using windsocks hook to get location of objects

**the1domo** · 10-13-2014

using windsocks hook to get location of objects
I was really bored and decided to do some research

Code:

//0000     2   word          psize             1274 | $04FA
//0002     2   word          ID                2 | $0002
//0004     4   integer       id                0 | $00000000
//0008     4   integer       next              360 | $00000168
//000C     4   integer       count             30 | $0000001E


//0010     3   array[const]  bc                198488 $30758($)
//0013     4   integer       type              Õëîïîê($00000706)
//0017     3   array[const]  X                 11709812  ($)
//001A     3   array[const]  Y                 6083341  ($)
//001D     3   array[const]  Z                 387929  ($)
//0020     2   word          rot_x             0 | $0000
//0022     2   word          rot_y             0 | $0000
//0024     2   word          rot_z             6977 | $1B41
//0026     4   single        scale             1 | $3F800000
//002A     4   integer       type              3443 | $00000D73
//002E     4   integer       growing           16.02.1970 21:36 : 09  ($003DD4C9)
//0032     8   int64         plantTime         13.10.2014 8 : 16 : 38  ($543B8A66)

//003A     3   array[const]  bc                37552 $92B0($)
//003D     4   integer       type              Èâà($00000182)
//0041     3   array[const]  X                 11710755  ($)
//0044     3   array[const]  Y                 6082726  ($)
//0047     3   array[const]  Z                 387985  ($)
//004A     2   word          rot_x             0 | $0000
//004C     2   word          rot_y             0 | $0000
//004E     2   word          rot_z             48834 | $BEC2
//0050     4   single        scale             1 | $3F800000
//0054     4   integer       type              882 | $00000372
//0058     4   integer       growing           13.01.1970 8:48 : 25  ($00104DD9)
//005C     8   int64         plantTime         13.10.2014 8 : 16 : 28  ($543B8A5C)

more .....

byte Inline(unsigned int cry)
{
	cry += 3532013U;
	byte n = (byte)(cry >> 16);
	return (byte)(((int)n == 0) ? 254 : n);
}

byte* StoCDecrypt(byte* BodyPacket, int Length)
{
	//int Length = sizeof(BodyPacket);
	byte* Array = new byte[Length];
	unsigned int cry = (unsigned int)(Length ^ 522286496);
	int n = 4 * (Length / 4);
	for (int i = n - 1; i >= 0; i--)
		Array[i] = (byte)((unsigned int)BodyPacket[i] ^ (unsigned int)Inline(cry));
	for (int i = n; i < Length; i++)
		Array[i] = (byte)((unsigned int)BodyPacket[i] ^ (unsigned int)Inline(cry));
	return Array;
}



int i = 0;
BOOL DumpFile(CHAR *szFileName, BYTE *pbData, DWORD dwSize) {
	FILE *f = fopen(szFileName, "wb");

	if (f) {
		fwrite(pbData, 1, dwSize, f);
		fflush(f);
		fclose(f);
		return TRUE;
	}

	return FALSE;
}

int WINAPI hook_WSARecv(SOCKET s, LPWSABUF lpBuffers, DWORD dwBufferCount, LPDWORD lpNumberOfBytesRecvd, LPDWORD lpFlags, LPWSAOVERLAPPED lpOverlapped, LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine)
{
	__asm pushad;
	//printf("root: hook_WSARecv\n");

	unsigned char* buff = (unsigned char*)lpBuffers->buf;
	StoCDecrypt(buff, lpBuffers->len);
	//hexdump(buff, lpBuffers->len);

	WORD psize = (WORD)buff;
	WORD ID = (WORD)buff + 2;
	if (ID = 2){
		printf("root: Get mobs\n");
		char msg[512];
		sprintf(msg, "c:\\WSA\\mobs_%i_%i.bin", i++, ID);
		DumpFile(msg, buff, 0xFA04);

		int id		= (int)buff + 0x4;
		int next	= (int)buff + 0x8;
		int count	= (int)buff + 0xC;

		char* name	= (char*)buff + 0x13;
		float X		= *(float*)buff + 0x17;
		float Y		= *(float*)buff + 0x1A;
		float Z		= *(float*)buff + 0x1D;
		int type	= (int)buff + 0x2A;
	}
	__asm popad;
	return o_WSARecv(s, lpBuffers, dwBufferCount, lpNumberOfBytesRecvd, lpFlags, lpOverlapped, lpCompletionRoutine);
}