Maggotboy's Super Stealth Sniffer V2 (code)

[UncleBen]

Originally posted by maggotboy
UncleBen -- you forgot to edit the EQSNIFFER.DEF file and change the "LIBRARY eqsniffer" to "LIBRARY sniffer" -- the name of the library must match (without the extension) the DLL name.

Maggotboy

LOL, shoulda flamed me for missing that, read over file again and saw it .



Sure you dont' want to hear this, but EQ's still crashing with v2.2 after compiling np with VC++ 6.0 on Windows XP SP1.

Tried changing the INJECT_OFFSET numerous times also.

[UncleBen]

Originally posted by guice
Crash to desktop, too.

Dont know how to use the MSV6 Debugger, but when I hit 'Debug' I get an alert window pop up saying:
Unhandled exception in eqgame.exe: 0xC0000005: Access Violation

Not sure if that's a MSV6 thing, or that's the error that crashed EQ.

Getting same thing here

[maggotboy]

I've posted the 2.03 code ... its for debugging purposes only, and doesn't really contain much else by way of useful changes. There's a couple minor piddly tweaks, but nothing serious.

Hopefully with the added debug messages, I may get a glimmer of what's going on with the DLL not unloading.

Maggotboy

[UncleBen]

kk, gonna give it a whirl before I hit the sack for ya


EDIT: Not sure on how to get the debug output from this using VC++ 6.0. Tried debug -> attach to process -> rundll32.exe. . Dunno what else to do for ya

[nok]

Thanks for all the great work maggotboy. Very impressive.

Compiled with VC6 on XP SP1. Crashes on first keypress, but I can use the mouse just fine.

Code:

324: Ignoring process attach request for C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
528: time()-cpuSpeed:1740769
528: TimeGetTime-cpuSpeed: 1768024
528: Found EQ Process!
528: Injecting code length 189159 ...
528: Code allocated at 0x099B0000
528: Setting hook procedure...

I'm not very smart but after spending a while staring at my screen it looks like you allocate the memory block to the size of the HookProc but you write the injection struct and the HookProc to that space... I'm probably just not understanding it correctly.

[Talon]

*cough cough*

I am a bit further. Have some ready keysniffer.dll file in folder DEBUG, everything fine, no compile errors.

Then i switch into this folder and enter :

RUNDLL32.EXE keysniffer.dll,InstallHook 192.168.0.1 10000 eqgame.exe 0x0078AAD0

keysniffer.dll = name i entered into eqsniffer.def
192.168.0.1 = IP of my EQ Box
10000 = Port that many peeps tell us to work
eqgame.exe = program
0x0078AAD0 = new offset since patch

I get some error message :
error loading keysniffer.dll
an initializing routine went wrong
(translation from the german message)

Anyone an Idea ? Dont FLAME me down /hide

[Fletch]

Originally posted by Talon

I get some error message :
error loading keysniffer.dll
an initializing routine went wrong
(translation from the german message)

Anyone an Idea ? Dont FLAME me down /hide [/B]

One page 1 of the thread Digi had the same problem and on page 2 maggotboy posted that he had updated the code. You will need to redownload the source files and recompile.

[Talon]

So far ok, Version 2.03 works after compile.

BUT

when i start EQWin afterwards and hit any key EQ breaks down to desktop.

I use Port 10000
is this wrong ?

[Fletch]

Originally posted by Talon
So far ok, Version 2.03 works after compile.

BUT

when i start EQWin afterwards and hit any key EQ breaks down to desktop.

I use Port 10000
is this wrong ?

No its not wrong, V2 is still buggy as far as I understand. I am guessing it will be debugged shortly.

However, Verison 1.3 is working and can be found at this thread:

http://seq.sourceforge.net/showthrea...threadid=2453/

[Jel321]

Just a thanks for the nice work Magg

C'mon guys, its so simple maybe you need a refresher course! Its all ball barings nowadays!

Great quote!

[Sodom]

quote:
--------------------------------------------------------------------------------
C'mon guys, its so simple maybe you need a refresher course! Its all ball barings nowadays!
--------------------------------------------------------------------------------


Those who quote Chevy Chase are doomed to failure

[Talon]

Confirmed : V1.03 works fine, thx for helping )

[Alwayslost]

Maybe I'm just lucky...

I compiled 2.01 last night and it worked GREAT.

I followed all the steps in the 1.3 thread.

MSVC6++ Standard (no SP, no SDK)
Compiled on WinXP
New Empty DLL
Project > Add to project > Files (.cpp and .def from the zip file)
Project > Settings > Link (tab) > Input (category) > "eqsniffer.def" (additional Library Path)
Build > Configuration > Debug stuff (Delete)

-- Edit the two files for protection
-- Definition file I did not alter spacing in any way, 4 edits,
-- .cpp file copied the 3 edits from the .def file

Press f7

Done.

Copied it to my system32 folder and set up a pair of shortcuts on my desktop to set and release the DLL. I used a 4 digit ODD number for the port to send to my EQ box (7531), set SEQ with the same port number, and BAM. GTG.


It worked EXACTLY as expected from what I could tell. I launched the DLL and RUNDLL32 popped into the task manager, (the release hook dropped it as expected) Launched it again then started EQ with Task manager still up. the screen flickered and showed me the Task manager again after the slpash screens and RUNDLL32 was gone from the task manager BEFORE I got to my login screen. I logged in and started seeing pretty colors all over my SEQ screen.


Maggotboy, you have, in my eyes, saved SEQ. Thank you.

P.S. You're a genius also.

[guice]

Project > Settings > Link (tab) > Input (category) > "eqsniffer.def"

Uh? There's another method for adding the def file?! Ooops ... I've always added it via the Add to project > Files method.

I don't know if that makes any difference, but that's the only difference in my attempts to get this running.

That and I didn't do any of the Build debug stuff.

I'll have to play with it tonight when I get a chance. I'll post my findings, if anything different.

[Alwayslost]

I did both.

I know almost nothing about what I'm doing, that step may be completely redundant.

But I compiled it and it worked, so I was reporting the exact process I used to help those like myself. (I have about the same level of programming experience as I do landing the Space Shuttle)

I compiled 1.3 on a Win2k box and it ran on XP (I never launched EQ tho, but got no error when I launched it and the release worked fine)
I compiled 2.01 on WinXP and it worked fine, released fine and gave me colors is SEQ.



Side note:

I am a bit annoyed with the default selection of the (guilded lvl 0) "unknown" that appears in every zone, but I can live with it. In some zones like Nexus, by the time I'm finished zoning in this "BUG" has run off so far that the map has dropped in size to require me to use 25x zoom to see the full zone... Most weird.