flat assembler
Message board for the users of flat assembler.

Index > Projects and Ideas > packet editor like wpepro

Author
Thread Post new topic Reply to topic
KevinN



Joined: 09 Oct 2012
Posts: 160
KevinN 10 Apr 2015, 05:00
anyone have anything like this as a private project - something which can intercept packets in an .exe/process targetable way and also to filter/edit and send packets? I'd be interested if you did. WpePro, for anyone who is not familiar was a tool some used on online games to cap and alter packets to cheat etc. seems like it could be used for more than that, like testing for possible security vulnerabilities.
Post 10 Apr 2015, 05:00
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20481
Location: In your JS exploiting you and your system
revolution 10 Apr 2015, 05:02
For which OS?

Current versions of Windows would require a signed driver to access the data stream.
Post 10 Apr 2015, 05:02
View user's profile Send private message Visit poster's website Reply with quote
KevinN



Joined: 09 Oct 2012
Posts: 160
KevinN 10 Apr 2015, 05:05
Windows - Windows 7,8,8.1,10 yea..Guess that's why WPE doesn't work anymore, huh? Question
Post 10 Apr 2015, 05:05
View user's profile Send private message Reply with quote
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1178
Location: Unknown
HaHaAnonymous 10 Apr 2015, 05:10
Quote:

Windows 7,8,8.1,10 yea..Guess that's why WPE doesn't work anymore, huh?

It works if you set up like this:
"Compatibility mode WinXP", "Run as Admin."

It will work buggy, but will work... Last time I checked it in 2013.

That is Microsoft business, let your old programs unrunable so you are forced to buy their latest version. Pure marketing strategy!
Post 10 Apr 2015, 05:10
View user's profile Send private message Reply with quote
KevinN



Joined: 09 Oct 2012
Posts: 160
KevinN 10 Apr 2015, 05:17
HaHaAnonymous wrote:
Quote:

Windows 7,8,8.1,10 yea..Guess that's why WPE doesn't work anymore, huh?

It works if you set up like this:
"Compatibility mode WinXP", "Run as Admin."

It will work buggy, but will work... Last time I checked it in 2013.

That is Microsoft business, let your old programs unrunable so you are forced to buy their latest version. Pure marketing strategy!


Don't think it has anything to do with security issues?
Post 10 Apr 2015, 05:17
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20481
Location: In your JS exploiting you and your system
revolution 10 Apr 2015, 05:17
HaHaAnonymous wrote:
That is Microsoft business, let your old programs unrunable so you are forced to buy their latest version. Pure marketing strategy!
No, it's to protect you from terrorists and save the children from abuse. All you have to do is pay the MS tax and everything will be right in the world again. Smile
Post 10 Apr 2015, 05:17
View user's profile Send private message Visit poster's website Reply with quote
KevinN



Joined: 09 Oct 2012
Posts: 160
KevinN 10 Apr 2015, 05:18
I don't wanna believe it
Post 10 Apr 2015, 05:18
View user's profile Send private message Reply with quote
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1178
Location: Unknown
HaHaAnonymous 10 Apr 2015, 05:21
Quote:

Don't think it has anything to do with security issues?

I will tell you why it does not work properly on Windows above XP:

The last time I checked, the technique used by WPE, which was to patch the send and recv functions to intercept the parameters and read the packet being sent was changed in Windows 7, for example and the hook doesn't work properly. So it is injecting erroneous code to the process.

That is last time I checked. Running as Compat. Mode Fixed the problem as I can remember...

Not sure.
Post 10 Apr 2015, 05:21
View user's profile Send private message Reply with quote
KevinN



Joined: 09 Oct 2012
Posts: 160
KevinN 10 Apr 2015, 05:25
I'm confused. If to succeed in something like this now requires signed drivers how does it work in XP compatible mode?
Post 10 Apr 2015, 05:25
View user's profile Send private message Reply with quote
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1178
Location: Unknown
HaHaAnonymous 10 Apr 2015, 05:28
Quote:

If to succeed in something like this now requires signed drivers how does it work in XP compatible mode?

WPE has no drivers as far as I can remember.
Post 10 Apr 2015, 05:28
View user's profile Send private message Reply with quote
KevinN



Joined: 09 Oct 2012
Posts: 160
KevinN 10 Apr 2015, 05:29
HaHaAnonymous wrote:
Quote:

If to succeed in something like this now requires signed drivers how does it work in XP compatible mode?

WPE has no drivers as far as I can remember.


I don't recall anything like that either. Does it just hook the target program and monitor/alter/add to the winsock calls? I'm not really sure how it works/worked.
Post 10 Apr 2015, 05:29
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20481
Location: In your JS exploiting you and your system
revolution 10 Apr 2015, 05:29
I may have erred in my assumption. Perhaps it is possible to register a system wide DLL and use that to inject/patch each process on the fly. I never realised that XP compatibility mode would permit that though.
Post 10 Apr 2015, 05:29
View user's profile Send private message Visit poster's website Reply with quote
KevinN



Joined: 09 Oct 2012
Posts: 160
KevinN 10 Apr 2015, 05:33
revolution wrote:
I may have erred in my assumption. Perhaps it is possible to register a system wide DLL and use that to inject/patch each process on the fly. I never realised that XP compatibility mode would permit that though.



Hmm now I gotta redownload that old thing and take a look and see if I can "get it".
Post 10 Apr 2015, 05:33
View user's profile Send private message Reply with quote
KevinN



Joined: 09 Oct 2012
Posts: 160
KevinN 10 Apr 2015, 05:34
Anyone here every recreate the functionality like it had - on XP or whatever version of windows?
Post 10 Apr 2015, 05:34
View user's profile Send private message Reply with quote
KevinN



Joined: 09 Oct 2012
Posts: 160
KevinN 10 Apr 2015, 05:38
There are two dlls in the package. SetPriv.dll and WpeSpy.dll. Found some kind of premature open source packet editor project in c# too; www.packeteditor.com
Post 10 Apr 2015, 05:38
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.