff_Click()
Call ShellApp("rundll32.exe """ & txtSnifferDllPathName.Text & """,RlsHk")
Call MsgBox("Sniffer Stopped", vbOKOnly + vbInformation, "Sniffer Front End")
cmdStartSniffer.Visible = True
cmdStopSniff.Visible = False
End SubAnd changed:


Private Sub Form_Unload(Cancel As Integer)
If cmdStopSniff.Visible Then
Call cmdStopSniff_Click
End If
Call UnloadForms
End SubJust a few minor changes. What this allows for is to remove the hooks before the program is closed no matter what, and an option to click on a button to remove them. You may want another textbox in there for the release command as specified in the .def file, but that's up to you.

I did this so I didn't have to run the line manually to remove rundll32.exe from memory. Call me lazy, but that's why I program... hehe.