Text only | Text with Images

Valhalla Legends Archive

Programming => Battle.net Bot Development => Topic started by: brew on July 30, 2007, 11:12 AM

Title: BNCSUtil source?
Post by: brew on July 30, 2007, 11:12 AM
Does anyone have it and/or want to share?
It's open source anyways.
It seems that with version 1.3.3 (patched checkrevision for ver-IX86-##.mpq) someone must've messed up the diablo 2 cdkey decoder, because over half those cdkeys are now "invalid" when kd_quick is used. Also I'd like to implement lockdown checkrevision in BNCSUtil. And I hear the entire project has been abandoned. Someone needs to do this, so why not me? :|
Title: Re: BNCSUtil source?
Post by: FrostWraith on July 30, 2007, 11:50 AM
post your aim and ill send it to you, i have 1.3.1
Title: Re: BNCSUtil source?
Post by: brew on July 30, 2007, 12:27 PM
my aim is BreW 1337
Title: Re: BNCSUtil source?
Post by: warz on July 30, 2007, 01:04 PM
Quote from: brew on July 30, 2007, 11:12 AM
Someone needs to do this, so why not me? :|

Because the end result would be something scary.
Title: Re: BNCSUtil source?
Post by: brew on July 30, 2007, 03:28 PM
Quote from: betawarz on July 30, 2007, 01:04 PM
Quote from: brew on July 30, 2007, 11:12 AM
Someone needs to do this, so why not me? :|

Because the end result would be something scary.

Is that so.
You should be talking--
Code Select

int patch_dword(unsigned long AddressToPatch, unsigned long Value) {
    unsigned long OldProtect = 0;
    if(!VirtualProtect((LPVOID)AddressToPatch, 4, PAGE_EXECUTE_READWRITE, &OldProtect))
return 1;
    *(unsigned long*)AddressToPatch = Value;
    if(!VirtualProtect((LPVOID)AddressToPatch, 4, OldProtect, &OldProtect))
return 1;
    return 0;
}

int patch_word(unsigned long AddressToPatch, WORD Value) {
    unsigned long OldProtect = 0;
    if(!VirtualProtect((LPVOID)AddressToPatch, 4, PAGE_EXECUTE_READWRITE, &OldProtect))
return 1;
    *(WORD*)AddressToPatch = Value;
    if(!VirtualProtect((LPVOID)AddressToPatch, 4, OldProtect, &OldProtect))
return 1;
    return 0;
}


*ahem*
Title: Re: BNCSUtil source?
Post by: MyndFyre on August 01, 2007, 08:44 PM
Maybe I'm missing something (or am just dumb), but warz's code looks 100% OK to me. 

Why's it scary?
Title: Re: BNCSUtil source?
Post by: brew on August 01, 2007, 09:05 PM
Quote from: MyndFyre[vL] on August 01, 2007, 08:44 PM
Maybe I'm missing something (or am just dumb), but warz's code looks 100% OK to me. 

Why's it scary?
Last time I checked a WORD is 2 bytes, but maybe i'm wrong.... hrm....
Title: Re: BNCSUtil source?
Post by: iago on August 01, 2007, 09:37 PM
Quote from: brew on August 01, 2007, 09:05 PM
Quote from: MyndFyre[vL] on August 01, 2007, 08:44 PM
Maybe I'm missing something (or am just dumb), but warz's code looks 100% OK to me. 

Why's it scary?
Last time I checked a WORD is 2 bytes, but maybe i'm wrong.... hrm....
First, I don't know what that makes his code "scary".

Second, a word isn't necessarily 2 bytes, it depends on the system/OS.
Title: Re: BNCSUtil source?
Post by: rabbit on August 01, 2007, 10:22 PM
Quote from: brew on August 01, 2007, 09:05 PM
Quote from: MyndFyre[vL] on August 01, 2007, 08:44 PM
Maybe I'm missing something (or am just dumb), but warz's code looks 100% OK to me. 

Why's it scary?
Last time I checked a WORD is 2 bytes, but maybe i'm wrong.... hrm....
A WORD is 2 bytes.  On a 16 bit system.  A WORD on any OS running on even really old chips is 4 bytes.  WORDs on the new 64bit systems is 8 bytes.
Title: Re: BNCSUtil source?
Post by: brew on August 01, 2007, 10:34 PM
Quote from: rabbit on August 01, 2007, 10:22 PM
Quote from: brew on August 01, 2007, 09:05 PM
Quote from: MyndFyre[vL] on August 01, 2007, 08:44 PM
Maybe I'm missing something (or am just dumb), but warz's code looks 100% OK to me. 

Why's it scary?
Last time I checked a WORD is 2 bytes, but maybe i'm wrong.... hrm....
A WORD is 2 bytes.  On a 16 bit system.  A WORD on any OS running on even really old chips is 4 bytes.  WORDs on the new 64bit systems is 8 bytes.
gee, i thought you would have figured out by now. He's unprotecting and patching two more bytes of his data then he wants to... not sure if that has any effect though
Title: Re: BNCSUtil source?
Post by: Kp on August 01, 2007, 10:58 PM
First, some clarity.  WORD is a Microsoft typedef that dates from the Win16 days.  It should have been changed to a 32 bit type when Win32 came along, but Microsoft did not do so.  Presumably, this was to accommodate large quantities of code which incorrectly assumed WORD would always be 16 bits.  This differs from what rabbit said.  Rabbit seems to have taken the view that WORD refers to the machine word, not the Windows typedef.  When not capitalized, word refers to a machine word, which is the machine's native operand size.  This is 32 bits on an IA32 system, and rises to 64 bits on Itanium.

brew: yes, he changes the permissions on two bytes too many.  So what?  He only writes to the two bytes he has actual data for.  He then fixes the permissions on all four bytes.  The only case where you would even notice this is if the patch is positioned such that using a 4 byte range straddles a page boundary, but using a 2 byte range would not.  In such a case, an extra page will be briefly turned writable.

The code could be fixed by rewriting it as so:
Code Select
template <typename T>
static
int patch(UINT_PTR AddressToPatch, T Value) {
    unsigned long OldProtect = 0;
    if(!VirtualProtect((LPVOID)AddressToPatch, sizeof(Value), PAGE_EXECUTE_READWRITE, &OldProtect))
return 1;
    *(T *)AddressToPatch = Value;
    if(!VirtualProtect((LPVOID)AddressToPatch, sizeof(Value), OldProtect, &OldProtect))
return 1;
    return 0;
}

int patch_dword(UINT_PTR AddressToPatch, UINT32 Value) { return patch(AddressToPatch, Value); }
int patch_word(UINT_PTR AddressToPatch, UINT16 Value) { return patch(AddressToPatch, Value); }
Text only | Text with Images