Hi,

I know there must be a function that creats a mapping at X,Y and color that sets in motion...

does anyone know how to do this? or any info on how to find it?

Thanks

[quote author=thetempest link=board=23;threadid=4183;start=0#msg34868 date=1071192452]
Hi,

I know there must be a function that creats a mapping at X,Y and color that sets in motion...

does anyone know how to do this? or any info on how to find it?

Thanks
[/quote]
Perhaps you might look at the trigger processing - isn't it possible to ping the minimap with a trigger? At least this way, you can create well-defined points in time when such would occur.

been there, done that...no avail...

however,

i dont know what to set a bpx on or what to mem search...i tried setting trig's last night, but no avil

thx

Perhaps you could start with something you do know - like, maybe you could breakpoint on the output-text function and use a trigger that outputs text to find the trigger processor, and from there look for the minimap ping trigger.

k,

thanks

no use,

i've been tracing for about 3 hours and still can't find the damned cmp agasint my minerals (which is the post condition)...

lol,

like a year later...i got back into reversing SC except this time i was far better versed in ASM and i got a copy of IDA (God that helped)...

anyways, i found the function and wrote a hack and a small client/server network to send an XY packet across the network.

Just a small update =)

I found it by setting a bpm on the # of units you have...because each time it's increased, you built a unit, and that unit was pinged =) So i F12'd a few times and started NOP'ing functions intill i found one, that when NOP'd, the map wansn't pinged. (i'm sure there was a better way to track it down, if you find any ideas, lemme know) so anyways, eventually i found it and i was correct as to parameters, X,Y,Color =)

[code]
push 0x10 //green 0x11 red ping
mov edx,DWORD y
mov ecx,DWORD x
call <function>
[/code]

ah! that's a good idea.

could you possibly send me a copy of xp softice and ida?

[quote author=$t0rm link=board=23;threadid=4183;start=0#msg69225 date=1089303773]
ah! that's a good idea.

could you possibly send me a copy of xp softice and ida?
[/quote]

I can get you a new version of IDA, just send me a message on icq or msn or whatever ( <-- ). I wish I could get you softice, but I don't have installation files. Maybe I'll get them eventually.

[quote author=iago link=board=23;threadid=4183;start=0#msg69240 date=1089307444]
[quote author=$t0rm link=board=23;threadid=4183;start=0#msg69225 date=1089303773]
ah! that's a good idea.

could you possibly send me a copy of xp softice and ida?
[/quote]

I can get you a new version of IDA, just send me a message on icq or msn or whatever ( <-- ). I wish I could get you softice, but I don't have installation files. Maybe I'll get them eventually.
[/quote]
You need to get me them still! I mean SoftICE. I need lots of neat stuff when my new computer gets in! >:D

[quote author=thetempest link=board=23;threadid=4183;start=0#msg69216 date=1089298296]
lol,

like a year later...i got back into reversing SC except this time i was far better versed in ASM and i got a copy of IDA (God that helped)...

anyways, i found the function and wrote a hack and a small client/server network to send an XY packet across the network.

Just a small update =)

I found it by setting a bpm on the # of units you have...because each time it's increased, you built a unit, and that unit was pinged =) So i F12'd a few times and started NOP'ing functions intill i found one, that when NOP'd, the map wansn't pinged. (i'm sure there was a better way to track it down, if you find any ideas, lemme know) so anyways, eventually i found it and i was correct as to parameters, X,Y,Color =)

[code]
push 0x10 //green 0x11 red ping
mov edx,DWORD y
mov ecx,DWORD x
call <function>
[/code]
[/quote]

How do you nop a function and what program do you use to do it?

[quote author=Zeller link=board=23;threadid=4183;start=0#msg69802 date=1089583140]
How do you nop a function and what program do you use to do it?
[/quote]

The literal way is to replace all the contents of the function except the return statement with nops. You'd probably do it using whatever debugger you're using on the program.

An easier way to "nop" a function is to insert a ret at the start.

mov BYTE PTR [FunctionAddr], 0C3h
; Assume the code segment area you write to has been protected w/ VirtualProtect
; Also assume you are in the processes address space...

[quote author=Adron link=board=23;threadid=4183;start=0#msg69803 date=1089583568]
[quote author=Zeller link=board=23;threadid=4183;start=0#msg69802 date=1089583140]
How do you nop a function and what program do you use to do it?
[/quote]

The literal way is to replace all the contents of the function except the return statement with nops. You'd probably do it using whatever debugger you're using on the program.

An easier way to "nop" a function is to insert a ret at the start.
[/quote]
Heh, never thought of inserting a ret at the start. I'd just assume start typing out 90's :P

[quote author=Newby link=board=23;threadid=4183;start=0#msg71370 date=1090273461]
[quote author=Adron link=board=23;threadid=4183;start=0#msg69803 date=1089583568]
[quote author=Zeller link=board=23;threadid=4183;start=0#msg69802 date=1089583140]
How do you nop a function and what program do you use to do it?
[/quote]

The literal way is to replace all the contents of the function except the return statement with nops. You'd probably do it using whatever debugger you're using on the program.

An easier way to "nop" a function is to insert a ret at the start.
[/quote]
Heh, never thought of inserting a ret at the start. I'd just assume start typing out 90's :P
[/quote]

You wouldnt want to NOP the WHOLE function -- youd at least want to leave the return... otherwise you'd have some major issues

[quote author=indulgence link=board=23;threadid=4183;start=0#msg69940 date=1089632614]
mov BYTE PTR [FunctionAddr], 0C3h
; Assume the code segment area you write to has been protected w/ VirtualProtect
; Also assume you are in the processes address space...
[/quote]

That won't always work, if it's a __stdcall or __fastcall function with stack parameters. You'd want C4xx to clear the stack.

[quote author=iago link=board=23;threadid=4183;start=15#msg71704 date=1090437981][quote author=indulgence link=board=23;threadid=4183;start=0#msg69940 date=1089632614]mov BYTE PTR [FunctionAddr], 0C3h
; Assume the code segment area you write to has been protected w/ VirtualProtect
; Also assume you are in the processes address space...
[/quote]That won't always work, if it's a __stdcall or __fastcall function with stack parameters. You'd want C4xx to clear the stack.[/quote]

Why would he want to use les (load es segment register)? That's at best useless and at worst might cause the program to crash later. :)

[quote author=Kp link=board=23;threadid=4183;start=15#msg71716 date=1090444611]
[quote author=iago link=board=23;threadid=4183;start=15#msg71704 date=1090437981][quote author=indulgence link=board=23;threadid=4183;start=0#msg69940 date=1089632614]mov BYTE PTR [FunctionAddr], 0C3h
; Assume the code segment area you write to has been protected w/ VirtualProtect
; Also assume you are in the processes address space...
[/quote]That won't always work, if it's a __stdcall or __fastcall function with stack parameters. You'd want C4xx to clear the stack.[/quote]

Why would he want to use les (load es segment register)? That's at best useless and at worst might cause the program to crash later. :)
[/quote]

Ok, my bad, it's C2 xx. Boo :)