[1.24e] Switching Channel Icons with Packets

[TyranO]

Please bare with me as I am not a good programmer.

How it works:

1. After being injected into game.dll, this code reads the value of the "main lobby" socket of Warcraft 3 using a pointer.
2. It then uses the send() function to send the icon packets I found using a sniffer. Since we are injected inside War3, we are already connected to the socket.

Usage:

Code :

 
send(socket, packet, sizeof(packet), 0);

Pointer and packets:

Code :

 
        HANDLE hProc = GetCurrentProcess();
	DWORD GameDLL = (DWORD) GetModuleHandle("Game.dll");
	DWORD Addr = GameDLL + 0xAE6F3C;
	DWORD Buffer_1 = 0;
	DWORD Buffer_2 = 0;
	SIZE_T BytesRead = 0;
 
	//Pointer to socket = [[6FAE6F3C]+414]+4;
        ReadProcessMemory( hProc, (LPVOID)(Addr), &Addr, 4, &BytesRead );
        Addr += 0x414;
        ReadProcessMemory( hProc, (LPVOID)(Addr), &Addr, 4, &BytesRead );
        Addr += 4;
 
	//Read Socket
	ReadProcessMemory( hProc, (LPVOID)(Addr), &Buffer_1, 1, &BytesRead );
	ReadProcessMemory( hProc, (LPVOID)(Addr+1), &Buffer_2, 1, &BytesRead );
	int socket = Buffer_2 * 256 + Buffer_1;
 
	// tier 1
	char packet[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x32, 0x48, 0x33, 0x57 }; // human
	char packet2[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x32, 0x52, 0x33, 0x57 }; // random
	char packet3[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x32, 0x55, 0x33, 0x57 }; // undead
	char packet4[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x32, 0x4F, 0x33, 0x57 }; // orc
	char packet5[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x32, 0x4E, 0x33, 0x57 }; // ne
	// tier 2
	char packet6[] =  { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x33, 0x48, 0x33, 0x57 }; // human
	char packet7[] =  { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x33, 0x52, 0x33, 0x57 }; // random
	char packet8[] =  { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x33, 0x55, 0x33, 0x57 }; // undead
	char packet9[] =  { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x33, 0x4F, 0x33, 0x57 }; // orc
	char packet10[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x33, 0x4E, 0x33, 0x57 }; // ne
	// tier 3
	char packet11[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x34, 0x48, 0x33, 0x57 }; // human
	char packet12[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x34, 0x52, 0x33, 0x57 }; // random
	char packet13[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x34, 0x55, 0x33, 0x57 }; // undead
	char packet14[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x34, 0x4F, 0x33, 0x57 }; // orc
	char packet15[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x34, 0x4E, 0x33, 0x57 }; // ne	
	// tier 4
	char packet16[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x35, 0x48, 0x33, 0x57 }; // human
	char packet17[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x35, 0x52, 0x33, 0x57 }; // random
	char packet18[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x35, 0x55, 0x33, 0x57 }; // undead
	char packet19[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x35, 0x4F, 0x33, 0x57 }; // orc
	char packet20[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x35, 0x4E, 0x33, 0x57 }; // ne
	// tier 5
	char packet21[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x36, 0x48, 0x33, 0x57 }; // human
	char packet22[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x36, 0x52, 0x33, 0x57 }; // random
	char packet23[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x36, 0x55, 0x33, 0x57 }; // undead
	char packet24[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x36, 0x4F, 0x33, 0x57 }; // orc
	char packet25[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x36, 0x4E, 0x33, 0x57 }; // ne
	// tournament
	char packet26[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x32, 0x44, 0x33, 0x57 }; // tourny 1
	char packet27[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x33, 0x44, 0x33, 0x57 }; // tourny 2
	char packet28[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x34, 0x44, 0x33, 0x57 }; // tourny 3
	char packet29[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x35, 0x44, 0x33, 0x57 }; // tourny 4
	char packet30[] = { 0xFF, 0x44, 0x09, 0x00, 0x0A, 0x36, 0x44, 0x33, 0x57 }; // tourny 5

[XyNoN]

Nice find