Author | Message | Time |
---|---|---|
Topaz | [/end] | January 5, 2006, 4:37 AM |
UserLoser | I don't think this is something for the public to have as it would greatly harm the public gaming environment. Same reasons why there's no public Starcraft game bots out there | January 5, 2006, 4:43 AM |
Topaz | How about bits and pieces? I only require information regarding joining games and documentation involving map verification and map downloading. | January 5, 2006, 5:10 AM |
JoeTheOdd | You're going to make a mapcrawler? Nice! | January 5, 2006, 1:11 PM |
PaiD | last night I tried to packet log war3.exe using WPE Pro .7a. For some reason it doesnt show up on the list so i cant get into it anymore. Any ideas on what is wrong or another packet logger that works. (Tried Etheral and i cant install the WinPac part due to me being on Windows XP Pro x64) | January 5, 2006, 6:47 PM |
Myndfyr | [quote author=Savior link=topic=13790.msg140637#msg140637 date=1136486872] last night I tried to packet log war3.exe using WPE Pro .7a. For some reason it doesnt show up on the list so i cant get into it anymore. Any ideas on what is wrong or another packet logger that works. (Tried Etheral and i cant install the WinPac part due to me being on Windows XP Pro x64) [/quote] That may be the reason for your inability to packetlog with WPE as well. | January 5, 2006, 7:14 PM |
PaiD | Well I can packet log anything but the war3.exe. It doesnt show me the it from the list. | January 5, 2006, 9:51 PM |
l2k-Shadow | Yeah War3 does not show up on the program list. You'll need a logger that actually logs the network card and does not hook itself to the program.. logger like ethereal. | January 5, 2006, 10:52 PM |
Yegg | [quote author=l2k-Shadow link=topic=13790.msg140685#msg140685 date=1136501572] Yeah War3 does not show up on the program list. You'll need a logger that actually logs the network card and does not hook itself to the program.. logger like ethereal. [/quote] Then I guess this forces me to use Ethereal? I too remember not seeing war3.exe listed in the processes I could packet log when using WPE Pro. Are there any other, worthy, alternative softwares that log the network card, other than Ethereal? | January 5, 2006, 11:13 PM |
Forged | Securityinfo() mask the proccess, compile that and launch war3 with it and you can use wpe [code] .486 .model flat, stdcall option casemap :none include \masm32\include\windows.inc include \masm32\include\user32.inc include \masm32\include\kernel32.inc includelib \masm32\lib\user32.lib includelib \masm32\lib\kernel32.lib .data AppName db "BoR0's Warcraft 1.20 Protection Remover", 0 MsgSucc db "Successfully removed protection! Have fun!", 0 MsgErr db "There was an error removing protection,", 13, 10, "check if War3.exe is in the same dir!", 0 FileName db "war3.exe", 0 NewByte db 0C3h MyDll db "advapi32.dll", 0 MyFunc db "SetSecurityInfo", 0 Startup STARTUPINFO <> ProcessInfo PROCESS_INFORMATION <> .data? byteswritten dd ? .code start: invoke CreateProcess, ADDR FileName, 0, 0, 0, 0, 0, 0, 0, ADDR Startup, ADDR ProcessInfo invoke LoadLibrary, ADDR MyDll invoke GetProcAddress, eax, ADDR MyFunc push eax invoke Sleep, 10 pop eax invoke WriteProcessMemory, ProcessInfo.hProcess, eax, ADDR NewByte, 1, byteswritten cmp eax, 0 je @error invoke MessageBox, 0, ADDR MsgSucc, ADDR AppName, MB_OK+MB_ICONINFORMATION @end: invoke ExitProcess,eax @error: invoke MessageBox, 0, ADDR MsgErr, ADDR AppName, MB_OK+MB_ICONERROR jmp @end end start [/code] | January 5, 2006, 11:19 PM |
PaiD | How do I compile this? | January 6, 2006, 5:02 AM |
UserLoser | [quote] We don't have any private information regarding W3GM on BnetDocs anyway, so this might as well go to general BotDev. This topic has been moved to Battle.net Bot Development. https://davnit.net/bnet/vL/index.php?topic=13790.0 [/quote] Yes, we do. I have lots, very lots. Just a while back Arta never got around to adding a W3GS section, btw, what's W3GM stand for? | January 6, 2006, 6:12 AM |
Topaz | It's ASM, I think. | January 6, 2006, 6:28 AM |
FrOzeN | [quote author=UserLoser link=topic=13790.msg140569#msg140569 date=1136436188] Same reasons why there's no public Starcraft game bots out there [/quote] Define "game bots"? I have about 4 (public) source codes to STAR/SEXP/W2BN Winbots. Which in a way could be modified to just idle in games etc.. | January 6, 2006, 6:56 AM |
Myndfyr | [quote author=UserLoser link=topic=13790.msg140761#msg140761 date=1136527963] [quote] We don't have any private information regarding W3GM on BnetDocs anyway, so this might as well go to general BotDev. This topic has been moved to Battle.net Bot Development. https://davnit.net/bnet/vL/index.php?topic=13790.0 [/quote] Yes, we do. I have lots, very lots. Just a while back Arta never got around to adding a W3GS section, btw, what's W3GM stand for? [/quote] Oops, I meant W3GP for Warcraft 3 Game Protocol. I don't know where I got M from. *shrug* Regarding private information we have or don't have: we don't have any on BnetDocs, because (as you said) we don't have a section for it. | January 6, 2006, 7:04 AM |
Puzzle | There is a much easier way to do this: patch game.dll with 6804000080 at address 6F00996C to 6800000000. Any hex editor will work. All this does is create a null value in the third paramater of SetSecurityInfo() which makes sure the api doesnt do anything that can block you. Edit: My apologies. This address has been changed in 1.20B and I will update the newer address and values ASAP. | January 6, 2006, 7:18 AM |
Quarantine | [quote author=Savior link=topic=13790.msg140757#msg140757 date=1136523720] How do I compile this? [/quote] MASM. | January 6, 2006, 7:29 AM |
UserLoser | [quote author=FrOzeN link=topic=13790.msg140771#msg140771 date=1136530564] [quote author=UserLoser link=topic=13790.msg140569#msg140569 date=1136436188] Same reasons why there's no public Starcraft game bots out there [/quote] Define "game bots"? I have about 4 (public) source codes to STAR/SEXP/W2BN Winbots. Which in a way could be modified to just idle in games etc.. [/quote] Game bots, as in, actually in a game where it's connected to a host and other peers. WinBots are nothing close to an actual game bot, you're mistaken, sorry. | January 6, 2006, 7:30 AM |
PaiD | Yea i got it compiled now, thx. Now for some reason. I can only view packets that I sent to bnet or the host of the game. I cant see what bnet responds with or with what the host sent me. Anyone know why? | January 6, 2006, 7:32 AM |
Puzzle | Reinstall with x32 so that you can use Ethereal. | January 6, 2006, 1:14 PM |
Skywing | Or you could just do the easy thing and enable SeDebugPrivilege in your patching program. Alternatively, you could just rewrite the DACL for the process the same way that War3 does it - it's running under the same user as you and owned by you, so this will always be possible. | January 6, 2006, 2:43 PM |
PaiD | Ok I just read up on the SeDebugPrivilege API and it says that Admins have it on allrdy (from what I can tell), If so.... I should have it on Edit: Oh Ok. I have the privilege to load it, but i need to call the api and give it the war3.exe process ID, it sounds like to me. Correct? Edit: Also will this let me see the recieved packets from Bnet and the Game Host? | January 6, 2006, 6:07 PM |
Skywing | [quote author=Savior link=topic=13790.msg140825#msg140825 date=1136570860] Ok I just read up on the SeDebugPrivilege API and it says that Admins have it on allrdy (from what I can tell), If so.... I should have it on Edit: Oh Ok. I have the privilege to load it, but i need to call the api and give it the war3.exe process ID, it sounds like to me. Correct? Edit: Also will this let me see the recieved packets from Bnet and the Game Host? [/quote] If you are running as an administrator or a user with that privilege, then you can use AdjustTokenPrivileges to enable the privilege for the process token. While the privilege is enabled, all access checks to OpenProcess and OpenThread are disabled, so Blizzard's modifications of the process security descriptor will have no effect on your program. A different, slightly more complicated solution is to open the process for WRITE_DAC access (will always succeed because you are the owner of the process) and rewrite the DACL to not deny the rights you are interested in. This is slightly better in that it doesn't require you to be an administrator in order to function. | January 6, 2006, 6:51 PM |
JoeTheOdd | [quote author=Savior link=topic=13790.msg140757#msg140757 date=1136523720] How do I compile this? [/quote]You don't compile, you assemble. =). I'm not sure which assembler that was written for, as I only work with NASM, but I can tell you that it's not NASM code. [quote author=Topaz link=topic=13790.msg140763#msg140763 date=1136528919] It's ASM, I think. [/quote]You never cease to make me chuckle. | January 7, 2006, 4:55 AM |
Quarantine | I already said it's MASM code. | January 7, 2006, 5:18 AM |
Topaz | i hate you joe | January 7, 2006, 6:14 AM |
JoeTheOdd | [quote author=Topaz link=topic=13790.msg140917#msg140917 date=1136614463] i hate you joe [/quote] I hate you too, loser. | January 7, 2006, 8:30 PM |
PaiD | looking over how DACL works. I dont see how they could have blocked the admin (who sould have all rights) to not see the process from WPE Pro. How does this work? | January 7, 2006, 9:48 PM |
JoeTheOdd | [quote author=Savior link=topic=13790.msg140979#msg140979 date=1136670492] looking over how DACL works. I dont see how they could have blocked the admin (who sould have all rights) to not see the process from WPE Pro. How does this work? [/quote] Theoretically, admin should have all privlidges. But, you aren't using Linux, so don't expect it to work in practice. =) | January 8, 2006, 1:45 AM |
Kp | [quote author=Joe link=topic=13790.msg140994#msg140994 date=1136684740] [quote author=Savior link=topic=13790.msg140979#msg140979 date=1136670492] looking over how DACL works. I dont see how they could have blocked the admin (who sould have all rights) to not see the process from WPE Pro. How does this work? [/quote] Theoretically, admin should have all privlidges. But, you aren't using Linux, so don't expect it to work in practice. =) [/quote] Actually, it's possible on both Linux and Windows for an administrator to end up with reduced privileges via a rootkit. On Windows, it's common for administrators to have the option of certain privileges (such as SeDebugPrivilege), but not actually have the privilege enabled until he requests it. On Linux, it's quite possible to build a modified kernel (such as a GRsecurity kernel) where root (and all other users) have reduced privileges. | January 8, 2006, 2:08 AM |
PaiD | Also. I tried the seDebug idea and now when I create a new process of war3 and it loads fine, it cant connect to bnet or my lan. It just says it needs to be connected to the net. but when I allow to to open from Start->.....War3 it works just fine Edit: And What right am I looking at restoring? Edit: This is what I got sofar and it isnt working. Anyone know why? [code] GetNamedSecurityInfoA "C:\Program Files (x86)\Warcraft III\war3.exe", SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, &H0, &H0, &H0, &H0, &H0 GetNamedSecurityInfoA "C:\Program Files (x86)\Warcraft III\war3.exe", SE_FILE_OBJECT, SACL_SECURITY_INFORMATION, &H0, &H0, &H0, &H0, &H0 SetSecurityInfo pInfo.hProcess, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, &H0, &H0, &H0, &H0 SetSecurityInfo pInfo.hProcess, SE_FILE_OBJECT, SACL_SECURITY_INFORMATION, &H0, &H0, &H0, &H0 [/code] Edit: YaY Problem solved!!! I found out that WinPcap has made a driver for x64 (alpha) and I downloaded that and can now use Etheral. | January 8, 2006, 2:31 AM |
Puzzle | You have to pass a null as the third value in SetSecurityInfo(). You are passing the same paramaters that war3 uses. | January 9, 2006, 4:46 AM |