Cheat Engine

[souleaper]

Hi, I am quite new to programming proxy. I made a simple packet sniffer.

When i compare the packet from my own packet sniffer and the one I retrieve using wpe pro.

There are additional packets.

These are in my own packet sniffer

DATA: SEGMENT: BYTES: ASCII:
DATA: --------------------------------------------------------------------------
DATA: 0000 50 C7 BF 65 B5 CA 70 F3 95 00 A0 AF 08 00 45 00 P..E..P. ......E.
DATA: 0010 00 2D 4E 84 40 00 80 06 00 00 C0 A8 01 A3 D2 F2 .-N.@... ........
DATA: 0020 F3 65 E4 16 1A 4C 2A 39 CB 75 3B 16 6A FD 50 18 .E...L*9 .U;.J.P.
DATA: 0030 40 19 88 C3 00 00 C7 77 36 45 30 @......W 6E0

and

in WPE pro there are .

only C7 77 36 45 30

if you look at the picture above (nvm i can't post img yet).. if i want to send the same packet to server programmically using Sharpcap or winpcap. How do i deal with the data segment from 0000 to 0030. The only data i see relevance is C7 77 36 45 30, which is the what i need to do.

Thanks.

[atom0s]

You are seeing the packet header which will contain extra information that most packet editors will hide when displayed since its non-important data for the most part.

You can see how the header works live on a site like: https://www.gasmi.net/hpd/

With your packet:

[souleaper]

Thanks,

Is there a quick way to generate this header per individual pc?

[atom0s]

You would need to create a parser for it as the header is built dynamically, in parts.

The first chunk is the 'Link Level' of the packet. Which will have:
- Destination
- Source
- Type

The type field determines what the next chunk in the packet will be.
In the case of the packet you gave above, the Type would be: 0x0800

That states that the next chunk in the packet is going to be an IP Layer 3 'Network Level' chunk/header. So then you would read out the network level chunk from the packet until you hit the next part.

You can lookup information for things like this on sites like:
https://en.wikipedia.org/wiki/Network_packet
https://en.wikipedia.org/wiki/IPv4
http://www.cs.miami.edu/home/burt/learning/Csc524.092/notes/ip_example.html

and so on.

Google has everything you need to walk the packet data.

Each section has a marker in it that tells you what to expect in the section after it. So it makes it pretty easy to follow.

[souleaper]

The last link u showed, was for UDP protocol. Is there a difference in TCP?

i kinda vaguely understand the structure of the packet now.. from link level, to network level, transport layer then application level.

How do normal proxy developer build these structures programmatically ? in c#?

[atom0s]

[souleaper]

Ok, I got most info down to form the packet header..

How do i get the identification number, checksum number? sequence number?

[souleaper]

I will answer my own question.

In order to get the follows

1. Identification number - I need to get the last packet send from adapter to network and extract the identification number and increment by 1.

2. sequence number - I need to get the last packet send from local ip to the game server and according to that packet's payload size.. I have to increase that number by it.

3. Acknowledge number - Is from the last packet coming from the game server and add with it the payload size of that packet.. will be new acknowledge number..

Is that right?