-
Member
[WoW][7.3+] What methods of packet sniffing are the safest and actual now?
Prior to 7.3, I used hardware breakpoints on NetClient::Send2 / NetClient::HandleData (x86).
Now, as I understand, this is impossible. Or can I hook GetThreadContext or KiUserExceptionDispatcher and everything will be okay? Remap image and inject DLL? Capture packets from network card? Or some other?
What methods are still actual now, and not just safe, but have the maximum stability?
-
★ Elder ★
I still inject my dll and just hook both functions since 7.3.0. I'm fine atm
This doesn't mean, that it's safe! ...
Last edited by doityourself; 11-12-2017 at 07:37 AM.
-
Post Thanks / Like - 2 Thanks
-
Member
Capturing packets from nic may be hard because you have to decrypt packets with the session key. It's the safest method tho - you may even do crazy stuff like routing the traffic over another computer and capture packets there (MitM).
But for now hooking both functions is still working - just like king48488 said.
-
Member
Here is the old test code (pandaria) to read it from driver using WinDivert lib.WowSniffer.zip
-
Post Thanks / Like - 1 Thanks
BlackRainBow (1 members gave Thanks to Light-Boost for this useful post)
-
Originally Posted by
king48488
I still inject my dll and just hook both functions since 7.3.0. I'm fine atm
Writing to .text is still undetected? What is even the point to the obfuscation they added in 7.3?
-
★ Elder ★
Originally Posted by
Jadd
Writing to .text is still undetected? What is even the point to the obfuscation they added in 7.3?
Its pretty easy for them to detect it and they are also checking if stuff is written to it, but they may ban only bot/hack users. Thats why I‘m waiting for the mext ban wave