Page 3 of 4 FirstFirst 1234 LastLast
Showing results 41 to 60 of 63

Thread: My little coding thread

  1. #41
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,660

    Default

    Ok so I have the draw function, 0x4DAAA0 (memorized)

    I have confirmed it is called by a bunch of stuff, so I am confident this is the draw function.

    I have found the reference to the draw function, which is the block of code that handles the HUD. I know this because RETN 8 at the first line of code makes the HUD go away and the game ticks along just fine without crashing.

    So here is where I am stuck:

    Code:
    SUB 20 // First line of code
    ... // Lots more code
    MOV YADA, BLAH
    CALL 0x4DAAA0 // 1.12b draw function
    JMP boobies // My call function
    XOR ECX, ECX
    CALL 0x4DA6F0 // Pretty sure this is refresh function
    POP EDI
    POP ESI
    POP EBP
    POP EBX
    ADD ESP, 20
    RETN 8 // Crashes on this command
    When I jump to my code, call the draw function, then jump back, I get an error that the program can't read 00000000 because EPI is 00000000, when the block of code reaches RETN 8. I then tried to write a JMP back to the line of code that the RETN 8 command always calls, but I still get EPI read error and the game crashes. This is with wrapping my block of code with POPAD and PUSHAD.

  2. #42

    Disciple
    Jiggie=#1's Avatar
    Join Date
    Jul 2006
    Location
    Cream
    Posts
    396

    Default

    Nice work! Muta morph was really fun back in the day on multiplayer.

    I forget if the text needs a starting color, maybe it crashes without one? So maybe also slap a '\x06' in front of the text or whatever.

    But ya, if you have the right drawXY offset, then hooking immediately after any of SC's drawXY calls should be good. Side effects might include weird draw locations and odd fonts, dependent on when you hook.

    ...if the drawXY function is 0xBADBEEF, then any "CALL 0xBADBEEF" you can use as a hook, and calling drawXY (0xBADBEEF) should be safe in there.

    Cheers

    Edit:
    whoa are we on at the same time

    Looks like your JMP boobies is in the right spot, the crash sounds to be related to stack. So, probably C++ overhead, or misusing the draw function. You are either pushing something you shouldn't be, not pushing something you should be, or C++ is allocating stack memory where it shouldn't. ESP/EBP shouldn't be any different from before "pushad" to after "popad" in a well-done hook.

    And I assume you are jmping back at the offset for "XOR ECX, ECX"?

    Also, that refresh function is the font set function, if I recall.
    xor, ecx,ecx + setfont = setfont(NULL);
    Which un-equips the font.
    Last edited by Jiggie=#1 : 04-02-2020 at 09:37 PM

  3. #43
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,660

    Default

    Damn I just missed you. I will be on for a little while, I'll let you know where I get!

    Should I ever need to create my own pointer to an array of values, which are the x left, right, y start, and stop points, or can I get away with only the registers? I see everything online only uses the registers, but I am wondering if maybe 1.12b is just weird?
    Last edited by Zaund : 04-04-2020 at 08:42 PM

  4. #44
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,660

    Default

    Whelp, I upgraded to 1.16.1 and verified I was indeed at the right function in 1.12b (0x4DAAA0), for the draw function.

    No matter what I do I cannot find a stack combo that works >.>

    I noticed that it can accept a variety of different stack setups, like for images, the in game HUD, and the version printed on the main screen. But so far nothing works! I don't get it!

    I am trying to call the draw function at the end of the main game loop, could this be my problem?

    I am out of time Jig, talk to you soon!

  5. #45

    Disciple
    Jiggie=#1's Avatar
    Join Date
    Jul 2006
    Location
    Cream
    Posts
    396

    Default

    Post your C++ code here. The function should be naked, and be mindful that your hook must include any overwritten ASM (I think you were doing it, but dunno).

    As long as your hook is after a call to drawXY, it should be good. The idea is, if StarCraft can call it without crashing, you can call it without crashing.

    Also, does it still crash when your hook doesn't do anything hacky? Just the ASM that was overwritten and jmp back?

    Maybe this helps a little. Some junk from old source codes I wrote in SC1161:
    Code:
    DrawXY proc			X:DWORD, Y:DWORD, Text:DWORD
    
    	pushad
    	mov eax, Text
    	mov edx, Y
    	push edx
    	mov esi, X
    	call dword ptr ds:[BWFXN_DrawXY] ;;0x4202B0
    	popad
    	ret
    
    DrawXY endp
    CallPatch, 0x4BD614, PrintScreenHook
    ^I don't remember how I found that offset.

    Code:
    SetFont proc			FontSize:DWORD
    
    	pushad
    	mov ecx, FontSize
    	.if ecx != 0
    		dec ecx
    		mov ecx, dword ptr ds:[ecx*4+6CE0F4h]
    		.if ecx != 0
    			.if dword ptr ds:[ecx] != 'TNOF'
    				invoke MessageBox, NULL, CTEXT("Immediate font error 1, tell Jiggie about this immediately."), NULL, MB_OK
    			.endif
    		.endif
    	.endif
    	call BWFXN_SetFont ;; 0x41FB30h
    	popad
    	ret
    
    SetFont endp
    Then the hook would come out something like this (pulled this out of my ass without actually looking!):
    Code:
    old asm from hook goes here
    pushad
    invoke SetFont, 1
    invoke DrawXY, 0, 0, CTEXT("\0x06 asdf");
    invoke SetFont, 0
    popad
    ret ;; return for call patches, jmp for jmp patches
    Usage will vary on 1.12b.

  6. #46
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,660

    Default

    Ok, by tweaking the stack on the call to the draw function involving the version number drawn on the main screen, I have found this:

    EAX - Has a pointer to the text, but doesn't seem to affect the text that is actually written to the screen
    ECX - Is the starting X coordinate
    EDX - IS the starting Y coordinate

    ESI - A pointer to an array of coordinates. Contains the X Left and Right, Y Top and Bottom, and some other numbers.

    The pointer to the text in the stack changed the text written to the screen (when it was the version written on the main screen)

    Code:
    char zaundVersion[] = { 0x07, 0x5a, 0x61, 0x75, 0x6e, 0x64, 0x20, 0x76, 0x31, 0x2e, 0x30, 0x41, 0x20, 0x05, 0x28, 0x76, 0x31, 0x2e, 0x31, 0x32, 0x62, 0x29 };
    char* zaundPTR = zaundVersion;
    
    void __declspec(naked) drawText() {
    
        static int drawFunction = 0x4DAAA0; // 1.12b draw function
        static int jumpBack = 0x4485CD; // Last call of the main game loop
    
        __asm {
            PUSHAD
    
            PUSH zaundPTR // Text
            MOV ECX, 0x10 // X
            MOV EDX, 0x10 // Y
    
            CALL DWORD PTR SS : [drawFunction]
    
            POPAD
    
            JMP DWORD PTR DS : [jumpBack]
        }
    }
    I was able to jump to my function (IE boobies();) with only the instruction that I replaced ( JMP DWORD PTR DS : [jumpBack] ) and the game will run fine. But still crashing when I try to call the text function!


  7. #47

    Disciple
    Jiggie=#1's Avatar
    Join Date
    Jul 2006
    Location
    Cream
    Posts
    396

    Default

    I can't help very much on 1.12b. I don't see any issues up front. Maybe...
    Code:
    PUSH dword ptr [zaundPTR]
    Or try setting all the registers to 0 (except ESP/EBP).
    Lastly, is it possible that SC has an "add esp, 4" after it calls the draw text function? If the draw function doesn't end in "RETN 4" that means that version of SC doesn't free the stack inside of the function, and needs to be free'd outside the function instead.

    I also don't see the code you overwrote in the jump hook?

    If you still can't figure it out:
    Post the full asm code of SC's drawXY function from top to bottom, and an example of how SC uses it. I might be able to spot something.

  8. #48
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,660

    Default

    Jig, you have helped me a ton already on 1.12b!

    To follow up, the text functions does end with a Retn 4, sounds like that is a good thing?

    I found that I can call the draw function only after some kind of events are happening. I can't just call the draw function, but I can call the draw function, right after the game's call to the draw function.

    Code:
    void __declspec(naked) drawText() {
    
        static int drawFunction = 0x4DAAA0; // 1.12b draw function
        static int jumpBack = 0x4485CD; // Last call of the hijacked loop
    
        __asm {
            CALL DWORD PTR SS : [drawFunction]
    
            PUSH zaundPTR // Text
            MOV ECX, 0x10 // X
            MOV EDX, 0x10 // Y
    
            CALL DWORD PTR SS : [drawFunction]
    
            JMP DWORD PTR DS : [jumpBack]
        }
    }
    So, I need to change my hook I guess. From what I can tell, the coordinates have something to do with maybe a predetermined rectangle location on the screen. I noticed when the MENU text is draw, the coordinates are like 18 and 16. Does this sounds right?

    What I would really like to do is draw the enemy players resources and unit just like the leader board displays in a UMS map. I know a hack did this back in the day, I am not sure which one. I have found the function which handles this, but I haven't got the stack on that one figured out yet.

    Anyways here is my game loop hook, which appears to not be valid. Instead of calling the jump first, I call my code, then POPAD and call the highlighted jump:


  9. #49
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,660

    Default

    Well, I would think this is the right hook, drawing when the HUD (Resources and man power) loop calls the draw function (0x4DAAA0), but I can't get the coordinates down. I can draw within the boundaries of what is already being called, otherwise my text wont show up. If I change the X to further left or the Y to lower, I get nothing.



    Maybe I need a different hook?

    Edit:

    If I call after the leader board's call to draw, I can get where I can to be. This doesn't do me any good in a non-UMS map with no leader board tho! This is the entire function for what I think takes care of the leader board. I am going to guess, one if the previous 2 CALLs are my rectangle and other functions. I am out of time, going to dig into those later.

    Last edited by Zaund : 04-07-2020 at 09:28 PM

  10. #50

    Disciple
    Jiggie=#1's Avatar
    Join Date
    Jul 2006
    Location
    Cream
    Posts
    396

    Default

    Yeah you're on the right track, just fiddle around with hook spots until you find one that works in every game type. After that, there should be data offsets to decide where the draw region is, and/or data offsets for alignment. Likely found before draw calls. This might cause issues with refreshing (hover mouse over a spot to force SC to refresh it).

    Also good work.

  11. #51
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,660

    Default

    Fuckin' nailed it. Had to call the draw function after the language and font, within the loop for the game DISPLAY. I was one loop too high before, in the main loop. We did it Jig!

    Name:  2Wpaj5i.jpg
Views: 41
Size:  314.2 KB

  12. #52

    Disciple
    Jiggie=#1's Avatar
    Join Date
    Jul 2006
    Location
    Cream
    Posts
    396

    Default

    Fuck yeah!

  13. #53
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,660

    Default

    Here is the stats hack! This is the whole reason I set out on this. Almost 3 months to the day I spent hours beautifying the code. I still plan on writing some tutorials! Last thing to finish is the unit count and capacity. I can get the count, but not the capacity.

    I added a small feature to mark the player with the highest score. Also going to implement a game timer sometime. I think I'll finally start actually playing soon XD

    22 pages
    20,444 characters with no spaces

    https://github.com/Zaund/Zaund/releases/tag/Zaundv1.2A

    Name:  79199007-2d5ad180-7de9-11ea-8758-36a397709286.png
Views: 35
Size:  760.3 KB
    Last edited by Zaund : 04-13-2020 at 11:55 PM

  14. #54

    Disciple
    Jiggie=#1's Avatar
    Join Date
    Jul 2006
    Location
    Cream
    Posts
    396

    Default

    Looks nice! 3 months of effort for some pixels! Woo! Been there lol

    Supply is multiplied by two. Alliance is: 0=enemy, 1=allied, 2=allied+vic. The "square" char is 0x7F.

    Did you solve refresh?

  15. #55
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,660

    Default

    Haha! Thanks Jig, got the total unit capacity working now.

    No, I still haven't located the refresh function, but I think with what I know now I can hunt it down. I haven't put much thought into it since you told me to focus on the draw function. It will be nice to have a leader board which updates in real time.

    Name:  79297152-35bb1700-7e92-11ea-8c35-832e1d20a9fe.png
Views: 32
Size:  892.3 KB
    Last edited by Zaund : 04-14-2020 at 07:57 PM

  16. #56
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,660

    Default

    Jig, do you know how I can find the shared vision offset? If I remember correctly, if I un-vision myself, I should be able to stack.

    I think I found the alliance offsets, I could make my units hostile each other, but I couldn't make the comp units kill each other lol. The values were something like, 0, 1, 257.

    Any pointers on auto mine on game start? I know where to stick it in the loop and the command function (from the morph exploit), but I have no idea how to tell specific units to perform a command!

    I was kinda bummed after finally getting the draw XY down lol, but I still have a lot more I can do. I removed the morph exploits on the last code overhaul and would like to put those back in. Still want to make a in game timer too!

  17. #57

    Disciple
    Jiggie=#1's Avatar
    Join Date
    Jul 2006
    Location
    Cream
    Posts
    396

    Default

    Vision uses bits rather than values.
    0xFF(11111111) means they're visioned to every player, 0-7.
    0x00(00000000) means they're visioned to absolutely nobody.
    0x01(00000001) = Visioned to player 0 and nobody else.
    0x08(00001000) = Visioned to player 3.
    0x09(00001001) = Visioned to players 3 and 0.
    0x07(00000111) = Visioned to players 2, 1 and 0.
    0xFE(11111110) = Visioned to everyone except player 0.
    0xFD(11111101) = Visioned to everyone except player 1.
    Etc. Read up on bits/binary if you're confused.

    Auto-mine involves unit structs and unit commands. Two things, related but different.

    The issue command function can be used to order units for auto-mine. The idea is: send select command through issue command, send gather command through issue command, then restore old selections through issue command. You will need to either keep track of the X,Y of all mineral fields as they're created, or whenever a worker is made (that you own) check every mineral field on the map for the closest patch.

    Unit structs are a different beast, find the HP value of a unit (size: 2 bytes), and subtract 9 from that offset (i think?), and you will get the start of the unit struct.
    ex: if you have a particular marine's HP offset (0x23456789), the head of that unit struct is 0x23456780.

    The first 4 bytes of the unit struct is a pointer to the previous unit, and the second 4 bytes of the unit struct is a pointer to the next unit. You use this to iterate/for/while through all the units in the game. Inside each struct (somewhere) holds the X,Y,HP,unit type of every unit, along with everything about that unit - lots of trial and error.

    Combining these concepts = auto-mine.

    Somewhere in SC is the code to convert the unit struct offset into a select command (then it sends it with issue command).

    gl

  18. #58
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,660

    Default

    I didn't start on the unit command stuff yet, but I am close on the refresh function.

    I have found the function and I seem to have the setup correct, but the text will stack on top of the previously written text. I also noticed it messes with the fog of war.

    Anyways, small update and I am off to bed! TTYS JIG

  19. #59

    Default

    is this for the remastered version?

  20. #60

    Default



    the fastest and best way to find all the functions is to use the starcraft map editor and just create triggers and then search for the trigger u created. Example in image-- so you would search for the "Hello World" text and then breakpoint on when its being accessed

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. problem in coding hack program
    By MarniTto in forum Starcraft/Brood War
    Replies: 13
    Last Post: 11-29-2009, 08:04 AM
  2. [Starcraft/VB] Cobra Spoofer v2.0 Source Coding
    By ViperSRT3g in forum Open Source and Tutorials
    Replies: 3
    Last Post: 01-23-2009, 10:55 PM
  3. Questions About Coding DLL's
    By overwhelmed in forum Starcraft/Brood War
    Replies: 7
    Last Post: 06-28-2007, 08:19 PM
  4. How did u learn each coding language?
    By SmashedPumpkins in forum Software Development
    Replies: 35
    Last Post: 03-06-2006, 08:50 AM

Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •