Page 2 of 2 FirstFirst 12
Showing results 21 to 34 of 34

Thread: My little coding thread

  1. #21
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,639

    Default

    You're a good teacher Jig, thanks again for all the help so far!

    https://github.com/Zaund/Zaund/blob/.../unitalert.cpp

  2. #22
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,639

    Default

    Where ya at Jig?

    Dude I am having the hardest time getting the printXY and the refresh working v.v

    I have managed to take control of the message box though so I can use written commands

  3. #23
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,639

    Default

    Ok I messed with it some tonight.

    I am pretty sure I am in the right area. I found a function that when the first line is change to RET, nothing on the screen updates. Then I randomly stuck a break point on a return and found that it only popped when I changed menus. I noted that on this function specifically, the EDI starts at 1 and doubles until 200.

    That lead me to a function which does some stuff and then calls a SetRec function, now my 4 x,y coordinates are not in the pointers at this point but they are in the stack with something called pRect.

    The coordinates are placed in the stack just previously to this, but they are done 2 at a time and the second set uses the ESP (Stack pointer?) with a minus 4 then a minus 8 to grab the second set. I have found that if I search for the address in the EDI, I get an array which has all my coordinates in there.

    I follow this a ways and get to a second SetRec call that does some different coordinates, then finally the address I found that is the refresh function is called.

    So I am still stuck there. I also have no idea where to write my jump for the refresh function or where to jump back too!

    I'm off, have to get up in 4.5 hours for work x]

    I'm close but I need more bread crumbs!

  4. #24

    Disciple
    Jiggie=#1's Avatar
    Join Date
    Jul 2006
    Location
    Cream
    Posts
    385

    Default

    Yop!

    Unit alert looking very nice.

    Code:
    int Jiggie = 1;
    Quote Originally Posted by Zaund View Post
    I think I am done with unit alert! I want to clean the code up a bit and was thinking I would move it into it's own file, outside of the dllmain file.

    I have found the refresh function, and I think I know the parameters, but sometimes my centertext function doesn't update correctly.

    There has to be a better way to do this:

    Code:
    snip
    Because the sprintf function only take pointers, I have all these:

    Code:
    snip

    Yes, you could change

    Code:
    if (unitType == 0x6A) { buildMsg(commandCenter, totalUnit, buildingPlayernumb); }
    to

    Code:
    if (unitType == 0x6A) { buildMsg("Command Center", totalUnit, buildingPlayernumb); }
    and so on.

    You can also use switch cases

    Code:
    char* name;
    switch (unitType) {
    	case 0x6A:
    		name = "Command Center"; break;
    	case 0x6F:
    		name = "Barracks"; break;
            // etc
    	default:
    		name = NULL;
    }
    if (name != NULL) {
    	buildMsg(name, totalUnit, buildingPlayernumb);
    }

    As for printXY, I would ignore refresh at first. You can printXY without refresh, but you'll have to hover the mouse over the draw spot to refresh it.

    Are you working with 1.16.1? What's your status, trooper.

  5. #25

    Disciple
    Jiggie=#1's Avatar
    Join Date
    Jul 2006
    Location
    Cream
    Posts
    385

    Default

    And I had a bit of fun and made a python script to make a selected unit kill/repair itself on the current version of SC remastered. Funny.

    Code:
    # Jiggieeeeee
    # Game version 1.23.3 x64 enUS
    # Makes use of an unintended bug in StarCraft & StarCraft Remastered to make units kill themselves
    #  When a player gets vision to an enemy building, then loses it, the building can still be targeted with the "attack building under fog" order
    #  Using that order, if we change the X,Y,UnitType of the order to match what you've got selected, then we can get units to attack themself
    #  SCVs can repair themself with the same bug
    #  (Doesn't work on buildings, unit should be stationary, 1 unit at a time, some other stuff like yamato can work too, etc)
    
    
    # Python 3.8.2 64-bit (MUST BE 64-BIT)
    import time
    from ctypes import *
    from ctypes.wintypes import *
    PROCESS_ALL_ACCESS = 0x1F0FFF
    TH32CS_SNAPMODULE = 0x00000008
    INVALID_HANDLE_VALUE = -1
    PVOID = LPVOID
    SIZE_T = c_size_t
    NULL = 0
    
    # windows library calls
    GetModuleHandle = windll.kernel32.GetModuleHandleA # unused
    FindWindow = windll.user32.FindWindowW
    GetWindowThreadProcessId = windll.user32.GetWindowThreadProcessId
    CloseHandle = windll.kernel32.CloseHandle
    OpenProcess = windll.kernel32.OpenProcess
    ReadProcessMemory = windll.kernel32.ReadProcessMemory
    WriteProcessMemory = windll.kernel32.WriteProcessMemory
    CreateToolhelp32Snapshot = windll.kernel32.CreateToolhelp32Snapshot
    Module32First = windll.kernel32.Module32First
    Module32Next = windll.kernel32.Module32Next
    
    class MODULEENTRY32(Structure): # https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/ns-tlhelp32-moduleentry32
        _fields_ = [
            ( 'dwSize' , ctypes.c_ulong ) ,
            ( 'th32ModuleID' , ctypes.c_ulong ),
            ( 'th32ProcessID' , ctypes.c_ulong ),
            ( 'GlblcntUsage' , ctypes.c_ulong ),
            ( 'ProccntUsage' , ctypes.c_ulong ),
            ( 'modBaseAddr' , ctypes.POINTER(ctypes.c_byte)),
            ( 'modBaseSize' , ctypes.c_ulong ),
            ( 'hModule' , ctypes.c_ulonglong ),
            ( 'szModule' , ctypes.c_char * 256 ),
            ( 'szExePath' , ctypes.c_char * 260 )
        ]
    
    def close(msg, code):
        input(msg)
        exit(code)
    
    
    # find game window...
    hWnd = FindWindow(None, "Brood War")
    if hWnd == NULL:
        close("Error: Unable to find window", -1)
    
    # convert game window to process id...
    procID = c_ulong(0)
    GetWindowThreadProcessId(hWnd, byref(procID))
    if procID.value == 0:
        close("Error: Unable to get window process id", -2)
    
    # process id to writable/readable handle...
    handle = OpenProcess(PROCESS_ALL_ACCESS, False, procID)
    if handle == NULL:
        close("Error: Unable to open process", -3)
    
    # fetch the address of starcraft.exe by cycling every module in the process... (saved in module.hModule)
    snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, procID)
    if snapshot == INVALID_HANDLE_VALUE:
        CloseHandle(handle)
        close("Error: Unable to create process memory snapshot", -4)
    module = MODULEENTRY32()
    module.dwSize = sizeof(module)
    if Module32First(snapshot, byref(module)) != False:
        while True:
            if module.szModule.lower().endswith(b".exe"): # stop searching when we hit the executable
                break
            if Module32Next(snapshot, byref(module)) == False:
                break
    CloseHandle(snapshot)
    if module.szModule.lower() != b"starcraft.exe":
        CloseHandle(handle)
        close("Error: Game not found", -5)
    
    # confusing hacky parts begin here:
    order_size_ptr = c_ulonglong(module.hModule + 0xF22E94) # address for command length (starcraft.exe + 0xF2DF04)
    order_buffer_ptr = c_ulonglong(module.hModule + 0xF22E94 + 0x0C) # address for the command buffer (starcraft.exe + 0xF2DF04+0x0C)
    
    class TargetOrder(Structure):
        _pack_ = 1 # no padding
        _fields_ = [
            ( 'opcode' , ctypes.c_byte ),
            ( 'x' , ctypes.c_int16 ),
            ( 'y' , ctypes.c_int16 ),
            ( 'target_uid' , ctypes.c_ulong ),
            ( 'target_unit_type' , ctypes.c_int16 ),
            ( 'order' , ctypes.c_ubyte ),
            ( 'shift_cmd' , ctypes.c_ubyte )
        ]
    
    CMD_TARGET_ORDER = 0x61 # opcode for target cmd
    TARGET_REPAIR_FOG = 0x23 # repair order
    TARGET_ATTACK_FOG = 0x09 # attack order
    UNIT_TYPE_SCV = 7 # unit type id for SCV is 7
    
    hack_order = TargetOrder()
    hack_order.opcode = CMD_TARGET_ORDER
    for slot in range(0,1): # loop selected units (only supports 1, but can be modified for 12)
        unit_ptr = c_ulonglong(slot*8 + 0xF35128 + module.hModule) # get unit struct from select array (starcraft.exe + 0xF35128)
        read_unit_ptr = c_ulonglong(0)
        ReadProcessMemory(handle, unit_ptr, byref(read_unit_ptr), 8, None)
        if read_unit_ptr.value == 0:
            if slot == 0:
                input("Error: No units selected? Select one and try again")
            break
        
        unit_type = c_int16(0)
        unit_x = c_int16(0)
        unit_y = c_int16(0)
        ReadProcessMemory(handle, c_ulonglong(read_unit_ptr.value + 0x8C), byref(unit_type), 2, None) # (unit_id = unit struct +0x8C), size 2
        ReadProcessMemory(handle, c_ulonglong(read_unit_ptr.value + 0x40), byref(unit_x), 2, None) # (unit_x = unit struct +0x40), size 2
        ReadProcessMemory(handle, c_ulonglong(read_unit_ptr.value + 0x42), byref(unit_y), 2, None) # (unit_y = unit struct +0x42), size 2
        
        current_order_size = c_ulong(0)
        ReadProcessMemory(handle, order_size_ptr, byref(current_order_size), 4, None) # read current order length
        if current_order_size.value < 7: # if size is < 7, you aren't in a game...
            input("Error: In-game only")
            break
        
        hack_order.x = unit_x.value
        hack_order.y = unit_y.value
        hack_order.target_unit_type = unit_type.value
        if unit_type.value == UNIT_TYPE_SCV: #if SCV, repair self
            hack_order.order = TARGET_REPAIR_FOG
            print("Repairing...")
        else: #if not SCV, kill self
            hack_order.order = TARGET_ATTACK_FOG
            print("Making unit really unhappy...")
        
        new_size = c_ulong(current_order_size.value + sizeof(hack_order)) # calculate new buffer size
        WriteProcessMemory(handle, c_ulonglong(order_buffer_ptr.value + current_order_size.value), byref(hack_order), sizeof(hack_order), None) # append order to very end of the current order buffer
        WriteProcessMemory(handle, order_size_ptr, byref(new_size), sizeof(new_size), None) # update order size to include newly appended bytes
    
    CloseHandle(handle)
    exit(0)

  6. #26
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,639

    Default

    Jig, glad to hear from ya!

    I'm working on 1.12b. I've read and studied all the many good threads on 1.16 and 1.15, changing SC version back and forth and learning how the functions work to see if I can apply or recognize a similar method. My unit alert is coded in 1.12b so I just kept going with it haha. It's a challenge anyways right!

    My work week is starting tomorrow, but if I have time to debug I will be sure to update!

    I will have to study your code and see if I can implement it into my hack ;)

  7. #27

    Default

    Awesome work Zaund, and it's awesome to Jiggie still around! Only one we are missing now is Dew. ROFL!

  8. #28
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,639

    Default

    Thanks dude!

    Yea, the list is a bit longer lol. If we keep posting and everyone makes their yearly stop in, they might stick around

  9. #29
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,639

    Default

    Added a map hack!

    https://github.com/Zaund/Zaund/relea...aund-v1.0ALPHA



    Code:
    void mapHack(int state) {
        static int mapHackfunction = 0x407D50;
    
        __asm PUSHAD
    
        if (state == 6) {
            __asm {
                POPAD
                PUSHAD
                MOV ECX, 0
                CALL DWORD PTR DS : [mapHackfunction]
                POPAD
            }
        }
    
        if (state == 7) {
            __asm {
                POPAD
                PUSHAD
                MOV ECX, 1
                CALL DWORD PTR DS : [mapHackfunction]
                POPAD
            }
        }
    }
    I NOP'ed out the 10 bytes of code that called the 'Cheat Enabled/Disabled' text to draw, is there a better way to do this? It is located at the end of the function that I am assuming is what is called when 'Black sheep wall' is used. I am out of time, but am going to see if I can get a function deeper and maybe not have to NOP out the calls to write the center text.

    Code:
    void nopPatch(void* pDest) {
            DWORD originalPstatus;
    
            VirtualProtect(pDest, 10, PAGE_EXECUTE_READWRITE, &originalPstatus);
            for (int i = 0; i < 10; ++i) { *(BYTE*)((DWORD)pDest + i) = 0x90; }
            VirtualProtect(pDest, 10, originalPstatus, &originalPstatus);
    }

  10. #30

    Disciple
    Jiggie=#1's Avatar
    Join Date
    Jul 2006
    Location
    Cream
    Posts
    385

    Default

    Map hack is always sexy

    You're right, the best thing to do is to "go lower" so you don't need to NOP stuff out. That means either calling one of the functions inside of what you're calling now (if possible), or rewriting the black sheep wall cheat yourself in C++.

    Also for fun, since you are on 1.12b, the morph exploit should be possible.
    https://www.ghoztcraft.net/forums/fi...h-hack-source/

    An alternate to drawing might be to hook StarCraft's BitBlt (https://docs.microsoft.com/en-us/win...-wingdi-bitblt) and then call your own BitBlt inside of the hook. Downside will be that it will draw over the game cursor, but upside is that it would work for every version of the game and give you more flexibility on what you can display.

    Also, unit alert can be done with pure data. If you made a pure-data version, it would in theory be extremely easy to port it to SC:R (then it's just ReadProcessMemory and showing the data however you want).
    Step 1: Find the offset of how many Marines (unit id 0) player 0 owns.
    Step 2: Find the offset of how many Marines (unit id 0) player 1 owns. I'm willing to bet it's right beside the first offset^.
    Step 3: Find the offset of how many Marines (unit id 0) player 2 owns. Will be beside step 2 offset^.
    It will repeat for all 12 players, and then move on to the next unit (ghosts, unit id 1). The offset for ghost count of player 1 should be immediately after the marine count of player 12.
    ...Then the next unit (vultures, unit id 2), etc.
    That pattern exists for every version of SC & SC:R.

    Anyway, great progress Zaund! I see you are learning a lot.
    Dumped lots of random shit on you, maybe some interests you, maybe not, good luck though. :P
    Last edited by Jiggie=#1 : 03-27-2020 at 01:19 PM

  11. #31
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,639

    Default

    Lay it on me Jig! It's all interesting.

    I have some time tonight to play, going to see if I can get my Map hack drilled down. Morph hack is next!

  12. #32

    Disciple
    Jiggie=#1's Avatar
    Join Date
    Jul 2006
    Location
    Cream
    Posts
    385

    Default

    Aw, now I'm jealous. I want to do a fun project too, but I don't know if I have the time! Fuck!

  13. #33
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,639

    Default

    Yes, time is a limited S.O.B.

    When I started this I was working nights, on my days off it was easy to put the kid to bed and start debugging at ~9pm to whenever. Now I am on day shift and it has been more of a challenge to find time. It is still usually only at night when I do. I really enjoy coding, it is pretty relaxing to me, but also very addicting!! Some nights I can mess around for a few hours and be satisfied. Other nights I get frustrated and end up sleeping for only a few hours before work because I can't quit!

    Also Jig, my email is [email protected]

    Case' this bitch goes down again, ping me on the email!

    I can't lose my Jiggie twice. I checked this website every freakin day until it came back up

  14. #34
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,639

    Default

    I can successfully morph!! But only if the requirements are met, to morph into a Muta from a Larva, I need all the pre-req buildings, otherwise nothing happens. Is it possible to get around this?

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (1 members and 1 guests)

  1. Jiggie=#1

Similar Threads

  1. problem in coding hack program
    By MarniTto in forum Starcraft/Brood War
    Replies: 13
    Last Post: 11-29-2009, 08:04 AM
  2. [Starcraft/VB] Cobra Spoofer v2.0 Source Coding
    By ViperSRT3g in forum Open Source and Tutorials
    Replies: 3
    Last Post: 01-23-2009, 10:55 PM
  3. Questions About Coding DLL's
    By overwhelmed in forum Starcraft/Brood War
    Replies: 7
    Last Post: 06-28-2007, 08:19 PM
  4. How did u learn each coding language?
    By SmashedPumpkins in forum Software Development
    Replies: 35
    Last Post: 03-06-2006, 08:50 AM

Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •