Solved finding the encrypt packet function

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Loset

Newbie
Full Member
Jan 13, 2016
40
363
1
I have looked in any tutorial I found but it didnt help me to find my solution

I am trying to find the send packet function in LolClient.exe (League of legends client.. THIS IS NOT THE INGAME CLIENT)

3.Send Function


2.this Jumps to the Send Function




1. this Calls the function that later jumps to the Send Function



I cant find the encryption anywhere I guess its way back behind somewhere but I have no idea where to look..
I used FindCrypt but this Client has so many crypt functions I dont know where to start.
 

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,298
37,938
269
> Breakpoint send / WSASend
> Is the buffer parameter encrypted? Look up the callstack.
> Keep going until its not encrypted/you can't find it
> If you can't find it, then now you step back down 1 call and try to see where its created
 

Loset

Newbie
Full Member
Jan 13, 2016
40
363
1
> Breakpoint send / WSASend
> Is the buffer parameter encrypted? Look up the callstack.
> Keep going until its not encrypted/you can't find it
> If you can't find it, then now you step back down 1 call and try to see where its created
I want to try a new approach.. I want to convert dynamic pointers into constants
so I can help IDA to help me understand the function better

for example if I know the instruction CALL DWORD PTR DS:[EBX+0x44]
is going to 0FEBBBB
then I would replace it with

Call 0FEBBBB save changes and continue.. this way Ida knows better the flow of the program

the problem is.. Call 0FEBBBB is more bytes then the first one..
I did it once and it worked wonderfully because replaced 2 instructions with one.. because it was useless but now I have harder time doing it because the next instruction is important..

what are the ways to do it?
I am thinking about allocating memory and detour it.. but is there any other way?
 

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,298
37,938
269
Nope, you'd have to allcoate memory and tell it to jump there instead. But there's not really a point to this, just use comments or something
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods