Что нового?



  • Ищем качественного (не новичок) разработчиков Xenforo для этого форума! В идеале, чтобы ты был фулл стек программистом. Если у тебя есть что показать, то свяжись с нами по контактным данным: https://t.me/DREDD

Вопрос HkPostReceivedNetMessage always giving me invalid message id

Un1xCr3w
Начинающий
U
Начинающий
Статус
Оффлайн
Регистрация
11 Фев 2023
Сообщения
126
Реакции
3
hello iam using the hkPostReceivedNetMessage to get the network message
l
hkPostReceivedNetMessage message id:
Expand Collapse Copy 
// PostReceivedNetMessage hook callback
void NetChannel::hkPostReceivedNetMessage(INetChannel* thisptr, NetMessageHandle_t* messageHandle,
                                       void* msg, NetChannelBufType_t const* type, int bits) {
    typedef void (*PostReceivedNetMessageFn)(INetChannel*, NetMessageHandle_t*, void*, NetChannelBufType_t const*, int);
    auto original = reinterpret_cast<PostReceivedNetMessageFn>(oPostReceivedNetMessage);
 
    // Wrap everything in try-catch to prevent crashes
    try {
        Logger::LogInfo("[NetChannel] Entering hkPostReceivedNetMessage\n");
    
        // Add null checks to prevent crashes
        if (!messageHandle || !msg) {
            Logger::LogInfo("[NetChannel] Null messageHandle or msg, skipping\n");
            return original(thisptr, messageHandle, msg, type, bits);
        }
    
        Logger::LogInfo("[NetChannel] Got messageHandle and msg\n");
    
        short messageID = messageHandle->messageID;
    
        // Always print the message ID for debugging
        Logger::LogInfo("[NetChannel] Message ID: %d (0x%04X)\n", messageID, static_cast<unsigned short>(messageID));
    
        // Only log detailed debugging info for valid message IDs
        if (messageID > 0) {
            Logger::LogInfo("[NetChannel] messageHandle pointer: %p\n", static_cast<void*>(messageHandle));
            Logger::LogInfo("[NetChannel] messageHandle->unscopedName: %p\n", static_cast<void*>(const_cast<char*>(messageHandle->unscopedName)));
            Logger::LogInfo("[NetChannel] messageHandle->groupName: %p\n", static_cast<void*>(const_cast<char*>(messageHandle->groupName)));
            Logger::LogInfo("[NetChannel] messageHandle->protobufBinding: %p\n", static_cast<void*>(messageHandle->protobufBinding));
        }
    
        // Check if messageHandle appears to be valid
        if (messageID == -1 || messageID == 0xFFFF) {
            // Log invalid messages but skip processing
            Logger::LogInfo("[NetChannel] Skipping invalid message ID: %d\n", messageID);
            return original(thisptr, messageHandle, msg, type, bits);
        }
    
        // Skip high-frequency messages
        if (Skip(messageID)) {
            return original(thisptr, messageHandle, msg, type, bits);
        }
    
        // Log messages if enabled
        if (gNetworkMessageLogging) {
            MessageCounter++;
            float currentTime = static_cast<float>(GetTickCount()) / 1000.0f;
        
            // Log every 100th message to show progress
            if (MessageCounter % 100 == 0) {
                Logger::LogInfo("[NetChannel] Processed %d total messages, found %d valid ones\n",
                               MessageCounter, ValidMessageCounter);
            }
        
            // Only log messages with valid message IDs (greater than 0)
            if (messageID > 0) {
                ValidMessageCounter++;
                Logger::LogInfo("[NetChannel] [%d] VALID MESSAGE ID: %d (0x%04X)\n",
                               MessageCounter, messageID, messageID);
            
                // Log additional message details with null checks
                if (messageHandle->unscopedName) {
                    Logger::LogInfo("[NetChannel] Message name: %s\n", messageHandle->unscopedName);
                }
                if (messageHandle->groupName) {
                    Logger::LogInfo("[NetChannel] Message group: %s\n", messageHandle->groupName);
                }
                Logger::LogInfo("[NetChannel] Message bits: %d\n", bits);
            
                // Log raw message data for debugging
                Logger::LogInfo("[NetChannel] Raw message pointer: %p\n", static_cast<void*>(msg));
                if (msg) {
                    // Try to read the first few bytes of the message
                    unsigned char* msgBytes = static_cast<unsigned char*>(msg);
                    Logger::LogInfo("[NetChannel] First 16 bytes of message: ");
                    for (int i = 0; i < 16 && i < bits / 8; i++) {
                        Logger::LogInfo("%02X ", msgBytes[i]);
                    }
                    Logger::LogInfo("\n");
                }
            
                Logger::LogInfo("[NetChannel] --- End of valid message ---\n");
            }
        
            // Log progress every 1000 messages
            if (MessageCounter % 1000 == 0) {
                Logger::LogInfo("[NetChannel] Processed %d messages, found %d valid message IDs\n",
                               MessageCounter, ValidMessageCounter);
                float timeDiff = currentTime - LastLogTime;
                float rate = 1000.0f / timeDiff;
                Logger::LogInfo("[NetChannel] Message rate: %.2f msgs/sec\n", rate);
                LastLogTime = currentTime;
            }
        }
    
        // Only process specific message types if we have a local hero
        if (!LocalHero) {
            return original(thisptr, messageHandle, msg, type, bits);
        }
    
        // Process different message types
        Logger::LogInfo("[NetChannel] Processing message ID: %d\n", messageID);
    
        switch (messageID) {
            case DOTA_UM_TE_Projectile:
                ProcessProjectileMessage(messageHandle, msg);
                break;
            case DOTA_UM_TE_UnitAnimation:
                ProcessUnitAnimationMessage(messageHandle, msg);
                break;
            case DOTA_UM_CreateLinearProjectile:
                ProcessCreateLinearProjectileMessage(messageHandle, msg);
                break;
            case DOTA_UM_DestroyLinearProjectile:
                ProcessDestroyLinearProjectileMessage(messageHandle, msg);
                break;
            case UM_ParticleManager:
                ProcessParticleManagerMessage(messageHandle, msg);
                break;
        }
    
        // Call original function
        return original(thisptr, messageHandle, msg, type, bits);
    }
    catch (...) {
        // Log the crash and continue
        Logger::LogInfo("[NetChannel] Exception caught in hkPostReceivedNetMessage, continuing...\n");
        return original(thisptr, messageHandle, msg, type, bits);
    }
}

the response iam getting is always

Код:
Expand Collapse Copy 
[NetChannel] Skipping invalid message ID: -1
[NetChannel] Entering hkPostReceivedNetMessage
[NetChannel] Got messageHandle and msg
[NetChannel] Message ID: -1 (0xFFFF)
[NetChannel] Skipping invalid message ID: -1
[NetChannel] Entering hkPostReceivedNetMessage
[NetChannel] Got messageHandle and msg
[NetChannel] Message ID: -1 (0xFFFF)
[NetChannel] Skipping invalid message ID: -1
[NetChannel] Entering hkPostReceivedNetMessage
[NetChannel] Got messageHandle and msg
[NetChannel] Message ID: -1 (0xFFFF)
[NetChannel] Skipping invalid message ID: -1
[NetChannel] Entering hkPostReceivedNetMessage
[NetChannel] Got messageHandle and msg
[NetChannel] Message ID: -1 (0xFFFF)
[NetChannel] Skipping invalid message ID: -1
[NetChannel] Entering hkPostReceivedNetMessage
[NetChannel] Got messageHandle and msg
[NetChannel] Message ID: -1 (0xFFFF)
[NetChannel] Skipping invalid message ID: -1
[NetChannel] Entering hkPostReceivedNetMessage
[NetChannel] Got messageHandle and msg
[NetChannel] Message ID: -1 (0xFFFF)
[NetChannel] Skipping invalid message ID: -1[/CODE ]


   this is how iam getting the netchan and the hooks

[CODE]// 1. Get networksystem.dll handle
auto networksystem = GetModuleHandleA("networksystem.dll");

// 2. Get CreateInterface function
auto create_interface_fn = GetProcAddress(networksystem, "CreateInterface");

// 3. Get NetworkSystem interface using "NetworkSystemVersion001"
auto networkSystem = reinterpret_cast<CNetworkSystem* (*)(const char*, int*)>(create_interface_fn)
    ("NetworkSystemVersion001", &status);

// 4. Get CreateNetChannel function from NetworkSystem VTable (index 26)
void* createNetChannelFunc = Memory::GetVFunc<void*>(networkSystem, 26);

// 5. Create hook on CreateNetChannel
MH_CreateHook(createNetChannelFunc, &hkCreateNetChannel, &oCreateNetChannel);

// 6. Try to get existing NetChannel through NetworkClientService
auto engine2 = GetModuleHandleA("engine2.dll");
auto networkClientService = reinterpret_cast<CNetworkClientService* (*)(const char*, int*)>(create_interface_fn2)
    ("NetworkClientService_001", &status2);

// 7. Get existing NetChannel
INetChannel* existingNetChannel = networkClientService->GetNetChannel(0);

// 8. If found, hook PostReceivedNetMessage directly (vfunc index 86)
void* postReceivedNetMessageFunc = Memory::GetVFunc<void*>(existingNetChannel, 86);
MH_CreateHook(postReceivedNetMessageFunc, &hkPostReceivedNetMessage, &oPostReceivedNetMessage);


When CreateNetChannel is Called


Код:
Expand Collapse Copy 
// 9. When game calls CreateNetChannel, our hook intercepts it
INetChannel* NetChannel::hkCreateNetChannel(CNetworkSystem* thisptr, ...) {
    // Call original function to get the new NetChannel
    INetChannel* ret = original(thisptr, ...);
 
    // 10. Hook PostReceivedNetMessage on the NEW NetChannel
    // Try different vfunc indices (80-90) to find the right one
    for (int i = 80; i <= 90; i++) {
        postReceivedNetMessageFunc = Memory::GetVFunc<void*>(ret, i);
        if (postReceivedNetMessageFunc) {
            // Found it! Create the hook
            MH_CreateHook(postReceivedNetMessageFunc, &hkPostReceivedNetMessage, &oPostReceivedNetMessage);
            break;
        }
    }
}


PostReceivedNetMessage Hook

Код:
Expand Collapse Copy 
// 11. Now every network message goes through our hook
void NetChannel::hkPostReceivedNetMessage(INetChannel* thisptr, NetMessageHandle_t* messageHandle,
                                       google::protobuf::Message* msg, NetChannelBufType_t const* type, int bits) {
    // Process the message
    short messageID = messageHandle->messageID;
    // ... our processing logic
}



Key Points:
Two Approaches: We try both approaches to get NetChannel:
Primary: Hook CreateNetChannel and wait for it to be called
Fallback: Try to find existing NetChannel through NetworkClientService
VFunc Index Discovery: We try vfunc indices 80-90 because the exact index might vary between game versions
Interface Names: We use the same interface names as rip-crimson:
"NetworkSystemVersion001" from networksystem.dll
"NetworkClientService_001" from engine2.dll
Function Signature: The key fix was changing from void* msg to google::protobuf::Message* msg to match the actual function signature[/CODE]
 
Последнее редактирование:
Un1xCr3w написал(а):
hello iam using the hkPostReceivedNetMessage to get the network message
l
hkPostReceivedNetMessage message id:
Expand Collapse Copy 
// PostReceivedNetMessage hook callback
void NetChannel::hkPostReceivedNetMessage(INetChannel* thisptr, NetMessageHandle_t* messageHandle,
                                       void* msg, NetChannelBufType_t const* type, int bits) {
    typedef void (*PostReceivedNetMessageFn)(INetChannel*, NetMessageHandle_t*, void*, NetChannelBufType_t const*, int);
    auto original = reinterpret_cast<PostReceivedNetMessageFn>(oPostReceivedNetMessage);
 
    // Wrap everything in try-catch to prevent crashes
    try {
        Logger::LogInfo("[NetChannel] Entering hkPostReceivedNetMessage\n");
   
        // Add null checks to prevent crashes
        if (!messageHandle || !msg) {
            Logger::LogInfo("[NetChannel] Null messageHandle or msg, skipping\n");
            return original(thisptr, messageHandle, msg, type, bits);
        }
   
        Logger::LogInfo("[NetChannel] Got messageHandle and msg\n");
   
        short messageID = messageHandle->messageID;
   
        // Always print the message ID for debugging
        Logger::LogInfo("[NetChannel] Message ID: %d (0x%04X)\n", messageID, static_cast<unsigned short>(messageID));
   
        // Only log detailed debugging info for valid message IDs
        if (messageID > 0) {
            Logger::LogInfo("[NetChannel] messageHandle pointer: %p\n", static_cast<void*>(messageHandle));
            Logger::LogInfo("[NetChannel] messageHandle->unscopedName: %p\n", static_cast<void*>(const_cast<char*>(messageHandle->unscopedName)));
            Logger::LogInfo("[NetChannel] messageHandle->groupName: %p\n", static_cast<void*>(const_cast<char*>(messageHandle->groupName)));
            Logger::LogInfo("[NetChannel] messageHandle->protobufBinding: %p\n", static_cast<void*>(messageHandle->protobufBinding));
        }
   
        // Check if messageHandle appears to be valid
        if (messageID == -1 || messageID == 0xFFFF) {
            // Log invalid messages but skip processing
            Logger::LogInfo("[NetChannel] Skipping invalid message ID: %d\n", messageID);
            return original(thisptr, messageHandle, msg, type, bits);
        }
   
        // Skip high-frequency messages
        if (Skip(messageID)) {
            return original(thisptr, messageHandle, msg, type, bits);
        }
   
        // Log messages if enabled
        if (gNetworkMessageLogging) {
            MessageCounter++;
            float currentTime = static_cast<float>(GetTickCount()) / 1000.0f;
       
            // Log every 100th message to show progress
            if (MessageCounter % 100 == 0) {
                Logger::LogInfo("[NetChannel] Processed %d total messages, found %d valid ones\n",
                               MessageCounter, ValidMessageCounter);
            }
       
            // Only log messages with valid message IDs (greater than 0)
            if (messageID > 0) {
                ValidMessageCounter++;
                Logger::LogInfo("[NetChannel] [%d] VALID MESSAGE ID: %d (0x%04X)\n",
                               MessageCounter, messageID, messageID);
           
                // Log additional message details with null checks
                if (messageHandle->unscopedName) {
                    Logger::LogInfo("[NetChannel] Message name: %s\n", messageHandle->unscopedName);
                }
                if (messageHandle->groupName) {
                    Logger::LogInfo("[NetChannel] Message group: %s\n", messageHandle->groupName);
                }
                Logger::LogInfo("[NetChannel] Message bits: %d\n", bits);
           
                // Log raw message data for debugging
                Logger::LogInfo("[NetChannel] Raw message pointer: %p\n", static_cast<void*>(msg));
                if (msg) {
                    // Try to read the first few bytes of the message
                    unsigned char* msgBytes = static_cast<unsigned char*>(msg);
                    Logger::LogInfo("[NetChannel] First 16 bytes of message: ");
                    for (int i = 0; i < 16 && i < bits / 8; i++) {
                        Logger::LogInfo("%02X ", msgBytes[i]);
                    }
                    Logger::LogInfo("\n");
                }
           
                Logger::LogInfo("[NetChannel] --- End of valid message ---\n");
            }
       
            // Log progress every 1000 messages
            if (MessageCounter % 1000 == 0) {
                Logger::LogInfo("[NetChannel] Processed %d messages, found %d valid message IDs\n",
                               MessageCounter, ValidMessageCounter);
                float timeDiff = currentTime - LastLogTime;
                float rate = 1000.0f / timeDiff;
                Logger::LogInfo("[NetChannel] Message rate: %.2f msgs/sec\n", rate);
                LastLogTime = currentTime;
            }
        }
   
        // Only process specific message types if we have a local hero
        if (!LocalHero) {
            return original(thisptr, messageHandle, msg, type, bits);
        }
   
        // Process different message types
        Logger::LogInfo("[NetChannel] Processing message ID: %d\n", messageID);
   
        switch (messageID) {
            case DOTA_UM_TE_Projectile:
                ProcessProjectileMessage(messageHandle, msg);
                break;
            case DOTA_UM_TE_UnitAnimation:
                ProcessUnitAnimationMessage(messageHandle, msg);
                break;
            case DOTA_UM_CreateLinearProjectile:
                ProcessCreateLinearProjectileMessage(messageHandle, msg);
                break;
            case DOTA_UM_DestroyLinearProjectile:
                ProcessDestroyLinearProjectileMessage(messageHandle, msg);
                break;
            case UM_ParticleManager:
                ProcessParticleManagerMessage(messageHandle, msg);
                break;
        }
   
        // Call original function
        return original(thisptr, messageHandle, msg, type, bits);
    }
    catch (...) {
        // Log the crash and continue
        Logger::LogInfo("[NetChannel] Exception caught in hkPostReceivedNetMessage, continuing...\n");
        return original(thisptr, messageHandle, msg, type, bits);
    }
}

the response iam getting is always

Код:
Expand Collapse Copy 
[NetChannel] Skipping invalid message ID: -1
[NetChannel] Entering hkPostReceivedNetMessage
[NetChannel] Got messageHandle and msg
[NetChannel] Message ID: -1 (0xFFFF)
[NetChannel] Skipping invalid message ID: -1
[NetChannel] Entering hkPostReceivedNetMessage
[NetChannel] Got messageHandle and msg
[NetChannel] Message ID: -1 (0xFFFF)
[NetChannel] Skipping invalid message ID: -1
[NetChannel] Entering hkPostReceivedNetMessage
[NetChannel] Got messageHandle and msg
[NetChannel] Message ID: -1 (0xFFFF)
[NetChannel] Skipping invalid message ID: -1
[NetChannel] Entering hkPostReceivedNetMessage
[NetChannel] Got messageHandle and msg
[NetChannel] Message ID: -1 (0xFFFF)
[NetChannel] Skipping invalid message ID: -1
[NetChannel] Entering hkPostReceivedNetMessage
[NetChannel] Got messageHandle and msg
[NetChannel] Message ID: -1 (0xFFFF)
[NetChannel] Skipping invalid message ID: -1
[NetChannel] Entering hkPostReceivedNetMessage
[NetChannel] Got messageHandle and msg
[NetChannel] Message ID: -1 (0xFFFF)
[NetChannel] Skipping invalid message ID: -1[/CODE ]


   this is how iam getting the netchan and the hooks

[CODE]// 1. Get networksystem.dll handle
auto networksystem = GetModuleHandleA("networksystem.dll");

// 2. Get CreateInterface function
auto create_interface_fn = GetProcAddress(networksystem, "CreateInterface");

// 3. Get NetworkSystem interface using "NetworkSystemVersion001"
auto networkSystem = reinterpret_cast<CNetworkSystem* (*)(const char*, int*)>(create_interface_fn)
    ("NetworkSystemVersion001", &status);

// 4. Get CreateNetChannel function from NetworkSystem VTable (index 26)
void* createNetChannelFunc = Memory::GetVFunc<void*>(networkSystem, 26);

// 5. Create hook on CreateNetChannel
MH_CreateHook(createNetChannelFunc, &hkCreateNetChannel, &oCreateNetChannel);

// 6. Try to get existing NetChannel through NetworkClientService
auto engine2 = GetModuleHandleA("engine2.dll");
auto networkClientService = reinterpret_cast<CNetworkClientService* (*)(const char*, int*)>(create_interface_fn2)
    ("NetworkClientService_001", &status2);

// 7. Get existing NetChannel
INetChannel* existingNetChannel = networkClientService->GetNetChannel(0);

// 8. If found, hook PostReceivedNetMessage directly (vfunc index 86)
void* postReceivedNetMessageFunc = Memory::GetVFunc<void*>(existingNetChannel, 86);
MH_CreateHook(postReceivedNetMessageFunc, &hkPostReceivedNetMessage, &oPostReceivedNetMessage);


When CreateNetChannel is Called


Код:
Expand Collapse Copy 
// 9. When game calls CreateNetChannel, our hook intercepts it
INetChannel* NetChannel::hkCreateNetChannel(CNetworkSystem* thisptr, ...) {
    // Call original function to get the new NetChannel
    INetChannel* ret = original(thisptr, ...);
 
    // 10. Hook PostReceivedNetMessage on the NEW NetChannel
    // Try different vfunc indices (80-90) to find the right one
    for (int i = 80; i <= 90; i++) {
        postReceivedNetMessageFunc = Memory::GetVFunc<void*>(ret, i);
        if (postReceivedNetMessageFunc) {
            // Found it! Create the hook
            MH_CreateHook(postReceivedNetMessageFunc, &hkPostReceivedNetMessage, &oPostReceivedNetMessage);
            break;
        }
    }
}


PostReceivedNetMessage Hook

Код:
Expand Collapse Copy 
// 11. Now every network message goes through our hook
void NetChannel::hkPostReceivedNetMessage(INetChannel* thisptr, NetMessageHandle_t* messageHandle,
                                       google::protobuf::Message* msg, NetChannelBufType_t const* type, int bits) {
    // Process the message
    short messageID = messageHandle->messageID;
    // ... our processing logic
}



Key Points:
Two Approaches: We try both approaches to get NetChannel:
Primary: Hook CreateNetChannel and wait for it to be called
Fallback: Try to find existing NetChannel through NetworkClientService
VFunc Index Discovery: We try vfunc indices 80-90 because the exact index might vary between game versions
Interface Names: We use the same interface names as rip-crimson:
"NetworkSystemVersion001" from networksystem.dll
"NetworkClientService_001" from engine2.dll
Function Signature: The key fix was changing from void* msg to google::protobuf::Message* msg to match the actual function signature[/CODE]
Нажмите для раскрытия...
just trying 80-90 programmaticaly and seeing what works and what doesn't is a really dumb heuristic. you do realize that those 10 functions have different interfaces(parameter types, return types, etc.), right? not all of them are compatible with your hook. also why are you hooking channel creation if you're not doing shadow vmt(vtable ptr swap) or anything similar? you can get the vtable from an existing channel or even from a signature to an xref to the vtable(such as inside the constructor or destructor)
also PostReceivedNetMessage doesn't even exist anymore... try searching for PostReceivedNetMessage on this forum and you'll see
 
Liberalist написал(а):
just trying 80-90 programmatically and seeing what works and what doesn't is a really dumb heuristic. you do realize that those 10 functions have different interfaces(parameter types, return types, etc.), right? not all of them are compatible with your hook. also why are you hooking channel creation if you're not doing shadow vmt(vtable ptr swap) or anything similar? you can get the vtable from an existing channel or even from a signature to an xref to the vtable(such as inside the constructor or destructor)
also PostReceivedNetMessage doesn't even exist anymore... try searching for PostReceivedNetMessage on this forum and you'll see
Нажмите для раскрытия...
i do understand but as i cant reverse i will be really glade if u redirected me to the why on how to get the netchan postreceivednetmessage etc ...

right now i have found it

CNetworkSystem: 00007FFBC58A7B20
CNetworkMessages: 00007FFBC58B61C0

but i can't move after that please help

1755538219015.png


does it change ?
 
Последнее редактирование:
Un1xCr3w написал(а):
i do understand but as i cant reverse i will be really glade if u redirected me to the why on how to get the netchan postreceivednetmessage etc ...

right now i have found it

CNetworkSystem: 00007FFBC58A7B20
CNetworkMessages: 00007FFBC58B61C0

but i can't move after that please help

Посмотреть вложение 313616

does it change ?
Нажмите для раскрытия...
again, postreceivednetmessage had been removed over a year ago
did you not bother to make a search for "postreceivednetmessage"?

PostReceivedNetMessage new idx?

PostReceivedNetMessage new idx?
yougame.biz yougame.biz
there are also several netchans, you only need the one that's related to the in-game match(everything is in the linked post(and the links inside it))
 
iam not depending on the postreceivednetmessage anymore iam using the filter but i saw that u are getting something called filter_LIFETIME_MANGED_BY_INVOKER

here are the logs
C++:
Expand Collapse Copy 
[NetChannel] Initializing network hooks...
[NetChannel] MinHook already initialized, continuing...
[NetChannel] Loading network interfaces...
[NetChannel] Network interfaces loaded successfully:
[NetChannel] CNetworkSystem: 00007FFB252B7B20
[NetChannel] CNetworkMessages: 00007FFB252C61C0
[NetChannel] Got NetworkSystem interface
[NetChannel] CreateNetChannel hook created successfully
[NetChannel] Got NetworkClientService interface
[NetChannel] Found existing CNetChan: 000002685ADC6D40
[NetChannel] About to call RegisterFilter...
[NetChannel] Finding vtable indices for RegisterFilter...
[CNetChan] CNetChan.cpp compiled and loaded successfully!
[CNetChan] ===== FindVTableIndices CALLED =====
[CNetChan] Searching for RegisterFilter/UnregisterFilter vtable indexes...
[CNetChan] Instance address: 000002685ADC6D40
[CNetChan] VTable address: 00007FFB2524DD90
[CNetChan] Starting dynamic vtable scan...
[CNetChan] Potential RegisterFilter at index 7: 00007FFB250D8770 (bytes: 48 83 EC 28)
[CNetChan] Found potential RegisterFilter at index 7
[CNetChan] Using indices: RegisterFilter=7, UnregisterFilter=8
[CNetChan] ===== FindVTableIndices SUCCESS =====
[NetChannel] Vtable indices found: SUCCESS
[NetChannel] Getting NetworkMessageFilter instance...
[NetChannel] NetworkMessageFilter instance: 00000267E3EA21D0
[NetChannel] Calling chan->RegisterFilter(*filter)...
[CNetChan] Using dynamic index 7: 00007FFB250D8770
[CNetChan] Parameters: this=000002685ADC6D40, filter=00000267E3EA21D0
[CNetChan] Function first byte: 0x48
[CNetChan] RegisterFilter function call completed successfully
[NetChannel] RegisterFilter call completed successfully
[NetChannel] Registered pre-filter on CNetChan
[NetChannel] TEST: Filter registration completed - messages should now be intercepted!
[NetChannel] Network hooks initialized successfully
Network hooks initialized successfully
=== Initializing Library System ===
Module [client.dll] => [00007FFAB8B60000]
 CreateInterface => [00007FFABBB75B40]
Module [engine2.dll] => [00007FFB750A0000]
 CreateInterface => [00007FFB75489AB0]
Module [tier0.dll] => [00007FFB777F0000]
 CreateInterface => [00007FFB77A05760]
Module [particles.dll] => [00007FFB00C80000]
 CreateInterface => [00007FFB010462C0]
Module [panorama.dll] => [00007FFAFB540000]
 CreateInterface => [00007FFAFB8B2930]
Module [networksystem.dll] => [00007FFB25030000]
 CreateInterface => [00007FFB251DCE60]
Module [resourcesystem.dll] => [00007FFBCC820000]
 CreateInterface => [00007FFBCC85EA60]
Modules loaded successfully
[NetworkSystemVersion001] => [00007FFB252B7B20]
[!] Interface [NetworkSystemVersion001] Has Changed!
[!] VMs 0 => 100
[NetworkMessagesVersion001] => [00007FFB252C61C0]
[!] Interface [NetworkMessagesVersion001] Has Changed!
[!] VMs 0 => 100
Network interfaces loaded:
  CNetworkSystem: 00007FFB252B7B20
  CNetworkMessages: 00007FFB252C61C0
Interfaces loaded successfully
=== Library System Initialized Successfully ===


but when i got to the address found for the RegisterFilter which is index 7 in the VT with address 00007FFB250D8770

and set a breakpoint in the cheatengine nothing triggers it at all but when i look at the 00000267E3EA21D0 i get it correct it is of type NetworkMessageFilter

but still no messages are being displayed in the logs at all !

i dont really know what iam currently missing :(
 
Un1xCr3w написал(а):
iam not depending on the postreceivednetmessage anymore iam using the filter but i saw that u are getting something called filter_LIFETIME_MANGED_BY_INVOKER

here are the logs
C++:
Expand Collapse Copy 
[NetChannel] Initializing network hooks...
[NetChannel] MinHook already initialized, continuing...
[NetChannel] Loading network interfaces...
[NetChannel] Network interfaces loaded successfully:
[NetChannel] CNetworkSystem: 00007FFB252B7B20
[NetChannel] CNetworkMessages: 00007FFB252C61C0
[NetChannel] Got NetworkSystem interface
[NetChannel] CreateNetChannel hook created successfully
[NetChannel] Got NetworkClientService interface
[NetChannel] Found existing CNetChan: 000002685ADC6D40
[NetChannel] About to call RegisterFilter...
[NetChannel] Finding vtable indices for RegisterFilter...
[CNetChan] CNetChan.cpp compiled and loaded successfully!
[CNetChan] ===== FindVTableIndices CALLED =====
[CNetChan] Searching for RegisterFilter/UnregisterFilter vtable indexes...
[CNetChan] Instance address: 000002685ADC6D40
[CNetChan] VTable address: 00007FFB2524DD90
[CNetChan] Starting dynamic vtable scan...
[CNetChan] Potential RegisterFilter at index 7: 00007FFB250D8770 (bytes: 48 83 EC 28)
[CNetChan] Found potential RegisterFilter at index 7
[CNetChan] Using indices: RegisterFilter=7, UnregisterFilter=8
[CNetChan] ===== FindVTableIndices SUCCESS =====
[NetChannel] Vtable indices found: SUCCESS
[NetChannel] Getting NetworkMessageFilter instance...
[NetChannel] NetworkMessageFilter instance: 00000267E3EA21D0
[NetChannel] Calling chan->RegisterFilter(*filter)...
[CNetChan] Using dynamic index 7: 00007FFB250D8770
[CNetChan] Parameters: this=000002685ADC6D40, filter=00000267E3EA21D0
[CNetChan] Function first byte: 0x48
[CNetChan] RegisterFilter function call completed successfully
[NetChannel] RegisterFilter call completed successfully
[NetChannel] Registered pre-filter on CNetChan
[NetChannel] TEST: Filter registration completed - messages should now be intercepted!
[NetChannel] Network hooks initialized successfully
Network hooks initialized successfully
=== Initializing Library System ===
Module [client.dll] => [00007FFAB8B60000]
 CreateInterface => [00007FFABBB75B40]
Module [engine2.dll] => [00007FFB750A0000]
 CreateInterface => [00007FFB75489AB0]
Module [tier0.dll] => [00007FFB777F0000]
 CreateInterface => [00007FFB77A05760]
Module [particles.dll] => [00007FFB00C80000]
 CreateInterface => [00007FFB010462C0]
Module [panorama.dll] => [00007FFAFB540000]
 CreateInterface => [00007FFAFB8B2930]
Module [networksystem.dll] => [00007FFB25030000]
 CreateInterface => [00007FFB251DCE60]
Module [resourcesystem.dll] => [00007FFBCC820000]
 CreateInterface => [00007FFBCC85EA60]
Modules loaded successfully
[NetworkSystemVersion001] => [00007FFB252B7B20]
[!] Interface [NetworkSystemVersion001] Has Changed!
[!] VMs 0 => 100
[NetworkMessagesVersion001] => [00007FFB252C61C0]
[!] Interface [NetworkMessagesVersion001] Has Changed!
[!] VMs 0 => 100
Network interfaces loaded:
  CNetworkSystem: 00007FFB252B7B20
  CNetworkMessages: 00007FFB252C61C0
Interfaces loaded successfully
=== Library System Initialized Successfully ===


but when i got to the address found for the RegisterFilter which is index 7 in the VT with address 00007FFB250D8770

and set a breakpoint in the cheatengine nothing triggers it at all but when i look at the 00000267E3EA21D0 i get it correct it is of type NetworkMessageFilter

but still no messages are being displayed in the logs at all !

i dont really know what iam currently missing :(
Нажмите для раскрытия...
filter_LIFETIME_MANGED_BY_INVOKER is an invoker-provided and invoker-managed filter instance(the invoker is whoever invokes the function - that is YOU, i.e. you're responsible for keeping the instance alive for as long as it's needed(until unregistered or netchan destruction), i.e. it does not take ownership of the filter(just make it a static variable))
a filter is any virtual class instance that implements the INetworkMessageProcessingPreFilter interface(i.e. any object that has a vtable inside of which there is a function at index 0 with the expected interface EFilterResult(*)(CNetMessage*, CNetChan*)). you don't "get" the filter you implement it yourself, the game just expects an interface, it gives you a message(and a channel, you can ignore it if you're only registering within a single channel) and you do what you need with it and return a boolean that tells the game whether or not this packet should be dropped
and no, RegisterFilter is not at index 7...
 
ok iam thinking of something that can dynamically get the index ( because i cant reverse engineering at all )
iam gonna build something that look for the function that the parameter addresses matches the RTTI name that the function take

what do u think of this approach ?
 
Un1xCr3w написал(а):
ok iam thinking of something that can dynamically get the index ( because i cant reverse engineering at all )
iam gonna build something that look for the function that the parameter addresses matches the RTTI name that the function take

what do u think of this approach ?
Нажмите для раскрытия...
stop inventing these bullshit "approaches" and find the index statically in the debugger/ida
search for "CL: CNetworkGameClientBase::Connect() calling SetSignonState( SIGNONSTATE_CONNECTED )\n" string xref inside engine2.dll
then scroll up a little bit, nagivate inside the function that invokes RegisterFilter, and then observe exactly how it invokes it(it uses the index(multiplied by 8) - which you can calculate from the invocation). just try it
Код:
Expand Collapse Copy 
/*
    target function assembly:
        00007FFCEF8898F0 | 48:896C24 18             | mov qword ptr ss:[rsp+18],rbp
        00007FFCEF8898F5 | 57                       | push rdi
        00007FFCEF8898F6 | 41:56                    | push r14
        00007FFCEF8898F8 | 41:57                    | push r15
        00007FFCEF8898FA | 48:83EC 20               | sub rsp,20
        00007FFCEF8898FE | 4C:63B9 C0750000         | movsxd r15,dword ptr ds:[rcx+75C0]
        00007FFCEF889905 | 48:8DB9 C8750000         | lea rdi,qword ptr ds:[rcx+75C8]
        00007FFCEF88990C | 45:33C0                  | xor r8d,r8d
        00007FFCEF88990F | 48:8BEA                  | mov rbp,rdx
        00007FFCEF889912 | 4C:8BF1                  | mov r14,rcx
        00007FFCEF889915 | 45:85FF                  | test r15d,r15d
        00007FFCEF889918 | 7E 26                    | jle networksystem.7FFCEF889940
        00007FFCEF88991A | 48:8B07                  | mov rax,qword ptr ds:[rdi]
        00007FFCEF88991D | 41:8BD0                  | mov edx,r8d
        00007FFCEF889920 | 48:3928                  | cmp qword ptr ds:[rax],rbp
        00007FFCEF889923 | 74 11                    | je networksystem.7FFCEF889936
        00007FFCEF889925 | 41:FFC0                  | inc r8d
        00007FFCEF889928 | 48:FFC2                  | inc rdx
        00007FFCEF88992B | 48:83C0 08               | add rax,8
        00007FFCEF88992F | 49:3BD7                  | cmp rdx,r15
        00007FFCEF889932 | 7C EC                    | jl networksystem.7FFCEF889920
        00007FFCEF889934 | EB 0A                    | jmp networksystem.7FFCEF889940
        00007FFCEF889936 | 41:83F8 FF               | cmp r8d,FFFFFFFF
        00007FFCEF88993A | 0F85 D0000000            | jne networksystem.7FFCEF889A10
        00007FFCEF889940 | 44:3BB9 D0750000         | cmp r15d,dword ptr ds:[rcx+75D0]
        00007FFCEF889947 | 0F85 B5000000            | jne networksystem.7FFCEF889A02
        00007FFCEF88994D | F747 0C 00000040         | test dword ptr ds:[rdi+C],40000000
        00007FFCEF889954 | 0F85 A8000000            | jne networksystem.7FFCEF889A02
        00007FFCEF88995A | 8B4F 08                  | mov ecx,dword ptr ds:[rdi+8]
        00007FFCEF88995D | 48:895C24 40             | mov qword ptr ss:[rsp+40],rbx
        00007FFCEF889962 | 48:897424 48             | mov qword ptr ss:[rsp+48],rsi
        00007FFCEF889967 | 81F9 FEFFFF7F            | cmp ecx,dbghelp.7FFFFFFE
        00007FFCEF88996D | 7E 0B                    | jle networksystem.7FFCEF88997A
        00007FFCEF88996F | BA 01000000              | mov edx,1
        00007FFCEF889974 | FF15 4E7F1300            | call qword ptr ds:[<&UtlMemory_FailedAllocation>]
        00007FFCEF88997A | 8B4F 08                  | mov ecx,dword ptr ds:[rdi+8]
        00007FFCEF88997D | 41:B9 08000000           | mov r9d,8

    invoker:
        00007FFCF5D106A0 | 48:895C24 10             | mov qword ptr ss:[rsp+10],rbx
        00007FFCF5D106A5 | 48:897424 18             | mov qword ptr ss:[rsp+18],rsi
        00007FFCF5D106AA | 48:897C24 20             | mov qword ptr ss:[rsp+20],rdi
        00007FFCF5D106AF | 55                       | push rbp
        00007FFCF5D106B0 | 41:56                    | push r14
        00007FFCF5D106B2 | 41:57                    | push r15
        00007FFCF5D106B4 | 48:8BEC                  | mov rbp,rsp
        00007FFCF5D106B7 | 48:83EC 50               | sub rsp,50
        00007FFCF5D106BB | 48:8BF9                  | mov rdi,rcx
        00007FFCF5D106BE | 48:8BDA                  | mov rbx,rdx
        00007FFCF5D106C1 | 48:8B0D C8385200         | mov rcx,qword ptr ds:[7FFCF6233F90]
        00007FFCF5D106C8 | 45:33FF                  | xor r15d,r15d
        00007FFCF5D106CB | 48:85FF                  | test rdi,rdi
        00007FFCF5D106CE | 48:8D57 18               | lea rdx,qword ptr ds:[rdi+18]
        00007FFCF5D106D2 | 48:8B01                  | mov rax,qword ptr ds:[rcx]
        00007FFCF5D106D5 | 49:0F44D7                | cmove rdx,r15
        00007FFCF5D106D9 | FF90 20010000            | call qword ptr ds:[rax+120]
        00007FFCF5D106DF | 48:8B03                  | mov rax,qword ptr ds:[rbx]
        00007FFCF5D106E2 | 48:8BCB                  | mov rcx,rbx
        00007FFCF5D106E5 | FF90 D0010000            | call qword ptr ds:[rax+1D0]
        00007FFCF5D106EB | 48:893D AE044C00         | mov qword ptr ds:[7FFCF61D0BA0],rdi
        00007FFCF5D106F2 | 48:8D15 9F044C00         | lea rdx,qword ptr ds:[7FFCF61D0B98]
        00007FFCF5D106F9 | 48:8B03                  | mov rax,qword ptr ds:[rbx]
        00007FFCF5D106FC | 48:8BCB                  | mov rcx,rbx
        00007FFCF5D106FF | FF90 18020000            | call qword ptr ds:[rax+218]                               <---- invocation here
        00007FFCF5D10705 | 48:8D05 F0180200         | lea rax,qword ptr ds:[7FFCF5D31FFC]
        00007FFCF5D1070C | 48:8BCF                  | mov rcx,rdi
        00007FFCF5D1070F | 48:8945 F8               | mov qword ptr ss:[rbp-8],rax
        00007FFCF5D10713 | E8 0877FFFF              | call engine2.7FFCF5D07E20
        00007FFCF5D10718 | 48:8B0D 79385200         | mov rcx,qword ptr ds:[7FFCF6233F98]
        00007FFCF5D1071F | 48:8D77 28               | lea rsi,qword ptr ds:[rdi+28]

    invoker xref:
        00007FFCF5D12374 | 48:63DA                  | movsxd rbx,edx
        00007FFCF5D12377 | 48:8D15 3ABC3F00         | lea rdx,qword ptr ds:[7FFCF610DFB8]                 | 00007FFCF610DFB8:"server"
        00007FFCF5D1237E | C74424 30 01000000       | mov dword ptr ss:[rsp+30],1
        00007FFCF5D12386 | C74424 28 02000000       | mov dword ptr ss:[rsp+28],2
        00007FFCF5D1238E | 48:8B01                  | mov rax,qword ptr ds:[rcx]
        00007FFCF5D12391 | 48:895424 20             | mov qword ptr ss:[rsp+20],rdx
        00007FFCF5D12396 | 41:8BD2                  | mov edx,r10d
        00007FFCF5D12399 | FF90 B0000000            | call qword ptr ds:[rax+B0]
        00007FFCF5D1239F | 48:8BD0                  | mov rdx,rax
        00007FFCF5D123A2 | 48:8BCE                  | mov rcx,rsi
        00007FFCF5D123A5 | 48:8BF8                  | mov rdi,rax
        00007FFCF5D123A8 | E8 F3E2FFFF              | call engine2.7FFCF5D106A0                            <---- calls invoker
        00007FFCF5D123AD | 48:8D4B 0A               | lea rcx,qword ptr ds:[rbx+A]
        00007FFCF5D123B1 | 48:8D0C49                | lea rcx,qword ptr ds:[rcx+rcx*2]
        00007FFCF5D123B5 | 48:893CCE                | mov qword ptr ds:[rsi+rcx*8],rdi
        00007FFCF5D123B9 | 48:8B0D D01B5200         | mov rcx,qword ptr ds:[7FFCF6233F90]
        00007FFCF5D123C0 | C786 4C020000 FFFFFFFF   | mov dword ptr ds:[rsi+24C],FFFFFFFF
        00007FFCF5D123CA | 48:8B01                  | mov rax,qword ptr ds:[rcx]
        00007FFCF5D123CD | FF90 D8000000            | call qword ptr ds:[rax+D8]
        00007FFCF5D123D3 | 8B0D F7B65300            | mov ecx,dword ptr ds:[7FFCF624DAD0]
        00007FFCF5D123D9 | 0F57C9                   | xorps xmm1,xmm1
        00007FFCF5D123DC | F2:0F5AC8                | cvtsd2ss xmm1,xmm0
        00007FFCF5D123E0 | BA 01000000              | mov edx,1
        00007FFCF5D123E5 | F3:0F118E 50020000       | movss dword ptr ds:[rsi+250],xmm1
        00007FFCF5D123ED | FF15 35F43800            | call qword ptr ds:[<&LoggingSystem_IsChannelEnabled>]
        00007FFCF5D123F3 | 84C0                     | test al,al
        00007FFCF5D123F5 | 74 18                    | je engine2.7FFCF5D1240F
        00007FFCF5D123F7 | 8B0D D3B65300            | mov ecx,dword ptr ds:[7FFCF624DAD0]
        00007FFCF5D123FD | 4C:8D05 CCBC3F00         | lea r8,qword ptr ds:[7FFCF610E0D0]                  | 00007FFCF610E0D0:"CL:  CNetworkGameClientBase::Connect() calling SetSignonState( SIGNONSTATE_CONNECTED )\n"
        00007FFCF5D12404 | BA 01000000              | mov edx,1
        00007FFCF5D12409 | FF15 11F43800            | call qword ptr ds:[<&LoggingSystem_Log>]
        00007FFCF5D1240F | 48:8B06                  | mov rax,qword ptr ds:[rsi]
        00007FFCF5D12412 | 45:33C9                  | xor r9d,r9d
        00007FFCF5D12415 | 48:8BCE                  | mov rcx,rsi
    */
 
Liberalist написал(а):
stop inventing these bullshit "approaches" and find the index statically in the debugger/ida
search for "CL: CNetworkGameClientBase::Connect() calling SetSignonState( SIGNONSTATE_CONNECTED )\n" string xref inside engine2.dll
then scroll up a little bit, nagivate inside the function that invokes RegisterFilter, and then observe exactly how it invokes it(it uses the index(multiplied by 8) - which you can calculate from the invocation). just try it
Код:
Expand Collapse Copy 
/*
    target function assembly:
        00007FFCEF8898F0 | 48:896C24 18 | mov qword ptr ss:[rsp+18],rbp
        00007FFCEF8898F5 | 57 | push rdi
        00007FFCEF8898F6 | 41:56 | push r14
        00007FFCEF8898F8 | 41:57 | push r15
        00007FFCEF8898FA | 48:83EC 20 | sub rsp,20
        00007FFCEF8898FE | 4C:63B9 C0750000 | movsxd r15,dword ptr ds:[rcx+75C0]
        00007FFCEF889905 | 48:8DB9 C8750000 | lea rdi,qword ptr ds:[rcx+75C8]
        00007FFCEF88990C | 45:33C0 | xor r8d,r8d
        00007FFCEF88990F | 48:8BEA | mov rbp,rdx
        00007FFCEF889912 | 4C:8BF1 | mov r14,rcx
        00007FFCEF889915 | 45:85FF | test r15d,r15d
        00007FFCEF889918 | 7E 26 | jle networksystem.7FFCEF889940
        00007FFCEF88991A | 48:8B07 | mov rax,qword ptr ds:[rdi]
        00007FFCEF88991D | 41:8BD0 | mov edx,r8d
        00007FFCEF889920 | 48:3928 | cmp qword ptr ds:[rax],rbp
        00007FFCEF889923 | 74 11 | je networksystem.7FFCEF889936
        00007FFCEF889925 | 41:FFC0 | inc r8d
        00007FFCEF889928 | 48:FFC2 | inc rdx
        00007FFCEF88992B | 48:83C0 08 | add rax,8
        00007FFCEF88992F | 49:3BD7 | cmp rdx,r15
        00007FFCEF889932 | 7CEC | jl networksystem.7FFCEF889920
        00007FFCEF889934 | EB 0A | jmp networksystem.7FFCEF889940
        00007FFCEF889936 | 41:83F8 FF | cmp r8d,FFFFFFFF
        00007FFCEF88993A | 0F85 D0000000 | jne networksystem.7FFCEF889A10
        00007FFCEF889940 | 44:3BB9 D0750000 | cmp r15d,dword ptr ds:[rcx+75D0]
        00007FFCEF889947 | 0F85 B5000000 | jne networksystem.7FFCEF889A02
        00007FFCEF88994D | F747 0C 00000040 | test dword ptr ds:[rdi+C],40000000
        00007FFCEF889954 | 0F85 A8000000 | jne networksystem.7FFCEF889A02
        00007FFCEF88995A | 8B4F 08 | mov ecx,dword ptr ds:[rdi+8]
        00007FFCEF88995D | 48:895C24 40 | mov qword ptr ss:[rsp+40],rbx
        00007FFCEF889962 | 48:897424 48 | mov qword ptr ss:[rsp+48],rsi
        00007FFCEF889967 | 81F9 FEFFFF7F | cmp ecx,dbghelp.7FFFFFFFE
        00007FFCEF88996D | 7E 0B | jle networksystem.7FFCEF88997A
        00007FFCEF88996F | BA 01000000 | mov edx,1
        00007FFCEF889974 | FF15 4E7F1300 | call qword ptr ds:[<&UtlMemory_FailedAllocation>]
        00007FFCEF88997A | 8B4F 08 | mov ecx,dword ptr ds:[rdi+8]
        00007FFCEF88997D | 41:B9 08000000 | mov r9d,8

    invoker:
        00007FFCF5D106A0 | 48:895C24 10 | mov qword ptr ss:[rsp+10],rbx
        00007FFCF5D106A5 | 48:897424 18 | mov qword ptr ss:[rsp+18],rsi
        00007FFCF5D106AA | 48:897C24 20 | mov qword ptr ss:[rsp+20],rdi
        00007FFCF5D106AF | 55 | push rbp
        00007FFCF5D106B0 | 41:56 | push r14
        00007FFCF5D106B2 | 41:57 | push r15
        00007FFCF5D106B4 | 48:8BEC | mov rbp,rsp
        00007FFCF5D106B7 | 48:83EC 50 | sub rsp.50
        00007FFCF5D106BB | 48:8BF9 | mov rdi,rcx
        00007FFCF5D106BE | 48:8BDA | mov rbx,rdx
        00007FFCF5D106C1 | 48:8B0D C8385200 | mov rcx,qword ptr ds:[7FFCF6233F90]
        00007FFCF5D106C8 | 45:33FF | xor r15d,r15d
        00007FFCF5D106CB | 48:85FF | test rdi,rdi
        00007FFCF5D106CE | 48:8D57 18 | lea rdx,qword ptr ds:[rdi+18]
        00007FFCF5D106D2 | 48:8B01 | mov rax,qword ptr ds:[rcx]
        00007FFCF5D106D5 | 49:0F44D7 | cmove rdx,r15
        00007FFCF5D106D9 | FF90 20010000 | call qword ptr ds:[rax+120]
        00007FFCF5D106DF | 48:8B03 | mov rax,qword ptr ds:[rbx]
        00007FFCF5D106E2 | 48:8BCB | mov rcx,rbx
        00007FFCF5D106E5 | FF90 D0010000 | call qword ptr ds:[rax+1D0]
        00007FFCF5D106EB | 48:893D AE044C00 | mov qword ptr ds:[7FFCF61D0BA0],rdi
        00007FFCF5D106F2 | 48:8D15 9F044C00 | lea rdx,qword ptr ds:[7FFCF61D0B98]
        00007FFCF5D106F9 | 48:8B03 | mov rax,qword ptr ds:[rbx]
        00007FFCF5D106FC | 48:8BCB | mov rcx,rbx
        00007FFCF5D106FF | FF90 18020000 | call qword ptr ds:[rax+218] <---- invocation here
        00007FFCF5D10705 | 48:8D05 F0180200 | lea rax,qword ptr ds:[7FFCF5D31FFC]
        00007FFCF5D1070C | 48:8BCF | mov rcx,rdi
        00007FFCF5D1070F | 48:8945 F8 | mov qword ptr ss:[rbp-8],rax
        00007FFCF5D10713 | E8 0877FFFF | call engine2.7FFCF5D07E20
        00007FFCF5D10718 | 48:8B0D 79385200 | mov rcx,qword ptr ds:[7FFCF6233F98]
        00007FFCF5D1071F | 48:8D77 28 | lea rsi,qword ptr ds:[rdi+28]

    invoker xref:
        00007FFCF5D12374 | 48:63DA | movsxd rbx,edx
        00007FFCF5D12377 | 48:8D15 3ABC3F00 | lea rdx,qword ptr ds:[7FFCF610DFB8] | 00007FFCF610DFB8:"server"
        00007FFCF5D1237E | C74424 30 01000000 | mov dword ptr ss:[rsp+30],1
        00007FFCF5D12386 | C74424 28 02000000 | mov dword ptr ss:[rsp+28],2
        00007FFCF5D1238E | 48:8B01 | mov rax,qword ptr ds:[rcx]
        00007FFCF5D12391 | 48:895424 20 | mov qword ptr ss:[rsp+20],rdx
        00007FFCF5D12396 | 41:8BD2 | mov edx,r10d
        00007FFCF5D12399 | FF90 B0000000 | call qword ptr ds:[rax+B0]
        00007FFCF5D1239F | 48:8BD0 | mov rdx,rax
        00007FFCF5D123A2 | 48:8BCE | mov rcx,rsi
        00007FFCF5D123A5 | 48:8BF8 | mov rdi,rax
        00007FFCF5D123A8 | E8 F3E2FFFF | call engine2.7FFCF5D106A0 <---- calls invoker
        00007FFCF5D123AD | 48:8D4B 0A | lea rcx,qword ptr ds:[rbx+A]
        00007FFCF5D123B1 | 48:8D0C49 | lea rcx,qword ptr ds:[rcx+rcx*2]
        00007FFCF5D123B5 | 48:893CCE | mov qword ptr ds:[rsi+rcx*8],rdi
        00007FFCF5D123B9 | 48:8B0D D01B5200 | mov rcx,qword ptr ds:[7FFCF6233F90]
        00007FFCF5D123C0 | C786 4C020000 FFFFFFFF | mov dword ptr ds:[rsi+24C],FFFFFFFF
        00007FFCF5D123CA | 48:8B01 | mov rax,qword ptr ds:[rcx]
        00007FFCF5D123CD | FF90 D8000000 | call qword ptr ds:[rax+D8]
        00007FFCF5D123D3 | 8B0D F7B65300 | mov ecx,dword ptr ds:[7FFCF624DAD0]
        00007FFCF5D123D9 | 0F57C9 | xorps xmm1,xmm1
        00007FFCF5D123DC | F2:0F5AC8 | cvtsd2ss xmm1,xmm0
        00007FFCF5D123E0 | BA 01000000 | mov edx,1
        00007FFCF5D123E5 | F3:0F118E 50020000 | movss dword ptr ds:[rsi+250],xmm1
        00007FFCF5D123ED | FF15 35F43800 | call qword ptr ds:[<&LoggingSystem_IsChannelEnabled>]
        00007FFCF5D123F3 | 84C0 | test al,al
        00007FFCF5D123F5 | 74 18 | je engine2.7FFCF5D1240F
        00007FFCF5D123F7 | 8B0D D3B65300 | mov ecx,dword ptr ds:[7FFCF624DAD0]
        00007FFCF5D123FD | 4C:8D05 CCBC3F00 | lea r8,qword ptr ds:[7FFCF610E0D0] | 00007FFCF610E0D0:"CL: CNetworkGameClientBase::Connect() calling SetSignonState( SIGNONSTATE_CONNECTED )\n"
        00007FFCF5D12404 | BA 01000000 | mov edx,1
        00007FFCF5D12409 | FF15 11F43800 | call qword ptr ds:[<&LoggingSystem_Log>]
        00007FFCF5D1240F | 48:8B06 | mov rax,qword ptr ds:[rsi]
        00007FFCF5D12412 | 45:33C9 | xor r9d,r9d
        00007FFCF5D12415 | 48:8BCE | mov rcx,rsi
    */
Нажмите для раскрытия...
after trying this the correct index is 22 right ?? :D
 
lol finally it's index 74 now iam getting something like
this
C++:
Expand Collapse Copy 
[NetworkFilter] ===== MESSAGE INTERCEPTED =====
[NetworkFilter] Message pointer: 0000021A72091200
[NetworkFilter] Channel pointer: 0000021A6C2D93C0
[NetworkFilter] Filter called 1950 times
[NetworkFilter] GetSerializer() result: 00000219989849C0
[NetworkFilter] Message ID: 4
[NetworkFilter] Message Name: CNETMsg_Tick [4]
[NetworkFilter] Group Name: Game Engine
[NetworkFilter] Group ID: 0
[NetworkFilter] Category Mask: 0x00000006
[NetworkFilter] Default Buffer Type: 0
[NetworkFilter] Protobuf Binding: 00007FFB25955EE8
[NetworkFilter] ===== END MESSAGE =====
[NetworkFilter] ===== MESSAGE INTERCEPTED =====
[NetworkFilter] Message pointer: 0000021A8074B1E0
[NetworkFilter] Channel pointer: 0000021A6C2D93C0
[NetworkFilter] Filter called 1951 times
[NetworkFilter] GetSerializer() result: 000002199893B1C0
[NetworkFilter] Message ID: 55
[NetworkFilter] Message Name: CSVCMsg_PacketEntities [55]
[NetworkFilter] Group Name: Unknown
[NetworkFilter] Group ID: 0
[NetworkFilter] Category Mask: 0x00000002
[NetworkFilter] Default Buffer Type: 0
[NetworkFilter] Protobuf Binding: 00007FFB25955B90
[NetworkFilter] ===== END MESSAGE =====
[NetworkFilter] ===== MESSAGE INTERCEPTED =====
[NetworkFilter] Message pointer: 0000021A70FC2A90
[NetworkFilter] Channel pointer: 0000021A6C2D93C0
[NetworkFilter] Filter called 1952 times
[NetworkFilter] GetSerializer() result: 00000219973AC5C0
[NetworkFilter] Message ID: 1
[NetworkFilter] Message Name: NetMessagePacketEnd [1073741825]
[NetworkFilter] Group Name: System
[NetworkFilter] Group ID: 0
[NetworkFilter] Category Mask: 0xFFFFFFFF
[NetworkFilter] Default Buffer Type: 64
[NetworkFilter] Protobuf Binding: 00007FFB125DB910
[NetworkFilter] ===== END MESSAGE =====
[NetworkFilter] ===== MESSAGE INTERCEPTED =====
[NetworkFilter] Message pointer: 0000021A7149A760
[NetworkFilter] Channel pointer: 0000021A6C2D93C0
[NetworkFilter] Filter called 1953 times
[NetworkFilter] GetSerializer() result: 00000219973AC240
[NetworkFilter] Message ID: 0
[NetworkFilter] Message Name: NetMessagePacketStart [1073741824]
[NetworkFilter] Group Name: System
[NetworkFilter] Group ID: 0
[NetworkFilter] Category Mask: 0xFFFFFFFF
[NetworkFilter] Default Buffer Type: 64
[NetworkFilter] Protobuf Binding: 00007FFB125DB8B8
[NetworkFilter] ===== END MESSAGE =====
[NetworkFilter] ===== MESSAGE INTERCEPTED =====
[NetworkFilter] Message pointer: 0000021A71CA1C00
[NetworkFilter] Channel pointer: 0000021A6C2D93C0
[NetworkFilter] Filter called 1954 times
[NetworkFilter] GetSerializer() result: 00000219989849C0
[NetworkFilter] Message ID: 4
[NetworkFilter] Message Name: CNETMsg_Tick [4]
[NetworkFilter] Group Name: Game Engine
[NetworkFilter]Group ID: 0
 
Последнее редактирование:
thanks a lot mate <3
 
Войдите или зарегистрируйтесь для ответа.

Похожие темы

ExistedDim4
Гайд Продолжение. Сетевые сообщения и NetChannel
Ответы
13
Просмотры
3K
ExistedDim4
ExistedDim4
spidergng
Вопрос EV0LVE HOOKING METHOD
2
Ответы
36
Просмотры
2K
spidergng
spidergng
B
Исходник Player list for Supremacy
Ответы
3
Просмотры
1K
blehme44
B
M
Гайд Простой чит-ревилер для вашего чита
2
Ответы
33
Просмотры
9K
guccionmydick
guccionmydick
H
C++ C++23 библиотека с VMT хуками поиском сигнатур и разными мелочами.
Ответы
18
Просмотры
2K
honorbuddy
honorbuddy
Немного о главном
Полезные мелочи
О нас

Проект предоставляет различный материал, относящийся к сфере киберспорта, программирования, ПО для игр, а также позволяет его участникам общаться на многие другие темы. Почта для жалоб: admin@yougame.biz

Поделиться страницей
Назад
Сверху Снизу