Hi,
I know there must be a function that creats a mapping at X,Y and color that sets in motion...
does anyone know how to do this? or any info on how to find it?
Thanks
Quote from: thetempest on December 11, 2003, 07:27 PM
Hi,
I know there must be a function that creats a mapping at X,Y and color that sets in motion...
does anyone know how to do this? or any info on how to find it?
Thanks
Perhaps you might look at the trigger processing - isn't it possible to ping the minimap with a trigger? At least this way, you can create well-defined points in time when such would occur.
been there, done that...no avail...
however,
i dont know what to set a bpx on or what to mem search...i tried setting trig's last night, but no avil
thx
Perhaps you could start with something you do know - like, maybe you could breakpoint on the output-text function and use a trigger that outputs text to find the trigger processor, and from there look for the minimap ping trigger.
k,
thanks
no use,
i've been tracing for about 3 hours and still can't find the damned cmp agasint my minerals (which is the post condition)...
lol,
like a year later...i got back into reversing SC except this time i was far better versed in ASM and i got a copy of IDA (God that helped)...
anyways, i found the function and wrote a hack and a small client/server network to send an XY packet across the network.
Just a small update =)
I found it by setting a bpm on the # of units you have...because each time it's increased, you built a unit, and that unit was pinged =) So i F12'd a few times and started NOP'ing functions intill i found one, that when NOP'd, the map wansn't pinged. (i'm sure there was a better way to track it down, if you find any ideas, lemme know) so anyways, eventually i found it and i was correct as to parameters, X,Y,Color =)
push 0x10 //green 0x11 red ping
mov edx,DWORD y
mov ecx,DWORD x
call <function>
ah! that's a good idea.
could you possibly send me a copy of xp softice and ida?
Quote from: $t0rm on July 08, 2004, 11:22 AM
ah! that's a good idea.
could you possibly send me a copy of xp softice and ida?
I can get you a new version of IDA, just send me a message on icq or msn or whatever ( <-- ). I wish I could get you softice, but I don't have installation files. Maybe I'll get them eventually.
Quote from: iago on July 08, 2004, 12:24 PM
Quote from: $t0rm on July 08, 2004, 11:22 AM
ah! that's a good idea.
could you possibly send me a copy of xp softice and ida?
I can get you a new version of IDA, just send me a message on icq or msn or whatever ( <-- ). I wish I could get you softice, but I don't have installation files. Maybe I'll get them eventually.
You need to get me them still! I mean SoftICE. I need lots of neat stuff when my new computer gets in! >:D
Quote from: thetempest on July 08, 2004, 09:51 AM
lol,
like a year later...i got back into reversing SC except this time i was far better versed in ASM and i got a copy of IDA (God that helped)...
anyways, i found the function and wrote a hack and a small client/server network to send an XY packet across the network.
Just a small update =)
I found it by setting a bpm on the # of units you have...because each time it's increased, you built a unit, and that unit was pinged =) So i F12'd a few times and started NOP'ing functions intill i found one, that when NOP'd, the map wansn't pinged. (i'm sure there was a better way to track it down, if you find any ideas, lemme know) so anyways, eventually i found it and i was correct as to parameters, X,Y,Color =)
push 0x10 //green 0x11 red ping
mov edx,DWORD y
mov ecx,DWORD x
call <function>
How do you nop a function and what program do you use to do it?
Quote from: Zeller on July 11, 2004, 04:59 PM
How do you nop a function and what program do you use to do it?
The literal way is to replace all the contents of the function except the return statement with nops. You'd probably do it using whatever debugger you're using on the program.
An easier way to "nop" a function is to insert a ret at the start.
mov BYTE PTR [FunctionAddr], 0C3h
; Assume the code segment area you write to has been protected w/ VirtualProtect
; Also assume you are in the processes address space...
Quote from: Adron on July 11, 2004, 05:06 PM
Quote from: Zeller on July 11, 2004, 04:59 PM
How do you nop a function and what program do you use to do it?
The literal way is to replace all the contents of the function except the return statement with nops. You'd probably do it using whatever debugger you're using on the program.
An easier way to "nop" a function is to insert a ret at the start.
Heh, never thought of inserting a ret at the start. I'd just assume start typing out 90's :P
Quote from: Newby on July 19, 2004, 04:44 PM
Quote from: Adron on July 11, 2004, 05:06 PM
Quote from: Zeller on July 11, 2004, 04:59 PM
How do you nop a function and what program do you use to do it?
The literal way is to replace all the contents of the function except the return statement with nops. You'd probably do it using whatever debugger you're using on the program.
An easier way to "nop" a function is to insert a ret at the start.
Heh, never thought of inserting a ret at the start. I'd just assume start typing out 90's :P
You wouldnt want to NOP the WHOLE function -- youd at least want to leave the return... otherwise you'd have some major issues
Quote from: indulgence on July 12, 2004, 06:43 AM
mov BYTE PTR [FunctionAddr], 0C3h
; Assume the code segment area you write to has been protected w/ VirtualProtect
; Also assume you are in the processes address space...
That won't always work, if it's a __stdcall or __fastcall function with stack parameters. You'd want C4xx to clear the stack.
Quote from: iago on July 21, 2004, 02:26 PMQuote from: indulgence on July 12, 2004, 06:43 AMmov BYTE PTR [FunctionAddr], 0C3h
; Assume the code segment area you write to has been protected w/ VirtualProtect
; Also assume you are in the processes address space...
That won't always work, if it's a __stdcall or __fastcall function with stack parameters. You'd want C4xx to clear the stack.
Why would he want to use
les (load es segment register)? That's at best useless and at worst might cause the program to crash later. :)
Quote from: Kp on July 21, 2004, 04:16 PM
Quote from: iago on July 21, 2004, 02:26 PMQuote from: indulgence on July 12, 2004, 06:43 AMmov BYTE PTR [FunctionAddr], 0C3h
; Assume the code segment area you write to has been protected w/ VirtualProtect
; Also assume you are in the processes address space...
That won't always work, if it's a __stdcall or __fastcall function with stack parameters. You'd want C4xx to clear the stack.
Why would he want to use les (load es segment register)? That's at best useless and at worst might cause the program to crash later. :)
Ok, my bad, it's C2 xx. Boo :)