How to read packets?

[Pudge 24]

I would like to read outgoing wow packets, like this program https://github.com/tripleslash/wowscout
Is it possible using wrobot?

[Nax 7]

Anything is possible, wrobot just uses C#, besides a massive API, Wrobot can run all .net code . Just takes time and understanding how to build it. With wrobot plug-in you can build your own internet browser if you really wanted. 
 

why do you wanna see out going packets? Besides warden , I can surely tell you that there’s nothing interesting .

[Nax 7]

not gonna lie, would be awesome if @DroidzAdd a Asm DetourHook class to wrobot so we can hook functions and have more control over wow. but i know he is using Break points and i dont know if having asm hook will mess with break points.

 

@Pudgei wrote my own packet sniffer for wow in c++ (its not public) if you want to message me, i can let you use a copy of it. 

 

[Pudge 24]

On 3/5/2024 at 10:29 PM, Nax said:

why do you wanna see out going packets?

Hi, I just want to check only the one packet (0x1CA), what allows server administration see the name and the username of your pc. I have a bypass, but i am not really sure that it works fine.

15 hours ago, Nax said:

ei wrote my own packet sniffer for wow in c++ (its not public) if you want to message me, i can let you use a copy of it. 

Can it be used as a wrobot plugin?

 

[Nax 7]

So with wrobot plug-in, you’d have to use a detourhook using ASM, wow uses two different send data to server function. One is for public static and other is loaded when warden is loaded. I know that from wotlk below the server don’t get the pc username. For Cata and above I have no clue.

[Droidz 2708]

Hi, I'm sorry, but this cannot be implemented securely with a plugin. By default, WRobot should change the machine name (wotlk) (provided that the game is always launched from the Relogger if you want to hide all time the name of your machine).

[Nax 7]

@DroidzYou are correct, sorry i should of thought of this before i replied. 

So to make a plugin more secure, you would have to hook and spoof Memcheck and PageScan to make sure when they do check if something is detoured. that we send back the right data they seek.