NeuzPE is a semi-working, proof-of-concept, packet editor for the game FlyFF. ("Neuz" being the original name of the game). This was made mainly to see if I could bypass GameGuard via hooking virutal functions, as well as messing around with the Nana C++ GUI library (and Nana Creator for quick layout).
I originally intended to come back and finish/polish this project more (and clean up the awful code), but I've lost interest in it and decided to un-private the repo in a semi-working state as of June/10/2019.
- Clone the repo with submodules:
git clone --recurse-submodules https://github.com/Andoryuuta/NeuzPE - Configure and build Nana:
- Open the VS2017
nana.slnproject inNeuzPE\nana_src\build\vc2017. - Configure release build:
- Go to
Project -> Propertiesand selectConfiguration: ReleaseandPlatform: Win32. - Under
C/C++ -> Code GenerationselectRuntime Libraryand change it to/MD.
- Go to
- Go to
Build -> Batch buildand build for x86 Release.
- Open the VS2017
- Build NeuzPE:
- Open the
NeuzPE.slnin the root directory of the repo. - Select configuration
Release, and platformx86, then build.
- Open the
The built .dll simply needs to be injected into the game process with whatever injector you desire, however it must be injected before the game fully loads GameGuard, unless you have a way to inject it post handle-stripping.
- Note: The GUI will only load after it is able to hook one of the game's DirectPlay socket wrapper classes (for the separate auth/login/world connections). If injected before GG loads, this means the GUI will only appear after you login.
Packets are logged in the format of [SERVER] [PACKET DIRECTION] ... data here ...
E.g. [WORLD] [SEND] FF FF FF FF 71 00 20 02 0D 00 00 00 48 65 6C 6C 6F 2C 20 77 6F 72 6C 64 21
Packet bytes can be replaced with with ?? which will fill in a random byte before sending.
E.g. [WORLD] [SEND] FF FF FF FF 71 00 20 02 04 00 00 00 ?? ?? ?? ??
Recv logging/injection was never implemented, but could be implemented by hooking and calling the Net::CDPMng virtual functions: SysMessageHandler and UserMessageHandler.
The Send packet hook blocks while adding entries into the Nana gui, easily stalling the game when there is a large amount of packets being sent (read: anytime you move ingame). I meant to fix this with moodycamel::ConcurrentQueue or something, but I never got around to it.
If you are trying to use this in the future and the DirectPlay object byte sig scan isn't working, I've included the full disassembly of the function that the sigscan looks for at the bottom of Net.cpp, which includes a couple of strings you should be able to xref in IDA/Ghidra/Binja/Radare/Hopper/REDasm/whatever floats your static disassembly boat.