Page 1 of 2

Where to get WPE

Posted: Sat Jan 05, 2008 6:25 pm
by Administrator
WPE Pro download page: http://wpepro.net/index.php?categoryid=9
You may also use PermEdit with WPE.

Winsock Packet Editor allows you to capture, edit, and send packets to whatever program you want. It is detected by GameGuard and similar programs, though. It might even be detected as a virus (this is a false positive--the software is clean).

Using this, I was able to fake completing quests in Lunia, and level up my character just by standing around doing nothing. Other uses are duplicating items, speed-attacking, and other typical hacks.

Re: Where to get WPE

Posted: Sat Apr 19, 2008 4:57 pm
by Solaris
i tried this..

Double clicking the Icon for the .exe says "Cannot create event" and closes

Re: Where to get WPE

Posted: Sat Apr 19, 2008 6:09 pm
by Administrator
I've never seen that happen before. Are you using Vista? You might need to make sure it is running as Administrator with XP emulation set. You'll find those settings by right clicking the executable and selecting properties.

Re: Where to get WPE

Posted: Thu Jul 17, 2008 8:53 am
by jim151222
would you happen to know of any other games that this works with?
most games ive played around with disconnect when using this tool.

Re: Where to get WPE

Posted: Thu Jul 17, 2008 8:33 pm
by Administrator
When do they disconnect? As soon as you open it? If that is the case, then it's the anti-cheat protection that is signaling to the game to disconnect you. Disable the anti-cheat first, then you're set.

If you disconnect after trying to send a packet, this is typically because of a malformed packet. If the headers (typically the first 4 - 8 bytes) do not match the expected (and these change from packet to packet), or if any of the data does not match the expected format for this specific packet, then it typically will cause a disconnection. You may not be able to continuously send the same packet again and again because of the headers.

Filters are useful for when the above problem arises. Lets assume that the packet looks like this:

Code: Select all

4 byte header | 2 byte spell id | 4byte target
This packet would be, in our example, the message sent when we want to cast a spell. Using a filter, we can add a search on slot 05,06 (ignore first 4, the header) to look for spell ID 1234 (D2 04 in hex [We probably will need to swap to network-ready endian, so that's why it's not 04 D2]). In the modify, we change it to 1235(D3 04).

Ok, now if you turn the filter on, whenever you try to cast whatever spell ID 1234 is, you should actually cast 1235. Unless there is protection server-sided to prevent you from casting 1235, say, if it were a spell from another class.

Re: Where to get WPE

Posted: Fri Jul 18, 2008 7:05 am
by 3cmSailorfuku
elverion wrote:When do they disconnect? As soon as you open it? If that is the case, then it's the anti-cheat protection that is signaling to the game to disconnect you. Disable the anti-cheat first, then you're set.

If you disconnect after trying to send a packet, this is typically because of a malformed packet. If the headers (typically the first 4 - 8 bytes) do not match the expected (and these change from packet to packet), or if any of the data does not match the expected format for this specific packet, then it typically will cause a disconnection. You may not be able to continuously send the same packet again and again because of the headers.

Filters are useful for when the above problem arises. Lets assume that the packet looks like this:

Code: Select all

4 byte header | 2 byte spell id | 4byte target
This packet would be, in our example, the message sent when we want to cast a spell. Using a filter, we can add a search on slot 05,06 (ignore first 4, the header) to look for spell ID 1234 (D2 04 in hex [We probably will need to swap to network-ready endian, so that's why it's not 04 D2]). In the modify, we change it to 1235(D3 04).

Ok, now if you turn the filter on, whenever you try to cast whatever spell ID 1234 is, you should actually cast 1235. Unless there is protection server-sided to prevent you from casting 1235, say, if it were a spell from another class.
Also its possible that the server encrypts their packets with a timestamp, this will cause you to disconnect on any packet.

If WPE is blacklisted or is not suitable for your useage you always can try the alternative rPE which is written in Delphi. It doesn't have a quite userfriendly gui and is a bit buggy, but it offers easy scripting.

Re: Where to get WPE

Posted: Fri Dec 05, 2008 11:33 am
by Lucky89
Hi all, i got WPE and i'd like to use it for Shaiya, but it doesn't find the game.exe process, even if i use PerEdit to grant permission...
Does Anyone know why ? What should i do ?

Re: Where to get WPE

Posted: Fri Dec 05, 2008 12:03 pm
by Administrator
You'll need to use the GameGuard patch located here. Once that's patched you should be able to find it.

Re: Where to get WPE

Posted: Fri Dec 05, 2008 1:21 pm
by 3cmSailorfuku
Uploaded a old, modded version from Cyrus that lets you use 0 or less delay in sending packets. By default its capped at 100ms.
Been useful for many years for me in Ragnarok Online.

Re: Where to get WPE

Posted: Sat Dec 06, 2008 4:12 am
by Lucky89
I have already downloaded Jewebacca bypass for GG, and i also managed to do something with CE. I'd like to try wpe....but it seems it cannot find Shaiya process: game.exe while CE do....cant understand why...

Re: Where to get WPE

Posted: Sat Dec 06, 2008 2:35 pm
by Administrator
I don't know what to tell you then. There are other alternatives out there. You can try Packet Edit Studio and see if that helps.

Re: Where to get WPE

Posted: Mon Mar 02, 2009 5:15 pm
by Gulron
After the file being quarantined ten times I have finally got it to work. Looks like a nifty program to tinker with.

Thanks

Re: Where to get WPE

Posted: Sun Jul 05, 2009 4:05 pm
by Rishijin
What are the advantages to using packets in a bot instead of memory?

Re: Where to get WPE

Posted: Sun Jul 05, 2009 5:15 pm
by Administrator
Depends how you use it. If you are able to figure out the encryption (if any) and packet structure, you can create a full clientless bot. You could potentially run hundreds of bots on the same machine like this because you don't need to load up the full game client, which will be quite bulky.

You could also create a bot that relies on packet injection. This will allow you to write a bot that shouldn't need much modification when the game updates. It means you won't need to find addresses and offsets each time.

More often, packet editing is used to cheat certain things. In Lunia, you used to be able to play-back a quest complete packet repeatedly to level up while standing in town.

Re: Where to get WPE

Posted: Sun Jul 05, 2009 8:18 pm
by Rishijin
Is packet injection featured on micromacro? Could I use the netSendMessage function?

Re: Where to get WPE

Posted: Sun Jul 05, 2009 9:46 pm
by Administrator
No. netSendMessage() is a function for MicroMacro's own networking. In order to use packet injection, you need to write a DLL that can be injected into the target process which will hook it's send function or Winsock's send(). The new IPC system that is being worked on will help make this much easier to create and use.

Re: Where to get WPE

Posted: Mon Jul 06, 2009 4:07 am
by 3cmSailorfuku
Administrator wrote:No. netSendMessage() is a function for MicroMacro's own networking. In order to use packet injection, you need to write a DLL that can be injected into the target process which will hook it's send function or Winsock's send(). The new IPC system that is being worked on will help make this much easier to create and use.
You could though write a dll that has exported functions and use it in micromacro, that might aid you to transmit packets over the hooked function with the returned socket, ip & adress. You'd have then an easy scripting enviroment.

Theoretically, since winsock is a WinAPI you could make a general hook that works with almost all games.

Re: Where to get WPE

Posted: Tue Jul 14, 2009 11:51 pm
by Rishijin
3cmSailorfuku wrote: You could though write a dll that has exported functions and use it in micromacro, that might aid you to transmit packets over the hooked function with the returned socket, ip & adress. You'd have then an easy scripting enviroment.

Theoretically, since winsock is a WinAPI you could make a general hook that works with almost all games.


This all sounds fantastic, except I don't know anything about writing dlls.
I know its a relatively standard procedure for C++ users, but I haven't used C++ in 10+ years!

Is there somewhere you can recommend for me to learn about writing a dll to hook winsock and send / recv packets?
Or a good book about this kind of stuff?

Re: Where to get WPE

Posted: Wed Jul 15, 2009 6:48 pm
by 3cmSailorfuku
Rishijin wrote:
3cmSailorfuku wrote: You could though write a dll that has exported functions and use it in micromacro, that might aid you to transmit packets over the hooked function with the returned socket, ip & adress. You'd have then an easy scripting enviroment.

Theoretically, since winsock is a WinAPI you could make a general hook that works with almost all games.


This all sounds fantastic, except I don't know anything about writing dlls.
I know its a relatively standard procedure for C++ users, but I haven't used C++ in 10+ years!

Is there somewhere you can recommend for me to learn about writing a dll to hook winsock and send / recv packets?
Or a good book about this kind of stuff?
Learn to use the detours library and msdn for the function.

Example:

Code: Select all

/*
Tormen Raßmann 
http://www.schlurmania.org/
Microsoft Detours 1.5
Winject
Microsoft Visual Studio 2008
*/

#include <windows.h>
#include <detours.h>

#pragma comment(lib, "detours.lib")

typedef int (WINAPI *MBoxTyp)(HWND hWnd, char* lpText, char* lpCaption, UINT uType);
MBoxTyp origMessageBox = NULL;

int WINAPI MyMBox(HWND hWnd, char* lpText, char* lpCaption, UINT uType)
{
	return origMessageBox(hWnd, "I've been detoured :(", ":(", uType);
}

BOOL WINAPI DllMain(HANDLE HDllHandle, DWORD Aufrufgrund, LPVOID Reserved)
{
	if(DLL_PROCESS_ATTACH == Aufrufgrund)
	{
		origMessageBox = reinterpret_cast<MBoxTyp>(DetourFunction((PBYTE)&MessageBoxA, (PBYTE)&MyMBox));
	}
	return TRUE;
}
This would hook the MessageBox that appears in the injected application, and return a modified string.
The same you do with ws2_32, you hook the send function and save all required information.
Theres a difference though, instead of just doing it like in the example, you have to modify the trampoline a bit so it won't overwrite the actual data and send it whenever you want.

Re: Where to get WPE

Posted: Sun Jul 19, 2009 12:07 pm
by Anaughtymouse
Hey guys, just trying to play with this....heh its new to me even if it isn't to you guys....I can't seem to get it to work properly for Shaiya.

I can pick up all the packets etc, work out which ones relate to which actions, but sending them insta disconnects me. I guessed this was to do with the first couple bytes acting up...I've removed them as I read in another thread might help but then the packets don't seem to do anything atall.

Very much a nub at this but any advice from people who have had luck with Shaiya or maybe somewhere I can read up first would be appreciate, thanks for you time!