Sign in to follow this  
Followers 0
computergeekxp

Need Help with Script

9 posts in this topic

#1 ·  Posted (edited)

Here is the big picture:

I play the Halo Demo but ofcourse I am too cheap to buy the full version (I could torrent it and I am, but I know there are others out there like me). So I wanted to write a program that would detect what server they were joining and then inturn the which modded map the client was trying to load by asking the program running the server. The server will send back a list of clients(players) currently connected and which have the patched file where the client can then download the patch (If no one else has it, the file will be downloaded from the server). Once the download is complete, the client will then tell the server to add the client to the list of avaialable downloads of the patch. The clients map file will then be patched and reconnect to the server. Once they leave the server, the backup of the map will be restored.

I tried using a UDP bind to listen on the same port the game was using but found out that this was impossible. (Previous Post) If you know of another way or a workaround, that would be great.

Edited by computergeekxp

Share this post


Link to post
Share on other sites



There's not really a work around for a packet sniffer. If you need a packet sniffer, you're gonna have to use one and include it or make your own. This was pretty much covered in your previous post and there's really no need for this one.

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Ok, thanks. But which packet sniffer could I use (preferably light weight) and how would I be able to view the packets in autoit? I tried windump but that didn't work. The other reason I started this post is because I dod beleive there is a workaround. I have seen scripts written in C/C++ that will actually return information about a particular game server. Like players/score/gametype/map/etc.

Edited by computergeekxp

Share this post


Link to post
Share on other sites

OH! I totally forget about reading process memory... Yea, you can figure out where the player/score/etc. info is stored in memory and read that. You might even get lucky and find that the map info is saved to a file on the comp but that's unlikely since we're talking about Halo. For info on how to read memory and game info, I'd google around for game hacking tutorials. As for the small packet sniffer question, I have no idea.

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

Thanks, I will look into it.

I also found this PHP script that will query the server but I haven't had time to decipher it. Anyways, here it is:

function retrieve($ip, $port, &$playerdat, &$teamscor)
{
        $fp = fsockopen("udp://$ip", $port, $errno, $errstr);
        $ticks = time();
        if (!$fp)
        {
            return 2; // socket could not be opened
        } 
        else
        {
            stream_set_timeout($fp, 2);
            fwrite($fp, "þý".Chr(0)."wjÿÿÿÿ");
    
            $x = explode(chr(0), fgets($fp));
            if ( isset($x[2]) ) { // isset prevents errors if x not set
                $ping = time() - $ticks;
                $array = array (
                    "hostname"  =>  $x[2],
                    "gamever"   =>  $x[4],
                    "hostport"  =>  $x[6],
                    "maxplayers"    =>  $x[8],
                    "password"  =>  $x[10],
                    "mapname"   =>  $x[12],
                    "dedicated" =>  $x[14],
                    "gamemode"  =>  $x[16],
                    "game_classic"  =>  $x[18],
                    "numplayers"    =>  $x[20],
                    "gametype"  =>  $x[22],
                    "teamplay"  =>  $x[24],
                    "gamevariant"   =>  $x[26],
                    "fraglimit" =>  $x[28]
                );
            
                $xc = 40; // start of player data
                // for loop num players
                for($np=0;$np<$x[20];$np++)
                {
                    $playerdat[$np]->name = $x[$xc];
                    $xc ++;
                    $playerdat[$np]->score = $x[$xc];
                    $xc ++;
                    $playerdat[$np]->ping = $x[$xc];
                    $xc ++;
                    $playerdat[$np]->team = $x[$xc];
                    $xc ++;
                }
                
                if( $x[24] ) // team game.. get scores
                {
                    $xc = $xc+5; // team scores
                    $teamscor->red = $x[$xc];
                    $xc = $xc + 2;
                    $teamscor->blue = $x[$xc];          
                }
                
                return($array); // return above mentioned data
            } else {
                return 1; // x not set, no server found
            }
        }
}

Here is the page http://www.bacman.net/halo/server/index.ph....85.6&port=2302

Edited by computergeekxp

Share this post


Link to post
Share on other sites

I have found the memory address location. Now how would I be able to get the value stored here with autoit? Right now I am at a computer without autoit installed so there might already be a function.

Share this post


Link to post
Share on other sites

I have found the memory address location. Now how would I be able to get the value stored here with autoit? Right now I am at a computer without autoit installed so there might already be a function.

search scripts and scraps for 'memory' i know there have been some things posted.

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

So I found the article but I get differen't results with the ProcessExists. When it is uncompiled it returns 0 when the game isn't up yet when it is compiled it returns a pid in the same situation...

#include "memory.au3"
$pid=ProcessExists("Halo.exe")
msgbox(1,"",$pid)
if $pid=="0" Then
    MsgBox(3,"ERROR","Please run halo first")
    exit()
EndIf
$pidH=_MemOpen($pid)
sleep(1000)

while 1
MsgBox(1,"",_MemRead($pidH, 0x0069B2E0, 4))

sleep(60000)

WEnd

;MEMORY.AU3

Func _MemOpen($i_Pid, $i_Access = 0x1F0FFF, $i_Inherit = 0)
    Local $av_Return[2] = [DllOpen('kernel32.dll')]
    Local $ai_Handle = DllCall($av_Return[0], 'int', 'OpenProcess', 'int', $i_Access, 'int', $i_Inherit, 'int', $i_Pid)
    If @error Then
        DllClose($av_Return[0])
        SetError(1)
        Return 0
    EndIf
    $av_Return[1] = $ai_Handle[0]
    Return $av_Return
EndFunc;==>_MemOpen

Func _MemRead($ah_Mem, $i_Address, $i_Size = 0)
    If $i_Size = 0 Then
        Local $v_Return = ''
        Local $v_Struct = DllStructCreate('byte[1]')
        Local $v_Ret
        
        while 1
            $v_Ret = DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', 1, 'int', '')
            $v_Ret = DllStructGetData($v_Struct, 1)
            if $v_Ret = 0 then ExitLoop
            $v_Return &= chr($v_Ret)
            $i_Address += 1
        WEnd
    
    Else
        Local $v_Struct = DllStructCreate ('byte[' & $i_Size & ']')
        Local $v_Ret = DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', $i_Size, 'int', '')
        Local $v_Return[$v_Ret[4]]
        For $i = 0 To $v_Ret[4] - 1
            $v_Return[$i] = DllStructGetData ($v_Struct, 1, $i + 1)
        Next
    EndIf
    Return $v_Return
EndFunc;==>_MemRead

Func _MemWrite($ah_Mem, $i_Address, $v_Inject)
    Local $av_Call = DllCall($ah_Mem[0], 'int', 'WriteProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Inject), 'int', DllStructGetSize($v_Inject), 'int', '')
    Return $av_Call[0]
EndFunc;==>_MemWrite

Func _MemClose($ah_Mem)
    Local $av_Ret = DllCall($ah_Mem[0], 'int', 'CloseHandle', 'int', $ah_Mem[1])
    DllClose($ah_Mem[0])
    Return $av_Ret[0]
EndFunc;==>_MemClose

func _MemHelper($1, $2 = 0, $3 = 0, $4 = 0, $5 = 0, $6 = 0,  $7 = 0,  $8 = 0,  $9 = 0,  $10 = 0, $11 = 0, $12 = 0, $13 = 0, $14 = 0, $15 = 0, _
                $16 = 0, $17 = 0, $18 = 0, $19 = 0, $20 = 0, $21 = 0, $22 = 0, $23 = 0, $24 = 0, $25 = 0, $26 = 0, $27 = 0, $28 = 0, $29 = 0, _
                $30 = 0, $31 = 0, $32 = 0, $33 = 0, $34 = 0, $35 = 0, $36 = 0, $37 = 0, $38 = 0, $39 = 0, $40 = 0, $41 = 0, $42 = 0, $43 = 0, _
                $44 = 0, $45 = 0, $46 = 0, $47 = 0, $48 = 0, $49 = 0, $50 = 0, $51 = 0, $52 = 0, $53 = 0, $54 = 0, $55 = 0, $56 = 0, $57 = 0, _
                $58 = 0, $59 = 0, $60 = 0, $61 = 0, $62 = 0, $63 = 0, $64 = 0, $65 = 0, $66 = 0, $67 = 0, $68 = 0, $69 = 0, $70 = 0, $71 = 0, _
                $72 = 0, $73 = 0, $74 = 0, $75 = 0, $76 = 0, $77 = 0, $78 = 0, $79 = 0, $80 = 0, $81 = 0, $82 = 0, $83 = 0, $84 = 0, $85 = 0, _
                $86 = 0, $87 = 0, $88 = 0, $89 = 0, $90 = 0, $91 = 0, $92 = 0, $93 = 0, $94 = 0, $95 = 0, $96 = 0, $97 = 0, $98 = 0, $99 = 0)
    if UBound($1) = 4 Then Return '0x' & Hex($1[3],2) & Hex($1[2],2) & Hex($1[1],2) & Hex($1[0],2)
    $v_Helper = DllStructCreate('byte[' & @numparams & ']')
    for $i = 1 to @NumParams
        DllStructSetData($v_Helper, 1, Eval($i & ''), $i)
    Next
    return $v_Helper
EndFunc
Edited by computergeekxp

Share this post


Link to post
Share on other sites

Anyone? Please?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0