V. Based on the introduction of the action simulation technology, we have a certain degree of understanding of the game, and also learned to use action simulation technology to achieve simple action simulation game plug-in production. This action analog game has certain limitations, it only can only solve the use of computers that have been subjected to humanity to complete such regular, cumbersome game movements. However, with the increase of online games, many games require the client action information to feed back the server back to the server, after paying these action information, then send the next game action information to the client, so The action simulation technology will lose its original effect. In order to better "plug-in" game, the game plug-in procedure has also been upgraded, and they will advance the simulation of the game user interface layer to the data communication layer, and the game control sent by the package technology in the client-side blocking game server Packets, analyze packets and modify packets; simultaneously create a packet according to the game data packet structure, and then simulate the client to send to the game server, this process is actually a packet process. The technique of packet is the core technique for implementing the second type of game plug-in. The knowledge involved in the package technology is wide, and there are many implementations, such as blocking Winsock, blocking API functions, block messages, VXD drivers, etc. Here we are also not possible in this article, all packet techniques are described in detail, so two methods most commonly used in the game plug-in: block the Winsock and the Block API function. 1. WINSOCK is known that Winsock is a Windows network programming interface, which is working on a Windows application layer that provides a high-level data transfer programming interface that is not related to the underlying transport protocol. In a Windows system, use the Winsock interface to provide a TCP / IP-based network access service, which is done by the WSOCK32.DLL Dynamic Link Library. It is known from the above that any Windows TCP / IP-based applications must access the network through the Winsock interface, and of course the online game program is no exception. From this we can imagine, if we can control the Winsock interface, control the packet between the game client program and the server will also be easy. According to this idea, the following work is how to complete the control Winsock interface. It can be seen from the above introduction that the Winsock interface is actually a series of functions provided by a dynamic link library, and these functions are accessed by these functions. With this understanding, the problem is better, we can make a similar dynamic link library to replace the original Winsock interface library, implement all functions implemented in Winsock32.dll, and ensure all functions of all functions And the order, the return value type should be the same as the original library. In this self-made dynamic library, we can make a function (such as sending, receiving functions), put the plug-in control code, and finally continues to call the corresponding functional function provided in the original Winsock library, so Sealing functions of blocking, modification, and transmission of network packets can be implemented. The following focuses on the basic steps to create a shutdown Winsock plus program: (1) Create a DLL project, select Win32 Dynamic-Link Library, and select an Empty DLL Project. (2) New files WSOCK32.H, enter the code as follows: 1 Add related variable declaration:
HModule HModule = NULL; // Module Handle Char Buffer [1000]; // Buffer FarProc Proc; // Function Inlet Pointer
2 Define the pointer variable to all of the function addresses in the Winsock library, because the Winsock library provides more than 70 functions, limited to space, where only one common function is selected, and instructions for these library functions can be referred to MSDN related information. / / Define the pointer variable to the original Winsock library function address. Socket (__stdcall * socket1) (int, int, int); // Create a SOCK function. INT (__stdcall * wsastartup1) (Word, LPWSADATA); // Initialize the Winsock library function. INT (__stdcall * wsacleanup1) (); // Clear the Winsock library function. INT (__stdcall * rv1) (socket, char far *, int, int); // receives data functions. INT (__stdcall * send1) (socket, const char *, int, int); // Send a data function. INT (_STDCALL * Connect1) (socket, const struct sockaddr *, int); // Create a connection function. INT (_STDCALL * BIND1) (socket, const struct sockaddr *, int); // binding function. ... Other function address pointers are defined.
(3) New WSOCK32.CPP file, enter the code as follows: 1 Add related header file declaration:
#include
2 Add a DLLMAIN function, first you need to load the original Winsock library in this function and get the address of all functions in this library. code show as below:
Bool WinApi Dllmain (Handle Hinst, Ulong Ul_reason_for_call, lpvoid lpreason_for_call, lpvoid lpreserved) {if (hmodule == null) {// The original Winsock library has been copied as WSOCK32.001. HModule = loadLibrary ("wsock32.001");} else return 1; // Get the address of all functions in the original Winsock library and save, only part of the code is listed below. if (hmodule! = null) {// Gets the address of the original Winsock library initialization function and saves to WSAStartup1. Proc = GetProcaddress (HModule, "WSAStartup"); WSAStartup1 = (int (_stdcall *) (word, lpwsadata)) proc; // Gets the address of the original Winsock library and saves to WSacleanup1. Proc = getProcaddress (HModule i, "wsacleanup); wsacleanup1 = (int (_stdcall *)) proc; // Gets the original creating SOCK function and saves to Socket1. Proc = getProcaddress (HModule, "Socket"); socket1 = (intend (_stdcall *) (int, int, int)) proc; // Get the original creation of the connection function and saved to Connect1. Proc = getProcaddress (HMODULE, "" Connect "); connection1 = (int)) proc; // Gets the address of the original send function and saves to Send1. Proc = getProcadDress (HModule, "Send"); send1 = (int (_stdcall *) (interste, const char *, int, int)) proc; // Gets the address of the original reception function and saves to RECV1. Proc = GetProcaddress (HModule, "RECV"); Recv1 = (int (_stdcall *) (socket, char far *, int, int)) proc; ... other acquisition function address code slightly. } Else return 0; return 1;} 3 Define the library output function, you can add an external control code to our interested function, and call the original Winsock library in the last step of all output functions. Part of the output function definition code is as follows:
// The library output function is defined. // Winsock initialization function. INT Pascal Far WSAStartup (Word WVersionRequired, LPWSADATA LPWSADATA) {// Call the original Winsock library initialization function Return WSAStartup1 (WVersionRequired, LPWSADATA);} // Winsock End Clear function. INT Pascal Far Wsacleanup (void) {Return WSacleanup1 (); // Call the original Winsock library end cleaning function. } // Create a Socket function. Socket Pascal Far Socket (int Af, int type, int protocol) {// calls the original Winsock library to create a socket function. Return Socket1 (AF, TYPE, Protocol);} // Send Packet Function Int Pascal Far Send (Socket S, Const Char * BUF, INT LEN, INT FLAGS) {// This can be performed on the content of the transmitted buffer BUF Modify to achieve a deception server. Plug-in code ... // call the original Winsock library to send packet functions. Return Send1 (S, BUF, LEN, FLAGS);} // receives the packet function. INT Pascal Far Recv (Socket S, CHAR FAR * BUF, INT LEN, INT FLAGS) {// This can stop the server side to send to the client, first saved it into the buffer. STRCPY (BUFFER, BUF); // After analyzing the buffer packet data, it is modified according to the player's instruction. Plug-in code ... // finally calls the received packet function in the original Winsock. Return Recv1 (S, Buffer, Len, Flags);} ....... other function definition code slightly. (4) New WSOCK32.DEF configuration file, in which the declaration of all library output functions is added, some declarative code is as follows:
Library "wsock32" exports wsastartup @ 1 wsacleanup @ 2 Recv @ 3 send @ 4 socket @ 5 bind @ 6 closeSocket @ 7 connect @ 8
... Other output functions declaration code slightly. (5), select "Settings" from the "Project" menu, pop up the Project Setting dialog, select the LINK tab, enter WS2_32.lib in Object / Library Module. (6), compile the project, generate WSOCK32.DLL library files. (7), copy the system directory to the original WSOCK32.DLL library file to the directory of the plug-in, and rename it is wsock.001; copy the WSOCK32.DLL file generated above to the plug-in program. . Restart the game program, at this time, the game program will first load our own WSOCK32.DLL file, and then use the library file to indirectly call the original Winsock interface function to implement access network. Above we only introduce the implementation process of blocking Winsock, as for how to join the plug-in control code, there is also a careful analysis of the plug-in developers to the game data package structure, content, encryption algorithm (this process will be a hard process), Regenerated into an external control code. Regarding packet analysis methods and techniques, it is not the scope of this article. If you are interested, you can check the relevant information.
