In Game Messaging

Blaze · June 17, 2005, 07:24 PM

I tried the code and I from lastdll error I get error 6. I can't seem to find what that is in google so $:-\$ .

Kp · June 17, 2005, 11:07 PM

Quote from: Kyro on June 16, 2005, 10:56 PMI've been scanning Storm.dll via IDA for the function you mentioned... Could it be this one:

It could.

tA-Kane · June 18, 2005, 03:24 AM

By the way, in case you still haven't resolved the issue of how to get "multiple desktops", there's two ways that I know of. There may be (and most likely are) other ways.

1) Either get a second graphics card (a PCI one will work fine since you shouldn't be doing much gaming on it) or swap your current graphics card with a new card that has dual output. Then, aquire a second screen and hook it up.

2) Get desktop drivers that support desktop "switching" (kinda like how Linux does desktops). nVidia's nView apparently is able to do this, but I'm not sure how to get it set up.

Of course, if you aren't able to do either of those, it is also possible to work on two computers (side-by-side will save a lot of time, I might add) and use a remote debugger.

Don Cullen · June 18, 2005, 04:01 AM

QuoteNow we know that it's using GetTickCount to check the message timer. So we also know that it must be using GetTickCount to set the timer. So if you look at code at 46B834 we can determine what the offsets are for the timers. [4*esi+006517BC]. Four times the value in esi plus 6517BC is the offset for the current message offset. With this info we can determine this:

Message - Timer
650CA8 - 6517BC
650D82 - 6517C0
650E5C - 6517C4
650F36 - 6517C8
651010 - 6517CC
6510EA - 6517D0
6511C4 - 6517D4
65129E - 6517D8
651378 - 6517DC
651452 - 6517E0
65152C - 6517E4

I got stuck at that part... [4*esi+006517BC]?!? How do I find out the value in esi, and where do I find esi? I got this far before getting stuck... and how do you multiply 65152C with whatever is in esi, and add it with 006517BC, to come up with 6517E4? Input, as always, would be appreciated!

Kp · June 18, 2005, 10:38 AM

Quote from: Kyro on June 18, 2005, 04:01 AMwhere do I find esi?

It's in your CPU.

esi is the Extended Source Index (oppose edi - Extended Destination Index)

Don Cullen · June 18, 2005, 02:46 PM

Right, I know that much. I just don't know where to locate the value in esi. Is the value of esi the same for the entire program, meaning I can just press ctrl d and look at the value of esi for the starcraft process, or does esi differ as per each offset section it's at?

Do I use SoftIce to determine what the value in esi is? Or do I use some other software? I have IDA, WinHack, SoftIce, and Win32DASM. I finally figured out that in:

[4*esi+006517BC]

The 006517BC in above is the timer in the following in the tutorial:

Message - Timer
650CA8 - 6517BC
658D1C - 659160
The timer offset is different from mine when I step into the code though. Instead of [4*esi+006517BC], I have:

[4*esi+00659160]

The timer offset is obviously not in the list that Drakken has- I presume it's because of a starcraft update patch change. In any case, it's obvious 659160 is the timer offset. So I'd think it means I'd have to:

1. Find out the value of esi (how do I do this?!?)
2. Multiply 4 with esi (how do I do that using MS calculator?)
3. Add result with 00659160

End result is the location of the message offset...

I know I already have the message offset and timer offset, but I'd like to know the above, so I can apply the math for the other offsets.

Also, in this:

6517BC 0F 0F 0F 0F

What is 0F 0F 0F 0F?

I wrote 0F 0F 0F 0F at the offset of 659160 using WinHack (since I don't know how to write 0F 0F 0F 0F to that offset using vb...) and TESTSTRING to the offset of 658D1C using VB. This caused SC to crash and SoftIce to emit blood-curling screams of horrors, terrors and errors galore... So what am I doing wrong?

Blaze · June 18, 2005, 03:46 PM

Would all those offsets be in the same place 3 patches later?

UserLoser. · June 18, 2005, 03:51 PM

Quote from: Blaze on June 18, 2005, 03:46 PM
Would all those offsets be in the same place 3 patches later?

Most likely, no.

Don Cullen · June 18, 2005, 04:50 PM

No. Patches are modification of code, which means, code gets shifted around. So chances are, the offsets most likely would be different. So every time a patch came out, you'd have to update your program to reflect the changes.

NicoQwertyu · June 18, 2005, 06:14 PM

Or devise a clever way to have your program get the offsets itself!

tA-Kane · June 18, 2005, 11:58 PM

Quote from: Kyro on June 18, 2005, 02:46 PM1. Find out the value of esi (how do I do this?!?)
2. Multiply 4 with esi (how do I do that using MS calculator?)
3. Add result with 00659160

1. Find out the value of esi (using a debugger)
2. Multiply 4 with esi (manually)
3. Add result with 00659160

Note that some debuggers may present the result of the math (including ESI's contents) for you.

Quote from: Kyro on June 18, 2005, 02:46 PMI wrote 0F 0F 0F 0F at the offset of 659160 using WinHack (since I don't know how to write 0F 0F 0F 0F to that offset using vb...) and TESTSTRING to the offset of 658D1C using VB. This caused SC to crash and SoftIce to emit blood-curling screams of horrors, terrors and errors galore... So what am I doing wrong?

I am not familiar with the tutorial that you are working with (laziness) nor with StarCraft's inner-workings, but is it possible that the "timer offset" either refers to code or a pointer instead of a text message? If such is the case, then it is especially likely that overwriting the memory with 0x0F0F0F0F will result in a crash.

Edit:
I might add that you should try only one of the two things (in regards to writing 0x0F0F0F0F and TESTSTRING) and see if it's one or the other or both things that's causing StarCraft to crash.

EpicOfTimeWasted · June 19, 2005, 01:33 AM

Wouldn't it just be easier to type a message like "findme", NOT send the message, use SoftICE to search the memory for "findme", bpm the results, and then send the message? There should only be about two results, and only one of them should be in Starcraft's address space. SoftICE will break every time the memory is accessed, and with a little back tracing, you'll find SC's text message handling function, as well as the parameters. Just seems cleaner than trying to throw a message into one of the buffers and hoping you did everything right.

Don Cullen · June 19, 2005, 07:55 AM

EpicOfTimeWasted-

Probably would be easier-- providing I understood ASM, which I don't. Let's say I find the function. I'd be seeing it in ASM, but I'd not know what the parameters were, and how the function wanted the parameters to be phrased.

In any case, I got Starcraft to display messages, so I figured out the first half of the tutorial, now I'm on the timer part.

Here's my problem:

Code Select


    Dim LOD As String
    
    'Get Tick Count and add 8 seconds to it.
    LOD = CStr(GetTickCount() + 8000)
    
    'Write to the timer offset to set timer
    WriteProcessMemory pHandle, &H659180, LOD, Len(LOD), Len(LOD)

That should make sure the message stays on screen for only 8 seconds. I used WinHack to check the timer memory offset, and it shows what I wrote to it. However, it doesn't stay on the screen for eight seconds: it stays on screen permanently. If I do 0f 0f 0f 0f (whatever that means), the message obviously stays on screen permanently... If I try to do the timer mod, it still stays on screen... Any idea what I'm doing wrong?

Adron · June 19, 2005, 11:23 AM

Dim LOD As Long

'Get Tick Count and add 8 seconds to it.
LOD = GetTickCount() + 8000

R.a.B.B.i.T · June 19, 2005, 11:30 PM

SoftICE is being evil for me! Particularly: it will not break. ever. It refuses to break even when I set breakpoints at the memory addresses I found for the text. Any ideas?

In Game Messaging

UserLoser.

R.a.B.B.i.T