PrintF with Char[] function?

Ask for Help on Using the Language With Memory Hacking Software

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

PrintF with Char[] function?

Postby xplorexxx » Thu Aug 02, 2007 12:08 pm

Hi everybody.
I have some codes:
Code: Select all
extern DWORD NPC_BASE_ADD = {"", 0x00DC9988};
const DWORD NPC_DATA_SIZE = 0x8038;
const INT REGION_WIDTH = 512;
const INT REGION_HEIGHT = 1024;
const INT CELL_WIDTH = 32;
const INT CELL_HEIGHT = 32;
const INT MAX_NPC = 256;
const INT MAX_OBJ = 256;
const INT PLAYER_INDEX = 1;

const DWORD RUN_FUNC_ADD = 0x004C41B7; 
const DWORD WLK_FUNC_ADD = 0x004C4204;

//const DWORD DOSOMETHING_FUNC_ADD = 0x00ABCDEF;

INT PosX_Real = 0;
INT PosY_Real = 0;
INT PosX_Map = 0;
INT PosY_Map = 0;
typedef struct NPC
{
   BYTE Padding0[0xC];
   // 0x0C
   DWORD NextNPC;
   BYTE Padding00[0xC];
   // 0x1C
   UINT Lev;
   // 0x20
   UINT Kind;
   // 0x24
   UINT Sys;
   BYTE Padding01[0xB4];
   // 0xDC
   UINT Color;
   BYTE Padding02[0xCE8];   
   // 0xDC8
   UINT Health;
   // 0xDCC;
   UINT HealthMax;
   // 0xDD0
   UINT DontKnow1;
   BYTE Padding03[8];
   // 0xDDC
   UINT Mana;
   // 0xDE0;
   UINT ManaMax;
   BYTE Padding04[0x1EC];
   // 0xFD0
   UINT MapX;
   // 0xFD4
   UINT MapY;
   // 0xFD8
   UINT MapZ;
   // 0xFDC
   UINT MapOffX;
   // 0xFE0
   UINT MapOffY;
   // 0xFE4
   UINT MapOffZ;
   BYTE Padding05[0x49];
   // 0x1031
   CHAR Name[0x20];
   UINT Sex;
   BYTE Padding06[0x84];
   INT  PeopleIdx;
   BYTE Padding07[0x19B];
   // 0x1278
   UINT Fight;
   BYTE Padding08[0x1C];
   // 0x1298;
   WORD RegionX;
   WORD RegionY;
} NPC;

VOID On_HK_9( DWORD dw1, DWORD dw2 ) {
   Clear();
   Go();
}

VOID Go() {   

   extern struct NPC pPlayer = { "", NPC_BASE_ADD + PLAYER_INDEX * NPC_DATA_SIZE};
   
   GetRealPos(&PosX_Real, &PosY_Real
          , pPlayer.RegionX, pPlayer.RegionY
          , pPlayer.MapX, pPlayer.MapY
          , pPlayer.MapOffX, pPlayer.MapOffY
           );
   GetMapPos(&PosX_Map, &PosY_Map
          , pPlayer.RegionX, pPlayer.RegionY
          , pPlayer.MapX, pPlayer.MapY
          //, pPlayer.MapOffX, pPlayer.MapOffY
           );       
   PrintF("Name:%s", pPlayer.Name);
   PrintF("Next:%0.8x\n", pPlayer.NextNPC);
   PrintF("Lev:%u\n", pPlayer.Lev);
   PrintF("Sys:%u\n", pPlayer.Sys);
   PrintF("Kind:%u\n", pPlayer.Kind);
   PrintF("Health/HelathMax:%u/%u\n", pPlayer.Health, pPlayer.HealthMax);
   PrintF("Mana  /ManaMax  :%u/%u\n", pPlayer.Mana, pPlayer.ManaMax);
   PrintF("PosX  /PosY     :%u/%u\n", PosX_Map, PosY_Map);
   PrintF("PosX_Real/PosY_Real:%u/%u\n", PosX_Real, PosY_Real);   
   PrintF("PeopleIdx:%d\n", pPlayer.PeopleIdx);
   PrintF("Fight:%u\n", pPlayer.Fight);
}

VOID GetRealPos(INT *nX, INT *nY, INT RegionX, INT RegionY, INT MapX, INT MapY, INT MapOffX, INT MapOffY)
{
   *nX = RegionX * REGION_WIDTH + MapX * CELL_WIDTH + (MapOffX >> 10);
   *nY = RegionY * REGION_HEIGHT + MapY * CELL_HEIGHT + (MapOffY >> 10);
}

VOID GetMapPos(INT *nX, INT *nY, INT RegionX, INT RegionY, INT MapX, INT MapY)
{
   *nX = (RegionX * REGION_WIDTH + MapX * CELL_WIDTH) >> 8;
   *nY = (RegionY * REGION_HEIGHT + MapY * CELL_HEIGHT) >> 9;
}


I compiled this Code successfully without opening the game.exe process.
But when i opened the process. It threw an error at the first PrintF():
ERROR: Pos: 1777 Call to undefined function or incompatible argument lists (“PrintF”)...
If i removed the first PrintF, everything is OK.I don't know why?
Can anybody help me.

BTW, can u help me write a function to open the game at C:\game.exe and automatically type the login and the password to login to the game.

And another question is how i can alway check the pPlayer.Fight and the pPlayer.Health that if (Fight == 1 && Health <= 500) then call a function at the Function Address to do something.
Sorry bcz I don't kown how to write code for executing the function at the FUNC_ADD.
Anyone help me to call the function Run(int x, int y) at the DWORD RUN_FUNC_ADD = 0x004C41B7;

Waitting for "extern to function" coming soon.
Thanks in advance.
xplorexxx
Hackleberry Fin
 
Posts: 20
Joined: Sat Jul 21, 2007 10:48 am

Postby mezzo » Thu Aug 02, 2007 2:12 pm

typing login info is easy, check the thread here.

Adding a bit of code to auto load an executable should be pretty easy too.
(EDIT: was posting at the same time as L.Spiro, apparently launching is a nono)

can't realy help you with your other questions.. srry
Last edited by mezzo on Thu Aug 02, 2007 2:25 pm, edited 1 time in total.
- No thanks, I already have a penguin -
User avatar
mezzo
El Mariachi
 
Posts: 739
Joined: Mon Apr 30, 2007 10:27 pm
Location: Antwerp

Postby L. Spiro » Thu Aug 02, 2007 2:12 pm

My compiler is protecting you from yourself.

If a function accepts a pointer to a string, that function is assuming the pointer you give it is in local space (not inside the process).
So it will access that pointer inside the RAM of MHS.

You are passing a pointer to a string that is inside the target process.
The address is not valid inside MHS.exe; it is valid inside Game.exe.

If you want to print that string, you need to copy it to local space yourself first.

Code: Select all
CHAR * CopyExternStringToLocal( CHAR * pcExternAddress, CHAR * pcCopy, DWORD dwMaxLen ) {
   extern CHAR e_pcTarget[32] = { "", pcExternAddress };
   CHAR * pcRet = pcCopy;
   CHAR cCopy;
   DWORD I = 0;
   do {
      cCopy = e_pcTarget[I];
      (*pcCopy++) = cCopy;
   } while ( ++I < dwMaxLen && cCopy != '\0' );
   return pcRet;
}



Code: Select all
   CHAR szBuffer[0x20];

   PrintF("Name:%s", CopyExternStringToLocal( (CHAR *)&pPlayer.Name, szBuffer, 0x20 );





BTW, can u help me write a function to open the game at C:\game.exe and automatically type the login and the password to login to the game.

I currently do not allow executing processes from the script for security reasons.

And if the game uses DirectX it might not work to send input the normal way with the Minesweeper demo.




And another question is how i can alway check the pPlayer.Fight and the pPlayer.Health that if (Fight == 1 && Health <= 500) then call a function at the Function Address to do something.

If you want to execute the function in the target process you will need to keep waiting for the extern functions.
Maybe next release or the release after.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby xplorexxx » Thu Aug 02, 2007 2:23 pm

Thanks all of you so much.
MHS is so a powerful software.

Please one more hint, if the memory is protected for some reason.

I heard somewhere that we can use the OpenProcess and use VirtualProtectEx to alter the value, but I can't find the OpenProcess API in MHS help file. Don't khow how to use it... :(
xplorexxx
Hackleberry Fin
 
Posts: 20
Joined: Sat Jul 21, 2007 10:48 am

Postby L. Spiro » Thu Aug 02, 2007 4:01 pm

LoadProcess() to attach MHS to the process.

GetCurProcessHandle() to get the current process’s HANDLE.

VirtualProtectEx() to change the memory settings.

You can search anywhere to find examples on how to use VirtualProtectEx().


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby xplorexxx » Sat Aug 04, 2007 9:28 am

Hi bro,
Please see the code:
Code: Select all
if(OpenProcessByName("game_y.exe")){
extern struct NPC pPlayer = { "", NPC_BASE_ADD + PLAYER_INDEX * NPC_DATA_SIZE};
PrintF("Name:%s", CopyExternStringToLocal((CHAR *)&pPlayer.Name, szBuffer, 0x20));
   DWORD OldProtect;
   VirtualProtectEx(GetCurProcessHandle(), (LPVOID)&pPlayer.Name, 32, PAGE_EXECUTE_READWRITE, &OldProtect);
   PrintF("OldProtect:%0.8x\n", OldProtect);
   pPlayer.Name = "Jenny";
   VirtualProtectEx(GetCurProcessHandle(), (LPVOID)&pPlayer.Name, 32, OldProtect, &OldProtect);
   PrintF("NewProtect:%0.8x\n", OldProtect);
   PrintF("Name after writting:%s", CopyExternStringToLocal((CHAR *)&pPlayer.Name, szBuffer, 0x20));
}


and the ouput:

Name:Andy
OldProtect:00000004
NewProtect:00000040
Name after writting:Andy


The new name doesn't commit to memory.
I also viewed the Hex Editor, but nothing changed at that address.
May be it has another protection, is it right?

Thanks.
xplorexxx
Hackleberry Fin
 
Posts: 20
Joined: Sat Jul 21, 2007 10:48 am

Postby L. Spiro » Sat Aug 04, 2007 9:55 am

Just as you copied the string from the target you need to copy “Jenny” to the target character-by-character.


Code: Select all
CHAR * pcNewName = "Jenny";
INT I = 0;
for  (  ; pcNewName[I]; I++ ) {
    pPlayer.Name[I] = pcNewName[I];
}
pPlayer.Name[I] = pcNewName[I];



L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby xplorexxx » Sat Aug 04, 2007 1:35 pm

Tried your solution, but i still can't commit the new value.

I use VirtualQueryEx() function to get the infomation, put it into _MEMORY_BASIC_INFORMATION mbi, and i see that:
mpi.State = 00001000 (MEM_COMMIT)
mpi.Protect = 00000004 ( PAGE_READWRITE)
Maybe it is not protected as normal???

Any idea?

Thanks.
xplorexxx
Hackleberry Fin
 
Posts: 20
Joined: Sat Jul 21, 2007 10:48 am

Postby L. Spiro » Sat Aug 04, 2007 3:47 pm

That is your player structure right?
It has a current health which changes right?

If the game is changing the current health, you do not need to change the protections. It is not protected memory.

If you are really having problems, you can use WriteProcessMemory() directly from inside the scripts or and you can try adding the value to the main address list and modifying it there to see if it changes.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby xplorexxx » Sat Aug 04, 2007 11:35 pm

L. Spiro wrote:That is your player structure right?
It has a current health which changes right?

Yes.

I added the health address to the main list, modified the value , but nothing changes and can't lock the value.

Tried using WriteProcessMemory, No changing.

I found that, after playing many times with the scritp, sometime it can modify the value for some reasons. But when I restart the MHS, it doesn't work anymore.

Maybe Online Game has some special function to protect its value.

Thanks.
xplorexxx
Hackleberry Fin
 
Posts: 20
Joined: Sat Jul 21, 2007 10:48 am

Postby xplorexxx » Tue Aug 07, 2007 2:10 pm

Hey bro,

I found some problems here:
Using AutoHack i can see the target address is accessed constanly.

if i set the region page at this address to PAGE_NOACCESS, the game quits immidiately, but after that I reopen game again, and I can modify any value that i want.

Do you have any ideas?

Thanks.
xplorexxx
Hackleberry Fin
 
Posts: 20
Joined: Sat Jul 21, 2007 10:48 am

Postby L. Spiro » Thu Aug 09, 2007 1:36 pm

if i set the region page at this address to PAGE_NOACCESS, the game quits immidiately

More likely the game crashes.

The only thing that pops to mind is some kind of hidden protection scheme—another process preventing MHS from writing to it.

The pages themselves are not protected from writing and you do not need to do anything to write to them normally.

Try finding people who have already worked with the game and know what it is trying to do.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan


Return to Help

Who is online

Users browsing this forum: No registered users and 0 guests

cron