Author | Message | Time |
---|---|---|
shout | I am writing kind of a "tournament bot" I guess you could call it for SC/BW/ maybe WC3. So far I have: [list][li]Log on to battle.net using hashes (non WC3)[/li][li]Provides simple moderation[/li][/list] I am working on: [list][li]All the bots communicating over a non-battle.net connection[/li][li]In-game bot commands (using a hot key or something)[/li][li]Hack detection[/li][li]Record keeping based only on tournament games[/li][/list] I can probably figure out how to do record keeping and non-bnet connection, but I am guessing I will need to somehow modify the {insert game here}.exe process to achive the in-game bot commands or hack detection. I guess the real reason of this post is to ask how to modify a running process (inject a DLL maybe...?) | September 28, 2004, 3:42 PM |
St0rm.iD | Hrm. I don't know how VirtualProtect works, but I wonder if there's a way your process could maintain a lock on Starcraft's process space. | September 28, 2004, 7:47 PM |
shout | I will admit I really have no idea how to go about this. What exactly is VirtualProtect? | September 28, 2004, 9:01 PM |
St0rm.iD | I'll leave that to someone better qualified to answer the question, but it changes memory permissions. | September 29, 2004, 1:07 AM |
Magickian | [quote author=shout link=topic=8923.msg82413#msg82413 date=1096386141] I am writing kind of a "tournament bot" I guess you could call it for SC/BW/ maybe WC3. So far I have: [list][li]Log on to battle.net using hashes (non WC3)[/li][li]Provides simple moderation[/li][/list] I am working on: [list][li]All the bots communicating over a non-battle.net connection[/li][li]In-game bot commands (using a hot key or something)[/li][li]Hack detection[/li][li]Record keeping based only on tournament games[/li][/list] I can probably figure out how to do record keeping and non-bnet connection, but I am guessing I will need to somehow modify the {insert game here}.exe process to achive the in-game bot commands or hack detection. I guess the real reason of this post is to ask how to modify a running process (inject a DLL maybe...?) [/quote] ReadProcessMemory/WriteProcessMemory can be used for simple read/writes externally from the process without having to inject. VirtualProtect is used to handle read/write within the process internally (and then using say memcpy, or pointers to modify data). | September 29, 2004, 2:47 AM |
shout | Ever more questions: [list][li]If I would modify the process externally, how would I find where all the data is stored in memory?[/li][li]How does DLL injection work?[/li][li]Is DLL injection possible with C#?[/li][/list] | September 30, 2004, 1:39 PM |
Magickian | [quote author=shout link=topic=8923.msg82733#msg82733 date=1096551553] Ever more questions: [list][li]If I would modify the process externally, how would I find where all the data is stored in memory?[/li][li]How does DLL injection work?[/li][li]Is DLL injection possible with C#?[/li][/list] [/quote] Bah, had a nice reply going, but then cablemodem went down for two hours. Anyways, the quickest way to find the data you're looking for is usually with debuggers, or some kind of generic game trainers which will search for changes in values. DLL Injection is most easily done through creating a remote thread inside of the process, allocating memory, then calling LoadLibrary in the remote thread to load your DLL. Once your DLL is in memory, you usually call virtualprotect to enable read/write on some of the memory inside of the app you are injecting. Generally you are going to replace function calls inside of the app with your own, and for data spying purposes, you will usually just wrap a function (IE: Original app calls Winsock's Send function, you inject, overwrite original app's call with your call, then from your call you call Send with all of the original input parameters, then dump the buffer into a file, and then return from the call). Replacing function calls requires quite a bit of assembly knowledge, I suggest going over to the Assembly thread and reading there, think there's a whole thread dedicated to how standard calls work with C++ and assembly. As for C#, I think it uses a different calling convention than stdcall and am not sure of its details. For simplicity purposes, you can create your C++ wrapper and then call the C# function from within your wrapper. Modification: P.S. Creating a remote thread only works under NT/2K/XP, it will not work under 9x/ME, the alternative to making it work under 9x/ME is quite ugly. | September 30, 2004, 5:36 PM |
Skywing | SetWindowsHookEx works nice for Win9x and NT, assuming the program has a window. (ot) Nice Cowboy Bebop. | September 30, 2004, 7:28 PM |
shout | I guess if your using Win9x/ME you wont be able to use it. Too bad for people using operating systems 6 years old. | October 1, 2004, 1:52 PM |
Magickian | [quote author=Skywing link=topic=8923.msg82753#msg82753 date=1096572482] SetWindowsHookEx works nice for Win9x and NT, assuming the program has a window. (ot) Nice Cowboy Bebop. [/quote] Yeah, it was a pre-existing image, but I like Spike anyways. | October 2, 2004, 1:24 AM |