• Welcome to Valhalla Legends Archive.
 

Heads up bot developers

Started by UserLoser, July 03, 2006, 12:43 AM

Previous topic - Next topic

UserLoser

If you're receiving unrecognized packet 0x4C from Battle.net during your Warcraft III logon, it probably looks like 0x4A.  It's the same thing, just the 0x4C means your client (well, the official Blizzard client) should be running it no matter what.  At this time, I have finished disassembly and debugging of the IX86ExtraWork.dll and Blizzard is distributing IX86ExtraWork.DLLs for patching the "disconnect hack."

Your bot can safely ignore 0x4A and 0x4C message.



Technical specs on the extra work being done to Game.dll (two memory writes):

First write (13 bytes @ base+0x5a5403): 0x85, 0xc0, 0x0f, 0x84, 0x1f, 0x01, 0x00, 0x00, 0x8b, 0x48, 0x50, 0xeb, 0x22
Second write (2 bytes @ base+0x5a542f): 0x3b, 0xd2

A typical crash from a "disconnect hacker" would result in the following:

Quote
FATAL ERROR!

Program:   i:\games\warcraft iii\war3.exe
Exception:   0xC0000005 (ACCESS_VIOLATION) at 001B:6F5A542F

The instruction at '0x6F5A542F' referenced memory at '0x00000050'.
The memory could not be 'read'.

This is the first time I've seen Blizzard patch something without an actual patch :P