Need Help with Script

[computergeekxp]

Here is the big picture:

I play the Halo Demo but ofcourse I am too cheap to buy the full version (I could torrent it and I am, but I know there are others out there like me). So I wanted to write a program that would detect what server they were joining and then inturn the which modded map the client was trying to load by asking the program running the server. The server will send back a list of clients(players) currently connected and which have the patched file where the client can then download the patch (If no one else has it, the file will be downloaded from the server). Once the download is complete, the client will then tell the server to add the client to the list of avaialable downloads of the patch. The clients map file will then be patched and reconnect to the server. Once they leave the server, the backup of the map will be restored.

I tried using a UDP bind to listen on the same port the game was using but found out that this was impossible. (Previous Post) If you know of another way or a workaround, that would be great.

Edited January 17, 2006 by computergeekxp

[Oxin8]

There's not really a work around for a packet sniffer. If you need a packet sniffer, you're gonna have to use one and include it or make your own. This was pretty much covered in your previous post and there's really no need for this one.

[computergeekxp]

Ok, thanks. But which packet sniffer could I use (preferably light weight) and how would I be able to view the packets in autoit? I tried windump but that didn't work. The other reason I started this post is because I dod beleive there is a workaround. I have seen scripts written in C/C++ that will actually return information about a particular game server. Like players/score/gametype/map/etc.

Edited January 17, 2006 by computergeekxp

[Oxin8]

OH! I totally forget about reading process memory... Yea, you can figure out where the player/score/etc. info is stored in memory and read that. You might even get lucky and find that the map info is saved to a file on the comp but that's unlikely since we're talking about Halo. For info on how to read memory and game info, I'd google around for game hacking tutorials. As for the small packet sniffer question, I have no idea.

[computergeekxp]

Thanks, I will look into it.

I also found this PHP script that will query the server but I haven't had time to decipher it. Anyways, here it is:

expandcollapse popup

function retrieve($ip, $port, &$playerdat, &$teamscor)
{
        $fp = fsockopen("udp://$ip", $port, $errno, $errstr);
        $ticks = time();
        if (!$fp)
        {
            return 2; // socket could not be opened
        } 
        else
        {
            stream_set_timeout($fp, 2);
            fwrite($fp, "þý".Chr(0)."wjÿÿÿÿ");
    
            $x = explode(chr(0), fgets($fp));
            if ( isset($x[2]) ) { // isset prevents errors if x not set
                $ping = time() - $ticks;
                $array = array (
                    "hostname"  =>  $x[2],
                    "gamever"   =>  $x[4],
                    "hostport"  =>  $x[6],
                    "maxplayers"    =>  $x[8],
                    "password"  =>  $x[10],
                    "mapname"   =>  $x[12],
                    "dedicated" =>  $x[14],
                    "gamemode"  =>  $x[16],
                    "game_classic"  =>  $x[18],
                    "numplayers"    =>  $x[20],
                    "gametype"  =>  $x[22],
                    "teamplay"  =>  $x[24],
                    "gamevariant"   =>  $x[26],
                    "fraglimit" =>  $x[28]
                );
            
                $xc = 40; // start of player data
                // for loop num players
                for($np=0;$np<$x[20];$np++)
                {
                    $playerdat[$np]->name = $x[$xc];
                    $xc ++;
                    $playerdat[$np]->score = $x[$xc];
                    $xc ++;
                    $playerdat[$np]->ping = $x[$xc];
                    $xc ++;
                    $playerdat[$np]->team = $x[$xc];
                    $xc ++;
                }
                
                if( $x[24] ) // team game.. get scores
                {
                    $xc = $xc+5; // team scores
                    $teamscor->red = $x[$xc];
                    $xc = $xc + 2;
                    $teamscor->blue = $x[$xc];          
                }
                
                return($array); // return above mentioned data
            } else {
                return 1; // x not set, no server found
            }
        }
}

Here is the page http://www.bacman.net/halo/server/index.ph....85.6&port=2302

Edited January 17, 2006 by computergeekxp

[computergeekxp]

I have found the memory address location. Now how would I be able to get the value stored here with autoit? Right now I am at a computer without autoit installed so there might already be a function.

[seandisanti]

I have found the memory address location. Now how would I be able to get the value stored here with autoit? Right now I am at a computer without autoit installed so there might already be a function.

search scripts and scraps for 'memory' i know there have been some things posted.

[computergeekxp]

So I found the article but I get differen't results with the ProcessExists. When it is uncompiled it returns 0 when the game isn't up yet when it is compiled it returns a pid in the same situation...

#include "memory.au3"
$pid=ProcessExists("Halo.exe")
msgbox(1,"",$pid)
if $pid=="0" Then
    MsgBox(3,"ERROR","Please run halo first")
    exit()
EndIf
$pidH=_MemOpen($pid)
sleep(1000)

while 1
MsgBox(1,"",_MemRead($pidH, 0x0069B2E0, 4))

sleep(60000)

WEnd

expandcollapse popup

;MEMORY.AU3

Func _MemOpen($i_Pid, $i_Access = 0x1F0FFF, $i_Inherit = 0)
    Local $av_Return[2] = [DllOpen('kernel32.dll')]
    Local $ai_Handle = DllCall($av_Return[0], 'int', 'OpenProcess', 'int', $i_Access, 'int', $i_Inherit, 'int', $i_Pid)
    If @error Then
        DllClose($av_Return[0])
        SetError(1)
        Return 0
    EndIf
    $av_Return[1] = $ai_Handle[0]
    Return $av_Return
EndFunc;==>_MemOpen

Func _MemRead($ah_Mem, $i_Address, $i_Size = 0)
    If $i_Size = 0 Then
        Local $v_Return = ''
        Local $v_Struct = DllStructCreate('byte[1]')
        Local $v_Ret
        
        while 1
            $v_Ret = DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', 1, 'int', '')
            $v_Ret = DllStructGetData($v_Struct, 1)
            if $v_Ret = 0 then ExitLoop
            $v_Return &= chr($v_Ret)
            $i_Address += 1
        WEnd
    
    Else
        Local $v_Struct = DllStructCreate ('byte[' & $i_Size & ']')
        Local $v_Ret = DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', $i_Size, 'int', '')
        Local $v_Return[$v_Ret[4]]
        For $i = 0 To $v_Ret[4] - 1
            $v_Return[$i] = DllStructGetData ($v_Struct, 1, $i + 1)
        Next
    EndIf
    Return $v_Return
EndFunc;==>_MemRead

Func _MemWrite($ah_Mem, $i_Address, $v_Inject)
    Local $av_Call = DllCall($ah_Mem[0], 'int', 'WriteProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Inject), 'int', DllStructGetSize($v_Inject), 'int', '')
    Return $av_Call[0]
EndFunc;==>_MemWrite

Func _MemClose($ah_Mem)
    Local $av_Ret = DllCall($ah_Mem[0], 'int', 'CloseHandle', 'int', $ah_Mem[1])
    DllClose($ah_Mem[0])
    Return $av_Ret[0]
EndFunc;==>_MemClose

func _MemHelper($1, $2 = 0, $3 = 0, $4 = 0, $5 = 0, $6 = 0,  $7 = 0,  $8 = 0,  $9 = 0,  $10 = 0, $11 = 0, $12 = 0, $13 = 0, $14 = 0, $15 = 0, _
                $16 = 0, $17 = 0, $18 = 0, $19 = 0, $20 = 0, $21 = 0, $22 = 0, $23 = 0, $24 = 0, $25 = 0, $26 = 0, $27 = 0, $28 = 0, $29 = 0, _
                $30 = 0, $31 = 0, $32 = 0, $33 = 0, $34 = 0, $35 = 0, $36 = 0, $37 = 0, $38 = 0, $39 = 0, $40 = 0, $41 = 0, $42 = 0, $43 = 0, _
                $44 = 0, $45 = 0, $46 = 0, $47 = 0, $48 = 0, $49 = 0, $50 = 0, $51 = 0, $52 = 0, $53 = 0, $54 = 0, $55 = 0, $56 = 0, $57 = 0, _
                $58 = 0, $59 = 0, $60 = 0, $61 = 0, $62 = 0, $63 = 0, $64 = 0, $65 = 0, $66 = 0, $67 = 0, $68 = 0, $69 = 0, $70 = 0, $71 = 0, _
                $72 = 0, $73 = 0, $74 = 0, $75 = 0, $76 = 0, $77 = 0, $78 = 0, $79 = 0, $80 = 0, $81 = 0, $82 = 0, $83 = 0, $84 = 0, $85 = 0, _
                $86 = 0, $87 = 0, $88 = 0, $89 = 0, $90 = 0, $91 = 0, $92 = 0, $93 = 0, $94 = 0, $95 = 0, $96 = 0, $97 = 0, $98 = 0, $99 = 0)
    if UBound($1) = 4 Then Return '0x' & Hex($1[3],2) & Hex($1[2],2) & Hex($1[1],2) & Hex($1[0],2)
    $v_Helper = DllStructCreate('byte[' & @numparams & ']')
    for $i = 1 to @NumParams
        DllStructSetData($v_Helper, 1, Eval($i & ''), $i)
    Next
    return $v_Helper
EndFunc

Edited January 18, 2006 by computergeekxp

[computergeekxp]

Anyone? Please?