estelle 发表于 2008-7-21 23:01

一个老版本ZF外挂封包

HTTP/1.1 200 OK..Cache-Control: private..Date: Sun, 09 Mar 2008 15:22:27 GMT..Content-Length: 428..Content-Type: text/html; charset=gb2312..Server: Microsoft-IIS/6.0..X-Powered-By: ASP.NET..X-AspNet-Version: 1.1.4322....

12|VERSION=02013|E=02|M=400|DAT=DA4C2E74587122F684989C12E03C2B6208151324C018ABE26881A54778182BE63EC81C14D038AB62684522B5C018ABF28091114258182BE60C9C1C14D09C2812083C1BA6C00C2BE28031932078582BE6C4C8AC13C03C2B626A4122B5C008ABF28031132258582BE6E4CC2C01E09C281208111324E01C2BE26881A1455808ABE66E682A67E08C28126A282BA5E01C2BF20A181F244A182BE6C0352362C07C2A22E041A2A3C048ABF2083C1B2678082BE40AAC3B376808AEE60EBD194658482E767C18AE743635

HTTP/1.1 200 OK..Cache-Control: private..Date: Sun, 09 Mar 2008 15:15:32 GMT..Content-Length: 428..Content-Type: text/html; charset=gb2312..Server: Microsoft-IIS/6.0..X-Powered-By: ASP.NET..X-AspNet-Version: 1.1.4322....12|VERSION=02013|E=02|M=400|DAT=DA4C2E74587122F684989C12E03C2B6208151324C018ABE26881A54778182BE63EC81C14D038AB62684522B5C018ABF28091114258182BE60C9C1C14D09C2812083C1BA6C00C2BE28031932078582BE6C4C8AC13C03C2B626A4122B5C008ABF28031132258582BE6E4CC2C01E09C281208111324E01C2BE26881A1455808ABE66E682A67E08C28126A282BA5E01C2BF20A181F244A182BE6C0352362C07C2A22E041A2A3C048ABF2083C1B2678082BE40AAC3B376808AEE60EBD194658482E767C18AE743635

GET /validate.aspx?data=3F014A3B5A515D0AD8135D5ED9455C3A9901CD68DF459C1DF905D94D7B55987A5C47DF0B7B17905899008DDE9A02858A9B0145EA7241497E72514807B002916E9E01457E98135C5371039978FB114B2A1A41551E8F0545586206914C0A55541119109C53080685CC2005492CB01308773A53C22FFC458E0BFE07D07A1F035D2ED9555C1ADA014D4AD9039D783A51559E303036 HTTP/1.1..CH: 2..VR: 201..User-Agent: rxjh..Host: 8.hzsession.com..Cache-Control: no-cache....
GET /validate.aspx?data=3F014A3B5A515D0AD8135D5ED9455C3A9901CD68DF459C1DF905D94D7B55987A5C47DF0B7B17905899008DDE9A02858A9B0145EA7241497E72514807B002916E9E01457E98135C5371039978FB114B2A1A41551E8F0545586206914C0A55541119109C53080685CC2005492CB01308773A53C22FFC458E0BFE07D07A1F035D2ED9555C1ADA014D4AD9039D783A51559E303036 HTTP/1.1..CH: 2..VR: 201..User-Agent: rxjh..Host: 8.hzsession.com..Cache-Control: no-cache....


登录
data=3F014A3B5A515D0AD8135D5ED9455C3A9901CD68DF459C1DF905D94D7B55987A5C47DF0B7B17905899008DDE9A02858A9B0145EA7241497E72514807B002916E9E01457E98135C5371039978FB114B2A1A41551E8F0545586206914C0A55541119109C53080685CC2005492CB01308773A53C22FFC458E0BFE07D07A1F035D2ED9555C1ADA014D4AD9039D783A51559E303036

更新
data=3F014A3B5811570A1B115D4EDD45443A5B558C7A5C47DF0B7B17905899008DDE9A02858A9B0145EA7241497E72514807B002916E9E01457E98135C5371039978FB114B2A1A41551E8F0545586206914C0A55541119109C53080685CC2005492CB01308777B115F3B353337'
data=3F014A3BDB11570E1A41558ED9554C3A5B558C7A5C47DF0B7B17905899008DDE9A02858A9B0145EA7241497E72514807B002916E9E01457E98135C5371039978FB114B2A1A41551E8F0545586206914C0A55541119109C53080685CC2005492CB01308777B115F3B353337'
data=3F014A3B1911555E9B13450ADD45443A5B558C7A5C47DF0B7B17905899008DDE9A02858A9B0145EA7241497E72514807B002916E9E01457E98135C5371039978FB114B2A1A41551E8F0545586206914C0A55541119109C53080685CC2005492CB01308777B115F3B353337'
data=3F414A3B5A51550E19034D1E1B13533BDB55531DB81787CB5B15504D4E055D280C05456C5F00853E59129F1EB0108B0E48454D78D9035D3EF100916A5B1794589A1145BE18415F0EDA009427C8174C45B1035207620551084D048C4119028C13F103D978BB11559E3337'
data=3F014A3B1B41450A5D01457EDD45443A5B558C7A5C47DF0B7B17905899008DDE9A02858A9B0145EA7241497E72514807B002916E9E01457E98135C5371039978FB114B2A1A41551E8F0545586206914C0A55541119109C53080685CC2005492CB01308777B115F3B353337'
data=3F014A3BDA03450ADB11570EDD45443A5B558C7A5C47DF0B7B17905899008DDE9A02858A9B0145EA7241497E72514807B002916E9E01457E98135C5371039978FB114B2A1A41551E8F0545586206914C0A55541119109C53080685CC2005492CB01308777B115F3B353337

12|VERSION=02013|E=02|M=240|DAT=7BB565A239408DA1BB612EB0B31C0C102A4115F4768461E0776D4A18337D4C32BB7D0E10FB8E0A032965ADA7DB702FA02ABBCCA5EA2BEF9483DD0D914ADCEC95CAFF6E935B4EE5B76A39CFA47A0E0F85717645A4D3D06FA5E3CBED90CADCEE87DA9C2E93B3920E84DAB903B03BA6ECA0B3A2ACB63836



data=3F014A3BDB01454E99135D8ED9455C3A5B558C7A5C47DF0B7B17905899008DDE9A02858A9B0145EA7241497E72514807B002916E9E01457E98135C5371039978FB114B2A1A41551E8F0545586206914C0A55541119109C53080685CC2005492CB01308777B115F3B353337
12|VERSION=02013|E=02|M=252|DAT=CCCF9B2696A20A2A9EC323A38A8AA4A01C520AF24D9D1A20FBCC05A1DECA85A49ACAA5A38A8C742F966B0B3E9E87AB034E62D73A4A676FB39A4ABE885A2F969A5A4FF78FDCAF4E9E4E668F330A8E4E3BD48ECB30DE87BA19DA677EA05A2FB61F0A8FB68F9AC2A3238A85E42A96631AAA8A8AE4A08EA353B6CE835323

data=3F014A3B9901455ADA01556AD9454C3A5B558C7A5C47DF0B7B17905899008DDE9A02858A9B0145EA7241497E72514807B002916E9E01457E98135C5371039978FB114B2A1A41551E8F0545586206914C0A55541119109C53080685CC2005492CB01308777B115F3B353337
12|VERSION=02013|E=02|M=252|DAT=063F7ADA883A9452B2AE1CD266A81448A372183206794392F62D4D41E62C7C58F6AE1C4856ABA6448C36BCF2929F14DA4A26DE3E7AB75CA6E6909E4AEE03D6AAF687FE8EEE1BF0F65A375C3A563B9426843D507E9299D6FAEAB15EC6DE83F6AA768BB68A92AE1C4A42AB84CCA8329ED266A8144C0AAE14562E2A3652

12|VERSION=02014|E=1619|M=帐户已过期,请充值0



30005559 .FF15 C4E20330 calldword ptr ; [GetTickCount

data=3F014A3B19014D4E1A135D1ED955443A5B558C7A5C47DF0B7B17905899008DDE9A02858A9B0145EA7241497E72514807B002916E9E01457E98135C5371039978FB114B2A1A41551E8F0545586206914C0A55541119109C53080685CC2005492CB01308777B115F3B353337
data=3F014A3B1B014F0E9B115D0ED945543A5B558C7A5C47DF0B7B17905899008DDE9A02858A9B0145EA7241497E72514807B002916E9E01457E98135C5371039978FB114B2A1A41551E8F0545586206914C0A55541119109C53080685CC2005492CB01308777B115F3B353337
data=3F014A3B5B034D6A181355EEDD454C3A5B558C7A5C47DF0B7B17905899008DDE9A02858A9B0145EA7241497E72514807B002916E9E01457E98135C5371039978FB114B2A1A41551E8F0545586206914C0A55541119109C53080685CC2005492CB01308777B115F3B353337
data=3F014A3B5B034D4E9C01470ED945543A5B558C7A5C47DF0B7B17905899008DDE9A02858A9B0145EA7241497E72514807B002916E9E01457E98135C5371039978FB114B2A1A41551E8F0545586206914C0A55541119109C53080685CC2005492CB01308777B115F3B353337

12|VERSION=02013|E=02|M=252|DAT=2EDC1E5747E8504102EDDC4B00A5134D864C50ABBE44145430A4F95E20F45B4F00ADDB4F48BF915447F85C8706EDCE516B6E1B83272F9D9B4EA5430F6B2C479D6A3FCF1F67DE45DD276C9B93462E91D526C25AD56EE5C6D12FA7551B6B3DC7954A3D875D02ADDA4340AF17504FE8540B08A7134D23F6144B02EC1E41
验证器始终返回的是这组封包
HTTP/1.1 200 OK..Cache-Control: private..Date: Sun, 09 Mar 2008 15:15:32 GMT..Content-Length: 428..Content-Type: text/html; charset=gb2312..Server: Microsoft-IIS/6.0..X-Powered-By: ASP.NET..X-AspNet-Version: 1.1.4322....12|VERSION=02013|E=02|M=400|DAT=DA4C2E74587122F684989C12E03C2B6208151324C018ABE26881A54778182BE63EC81C14D038AB62684522B5C018ABF28091114258182BE60C9C1C14D09C2812083C1BA6C00C2BE28031932078582BE6C4C8AC13C03C2B626A4122B5C008ABF28031132258582BE6E4CC2C01E09C281208111324E01C2BE26881A1455808ABE66E682A67E08C28126A282BA5E01C2BF20A181F244A182BE6C0352362C07C2A22E041A2A3C048ABF2083C1B2678082BE40AAC3B376808AEE60EBD194658482E767C18AE743635
修改内存后,智辅始终发的是这组包

GET /validate.aspx?data=3F014A3B5A515D0AD8135D5ED9455C3A9901CD68DF459C1DF905D94D7B55987A5C47DF0B7B17905899008DDE9A02858A9B0145EA7241497E72514807B002916E9E01457E98135C5371039978FB114B2A1A41551E8F0545586206914C0A55541119109C53080685CC2005492CB01308773A53C22FFC458E0BFE07D07A1F035D2ED9555C1ADA014D4AD9039D783A51559E303036 HTTP/1.1..CH: 2..VR: 201..User-Agent: rxjh..Host: 8.hzsession.com..Cache-Control: no-cache....

这一对封包是截获的正确封包,所以验证不会出错

而且到期时间也包含在封包里面,所以永远不会到期,哪怕还有1秒 就到期

还有就是智辅DLL文件,绑定帐号

就这两个地方

总共修改两处,

一处是修改rxzf.exe文件,另一处是rxwgdll文件

修改rxzf.exe是封包静态,修改rxwg.dll是绑定帐号静态


rxzf.exe

30005074FF15 C4E20330 calldword ptr ; [gettickcount

3000507490nop; [gettickcount
3000507590nop
3000507690nop
3000507790nop
3000507890nop
3000507990nop



300081B5 /74 05 jeshort 300081BC

300081B590nop
300081B690nop




rxwg.dll
3001B0F0 .B8 3C3B4004 mov eax, 4403B3C

3001B0F0B8 8C3B4004 mov eax, 4403B8C

Hmily 发表于 2008-7-21 23:06

此奶热血智辅ZF-热血江湖辅助工具的封包数据,学习处理怎么解决游戏外挂绑定帐号问题!

huziyan 发表于 2008-7-30 15:47

我看不懂啊,怎么回事啊~~~~~

sq_365 发表于 2008-7-30 20:23

有点复杂,不过慢慢学习了

5588 发表于 2008-7-30 20:27

水品不行啊。一点都看不懂!

shaomifeng 发表于 2008-7-30 20:31

看不懂``沙发

cht_by4 发表于 2008-7-31 07:48

一点也看不懂~

qq22609623 发表于 2008-7-31 21:44

哈哈 洪水的东西~ 看不懂也

lovis7000 发表于 2008-8-10 00:39

543889941 发表于 2008-8-10 18:41

看不懂的东西......无语
页: [1] 2 3
查看完整版本: 一个老版本ZF外挂封包