Wednesday, January 20, 2016

Reverse Engineering Online Games - Dragomon Hunter

Creating a Packet Logger for
Dragomon Hunter

Disclaimer: The reverse engineering of Dragomon Hunter has been done for educational purposes only. I do not condone that the information provided below be used for any type of malicious purpose. Any exploits found have been sent to Aeria Games or have already been fixed.

Overview:

In my first post, I'm going to demonstrate how to reverse engineer and create a packet logger and editor for the game Dragomon Hunter. Maybe in a future blog post I'll demonstrate how to send your own packets.
Starting with the packets is the easiest way to find the functions necessary for creating a bot that has the ability to move, buy items, find exploits, and whatever else you would like to do.
Dragomon Hunter is a new MMORPG published by Aeria Games. The methodology used here can be applied to any game, although most games today now come packaged with very intrusive anti-cheat softwares such as nProtect GameGuard, AhnLab HackShield, or XIGNCODE3. 
These anti-cheat softwares function similar to anti-virus software by scanning for known patterns of detected cheats and close the game if you are running any type of software that it deems to be cheating software. They also usually have a kernel mode driver that prevents you from using analysis software such as Ollydbg or Cheat Engine by hooking certain APIs in Ring 0 to stop you from using APIs such as OpenProcess, ReadProcessMemory, and WriteProcessMemory in Ring 3. (These APIs are often used for analysis.) Furthermore, these anti cheats use anti-debugging techniques and also run memory integrity scans to make sure you have not modified any of the code of the anti cheat or the game being protected. 
The easy way to get around these anti cheats would be to stop them from running, but 95% of the time, about 1-5 minutes into the game, you will be disconnected from the game server. This is because most anti cheats have what is often called a "heartbeat packet" to make sure the anti cheat is still running. The server sends a packet to your client with some data, which then calls a function of the anti cheat to run some algorithm depending on the anti-cheat, returns the correct data, and from there the data is sent back to the server. If the data sent back to the server is incorrect or not sent at all, you will be disconnected. It works similar to how software you might install requires a license key. If you insert an incorrect key, the software will not run. However, with these anti cheats, the code is usually heavily obfuscated and run under Virtual Machines with custom bytecode, making the algorithms very difficult to reverse.
You can read more about how this works in a paper specifically written for nProtect Gameguard by E.T. at the forum unknowncheats.me here: Defeating and Emulating INCA's nProtect GameGuard
In a future blog post, I will write about my analysis of and how to bypass the anti cheat XIGNCODE3, also known as the self-proclaimed "World's #1 Anti-Cheat." (one of the referenced strings in the anti cheat...)
Dragomon Hunter is an MMORPG overrun with bots farming gold, does not have any type of anti-cheat software, not packed, does not contain obfuscated code, and I figured it would be a good start for those looking to learn how to get into reversing online games and reverse engineering in general. So, let's get started!

NOTE: As of 1/28/16, Aeria Games added XIGNCODE3 to Dragomon Hunter which will stop you from doing the analysis shown below if you do not know how to bypass it. Currently, there is not a "heartbeat" packet which can be easily defeated by finding the function that initializes XIGNCODE3 and modifying it to return true without executing the initialization.
(As simple as placing mov eax, 1 and a return at the top of the function.)

What You Will Need:
Analysis:

WARNING: If we were analyzing some type of malware, the process I demonstrate below would be different and should be run under VMWare so you do not infect your computer. However, since this is from a trusted source, Aeria Games, it is not necessary in this case.

First, please make sure that Dragomon Hunter is updated to the latest version by running the launcher. 



Open Keygener Assistant, click the "Scanning" tab, and browse for Game.bin in the folder that you installed Dragomon Hunter. You will have to make sure that the drop down that says "Files of type:" has "All Files" selected or you will not find the file in Keygener Assistant as shown in the photo below. (Although it has a .bin extension, it is an .exe file according to the PE header)



Keygener assistant shows us that the Game.bin file is not packed and gives us the offsets of all the hash and crypto signatures it detected as well as the compiler used. Let's throw the game in IDA Pro to continue our analysis.





































IDA Pro analyzes the game properly and none of the code seems to be obfuscated.






































Imports section is in tact, not obfuscated.






































Strings do not appear to be encrypted either.

In most cases, if you were analyzing malware instead of a game, you would need to do further analysis to verify what I stated above.

The game appears to be created using the Gamebryo Game Engine (http://www.gamebryo.com/) from previous reversing knowledge of games I have obtained over the years and can also be concluded using the referenced strings in IDA as shown in the photo below.


When I'm analyzing online games, one of the first things I like to do is run the IDA Function String Associate plugin by Sirmabus. This plugin creates a comment at the top of each function which contains a referenced string. In IDA, press ALT+6 and the menu shown in the photo below will show.


Click "Continue" and the plugin will start analyzing. This could take a while as games can be very large. This game is only about 14MB so it should not take so long. After, you should see comments above each function that references a string as shown below.



Now that we've got all that settled, let's get to our main goal of creating a packet editor. The question is, where do we start? There are many different paths we can take in order to find the functions for sending and receiving packets. 
One type of methodology you could use would be to find a pointer some member, such as player coordinates, that would probably be used in a packet being sent to the server. You could then find our what code accesses this pointer, move your character, and trace until you find the code responsible for sending the player movement packet.
The best method is to start from the end. What do I mean by that? Since we are running on Windows, the last place the packet will end up if we are sending or the first place it will appear if we are receiving will be one of the Winsock functions exported by ws2_32.dll. So, I will demonstrate how to trace back from one of these functions to before the packet is encrypted on send and possibly in the future make a post on how to log received packets after they are decrypted.

Winsock Send APIs:
Winsock Receive APIs:
Now, let's check which of these functions the game imports. (The easiest way is to sort the imports by "Library" in IDA and scroll down to WS2_32)


Here we can see the game uses WSASend for sending packets and WSARecv for receiving packets.

Let's start with the send packet function by looking at the references to WSASend.


It appears there are two functions that call WSASend. Let's look at something I found in the first function.



If WSASend fails with a return value of -1 or 0xFFFFFFFF in hexadecimal, it will continue execution to WSAGetLastError and return from this function with a value of 0, meaning that the function returned false which will probably result in the game closing due to a packet error. If WSASend returns 0, meaning the packet was sent correctly, the game will jump and execute the code below.

There is a call to WSAAsyncSelect below the call to WSASend. I'm going to take an educated guess that there is probably more than one open connection when the game is running, maybe two since there are two functions that call WSASend. Seeing as how the parameter for the buffer count on WSASend is always 1, the game could also be using WSAAsyncSelect to let the game know the packet has been sent successfully to let the next packet be sent as well as maintain the order of the packets.

The line that has "mov [esi+288Ch], eax" before the call to WSAAsyncSelect is interesting as well. Maybe it is some type of mutex or member of the network structure or class that has to be set before another packet can be sent.

Let's look at the second function that calls WSASend.


call    ds:WSASend
cmp     eax, 0FFFFFFFFh
jnz     short loc_F1E730

Here we can see something similar to the first function. If we look further above in the function, we can see another call to WSAAsyncSelect.



mov     [eax+288Ch], esi

Again, we find what is probably same member of some network class or structure located at the pointer +0x288C. I am pointing this member out because we could possibly place a breakpoint via the memory viewer in Ollydbg at this address and trace back from a member of the network pointer.

At this point, I would like to start analyzing the game dynamically using Ollydbg. So, load up the game and attach Ollydbg to Game.bin.

Place a breakpoint on WSASend as shown below. (You can use the hotkey F2 in Olly to set a breakpoint)



I usually trace back by using the chat function of the game. Type "hello" into the game and press enter. Ollydbg will break on WSASend and you should see something similar to the photo below on the stack. (Also, make sure you do not leave the breakpoint on for too long or you will get disconnected from the server.)


Now, let's check if the packets are encrypted. Follow the address to the pointer of the WSABUF array. (pBuffers) In my case, this would be 0x0018FC10. 

Here's what a WSABUF struct looks like in C++:


"len" is the length of the buffer and "buf" is a pointer to the buffer. Seeing as we only have one buffer, (nBuffers = 1 and also shown before in IDA) the array would look like:
0x0018FC10 (pBuffers) + 0x00 = the length of the buffer (0x0018FC10)
0x0018FC10 (pBuffers) + 0x04 = pointer to the buffer (0x0018FC14)

Why do we add 4 to get to the pointer of the buffer? An unsigned long in 32-bit software has a size of 4 bytes. The pointer to the buffer is also a 4 byte address. 


Here we can see that the buffer has a size of 0x19 or 25 in decimal. The buffer is stored at 0x180C4940. Now let's follow the buffer in the memory view. I typed "hello" into the chat so if we can see this in plain text where the buffer is stored, it could be possible that the packets are not encrypted and our job of logging send packets could be finished.


It appears that the packet has most likely been encrypted as you cannot see "hello" in the ASCII section of the memory viewer. This is often the case in online games these days, although I have seen some today that still do not encrypt their packets.



Here's what happened when I typed "hello" again.


Well, that's interesting. It appears the encryption uses an initialization vector (IV) or starting variable (SV) which is why the output of the buffer is not always the same even though we are sending the same packet with the same data but the first two bytes of the buffer was the same. (0x17 0x00)

Let's try to send "hello1" and see what happens.


The "17 00" changed to "18 00" which might mean the first two bytes of the packet structure is most likely the packet size.

Now that we are aware the packets are encrypted, we are going to try and trace back to a function that takes the buffer before its encrypted and the size of the buffer so we can place our hook here to log the packets sent to the server. Usually the best place for this is right before the call to the function that encrypts the buffer. To do this, let's place a breakpoint on WSASend again, send a chat packet, and look at the stack to find the return address of the function. The return address will be the value at the top of the stack as shown above in the photo where we placed a breakpoint on WSASend the first time.

Ollydbg shows that the call was made from the second function we analyzed in IDA. Follow this function until the return to see where the function was called from.


If the packet was sent successfully, the function jumps to the end and if we trace further we end up in the WindowProc callback. It does not look like we are going to be able to trace back to the buffer before it is encrypted from here.

It appears that the game uses a window message to notify whether a packet is ready to be sent or has already been sent. There have been multiple instances using WSAAsyncSelect using the message parameter 0x9C40 to send a window message and in the photo above you can see a call to PostMessageW using a different message parameter of 0x9C41. Since the PostMessageW above only executes if the packet does not get sent, I am getting message 0x9C41 notifies the game that the packet was not sent.

Let's place a breakpoint on WSAAsyncSelect.


Go to the address that calls WSAAsyncSelect in Ollydbg. Let's take a look at this function.


This function looks interesting because of the call to WSAAsyncSelect and the pointer, assumed to be for their network class / struct, found in the ESI here is the same as found in the function that calls WSASend.

From my experience and reading the code, the calling convention of this function is a "thiscall" since the network pointer gets passed into the ESI via the ECX register at the top of the function and it has one other parameter that can be seen by the RETN 4 at the end of the function. Keygen Assistant told us that the game was compiled using MSVC++ which would mean that the "this" pointer, also known as our network pointer, is passed in the ECX and the function is responsible for cleaning the stack.

If we read the assembly code, it appears the second parameter is a pointer to a structure.

Place a breakpoint at the top of the function and let's analyze the parameter that's pushed onto the stack.


In the photo above, the pointer to the structure is shown. I will explain what the structure looks like below, but for now if we follow the second member of the structure in the memory view, let's see what we get.


Look there! We have the packet buffer before it was encrypted. There is also the 0x0017, size of the buffer, at the beginning of the packet from before when we sent "hello" and looked at the encrypted buffer.

The structure looks like the first parameter could be some hash of the buffer or some type ID used for clean-up later, the second member points to the beginning of the buffer, the third member is a pointer to the end of the buffer, and the fourth member looks like it could be a pointer to the end of the memory that was allocated for the buffer. If we subtract the second member from the third member (0x0E680279 - 0x0E680260) we get 0x19, which is the size of the entire buffer including the first two bytes that the server eventually reads. 

Let's test to make sure that this is actually the buffer before it gets encrypted. Modify the "hello" in the memory view to "hell1" and see what appears in game.



It appears that we successfully modified the buffer before it was sent to the server since the game does not show a message until you receive a chat packet.

In order to create a packet logger from here, you could simply place a jump to a callback in your code that will print out the contents of the packets. Looks like our job here is done!

What can be accomplished with this?

Now that you are successfully able to log and modify packets, you can analyze as well as modify the data sent between your client and the server. You can take it a step further and figure out how to send your own custom packets or even create your own custom game client by reversing the packet encryption. (Hint: The encryption function is called directly in the function I demonstrated above.) This often leads to finding exploits in the game by sending data not normally sent by the game client to accomplish things not intended by the developer of the game. You can also use the packets to trace back to functions such as chatting, moving, buying items, and more by directly calling the game functions instead of sending keystrokes. 

I will demonstrate a simple and very common exploit found in online games that I found while writing this blog post. Most online games today have some sort of "swear" filter because the game providers do not want you to curse at other players.

Here's what happens if we say the word "shit" in game.




The game compared the text I wrote against the swear filter and replaced it with garbage. Let's see what happens when I modify the buffer to actually say "shit."




It appears the game client is in control of the swear filter and I was able to send the word "shit" to the server. This is just one of the many exploits that can be accomplished. Playing around with the packets also accidentally led to crashing the channel I was logged into, along with the rest of the players, but this exploit was fixed within a few hours.

Conclusion

Game companies, as well as any other company, should put more effort into their cyber security. The best practice is to give the end user the least amount of control over what they are able to do. Instead of having the swear filter controlled by the game client, it should be controlled by the server. There will always be people trying to exploit, attack, and hack which can only be stopped with good security. Game companies often receive tons of complaints about people hacking, cheating, and botting which in turn leads to the players quitting, meaning the game company loses money. Unfortunately, most game companies tend not to spend money or focus on security. They often place one of the anti-cheats named above in the introduction to combat cheaters. This practice usually only stops the most novice of hackers and instead should focus more on the security of their servers. 

I hope you enjoyed and maybe learned a thing or two from my first post. In the future, I will also be posting about reverse engineering malware, cyber security, and reverse engineering other online games.

Please feel free to send me an e-mail at 0xbaadf00dsec@gmail.com or post a comment here on my blog.

112 comments:

  1. Hi, very informative but can you help me with xigncods3. They added it and I can't figure out how to bypass it.

    ReplyDelete
    Replies
    1. Hi! Thanks for reading my blog. I'll make another blog post on how to bypass XIGNCODE3 for Dragomon Hunter as it's very easy since there is not a heartbeat packet.

      Delete
  2. Thanks for the blog post. I've never RE anything, but have always wanted to get into REing games.

    I thought placing the breakpoint on WSASend to find the chat messages was interesting, but why didn't regular game packets hit the breakpoint (wouldn't the game have to send a bunch of non-chat related packets just as a heartbeat/or at least packets of acknowledgment of regular gameplay packets?) (Or was it just because the frequency of those were pretty low? If this is the case and there was constant network activity, but you still wanted chat packets to work with so it'd be easier to analyze, what would you do differently? (or would you go about a different way to figure out their protocol?)

    ReplyDelete
    Replies
    1. Hi,

      You bring up some very good points that I didn't cover here. Regular game packets DO hit the breakpoint, but the frequency is low. There are some types of ping/pong packets and other ones that would be sent. I purposely do not hold a breakpoint for too long or you will end up disconnected from the game.

      If there was constant network activity, I would probably have hooked WSASend and logged the data as well as the return address via the stack. This process takes a lot longer as there is coding involved, a larger knowledge of x86 assembly is needed, and you would have to create custom jump hooks for each function that you are tracing back from.

      I hope this helps and thanks for reading my blog!

      Delete
  3. hi can you create how to bypass xigncode heartbeat in garena point blank?

    ReplyDelete
  4. Hi. can you make bypass from GDMO Global Digimon Monster Online?
    Because I need bypass for playing it in my linux. thank you

    ReplyDelete
  5. Great guide, any chance you could provide a mediafire link to Keygener Assistant v2.0 the ones in that page doesn't work? I am currently trying to find the same for Aura Kingdom.

    ReplyDelete
  6. I can be contacted via facebook or not?

    ReplyDelete
  7. In my first post, I'm going to demonstrate how to reverse engineer and create a packet logger and editor for the game Dragomon Hunter. Maybe in a future blog post I'll demonstrate how to send your own packets. bus simulator free download full version

    ReplyDelete
  8. oi brother tem skype ai? preciso de fazer um reverse em um game. pagando pelo trabalho.
    obrigado desde ja.

    ReplyDelete
  9. Can help me do RE to other game client please !!

    ReplyDelete
  10. Can help me do RE to other game client please !! or Work with me ? if accept please replay me back for we discuss

    ReplyDelete
  11. Hi can you help me to bypass XIGNCODE3 for Microvolts there are a few bypasses but when i use it the game crahses in like 10 - 15 mins add me on skype jonathan13322

    ReplyDelete
  12. Nice article dude. I am M-i-K-e @ UC

    ReplyDelete
  13. ROBLOX is powered by a growing membership base of more than 300,000 creator players who generate an infinite variety of highly immersive experiences.

    These experiences range from 3D multi-player games and competitions, to interactive adventures where players can take on new personas exploring what it's like to be a dinosaur, a miner working a mine or an astronaut on a space exploration.

    ReplyDelete
  14. The stories are indeed interesting and they have entertained me in addition to learning new writing and formatting styles displayed by the writers. I would like to congratulate them for the job well done and I will be recommending this site to our professional writers who offer Strategic Quality Management Research Paper Writing Help to college and university students so that they can learn new writing skills from the shared articles.

    ReplyDelete
  15. Hey there Jay, thanks for the guide but for someone like me with almost no experience in programming or RE you lost me at the beginning of ollydbg part. I really want to learn and understand this but it's very difficult with all the jargon and lack of detailed explanation like eli5. Do you recommend any sources to a newb for getting a hold of basic concepts and terminologies with examples so this Wizardry would make more sense?

    ReplyDelete
  16. So, what can we do with heartbeat GameGuard?

    ReplyDelete
  17. Those two great senses best for user. So am i and take advantages from that. I run multiple clients from my computer. I tested with 36 clients and i not know the limit. Of course im not manually pilot my character. Just let bot do it works. growtopia gem generator

    ReplyDelete
  18. Positive site, where did u come up with the information on this posting?I have read a few of the articles on your website now, and I really like your style. Thanks a million and please keep up the effective work. reverse cell phone number lookup

    ReplyDelete
  19. Click bgames play free online games now. It is certain that Fortnite will maintain its 'top of the world' success for quite some time. Fortnite is on the top of the world, creating the surprise of being the most successful free-to-play console on the console ever since (previously in a similar position on a PC).

    The race for the royal battle between Fortnite and PUBG may have been quietly won by Fortnite when the number of PUBG players constantly decreases, while Fortnite is the opposite. Fortnite is probably supported on many platforms, and the Fortnite gameplay style is well suited to a variety of players who just want to find moments of leisure in their free time; PUBG is for players who play more serious games, want to skill and skill in the game.

    More games: https://123gamesfree.com/

    ReplyDelete
  20. It is one of the most popular bingo apps around. It is one of the many Facebook bingo apps that you can use to play bingo online without paying. steemit.com offers some in-depth insights on Bingo bash free chips.

    ReplyDelete
  21. Very nice blog, thanks for this post and I have some special things for you. If you are finding something to relax, Blue Box cool math; spaceman 8 will be my best recommendation for you. Let’s play and get more deep relaxation!
    Beside, you can try cool math games 60 second burger run . Now, you can completely play this addicting fun game on your mobile. Have fun!!!!

    ReplyDelete
  22. If you take a close look at any internet poker room you are certain to discover many different satellite tournaments too much bigger prizes. Learn about scuttlenet on www.scuttlenet.com.

    ReplyDelete
  23. Thanks your tutorial is very helpful.. There is a game i am trying to find the packet encryption function. I am able to trace the encrypted packet, but going backward is the problem and i am unable to find the pre-encrypted packet. Using cheat engine alone doesn't seem helpful enough. I guess i can try tracking WSAAsyncSelect instead.

    From your experience what is the reason why some packets sent are different even if the same thing was done in game? for example if i am moving my character. the packet should hold x, y position of the current position then x, y of the new position. and maybe a map id. Do packet tends to add DateTime as an attribute?

    ReplyDelete
  24. Your posts are my cup of tea. I'm interested in your articles. I always read them everyday and wait for incoming ones. It's because your posts are interesting.
    Mr.Paul amazing games || My Coloring Book jogos online || Brealk The Cup unblocked games 2 player

    ReplyDelete
  25. This comment has been removed by the author.

    ReplyDelete
  26. This comment has been removed by the author.

    ReplyDelete
  27. I learn some new stuff from it too, thanks for sharing your information.
    Skywardgames

    ReplyDelete
  28. Amazing Article great work go ahead yet hold up hold up pause... I have another article like this observe here, Today we’re going to talk about How do you get free Robux hack? Roblox Hack - Free Robux Codes Hack Generator


    ReplyDelete
  29. Here are the Girls Room/The Boys Room. Power Rangers. Best Friends Forever. Mermaid To Be Friends Forever. The Friendship Ship. The Chamber of Secrets. All the Single Ladies. Funny Group Chat

    ReplyDelete
  30. Niza uno. La gente está tomando conciencia de este tipo de tema y me gustaría agradecer al autor por haber escrito este tipo de artículo para el beneficio de las personas y también algunos temas como generador de códigos en vivo de Xbox

    ReplyDelete
  31. Management games and Strategy games are some categories of online entertainment. There are umpteen games online for your enjoyment. https://bittmint.com/gnation-announces-new-monetization-options-gamers-developers-plus-blockchain-based-digital-identity-solution/565/

    ReplyDelete
  32. here is very general and the huge knowledgeable platform has been known by this blog. I reality appreciate this blog to have such kind of educational knowledge.I am sharing related topic which is mostly important for Finding Apps on Google Play

    ReplyDelete
  33. Very nice blog, thanks for this post and I have some special things for you. Earn Robux for FREE. Don't like doing long surveys? Install apps on your phone or tablet to earn FREE Robux. Here You Go

    ReplyDelete
  34. I wanted to thank you for this great read!! I definitely enjoying every little bit of it I have you bookmarked to check out new stuff you post. If you have time you can check https://www.scoop.it/topic/free-gift-cards-by-henry-carl

    ReplyDelete
  35. We want every custom written college papers client to have the chance to receive the help they need with their academic work, and because of that, all nursing writing services are affordable and quality essays.

    ReplyDelete
  36. This post is very simple to read and appreciate without leaving any details out. Great work!
    Visit Earn Robux!

    ReplyDelete
  37. Aquí es muy general y la gran plataforma de conocimiento ha sido conocida por este blog. Realmente aprecio que este blog tenga ese tipo de conocimiento educativo. Estoy compartiendo un tema relacionado que es sobre todo importante para encontrar Robux gratis

    ReplyDelete
  38. here is very general and the huge knowledgeable platform has been known by this blog. I reality appreciate this blog to have such kind of educational knowledge.I am sharing related topic which is mostly important for If you have time please check my work

    ReplyDelete
  39. Thanks for sharing your work. It was nice experience to read your article. Do visit my site https://sites.google.com/view/robuxmaniafreerobux

    ReplyDelete
  40. I wanted to thank you for this great read!! I definitely enjoying every little bit of it I have you bookmarked to check out new stuff you postVisit My Blog

    ReplyDelete
  41. Starting with the packets is the easiest way to find the functions necessary for creating a bot that has the ability to move, buy items, find exploits, and whatever else you would like to do and one more intresting topic is 7 Cool Things You Can Get through iTunes for Your Mac

    ReplyDelete
  42. Your articles make whole sense of every topic.mu online

    ReplyDelete
  43. I just got to this amazing site not long ago. I was actually captured with the piece of resources you have got here. Big thumbs up for making such wonderful blog page! hackarcadegame.com

    ReplyDelete
  44. Thank you very much for writing such an interesting article on this topic. This has really made me think and I hope to read more. capsa online

    ReplyDelete
  45. I really appreciate your article. the post has excellent tips which are useful. this post is good in regards of both knowledge as well as information Google Play Gift Card Generator

    ReplyDelete
  46. One of the most fun games lately are dirt bike games! Many people find them very entertaining and fun including myself. My very best kind of dirt bike games is Max Dirt Bike 2 which have 30 levels.
    Games

    ReplyDelete
  47. Thank you very much for writing such an interesting article on this topic. This has really made me think and I hope to read more.https://www.cgmimm.com/articles/can-my-phone-play-diablo-immortal

    ReplyDelete
    Replies
    1. Thank you very much for writing such an interesting article on this topic. This has really made me think and I hope to read more.Diablo Immortal

      Delete
  48. Okay i want to get some online strategy game, like Warcraft. i searched in internet and one of the best strategy games are Civilization, Total War, Starcraft, etc... so i want your advice which is good.
    Games, Video Games

    ReplyDelete
  49. Nice post! Thanks for sharing this information. Looking for help with thesis or dissertation data analysis? Get online qualitative and quantitative data analysis services from the leading Research Projects Writing Company at an affordable cost. Our experts are available 24/7.

    ReplyDelete
  50. Something I’ve struggled with when writing pieces to help support emotional health and relationships during this pandemic is how to be helpful while honoring everyone’s experience. Many are relatively comfortable while sheltering in place as they weather the storm and have the “luxury” of time to practice self-care or contemplate silver linings.
    Shaming the Rice Purity Test

    ReplyDelete
  51. http://www.igetsolutions.in/packers-and-movers-aurangabad
    http://www.igetsolutions.in/packers-and-movers-gaya
    http://www.igetsolutions.in/packers-and-movers-kolkata
    http://www.igetsolutions.in/packers-and-movers-ahmedabad
    http://www.igetsolutions.in/packers-and-movers-hyderabad

    ReplyDelete
  52. If there was constant network activity, I would probably have hooked WSASend and logged the data as well as the return address via the stack. This process takes a lot longer as there is coding involved, a larger knowledge of x86 assembly is needed, and you would have to create custom jump hooks for each function that you are tracing back from.
    Shaming on-Rice Purity Test?

    ReplyDelete
  53. This being said, I still don’t believe that a whole university will be unable to change the system Do you think that the students are ever involved in the designing of the systems? assignment expert

    ReplyDelete
  54. I recently came across your blog and have been reading along. I thought I would leave my first comment. I don’t know what to say except that I have enjoyed reading. Nice blog, I will keep visiting this blog very often free xbox gift cards

    ReplyDelete
  55. Incredible post! I am really getting prepared to over this data, is exceptionally useful my companion. Likewise extraordinary blog here with the majority of the significant data you have. I am sharing related topic which is most important on How do I create a hat on roblox?

    ReplyDelete
  56. hiiiiii i read this article this article is very helpful to me, but i have also something for you free live sex just try this

    ReplyDelete
  57. also try for few tags which is very usefull to you during this lockdown period ,enjoy friends,free sex,dating aap,live sex,dating sex partner

    ReplyDelete
  58. Good information, hope more of this in future :)
    mu online

    ReplyDelete
  59. This is my first time i visit here. I found so many entertaining stuff in your blog, especially its discussion.
    From the tons of comments on your articles, I guess I am not the only one having all the leisure here! Keep up the good work.
    I have been meaning to write something like this on my website and you have given me an idea. also, you can check free Robux Generator

    ReplyDelete
  60. This article gives me lots of advice it was very helpful for me! I liked Ronald Axtell work check it

    ReplyDelete
  61. Nice post, I like your article, great way of explanation. Looking for more articles like this, Also check my website issuing bank for visa

    ReplyDelete
  62. Lahore Smart City is going to be the best choice for commercial, investment and residential point of view. The scheme will have everything to attract national and international investors. In return, investors will get high revenue. On the other hand, the housing society is equipped with state of the art facilities. The facilities are just dream of come true for the people of Lahore. Peace, safety and eco-friendly behaviors Future Development Holding hires and corporate’s with world-class developers, architectures and planners. This Smart City Lahore will have golf clubs and fields designed by experienced and world-recognized designers.

    ReplyDelete

  63. This is very interesting blog and very helpful for newcomers . Thanks for sharing this great and helpful information . I am a gamer and I would like to suggest to you something which
    which is really interesting . You may Visit here

    ReplyDelete
  64. I get very helpful and useful information from your site . It aslo helpful for newcomers , keep going . I am a gamer and I would like to suggest to you something whichis really interesting . You may Visit here

    ReplyDelete
  65. The information you have posted is very useful. The sites you have referred was good. Thanks for sharing
    visit here

    ReplyDelete
  66. This is extremely helpful info! Everything is very interesting to learn and easy to understand. Take the given information. visit my article about Minecraft
    Click Here

    ReplyDelete
  67. Want to buy a plot or house please contact with us housing societies are mentioned below just click now;

    Capital Smart City
    Capital Smart City
    Nova City Islamabad

    ReplyDelete
  68. This comment has been removed by the author.

    ReplyDelete
  69. This comment has been removed by the author.

    ReplyDelete

  70. Blue World City Islamabad is a project of Blue Group of Companies Owned by Saad Nazir, Son of ex-Deputy Commissioner Lahore Ch. Nazeer. Blue Group of Companies has signed an M.O.U with Shan Jian Municipal Engineering Company from China for its development.
    The BWC is located on the main Chakri road in MozaSihal. Apart from main access from Chakri Road, the BWC is located at the edge of Lahore – Islamabad Motorway enjoying close proximity to the CPEC route, New Islamabad International Airport, and the Chakri Interchange. The developers of BWC are set to develop this project on more than 60000 Kanals which has enough room to create
    access from all major roads of Rawalpindi and Islamabad in future.
    For more visit: https://dreamlandmkt.com/blue-world-city-islamabad/

    ReplyDelete
  71. Capital Smart City Islamabad is a joint project between Future Developments Holdings and Habib Rafiq (Pvt). Habib Rafiq Pvt. is a well-known company in the Real estate industry of Pakistan.
    The Capital Smart City Islamabad (CSCI) is located in the Rawalpindi Region of Islamabad, near the new Islamabad International Airport. The society is located at Lahore-Islamabad Motorway at a distance of 9.2 km from M-2 Toll Plaza near the Thalian interchange. Located on the eastern route of CPEC, it is only 5-6 minutes away from the new Islamabad airport.
    For more visit: https://dreamlandmkt.com/capital-smart-city-islamabad/

    ReplyDelete

  72. Park View City is a housing society located in the heart of Margalla Hills.
    The society is directly connected with the current Kurri Road through Malot Road. This gives the society direct access from Islamabad’s park road and makes it an easy 15 minutes drive to Islamabad Blue Area. Also, from the eastern end, the Simli Dam Road connects with Malot Road that gives the society easy access to BharaKahu and beyond.
    For more visit: https://dreamlandmkt.com/park-view-city-islamabad/

    ReplyDelete
  73. Nova city Islamabad is the project of very well-known and famous real estate developers Nova city developers.
    Nova City Islamabad is located in the prime location of Islamabad and Rawalpindi. The society’s main entrance has direct access to Ring Road Rawalpindi and other side along with the CPEC route. The society’s location is the central place because it offers easy accessible to Islamabad and Rawalpindi to its residents.
    For more visit: https://dreamlandmkt.com/nova-city-islamabad/

    ReplyDelete
  74. https://imarahmarketing.com/https://imarahmarketing.com/blue-world-city/

    ReplyDelete
  75. Awesome article! It is in detail and well formatted that i enjoyed reading. which inturn helped me to get new information from your blog. I am sharing related topic which is mostly important for
    What is Satta Matka.

    ReplyDelete
  76. awesome artical and informative , its very helpful for us ,https://imarahmarketing.com/

    ReplyDelete
  77. Thank you because you have been willing to share information with us. we will always appreciate all you have done here. I also have something for you. you can Check here

    ReplyDelete
  78. This blog is very nice.I appreciate your work.I found some interesting stuffs.you can also click here
    Click Here

    ReplyDelete
  79. Very interesting, good job and thanks for sharing such a good blog. Your article is so convincing that I never stop myself to say something about it. You’re doing a great job.click here
    Check here

    ReplyDelete
  80. Very interesting, good job and thanks for sharing such a good blog I am using this White screen to test my screen

    ReplyDelete
  81. I am actually grateful to the holder of this website who has shared this fantastic article at here.

    Regarding
    https://sourav-halder.com/

    ReplyDelete
  82. hey all, I used to be just checkin¡¯ out this blog and I actually admire the basis of the article, and don¡¯t have anything to do, so if anybody would like to to have an engrossing convo about it, please contact me on AIM, my name is heather smith here

    ReplyDelete
  83. It contains wonderful and helpful posts. Keep up the good work !. Thank you for this wonderful Article! You can also check BSL Shaders for mac . It's perfect shader pack for Minecraft.

    ReplyDelete
  84. Sharetipsinfo is known for providing highly accurate Indian stock market tips which covers Cash tips, F&O intraday tips, Nifty intraday tips, Mcx intraday commodity tips and Share market tips with high accuracy.

    ReplyDelete
  85. Hopefully this blog will provide many benefits for many people

    Alfatogel
    Aseantogel
    Login BK8

    ReplyDelete
  86. Very interesting, good job and thanks for sharing such a good blog. Your article is so convincing that I never stop myself to say something about it. Here I have one of the best Download DeSmuME emulator for your PC to enjoy gaming on windows and Mac.

    ReplyDelete
  87. Hello sir, Your blog is so helpful for many people. I learned lots of new stuff from your blog. And i love this game i am a big fan of this game. And you explain all the information step by step. Thank you so much.here is the best DESMUME emulator for your windows 10 .update your old desmume and enjoy your gaming experience.

    ReplyDelete
  88. Specifically, the paper in hand will describe how the Go LNG project will develop a Blue Corridor LNG strategy that will both support the general policy objectives of Europe in the fields of transportation and energy, Essay writers for hire for dissertation assignments while also taking into consideration the specific benefits and challenges that each country will face in introducing LNG to the marketplace. Theology PhD thesis writing serviceIt is true that the full utilisation of LNG involves the establishment not only of a well-functioning and favourable regulatory framework but also a significant amount of investment in LNG infrastructure as well as education and cooperation amongst essential stakeholders. A questionnaire was produced as part of the Go LNG project, and it was distributed to participants in groups according to country.

    ReplyDelete
  89. Thank you for sharing such a nice blog. I really enjoy while reading it to know deeply

    You can put your thought here at Lawn Mowing Melbourne Airport

    ReplyDelete
  90. want to ask you that I have cleared rajyapuraskar examination and have already got the certificate from hon.smt. Kamla Beniwal in 2014.now I am in 1st year of b.e. so can I join any type of activity 광주출장아로마
    대전출장아로마
    대구출장아로마
    부산출장아로마
    울산출장아로마
    서울출장아로마regarding scout in college if yes so how can I? Please please guide me...

    ReplyDelete
  91. This comment has been removed by the author.

    ReplyDelete
  92. This comment has been removed by the author.

    ReplyDelete
  93. This comment has been removed by the author.

    ReplyDelete
  94. Do you know you can test your love language with love language test? try it now. Express your affection with words of affirmation, compliments, and encouraging statements.

    ReplyDelete
  95. Such a great article on how reverse engineering can be used for online games such as "Dragomon Hunter".
    recrutment agency in Riyadh

    ReplyDelete