Author | Message | Time |
---|---|---|
Excel | In an attempt to receive data come to the Warcraft 3 client before it the game handles it ( which is a feat in itself ), I am wondering how to actually get at the data? I've been researching how IO Completion Ports work and can't seem to find the data. Here is a typical GetQueuedCompletionStatus call [code] // BOOL GetQueuedCompletionStatus( CompletionPortHandle, lpNumberOfBytes, lpCompletionKey, lpOverlapped, dwMilliseconds ); ret = GetQueuedCompletionStatus( 9464, 67501932, 67501944, 67501928, -1 ); // -1 == INFINITE // ret == 1 [/code] Here is some debug output ( value from the lpNumberOfBytes pointer ... as well as the data inside the OVERLAPPED structure ) [quote] Bytes Read = 154 hEvent = 142868656 == 0x088400B0 Internal = 142870244 == 0x088406E4 InternalHigh = 154 Offset = 67501952 == 0x0405FF80 OffsetHigh = 4282464 == 0x00415860 Pointer = 67501952 == 0x0405FF80 [/quote] I was hoping I could simply ReadProcessMemory the address Pointer is set to... for the InternalHigh worth of bytes (since it is identical to the supposed bytes read), however it doesn't give me the data I was expected. My tests so far have been going to an empty chatroom, chatting, and trying to find the text I had typed "XXXXXXXXXXX". I've also debugged and stepped through it [code]00415800 |. FF15 10CF4E00 |CALL DWORD PTR DS:[4ECF10][/code] ... is the call that soon after calls GetQueuedCompletionStatus. Even debugging and looking around, I couldn't find how it looked up the data that it was receiving ( or how it was receiving it ). I am hoping that someone could help me this. Does GetQueuedCompletionStatus OVERLAPPED structure give me the information I need to find the data received? I've seen that typically a programmer would wrap that structure and add additional data ( perhaps the received buffer )... but this is not the case as far as I can tell. I still see no calls to WSARecv... is this not even used? Is there a better way I should be approaching this? Any support would be great :-* | August 10, 2006, 6:14 AM |
UserLoser | Maybe it uses ReadFileEx instead of WSARecv? It's been a while since I've done anything on War3.exe... | August 10, 2006, 6:52 AM |
Excel | Doesn't hook ReadFileEx, but ReadFile might be the one. After logging on battle.net, then ALT+F4 to leave... I was given this nice message from ReadFile [quote][NOTE TO HACKERS -- Changing this file may be hazardous to your progress] Magic1=-704524704[/quote] | August 10, 2006, 8:13 AM |
HeRo | [quote author=Excel link=topic=15519.msg156662#msg156662 date=1155197632] Doesn't hook ReadFileEx, but ReadFile might be the one. After logging on battle.net, then ALT+F4 to leave... I was given this nice message from ReadFile [quote][NOTE TO HACKERS -- Changing this file may be hazardous to your progress] Magic1=-704524704[/quote] [/quote] Haha, thats nice. | August 10, 2006, 11:35 PM |
TheMinistered | What you want to do is catch the data after Warcraft3 receives it but before it processes/handles it. You will want to look for some sort of recv call, there are a few for overlapped operations. You need to hook it and pass the buffer right after the call to the recv function and before it gets handled. typically this is how they'll have coded it: recv(... buffer ...); handledata(... buffer ...); you'll want to hook the call to handledata, and your hook will typically look like this: patchedhandledata(... buffer ...) { ; function pointer to the real handledata fxn ; code to process buffer with what you want ; code to call the real handledata fxn } these hooks kind of work like subclassing a windowproc if you want to think of it like that... you process the message then call the default window proc when you're done. So think of it as "subclassing the handledata/buffer processing function in warcraft 3" but you have to go a little out of your way as there is no api for this ;) | August 13, 2006, 3:14 AM |
tinman | I'm trying to do the same thing also... | March 10, 2008, 4:46 PM |
tinman | ah... i did it ;D managed to get it works perfectly ;D | March 11, 2008, 4:24 AM |