Visual Basic Programming | [VB6] Memory hooking to view packets?

Author	Message	Time
Fr0z3N	Not sure what to call it, but what I wanna do is hook into the d2 memory (if I'm even correct here) and view the incoming packets IE. too see if you get hostiled or to see if someones dies etc. I have no idea where to start so help would be nice. ;D	February 5, 2006, 11:14 PM
Topaz	Ethereal	February 6, 2006, 1:12 AM
Fr0z3N	I wanna do it IN my program.	February 6, 2006, 2:24 AM
JoeTheOdd	Reference WinPcap. EDIT - Alright, I'll admit, that was way to vague. WinPcap stands for Windows packet capture library, and it's what's in the background of Ethereal. I've never used it before (as a developer, as an actual user I have, of course), but I asume it'd work something like the Winsock API's, where it fires a callback routine when an event happens. You seem to have gotten those to work fine, so I don't think you'll have much trouble getting WinPcap to work. A little reminder, though: WinPcap returns the entire packet, not the TCP body. First, you'll need to check if it's even TCP, then see if it's being recieved, then see if the checksum is correct (not required), then see if it's on port 6112. The TCP header is 0x36 bytes long.	February 6, 2006, 2:48 AM
Myndfyr	[quote author=Joe link=topic=14156.msg144759#msg144759 date=1139194124] Reference WinPcap. [/quote] http://www.winpcap.org/misc/faq.htm#Q-9 [quote]Q-9: Can I use WinPcap with Visual Basic? A: We don't support Visual Basic and we are not able to provide help on this subject because we don't know enough about it. BeeSync has developed an ActiveX control that integrates winpcap packet capture functionality with Visual Basic or any other programming environment supporting Microsoft ActiveX technology. You can find it at http://www.beesync.com/products.html. [/quote]	February 6, 2006, 4:36 PM
Fr0z3N	So thats a yes or no with that? If no, any other ideas?	February 6, 2006, 11:31 PM
JoeTheOdd	That's a "yes but we won't tell you how".	February 7, 2006, 5:09 AM
JoeTheOdd	Joe + 45 minutes of boredom + IDE = This	February 7, 2006, 5:51 AM
UserLoser	[quote author=Joe link=topic=14156.msg144940#msg144940 date=1139291488] Joe + 45 minutes of boredom + IDE = This [/quote] [code] '--------------------------------------------------------------------------------------- ' Procedure : RemoveVoid ' Author : Joe[e2] ' Purpose : Remove a VOID, of specified length. '--------------------------------------------------------------------------------------- Public Function RemoveVoid(Length As Integer) Buffer = Mid(Buffer, Length + 1) RemoveVoid = Mid(Buffer, 1, Length) End Function [/code] That's funny.	February 7, 2006, 6:21 AM
UserLoser	Just the term and function name - "Remove a void"	February 7, 2006, 9:09 PM
Fr0z3N	[quote author=Joe link=topic=14156.msg144940#msg144940 date=1139291488] Joe + 45 minutes of boredom + IDE = This [/quote] After much work trying to get that to work, I have come to one thing I cannot seem to figure out. [code] Private Sub objPacketX_OnPacket(ByVal pPacket As PacketXLibCtl.IPktXPacket) If pPacket.Protocol = PktXProtocolTypeTCP Then If pPacket.SourcePort = 6112 Then Call modProtocol.Parse_Server(pPacket.Data) End If If pPacket.DestPort = 6112 Then Call modProtocol.Parse_Client(pPacket.Data) End If End If [/code] Both these lines are being highlighted with Type Mismatch [code] Call modProtocol.Parse_Server(pPacket.Data) Call modProtocol.Parse_Client(pPacket.Data) [/code] When I switch them to .DataArray all I am seeing is Sent 0x3F, Received 0x3F over and over. But for some reason they are not working with just .Data	February 14, 2006, 1:13 AM
LivedKrad	[quote author=Fr0z3N link=topic=14156.msg145948#msg145948 date=1139879601] [quote author=Joe link=topic=14156.msg144940#msg144940 date=1139291488] Joe + 45 minutes of boredom + IDE = This [/quote] After much work trying to get that to work, I have come to one thing I cannot seem to figure out. [code] Private Sub objPacketX_OnPacket(ByVal pPacket As PacketXLibCtl.IPktXPacket) If pPacket.Protocol = PktXProtocolTypeTCP Then If pPacket.SourcePort = 6112 Then Call modProtocol.Parse_Server(pPacket.Data) End If If pPacket.DestPort = 6112 Then Call modProtocol.Parse_Client(pPacket.Data) End If End If [/code] Both these lines are being highlighted with Type Mismatch [code] Call modProtocol.Parse_Server(pPacket.Data) Call modProtocol.Parse_Client(pPacket.Data) [/code] When I switch them to .DataArray all I am seeing is Sent 0x3F, Received 0x3F over and over. But for some reason they are not working with just .Data [/quote] .DataArray is a byte array containing each byte in the message. So if Joe's function is supposed to read some sort of Variant data (which .Data is) then passing an array won't do any good as I think it will only read the first byte. (Not sure, did not download the source).	February 17, 2006, 3:36 AM

Author

Message

Time

Fr0z3N

Not sure what to call it, but what I wanna do is hook into the d2 memory (if I'm even correct here) and view the incoming packets IE. too see if you get hostiled or to see if someones dies etc. I have no idea where to start so help would be nice. ;D

February 5, 2006, 11:14 PM

Topaz

Ethereal

February 6, 2006, 1:12 AM

Fr0z3N

I wanna do it IN my program.

February 6, 2006, 2:24 AM

JoeTheOdd

Reference WinPcap.

EDIT -
Alright, I'll admit, that was way to vague.

WinPcap stands for Windows packet capture library, and it's what's in the background of Ethereal. I've never used it before (as a developer, as an actual user I have, of course), but I asume it'd work something like the Winsock API's, where it fires a callback routine when an event happens. You seem to have gotten those to work fine, so I don't think you'll have much trouble getting WinPcap to work.

A little reminder, though: WinPcap returns the entire packet, not the TCP body. First, you'll need to check if it's even TCP, then see if it's being recieved, then see if the checksum is correct (not required), then see if it's on port 6112. The TCP header is 0x36 bytes long.

February 6, 2006, 2:48 AM

Myndfyr

[quote author=Joe link=topic=14156.msg144759#msg144759 date=1139194124]
Reference WinPcap.
[/quote]

http://www.winpcap.org/misc/faq.htm#Q-9

[quote]Q-9: Can I use WinPcap with Visual Basic?

A: We don't support Visual Basic and we are not able to provide help on this subject because we don't know enough about it. BeeSync has developed an ActiveX control that integrates winpcap packet capture functionality with Visual Basic or any other programming environment supporting Microsoft ActiveX technology. You can find it at http://www.beesync.com/products.html.
[/quote]

February 6, 2006, 4:36 PM

Fr0z3N

So thats a yes or no with that? If no, any other ideas?

February 6, 2006, 11:31 PM

JoeTheOdd

That's a "yes but we won't tell you how".

February 7, 2006, 5:09 AM

JoeTheOdd

Joe + 45 minutes of boredom + IDE = This

February 7, 2006, 5:51 AM

UserLoser

[quote author=Joe link=topic=14156.msg144940#msg144940 date=1139291488]
Joe + 45 minutes of boredom + IDE = This
[/quote]

[code]
'---------------------------------------------------------------------------------------
' Procedure : RemoveVoid
' Author : Joe[e2]
' Purpose : Remove a VOID, of specified length.
'---------------------------------------------------------------------------------------

Public Function RemoveVoid(Length As Integer)
Buffer = Mid(Buffer, Length + 1)
RemoveVoid = Mid(Buffer, 1, Length)
End Function
[/code]

That's funny.

February 7, 2006, 6:21 AM

UserLoser

Just the term and function name - "Remove a void"

February 7, 2006, 9:09 PM

Fr0z3N

[quote author=Joe link=topic=14156.msg144940#msg144940 date=1139291488]
Joe + 45 minutes of boredom + IDE = This
[/quote]

After much work trying to get that to work, I have come to one thing I cannot seem to figure out.

[code]
Private Sub objPacketX_OnPacket(ByVal pPacket As PacketXLibCtl.IPktXPacket)
If pPacket.Protocol = PktXProtocolTypeTCP Then
If pPacket.SourcePort = 6112 Then
Call modProtocol.Parse_Server(pPacket.Data)
End If
If pPacket.DestPort = 6112 Then
Call modProtocol.Parse_Client(pPacket.Data)
End If
End If
[/code]

Both these lines are being highlighted with Type Mismatch

[code]
Call modProtocol.Parse_Server(pPacket.Data)

Call modProtocol.Parse_Client(pPacket.Data)
[/code]

When I switch them to .DataArray all I am seeing is Sent 0x3F, Received 0x3F over and over. But for some reason they are not working with just .Data

February 14, 2006, 1:13 AM

LivedKrad

[quote author=Fr0z3N link=topic=14156.msg145948#msg145948 date=1139879601]
[quote author=Joe link=topic=14156.msg144940#msg144940 date=1139291488]
Joe + 45 minutes of boredom + IDE = This
[/quote]

After much work trying to get that to work, I have come to one thing I cannot seem to figure out.

[code]
Private Sub objPacketX_OnPacket(ByVal pPacket As PacketXLibCtl.IPktXPacket)
If pPacket.Protocol = PktXProtocolTypeTCP Then
If pPacket.SourcePort = 6112 Then
Call modProtocol.Parse_Server(pPacket.Data)
End If
If pPacket.DestPort = 6112 Then
Call modProtocol.Parse_Client(pPacket.Data)
End If
End If
[/code]

Both these lines are being highlighted with Type Mismatch

[code]
Call modProtocol.Parse_Server(pPacket.Data)

Call modProtocol.Parse_Client(pPacket.Data)
[/code]

When I switch them to .DataArray all I am seeing is Sent 0x3F, Received 0x3F over and over. But for some reason they are not working with just .Data
[/quote]

.DataArray is a byte array containing each byte in the message. So if Joe's function is supposed to read some sort of Variant data (which .Data is) then passing an array won't do any good as I think it will only read the first byte. (Not sure, did not download the source).

February 17, 2006, 3:36 AM

Valhalla Legends Forums Archive | Visual Basic Programming | [VB6] Memory hooking to view packets?