[/end]
I don't think this is something for the public to have as it would greatly harm the public gaming environment. Same reasons why there's no public Starcraft game bots out there
How about bits and pieces? I only require information regarding joining games and documentation involving map verification and map downloading.
You're going to make a mapcrawler? Nice!
last night I tried to packet log war3.exe using WPE Pro .7a. For some reason it doesnt show up on the list so i cant get into it anymore. Any ideas on what is wrong or another packet logger that works. (Tried Etheral and i cant install the WinPac part due to me being on Windows XP Pro x64)
Quote from: Savior on January 05, 2006, 12:47 PM
last night I tried to packet log war3.exe using WPE Pro .7a. For some reason it doesnt show up on the list so i cant get into it anymore. Any ideas on what is wrong or another packet logger that works. (Tried Etheral and i cant install the WinPac part due to me being on Windows XP Pro x64)
That may be the reason for your inability to packetlog with WPE as well.
Well I can packet log anything but the war3.exe. It doesnt show me the it from the list.
Yeah War3 does not show up on the program list. You'll need a logger that actually logs the network card and does not hook itself to the program.. logger like ethereal.
Quote from: l2k-Shadow on January 05, 2006, 04:52 PM
Yeah War3 does not show up on the program list. You'll need a logger that actually logs the network card and does not hook itself to the program.. logger like ethereal.
Then I guess this forces me to use Ethereal? I too remember not seeing war3.exe listed in the processes I could packet log when using WPE Pro. Are there any other, worthy, alternative softwares that log the network card, other than Ethereal?
Securityinfo() mask the proccess, compile that and launch war3 with it and you can use wpe
.486
.model flat, stdcall
option casemap :none
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
.data
AppName db "BoR0's Warcraft 1.20 Protection Remover", 0
MsgSucc db "Successfully removed protection! Have fun!", 0
MsgErr db "There was an error removing protection,", 13, 10,
"check if War3.exe is in the same dir!", 0
FileName db "war3.exe", 0
NewByte db 0C3h
MyDll db "advapi32.dll", 0
MyFunc db "SetSecurityInfo", 0
Startup STARTUPINFO <>
ProcessInfo PROCESS_INFORMATION <>
.data?
byteswritten dd ?
.code
start:
invoke CreateProcess, ADDR FileName, 0, 0, 0, 0, 0, 0, 0, ADDR Startup, ADDR ProcessInfo
invoke LoadLibrary, ADDR MyDll
invoke GetProcAddress, eax, ADDR MyFunc
push eax
invoke Sleep, 10
pop eax
invoke WriteProcessMemory, ProcessInfo.hProcess, eax, ADDR NewByte, 1, byteswritten
cmp eax, 0
je @error
invoke MessageBox, 0, ADDR MsgSucc, ADDR AppName, MB_OK+MB_ICONINFORMATION
@end:
invoke ExitProcess,eax
@error:
invoke MessageBox, 0, ADDR MsgErr, ADDR AppName, MB_OK+MB_ICONERROR
jmp @end
end start
How do I compile this?
Quote
We don't have any private information regarding W3GM on BnetDocs anyway, so this might as well go to general BotDev.
This topic has been moved to Battle.net Bot Development.
http://forum.valhallalegends.com/index.php?topic=13790.0
Yes, we do. I have lots, very lots. Just a while back Arta never got around to adding a W3GS section, btw, what's W3GM stand for?
It's ASM, I think.
Quote from: UserLoser on January 04, 2006, 10:43 PM
Same reasons why there's no public Starcraft game bots out there
Define "game bots"?
I have about 4 (public) source codes to STAR/SEXP/W2BN Winbots. Which in a way could be modified to just idle in games etc..
Quote from: UserLoser on January 06, 2006, 12:12 AM
Quote
We don't have any private information regarding W3GM on BnetDocs anyway, so this might as well go to general BotDev.
This topic has been moved to Battle.net Bot Development.
http://forum.valhallalegends.com/index.php?topic=13790.0
Yes, we do. I have lots, very lots. Just a while back Arta never got around to adding a W3GS section, btw, what's W3GM stand for?
Oops, I meant W3GP for Warcraft 3 Game Protocol. I don't know where I got M from. *shrug*
Regarding private information we have or don't have: we don't have any on BnetDocs, because (as you said) we don't have a section for it.
There is a much easier way to do this: patch game.dll with 6804000080 at address 6F00996C to 6800000000. Any hex editor will work. All this does is create a null value in the third paramater of SetSecurityInfo() which makes sure the api doesnt do anything that can block you.
Edit: My apologies. This address has been changed in 1.20B and I will update the newer address and values ASAP.
Quote from: FrOzeN on January 06, 2006, 12:56 AM
Quote from: UserLoser on January 04, 2006, 10:43 PM
Same reasons why there's no public Starcraft game bots out there
Define "game bots"?
I have about 4 (public) source codes to STAR/SEXP/W2BN Winbots. Which in a way could be modified to just idle in games etc..
Game bots, as in, actually in a game where it's connected to a host and other peers. WinBots are nothing close to an actual game bot, you're mistaken, sorry.
Yea i got it compiled now, thx. Now for some reason. I can only view packets that I sent to bnet or the host of the game. I cant see what bnet responds with or with what the host sent me. Anyone know why?
Reinstall with x32 so that you can use Ethereal.
Or you could just do the easy thing and enable SeDebugPrivilege in your patching program. Alternatively, you could just rewrite the DACL for the process the same way that War3 does it - it's running under the same user as you and owned by you, so this will always be possible.
Ok I just read up on the SeDebugPrivilege API and it says that Admins have it on allrdy (from what I can tell), If so.... I should have it on
Edit: Oh Ok. I have the privilege to load it, but i need to call the api and give it the war3.exe process ID, it sounds like to me. Correct?
Edit: Also will this let me see the recieved packets from Bnet and the Game Host?
Quote from: Savior on January 06, 2006, 12:07 PM
Ok I just read up on the SeDebugPrivilege API and it says that Admins have it on allrdy (from what I can tell), If so.... I should have it on
Edit: Oh Ok. I have the privilege to load it, but i need to call the api and give it the war3.exe process ID, it sounds like to me. Correct?
Edit: Also will this let me see the recieved packets from Bnet and the Game Host?
If you are running as an administrator or a user with that privilege, then you can use AdjustTokenPrivileges to enable the privilege for the process token. While the privilege is enabled, all access checks to OpenProcess and OpenThread are disabled, so Blizzard's modifications of the process security descriptor will have no effect on your program.
A different, slightly more complicated solution is to open the process for WRITE_DAC access (will always succeed because you are the owner of the process) and rewrite the DACL to not deny the rights you are interested in. This is slightly better in that it doesn't require you to be an administrator in order to function.
Quote from: Savior on January 05, 2006, 11:02 PM
How do I compile this?
You don't compile, you assemble. =). I'm not sure which assembler that was written for, as I only work with NASM, but I can tell you that it's not NASM code.
Quote from: Topaz on January 06, 2006, 12:28 AM
It's ASM, I think.
You never cease to make me chuckle.
I already said it's MASM code.
i hate you joe
looking over how DACL works. I dont see how they could have blocked the admin (who sould have all rights) to not see the process from WPE Pro. How does this work?
Quote from: Savior on January 07, 2006, 03:48 PM
looking over how DACL works. I dont see how they could have blocked the admin (who sould have all rights) to not see the process from WPE Pro. How does this work?
Theoretically, admin should have all privlidges. But, you aren't using Linux, so don't expect it to work in practice. =)
Quote from: Joe on January 07, 2006, 07:45 PM
Quote from: Savior on January 07, 2006, 03:48 PM
looking over how DACL works. I dont see how they could have blocked the admin (who sould have all rights) to not see the process from WPE Pro. How does this work?
Theoretically, admin should have all privlidges. But, you aren't using Linux, so don't expect it to work in practice. =)
Actually, it's possible on both Linux and Windows for an administrator to end up with reduced privileges via a rootkit (http://en.wikipedia.org/wiki/Rootkit). On Windows, it's common for administrators to have the option of certain privileges (such as SeDebugPrivilege), but not actually have the privilege enabled until he requests it. On Linux, it's quite possible to build a modified kernel (such as a GRsecurity kernel (http://www.grsecurity.net/)) where root (and all other users) have reduced privileges.
Also. I tried the seDebug idea and now when I create a new process of war3 and it loads fine, it cant connect to bnet or my lan. It just says it needs to be connected to the net. but when I allow to to open from Start->.....War3 it works just fine
Edit: And What right am I looking at restoring?
Edit: This is what I got sofar and it isnt working. Anyone know why?
GetNamedSecurityInfoA "C:\Program Files (x86)\Warcraft III\war3.exe", SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, &H0, &H0, &H0, &H0, &H0
GetNamedSecurityInfoA "C:\Program Files (x86)\Warcraft III\war3.exe", SE_FILE_OBJECT, SACL_SECURITY_INFORMATION, &H0, &H0, &H0, &H0, &H0
SetSecurityInfo pInfo.hProcess, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, &H0, &H0, &H0, &H0
SetSecurityInfo pInfo.hProcess, SE_FILE_OBJECT, SACL_SECURITY_INFORMATION, &H0, &H0, &H0, &H0
Edit: YaY Problem solved!!! I found out that WinPcap has made a driver for x64 (alpha) and I downloaded that and can now use Etheral.
You have to pass a null as the third value in SetSecurityInfo(). You are passing the same paramaters that war3 uses.