I made the changes you sugested and it complied flawlessly. Thank you MisterSpock.
Now I just have to wait for the servers to come back up to test it.
I made the changes you sugested and it complied flawlessly. Thank you MisterSpock.
Now I just have to wait for the servers to come back up to test it.
Ran into a snag that I am having trouble with.
I grabed the 1.3 this morning and tried to compile it using MS VS6 but I am getting the following:
c:\program files\microsoft visual studio\myprojects\project1\eqsniffer.cpp(124) : error C2664: 'SetTimer' : cannot convert parameter 4 from 'void (struct HWND__ *,unsigned int,unsigned long,unsigned long)' to 'void (__stdcall *)(struct HWND__ *,unsigned int,unsigned int,unsigned long)'
None of the functions with this name in scope match the target type
Error executing cl.exe.
Any clues on how to proceed?
Monster
Last edited by monster69; 11-19-2002 at 09:31 AM.
Check the first page of this thread, Seqsy shows how to fix this.Originally posted by monster69
Ran into a snag that I am having trouble with.
I grabed the 1.3 this morning and tried to compile it using MS VS6 but I am getting the following:
c:\program files\microsoft visual studio\myprojects\project1\eqsniffer.cpp(124) : error C2664: 'SetTimer' : cannot convert parameter 4 from 'void (struct HWND__ *,unsigned int,unsigned long,unsigned long)' to 'void (__stdcall *)(struct HWND__ *,unsigned int,unsigned int,unsigned long)'
None of the functions with this name in scope match the target type
Error executing cl.exe.
Any clues on how to proceed?
Monster
Damn! I hate it when I do that.
Thanks Fletch!
Here's what happens ...Originally posted by goldmund
Now to my question, it's my understanding that running the ReleaseHook command is only necessary if you never start eqgame.exe after running InstallHook. To actually remove the sniffer from memory after it's begun you need to kill rundll32.exe correct?
Is there a way to kill rundll32.exe without going in through task manager? I use EQW in Win2k, and bringing up task manager instantly kills that program.
RUNDLL32 (...), InstallHook -- this installs the hook procedure, and causes RUNDLL32 to remain resident in memory while the hook is in place.
When the DLL realizes that it has connected to the game, it automatically triggers the resident RUNDLL32 to release the hook, which causes RUNDLL32 to automatically exit.
At this point, the sniffer has been removed from memory for all processes *except* EQ. When EQ exits, the sniffer will die as well.
If you never run the game and need to shut the hook down manually, you need to run another RUNDLL32 command:
RUNDLL32 (yourdllname),ReleaseHook
This causes another RUNDLL32 to start, calls the DLL's ReleaseHook function, which triggers the first RUNDLL32 to exit, and then this instance exits as well.
What I did is I created 2 shortcuts on my desktop. One called Install Hook, and the other called Release Hook.
Both shortcuts call RUNDLL32. The first one calls my InstallHook procedure with all the parameters ... and the second shortcut calls RUNDLL32 with my ReleaseHook procedure. Since I made the change to make the hook automatically release itself once it latches onto EQ, I never need to run the Release Hook shortcut ... but I keep it there just in case.
Maggotboy
Last edited by maggotboy; 11-19-2002 at 10:42 AM.
Kudos to Maggotboy!
This is the first sniffer I have been willing to try, and I'm a TOTAL noob when it comes to programming.
I did a compile on a W2k box (0 errors, 0 warnings) and am chomping at the bit to get home and try it out on my XP box at home.
I hope this works for me...
I am, however, VERY intrigued by your post on V 2... Looking forward to seeing that one.
This does work with windows ME...
After many hours of staring and flipping through books and comparing to other programs...
I found the problem using the old ancient method of looking at the code with crossed eyes...
/em tells himself that it's
eqgame.exe not everquest.exe to search memory for
It works like a charm /congrats
Side note:
I've noticed now each zone has an oddball player spawned using this method. This is not a real player or has ever been displayed before, nor displayed using one of the other sniffers...
One for example is in SH Player named "Wave of Prexus" (not the same in each zone, but each zone it is constant) also does have a guild tag, for the life me at this moment i don't remember that tag... Also when there isn't anything targeted, seq defaults the target to this unkown named spawn... (meaning if there isn't anything in my target window in eq, on seq this weird spawn is targeted)
Anyone else seeing this?
--
It'll all come out in the wash...
- tested and approved by SEQ users world wide!
h3x -
Aye, I've seen this as well, but figured it was a side-effect of the new manual decoding on SEQ's side.
Not sure how this happens or what to do about it.
Maggotboy
Same here .. actually, to be more spacific; they always have the guild tag <The Untrusted>
Thats fun =). I am using this code...not seeing those player spawns in each zone though. Kind of an oddity.
Usually I post my character here...but uh...yeah...
Not each zone, but a number of them. ToV comes to mind right off hand. /shrug
On with the show .......
Odd...now I'm getting something ....its a player that is grayed out...at lvl 0, race, class....both 0...has the tag of one of the guilds on my server. Heh. Just....weird...
Usually I post my character here...but uh...yeah...
I see the same guild tag on an unknown player in a few zones. PoD around the middle of the zone (near goos) is the one I remember the most but have seen the same "person" in other zones as well.
-Lane
Ok I am totally new at this so please bear with me on this question. I wanted to know if I need to edit this in VS.net "RUNDLL32.EXE mysniffer.dll,InstallHook <ipaddr> <port> <filename> <memaddr>" with my information or do I leave it as is and only use that line when I open up a cmd window? Also so I need the .dll that I created in the same directory as the rundll32?
Lets say you compile the program as MYSNIFFER.DLL ...
Furthermore, lets say the IP address of your SEQ box is 192.168.1.40 and is listening on port 666.
You could then go to a DOS prompt, change to the directory where MYSNIFFER.DLL is, and type ...
RUNDLL32 MYSNIFFER.DLL,InstallHook 192.168.1.40 666 eqgame.exe 0x0078AAD0
You have to substitute each item in the command-line with your information, each item being separated by a space. First the ipaddr, then the port, then the name of the program to hook, followed by the memory address to look in for the key.
RUNDLL32.EXE is in the Windows\System or Windows\System32 directory. If that directory is in your PATH, then you don't have to worry about where RUNDLL32.EXE is. If its not in your path and you get "invalid command or filename" , then you'll have to type:
C:\Windows\System\RUNDLL32 MYSNIFFER.DLL,InstallHook 192.168.1.40 666 eqgame.exe 0x0078AAD0
Maggotboy
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
