I'm sure people have attempted this before...
So I wrote my caps.dat, packed it to an mpq, made my dll, concatinated the mpq to the dll with copy /b irc.dll + sdfg.mpq irc.snp, thus making my snp.
However, since I use WinMPQ to mpqify it, it's obviously not going to have a (signature) file for SFileAuthenticateArchive to check, so it inevitably fails, and sets the second arg to 1 (error code, im guessing ?)
So i've got something like this:
.text:150302CB push edx ; int *something
.text:150302CC push edi ; hArchive
.text:150302CD call SFileAuthenticateArchive
.text:150302D2 mov eax, [ebp+var_C]
.text:150302D5 cmp eax, ebx
.text:150302D7 jz short loc_150302E2
.text:150302D9 cmp eax, 5 ; jump is taken here
.text:150302DC jb loc_15030369
for now, i patch eax from 1 to 5 at 302D9
I'm under the impression that the rest of the code would run just fine with/without the success of SFileAuthenticateArchive, since it's just a validity check after all, but after it's loaded, DllMain is called, SnpQuery is called twice, then DllMain again.
Here's my code (so far) for my snp:
unsigned long bnet_dword = 'LOLZ';
const char *bnet_string = "SC IRC Rofl";
const char *bnet_infostring = "blahblahblah blah blah blah blahddy blah blah blah, bladdy blah blah. blarg blarg ah.";
//"An active connection to an Internet provider, or a direct connection to the Internet.";
int bnet_numlist[] = {
0x24, /*sizeof this structure*/
0x20000000,
0x200,
0x10,
0x100,
0x5DC, /*1500*/
0x1F4, /*500*/
4,
2
};
/*
.data:19041D74 dword_19041D74 dd 24h ; DATA XREF: SnpQuery
.data:19041D78 dd 20000000h
.data:19041D7C dd 200h
.data:19041D80 dd 10h
.data:19041D84 dd 100h
.data:19041D88 dd 5DCh
.data:19041D8C dd 1F4h
.data:19041D90 dd 4
.data:19041D94 dd 2
*/
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) {
switch (fdwReason) {
case DLL_PROCESS_ATTACH:
break;
case DLL_PROCESS_DETACH:
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
__asm nop
}
MessageBox(0, "ROFLMAO", 0, 0);
return true;
}
extern "C" { ////////////////////////////
__declspec(dllexport) bool SnpBind(int arg1, int *arg2) {
MessageBox(0,"SnpBind!",0,0);
if (!arg1) {
if (arg2) {
*arg2 = (int)functiontable;
return true;
}
}
return false;
}
__declspec(dllexport) bool SnpQuery(int arg1, int *arg2, int *arg3, int *arg4, int *arg5) {
MessageBox(0,"SnpQuery!",0,0);
if (arg1 || !arg2 || !arg3 || !arg4 || !arg5)
return false;
*arg2 = (int)bnet_dword;
*arg3 = (int)&bnet_string;
*arg4 = (int)&bnet_infostring;
*arg5 = (int)bnet_numlist;
return true;
}
} //////////////////////////////
Apparently there's an access violation somewhere along the road a bit later (ebx is 1 at 4DE037) , after the dll's been detached. I must be doing something wrong.. anybody have a clue whatsup?
it is kinda early in the morning but shouldn't there be a ";" after your __asm nop
Quote from: l)ragon on December 24, 2008, 07:06 AM
it is kinda early in the morning but shouldn't there be a ";" after your __asm nop
"nop"e!
btw, that's just there so it doesnt blab about a syntax error.
bump
Can you explain what you are actually doing?
isn't it obvious? I'm trying to make an snp that starcraft can load as multiplayer.